Hi Radu, Excellent, so that issue is confirmed. Now I just need to document it on our side so that we can revisit this issue when upgrading.
Thanks again! Cheers, Jörgen On Wed, Nov 4, 2015 at 2:27 PM, Radu Gheorghe <[email protected]> wrote: > Hello, > > Regarding defaultNetstreamDriverCertFile, I know I realized the same > thing a couple of years ago, then did a small contribution to add > support in RainerScript (which I can't find right now) and it's now > supported. But it may not have made it into the version you're using. > > Best regards, > Radu > -- > Performance Monitoring * Log Analytics * Search Analytics > Solr & Elasticsearch Support * http://sematext.com/ > > > On Wed, Nov 4, 2015 at 2:41 PM, Jörgen Maas <[email protected]> wrote: > > Yes, that helps! > > > > I've now succeeded in getting a tls listerner up and running. > > > > I have recreated the certs following the rsyslog docs, just tto make sure > > certificated and permissions on these files weren't an issue. > > > > Also i found that the certfile directive is not working in the global() > > section.I had to resort to a legacy configuration parameter, config now > > looks like this: > > > > global( > > defaultNetstreamDriver="gtls" > > defaultNetstreamDriverCAFile="/etc/rsyslog.d/keys/ca.pem" > > #defaultNetstreamDriverCertFile="/etc/rsyslog.d/keys/host-cert.pem" > > defaultNetstreamDriverKeyFile="/etc/rsyslog.d/keys/host-key.pem" > > ) > > > > $DefaultNetstreamDriverCertFile /etc/rsyslog.d/keys/host-cert.pem > > > > Perhaps the new config option has a different name, couldn't find it > though. > > > > Thanks for all the help so far! > > > > Kind regards, > > Jörgen > > > > On Wed, Nov 4, 2015 at 12:51 PM, Radu Gheorghe < > [email protected]> > > wrote: > > > >> Hello, > >> > >> We're currently using both imptcp (for plain tcp) and imtcp (for TLS), > >> so it should work eventually (we also use RELP via imrelp, imudp and > >> imuxsock). RELP+TLS (via imrelp) should work as well, though it may be > >> tricky to make it work along with plain TCP+TLS. I know a while ago > >> there were some issues with GnuTLS versions, I'm not sure they're > >> fixed or not. > >> > >> I assume everything should work with RainerScript, we have everything > >> RainerScript for example, though I'm not sure about 7.x. I also can't > >> tell when traditional syntax will be deprecated, I don't know of any > >> plans for that. Some new features may only be added via RainerScript, > >> but I'm not aware of any removals of the old syntax. > >> > >> I hope this helps. > >> > >> Best regards, > >> Radu > >> -- > >> Performance Monitoring * Log Analytics * Search Analytics > >> Solr & Elasticsearch Support * http://sematext.com/ > >> > >> > >> On Wed, Nov 4, 2015 at 1:27 PM, Jörgen Maas <[email protected]> > wrote: > >> > Hi, > >> > > >> > I am using imptcp and imtcp concurrently, is this not supported > perhaps? > >> > > >> > Let me explain what i'm trying to do;I want to create a rsyslog > >> > configuration that supports the following listeners (collector > system): > >> > - local (imjournal + imuxsock) > >> > - udp (imudp) > >> > - tcp (imptcp) > >> > - tls (imtcp) > >> > - relp (imrelp) > >> > - relp/tls (?) > >> > > >> > Also i want to forward reliably, eg. by using relp/tls, to a central > log > >> > server > >> > > >> > I suppose this should be possible, but perhaps not just yet with the > >> > rainerscript syntax? > >> > > >> > When stuck on 7.x (EL7) should i revert to using traditional syntax? > >> > > >> > When will traditional syntax be deprecated and removed ? > >> > > >> > Thanks! > >> > > >> > Jörgen > >> > > >> > > >> > On Wed, Nov 4, 2015 at 11:36 AM, Radu Gheorghe < > >> [email protected]> > >> > wrote: > >> > > >> >> Hello, > >> >> > >> >> The issue seems to indicate that you're trying to use TLS for an > >> >> imptcp listener (note the "p"), but I don't see that in your config > >> >> :-S > >> >> -- > >> >> Performance Monitoring * Log Analytics * Search Analytics > >> >> Solr & Elasticsearch Support * http://sematext.com/ > >> >> > >> >> > >> >> On Wed, Nov 4, 2015 at 12:12 PM, Jörgen Maas <[email protected]> > >> >> wrote: > >> >> > Hmm.. I've tried updating CentOS 7, even though updates for rsyslog > >> were > >> >> > applied the problem still persists. > >> >> > > >> >> > So I decided to delete the CentOS packages and go with the 7-stable > >> >> > repository as provided by adiscon. > >> >> > > >> >> > With the same configuration i now see this in my logs (among other > >> >> tings): > >> >> > > >> >> > Nov 4 11:06:36 logmanagement-client rsyslogd-2081: error: driver > >> mode 1 > >> >> > not supported by ptcp netstream driver [try > >> >> http://www.rsyslog.com/e/2081 ] > >> >> > Nov 4 11:06:36 logmanagement-client rsyslogd-2081: Could not > create > >> tcp > >> >> > listener, ignoring port 2514. [try http://www.rsyslog.com/e/2081 ] > >> >> > Nov 4 11:06:36 logmanagement-client rsyslogd-2081: error: driver > >> mode 1 > >> >> > not supported by ptcp netstream driver [try > >> >> http://www.rsyslog.com/e/2081 ] > >> >> > Nov 4 11:06:36 logmanagement-client rsyslogd-2081: error: driver > >> mode 1 > >> >> > not supported by ptcp netstream driver [try > >> >> http://www.rsyslog.com/e/2081 ] > >> >> > > >> >> > Still an issue creating a listener. I suppose the problem is in my > >> >> > configuration? > >> >> > > >> >> > Also, there doesn't seem to be a imjournal module which was > available > >> in > >> >> > CentOS. > >> >> > > >> >> > TIA > >> >> > > >> >> > Cheers, > >> >> > Jörgen > >> >> > > >> >> > On Wed, Nov 4, 2015 at 9:57 AM, Radu Gheorghe < > >> >> [email protected]> > >> >> > wrote: > >> >> > > >> >> >> Hello Jörgen, > >> >> >> > >> >> >> You're welcome. The server config looks OK to me, it smells like > >> >> >> there's an issue with the libraries or versioning. I would try to > >> >> >> upgrade to the latest rsyslog from the repositories and see if > this > >> >> >> helps. > >> >> >> > >> >> >> You can check if /usr/lib64/rsyslog/lmnsd_gtls.so is there in the > >> >> >> first place but if it is, it's probably not the correct version. > >> >> >> > >> >> >> Best regards, > >> >> >> Radu > >> >> >> -- > >> >> >> Performance Monitoring * Log Analytics * Search Analytics > >> >> >> Solr & Elasticsearch Support * http://sematext.com/ > >> >> >> > >> >> >> > >> >> >> On Wed, Nov 4, 2015 at 10:31 AM, Jörgen Maas < > [email protected]> > >> >> >> wrote: > >> >> >> > Thanks for the link, great blog post which solves my forwarding > >> over > >> >> TLS > >> >> >> > use-case :) > >> >> >> > > >> >> >> > But i still cant figure out how to use TLS input (next to > >> >> udp/tcp/relp), > >> >> >> my > >> >> >> > config so far: > >> >> >> > > >> >> >> > This is my v7 based configuration: > >> >> >> > > >> >> >> > global( > >> >> >> > defaultNetstreamDriver="gtls" > >> >> >> > > defaultNetstreamDriverCAFile="/etc/rsyslog.d/keys/CAroot.crt" > >> >> >> > > >> >> >> > > >> >> >> > >> >> > >> > defaultNetstreamDriverKeyFile="/etc/rsyslog.d/keys/logmanagement-client.crt" > >> >> >> > ) > >> >> >> > > >> >> >> > my plain tcp input config: > >> >> >> > > >> >> >> > module( > >> >> >> > load="imptcp" > >> >> >> > Threads="2" > >> >> >> > ) > >> >> >> > > >> >> >> > input( > >> >> >> > type="imptcp" > >> >> >> > port="514" > >> >> >> > ) > >> >> >> > > >> >> >> > my tls input so far (not working) > >> >> >> > > >> >> >> > module( > >> >> >> > load="imtcp" > >> >> >> > KeepAlive="off" > >> >> >> > FlowControl="on" > >> >> >> > MaxListeners="20" > >> >> >> > MaxSessions="200" > >> >> >> > StreamDriver.Mode="1" # enable TLS only > >> >> >> > StreamDriver.AuthMode="x509/name" > >> >> >> > PermittedPeer=[""] > >> >> >> > ) > >> >> >> > > >> >> >> > > >> >> >> > input( > >> >> >> > type="imtcp" > >> >> >> > port="2514" > >> >> >> > name="tcptls" > >> >> >> > ) > >> >> >> > > >> >> >> > syntax check is OK, but when i restart rsyslog i see: > >> >> >> > > >> >> >> > Nov 4 09:20:21 logmanagement-client rsyslogd: [origin > >> >> >> software="rsyslogd" > >> >> >> > swVersion="7.4.7" x-pid="2627" x-info="http://www.rsyslog.com";] > >> >> exiting > >> >> >> on > >> >> >> > signal 15. > >> >> >> > Nov 4 09:20:21 logmanagement-client rsyslogd: [origin > >> >> >> software="rsyslogd" > >> >> >> > swVersion="7.4.7" x-pid="2635" x-info="http://www.rsyslog.com";] > >> start > >> >> >> > Nov 4 09:20:21 logmanagement-client rsyslogd-2068: could not > load > >> >> module > >> >> >> > '/usr/lib64/rsyslog/lmnsd_gtls.so', rsyslog error -2078 > >> >> >> > [try http://www.rsyslog.com/e/2068 ] > >> >> >> > Nov 4 09:20:21 logmanagement-client rsyslogd-2068: tcpsrv could > >> not > >> >> >> create > >> >> >> > listener (inputname: 'tcptls') [try > http://www.rsyslog.com/e/2068 > >> ] > >> >> >> > Nov 4 09:20:21 logmanagement-client rsyslogd-2068: activation > of > >> >> module > >> >> >> > imtcp failed [try http://www.rsyslog.com/e/2068 ] > >> >> >> > > >> >> >> > software (EL7): > >> >> >> > > >> >> >> > [root@logmanagement-client:/etc/rsyslog.d]# rpm -qa|grep > rsyslog > >> >> >> > rsyslog-relp-7.4.7-7.el7_0.x86_64 > >> >> >> > rsyslog-gnutls-7.4.7-7.el7_0.x86_64 > >> >> >> > rsyslog-7.4.7-7.el7_0.x86_64 > >> >> >> > > >> >> >> > > >> >> >> > Any suggestions are very much appreciated! > >> >> >> > > >> >> >> > Thanks in advance. > >> >> >> > > >> >> >> > Kind regards, > >> >> >> > Jörgen > >> >> >> > > >> >> >> > On Wed, Nov 4, 2015 at 8:51 AM, Radu Gheorghe < > >> >> >> [email protected]> > >> >> >> > wrote: > >> >> >> > > >> >> >> >> Hi Jörgen, > >> >> >> >> > >> >> >> >> You can find the client config in this blog post: > >> >> >> >> > >> >> >> >> > >> >> >> > >> >> > >> > http://blog.sematext.com/2014/03/25/encrypting-logs-on-their-way-to-elasticsearch-part-2-tls-syslog/ > >> >> >> >> > >> >> >> >> I suppose you can deduce the server config from that and the > >> linked > >> >> >> >> howtos (which are old-style). If you can't, please let me know > and > >> >> >> >> I'll dig for a server example. > >> >> >> >> > >> >> >> >> Best regards, > >> >> >> >> Radu > >> >> >> >> -- > >> >> >> >> Performance Monitoring * Log Analytics * Search Analytics > >> >> >> >> Solr & Elasticsearch Support * http://sematext.com/ > >> >> >> >> > >> >> >> >> > >> >> >> >> On Tue, Nov 3, 2015 at 9:41 PM, Jörgen Maas < > >> [email protected]> > >> >> >> wrote: > >> >> >> >> > Hi guys, > >> >> >> >> > > >> >> >> >> > I'm in the process of testing rsyslogd for a rather large > >> >> >> logmanagement > >> >> >> >> > environment. > >> >> >> >> > So far i succeeded in accomplishing most tasks using the > >> >> rainerscript > >> >> >> >> > syntax, but for gnutls input/output the syntax is unclear, > also > >> >> cant > >> >> >> seem > >> >> >> >> > to find it in the docs. > >> >> >> >> > > >> >> >> >> > I would appreciate it if someone could assist by supplying an > >> >> example > >> >> >> or > >> >> >> >> > point me to the correct docs. I'm on rsyslog 7 as shipped > with > >> EL7. > >> >> >> >> > > >> >> >> >> > Thanks! > >> >> >> >> > > >> >> >> >> > Best regards, > >> >> >> >> > > >> >> >> >> > Jörgen > >> >> >> >> > _______________________________________________ > >> >> >> >> > rsyslog mailing list > >> >> >> >> > http://lists.adiscon.net/mailman/listinfo/rsyslog > >> >> >> >> > http://www.rsyslog.com/professional-services/ > >> >> >> >> > What's up with rsyslog? Follow https://twitter.com/rgerhards > >> >> >> >> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED > by > >> a > >> >> >> myriad > >> >> >> >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT > POST if > >> >> you > >> >> >> >> DON'T LIKE THAT. > >> >> >> >> _______________________________________________ > >> >> >> >> rsyslog mailing list > >> >> >> >> http://lists.adiscon.net/mailman/listinfo/rsyslog > >> >> >> >> http://www.rsyslog.com/professional-services/ > >> >> >> >> What's up with rsyslog? Follow https://twitter.com/rgerhards > >> >> >> >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED > by a > >> >> myriad > >> >> >> >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT > POST if > >> >> you > >> >> >> >> DON'T LIKE THAT. > >> >> >> > _______________________________________________ > >> >> >> > rsyslog mailing list > >> >> >> > http://lists.adiscon.net/mailman/listinfo/rsyslog > >> >> >> > http://www.rsyslog.com/professional-services/ > >> >> >> > What's up with rsyslog? Follow https://twitter.com/rgerhards > >> >> >> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by > a > >> >> myriad > >> >> >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if > >> you > >> >> >> DON'T LIKE THAT. > >> >> >> _______________________________________________ > >> >> >> rsyslog mailing list > >> >> >> http://lists.adiscon.net/mailman/listinfo/rsyslog > >> >> >> http://www.rsyslog.com/professional-services/ > >> >> >> What's up with rsyslog? Follow https://twitter.com/rgerhards > >> >> >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a > >> myriad > >> >> >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if > >> you > >> >> >> DON'T LIKE THAT. > >> >> >> > >> >> > > >> >> > > >> >> > > >> >> > -- > >> >> > Grtz, > >> >> > Jörgen Maas > >> >> > _______________________________________________ > >> >> > rsyslog mailing list > >> >> > http://lists.adiscon.net/mailman/listinfo/rsyslog > >> >> > http://www.rsyslog.com/professional-services/ > >> >> > What's up with rsyslog? Follow https://twitter.com/rgerhards > >> >> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a > >> myriad > >> >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if > you > >> >> DON'T LIKE THAT. > >> >> _______________________________________________ > >> >> rsyslog mailing list > >> >> http://lists.adiscon.net/mailman/listinfo/rsyslog > >> >> http://www.rsyslog.com/professional-services/ > >> >> What's up with rsyslog? Follow https://twitter.com/rgerhards > >> >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a > myriad > >> >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if > you > >> >> DON'T LIKE THAT. > >> >> > >> > _______________________________________________ > >> > rsyslog mailing list > >> > http://lists.adiscon.net/mailman/listinfo/rsyslog > >> > http://www.rsyslog.com/professional-services/ > >> > What's up with rsyslog? Follow https://twitter.com/rgerhards > >> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a > myriad > >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > >> DON'T LIKE THAT. > >> _______________________________________________ > >> rsyslog mailing list > >> http://lists.adiscon.net/mailman/listinfo/rsyslog > >> http://www.rsyslog.com/professional-services/ > >> What's up with rsyslog? Follow https://twitter.com/rgerhards > >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > >> DON'T LIKE THAT. > >> > > > > > > > > -- > > Grtz, > > Jörgen Maas > > _______________________________________________ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com/professional-services/ > > What's up with rsyslog? Follow https://twitter.com/rgerhards > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > -- Grtz, Jörgen Maas _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
