Hello,
I'm attempting to get remote logging using TLS to work on my RHEL 6.6
systems using the new rsyslog7 packages. Currently, I can't seem to
get the client to send it's logs encrypted. This is probably just an
error in my rsyslog.conf file, but I also tried installing rsyslog
8.4.2 on the client and everything works fine. Also note that these
are the same certificates that were being used when doing remote TLS
logging using rsyslog v5 so I don't think it's a certificate problem.
Below is my client config file. Does anyone see any syntax problems
with why this would work on v8 but not v7.
################################################################
# rsyslog v7 configuration file (client)
#### GLOBAL DIRECTIVES ####
$umask 0000
# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf
# Working directory for spooling and file monitoring
$WorkDirectory /var/lib/rsyslog
# Create files with proper permissions
$FileCreateMode 0600
# Set the message size to 32k (up from 2k default)
$MaxMessageSize 32768
#### MODULES ####
module( load="imuxsock" ) # provides support for local system logging
(e.g. via logger command)
module( load="imklog" ) # provides kernel logging support
(previously done by rklogd)
#### NETSTREAM DRIVER ####
# Use gtls for ssl, ptcp for non ssl
$DefaultNetstreamDriver gtls
$DefaultNetstreamDriverCAFile /etc/pki/rsyslog/trust.pem
$DefaultNetstreamDriverCertFile /etc/pki/rsyslog/cert.pem
$DefaultNetstreamDriverKeyFile /etc/pki/rsyslog/key.pem
#### RULES ####
# All info and Auditd messages
*.info;local0.* action(
template="RSYSLOG_SyslogProtocol23Format"
name="localfwd"
type="omfwd"
action.resumeRetryCount="-1"
target="172.16.0.201"
port="10514"
protocol="tcp"
TCP_Framing="octet-counted"
queue.filename="localfwd"
queue.size="1000000"
queue.type="Disk"
queue.saveonshutdown="on"
StreamDriver="gtls"
StreamDriverMode="1"
StreamDriverAuthMode="x509/certvalid"
)
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;local0.none;mail.none;authpriv.none;cron.none
action(type="omfile" file="/var/log/messages")
# The authpriv file has restricted access.
authpriv.*
action(type="omfile" file="/var/log/secure")
# Log all the mail messages in one place.
mail.*
action(type="omfile" file="/var/log/maillog")
# Log cron stuff
cron.*
action(type="omfile" file="/var/log/cron")
# Everybody gets emergency messages
*.emerg;local0.none
action(type="omusrmsg" users="*")
# Save news errors of level crit and higher in a special file.
uucp,news.crit
action(type="omfile" file="/var/log/spooler")
# Save boot messages also to boot.log
local7.*
action(type="omfile" file="/var/log/boot.log")
################################################################
Thanks,
Andrew Ruch
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
