Hi, thanks for the reply. So with CentOS 6.6, without recompiling librelp, can I not configure TLS ?? Even if you install an earlier version of rsyslog ?? I tried to configure the module imtcp with TLS but it still has to be in error also with the option anonymous TLS !!! In short, without recompilation, is there no option to configure TLS on CentOS 6.6 ??
Best Regard Message: 29 Date: Thu, 24 Mar 2016 13:18:15 +0100 From: "Elmopi, Stefano" <[email protected]> To: [email protected] Subject: [rsyslog] Problem with RELP TLS Message-ID: <caaldbuedjtbtuchaxao2tij-bdlmgo883c2g3cvhp-pidy4...@mail.gmail.com> Content-Type: text/plain; charset=UTF-8 Hi, I installed rsyslog on CentOS 6.6, these are the installed packages: rsyslog-8.17.0-1.el6.x86_64 rsyslog-mysql-8.17.0-1.el6.x86_64 rsyslog-gnutls-8.17.0-1.el6.x86_64 rsyslog-snmp-8.17.0-1.el6.x86_64 rsyslog-relp-8.17.0-1.el6.x86_64 librelp-1.2.9-1.el6.x86_64 gnutls-2.8.5-19.el6_7.x86_64 and I would like to configure Relp with TLS: input(type="imrelp" name="TCP_Collector" ruleset="Collector" port="20514" tls="on" tls.caCert="/etc/pki/rsyslog/CA/CA_Collaudo.crt" tls.myCert="/etc/pki/rsyslog/Certs/sys01devpom.sociale.it.crt" tls.myPrivKey="/etc/pki/rsyslog/Key/sys01devpom.sociale.it.pem" tls.authMode="name" tls.permittedpeer=["*.sociale.it"] ) but when I start rsyslog, read in the log file: rsyslogd-2291: imrelp: could not activate relp listner, code 10046 [v8.17.0 try http://www.rsyslog.com/e/2291 ] only this line and nothing else. I made many tests and searched a lot on Google but nothing, I found no solution Thanks for your help Best Regards Ing. Stefano Elmopi Cooperativa Capodarco - Resp. Area ICT Gestione Esercizio Via Ostiense 131/L Corpo B, 00154 Roma cell. 3466147165 tel. 0657060500 email:[email protected] -- "Ai sensi e per gli effetti della legge sulla tutela dei dati personali (D.lgs 196/2003), le informazioni contenute nella presente @mail sono di natura riservata e destinate ad un uso aziendale-lavorativo con esclusione di utilizzi ad uso personale; come tali, pertanto, sono riservate esclusivamente ai destinatari sopra indicati. E' proibito leggere, copiare, usare o diffondere il contenuto della presente @mail senza autorizzazione. Se avete ricevuto questa @mail per errore, siete pregati di rispedire la stessa al mittente. Grazie" ------------------------------ Message: 30 Date: Thu, 24 Mar 2016 14:52:54 +0100 From: Rainer Gerhards <[email protected]> To: rsyslog-users <[email protected]> Subject: Re: [rsyslog] Problem with RELP TLS Message-ID: <cadk+mpcnxtmgp1oi0iq7p1qmv5rcqv-hp7e_m2cmpwfapnk...@mail.gmail.com> Content-Type: text/plain; charset=UTF-8 2016-03-24 13:18 GMT+01:00 Elmopi, Stefano <[email protected]>: > Hi, > I installed rsyslog on CentOS 6.6, these are the installed packages: > rsyslog-8.17.0-1.el6.x86_64 > rsyslog-mysql-8.17.0-1.el6.x86_64 > rsyslog-gnutls-8.17.0-1.el6.x86_64 > rsyslog-snmp-8.17.0-1.el6.x86_64 > rsyslog-relp-8.17.0-1.el6.x86_64 > librelp-1.2.9-1.el6.x86_64 > gnutls-2.8.5-19.el6_7.x86_64 > > and I would like to configure Relp with TLS: > > input(type="imrelp" name="TCP_Collector" ruleset="Collector" port="20514" > tls="on" > tls.caCert="/etc/pki/rsyslog/CA/CA_Collaudo.crt" > tls.myCert="/etc/pki/rsyslog/Certs/sys01devpom.sociale.it.crt" > tls.myPrivKey="/etc/pki/rsyslog/Key/sys01devpom.sociale.it.pem" > tls.authMode="name" > tls.permittedpeer=["*.sociale.it"] > ) > > > but when I start rsyslog, read in the log file: > > rsyslogd-2291: imrelp: could not activate relp listner, code 10046 [v8.17.0 > try http://www.rsyslog.com/e/2291 ] >From librelp: #define RELP_RET_ERR_NO_TLS_AUTH RELPERR_BASE + 46 /**< platform does not provide TLS auth support */ So it looks like CentOS 6.6 does not offer a recent enough version of GnuTLS to support TLS authentication. Some of the APIs we need are missing. I remember we implemented a work-around to at least support anonymous TLS for such platforms. You can solve this by installing a new GnuTLS version and building librelp (and possibly rsyslog) from source. As a side note, the same information is present in the link rsyslog gave in the error message ;) HTH Rainer Ing. Stefano Elmopi Cooperativa Capodarco - Resp. Area ICT Gestione Esercizio Via Ostiense 131/L Corpo B, 00154 Roma cell. 3466147165 tel. 0657060500 email:[email protected] -- "Ai sensi e per gli effetti della legge sulla tutela dei dati personali (D.lgs 196/2003), le informazioni contenute nella presente @mail sono di natura riservata e destinate ad un uso aziendale-lavorativo con esclusione di utilizzi ad uso personale; come tali, pertanto, sono riservate esclusivamente ai destinatari sopra indicati. E' proibito leggere, copiare, usare o diffondere il contenuto della presente @mail senza autorizzazione. Se avete ricevuto questa @mail per errore, siete pregati di rispedire la stessa al mittente. Grazie" _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
