Currently rsyslog does not support more than one encryption setting (including
certificates).
This is a known issue waiting work (sponsoring work could get this done faster)
David Lang
On Tue, 23 Jun 2020, Marco via rsyslog wrote:
Date: Tue, 23 Jun 2020 13:49:37 +0200
From: Marco via rsyslog <[email protected]>
To: [email protected]
Cc: Marco <[email protected]>
Subject: [rsyslog] Rsyslog receiver and forwarder via multiple certificates
Hello,
I have a question to ask:
I have an rsyslog server that will have to be both a receiver and a transmitter.
At the moment my rsyslog send sends the system logs in TLS via the certificate
(A) to an rsyslog receiver (A) in TCP.
In the future he will have to receive other logs from a client (B) and keep
them in local files (all via TLS with another certificate (B))
Furthermore, the logs received from the client (B) must be sent to another
client (C) via the certificate (B)
I try to make a pattern 🙂
my_RSYSLOG with certificate (A) [send ->] other rsyslog via certificate (A)
Client with certificate (B) [send ->] my_RSYSLOG with Certificate (B)
my_RSYSLOG with certificate (B) [send ->] other rsyslog client (C) via
certificate (B)
What is the correct configuration to manage different certificates for log
entry and exit?
It is correct the following configuration?
ACTUAL RSYSLOG.CONF:
$ InputTCPServerStreamDriverMode 1
$ InputTCPServerStreamDriverAuthMode anon
$ DefaultNetstreamDriver gtls
# certificate files
$ DefaultNetstreamDriverCAFile /etc/rsyslog-ssl/CAcertificate(A).pem
$ DefaultNetstreamDriverCertFile /etc/rsyslog-ssl/certificate(A).pem
$ DefaultNetstreamDriverKeyFile /etc/rsyslog-ssl/key(A).pem
auth, authpriv. * @@ rsyslog_receiver (A): 1234
=======================================
Hypothesis: (/etc/rsyslog.d/file_receive_and_forward.conf)
$ RemoteTCP2001 template, “/ path / to / log / aaaaaa.log”
$ RuleSet RemoteTCP2001
*. * -? RemoteTCP2001
$ InputTCPServerBindRuleset RemoteTCP2001
$ InputTCPServerRun 2001
/path/to/log/aaaaaa.log action (
type = “omfwd”
queue.type = “LinkedList”
action.resumeRetryCount = “- 1”
queue.saveOnShutdown = “on”
queue.filename = “rsyslog_backup”
queue.size = “10000000”
queue.dequeueSlowDown = “1000”
target = “CLIENT (C)”
port = “3001”
protocol = “tcp”
StreamDriver = “GTLS”
StreamDriverMode = “1”
StreamDriverAuthMode = “x509 / name”
StreamDriverPermittedPeers = “*”
tls.cacert = “/ etc / rsyslog-ssl / caCertificate (B) .pem”
tls.mycert = “/ etc / rsyslog-ssl / certificate (B) .pem”
tls.myprivkey = “/ etc / rsyslog-ssl / key (B) .pem”
)
… and so on for the other logs …
=======================================
Would such a configuration be correct to send some logs from my rsyslog to the
client (C) through the certificate (B)?
Thanks in advance for your reply!
Marco
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
