Re: [rsyslog] Integrity Verification of Logs Using Guard time

Mon, 24 Feb 2014 01:13:58 -0800

I don't know enough about the integrity verification to identify what's going wrong, but I can say that the way that the logs get to the rsyslog machine (RELP/TLS vs plain TCP) has nothing to do with the signing and validation of the logs. So whatever's going wrong, it's not caused by the different type of the transport between machines. 

David Lang

On Mon, 24 Feb 2014, Muhammad Asif wrote:


Greetings!

Dear Rsyslog Geeks,

I need to configure TLS and integrity verification of logs using guard
time  between a client (Debian Machine) and ELMA Appliance configure on
Open SUSE because it provides rsyslog version 7.4.

On Client
module(load="imrelp" ruleset="relp")

input(type="imrelp" port="10514" tls="on"
tls.caCert="/root/cert/ca.pem"
tls.myCert="/root/cert/aserglogger-cert.pem"
tls.myPrivKey="/root/cert/aserglogger-key.pem"
tls.authMode="name"
tls.permittedpeer=["elma-server"]
)
On Server

module(load="imrelp" ruleset="relp")

input(type="imrelp" port="10514" tls="on"
tls.caCert="/root/cert/ca.pem"
tls.myCert="/root/cert/aserglogger-cert.pem"
tls.myPrivKey="/root/cert/aserglogger-key.pem"
tls.authMode="name"
tls.permittedpeer=["client"]

action(type="omfile" file="/var/log/logfile"
               sig.provider="gt"
               sig.keepTreeHashes="on"
               sig.keepRecordHashes="on")
Logs were encrypted and i was verifying integrity by using this command
working filne.
rsgtutil --verify --show-verified /var/log/logfile

But now i intend to configure vpn between ELMA Appliance and Debian Client.

On Client rsyslog
No TLS configuration on server or client.
*.*@elma-server

On Server
action(type="omfile" file="/var/log/logfile"
               sig.provider="gt"
               sig.keepTreeHashes="on"
               sig.keepRecordHashes="on")
But
when i try to verify integrity of logfile by using /usr/bin/rsgtutil
--verify --show-verified /var/log/logfile, i received the follwing error.
"error 5 (length record problem) processing file /var/log/logfile"
Please help me in this regard.

Regards
M.Asif
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.


_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Reply via email to