Hello, We had this problem at one point when having different versions of rsyslog (and/or gnutls) acting as client and server. Another time when I encountered this was when I didn't set up certificates properly.
I hope this helps. Best regards, Radu -- Performance Monitoring * Log Analytics * Search Analytics Solr & Elasticsearch Support * http://sematext.com/ On Thu, Nov 5, 2015 at 7:27 AM, Jörgen Maas <[email protected]> wrote: > Hi all, > > With yesterdays help i've succeeded in setting up a TLS listener. I also > setup a forwarder as desribed in: > http://blog.sematext.com/2014/03/25/encrypting-logs-on-their-way-to-elasticsearch-part-2-tls-syslog/ > > On the server side i see this in my logs: > Nov 5 06:10:50 logmanagement rsyslogd-2083: gnutls returned error on > handshake: An unexpected TLS packet was received. > > I captured the network sessions and the messages are sent with plain tcp > (readable), so that explains the server side log entry. > > This is my client side config: > > action( > type="omfwd" > target="192.168.124.100" > port="6514" > protocol="tcp" > template="RSYSLOG_SyslogProtocol23Format" > StreamDriver="gtls" > StreamDriverMode="1" > StreamDriverAuthMode="x509/name" > StreamDriverPermittedPeers="logmanagement.xxx.yyy" > ) > > The "gtls" default settings are set in the global() section, as discussed > yesterday. > > Software version: > rsyslog-7.4.7-7.el7_1.1.x86_64 > > > What am I missing here? > > Thanks! > > > Regards, > Jörgen > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T > LIKE THAT. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
