Re: [rsyslog] problems with tls and rsyslog

Sun, 24 Apr 2022 17:15:35 -0700 

v8.2204 was just released with some significant TLS fixes.

David Lang

On Sun, 24 Apr 2022, Derek Atkins via rsyslog wrote:


Date: Sun, 24 Apr 2022 15:42:14 -0400
From: Derek Atkins via rsyslog <rsyslog@lists.adiscon.com>
To: rsyslog-users <rsyslog@lists.adiscon.com>
Cc: Derek Atkins <de...@ihtfp.com>, Shane <s3019...@gmail.com>
Subject: Re: [rsyslog] problems with tls and rsyslog

I would be surprised if this does not work, but I have not (yet) attempted
to configure this.  However it is a configuration that I need, so, I'm
hoping to see an answer.

-derek

On Sat, April 23, 2022 6:35 pm, Shane via rsyslog wrote:

Hi I am trying to get rsyslog to receive store/forward messages w/ tls on
both sides.

client --->tls---> rsyslog --->tls---> remote.something

I got it set up so i could send to the rsyslog server but then i couldn't
add another ca/cert files.  My config was using global and
defaultnetstream

I found on rsyslog.com that prior to 8.2202 it couldn't use tls on two
different source/dest.  I found the cent 7 repo and got rsyslog-8.2204
installed.  Now nothing works.  I think i got the config correct but the
client keeps getting rejected.

Apr 23 17:13:39 rlog rsyslogd[11417]: GnuTLS handshake retry returned
error: The TLS connection was non-properly terminated.  [v8.2204.0 try
https://www.rsyslog.com/e/2083 ]
Apr 23 17:13:39 rlog rsyslogd[11417]: netstream session 0x7f6a04013360
from
192.168.5.22 will be closed due to error [v8.2204.0 try
https://www.rsyslog.com/e/2089 ]

So then i tried going to the ossl module.  Now its even worse.  My config
is a mess now too.

Does tls on both sides work?
Do I need the 8.2202+ version?
Do you have an example config?
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.






_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Reply via email to