Re: [rsyslog] Forward to multiple syslog servers with TLS protocol (multiple sets of CA/cert/key)

[Mariusz Kruk via rsyslog]

RELP also had its share of problems with TLS output until relatively 
recently.

Quoting the docs:
"With librelp 1.7.0, you can use chained certificates. If using 
“openssl” as tls.tlslib, we recommend at least OpenSSL Version 1.1 or 
higher. Chained certificates will also work with OpenSSL Version 1.0.2, 
but they will be loaded into the main OpenSSL context object making them 
available to all librelp instances (omrelp/imrelp) within the same process."

So, in short, in order to use that properly, you need librelp compiled 
with OpenSLL 1.1 which is not the case of - for example - packets for 
CentOS7 (I have to recompile the src.rpms on my own).

On 06.04.2022 07:32, Yury Bushmelev via rsyslog wrote:
Hi!

Another workaround is to use RELP which is able to configure TLS settings
per-action ARAIR.

On Wed, 6 Apr 2022 at 06:12, David Lang via rsyslog <
rsyslog@lists.adiscon.com> wrote:

up until at least very recently this was not possible. There has been work
to
make the connection configuration able to be on a per-connection basis,
but I'm
not sure if that's completed and been merged yet. If it has, it would not
have
hit before about 8.2110 or newer.

This will absolutly require using the new format (not $foo bar followed by
what
it applies to, but action(foo="bar"...) specifying all parameters for that
action)

Rainer would need to comment on the status of that.

the super-ugly work-around would be to forward unencrypted via localhost
or unix
socket to additional instances of rsyslog (one per destination) that would
have
the encryption settings you need.

David Lang

On Tue, 5 Apr 2022, ZHU Joshua via rsyslog wrote:

Hi,
I need to set up syslog forwarding from a single host (source) to
multiple remote syslog servers using the TLS protocol, and
1)      each remote server has its own trusted CA

2)      each forward configuration on the source host has its own
certificate and private key
For example, suppose I need to forward logs to remoteSyslogServer1 and
remoteSyslogServer2, I'd have two sets of CA/cert/key
$DefaultNetstreamDriverCAFile /path/to/remoteSyslogServer1/ca1.pem
$DefaultNetstreamDriverCertFile
/path/to/remoteSyslogServer1/ca1-signed-cert.pem
$DefaultNetstreamDriverKeyFile
/path/to/remoteSyslogServer1/private-key-for-ca1-signed-cert.pem
and

$DefaultNetstreamDriverCAFile /path/to/remoteSyslogServer2/ca2.pem
$DefaultNetstreamDriverCertFile
/path/to/remoteSyslogServer2/ca2-signed-cert.pem
$DefaultNetstreamDriverKeyFile
/path/to/remoteSyslogServer2/private-key-for-ca2-signed-cert.pem
In other words, I need somehow to scope the above directives by the two
remote syslog servers in the source host's rsyslog configuration.
Question: any idea on how this can be done?  or pointers to
documentations explaining how to do this?
Thanks very much,
Joshua

_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.


_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.