Thanks for the link, great blog post which solves my forwarding over TLS
use-case :)
But i still cant figure out how to use TLS input (next to udp/tcp/relp), my
config so far:
This is my v7 based configuration:
global(
defaultNetstreamDriver="gtls"
defaultNetstreamDriverCAFile="/etc/rsyslog.d/keys/CAroot.crt"
defaultNetstreamDriverKeyFile="/etc/rsyslog.d/keys/logmanagement-client.crt"
)
my plain tcp input config:
module(
load="imptcp"
Threads="2"
)
input(
type="imptcp"
port="514"
)
my tls input so far (not working)
module(
load="imtcp"
KeepAlive="off"
FlowControl="on"
MaxListeners="20"
MaxSessions="200"
StreamDriver.Mode="1" # enable TLS only
StreamDriver.AuthMode="x509/name"
PermittedPeer=[""]
)
input(
type="imtcp"
port="2514"
name="tcptls"
)
syntax check is OK, but when i restart rsyslog i see:
Nov 4 09:20:21 logmanagement-client rsyslogd: [origin software="rsyslogd"
swVersion="7.4.7" x-pid="2627" x-info="http://www.rsyslog.com";] exiting on
signal 15.
Nov 4 09:20:21 logmanagement-client rsyslogd: [origin software="rsyslogd"
swVersion="7.4.7" x-pid="2635" x-info="http://www.rsyslog.com";] start
Nov 4 09:20:21 logmanagement-client rsyslogd-2068: could not load module
'/usr/lib64/rsyslog/lmnsd_gtls.so', rsyslog error -2078
[try http://www.rsyslog.com/e/2068 ]
Nov 4 09:20:21 logmanagement-client rsyslogd-2068: tcpsrv could not create
listener (inputname: 'tcptls') [try http://www.rsyslog.com/e/2068 ]
Nov 4 09:20:21 logmanagement-client rsyslogd-2068: activation of module
imtcp failed [try http://www.rsyslog.com/e/2068 ]
software (EL7):
[root@logmanagement-client:/etc/rsyslog.d]# rpm -qa|grep rsyslog
rsyslog-relp-7.4.7-7.el7_0.x86_64
rsyslog-gnutls-7.4.7-7.el7_0.x86_64
rsyslog-7.4.7-7.el7_0.x86_64
Any suggestions are very much appreciated!
Thanks in advance.
Kind regards,
Jörgen
On Wed, Nov 4, 2015 at 8:51 AM, Radu Gheorghe <[email protected]>
wrote:
> Hi Jörgen,
>
> You can find the client config in this blog post:
>
> http://blog.sematext.com/2014/03/25/encrypting-logs-on-their-way-to-elasticsearch-part-2-tls-syslog/
>
> I suppose you can deduce the server config from that and the linked
> howtos (which are old-style). If you can't, please let me know and
> I'll dig for a server example.
>
> Best regards,
> Radu
> --
> Performance Monitoring * Log Analytics * Search Analytics
> Solr & Elasticsearch Support * http://sematext.com/
>
>
> On Tue, Nov 3, 2015 at 9:41 PM, Jörgen Maas <[email protected]> wrote:
> > Hi guys,
> >
> > I'm in the process of testing rsyslogd for a rather large logmanagement
> > environment.
> > So far i succeeded in accomplishing most tasks using the rainerscript
> > syntax, but for gnutls input/output the syntax is unclear, also cant seem
> > to find it in the docs.
> >
> > I would appreciate it if someone could assist by supplying an example or
> > point me to the correct docs. I'm on rsyslog 7 as shipped with EL7.
> >
> > Thanks!
> >
> > Best regards,
> >
> > Jörgen
> > _______________________________________________
> > rsyslog mailing list
> > http://lists.adiscon.net/mailman/listinfo/rsyslog
> > http://www.rsyslog.com/professional-services/
> > What's up with rsyslog? Follow https://twitter.com/rgerhards
> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> DON'T LIKE THAT.
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
