2014-07-22 22:01 GMT+03:00 Robin Eamonn Long <[email protected]>: > Hi Eero, > > I found this page: > http://www.sebdangerfield.me.uk/2011/12/setting-up-a-centralised-syslog-server-in-the-cloud/ > which suggests that: > There is a good chance you’ve got the $InputTCPServerRun and > $InputTCPServerStreamDriverMode directives in the wrong order, the > $InputTCPServerRun should come last. > > Then I got the error messages that the peer was not permitted to talk to > the server. It looks like the order of commands is very specific and needs > to be: > > $InputTCPServerStreamDriverAuthMode x509/name > $InputTCPServerStreamDriverPermittedPeer *.example.net > $InputTCPServerStreamDriverMode 1 # run driver in TLS-only mode > $InputTCPServerRun 10514 # start up listener at port 10514 > > It seems to all be working now. > > Do you know the selinux magic that I need to perform on the certificates > so that it works without disabling selinux? >
You need to set correct fcontext to files (see man semanage) and semanage fcontext -l (to list defined context) and then restorecon -Rv /path/to/directory -- Eero
