Re: [rsyslog] TLS enabled TCP input and output - 8.9.0 - Alpine linux

2017-08-10 Thread Yarden Bar via rsyslog 
ping
Any idea anyone?

On Sun, Aug 6, 2017 at 6:15 PM, Yarden Bar  wrote:

> Hi all,
>
> I'm looking for a way to configure a log relay which provides:
>
>1. TCP input with TLS enabled
>2. TCP output to a TLS enabled endpoint.
>
> This issue is somewhat similar but different to #1688
> 
>
> Example config:
>
>  Global #
> global(
> # My CA pem file that signes rsyslog machine and MyOtherClient machine
> # This file contains a concatenation of my CA pem and 
> *.tls.enabled.endpoint.com pem
> defaultNetstreamDriverCAFile="/ssl/ca.pem"
> defaultNetstreamDriverKeyFile="/ssl/rsyslog.key"
> defaultNetstreamDriverCertFile="/ssl/rsyslog.pem"
> debug.gnutls="3"
> )
>  Modules 
> module(load="omstdout")
> module(load="imtcp"
> streamdriver.name="gtls"
> streamdriver.mode="1"
> streamdriver.authmode="x509/name"
> PermittedPeer=["*.rsyslog.local","*.tls.enabled.endpoint.com"]
> )
>
>  LISTENERS 
> input(type="imtcp" port="514" name="tls-input")
>
>  OUTPUTS 
> *.* :omstdout:
>
> template(name="TEMPLATE_NAME"
> type="string"
> string="TEMPLATE_FORMAT"
> )
> *.* action(type="omfwd"
> Protocol="tcp"
> Target="listener.tls.enabled.endpoint.com"
> Port="5001"
> StreamDriver="gtls"
> StreamDriverMode="1"
> StreamDriverAuthMode="x509/name"
> StreamDriverPermittedPeers="*.tls.enabled.endpoint.com"
> template="TEMPLATE_NAME"
> )
>
> This issue also tracked in #1702
> 
>
> When I enable wither the TLS input *OR* omfwd to TLS endpoint, it works.
> but when I try to enable both, i can send a message to the rsyslog process,
> but it doesn't relay the message to the TLS output endpoint.
>
> I believe this can benefit the community.
>
> Best,
> Yarden
>
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

[rsyslog] TLS enabled TCP input and output - 8.9.0 - Alpine linux

2017-08-06 Thread Yarden Bar via rsyslog 
Hi all,

I'm looking for a way to configure a log relay which provides:

   1. TCP input with TLS enabled
   2. TCP output to a TLS enabled endpoint.

This issue is somewhat similar but different to #1688


Example config:

 Global #
global(
# My CA pem file that signes rsyslog machine and MyOtherClient machine
# This file contains a concatenation of my CA pem and
*.tls.enabled.endpoint.com pem
defaultNetstreamDriverCAFile="/ssl/ca.pem"
defaultNetstreamDriverKeyFile="/ssl/rsyslog.key"
defaultNetstreamDriverCertFile="/ssl/rsyslog.pem"
debug.gnutls="3"
)
 Modules 
module(load="omstdout")
module(load="imtcp"
streamdriver.name="gtls"
streamdriver.mode="1"
streamdriver.authmode="x509/name"
PermittedPeer=["*.rsyslog.local","*.tls.enabled.endpoint.com"]
)

 LISTENERS 
input(type="imtcp" port="514" name="tls-input")

 OUTPUTS 
*.* :omstdout:

template(name="TEMPLATE_NAME"
type="string"
string="TEMPLATE_FORMAT"
)
*.* action(type="omfwd"
Protocol="tcp"
Target="listener.tls.enabled.endpoint.com"
Port="5001"
StreamDriver="gtls"
StreamDriverMode="1"
StreamDriverAuthMode="x509/name"
StreamDriverPermittedPeers="*.tls.enabled.endpoint.com"
template="TEMPLATE_NAME"
)

This issue also tracked in #1702


When I enable wither the TLS input *OR* omfwd to TLS endpoint, it works.
but when I try to enable both, i can send a message to the rsyslog process,
but it doesn't relay the message to the TLS output endpoint.

I believe this can benefit the community.

Best,
Yarden
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.