Yes, that helps!
I've now succeeded in getting a tls listerner up and running.
I have recreated the certs following the rsyslog docs, just tto make sure
certificated and permissions on these files weren't an issue.
Also i found that the certfile directive is not working in the global()
section.I had to resort to a legacy configuration parameter, config now
looks like this:
global(
defaultNetstreamDriver="gtls"
defaultNetstreamDriverCAFile="/etc/rsyslog.d/keys/ca.pem"
#defaultNetstreamDriverCertFile="/etc/rsyslog.d/keys/host-cert.pem"
defaultNetstreamDriverKeyFile="/etc/rsyslog.d/keys/host-key.pem"
)
$DefaultNetstreamDriverCertFile /etc/rsyslog.d/keys/host-cert.pem
Perhaps the new config option has a different name, couldn't find it though.
Thanks for all the help so far!
Kind regards,
Jörgen
On Wed, Nov 4, 2015 at 12:51 PM, Radu Gheorghe <[email protected]>
wrote:
> Hello,
>
> We're currently using both imptcp (for plain tcp) and imtcp (for TLS),
> so it should work eventually (we also use RELP via imrelp, imudp and
> imuxsock). RELP+TLS (via imrelp) should work as well, though it may be
> tricky to make it work along with plain TCP+TLS. I know a while ago
> there were some issues with GnuTLS versions, I'm not sure they're
> fixed or not.
>
> I assume everything should work with RainerScript, we have everything
> RainerScript for example, though I'm not sure about 7.x. I also can't
> tell when traditional syntax will be deprecated, I don't know of any
> plans for that. Some new features may only be added via RainerScript,
> but I'm not aware of any removals of the old syntax.
>
> I hope this helps.
>
> Best regards,
> Radu
> --
> Performance Monitoring * Log Analytics * Search Analytics
> Solr & Elasticsearch Support * http://sematext.com/
>
>
> On Wed, Nov 4, 2015 at 1:27 PM, Jörgen Maas <[email protected]> wrote:
> > Hi,
> >
> > I am using imptcp and imtcp concurrently, is this not supported perhaps?
> >
> > Let me explain what i'm trying to do;I want to create a rsyslog
> > configuration that supports the following listeners (collector system):
> > - local (imjournal + imuxsock)
> > - udp (imudp)
> > - tcp (imptcp)
> > - tls (imtcp)
> > - relp (imrelp)
> > - relp/tls (?)
> >
> > Also i want to forward reliably, eg. by using relp/tls, to a central log
> > server
> >
> > I suppose this should be possible, but perhaps not just yet with the
> > rainerscript syntax?
> >
> > When stuck on 7.x (EL7) should i revert to using traditional syntax?
> >
> > When will traditional syntax be deprecated and removed ?
> >
> > Thanks!
> >
> > Jörgen
> >
> >
> > On Wed, Nov 4, 2015 at 11:36 AM, Radu Gheorghe <
> [email protected]>
> > wrote:
> >
> >> Hello,
> >>
> >> The issue seems to indicate that you're trying to use TLS for an
> >> imptcp listener (note the "p"), but I don't see that in your config
> >> :-S
> >> --
> >> Performance Monitoring * Log Analytics * Search Analytics
> >> Solr & Elasticsearch Support * http://sematext.com/
> >>
> >>
> >> On Wed, Nov 4, 2015 at 12:12 PM, Jörgen Maas <[email protected]>
> >> wrote:
> >> > Hmm.. I've tried updating CentOS 7, even though updates for rsyslog
> were
> >> > applied the problem still persists.
> >> >
> >> > So I decided to delete the CentOS packages and go with the 7-stable
> >> > repository as provided by adiscon.
> >> >
> >> > With the same configuration i now see this in my logs (among other
> >> tings):
> >> >
> >> > Nov 4 11:06:36 logmanagement-client rsyslogd-2081: error: driver
> mode 1
> >> > not supported by ptcp netstream driver [try
> >> http://www.rsyslog.com/e/2081 ]
> >> > Nov 4 11:06:36 logmanagement-client rsyslogd-2081: Could not create
> tcp
> >> > listener, ignoring port 2514. [try http://www.rsyslog.com/e/2081 ]
> >> > Nov 4 11:06:36 logmanagement-client rsyslogd-2081: error: driver
> mode 1
> >> > not supported by ptcp netstream driver [try
> >> http://www.rsyslog.com/e/2081 ]
> >> > Nov 4 11:06:36 logmanagement-client rsyslogd-2081: error: driver
> mode 1
> >> > not supported by ptcp netstream driver [try
> >> http://www.rsyslog.com/e/2081 ]
> >> >
> >> > Still an issue creating a listener. I suppose the problem is in my
> >> > configuration?
> >> >
> >> > Also, there doesn't seem to be a imjournal module which was available
> in
> >> > CentOS.
> >> >
> >> > TIA
> >> >
> >> > Cheers,
> >> > Jörgen
> >> >
> >> > On Wed, Nov 4, 2015 at 9:57 AM, Radu Gheorghe <
> >> [email protected]>
> >> > wrote:
> >> >
> >> >> Hello Jörgen,
> >> >>
> >> >> You're welcome. The server config looks OK to me, it smells like
> >> >> there's an issue with the libraries or versioning. I would try to
> >> >> upgrade to the latest rsyslog from the repositories and see if this
> >> >> helps.
> >> >>
> >> >> You can check if /usr/lib64/rsyslog/lmnsd_gtls.so is there in the
> >> >> first place but if it is, it's probably not the correct version.
> >> >>
> >> >> Best regards,
> >> >> Radu
> >> >> --
> >> >> Performance Monitoring * Log Analytics * Search Analytics
> >> >> Solr & Elasticsearch Support * http://sematext.com/
> >> >>
> >> >>
> >> >> On Wed, Nov 4, 2015 at 10:31 AM, Jörgen Maas <[email protected]>
> >> >> wrote:
> >> >> > Thanks for the link, great blog post which solves my forwarding
> over
> >> TLS
> >> >> > use-case :)
> >> >> >
> >> >> > But i still cant figure out how to use TLS input (next to
> >> udp/tcp/relp),
> >> >> my
> >> >> > config so far:
> >> >> >
> >> >> > This is my v7 based configuration:
> >> >> >
> >> >> > global(
> >> >> > defaultNetstreamDriver="gtls"
> >> >> > defaultNetstreamDriverCAFile="/etc/rsyslog.d/keys/CAroot.crt"
> >> >> >
> >> >> >
> >> >>
> >>
> defaultNetstreamDriverKeyFile="/etc/rsyslog.d/keys/logmanagement-client.crt"
> >> >> > )
> >> >> >
> >> >> > my plain tcp input config:
> >> >> >
> >> >> > module(
> >> >> > load="imptcp"
> >> >> > Threads="2"
> >> >> > )
> >> >> >
> >> >> > input(
> >> >> > type="imptcp"
> >> >> > port="514"
> >> >> > )
> >> >> >
> >> >> > my tls input so far (not working)
> >> >> >
> >> >> > module(
> >> >> > load="imtcp"
> >> >> > KeepAlive="off"
> >> >> > FlowControl="on"
> >> >> > MaxListeners="20"
> >> >> > MaxSessions="200"
> >> >> > StreamDriver.Mode="1" # enable TLS only
> >> >> > StreamDriver.AuthMode="x509/name"
> >> >> > PermittedPeer=[""]
> >> >> > )
> >> >> >
> >> >> >
> >> >> > input(
> >> >> > type="imtcp"
> >> >> > port="2514"
> >> >> > name="tcptls"
> >> >> > )
> >> >> >
> >> >> > syntax check is OK, but when i restart rsyslog i see:
> >> >> >
> >> >> > Nov 4 09:20:21 logmanagement-client rsyslogd: [origin
> >> >> software="rsyslogd"
> >> >> > swVersion="7.4.7" x-pid="2627" x-info="http://www.rsyslog.com";]
> >> exiting
> >> >> on
> >> >> > signal 15.
> >> >> > Nov 4 09:20:21 logmanagement-client rsyslogd: [origin
> >> >> software="rsyslogd"
> >> >> > swVersion="7.4.7" x-pid="2635" x-info="http://www.rsyslog.com";]
> start
> >> >> > Nov 4 09:20:21 logmanagement-client rsyslogd-2068: could not load
> >> module
> >> >> > '/usr/lib64/rsyslog/lmnsd_gtls.so', rsyslog error -2078
> >> >> > [try http://www.rsyslog.com/e/2068 ]
> >> >> > Nov 4 09:20:21 logmanagement-client rsyslogd-2068: tcpsrv could
> not
> >> >> create
> >> >> > listener (inputname: 'tcptls') [try http://www.rsyslog.com/e/2068
> ]
> >> >> > Nov 4 09:20:21 logmanagement-client rsyslogd-2068: activation of
> >> module
> >> >> > imtcp failed [try http://www.rsyslog.com/e/2068 ]
> >> >> >
> >> >> > software (EL7):
> >> >> >
> >> >> > [root@logmanagement-client:/etc/rsyslog.d]# rpm -qa|grep rsyslog
> >> >> > rsyslog-relp-7.4.7-7.el7_0.x86_64
> >> >> > rsyslog-gnutls-7.4.7-7.el7_0.x86_64
> >> >> > rsyslog-7.4.7-7.el7_0.x86_64
> >> >> >
> >> >> >
> >> >> > Any suggestions are very much appreciated!
> >> >> >
> >> >> > Thanks in advance.
> >> >> >
> >> >> > Kind regards,
> >> >> > Jörgen
> >> >> >
> >> >> > On Wed, Nov 4, 2015 at 8:51 AM, Radu Gheorghe <
> >> >> [email protected]>
> >> >> > wrote:
> >> >> >
> >> >> >> Hi Jörgen,
> >> >> >>
> >> >> >> You can find the client config in this blog post:
> >> >> >>
> >> >> >>
> >> >>
> >>
> http://blog.sematext.com/2014/03/25/encrypting-logs-on-their-way-to-elasticsearch-part-2-tls-syslog/
> >> >> >>
> >> >> >> I suppose you can deduce the server config from that and the
> linked
> >> >> >> howtos (which are old-style). If you can't, please let me know and
> >> >> >> I'll dig for a server example.
> >> >> >>
> >> >> >> Best regards,
> >> >> >> Radu
> >> >> >> --
> >> >> >> Performance Monitoring * Log Analytics * Search Analytics
> >> >> >> Solr & Elasticsearch Support * http://sematext.com/
> >> >> >>
> >> >> >>
> >> >> >> On Tue, Nov 3, 2015 at 9:41 PM, Jörgen Maas <
> [email protected]>
> >> >> wrote:
> >> >> >> > Hi guys,
> >> >> >> >
> >> >> >> > I'm in the process of testing rsyslogd for a rather large
> >> >> logmanagement
> >> >> >> > environment.
> >> >> >> > So far i succeeded in accomplishing most tasks using the
> >> rainerscript
> >> >> >> > syntax, but for gnutls input/output the syntax is unclear, also
> >> cant
> >> >> seem
> >> >> >> > to find it in the docs.
> >> >> >> >
> >> >> >> > I would appreciate it if someone could assist by supplying an
> >> example
> >> >> or
> >> >> >> > point me to the correct docs. I'm on rsyslog 7 as shipped with
> EL7.
> >> >> >> >
> >> >> >> > Thanks!
> >> >> >> >
> >> >> >> > Best regards,
> >> >> >> >
> >> >> >> > Jörgen
> >> >> >> > _______________________________________________
> >> >> >> > rsyslog mailing list
> >> >> >> > http://lists.adiscon.net/mailman/listinfo/rsyslog
> >> >> >> > http://www.rsyslog.com/professional-services/
> >> >> >> > What's up with rsyslog? Follow https://twitter.com/rgerhards
> >> >> >> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by
> a
> >> >> myriad
> >> >> >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if
> >> you
> >> >> >> DON'T LIKE THAT.
> >> >> >> _______________________________________________
> >> >> >> rsyslog mailing list
> >> >> >> http://lists.adiscon.net/mailman/listinfo/rsyslog
> >> >> >> http://www.rsyslog.com/professional-services/
> >> >> >> What's up with rsyslog? Follow https://twitter.com/rgerhards
> >> >> >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
> >> myriad
> >> >> >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if
> >> you
> >> >> >> DON'T LIKE THAT.
> >> >> > _______________________________________________
> >> >> > rsyslog mailing list
> >> >> > http://lists.adiscon.net/mailman/listinfo/rsyslog
> >> >> > http://www.rsyslog.com/professional-services/
> >> >> > What's up with rsyslog? Follow https://twitter.com/rgerhards
> >> >> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
> >> myriad
> >> >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if
> you
> >> >> DON'T LIKE THAT.
> >> >> _______________________________________________
> >> >> rsyslog mailing list
> >> >> http://lists.adiscon.net/mailman/listinfo/rsyslog
> >> >> http://www.rsyslog.com/professional-services/
> >> >> What's up with rsyslog? Follow https://twitter.com/rgerhards
> >> >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
> myriad
> >> >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if
> you
> >> >> DON'T LIKE THAT.
> >> >>
> >> >
> >> >
> >> >
> >> > --
> >> > Grtz,
> >> > Jörgen Maas
> >> > _______________________________________________
> >> > rsyslog mailing list
> >> > http://lists.adiscon.net/mailman/listinfo/rsyslog
> >> > http://www.rsyslog.com/professional-services/
> >> > What's up with rsyslog? Follow https://twitter.com/rgerhards
> >> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
> myriad
> >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> >> DON'T LIKE THAT.
> >> _______________________________________________
> >> rsyslog mailing list
> >> http://lists.adiscon.net/mailman/listinfo/rsyslog
> >> http://www.rsyslog.com/professional-services/
> >> What's up with rsyslog? Follow https://twitter.com/rgerhards
> >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
> >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> >> DON'T LIKE THAT.
> >>
> > _______________________________________________
> > rsyslog mailing list
> > http://lists.adiscon.net/mailman/listinfo/rsyslog
> > http://www.rsyslog.com/professional-services/
> > What's up with rsyslog? Follow https://twitter.com/rgerhards
> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> DON'T LIKE THAT.
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> DON'T LIKE THAT.
>
--
Grtz,
Jörgen Maas
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
