2016-03-24 13:18 GMT+01:00 Elmopi, Stefano <[email protected]>: > Hi, > I installed rsyslog on CentOS 6.6, these are the installed packages: > rsyslog-8.17.0-1.el6.x86_64 > rsyslog-mysql-8.17.0-1.el6.x86_64 > rsyslog-gnutls-8.17.0-1.el6.x86_64 > rsyslog-snmp-8.17.0-1.el6.x86_64 > rsyslog-relp-8.17.0-1.el6.x86_64 > librelp-1.2.9-1.el6.x86_64 > gnutls-2.8.5-19.el6_7.x86_64 > > and I would like to configure Relp with TLS: > > input(type="imrelp" name="TCP_Collector" ruleset="Collector" port="20514" > tls="on" > tls.caCert="/etc/pki/rsyslog/CA/CA_Collaudo.crt" > tls.myCert="/etc/pki/rsyslog/Certs/sys01devpom.sociale.it.crt" > tls.myPrivKey="/etc/pki/rsyslog/Key/sys01devpom.sociale.it.pem" > tls.authMode="name" > tls.permittedpeer=["*.sociale.it"] > ) > > > but when I start rsyslog, read in the log file: > > rsyslogd-2291: imrelp: could not activate relp listner, code 10046 [v8.17.0 > try http://www.rsyslog.com/e/2291 ]
>From librelp: #define RELP_RET_ERR_NO_TLS_AUTH RELPERR_BASE + 46 /**< platform does not provide TLS auth support */ So it looks like CentOS 6.6 does not offer a recent enough version of GnuTLS to support TLS authentication. Some of the APIs we need are missing. I remember we implemented a work-around to at least support anonymous TLS for such platforms. You can solve this by installing a new GnuTLS version and building librelp (and possibly rsyslog) from source. As a side note, the same information is present in the link rsyslog gave in the error message ;) HTH Rainer > > only this line and nothing else. > I made many tests and searched a lot on Google but nothing, I found no > solution > Thanks for your help > > > Best Regards > > > Ing. Stefano Elmopi > Cooperativa Capodarco - Resp. Area ICT Gestione Esercizio > Via Ostiense 131/L Corpo B, 00154 Roma > > cell. 3466147165 > tel. 0657060500 > > email:[email protected] > > -- > "Ai sensi e per gli effetti della legge sulla tutela dei dati personali > (D.lgs 196/2003), > le informazioni contenute nella presente @mail sono di natura riservata e > destinate > ad un uso aziendale-lavorativo con esclusione di utilizzi ad uso personale; > come tali, > pertanto, sono riservate esclusivamente ai destinatari sopra indicati. E' > proibito leggere, > copiare, usare o diffondere il contenuto della presente @mail senza > autorizzazione. > Se avete ricevuto questa @mail per errore, siete pregati di rispedire la > stessa al mittente. > Grazie" > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T > LIKE THAT. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
