Hi Eero, I found this page: http://www.sebdangerfield.me.uk/2011/12/setting-up-a-centralised-syslog-server-in-the-cloud/ which suggests that: There is a good chance you’ve got the $InputTCPServerRun and $InputTCPServerStreamDriverMode directives in the wrong order, the $InputTCPServerRun should come last.
Then I got the error messages that the peer was not permitted to talk to the server. It looks like the order of commands is very specific and needs to be: $InputTCPServerStreamDriverAuthMode x509/name $InputTCPServerStreamDriverPermittedPeer *.example.net $InputTCPServerStreamDriverMode 1 # run driver in TLS-only mode $InputTCPServerRun 10514 # start up listener at port 10514 It seems to all be working now. Do you know the selinux magic that I need to perform on the certificates so that it works without disabling selinux? Thanks for all the help, Robin. ________________________________________ From: [email protected] [[email protected]] on behalf of Eero Volotinen [[email protected]] Sent: 22 July 2014 18:01 To: Robin Eamonn Long Cc: Scientific Linux Users Subject: Re: Encrypted rsyslog 2014-07-22 18:58 GMT+03:00 Robin Long <[email protected]<mailto:[email protected]>>: Hi Eero, I set selinux to permissive as you suggested and the error went away. However, the logs on the remote server now look like this: Jul 22 16:54:54 client.server #026#003#002#000V#001#000#000R#003#002SΊz<82>#002<CE><E7>-#021<A5>L<B6>j<A7>@<BB>#024X<E3><DB>|<FP <B6>P<96><F4>N<A3>W#000#000$#0003#000E#0009#000<88>#000#026#0002#000D#0008#000<87>#000#023#000f#000/#000A#0005#000<84> Usually something wrong with certificates, it's a bit hard to debug. try regeneration of all certificates including the ca. -- Eero
