On Wed, Feb 26, 2014 at 8:09 PM, David Lang <[email protected]> wrote: > On Wed, 26 Feb 2014, Bruce Pennypacker wrote: > > On Wed, Feb 26, 2014 at 3:07 PM, David Lang <[email protected]> wrote: >> >> >>> If you use the new action() format, then the parameters very clearly only >>> affect that action (but you do have to specify all parameters for each >>> action) >>> >>> >>> Thanks. I've been trying to wrap my head around the new action format >> but >> without a whole lot of luck. I find the documentation extremely lacking >> as >> far as the new format goes. Are there any good examples that might show >> how to go about doing this sort of thing as an action? I can't seem to >> even find in the documentation how to specify something >> like $ActionSendStreamDriverAuthMode in an action. >> > > take a look at: > > http://www.rsyslog.com/doc/omrelp.html > > start with something like: > > action(type="omrelp" target="centralserv" port="2514") > > tls.authMode="mode" > > Thanks for the pointer. I was finally able to figure this out after banging my head on the wall for a few hours. First of all it appears that there's a bug in rsyslog v 7.4.8 and earlier that was keeping this from working when it should have. After upgrading to 7.6.0 I was able to get it to work. Here's the basic configuration I ended up with:
# Make sure the CA File has CA's for all targets $DefaultNetstreamDriverCAFile /etc/pki/rsyslog/ca.pem *.* action(type="omfwd" protocol="tcp" Target="10.50.59.241" Port="6514" StreamDriverMode="1" StreamDriver="gtls" StreamDriverAuthMode="anon") *.* action(type="omfwd" Protocol="tcp" Target="some.other.host.com" Port="6514" StreamDriverMode="1" StreamDriver="gtls" StreamDriverAuthMode="x509/name" StreamDriverPermittedPeers="*.some.other.host.com") -Bruce _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
