Hello Jörgen, You're welcome. The server config looks OK to me, it smells like there's an issue with the libraries or versioning. I would try to upgrade to the latest rsyslog from the repositories and see if this helps.
You can check if /usr/lib64/rsyslog/lmnsd_gtls.so is there in the first place but if it is, it's probably not the correct version. Best regards, Radu -- Performance Monitoring * Log Analytics * Search Analytics Solr & Elasticsearch Support * http://sematext.com/ On Wed, Nov 4, 2015 at 10:31 AM, Jörgen Maas <[email protected]> wrote: > Thanks for the link, great blog post which solves my forwarding over TLS > use-case :) > > But i still cant figure out how to use TLS input (next to udp/tcp/relp), my > config so far: > > This is my v7 based configuration: > > global( > defaultNetstreamDriver="gtls" > defaultNetstreamDriverCAFile="/etc/rsyslog.d/keys/CAroot.crt" > > defaultNetstreamDriverKeyFile="/etc/rsyslog.d/keys/logmanagement-client.crt" > ) > > my plain tcp input config: > > module( > load="imptcp" > Threads="2" > ) > > input( > type="imptcp" > port="514" > ) > > my tls input so far (not working) > > module( > load="imtcp" > KeepAlive="off" > FlowControl="on" > MaxListeners="20" > MaxSessions="200" > StreamDriver.Mode="1" # enable TLS only > StreamDriver.AuthMode="x509/name" > PermittedPeer=[""] > ) > > > input( > type="imtcp" > port="2514" > name="tcptls" > ) > > syntax check is OK, but when i restart rsyslog i see: > > Nov 4 09:20:21 logmanagement-client rsyslogd: [origin software="rsyslogd" > swVersion="7.4.7" x-pid="2627" x-info="http://www.rsyslog.com";] exiting on > signal 15. > Nov 4 09:20:21 logmanagement-client rsyslogd: [origin software="rsyslogd" > swVersion="7.4.7" x-pid="2635" x-info="http://www.rsyslog.com";] start > Nov 4 09:20:21 logmanagement-client rsyslogd-2068: could not load module > '/usr/lib64/rsyslog/lmnsd_gtls.so', rsyslog error -2078 > [try http://www.rsyslog.com/e/2068 ] > Nov 4 09:20:21 logmanagement-client rsyslogd-2068: tcpsrv could not create > listener (inputname: 'tcptls') [try http://www.rsyslog.com/e/2068 ] > Nov 4 09:20:21 logmanagement-client rsyslogd-2068: activation of module > imtcp failed [try http://www.rsyslog.com/e/2068 ] > > software (EL7): > > [root@logmanagement-client:/etc/rsyslog.d]# rpm -qa|grep rsyslog > rsyslog-relp-7.4.7-7.el7_0.x86_64 > rsyslog-gnutls-7.4.7-7.el7_0.x86_64 > rsyslog-7.4.7-7.el7_0.x86_64 > > > Any suggestions are very much appreciated! > > Thanks in advance. > > Kind regards, > Jörgen > > On Wed, Nov 4, 2015 at 8:51 AM, Radu Gheorghe <[email protected]> > wrote: > >> Hi Jörgen, >> >> You can find the client config in this blog post: >> >> http://blog.sematext.com/2014/03/25/encrypting-logs-on-their-way-to-elasticsearch-part-2-tls-syslog/ >> >> I suppose you can deduce the server config from that and the linked >> howtos (which are old-style). If you can't, please let me know and >> I'll dig for a server example. >> >> Best regards, >> Radu >> -- >> Performance Monitoring * Log Analytics * Search Analytics >> Solr & Elasticsearch Support * http://sematext.com/ >> >> >> On Tue, Nov 3, 2015 at 9:41 PM, Jörgen Maas <[email protected]> wrote: >> > Hi guys, >> > >> > I'm in the process of testing rsyslogd for a rather large logmanagement >> > environment. >> > So far i succeeded in accomplishing most tasks using the rainerscript >> > syntax, but for gnutls input/output the syntax is unclear, also cant seem >> > to find it in the docs. >> > >> > I would appreciate it if someone could assist by supplying an example or >> > point me to the correct docs. I'm on rsyslog 7 as shipped with EL7. >> > >> > Thanks! >> > >> > Best regards, >> > >> > Jörgen >> > _______________________________________________ >> > rsyslog mailing list >> > http://lists.adiscon.net/mailman/listinfo/rsyslog >> > http://www.rsyslog.com/professional-services/ >> > What's up with rsyslog? Follow https://twitter.com/rgerhards >> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >> DON'T LIKE THAT. >> _______________________________________________ >> rsyslog mailing list >> http://lists.adiscon.net/mailman/listinfo/rsyslog >> http://www.rsyslog.com/professional-services/ >> What's up with rsyslog? Follow https://twitter.com/rgerhards >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >> DON'T LIKE THAT. > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T > LIKE THAT. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
