Hi All,
I am trying to configure rsyslog between to servers with encryption.
This works when the authmode is 'anon' but not when set to 'x509/name',
and I cannot tell why - google is providing no help.
My client config is:
===========================
#### MODULES ####
$ModLoad imuxsock # provides support for local system logging (e.g. via
logger command)
$ModLoad imklog # provides kernel logging support (previously done by
rklogd)
#$ModLoad immark # provides --MARK-- message capability
# Provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514
# Provides TCP syslog reception
$ModLoad imtcp
#$InputTCPServerRun 514
#### GLOBAL DIRECTIVES ####
# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# File syncing capability is disabled by default. This feature is
usually not required,
# not useful and an extreme performance hit
#$ActionFileEnableSync on
# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf
#### Encryption ####
# make gtls driver the default
$DefaultNetstreamDriver gtls
# certificate files
$DefaultNetstreamDriverCAFile
/etc/grid-security/certificates/UKeScienceCA-2B.pem
$DefaultNetstreamDriverCertFile /etc/grid-security/hostcert.pem
$DefaultNetstreamDriverKeyFile /etc/grid-security/hostkey.pem
#$ModLoad imtcp # load TCP listener
$ActionSendStreamDriverMode 1 # require TLS for the connection
$ActionSendStreamDriverAuthMode x509/name
$ActionSendStreamDriverPermittedPeer central.log.server
*.* @@(o)central.log.server:10514 # send (all) messages
###Rules####
#Standard rules, no need to paste here
==================
and the central log servers config is:
===================
# rsyslog v5 configuration file
# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see
http://www.rsyslog.com/doc/troubleshoot.html
#### MODULES ####
$ModLoad imuxsock # provides support for local system logging (e.g. via
logger command)
$ModLoad imklog # provides kernel logging support (previously done by
rklogd)
#$ModLoad immark # provides --MARK-- message capability
# Provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514
# Provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514
#### GLOBAL DIRECTIVES ####
# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# File syncing capability is disabled by default. This feature is
usually not required,
# not useful and an extreme performance hit
#$ActionFileEnableSync on
# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf
#### Encryption ####
# make gtls driver the default
$DefaultNetstreamDriver gtls
# certificate files
$DefaultNetstreamDriverCAFile
/etc/grid-security/certificates/UKeScienceCA-2B.pem
$DefaultNetstreamDriverCertFile /etc/grid-security/hostcert.pem
$DefaultNetstreamDriverKeyFile /etc/grid-security/hostkey.pem
$ModLoad imtcp # load TCP listener
$InputTCPServerRun 10514 # start up listener at port 10514
$InputTCPServerStreamDriverMode 1 # run driver in TLS-only mode
$InputTCPServerStreamDriverAuthMode x509/name # client is authenticated
$InputTCPServerStreamDriverPermittedPeer *.local.domain
#### RULES ####
#Standard rules, no need to paste here
============================
rsyslog starts fine on the central log server, but on the client I get
the following written to messages:
============================
rsyslogd-2040: can not read file '/etc/grid-security/hostcert.pem' [try
http://www.rsyslog.com/e/2040 ]
============================
Any suggestions or help?
Robin.
