On Thu, 27 Feb 2014, Bruce Pennypacker wrote:
On Wed, Feb 26, 2014 at 8:09 PM, David Lang <[email protected]> wrote:
On Wed, 26 Feb 2014, Bruce Pennypacker wrote:
On Wed, Feb 26, 2014 at 3:07 PM, David Lang <[email protected]> wrote:
If you use the new action() format, then the parameters very clearly only
affect that action (but you do have to specify all parameters for each
action)
Thanks. I've been trying to wrap my head around the new action format
but
without a whole lot of luck. I find the documentation extremely lacking
as
far as the new format goes. Are there any good examples that might show
how to go about doing this sort of thing as an action? I can't seem to
even find in the documentation how to specify something
like $ActionSendStreamDriverAuthMode in an action.
take a look at:
http://www.rsyslog.com/doc/omrelp.html
start with something like:
action(type="omrelp" target="centralserv" port="2514")
tls.authMode="mode"
does this help?
Not really. I need to use omfwd and not omrelp because of where we're
sending these logs.
Ok, then look at http://www.rsyslog.com/doc/omfwd.html
action(type="omfwd"
Target="192.168.2.11"
Port="10514"
Protocol="tcp"
)
(remember that whitespace, including newlines, don't matter in rsyslog configs)
StreamDriverAuthMode="mode"
If I have my /etc/rsyslog.conf cut down to just this
then everything works fine:
$ModLoad imuxsock.so
$ModLoad imklog.so
$DefaultNetstreamDriver gtls
$ActionSendStreamDriverAuthMode anon
$ActionSendStreamDriverMode 1
$DefaultNetstreamDriverCAFile /etc/pki/rsyslog/ca.pem
$DefaultNetstreamDriverCertFile /etc/pki/rsyslog/local-cert.pem
$DefaultNetstreamDriverKeyFile /etc/pki/rsyslog/local-key.pem
*.* @@10.50.59.241:6514
When I use the above configuration netstat shows the server establishing a
connection to 10.50.59.241:6514 and the destination server gets the
messages. From what I've been able to figure out I should be able to do
something like this using the new syntax:
$ModLoad imuxsock.so
$ModLoad imklog.so
$DefaultNetstreamDriverCAFile /etc/pki/rsyslog/ca.pem
$DefaultNetstreamDriverCertFile /etc/pki/rsyslog/local-cert.pem
$DefaultNetstreamDriverKeyFile /etc/pki/rsyslog/local-key.pem
*.* action (type="omfwd" protocol="tcp" Target="10.50.59.241" Port="6514"
StreamDriverMode="1" StreamDriver="gtls" StreamDriverAuthMode="anon")
When I launch rsyslog with this configuration it starts up fine but I
netstat never even sees a connection attempt to 10.50.59.241. So what am I
missing?
you can't mix the two styles of config for one action, I think you need to
specify the cert info as part of the action (but I'll admit I don't know the
names to use for this)
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
