Hi, thanks to all for the replies to my question, they are very helpful. Joshua
-----Original Message----- From: rsyslog <rsyslog-boun...@lists.adiscon.com> On Behalf Of Rainer Gerhards via rsyslog Sent: Wednesday, April 6, 2022 4:10 AM To: David Lang <da...@lang.hm> Cc: Rainer Gerhards <rgerha...@hq.adiscon.com>; rsyslog-users <rsyslog@lists.adiscon.com> Subject: Re: [rsyslog] Forward to multiple syslog servers with TLS protocol (multiple sets of CA/cert/key) Yes. It's in the current doc. Base thing is that the once global params are now also supported in the individual actions and inputs. Global ones are still default! Rainer Sent from phone, thus brief. David Lang <da...@lang.hm> schrieb am Mi., 6. Apr. 2022, 10:44: > am I correct in thinking that things need to be set in the new format > with > action() and input() and that multiple instances of the old format (as > in the original email below) will not work? > > David Lang > > On Wed, 6 Apr 2022, Rainer Gerhards wrote: > > > Date: Wed, 6 Apr 2022 10:01:35 +0200 > > From: Rainer Gerhards <rgerha...@hq.adiscon.com> > > To: rsyslog-users <rsyslog@lists.adiscon.com> > > Cc: David Lang <da...@lang.hm> > > Subject: Re: [rsyslog] Forward to multiple syslog servers with TLS > protocol > > (multiple sets of CA/cert/key) > > > > Yes, it's in. I think for roughly a year now. > > > > Rainer > > > > Sent from phone, thus brief. > > > > David Lang via rsyslog <rsyslog@lists.adiscon.com> schrieb am Mi., 6. > Apr. > > 2022, 00:12: > > > >> up until at least very recently this was not possible. There has > >> been > work > >> to > >> make the connection configuration able to be on a per-connection > >> basis, but I'm not sure if that's completed and been merged yet. If > >> it has, it would > not > >> have > >> hit before about 8.2110 or newer. > >> > >> This will absolutly require using the new format (not $foo bar > >> followed > by > >> what > >> it applies to, but action(foo="bar"...) specifying all parameters > >> for > that > >> action) > >> > >> Rainer would need to comment on the status of that. > >> > >> the super-ugly work-around would be to forward unencrypted via > >> localhost or unix socket to additional instances of rsyslog (one > >> per destination) that > would > >> have > >> the encryption settings you need. > >> > >> David Lang > >> > >> On Tue, 5 Apr 2022, ZHU Joshua via rsyslog wrote: > >> > >>> Hi, > >>> I need to set up syslog forwarding from a single host (source) to > >> multiple remote syslog servers using the TLS protocol, and > >>> > >>> 1) each remote server has its own trusted CA > >>> > >>> 2) each forward configuration on the source host has its own > >> certificate and private key > >>> > >>> For example, suppose I need to forward logs to remoteSyslogServer1 > >>> and > >> remoteSyslogServer2, I'd have two sets of CA/cert/key > >>> > >>> $DefaultNetstreamDriverCAFile /path/to/remoteSyslogServer1/ca1.pem > >>> $DefaultNetstreamDriverCertFile > >> /path/to/remoteSyslogServer1/ca1-signed-cert.pem > >>> $DefaultNetstreamDriverKeyFile > >> /path/to/remoteSyslogServer1/private-key-for-ca1-signed-cert.pem > >>> > >>> and > >>> > >>> $DefaultNetstreamDriverCAFile /path/to/remoteSyslogServer2/ca2.pem > >>> $DefaultNetstreamDriverCertFile > >> /path/to/remoteSyslogServer2/ca2-signed-cert.pem > >>> $DefaultNetstreamDriverKeyFile > >> /path/to/remoteSyslogServer2/private-key-for-ca2-signed-cert.pem > >>> > >>> In other words, I need somehow to scope the above directives by > >>> the two > >> remote syslog servers in the source host's rsyslog configuration. > >>> > >>> Question: any idea on how this can be done? or pointers to > >> documentations explaining how to do this? > >>> > >>> Thanks very much, > >>> Joshua > >>> > >>> _______________________________________________ > >>> rsyslog mailing list > >>> https://lists.adiscon.net/mailman/listinfo/rsyslog > >>> http://www.rsyslog.com/professional-services/ > >>> What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE > >>> WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a > myriad > >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if > >> you DON'T LIKE THAT. > >>> > >> _______________________________________________ > >> rsyslog mailing list > >> https://lists.adiscon.net/mailman/listinfo/rsyslog > >> http://www.rsyslog.com/professional-services/ > >> What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE > >> WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if > >> you DON'T LIKE THAT. > >> > > > _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
