Yes, it's possible. Worked on that for quite some time last year ;-) Rainer
El lun, 25 abr 2022 a las 7:41, Mariusz Kruk via rsyslog (<rsyslog@lists.adiscon.com>) escribió: > > There were some improvements to TLS handling introduced over several > versions so you'd have to review the changelog and docs. > > But from what I see, the omfwd module supports setting separate TLS > key/cert/cacert per action since 8.2108. > > The imtcp module also supports setting those on a per-input level since > 8.2108. > > So it should work. > > It is always a good idea to do a tcpdump and see how the handshake > progresses and when and where it fails. > > MK > > On 24.04.2022 00:35, Shane via rsyslog wrote: > > Hi I am trying to get rsyslog to receive store/forward messages w/ tls on > > both sides. > > > > client --->tls---> rsyslog --->tls---> remote.something > > > > I got it set up so i could send to the rsyslog server but then i couldn't > > add another ca/cert files. My config was using global and defaultnetstream > > > > I found on rsyslog.com that prior to 8.2202 it couldn't use tls on two > > different source/dest. I found the cent 7 repo and got rsyslog-8.2204 > > installed. Now nothing works. I think i got the config correct but the > > client keeps getting rejected. > > > > Apr 23 17:13:39 rlog rsyslogd[11417]: GnuTLS handshake retry returned > > error: The TLS connection was non-properly terminated. [v8.2204.0 try > > https://www.rsyslog.com/e/2083 ] > > Apr 23 17:13:39 rlog rsyslogd[11417]: netstream session 0x7f6a04013360 from > > 192.168.5.22 will be closed due to error [v8.2204.0 try > > https://www.rsyslog.com/e/2089 ] > > > > So then i tried going to the ossl module. Now its even worse. My config > > is a mess now too. > > > > Does tls on both sides work? > > Do I need the 8.2202+ version? > > Do you have an example config? > > _______________________________________________ > > rsyslog mailing list > > https://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com/professional-services/ > > What's up with rsyslog? Follow https://twitter.com/rgerhards > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T > > LIKE THAT. > _______________________________________________ > rsyslog mailing list > https://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T > LIKE THAT. _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
