Re: [rsyslog] rsyslog 8.29.0 (v8-stable) released
Hi, thank you for the information. This is a bug. At the moment priorityString is only set when rsyslog acts as the client, but not when it acts as the server. Therefore it is always using sslv3.0 regardless what you configure. I will try to fix this. 2017-08-15 20:40 GMT+02:00 Ryan Ward: > Hi I'm interested in the gnutlspriority string for imtcp. Any guidance on > how to set it up? Do you simply add gnutlsprioritystring to the module > statement as an example: > > module(load="imtcp" StreamDriver="1" StreamDriver.authmode="x509/name" > gnutlsprioritystring= > "SECURE128:+VERS-TLS-ALL:-VERS-TLS1.0:-VERS-SSL3.0:+COMP-DEFLATE") > > I see this in debug > rainerscript.c: name: 'gnutlsPriorityString', value > 'SECURE128:+VERS-TLS-ALL:-VERS-TLS1.0:-VERS-SSL3.0:+COMP-DEFLATE' > rainerscript.c nvlstGetParam: name 'gnutlsprioritystring', type 14, > valnode->bUsed 0 > rainerscript.c: gnutlsprioritystring: > 'SECURE128:+VERS-TLS-ALL:-VERS-TLS1.0:-VERS-SSL3.0:+COMP-DEFLATE' > tcpsrv.c stcsrv: gnutlsPriorityString set to > SECURE128:+VERS-TLS-ALL:-VERS-TLS1.0:-VERS-SSL3.0:+COMP-DEFLATE > > I've tried a bunch of different priority strings. With no luck I even put > in thisisatest and didn't receive any gnu error or validation errors. I've > been testing connecting with gnutls-cli passing --priority > "SECURE:-VERS-TLS-ALL:+VERS-SSL3.0:COMP-DEFLATE" and regardless of what I > set in gnutlsprioritystring its connecting with sslv3.0. Am I missing > something? > > Thanks > Ryan > > On Tue, Aug 8, 2017 at 11:32 AM, Florian Riedl wrote: > > > Hi all, > > > > We have released rsyslog 8.29.0. > > > > This release features a number of changes. E.g. imptcp now has an > > experimental parameter for multiline messages, and new statistics > > counters. > > > > Most notably though, is the improved error reporting in the rsyslog > > core and in several modules like imtcp, imptcp, omfwd and the core > > modules. There is also an article available about the > > improved/enhanced error reporting: > > > > https://www.linkedin.com/pulse/improving-rsyslog-debug- > output-jan-gerhards > > > > If you have questions or feedback in relation to the article and/or > > debug output, please let us know or leave a comment below the article. > > > > Other than that, the new version provides quite a number of bugfixes. > > > > For a complete list of changes, fixes and enhancements, please visit > > the ChangeLog. > > > > The packages will follow when they are finished. > > > > ChangeLog: > > > > https://github.com/rsyslog/rsyslog/blob/v8-stable/ChangeLog > > > > Download: > > > > http://www.rsyslog.com/downloads/download-v8-stable/ > > > > As always, feedback is appreciated. > > > > Best regards, > > Florian Riedl > > ___ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com/professional-services/ > > What's up with rsyslog? Follow https://twitter.com/rgerhards > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > > DON'T LIKE THAT. > > > ___ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] rsyslog 8.29.0 (v8-stable) released
Hi I'm interested in the gnutlspriority string for imtcp. Any guidance on how to set it up? Do you simply add gnutlsprioritystring to the module statement as an example: module(load="imtcp" StreamDriver="1" StreamDriver.authmode="x509/name" gnutlsprioritystring= "SECURE128:+VERS-TLS-ALL:-VERS-TLS1.0:-VERS-SSL3.0:+COMP-DEFLATE") I see this in debug rainerscript.c: name: 'gnutlsPriorityString', value 'SECURE128:+VERS-TLS-ALL:-VERS-TLS1.0:-VERS-SSL3.0:+COMP-DEFLATE' rainerscript.c nvlstGetParam: name 'gnutlsprioritystring', type 14, valnode->bUsed 0 rainerscript.c: gnutlsprioritystring: 'SECURE128:+VERS-TLS-ALL:-VERS-TLS1.0:-VERS-SSL3.0:+COMP-DEFLATE' tcpsrv.c stcsrv: gnutlsPriorityString set to SECURE128:+VERS-TLS-ALL:-VERS-TLS1.0:-VERS-SSL3.0:+COMP-DEFLATE I've tried a bunch of different priority strings. With no luck I even put in thisisatest and didn't receive any gnu error or validation errors. I've been testing connecting with gnutls-cli passing --priority "SECURE:-VERS-TLS-ALL:+VERS-SSL3.0:COMP-DEFLATE" and regardless of what I set in gnutlsprioritystring its connecting with sslv3.0. Am I missing something? Thanks Ryan On Tue, Aug 8, 2017 at 11:32 AM, Florian Riedlwrote: > Hi all, > > We have released rsyslog 8.29.0. > > This release features a number of changes. E.g. imptcp now has an > experimental parameter for multiline messages, and new statistics > counters. > > Most notably though, is the improved error reporting in the rsyslog > core and in several modules like imtcp, imptcp, omfwd and the core > modules. There is also an article available about the > improved/enhanced error reporting: > > https://www.linkedin.com/pulse/improving-rsyslog-debug-output-jan-gerhards > > If you have questions or feedback in relation to the article and/or > debug output, please let us know or leave a comment below the article. > > Other than that, the new version provides quite a number of bugfixes. > > For a complete list of changes, fixes and enhancements, please visit > the ChangeLog. > > The packages will follow when they are finished. > > ChangeLog: > > https://github.com/rsyslog/rsyslog/blob/v8-stable/ChangeLog > > Download: > > http://www.rsyslog.com/downloads/download-v8-stable/ > > As always, feedback is appreciated. > > Best regards, > Florian Riedl > ___ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
[rsyslog] rsyslog 8.29.0 (v8-stable) released
Hi all, We have released rsyslog 8.29.0. This release features a number of changes. E.g. imptcp now has an experimental parameter for multiline messages, and new statistics counters. Most notably though, is the improved error reporting in the rsyslog core and in several modules like imtcp, imptcp, omfwd and the core modules. There is also an article available about the improved/enhanced error reporting: https://www.linkedin.com/pulse/improving-rsyslog-debug-output-jan-gerhards If you have questions or feedback in relation to the article and/or debug output, please let us know or leave a comment below the article. Other than that, the new version provides quite a number of bugfixes. For a complete list of changes, fixes and enhancements, please visit the ChangeLog. The packages will follow when they are finished. ChangeLog: https://github.com/rsyslog/rsyslog/blob/v8-stable/ChangeLog Download: http://www.rsyslog.com/downloads/download-v8-stable/ As always, feedback is appreciated. Best regards, Florian Riedl ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.