Dear Sir, Please have a look on config.log produced by running ./configure --enable-tls . Thanks
On Tue, Dec 2, 2014 at 10:36 PM, Rainer Gerhards <[email protected]> wrote: > 2014-12-02 15:15 GMT+01:00 Muhammad Asif <[email protected]>: > > > Hi Sir, > > > > I build librelp 1.2.7 with --enable-tls and --disable-tls but no to > avail. > > Problem is there. What is the recommended way for buillding librelp. > > > > I would expect that the problem is that GnuTLS is not properly detected. > Can you post (probably via a github gist or pastbin or...) a copy of your > config.log after the librelp ./configure --enable-tls run. > > Rainer > > > > Certificates which i have generated are according to the way mention on > > link http://www.rsyslog.com/using-tls-with-relp/ . I have also updated > to > > rsyslog v8.6. > > > > On Sat, Nov 29, 2014 at 1:43 PM, Rainer Gerhards < > [email protected] > > > > > wrote: > > > > > You need to build librelp from source so that it can use the new gnutls > > > functionality. > > > > > > Sent from phone, thus brief. > > > Am 29.11.2014 07:21 schrieb "Muhammad Asif" <[email protected]>: > > > > > > > Hi Rainer, > > > > > > > > May I have installed udated gnutls but issue is still there. Can you > > > guide > > > > at what place i have to mention "TLS in anonymous mode". I want TLS > on > > > > RELP. so please guid me accordingly. > > > > > > > > On Fri, Nov 21, 2014 at 1:49 PM, Rainer Gerhards < > > > [email protected] > > > > > > > > > wrote: > > > > > > > > > FYI: I have also improved the error message, so that it now more > > > > precisely > > > > > tells what is going on. > > > > > > > > > > Rainer > > > > > > > > > > 2014-11-21 9:36 GMT+01:00 Rainer Gerhards < > [email protected] > > >: > > > > > > > > > > > 2014-11-21 6:55 GMT+01:00 Muhammad Asif <[email protected]>: > > > > > > > > > > > >> Hi Geeks, > > > > > >> > > > > > >> I have installed rsyslog 8.4 and rsyslog-relp in Centos 6.5. I > > want > > > to > > > > > use > > > > > >> TLS on RELP between remote server and client machine. Here is my > > > > > >> configuration. > > > > > >> > > > > > >> module(load="imuxsock") > > > > > >> module(load="imrelp" ruleset="relp") > > > > > >> > > > > > >> input(type="imrelp" port="10514" tls="on" > > > > > >> tls.caCert="/etc/rsyslog.d/cert/cacert.pem" > > > > > >> tls.myCert="/etc/rsyslog.d/cert/bloggercert.pem" > > > > > >> tls.myPrivKey="/etc/rsyslog.d/cert/bloggerkey.pem" > > > > > >> tls.authMode="name" > > > > > >> tls.permittedpeer=["172.20.16.22","172.20.16.25"] > > > > > >> ) > > > > > >> ruleset (name="relp") { > > > > > >> action(type="omfile" file="/var/log/relp_log") > > > > > >> } > > > > > >> > > > > > >> When I restart the service, i receive log in message file as > > > > > >> Nov 21 10:48:32 blogger rsyslogd-2291: imrelp: could not > activate > > > relp > > > > > >> listner, code 10046 [try http://www.rsyslog.com/e/2291 ] > > > > > >> > > > > > >> > > > > > > I have just checked the code. It means that the platform does not > > > > provide > > > > > > TLS auth support. In general, this means that GnuTLS is too old. > I > > > > > remember > > > > > > this is the case for Centos 6.5. You should be able to use TLS in > > > > > anonymous > > > > > > mode. While this does not guard against man-in-the-middle > attacks, > > it > > > > at > > > > > > least keeps message flow encrypted. > > > > > > > > > > > > The alternate solution is to install a current version of GnuTLS > on > > > > that > > > > > > system and rebuild librelp from source. > > > > > > > > > > > > Rainer > > > > > > > > > > > > > > > > > >> What problem can be. Please guide me in this regard. > > > > > >> _______________________________________________ > > > > > >> rsyslog mailing list > > > > > >> http://lists.adiscon.net/mailman/listinfo/rsyslog > > > > > >> http://www.rsyslog.com/professional-services/ > > > > > >> What's up with rsyslog? Follow https://twitter.com/rgerhards > > > > > >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by > a > > > > myriad > > > > > >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST > if > > > you > > > > > >> DON'T LIKE THAT. > > > > > >> > > > > > > > > > > > > > > > > > _______________________________________________ > > > > > rsyslog mailing list > > > > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > > > > http://www.rsyslog.com/professional-services/ > > > > > What's up with rsyslog? Follow https://twitter.com/rgerhards > > > > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a > > > myriad > > > > > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if > > you > > > > > DON'T LIKE THAT. > > > > > > > > > _______________________________________________ > > > > rsyslog mailing list > > > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > > > http://www.rsyslog.com/professional-services/ > > > > What's up with rsyslog? Follow https://twitter.com/rgerhards > > > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a > > myriad > > > > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if > you > > > > DON'T LIKE THAT. > > > > > > > _______________________________________________ > > > rsyslog mailing list > > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > > http://www.rsyslog.com/professional-services/ > > > What's up with rsyslog? Follow https://twitter.com/rgerhards > > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a > myriad > > > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > > > DON'T LIKE THAT. > > > > > _______________________________________________ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com/professional-services/ > > What's up with rsyslog? Follow https://twitter.com/rgerhards > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > > DON'T LIKE THAT. > > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
