Hello, The issue seems to indicate that you're trying to use TLS for an imptcp listener (note the "p"), but I don't see that in your config :-S -- Performance Monitoring * Log Analytics * Search Analytics Solr & Elasticsearch Support * http://sematext.com/
On Wed, Nov 4, 2015 at 12:12 PM, Jörgen Maas <[email protected]> wrote: > Hmm.. I've tried updating CentOS 7, even though updates for rsyslog were > applied the problem still persists. > > So I decided to delete the CentOS packages and go with the 7-stable > repository as provided by adiscon. > > With the same configuration i now see this in my logs (among other tings): > > Nov 4 11:06:36 logmanagement-client rsyslogd-2081: error: driver mode 1 > not supported by ptcp netstream driver [try http://www.rsyslog.com/e/2081 ] > Nov 4 11:06:36 logmanagement-client rsyslogd-2081: Could not create tcp > listener, ignoring port 2514. [try http://www.rsyslog.com/e/2081 ] > Nov 4 11:06:36 logmanagement-client rsyslogd-2081: error: driver mode 1 > not supported by ptcp netstream driver [try http://www.rsyslog.com/e/2081 ] > Nov 4 11:06:36 logmanagement-client rsyslogd-2081: error: driver mode 1 > not supported by ptcp netstream driver [try http://www.rsyslog.com/e/2081 ] > > Still an issue creating a listener. I suppose the problem is in my > configuration? > > Also, there doesn't seem to be a imjournal module which was available in > CentOS. > > TIA > > Cheers, > Jörgen > > On Wed, Nov 4, 2015 at 9:57 AM, Radu Gheorghe <[email protected]> > wrote: > >> Hello Jörgen, >> >> You're welcome. The server config looks OK to me, it smells like >> there's an issue with the libraries or versioning. I would try to >> upgrade to the latest rsyslog from the repositories and see if this >> helps. >> >> You can check if /usr/lib64/rsyslog/lmnsd_gtls.so is there in the >> first place but if it is, it's probably not the correct version. >> >> Best regards, >> Radu >> -- >> Performance Monitoring * Log Analytics * Search Analytics >> Solr & Elasticsearch Support * http://sematext.com/ >> >> >> On Wed, Nov 4, 2015 at 10:31 AM, Jörgen Maas <[email protected]> >> wrote: >> > Thanks for the link, great blog post which solves my forwarding over TLS >> > use-case :) >> > >> > But i still cant figure out how to use TLS input (next to udp/tcp/relp), >> my >> > config so far: >> > >> > This is my v7 based configuration: >> > >> > global( >> > defaultNetstreamDriver="gtls" >> > defaultNetstreamDriverCAFile="/etc/rsyslog.d/keys/CAroot.crt" >> > >> > >> defaultNetstreamDriverKeyFile="/etc/rsyslog.d/keys/logmanagement-client.crt" >> > ) >> > >> > my plain tcp input config: >> > >> > module( >> > load="imptcp" >> > Threads="2" >> > ) >> > >> > input( >> > type="imptcp" >> > port="514" >> > ) >> > >> > my tls input so far (not working) >> > >> > module( >> > load="imtcp" >> > KeepAlive="off" >> > FlowControl="on" >> > MaxListeners="20" >> > MaxSessions="200" >> > StreamDriver.Mode="1" # enable TLS only >> > StreamDriver.AuthMode="x509/name" >> > PermittedPeer=[""] >> > ) >> > >> > >> > input( >> > type="imtcp" >> > port="2514" >> > name="tcptls" >> > ) >> > >> > syntax check is OK, but when i restart rsyslog i see: >> > >> > Nov 4 09:20:21 logmanagement-client rsyslogd: [origin >> software="rsyslogd" >> > swVersion="7.4.7" x-pid="2627" x-info="http://www.rsyslog.com";] exiting >> on >> > signal 15. >> > Nov 4 09:20:21 logmanagement-client rsyslogd: [origin >> software="rsyslogd" >> > swVersion="7.4.7" x-pid="2635" x-info="http://www.rsyslog.com";] start >> > Nov 4 09:20:21 logmanagement-client rsyslogd-2068: could not load module >> > '/usr/lib64/rsyslog/lmnsd_gtls.so', rsyslog error -2078 >> > [try http://www.rsyslog.com/e/2068 ] >> > Nov 4 09:20:21 logmanagement-client rsyslogd-2068: tcpsrv could not >> create >> > listener (inputname: 'tcptls') [try http://www.rsyslog.com/e/2068 ] >> > Nov 4 09:20:21 logmanagement-client rsyslogd-2068: activation of module >> > imtcp failed [try http://www.rsyslog.com/e/2068 ] >> > >> > software (EL7): >> > >> > [root@logmanagement-client:/etc/rsyslog.d]# rpm -qa|grep rsyslog >> > rsyslog-relp-7.4.7-7.el7_0.x86_64 >> > rsyslog-gnutls-7.4.7-7.el7_0.x86_64 >> > rsyslog-7.4.7-7.el7_0.x86_64 >> > >> > >> > Any suggestions are very much appreciated! >> > >> > Thanks in advance. >> > >> > Kind regards, >> > Jörgen >> > >> > On Wed, Nov 4, 2015 at 8:51 AM, Radu Gheorghe < >> [email protected]> >> > wrote: >> > >> >> Hi Jörgen, >> >> >> >> You can find the client config in this blog post: >> >> >> >> >> http://blog.sematext.com/2014/03/25/encrypting-logs-on-their-way-to-elasticsearch-part-2-tls-syslog/ >> >> >> >> I suppose you can deduce the server config from that and the linked >> >> howtos (which are old-style). If you can't, please let me know and >> >> I'll dig for a server example. >> >> >> >> Best regards, >> >> Radu >> >> -- >> >> Performance Monitoring * Log Analytics * Search Analytics >> >> Solr & Elasticsearch Support * http://sematext.com/ >> >> >> >> >> >> On Tue, Nov 3, 2015 at 9:41 PM, Jörgen Maas <[email protected]> >> wrote: >> >> > Hi guys, >> >> > >> >> > I'm in the process of testing rsyslogd for a rather large >> logmanagement >> >> > environment. >> >> > So far i succeeded in accomplishing most tasks using the rainerscript >> >> > syntax, but for gnutls input/output the syntax is unclear, also cant >> seem >> >> > to find it in the docs. >> >> > >> >> > I would appreciate it if someone could assist by supplying an example >> or >> >> > point me to the correct docs. I'm on rsyslog 7 as shipped with EL7. >> >> > >> >> > Thanks! >> >> > >> >> > Best regards, >> >> > >> >> > Jörgen >> >> > _______________________________________________ >> >> > rsyslog mailing list >> >> > http://lists.adiscon.net/mailman/listinfo/rsyslog >> >> > http://www.rsyslog.com/professional-services/ >> >> > What's up with rsyslog? Follow https://twitter.com/rgerhards >> >> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a >> myriad >> >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >> >> DON'T LIKE THAT. >> >> _______________________________________________ >> >> rsyslog mailing list >> >> http://lists.adiscon.net/mailman/listinfo/rsyslog >> >> http://www.rsyslog.com/professional-services/ >> >> What's up with rsyslog? Follow https://twitter.com/rgerhards >> >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad >> >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >> >> DON'T LIKE THAT. >> > _______________________________________________ >> > rsyslog mailing list >> > http://lists.adiscon.net/mailman/listinfo/rsyslog >> > http://www.rsyslog.com/professional-services/ >> > What's up with rsyslog? Follow https://twitter.com/rgerhards >> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >> DON'T LIKE THAT. >> _______________________________________________ >> rsyslog mailing list >> http://lists.adiscon.net/mailman/listinfo/rsyslog >> http://www.rsyslog.com/professional-services/ >> What's up with rsyslog? Follow https://twitter.com/rgerhards >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >> DON'T LIKE THAT. >> > > > > -- > Grtz, > Jörgen Maas > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T > LIKE THAT. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
