Thanks David. I still have problems trying to communicate a client and the rsyslog server using RELP + TLS. Both are using rsyslog v8.4.2 and rsyslog-gnutls v8.4.2-0adiscon1precise1. I have created the certificates according http://www.rsyslog.com/using-tls-with-relp/ document. I would like to use some kind of generic client certificates but so far I have created a certificated specific for my server an another specific for one client.
Testing the handshake from the client to the server using gnutls-cli -d 5 my_rsyslog_server -p XXX it worked. However, when I send a log from the client I see the below errors on the rsyslog server on debug mode. Any ideas on how to solve this? Thanks a log, Xavi 5613.667087987:imrelp.c : librelp: done epoll_wait, nEvents:1 5613.667116503:imrelp.c : new connect on RELP socket #10 5613.667158346:imrelp.c : remote host is 'XXXXX', ip 'YYYYY' 5613.667199717:imrelp.c : librelp: gnutls_handshake retry necessary (this is OK and expected) 5613.667208640:imrelp.c : librelp: add socket 22 to epoll set (ptr 0x7f0384003510) 5613.667219911:imrelp.c : librelp: retry op requested for sock 22 5613.667226682:imrelp.c : librelp: epoll_set_events sock 22, target bits 01, current 01 5613.667232460:imrelp.c : librelp: doing epoll_wait 5613.667288208:imrelp.c : librelp: done epoll_wait, nEvents:1 5613.667310228:imrelp.c : librelp: state -9 during retry handshake: A TLS packet with unexpected length was received. 5613.667319856:imrelp.c : librelp: generic error: ecode 10031, emsg 'TLS handshake failed [gnutls error -9: A TLS packet with unexpected length was received.]' 5613.667330639:imrelp.c : Called LogMsg, msg: imrelp[20501]: error 'TLS handshake failed [gnutls error -9: A TLS packet with unexpected length was received.]', object 'lstn 20501: conn to clt 54.197.52.201/ec2-54-197-52-201.compute-1.amazonaws.com' - input may not work as intended 5613.667359128:imrelp.c : main Q: qqueueAdd: entry added, size now log 1, phys 1 entries 5613.667374606:imrelp.c : main Q: EnqueueMsg advised worker start rsyslogd: imrelp[20501]: error 'TLS handshake failed [gnutls error -9: A TLS packet with unexpected length was received.]', object 'lstn 20501: conn to clt 54.197.52.201/ec2-54-197-52-201.compute-1.amazonaws.com' - input may not work as intended [try http://www.rsyslog.com/e/2353 ] 5613.667393240:main Q:Reg/w0 : wti 0x1f00710: worker awoke from idle processing 5613.667422460:main Q:Reg/w0 : DeleteProcessedBatch: we deleted 0 objects and enqueued 0 objects 5613.667429742:main Q:Reg/w0 : doDeleteBatch: delete batch from store, new sizes: log 1, phys 1 5613.667438081:imrelp.c : relp session 22 handshake iRet 10031, tearing it down 5613.667451877:imrelp.c : librelp: delete sock 22 from epoll set 5613.667462326:imrelp.c : hint-frame to send: '0 serverclose 0 ' 5613.667475710:imrelp.c : librelp: TLS send returned -10 5613.667484312:imrelp.c : librelp: generic error: ecode 10014, emsg 'TLS record write failed [gnutls error -10: The specified session has been invalidated for some reason.]' 5613.667492392:imrelp.c : Called LogMsg, msg: imrelp[20501]: error 'TLS record write failed [gnutls error -10: The specified session has been invalidated for some reason.]', object 'lstn 20501: conn to clt XXXXX' - input may not work as intended On 4 November 2014 19:09, David Lang <[email protected]> wrote: > On Tue, 4 Nov 2014, Xavier Fustero wrote: > > Hi all, >> >> I have a quick question. We have hundred cloud servers forwarding logs to >> few central rsyslog servers. Instances on the same network than the server >> send them using relp. For instances on a different network we are using >> stunnel to encrypt the logs. >> >> I read since v7.5.8 (just from memory) we can use TLS + relp. I would like >> to get rid of stunnel as I have a weird problem sometimes replacing >> rsyslog >> servers where I need to restart stunnel and rsyslog on a client to fwd it >> again to the rsyslog. But I don't try to debug that issue right now. >> >> My question here is if it is possible to have a rsyslog server receiving >> logs from clients sending them through RELP with no encryption and >> receiving also logs from clients sending them through RELP + TLS? We need >> to know this as we can not change things suddently with hundred clients >> reporting to it. >> >> That line in the server configuration: >> >> input(type="imrelp" port="20514″ tls="on" >> >> scares me... it looks I need to choose if using RELP with TLS or without. >> But I might be wrong.... >> > > on any one port you need to decide to use relp or not, but you can have > multiple input lines for different ports. > > David Lang > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
