We accomplish this with multiple instances of rsyslog, each with its own
certificate set.
Regards,
On 6/23/20 10:54 AM, David Lang via rsyslog wrote:
Currently rsyslog does not support more than one encryption setting
(including certificates).
This is a known issue waiting work (sponsoring work could get this
done faster)
David Lang
On Tue, 23 Jun 2020, Marco via rsyslog wrote:
Date: Tue, 23 Jun 2020 13:49:37 +0200
From: Marco via rsyslog <[email protected]>
To: [email protected]
Cc: Marco <[email protected]>
Subject: [rsyslog] Rsyslog receiver and forwarder via multiple
certificates
Hello, I have a question to ask:
I have an rsyslog server that will have to be both a receiver and a
transmitter.
At the moment my rsyslog send sends the system logs in TLS via the
certificate (A) to an rsyslog receiver (A) in TCP.
In the future he will have to receive other logs from a client (B)
and keep them in local files (all via TLS with another certificate (B))
Furthermore, the logs received from the client (B) must be sent to
another client (C) via the certificate (B)
I try to make a pattern 🙂
my_RSYSLOG with certificate (A) [send ->] other rsyslog via
certificate (A)
Client with certificate (B) [send ->] my_RSYSLOG with Certificate (B)
my_RSYSLOG with certificate (B) [send ->] other rsyslog client (C)
via certificate (B)
What is the correct configuration to manage different certificates
for log entry and exit?
It is correct the following configuration?
ACTUAL RSYSLOG.CONF:
$ InputTCPServerStreamDriverMode 1
$ InputTCPServerStreamDriverAuthMode anon
$ DefaultNetstreamDriver gtls
# certificate files
$ DefaultNetstreamDriverCAFile /etc/rsyslog-ssl/CAcertificate(A).pem
$ DefaultNetstreamDriverCertFile /etc/rsyslog-ssl/certificate(A).pem
$ DefaultNetstreamDriverKeyFile /etc/rsyslog-ssl/key(A).pem
auth, authpriv. * @@ rsyslog_receiver (A): 1234
=======================================
Hypothesis: (/etc/rsyslog.d/file_receive_and_forward.conf)
$ RemoteTCP2001 template, “/ path / to / log / aaaaaa.log”
$ RuleSet RemoteTCP2001
*. * -? RemoteTCP2001
$ InputTCPServerBindRuleset RemoteTCP2001
$ InputTCPServerRun 2001
/path/to/log/aaaaaa.log action (
type = “omfwd”
queue.type = “LinkedList”
action.resumeRetryCount = “- 1”
queue.saveOnShutdown = “on”
queue.filename = “rsyslog_backup”
queue.size = “10000000”
queue.dequeueSlowDown = “1000”
target = “CLIENT (C)”
port = “3001”
protocol = “tcp”
StreamDriver = “GTLS”
StreamDriverMode = “1”
StreamDriverAuthMode = “x509 / name”
StreamDriverPermittedPeers = “*”
tls.cacert = “/ etc / rsyslog-ssl / caCertificate (B) .pem”
tls.mycert = “/ etc / rsyslog-ssl / certificate (B) .pem”
tls.myprivkey = “/ etc / rsyslog-ssl / key (B) .pem”
)
… and so on for the other logs …
=======================================
Would such a configuration be correct to send some logs from my
rsyslog to the client (C) through the certificate (B)?
Thanks in advance for your reply!
Marco
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT
POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST
if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
