ping.... Any idea anyone? On Sun, Aug 6, 2017 at 6:15 PM, Yarden Bar <ayash.jor...@gmail.com> wrote:
> Hi all, > > I'm looking for a way to configure a log relay which provides: > > 1. TCP input with TLS enabled > 2. TCP output to a TLS enabled endpoint. > > This issue is somewhat similar but different to #1688 > <https://github.com/rsyslog/rsyslog/issues/1688> > > Example config: > > #### Global ##### > global( > # My CA pem file that signes rsyslog machine and MyOtherClient machine > # This file contains a concatenation of my CA pem and > *.tls.enabled.endpoint.com pem > defaultNetstreamDriverCAFile="/ssl/ca.pem" > defaultNetstreamDriverKeyFile="/ssl/rsyslog.key" > defaultNetstreamDriverCertFile="/ssl/rsyslog.pem" > debug.gnutls="3" > ) > #### Modules #### > module(load="omstdout") > module(load="imtcp" > streamdriver.name="gtls" > streamdriver.mode="1" > streamdriver.authmode="x509/name" > PermittedPeer=["*.rsyslog.local","*.tls.enabled.endpoint.com"] > ) > > #### LISTENERS #### > input(type="imtcp" port="514" name="tls-input") > > #### OUTPUTS #### > *.* :omstdout: > > template(name="TEMPLATE_NAME" > type="string" > string="TEMPLATE_FORMAT" > ) > *.* action(type="omfwd" > Protocol="tcp" > Target="listener.tls.enabled.endpoint.com" > Port="5001" > StreamDriver="gtls" > StreamDriverMode="1" > StreamDriverAuthMode="x509/name" > StreamDriverPermittedPeers="*.tls.enabled.endpoint.com" > template="TEMPLATE_NAME" > ) > > This issue also tracked in #1702 > <https://github.com/rsyslog/rsyslog/issues/1702> > > When I enable wither the TLS input *OR* omfwd to TLS endpoint, it works. > but when I try to enable both, i can send a message to the rsyslog process, > but it doesn't relay the message to the TLS output endpoint. > > I believe this can benefit the community. > > Best, > Yarden > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.