For imtcp you must set the certificates through the $DefaultNetstremDriver options as you have set them in file 1.
In imrelp you can then set the different certificates in the module parameters. See: https://www.rsyslog.com/doc/v8-stable/configuration/modules/imrelp.html?highlight=TLS If I remember correctly, this stems from the requirement to have different sets of certificates for both modules, which was not required before imrelp got TLS support. But, the way it is set in imrelp did not find its way into imtcp, because this is a) quite some effort to rewrite the code, b) there is no hard requirement to do that because it works, c) nobody said "I want it this way and I am willing to sponsor the changes" and d) nobody said "here I made the changes so it works like this and that, please review and add my pullrequest". I hope this helps. Florian Am Fr., 26. Okt. 2018 um 10:15 Uhr schrieb Peter Viskup via rsyslog < [email protected]>: > Show the final config you are trying to run. > > It could be related to $DefaultNetstreamDriver* options which should > be mentioned only once. > > https://www.rsyslog.com/doc/v8-stable/rainerscript/global.html?highlight=defaultnetstreamdriver > > In case it is needed, you can copy systemd rsyslog.service file and > create new for second instance (both running different certs). > > http://rsyslog-users.1305293.n2.nabble.com/Mix-of-GTLS-and-PTCP-listeners-running-same-instance-td7591434.html#a7591445 > > Peter > On Thu, Oct 25, 2018 at 11:22 PM Rory Toma via rsyslog > <[email protected]> wrote: > > > > I have two separate files that work just fine. I have not been able to > > successfully combine them. No matter what I try, I keep getting tls > > errors, because one or the other is using wrong certs. Can anyone help > here? > > > > file1: > > $DefaultNetstreamDriver gtls > > > > # certificate files > > $DefaultNetstreamDriverCAFile /opt/rsyslog/certs/ca.pem > > $DefaultNetstreamDriverCertFile /opt/rsyslog/certs/cert.pem > > $DefaultNetstreamDriverKeyFile /opt/rsyslog/certs/key.pem > > > > $MaxOpenFiles 100000 > > > > module(load="imtcp" MaxSessions="65534" StreamDriver.Mode="1" > > StreamDriver.AuthMode="anon") # load TCP listener > > > > $WorkDirectory /export/rsyslog > > $ActionQueueType LinkedList > > $ActionQueueFileName srvrfwd > > $ActionResumeRetryCount -1 > > $ActionQueueSaveOnShutdown on > > > > ruleset(name="remote"){ > > *.* @@10.66.13.148:8514 > > } > > > > $InputTCPServerBindRuleset remote > > $InputTCPServerRun 110 > > > > > > file2: > > $DefaultNetstreamDriver gtls > > $DefaultNetStreamDriverCAFile /opt/rsyslog/certs/relp/ca.pem > > $DefaultNetStreamDriverCertFile /opt/rsyslog/certs/relp/cert.pem > > $DefaultNetStreamDriverKeyFile /opt/rsyslog/certs/relp/key.pem > > > > $WorkDirectory /export/rsyslog > > $ActionQueueType LinkedList > > $ActionQueueFileName srvrfws > > $ActionResumeRetryCount -1 > > $ActionQueueSaveOnShutdown on > > > > module(load="imrelp" ruleset="relp") > > > > input(type="imrelp" port="114" tls="on" tls.compression="on" > > tls.authmode="fingerprint" ) > > > > ruleset(name="relp") { > > *.* @@10.66.13.148:8514 > > } > > _______________________________________________ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com/professional-services/ > > What's up with rsyslog? Follow https://twitter.com/rgerhards > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
