Hi Flo, This won't work over here, yet
Got a RELP peer authentication failed. Also we have multiple FQDNs for each host that resolve round robin, so the FQDN changes each time, which won't help. Don't ask me why... rsyslogd: imrelp[2514]: error 'TLS record write failed [gnutls error -10: The specified session has been invalidated for some reason.]', object 'lstn 2514: conn to clt 10.1.1.1/s24.oob.be.zzz.bbb.local' - input may not work as intended [v8.39.0 try http://www.rsyslog.com/e/2353 ] Thanks anyway. I'll try modifying it. Best wishes, Sophie Team mailbox : [email protected] or direct [email protected] From: Flo Rance [mailto:[email protected]] Sent: Thursday, December 06, 2018 11:40 AM To: LOEWENTHAL Sophie Cc: rsyslog-users Subject: Re: [rsyslog] rsyslog RELP and TLS - creating the certificates Hi, I've never used relp, with or without tls, but this is what I've used to create certificates to secure our DB connections. Let me know if this works for you with rsyslog. Regards, Flo On Wed, Dec 5, 2018 at 4:32 PM [email protected] <[email protected]> wrote: Hi Flo, I tried a few times from scratch and could not get it to work. The certtool output is different along with the defaults. From: Flo Rance [mailto:[email protected]] Sent: Wednesday, December 05, 2018 4:06 PM To: rsyslog-users Cc: LOEWENTHAL Sophie Subject: Re: [rsyslog] rsyslog RELP and TLS - creating the certificates Hi, What's wrong with this guide https://www.rsyslog.com/using-tls-with-relp/ ? The commands used in it still apply nowadays. Regards, Flo On Wed, Dec 5, 2018 at 12:52 PM sophie.loewenthal--- via rsyslog <[email protected]> wrote: Hi, One and off for a few months I've been trying toget TLS working with RELP. I've set up so many certificates for client and servers, and never managed to them to talk. Frankly, with all the hundreds of options in openssl/certtool and that the default values and order of questions that change depending on the version and O/S used, it's bound to god wrong. For example: this guide from 2013 doesn't work https://www.rsyslog.com/using-tls-with-relp I know that lots of people setting TLS up in rsyslog will be creating certificates daily, and they know OpenSSL pretty well , but I do not: I create a certificate once every six months, if this. Are there any recent guides to setting this up? Particularly for the part for creating CA/server/client certificates. The actual omrelp/imrelp part is quite straight forward. Best wishes, Sophie This message and any attachments (the "message") is intended solely for the intended addressees and is confidential. If you receive this message in error,or are not the intended recipient(s), please delete it and any copies from your systems and immediately notify the sender. Any unauthorized view, use that does not comply with its purpose, dissemination or disclosure, either whole or partial, is prohibited. Since the internet cannot guarantee the integrity of this message which may not be reliable, BNP PARIBAS (and its subsidiaries) shall not be liable for the message if modified, changed or falsified. Do not print this message unless it is necessary, consider the environment. ---------------------------------------------------------------------------------------------------------------------------------- Ce message et toutes les pieces jointes (ci-apres le "message") sont etablis a l'intention exclusive de ses destinataires et sont confidentiels. Si vous recevez ce message par erreur ou s'il ne vous est pas destine, merci de le detruire ainsi que toute copie de votre systeme et d'en avertir immediatement l'expediteur. Toute lecture non autorisee, toute utilisation de ce message qui n'est pas conforme a sa destination, toute diffusion ou toute publication, totale ou partielle, est interdite. L'Internet ne permettant pas d'assurer l'integrite de ce message electronique susceptible d'alteration, BNP Paribas (et ses filiales) decline(nt) toute responsabilite au titre de ce message dans l'hypothese ou il aurait ete modifie, deforme ou falsifie. N'imprimez ce message que si necessaire, pensez a l'environnement. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
