On Wed, 26 Feb 2014, Bruce Pennypacker wrote:
Is it possible to log to multiple servers with different TLS
configurations? We're currently logging to a local syslog server using the
following:
$DefaultNetstreamDriver gtls
$DefaultNetstreamDriverCAFile /etc/pki/rsyslog/ca.pem
$DefaultNetstreamDriverCertFile /etc/pki/rsyslog/local-cert.pem
$DefaultNetstreamDriverKeyFile /etc/pki/rsyslog/local-key.pem
$ActionSendStreamDriverAuthMode anon
$ActionSendStreamDriverMode 1
*.* @@10.50.59.241:6514
We're now in the process of setting up logging to a third party and want to
use TLS there as well. They state that we should set up rsyslog like this:
$DefaultNetstreamDriverCAFile /path/to/their/ca.crt
$ActionSendStreamDriver gtls
$ActionSendStreamDriverMode 1
$ActionSendStreamDriverAuthMode x509/name
$ActionSendStreamDriverPermittedPeer *.theirhost.theirdomain
*.* @@theirhost.theirdomain:6514
If I simply add the second set of options to the bottom of my rsyslog.conf
then the permitted peer causes a conflict with the first host. So is there
any way to configure rsyslog (we're currently using 7.4.8) to use vastly
different TLS setups to two different targets?
If you use the new action() format, then the parameters very clearly only affect
that action (but you do have to specify all parameters for each action)
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
