Thank you. I spent almost an hour googling and didn't find that!! *sigh* -derek
On Tue, May 17, 2022 4:12 pm, Rainer Gerhards wrote: > https://www.rsyslog.com/doc/v8-stable/configuration/modules/imtcp.html > > https://www.rsyslog.com/doc/v8-stable/configuration/modules/omfwd.html > > HTH > Rainer > > Sent from phone, thus brief. > > Derek Atkins <de...@ihtfp.com> schrieb am Di., 17. Mai 2022, 22:01: > >> Hi, >> >> Are there docs on how to set this up on a per-input and/or per-omfwd >> basis? >> >> All the docs I can find suggest setting the global >> DefaultNetstreamDriver* >> variables, which in my case are not what I want because I need to be >> able >> to use different keys/certs/CAs for the input/imtcp vs the omfwd >> operations. >> >> I am running 8.2204.1. >> >> Thanks, >> >> -derek >> >> On Mon, April 25, 2022 3:03 am, Rainer Gerhards via rsyslog wrote: >> > Yes, it's possible. Worked on that for quite some time last year ;-) >> > >> > Rainer >> > >> > El lun, 25 abr 2022 a las 7:41, Mariusz Kruk via rsyslog >> > (<rsyslog@lists.adiscon.com>) escribió: >> >> >> >> There were some improvements to TLS handling introduced over several >> >> versions so you'd have to review the changelog and docs. >> >> >> >> But from what I see, the omfwd module supports setting separate TLS >> >> key/cert/cacert per action since 8.2108. >> >> >> >> The imtcp module also supports setting those on a per-input level >> since >> >> 8.2108. >> >> >> >> So it should work. >> >> >> >> It is always a good idea to do a tcpdump and see how the handshake >> >> progresses and when and where it fails. >> >> >> >> MK >> >> >> >> On 24.04.2022 00:35, Shane via rsyslog wrote: >> >> > Hi I am trying to get rsyslog to receive store/forward messages w/ >> tls >> >> on >> >> > both sides. >> >> > >> >> > client --->tls---> rsyslog --->tls---> remote.something >> >> > >> >> > I got it set up so i could send to the rsyslog server but then i >> >> couldn't >> >> > add another ca/cert files. My config was using global and >> >> defaultnetstream >> >> > >> >> > I found on rsyslog.com that prior to 8.2202 it couldn't use tls on >> two >> >> > different source/dest. I found the cent 7 repo and got >> rsyslog-8.2204 >> >> > installed. Now nothing works. I think i got the config correct >> but >> >> the >> >> > client keeps getting rejected. >> >> > >> >> > Apr 23 17:13:39 rlog rsyslogd[11417]: GnuTLS handshake retry >> returned >> >> > error: The TLS connection was non-properly terminated. [v8.2204.0 >> try >> >> > https://www.rsyslog.com/e/2083 ] >> >> > Apr 23 17:13:39 rlog rsyslogd[11417]: netstream session >> 0x7f6a04013360 >> >> from >> >> > 192.168.5.22 will be closed due to error [v8.2204.0 try >> >> > https://www.rsyslog.com/e/2089 ] >> >> > >> >> > So then i tried going to the ossl module. Now its even worse. My >> >> config >> >> > is a mess now too. >> >> > >> >> > Does tls on both sides work? >> >> > Do I need the 8.2202+ version? >> >> > Do you have an example config? >> >> > _______________________________________________ >> >> > rsyslog mailing list >> >> > https://lists.adiscon.net/mailman/listinfo/rsyslog >> >> > http://www.rsyslog.com/professional-services/ >> >> > What's up with rsyslog? Follow https://twitter.com/rgerhards >> >> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a >> >> myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT >> POST >> >> if you DON'T LIKE THAT. >> >> _______________________________________________ >> >> rsyslog mailing list >> >> https://lists.adiscon.net/mailman/listinfo/rsyslog >> >> http://www.rsyslog.com/professional-services/ >> >> What's up with rsyslog? Follow https://twitter.com/rgerhards >> >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a >> myriad >> >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if >> you >> >> DON'T LIKE THAT. >> > _______________________________________________ >> > rsyslog mailing list >> > https://lists.adiscon.net/mailman/listinfo/rsyslog >> > http://www.rsyslog.com/professional-services/ >> > What's up with rsyslog? Follow https://twitter.com/rgerhards >> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a >> myriad >> > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >> > DON'T LIKE THAT. >> >> >> -- >> Derek Atkins 617-623-3745 >> de...@ihtfp.com www.ihtfp.com >> Computer and Internet Security Consultant >> >> > -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
