This email may contain proprietary information of BAE Systems and/or third parties. Problem solved, school boy error, the sender was not setting local6 whilst the receiver was filtering on local6, hence no messages. Doh! -----Original Message----- From: rsyslog <[email protected]> On Behalf Of Lennon, Sean (UK) via rsyslog Sent: 09 November 2023 11:27 To: rsyslog-users <[email protected]> Cc: Lennon, Sean (UK) <[email protected]> Subject: Re: [rsyslog] Capturing messages before RELP connection established. ----------------------------- PHISHING ALERT ----------------------------- This email has been sent from an account outside of the BAE Systems network. Please treat the email with caution, especially if you are requested to click on a link or open an attachment. For further information on how to spot and report a phishing email please access the Global Intranet, then select <Functions> / <IT>. ------------------------------------------------------------------------------------ This email may contain proprietary information of BAE Systems and/or third parties. I've had a quick play, firstly I used a sender config (in /etc/rsyslogd/) like this to store the generated messages whilst in the un-configured state: ######################### # Un-configured - default ######################### # Store all local6 messages whilst un-configured for later use local6.* /var/log/DefaultConfig.log I've then sent some test messages through to rsyslog and I've observed them being stored in the log file. Next, I switched configs to the one below, but only the messages via imtcp came through, none of the stored messages were observed, I've obviously failed to understand something, can someone shed some light on it please? ######################### # Configured ######################### module(load="omrelp") module(load="imfile") module(load="imtcp") # Receive local6 messages directly from bespoke software input(type="imtcp" port="514" ruleset="local6" ) # Pickup any messages previously stored whilst un-configured input(type="imfile" File="/var/log/DefaultConfig.log" Tag="DefaultConfig.log" ruleset="local6" ) # Send any local6 (imtcp or imfile) messages via RELP/TLS to the receiver. ruleset(name="local6") { action(type="omrelp" target="192.168.0.201" port="20514" tls="on" tls.CaCert.....etc. ) } Cheers, Sean. -----Original Message----- From: rsyslog <[email protected]> On Behalf Of Lennon, Sean (UK) via rsyslog Sent: 07 November 2023 10:52 To: rsyslog-users <[email protected]> Cc: Lennon, Sean (UK) <[email protected]> Subject: [rsyslog] Capturing messages before RELP connection established. ----------------------------- PHISHING ALERT ----------------------------- This email has been sent from an account outside of the BAE Systems network. Please treat the email with caution, especially if you are requested to click on a link or open an attachment. For further information on how to spot and report a phishing email please access the Global Intranet, then select <Functions> / <IT>. ------------------------------------------------------------------------------------ This email may contain proprietary information of BAE Systems and/or third parties. Hi All, I have a setup with two servers communication via RELP/TLS, one a sender the other a receiver. However, during start up the sender will not be aware of the identity of the receiver. This will be established at a later point with the relevant relp.conf (in /etc/rsyslog.d) being created for the sender and the service being restarted. This Until the identity of the receiver is known I would like to capture the desired messages at the sender and then send those messages to the receiver when RELP/TLS is fully establish. Can I establish RELP on the sender without a known destination - will RELP remember the buffered messages after a restart? If not then I assume that I will have to send messages to an interim log file. In that case how can I get the sender to hoover up those stored messages and push them through RELP? Thanks in advance. Sean. ******************************************************************** This email and any attachments are confidential to the intended recipient and may also be privileged. If you are not the intended recipient please delete it from your system and notify the sender. You should not copy it or use it for any purpose nor disclose or distribute its contents to any other person. ******************************************************************** BAE Systems may process information about you that may be subject to data protection laws. For more information about how we use your personal information, how we protect your information, our legal basis for using your information, your rights and who you can contact, please refer to our Privacy Notice at www.baesystems.com/en/privacy _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] Capturing messages before RELP connection established.
Lennon, Sean (UK) via rsyslog Tue, 14 Nov 2023 03:01:52 -0800
- [rsyslog] Capturing messages before RELP con... Lennon, Sean (UK) via rsyslog
- Re: [rsyslog] Capturing messages before... Lennon, Sean (UK) via rsyslog
- Re: [rsyslog] Capturing messages be... Radu Gheorghe via rsyslog
- Re: [rsyslog] Capturing messages be... Lennon, Sean (UK) via rsyslog
