Hi Jörgen, You're welcome. I found the commit in the meantime (via git.adiscon.com): http://git.adiscon.com/?p=rsyslog.git;a=commit;h=1657ebe3b83f5f9a6a87fffc29d981ad7a788648
That's in March 2014 and 7.4.7 was released on 2013-12-10 (see https://github.com/rsyslog/rsyslog/blob/v7-stable/ChangeLog). So it should work when you upgrade. Best regards, Radu -- Performance Monitoring * Log Analytics * Search Analytics Solr & Elasticsearch Support * http://sematext.com/ On Wed, Nov 4, 2015 at 4:13 PM, Jörgen Maas <[email protected]> wrote: > Hi Radu, > > Excellent, so that issue is confirmed. > Now I just need to document it on our side so that we can revisit this > issue when upgrading. > > Thanks again! > > Cheers, > Jörgen > > > > On Wed, Nov 4, 2015 at 2:27 PM, Radu Gheorghe <[email protected]> > wrote: > >> Hello, >> >> Regarding defaultNetstreamDriverCertFile, I know I realized the same >> thing a couple of years ago, then did a small contribution to add >> support in RainerScript (which I can't find right now) and it's now >> supported. But it may not have made it into the version you're using. >> >> Best regards, >> Radu >> -- >> Performance Monitoring * Log Analytics * Search Analytics >> Solr & Elasticsearch Support * http://sematext.com/ >> >> >> On Wed, Nov 4, 2015 at 2:41 PM, Jörgen Maas <[email protected]> wrote: >> > Yes, that helps! >> > >> > I've now succeeded in getting a tls listerner up and running. >> > >> > I have recreated the certs following the rsyslog docs, just tto make sure >> > certificated and permissions on these files weren't an issue. >> > >> > Also i found that the certfile directive is not working in the global() >> > section.I had to resort to a legacy configuration parameter, config now >> > looks like this: >> > >> > global( >> > defaultNetstreamDriver="gtls" >> > defaultNetstreamDriverCAFile="/etc/rsyslog.d/keys/ca.pem" >> > #defaultNetstreamDriverCertFile="/etc/rsyslog.d/keys/host-cert.pem" >> > defaultNetstreamDriverKeyFile="/etc/rsyslog.d/keys/host-key.pem" >> > ) >> > >> > $DefaultNetstreamDriverCertFile /etc/rsyslog.d/keys/host-cert.pem >> > >> > Perhaps the new config option has a different name, couldn't find it >> though. >> > >> > Thanks for all the help so far! >> > >> > Kind regards, >> > Jörgen >> > >> > On Wed, Nov 4, 2015 at 12:51 PM, Radu Gheorghe < >> [email protected]> >> > wrote: >> > >> >> Hello, >> >> >> >> We're currently using both imptcp (for plain tcp) and imtcp (for TLS), >> >> so it should work eventually (we also use RELP via imrelp, imudp and >> >> imuxsock). RELP+TLS (via imrelp) should work as well, though it may be >> >> tricky to make it work along with plain TCP+TLS. I know a while ago >> >> there were some issues with GnuTLS versions, I'm not sure they're >> >> fixed or not. >> >> >> >> I assume everything should work with RainerScript, we have everything >> >> RainerScript for example, though I'm not sure about 7.x. I also can't >> >> tell when traditional syntax will be deprecated, I don't know of any >> >> plans for that. Some new features may only be added via RainerScript, >> >> but I'm not aware of any removals of the old syntax. >> >> >> >> I hope this helps. >> >> >> >> Best regards, >> >> Radu >> >> -- >> >> Performance Monitoring * Log Analytics * Search Analytics >> >> Solr & Elasticsearch Support * http://sematext.com/ >> >> >> >> >> >> On Wed, Nov 4, 2015 at 1:27 PM, Jörgen Maas <[email protected]> >> wrote: >> >> > Hi, >> >> > >> >> > I am using imptcp and imtcp concurrently, is this not supported >> perhaps? >> >> > >> >> > Let me explain what i'm trying to do;I want to create a rsyslog >> >> > configuration that supports the following listeners (collector >> system): >> >> > - local (imjournal + imuxsock) >> >> > - udp (imudp) >> >> > - tcp (imptcp) >> >> > - tls (imtcp) >> >> > - relp (imrelp) >> >> > - relp/tls (?) >> >> > >> >> > Also i want to forward reliably, eg. by using relp/tls, to a central >> log >> >> > server >> >> > >> >> > I suppose this should be possible, but perhaps not just yet with the >> >> > rainerscript syntax? >> >> > >> >> > When stuck on 7.x (EL7) should i revert to using traditional syntax? >> >> > >> >> > When will traditional syntax be deprecated and removed ? >> >> > >> >> > Thanks! >> >> > >> >> > Jörgen >> >> > >> >> > >> >> > On Wed, Nov 4, 2015 at 11:36 AM, Radu Gheorghe < >> >> [email protected]> >> >> > wrote: >> >> > >> >> >> Hello, >> >> >> >> >> >> The issue seems to indicate that you're trying to use TLS for an >> >> >> imptcp listener (note the "p"), but I don't see that in your config >> >> >> :-S >> >> >> -- >> >> >> Performance Monitoring * Log Analytics * Search Analytics >> >> >> Solr & Elasticsearch Support * http://sematext.com/ >> >> >> >> >> >> >> >> >> On Wed, Nov 4, 2015 at 12:12 PM, Jörgen Maas <[email protected]> >> >> >> wrote: >> >> >> > Hmm.. I've tried updating CentOS 7, even though updates for rsyslog >> >> were >> >> >> > applied the problem still persists. >> >> >> > >> >> >> > So I decided to delete the CentOS packages and go with the 7-stable >> >> >> > repository as provided by adiscon. >> >> >> > >> >> >> > With the same configuration i now see this in my logs (among other >> >> >> tings): >> >> >> > >> >> >> > Nov 4 11:06:36 logmanagement-client rsyslogd-2081: error: driver >> >> mode 1 >> >> >> > not supported by ptcp netstream driver [try >> >> >> http://www.rsyslog.com/e/2081 ] >> >> >> > Nov 4 11:06:36 logmanagement-client rsyslogd-2081: Could not >> create >> >> tcp >> >> >> > listener, ignoring port 2514. [try http://www.rsyslog.com/e/2081 ] >> >> >> > Nov 4 11:06:36 logmanagement-client rsyslogd-2081: error: driver >> >> mode 1 >> >> >> > not supported by ptcp netstream driver [try >> >> >> http://www.rsyslog.com/e/2081 ] >> >> >> > Nov 4 11:06:36 logmanagement-client rsyslogd-2081: error: driver >> >> mode 1 >> >> >> > not supported by ptcp netstream driver [try >> >> >> http://www.rsyslog.com/e/2081 ] >> >> >> > >> >> >> > Still an issue creating a listener. I suppose the problem is in my >> >> >> > configuration? >> >> >> > >> >> >> > Also, there doesn't seem to be a imjournal module which was >> available >> >> in >> >> >> > CentOS. >> >> >> > >> >> >> > TIA >> >> >> > >> >> >> > Cheers, >> >> >> > Jörgen >> >> >> > >> >> >> > On Wed, Nov 4, 2015 at 9:57 AM, Radu Gheorghe < >> >> >> [email protected]> >> >> >> > wrote: >> >> >> > >> >> >> >> Hello Jörgen, >> >> >> >> >> >> >> >> You're welcome. The server config looks OK to me, it smells like >> >> >> >> there's an issue with the libraries or versioning. I would try to >> >> >> >> upgrade to the latest rsyslog from the repositories and see if >> this >> >> >> >> helps. >> >> >> >> >> >> >> >> You can check if /usr/lib64/rsyslog/lmnsd_gtls.so is there in the >> >> >> >> first place but if it is, it's probably not the correct version. >> >> >> >> >> >> >> >> Best regards, >> >> >> >> Radu >> >> >> >> -- >> >> >> >> Performance Monitoring * Log Analytics * Search Analytics >> >> >> >> Solr & Elasticsearch Support * http://sematext.com/ >> >> >> >> >> >> >> >> >> >> >> >> On Wed, Nov 4, 2015 at 10:31 AM, Jörgen Maas < >> [email protected]> >> >> >> >> wrote: >> >> >> >> > Thanks for the link, great blog post which solves my forwarding >> >> over >> >> >> TLS >> >> >> >> > use-case :) >> >> >> >> > >> >> >> >> > But i still cant figure out how to use TLS input (next to >> >> >> udp/tcp/relp), >> >> >> >> my >> >> >> >> > config so far: >> >> >> >> > >> >> >> >> > This is my v7 based configuration: >> >> >> >> > >> >> >> >> > global( >> >> >> >> > defaultNetstreamDriver="gtls" >> >> >> >> > >> defaultNetstreamDriverCAFile="/etc/rsyslog.d/keys/CAroot.crt" >> >> >> >> > >> >> >> >> > >> >> >> >> >> >> >> >> >> >> defaultNetstreamDriverKeyFile="/etc/rsyslog.d/keys/logmanagement-client.crt" >> >> >> >> > ) >> >> >> >> > >> >> >> >> > my plain tcp input config: >> >> >> >> > >> >> >> >> > module( >> >> >> >> > load="imptcp" >> >> >> >> > Threads="2" >> >> >> >> > ) >> >> >> >> > >> >> >> >> > input( >> >> >> >> > type="imptcp" >> >> >> >> > port="514" >> >> >> >> > ) >> >> >> >> > >> >> >> >> > my tls input so far (not working) >> >> >> >> > >> >> >> >> > module( >> >> >> >> > load="imtcp" >> >> >> >> > KeepAlive="off" >> >> >> >> > FlowControl="on" >> >> >> >> > MaxListeners="20" >> >> >> >> > MaxSessions="200" >> >> >> >> > StreamDriver.Mode="1" # enable TLS only >> >> >> >> > StreamDriver.AuthMode="x509/name" >> >> >> >> > PermittedPeer=[""] >> >> >> >> > ) >> >> >> >> > >> >> >> >> > >> >> >> >> > input( >> >> >> >> > type="imtcp" >> >> >> >> > port="2514" >> >> >> >> > name="tcptls" >> >> >> >> > ) >> >> >> >> > >> >> >> >> > syntax check is OK, but when i restart rsyslog i see: >> >> >> >> > >> >> >> >> > Nov 4 09:20:21 logmanagement-client rsyslogd: [origin >> >> >> >> software="rsyslogd" >> >> >> >> > swVersion="7.4.7" x-pid="2627" x-info="http://www.rsyslog.com";] >> >> >> exiting >> >> >> >> on >> >> >> >> > signal 15. >> >> >> >> > Nov 4 09:20:21 logmanagement-client rsyslogd: [origin >> >> >> >> software="rsyslogd" >> >> >> >> > swVersion="7.4.7" x-pid="2635" x-info="http://www.rsyslog.com";] >> >> start >> >> >> >> > Nov 4 09:20:21 logmanagement-client rsyslogd-2068: could not >> load >> >> >> module >> >> >> >> > '/usr/lib64/rsyslog/lmnsd_gtls.so', rsyslog error -2078 >> >> >> >> > [try http://www.rsyslog.com/e/2068 ] >> >> >> >> > Nov 4 09:20:21 logmanagement-client rsyslogd-2068: tcpsrv could >> >> not >> >> >> >> create >> >> >> >> > listener (inputname: 'tcptls') [try >> http://www.rsyslog.com/e/2068 >> >> ] >> >> >> >> > Nov 4 09:20:21 logmanagement-client rsyslogd-2068: activation >> of >> >> >> module >> >> >> >> > imtcp failed [try http://www.rsyslog.com/e/2068 ] >> >> >> >> > >> >> >> >> > software (EL7): >> >> >> >> > >> >> >> >> > [root@logmanagement-client:/etc/rsyslog.d]# rpm -qa|grep >> rsyslog >> >> >> >> > rsyslog-relp-7.4.7-7.el7_0.x86_64 >> >> >> >> > rsyslog-gnutls-7.4.7-7.el7_0.x86_64 >> >> >> >> > rsyslog-7.4.7-7.el7_0.x86_64 >> >> >> >> > >> >> >> >> > >> >> >> >> > Any suggestions are very much appreciated! >> >> >> >> > >> >> >> >> > Thanks in advance. >> >> >> >> > >> >> >> >> > Kind regards, >> >> >> >> > Jörgen >> >> >> >> > >> >> >> >> > On Wed, Nov 4, 2015 at 8:51 AM, Radu Gheorghe < >> >> >> >> [email protected]> >> >> >> >> > wrote: >> >> >> >> > >> >> >> >> >> Hi Jörgen, >> >> >> >> >> >> >> >> >> >> You can find the client config in this blog post: >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> http://blog.sematext.com/2014/03/25/encrypting-logs-on-their-way-to-elasticsearch-part-2-tls-syslog/ >> >> >> >> >> >> >> >> >> >> I suppose you can deduce the server config from that and the >> >> linked >> >> >> >> >> howtos (which are old-style). If you can't, please let me know >> and >> >> >> >> >> I'll dig for a server example. >> >> >> >> >> >> >> >> >> >> Best regards, >> >> >> >> >> Radu >> >> >> >> >> -- >> >> >> >> >> Performance Monitoring * Log Analytics * Search Analytics >> >> >> >> >> Solr & Elasticsearch Support * http://sematext.com/ >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> On Tue, Nov 3, 2015 at 9:41 PM, Jörgen Maas < >> >> [email protected]> >> >> >> >> wrote: >> >> >> >> >> > Hi guys, >> >> >> >> >> > >> >> >> >> >> > I'm in the process of testing rsyslogd for a rather large >> >> >> >> logmanagement >> >> >> >> >> > environment. >> >> >> >> >> > So far i succeeded in accomplishing most tasks using the >> >> >> rainerscript >> >> >> >> >> > syntax, but for gnutls input/output the syntax is unclear, >> also >> >> >> cant >> >> >> >> seem >> >> >> >> >> > to find it in the docs. >> >> >> >> >> > >> >> >> >> >> > I would appreciate it if someone could assist by supplying an >> >> >> example >> >> >> >> or >> >> >> >> >> > point me to the correct docs. I'm on rsyslog 7 as shipped >> with >> >> EL7. >> >> >> >> >> > >> >> >> >> >> > Thanks! >> >> >> >> >> > >> >> >> >> >> > Best regards, >> >> >> >> >> > >> >> >> >> >> > Jörgen >> >> >> >> >> > _______________________________________________ >> >> >> >> >> > rsyslog mailing list >> >> >> >> >> > http://lists.adiscon.net/mailman/listinfo/rsyslog >> >> >> >> >> > http://www.rsyslog.com/professional-services/ >> >> >> >> >> > What's up with rsyslog? Follow https://twitter.com/rgerhards >> >> >> >> >> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED >> by >> >> a >> >> >> >> myriad >> >> >> >> >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT >> POST if >> >> >> you >> >> >> >> >> DON'T LIKE THAT. >> >> >> >> >> _______________________________________________ >> >> >> >> >> rsyslog mailing list >> >> >> >> >> http://lists.adiscon.net/mailman/listinfo/rsyslog >> >> >> >> >> http://www.rsyslog.com/professional-services/ >> >> >> >> >> What's up with rsyslog? Follow https://twitter.com/rgerhards >> >> >> >> >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED >> by a >> >> >> myriad >> >> >> >> >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT >> POST if >> >> >> you >> >> >> >> >> DON'T LIKE THAT. >> >> >> >> > _______________________________________________ >> >> >> >> > rsyslog mailing list >> >> >> >> > http://lists.adiscon.net/mailman/listinfo/rsyslog >> >> >> >> > http://www.rsyslog.com/professional-services/ >> >> >> >> > What's up with rsyslog? Follow https://twitter.com/rgerhards >> >> >> >> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by >> a >> >> >> myriad >> >> >> >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if >> >> you >> >> >> >> DON'T LIKE THAT. >> >> >> >> _______________________________________________ >> >> >> >> rsyslog mailing list >> >> >> >> http://lists.adiscon.net/mailman/listinfo/rsyslog >> >> >> >> http://www.rsyslog.com/professional-services/ >> >> >> >> What's up with rsyslog? Follow https://twitter.com/rgerhards >> >> >> >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a >> >> myriad >> >> >> >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if >> >> you >> >> >> >> DON'T LIKE THAT. >> >> >> >> >> >> >> > >> >> >> > >> >> >> > >> >> >> > -- >> >> >> > Grtz, >> >> >> > Jörgen Maas >> >> >> > _______________________________________________ >> >> >> > rsyslog mailing list >> >> >> > http://lists.adiscon.net/mailman/listinfo/rsyslog >> >> >> > http://www.rsyslog.com/professional-services/ >> >> >> > What's up with rsyslog? Follow https://twitter.com/rgerhards >> >> >> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a >> >> myriad >> >> >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if >> you >> >> >> DON'T LIKE THAT. >> >> >> _______________________________________________ >> >> >> rsyslog mailing list >> >> >> http://lists.adiscon.net/mailman/listinfo/rsyslog >> >> >> http://www.rsyslog.com/professional-services/ >> >> >> What's up with rsyslog? Follow https://twitter.com/rgerhards >> >> >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a >> myriad >> >> >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if >> you >> >> >> DON'T LIKE THAT. >> >> >> >> >> > _______________________________________________ >> >> > rsyslog mailing list >> >> > http://lists.adiscon.net/mailman/listinfo/rsyslog >> >> > http://www.rsyslog.com/professional-services/ >> >> > What's up with rsyslog? Follow https://twitter.com/rgerhards >> >> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a >> myriad >> >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >> >> DON'T LIKE THAT. >> >> _______________________________________________ >> >> rsyslog mailing list >> >> http://lists.adiscon.net/mailman/listinfo/rsyslog >> >> http://www.rsyslog.com/professional-services/ >> >> What's up with rsyslog? Follow https://twitter.com/rgerhards >> >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad >> >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >> >> DON'T LIKE THAT. >> >> >> > >> > >> > >> > -- >> > Grtz, >> > Jörgen Maas >> > _______________________________________________ >> > rsyslog mailing list >> > http://lists.adiscon.net/mailman/listinfo/rsyslog >> > http://www.rsyslog.com/professional-services/ >> > What's up with rsyslog? Follow https://twitter.com/rgerhards >> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >> DON'T LIKE THAT. >> _______________________________________________ >> rsyslog mailing list >> http://lists.adiscon.net/mailman/listinfo/rsyslog >> http://www.rsyslog.com/professional-services/ >> What's up with rsyslog? Follow https://twitter.com/rgerhards >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >> DON'T LIKE THAT. >> > > > > -- > Grtz, > Jörgen Maas > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T > LIKE THAT. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
