Hmm.. I've tried updating CentOS 7, even though updates for rsyslog were applied the problem still persists.
So I decided to delete the CentOS packages and go with the 7-stable repository as provided by adiscon. With the same configuration i now see this in my logs (among other tings): Nov 4 11:06:36 logmanagement-client rsyslogd-2081: error: driver mode 1 not supported by ptcp netstream driver [try http://www.rsyslog.com/e/2081 ] Nov 4 11:06:36 logmanagement-client rsyslogd-2081: Could not create tcp listener, ignoring port 2514. [try http://www.rsyslog.com/e/2081 ] Nov 4 11:06:36 logmanagement-client rsyslogd-2081: error: driver mode 1 not supported by ptcp netstream driver [try http://www.rsyslog.com/e/2081 ] Nov 4 11:06:36 logmanagement-client rsyslogd-2081: error: driver mode 1 not supported by ptcp netstream driver [try http://www.rsyslog.com/e/2081 ] Still an issue creating a listener. I suppose the problem is in my configuration? Also, there doesn't seem to be a imjournal module which was available in CentOS. TIA Cheers, Jörgen On Wed, Nov 4, 2015 at 9:57 AM, Radu Gheorghe <[email protected]> wrote: > Hello Jörgen, > > You're welcome. The server config looks OK to me, it smells like > there's an issue with the libraries or versioning. I would try to > upgrade to the latest rsyslog from the repositories and see if this > helps. > > You can check if /usr/lib64/rsyslog/lmnsd_gtls.so is there in the > first place but if it is, it's probably not the correct version. > > Best regards, > Radu > -- > Performance Monitoring * Log Analytics * Search Analytics > Solr & Elasticsearch Support * http://sematext.com/ > > > On Wed, Nov 4, 2015 at 10:31 AM, Jörgen Maas <[email protected]> > wrote: > > Thanks for the link, great blog post which solves my forwarding over TLS > > use-case :) > > > > But i still cant figure out how to use TLS input (next to udp/tcp/relp), > my > > config so far: > > > > This is my v7 based configuration: > > > > global( > > defaultNetstreamDriver="gtls" > > defaultNetstreamDriverCAFile="/etc/rsyslog.d/keys/CAroot.crt" > > > > > defaultNetstreamDriverKeyFile="/etc/rsyslog.d/keys/logmanagement-client.crt" > > ) > > > > my plain tcp input config: > > > > module( > > load="imptcp" > > Threads="2" > > ) > > > > input( > > type="imptcp" > > port="514" > > ) > > > > my tls input so far (not working) > > > > module( > > load="imtcp" > > KeepAlive="off" > > FlowControl="on" > > MaxListeners="20" > > MaxSessions="200" > > StreamDriver.Mode="1" # enable TLS only > > StreamDriver.AuthMode="x509/name" > > PermittedPeer=[""] > > ) > > > > > > input( > > type="imtcp" > > port="2514" > > name="tcptls" > > ) > > > > syntax check is OK, but when i restart rsyslog i see: > > > > Nov 4 09:20:21 logmanagement-client rsyslogd: [origin > software="rsyslogd" > > swVersion="7.4.7" x-pid="2627" x-info="http://www.rsyslog.com";] exiting > on > > signal 15. > > Nov 4 09:20:21 logmanagement-client rsyslogd: [origin > software="rsyslogd" > > swVersion="7.4.7" x-pid="2635" x-info="http://www.rsyslog.com";] start > > Nov 4 09:20:21 logmanagement-client rsyslogd-2068: could not load module > > '/usr/lib64/rsyslog/lmnsd_gtls.so', rsyslog error -2078 > > [try http://www.rsyslog.com/e/2068 ] > > Nov 4 09:20:21 logmanagement-client rsyslogd-2068: tcpsrv could not > create > > listener (inputname: 'tcptls') [try http://www.rsyslog.com/e/2068 ] > > Nov 4 09:20:21 logmanagement-client rsyslogd-2068: activation of module > > imtcp failed [try http://www.rsyslog.com/e/2068 ] > > > > software (EL7): > > > > [root@logmanagement-client:/etc/rsyslog.d]# rpm -qa|grep rsyslog > > rsyslog-relp-7.4.7-7.el7_0.x86_64 > > rsyslog-gnutls-7.4.7-7.el7_0.x86_64 > > rsyslog-7.4.7-7.el7_0.x86_64 > > > > > > Any suggestions are very much appreciated! > > > > Thanks in advance. > > > > Kind regards, > > Jörgen > > > > On Wed, Nov 4, 2015 at 8:51 AM, Radu Gheorghe < > [email protected]> > > wrote: > > > >> Hi Jörgen, > >> > >> You can find the client config in this blog post: > >> > >> > http://blog.sematext.com/2014/03/25/encrypting-logs-on-their-way-to-elasticsearch-part-2-tls-syslog/ > >> > >> I suppose you can deduce the server config from that and the linked > >> howtos (which are old-style). If you can't, please let me know and > >> I'll dig for a server example. > >> > >> Best regards, > >> Radu > >> -- > >> Performance Monitoring * Log Analytics * Search Analytics > >> Solr & Elasticsearch Support * http://sematext.com/ > >> > >> > >> On Tue, Nov 3, 2015 at 9:41 PM, Jörgen Maas <[email protected]> > wrote: > >> > Hi guys, > >> > > >> > I'm in the process of testing rsyslogd for a rather large > logmanagement > >> > environment. > >> > So far i succeeded in accomplishing most tasks using the rainerscript > >> > syntax, but for gnutls input/output the syntax is unclear, also cant > seem > >> > to find it in the docs. > >> > > >> > I would appreciate it if someone could assist by supplying an example > or > >> > point me to the correct docs. I'm on rsyslog 7 as shipped with EL7. > >> > > >> > Thanks! > >> > > >> > Best regards, > >> > > >> > Jörgen > >> > _______________________________________________ > >> > rsyslog mailing list > >> > http://lists.adiscon.net/mailman/listinfo/rsyslog > >> > http://www.rsyslog.com/professional-services/ > >> > What's up with rsyslog? Follow https://twitter.com/rgerhards > >> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a > myriad > >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > >> DON'T LIKE THAT. > >> _______________________________________________ > >> rsyslog mailing list > >> http://lists.adiscon.net/mailman/listinfo/rsyslog > >> http://www.rsyslog.com/professional-services/ > >> What's up with rsyslog? Follow https://twitter.com/rgerhards > >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > >> DON'T LIKE THAT. > > _______________________________________________ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com/professional-services/ > > What's up with rsyslog? Follow https://twitter.com/rgerhards > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > -- Grtz, Jörgen Maas _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
