Hello Jörgen,

So if you "translate" the $Action... directives into RainerScript it
doesn't work at all? And you also don't get any configuration errors?
Then it would be a bug.

Best regards,
Radu
--
Performance Monitoring * Log Analytics * Search Analytics
Solr & Elasticsearch Support * http://sematext.com/


On Thu, Nov 5, 2015 at 2:22 PM, Jörgen Maas <[email protected]> wrote:
> Hi, thanks Radu for your feedback!
>
> On  the client and the server all rsyslog and gnutls versions are the same.
> I did recreate the certs with openssl, instead of the certutil as described
> in the docs.
> I now have this working, it's just like yesterdays issue a case of using
> new and old configuration *together* to make it work...
>
> But doing this seems to also cause some strange issues... i can imagine
> that this isn't really a well tested configuration (mixing old and new).
> Current config on the sender:
>
> $ActionSendStreamDriver gtls
> $ActionSendStreamDriverMode 1
> $ActionSendStreamDriverAuthMode x509/name
> $ActionSendStreamDriverPermittedPeers "logmanagement.xxx.yy"
>
> action(
>     type="omfwd"
>     target="192.168.124.100"
>     port="6514"
>     protocol="tcp"
>     template="RSYSLOG_SyslogProtocol23Format"
>     StreamDriver="gtls"
>     StreamDriverMode="1"
>     StreamDriverAuthMode="x509/name"
>     StreamDriverPermittedPeers="logmanagement.xxx.yy"
> )
>
> Without the legacy options (including
> $ActionSendStreamDriverPermittedPeers) rsyslogd wont even start.
> And with these options my log looks like this:
>
> Nov  5 10:59:49 logmanagement-client rsyslogd-3003: invalid or yet-unknown
> config file command 'ActionSendStreamDriverPermittedPeers' - have you
> forgotten to load a module? [try http://www.rsyslog.com/e/3003 ]
> Nov  5 10:59:26 logmanagement-client systemd: Stopping System Logging
> Service...
> Nov  5 10:59:26 logmanagement-client systemd: rsyslog.service: main process
> exited, code=killed, status=6/ABRT
> Nov  5 10:59:26 logmanagement-client systemd: Unit rsyslog.service entered
> failed state.
> Nov  5 10:59:26 logmanagement-client systemd: Starting System Logging
> Service...
> yikes -> Nov  5 10:59:26 logmanagement-client kernel: traps: rsyslogd[4698]
> general protection ip:7fd55a8584bd sp:7ffe547d5f90 error:0 in libc-2.17.so
> [7fd55a7dc000+1b6000]
>
> When i comment out the StreamDriverPermittedPeers, i get:
>
> Nov  5 11:02:58 logmanagement-client rsyslogd-2088: error: peer name not
> authorized -  not permitted to talk to it. Names: CN:
> logmanagement.xxx.yy;  [try http://www.rsyslog.com/e/2088 ]
>
> So with this "hybrid" config i can transfer logs over the tls channel. But
> unfortunately the system is not really stable, i have seen some segfaults
> and the general protection errors in the above log make me a bit wary using
> this in a production setting. Any suggestions/hints on this specific error
> and/or the segfaults?
>
> Thanks again!
>
> Regards,
> Jörgen
>
> On Thu, Nov 5, 2015 at 8:07 AM, Radu Gheorghe <[email protected]>
> wrote:
>
>> Hello,
>>
>> We had this problem at one point when having different versions of
>> rsyslog (and/or gnutls) acting as client and server. Another time when
>> I encountered this was when I didn't set up certificates properly.
>>
>> I hope this helps.
>>
>> Best regards,
>> Radu
>> --
>> Performance Monitoring * Log Analytics * Search Analytics
>> Solr & Elasticsearch Support * http://sematext.com/
>>
>>
>> On Thu, Nov 5, 2015 at 7:27 AM, Jörgen Maas <[email protected]> wrote:
>> > Hi all,
>> >
>> > With yesterdays help i've succeeded in setting up a TLS listener. I also
>> > setup a forwarder as desribed in:
>> >
>> http://blog.sematext.com/2014/03/25/encrypting-logs-on-their-way-to-elasticsearch-part-2-tls-syslog/
>> >
>> > On the server side i see this in my logs:
>> > Nov  5 06:10:50 logmanagement rsyslogd-2083: gnutls returned error on
>> > handshake: An unexpected TLS packet was received.
>> >
>> > I captured the network sessions and the messages are sent with plain tcp
>> > (readable), so that explains the server side log entry.
>> >
>> > This is my client side config:
>> >
>> > action(
>> >     type="omfwd"
>> >     target="192.168.124.100"
>> >     port="6514"
>> >     protocol="tcp"
>> >     template="RSYSLOG_SyslogProtocol23Format"
>> >     StreamDriver="gtls"
>> >     StreamDriverMode="1"
>> >     StreamDriverAuthMode="x509/name"
>> >     StreamDriverPermittedPeers="logmanagement.xxx.yyy"
>> > )
>> >
>> > The "gtls" default settings are set in the global() section, as discussed
>> > yesterday.
>> >
>> > Software version:
>> > rsyslog-7.4.7-7.el7_1.1.x86_64
>> >
>> >
>> > What am I missing here?
>> >
>> > Thanks!
>> >
>> >
>> > Regards,
>> > Jörgen
>> > _______________________________________________
>> > rsyslog mailing list
>> > http://lists.adiscon.net/mailman/listinfo/rsyslog
>> > http://www.rsyslog.com/professional-services/
>> > What's up with rsyslog? Follow https://twitter.com/rgerhards
>> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
>> DON'T LIKE THAT.
>> _______________________________________________
>> rsyslog mailing list
>> http://lists.adiscon.net/mailman/listinfo/rsyslog
>> http://www.rsyslog.com/professional-services/
>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
>> DON'T LIKE THAT.
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
> sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T 
> LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Reply via email to