Hi All,
I now have the following running:
global(
defaultNetstreamDriver="gtls"
defaultNetstreamDriverCAFile=”/rsyslog/protected/ca.pem”
defaultNetstreamDriverCertFile=”/rsyslog/protected/machine-cert.pem”
defaultNetstreamDriverKeyFile=”/rsyslog/protected/machine-key.pem”
)
module(
load="imtcp"
StreamDriver.mode="1"
StreamDreiver.authmode="x509/name"
PermittedPeer="*.example.net
[example.net]<https://urldefense.proofpoint.com/v2/url?u=http-3A__example.net&d=DwMFaQ&c=XK1GVu0Y2HvWRiFNJ9Hesw&r=QXMWS0iA1qwbOfy5sZbDJ1AtJyfHKq92dz87pCMZQOU&m=s4YpwkfmAqwEsJiqMSqmlsApJSamAoR3-vRcwrz-1xI&s=g6X85l5Olm7ho4IUiuM45tqdbbIjUtMeMDMqeLoRiHc&e=>"
)
input(
type="imtcp"
port="10514"
)
tcp 0 0 0.0.0.0:10514 0.0.0.0:*
LISTEN
Is there a good way to test this?
I wrote a python script:
import socket
import ssl
import sys
import argparse
import requests
from jinja2 import Template
import os
import json
import time
import logging
import logging.handlers
import traceback
import hashlib
import fcntl
cacert_pem_path = "/rsyslog/protected/ca.pem "
os.environ["REQUESTS_CA_BUNDLE"] = cacert_pem_path
server_url='localhost'
port='10514'
data='test-4-26-2018'
output_type='tcp+tls'
unsecured_client_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
cert_reqs = ssl.CERT_REQUIRED
client_socket =
ssl.wrap_socket(unsecured_client_socket,ca_certs=cacert_pem_path,cert_reqs=cert_reqs,ssl_version=ssl.PROTOCOL_TLSv1_2,ciphers="AES256-SHA256")
client_socket.connect((server_url, port))
client_socket.send(data.encode("utf-8"))
But I'm getting:
Traceback (most recent call last):
File "test.py", line 24, in <module>
client_socket.connect((server_url, port))
File "/usr/lib64/python2.7/ssl.py", line 866, in connect
self._real_connect(addr, False)
File "/usr/lib64/python2.7/ssl.py", line 853, in _real_connect
socket.connect(self, addr)
File "/usr/lib64/python2.7/socket.py", line 228, in meth
return getattr(self._sock,name)(*args)
TypeError: an integer is required
Using openssl: openssl s_client -showcerts -connect localhost:514 got following:
Client Certificate Types: RSA sign, DSA sign
Requested Signature Algorithms: RSA+SHA256:RSA+SHA1:DSA+SHA1
Shared Requested Signature Algorithms: RSA+SHA256:RSA+SHA1:DSA+SHA1
---
SSL handshake has read 2273 bytes and written 659 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : AES256-SHA256
Session-ID: CADF46FEB3066291CA75C441D28D8273871D62B9C8B29D38EE34762E7BD52D9C
Session-ID-ctx:
Master-Key:
879655950BB046125F941917A9996B7EA356228005FB1E19A8E61857BC6270E9C417E6294C46926988B440EAB08F0FAB
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1524780037
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)
---
read:errno=0
Thanks
-----Original Message-----
From: rsyslog <[email protected]> On Behalf Of Li, Mike via
rsyslog
Sent: Thursday, April 26, 2018 9:58 AM
To: Ryan Ward <[email protected]>; rsyslog-users
<[email protected]>
Cc: Li, Mike <[email protected]>
Subject: [EXTERNAL] Re: [rsyslog] Resend: rsyslog v8.x server config with tls
Ryan,
I got following:
Starting system logger: rsyslogd: error during parsing file /etc/rsyslog.conf,
on or before line 67: invalid character '/' in object definition - is there an
invalid escape sequence somewhere? [v8.34.0 try http://www.rsyslog.com/e/2207 ]
rsyslogd: error during parsing file /etc/rsyslog.conf, on or before line 67:
syntax error on token rsyslog' [v8.34.0 try http://www.rsyslog.com/e/2207 ]
rsyslogd: CONFIG ERROR: could not interpret master config file
'/etc/rsyslog.conf'. [v8.34.0 try http://www.rsyslog.com/e/2207 ] rsyslog
startup failure: error reading "fork pipe": No such file or directory with
global( defaultNetstreamDriver="gtls"
defaultNetstreamDriverCAFile /rsyslog/protected/ca.pem
defaultNetstreamDriverCertFile /rsyslog/protected/machine-cert.pem
defaultNetstreamDriverKeyFile /rsyslog/protected/machine-key.pem
)
but when I changed to
global(
defaultNetstreamDriver="gtls"
defaultNetstreamDriverCAFile=”/rsyslog/protected/ca.pem”
defaultNetstreamDriverCertFile=”/rsyslog/protected/machine-cert.pem”
defaultNetstreamDriverKeyFile=”/rsyslog/protected/machine-key.pem”
)
module(
load="imtcp"
StreamDriver.mode="1"
StreamDreiver.authmode="x509/name"
PermittedPeer="*.example.net
[example.net]<https://urldefense.proofpoint.com/v2/url?u=http-3A__example.net&d=DwMFaQ&c=XK1GVu0Y2HvWRiFNJ9Hesw&r=QXMWS0iA1qwbOfy5sZbDJ1AtJyfHKq92dz87pCMZQOU&m=s4YpwkfmAqwEsJiqMSqmlsApJSamAoR3-vRcwrz-1xI&s=g6X85l5Olm7ho4IUiuM45tqdbbIjUtMeMDMqeLoRiHc&e=>"
)
input(
type="imtcp"
port="10514"
)
It worked!
tcp 0 0 0.0.0.0:10514 0.0.0.0:*
LISTEN
I’ll do some testing and see.
Thanks.
Mike
From: Ryan Ward <[email protected]>
Sent: Thursday, April 26, 2018 9:26 AM
To: rsyslog-users <[email protected]>
Cc: David Lang <[email protected]>; Li, Mike <[email protected]>
Subject: [EXTERNAL] Re: [rsyslog] Resend: rsyslog v8.x server config with tls
Have you taken a look at [1] as it shows all the module parameters. I believe
something like below will work global( defaultNetstreamDriver="gtls"
defaultNetstreamDriverCAFile /rsyslog/protected/ca.pem
defaultNetstreamDriverCertFile /rsyslog/protected/machine-cert.pem
defaultNetstreamDriverKeyFile /rsyslog/protected/machine-key.pem
)
module(
load="imtcp"
StreamDriver.mode="1"
StreamDreiver.authmode="x509/name"
PermittedPeer="*.example.net
[example.net]<https://urldefense.proofpoint.com/v2/url?u=http-3A__example.net&d=DwMFaQ&c=XK1GVu0Y2HvWRiFNJ9Hesw&r=QXMWS0iA1qwbOfy5sZbDJ1AtJyfHKq92dz87pCMZQOU&m=s4YpwkfmAqwEsJiqMSqmlsApJSamAoR3-vRcwrz-1xI&s=g6X85l5Olm7ho4IUiuM45tqdbbIjUtMeMDMqeLoRiHc&e=>"
)
input(
type="imtcp"
port="10514"
)
[1] https://www.rsyslog.com/doc/v8-stable/configuration/modules/imtcp.html
[rsyslog.com]<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.rsyslog.com_doc_v8-2Dstable_configuration_modules_imtcp.html&d=DwMFaQ&c=XK1GVu0Y2HvWRiFNJ9Hesw&r=QXMWS0iA1qwbOfy5sZbDJ1AtJyfHKq92dz87pCMZQOU&m=s4YpwkfmAqwEsJiqMSqmlsApJSamAoR3-vRcwrz-1xI&s=MIeavCMVIBR_PQNlUVbRk1ULDls3SQG1i7eT0k7u3Cw&e=>
Thank you,
Ryan Ward
<mailto:email%[email protected]>
[http://www.gliacelltechnologies.com/images/email-logo.png]
GliaCell Technologies
www.gliacelltechnologies.com
[gliacelltechnologies.com]<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.gliacelltechnologies.com&d=DwMFaQ&c=XK1GVu0Y2HvWRiFNJ9Hesw&r=QXMWS0iA1qwbOfy5sZbDJ1AtJyfHKq92dz87pCMZQOU&m=s4YpwkfmAqwEsJiqMSqmlsApJSamAoR3-vRcwrz-1xI&s=gJBg1rRdWtg4fh-eeI92qvN2t2V9FyuPIUMi_9nZAls&e=>
On Thu, Apr 26, 2018 at 8:41 AM, Li, Mike via rsyslog
<[email protected]<mailto:[email protected]>> wrote:
David,
I would like to continue using the input() statements because I changed all the
"template (name, type ), if then { action(), stop}" stanzas to support rsyslog
v8.34 I also using module(load="imudp" SchedulingPolicy="fifo"
SchedulingPriority="5" threads="2" timeRequery="8" batchSize="128") to support
receiving heavy rsyslogs traffic with rsyslog v8
Or will "$template, if then ?; & ~" stanzas still work with rsyslog v 8.34? How
to convert "module(load="imudp" SchedulingPolicy="fifo" SchedulingPriority="5"
threads="2" timeRequery="8" batchSize="128")" in old syntax?
I have following rpms installed
rsyslog-gnutls-8.34.0-2.el6.x86_64
rsyslog-8.34.0-2.el6.x86_64
Could I be directed to the correct information on how to convert following:
# make gtls driver the default
$DefaultNetstreamDriver gtls
# certificate files
$DefaultNetstreamDriverCAFile /rsyslog/protected/ca.pem
$DefaultNetstreamDriverCertFile /rsyslog/protected/machine-cert.pem
$DefaultNetstreamDriverKeyFile /rsyslog/protected/machine-key.pem
$InputTCPServerStreamDriverAuthMode x509/name
$InputTCPServerStreamDriverPermittedPeer *.example.net
[example.net]<https://urldefense.proofpoint.com/v2/url?u=http-3A__example.net&d=DwMFaQ&c=XK1GVu0Y2HvWRiFNJ9Hesw&r=QXMWS0iA1qwbOfy5sZbDJ1AtJyfHKq92dz87pCMZQOU&m=s4YpwkfmAqwEsJiqMSqmlsApJSamAoR3-vRcwrz-1xI&s=g6X85l5Olm7ho4IUiuM45tqdbbIjUtMeMDMqeLoRiHc&e=>
$InputTCPServerStreamDriverMode 1 # run driver in TLS-only mode
$InputTCPServerRun 10514 # start up listener at port 10514
To work on rsyslog v8.34 ?
Thanks
Mike
-----Original Message-----
From: David Lang <[email protected]<mailto:[email protected]>>
Sent: Wednesday, April 25, 2018 8:19 PM
To: Li, Mike via rsyslog
<[email protected]<mailto:[email protected]>>
Cc: Li, Mike <[email protected]<mailto:[email protected]>>
Subject: [EXTERNAL] Re: [rsyslog] Resend: rsyslog v8.x server config with tls
it would be clearer if you could show us a copy of your full config.
But I believe that the problem is that you are mixing old and new syntax in one
of the few ways that rsyslog complains about.
If you have no input() statements, the obsolete multi-line version works
But as soon as you have one new style input() statement, you need to convert
the rest of them over as well.
Confidentiality Notice:: This email, including attachments, may include
non-public, proprietary, confidential or legally privileged information. If
you are not an intended recipient or an authorized agent of an intended
recipient, you are hereby notified that any dissemination, distribution or
copying of the information contained in or transmitted with this e-mail is
unauthorized and strictly prohibited. If you have received this email in
error, please notify the sender by replying to this message and permanently
delete this e-mail, its attachments, and any copies of it immediately. You
should not retain, copy or use this e-mail or any attachment for any purpose,
nor disclose all or any part of the contents to any other person. Thank you.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
[lists.adiscon.net]<https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.adiscon.net_mailman_listinfo_rsyslog&d=DwMFaQ&c=XK1GVu0Y2HvWRiFNJ9Hesw&r=QXMWS0iA1qwbOfy5sZbDJ1AtJyfHKq92dz87pCMZQOU&m=s4YpwkfmAqwEsJiqMSqmlsApJSamAoR3-vRcwrz-1xI&s=DF5T5Y2XloY52Fl8SBt1TBh3ic1__DfS4SApBVL2s9w&e=>
http://www.rsyslog.com/professional-services/
[rsyslog.com]<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.rsyslog.com_professional-2Dservices_&d=DwMFaQ&c=XK1GVu0Y2HvWRiFNJ9Hesw&r=QXMWS0iA1qwbOfy5sZbDJ1AtJyfHKq92dz87pCMZQOU&m=s4YpwkfmAqwEsJiqMSqmlsApJSamAoR3-vRcwrz-1xI&s=fi9JrvJjm4ZnpZJo3NhU93Ul02sh6d-OQ1Qc26Pv9Eo&e=>
What's up with rsyslog? Follow https://twitter.com/rgerhards
[twitter.com]<https://urldefense.proofpoint.com/v2/url?u=https-3A__twitter.com_rgerhards&d=DwMFaQ&c=XK1GVu0Y2HvWRiFNJ9Hesw&r=QXMWS0iA1qwbOfy5sZbDJ1AtJyfHKq92dz87pCMZQOU&m=s4YpwkfmAqwEsJiqMSqmlsApJSamAoR3-vRcwrz-1xI&s=BlWWgRtQdyVYUjGHBJIzfwtAerbY92Jf5lMj8a4wGAg&e=>
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is
a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our
control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
