[rsyslog] Fwd: Disable Client Certificate Request

Tue, 17 May 2022 08:46:05 -0700 

Hi everybody,
I am trying to get a Synology NAS to send its internal logs to a VM running rsyslog via TCP and TLS. The transmission works fine using UDP but once I enable encryption in the Synology, I am getting a (not very helpful) error message (see attached). 


Eventually I recorded the traffic with tcpdump on the VM running rsyslog 
and I see the a repeating pattern (second attachment).



As you can see, the connection is reset after an internal error by the 
Synology box which happens right after the server HELLO. To me it looks 
like the rsyslog server is doing a certificate request for client auth 
but that is not supported by the Synology and so it crashes (I can only 
upload a CA to verify the server certificate but not a client cert).



How can I disable this behavior? I am using StreamDriver.Authmode="anon" 
which should disable the client certificate request.


Please find attached the rsyslog.conf in question.
Thank you very much in advance

OS: Fedora 35
Packages:
rsyslog.x86_64 8.2204.0-1.fc35 @updates-testing
rsyslog-gnutls.x86_64 8.2204.0-1.fc35 @updates-testing
rsyslog-openssl.x86_64 8.2204.0-1.fc35 @updates-testing

# rsyslog configuration file

# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# or latest version online at http://www.rsyslog.com/doc/rsyslog_conf.html 
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html

#### GLOBAL DIRECTIVES ####

# Where to place auxiliary files
global(workDirectory="/var/lib/rsyslog")

#### MODULES ####

# Use default timestamp format
module(load="builtin:omfile" Template="RSYSLOG_TraditionalFileFormat")

module(load="imuxsock"    # provides support for local system logging (e.g. via 
logger command)
       SysSock.Use="off") # Turn off message reception via local log socket; 
                          # local messages are retrieved through imjournal now.
module(load="imjournal"             # provides access to the systemd journal
       StateFile="imjournal.state") # File to store the position in the journal

# Include all config files in /etc/rsyslog.d/
include(file="/etc/rsyslog.d/*.conf" mode="optional")

#module(load="imklog") # reads kernel messages (the same are read from journald)
#module(load="immark") # provides --MARK-- message capability

# Provides UDP syslog reception
# for parameters see http://www.rsyslog.com/doc/imudp.html
#module(load="imudp") # needs to be done just once
#input(type="imudp" port="514")


global(
        DefaultNetstreamDriver="gtls"

        DefaultNetstreamDriverCAFile="/home/user/ca.pem"
        DefaultNetstreamDriverCertFile="/home/user/cert.pem"
        DefaultNetstreamDriverKeyFile="/home/user/key.pem"
)


# Provides TCP syslog reception
# for parameters see http://www.rsyslog.com/doc/imtcp.html
module(load="imtcp" # needs to be done just once
        StreamDriver.Name="gtls"
        StreamDriver.Mode="1"
        StreamDriver.Authmode="anon")
input(type="imtcp" port="1515")

#### RULES ####

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                 /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none                /var/log/messages

# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

# Log all the mail messages in one place.
mail.*                                                  -/var/log/maillog


# Log cron stuff
cron.*                                                  /var/log/cron

# Everybody gets emergency messages
*.emerg                                                 :omusrmsg:*

# Save news errors of level crit and higher in a special file.
uucp,news.crit                                          /var/log/spooler

# Save boot messages also to boot.log
local7.*                                                /var/log/boot.log


# ### sample forwarding rule ###
#action(type="omfwd"  
# # An on-disk queue is created for this action. If the remote host is
# # down, messages are spooled to disk and sent when it is up again.
#queue.filename="fwdRule1"       # unique name prefix for spool files
#queue.maxdiskspace="1g"         # 1gb space limit (use as much as possible)
#queue.saveonshutdown="on"       # save messages to disk on shutdown
#queue.type="LinkedList"         # run asynchronously
#action.resumeRetryCount="-1"    # infinite retries if host is down
# # Remote Logging (we use TCP for reliable delivery)
# # remote_host is: name/ip, e.g. 192.168.0.1, port optional e.g. 10514
#Target="remote_host" Port="XXX" Protocol="tcp")

action(type="omfwd" target="127.0.0.1" protocol="tcp" port="1514" 
Template="RSYSLOG_SyslogProtocol23Format" TCP_Framing="octet-counted" 
StreamDriver="gtls" StreamDriverMode="1" StreamDriverAuthMode="anon")

_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.





















					Reply via email to