In your opinion it is possible to apply solution described in this link? https://twitter.com/alistek/status/945731159522267136 <https://twitter.com/alistek/status/945731159522267136>
Maybe work? Thanks in advance! Marco > Il giorno 23 giu 2020, alle ore 18:08, John Chivian via rsyslog > <[email protected]> ha scritto: > > We accomplish this with multiple instances of rsyslog, each with its own > certificate set. > > Regards, > > > On 6/23/20 10:54 AM, David Lang via rsyslog wrote: >> Currently rsyslog does not support more than one encryption setting >> (including certificates). >> >> This is a known issue waiting work (sponsoring work could get this done >> faster) >> >> David Lang >> >> On Tue, 23 Jun 2020, Marco via rsyslog wrote: >> >>> Date: Tue, 23 Jun 2020 13:49:37 +0200 >>> From: Marco via rsyslog <[email protected]> >>> To: [email protected] >>> Cc: Marco <[email protected]> >>> Subject: [rsyslog] Rsyslog receiver and forwarder via multiple certificates >>> >>> Hello, I have a question to ask: >>> >>> I have an rsyslog server that will have to be both a receiver and a >>> transmitter. >>> At the moment my rsyslog send sends the system logs in TLS via the >>> certificate (A) to an rsyslog receiver (A) in TCP. >>> In the future he will have to receive other logs from a client (B) and keep >>> them in local files (all via TLS with another certificate (B)) >>> Furthermore, the logs received from the client (B) must be sent to another >>> client (C) via the certificate (B) >>> >>> I try to make a pattern 🙂 >>> my_RSYSLOG with certificate (A) [send ->] other rsyslog via certificate (A) >>> Client with certificate (B) [send ->] my_RSYSLOG with Certificate (B) >>> my_RSYSLOG with certificate (B) [send ->] other rsyslog client (C) via >>> certificate (B) >>> >>> What is the correct configuration to manage different certificates for log >>> entry and exit? >>> >>> >>> It is correct the following configuration? >>> ACTUAL RSYSLOG.CONF: >>> $ InputTCPServerStreamDriverMode 1 >>> $ InputTCPServerStreamDriverAuthMode anon >>> $ DefaultNetstreamDriver gtls >>> # certificate files >>> $ DefaultNetstreamDriverCAFile /etc/rsyslog-ssl/CAcertificate(A).pem >>> $ DefaultNetstreamDriverCertFile /etc/rsyslog-ssl/certificate(A).pem >>> $ DefaultNetstreamDriverKeyFile /etc/rsyslog-ssl/key(A).pem >>> auth, authpriv. * @@ rsyslog_receiver (A): 1234 >>> ======================================= >>> Hypothesis: (/etc/rsyslog.d/file_receive_and_forward.conf) >>> $ RemoteTCP2001 template, “/ path / to / log / aaaaaa.log” >>> $ RuleSet RemoteTCP2001 >>> *. * -? RemoteTCP2001 >>> $ InputTCPServerBindRuleset RemoteTCP2001 >>> $ InputTCPServerRun 2001 >>> /path/to/log/aaaaaa.log action ( >>> type = “omfwd” >>> queue.type = “LinkedList” >>> action.resumeRetryCount = “- 1” >>> queue.saveOnShutdown = “on” >>> queue.filename = “rsyslog_backup” >>> queue.size = “10000000” >>> queue.dequeueSlowDown = “1000” >>> target = “CLIENT (C)” >>> port = “3001” >>> protocol = “tcp” >>> StreamDriver = “GTLS” >>> StreamDriverMode = “1” >>> StreamDriverAuthMode = “x509 / name” >>> StreamDriverPermittedPeers = “*” >>> tls.cacert = “/ etc / rsyslog-ssl / caCertificate (B) .pem” >>> tls.mycert = “/ etc / rsyslog-ssl / certificate (B) .pem” >>> tls.myprivkey = “/ etc / rsyslog-ssl / key (B) .pem” >>> ) >>> … and so on for the other logs … >>> ======================================= >>> >>> Would such a configuration be correct to send some logs from my rsyslog to >>> the client (C) through the certificate (B)? >>> >>> Thanks in advance for your reply! >>> Marco >>> _______________________________________________ >>> rsyslog mailing list >>> https://lists.adiscon.net/mailman/listinfo/rsyslog >>> http://www.rsyslog.com/professional-services/ >>> What's up with rsyslog? Follow https://twitter.com/rgerhards >>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of >>> sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T >>> LIKE THAT. >> _______________________________________________ >> rsyslog mailing list >> https://lists.adiscon.net/mailman/listinfo/rsyslog >> http://www.rsyslog.com/professional-services/ >> What's up with rsyslog? Follow https://twitter.com/rgerhards >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of >> sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T >> LIKE THAT. > > > _______________________________________________ > rsyslog mailing list > https://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T > LIKE THAT. _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
