Unfortunately, this is all we know. GnuTLS is notoriously bad in reporting the actual trouble cause.
I suggest switching to the openssl (ossl) driver, which provides much better error reporting. It usually is included in it's own package (e.g. rsyslog-ossl or rsyslog-openssl). HTH Rainer El mié, 18 may 2022 a las 10:40, sachin sachu via rsyslog (<rsyslog@lists.adiscon.com>) escribió: > > Hi, > I am trying to do rsyslog with TLS connection with a remote server. > > I am able to run rsyslog server with TLS successfully. > But in the Rsyslog client side I am getting certificates loading errors. > > Here is the configuration and logs info: > *Rsyslog-server-configuration:* > administrator@ubuntu-2:~$ cat /etc/rsyslog.d/logserver.conf > $DefaultNetstreamDriver gtls > > $DefaultNetstreamDriverCAFile /etc/rsyslog/ca.pem > $DefaultNetstreamDriverCertFile /etc/rsyslog/rslserver-cert.pem > $DefaultNetstreamDriverKeyFile /etc/rsyslog/rslserver-key.pem > > $ModLoad imtcp > > $InputTCPServerStreamDriverAuthMode anon > $InputTCPServerStreamDriverMode 1 # run driver in TLS-only mode > > $ActionSendStreamDriverAuthMode x509/name > $ActionSendStreamDriverPermittedPeer > dhcp-blr-kmgm-blk2-4fl-6fl-client-ip.in.oracle.com > $ActionSendStreamDriverMode 1 # run driver in TLS-only mode > > $InputTCPServerRun 10514 > > # Increase the amount of open files rsyslog is allowed, which includes open > tcp sockets > # This is important if there are many clients. > # http://www.rsyslog.com/doc/rsconf1_maxopenfiles.html > $MaxOpenFiles 2048 > administrator@ubuntu-2:~$ > > *Rsyslog-client-configuration:* > administrator@ubutnu:~/rsyslog-certificates$ cat > /etc/rsyslog.d/log-client.conf > > $DefaultNetstreamDriver gtls > > $DefaultNetstreamDriverCAFile /etc/rsyslog/ca.pem > $DefaultNetstreamDriverCertFile /etc/rsyslog/rslclient-cert.pem > $DefaultNetstreamDriverKeyFile /etc/rsyslog/rslclient-key.pem > > $ActionSendStreamDriverPermittedPeer > dhcp-blr-kmgm-blk2-4fl-6fl-remote-ip.in.oracle.com > $ActionSendStreamDriverMode 1 # run driver in TLS-only mode > $ActionSendStreamDriverAuthMode x509/name > > *.* @@<remote-ip>:10514 > administrator@ubuntu:~/rsyslog-certificates$ > > *Getting Error logs on the client side.* > */var/log/rsyslog* > > > > > > > > > > > > > > *May 18 13:14:52 Ubuntu rsyslogd: rsyslogd's groupid changed to 104May 18 > 13:14:52 Ubuntu rsyslogd: rsyslogd's userid changed to 101May 18 13:14:52 > Ubuntu rsyslogd: [origin software="rsyslogd" > swVersion="8.2206.0.c74f5c8523ef" x-pid="8898" > x-info="https://www.rsyslog.com <https://www.rsyslog.com/>"] startMay 18 > 13:14:54 Ubuntu rsyslogd: error reading file - a common cause is that the > file does not exist [v8.2206.0.c74f5c8523ef > try https://www.rsyslog.com/e/2078 <https://www.rsyslog.com/e/2078> ]May 18 > 13:14:54 Ubuntu rsyslogd: error adding our certificate. GnuTLS error -64, > message: 'Error while reading file.', key: > '/etc/rsyslog/rslclient-key.pem', cert: '/etc/rsyslog/rslclient-cert.pem' > [v8.2206.0.c74f5c8523ef try https://www.rsyslog.com/e/2078 > <https://www.rsyslog.com/e/2078> ]May 18 13:14:54 Ubuntu rsyslogd: action > 'action-11-builtin:omfwd' suspended (module 'builtin:omfwd'), retry 0. > There should be messages before this one giving the reason for suspension. > [v8.2206.0.c74f5c8523ef try https://www.rsyslog.com/e/2007 > <https://www.rsyslog.com/e/2007> ]May 18 13:14:55 Ubuntu rsyslogd: error > reading file - a common cause is that the file does not exist > [v8.2206.0.c74f5c8523ef try https://www.rsyslog.com/e/2078 > <https://www.rsyslog.com/e/2078> ]May 18 13:14:55 Ubuntu rsyslogd: error > adding our certificate. GnuTLS error -64, message: 'Error while reading > file.', key: '/etc/rsyslog/rslclient-key.pem', cert: > '/etc/rsyslog/rslclient-cert.pem' [v8.2206.0.c74f5c8523ef > try https://www.rsyslog.com/e/2078 <https://www.rsyslog.com/e/2078> ]May 18 > 13:14:55 Ubuntu rsyslogd: action 'action-11-builtin:omfwd' suspended > (module 'builtin:omfwd'), next retry is Wed May 18 13:15:25 2022, retry nbr > 0. There should be messages before this one giving the reason for > suspension. [v8.2206.0.c74f5c8523ef try https://www.rsyslog.com/e/2007 > <https://www.rsyslog.com/e/2007> ]May 18 13:15:00 Ubuntu rsyslogd: error > reading file - a common cause is that the file does not exist > [v8.2206.0.c74f5c8523ef try https://www.rsyslog.com/e/2078 > <https://www.rsyslog.com/e/2078> ]May 18 13:15:00 Ubuntu rsyslogd: error > adding our certificate. GnuTLS error -64, message: 'Error while reading > file.', key: '/etc/rsyslog/rslclient-key.pem', cert: > '/etc/rsyslog/rslclient-cert.pem' [v8.2206.0.c74f5c8523ef > try https://www.rsyslog.com/e/2078 <https://www.rsyslog.com/e/2078> ]May 18 > 13:15:00 Ubuntu rsyslogd: action 'action-11-builtin:omfwd' suspended > (module 'builtin:omfwd'), retry 1. There should be messages before this one > giving the reason for suspension. [v8.2206.0.c74f5c8523ef > try https://www.rsyslog.com/e/2007 <https://www.rsyslog.com/e/2007> ]May 18 > 13:15:05 Ubuntu rsyslogd: error reading file - a common cause is that the > file does not exist [v8.2206.0.c74f5c8523ef > try https://www.rsyslog.com/e/2078 <https://www.rsyslog.com/e/2078> ]May 18 > 13:15:05 Ubuntu rsyslogd: error adding our certificate. GnuTLS error -64, > message: 'Error while reading file.', key: > '/etc/rsyslog/rslclient-key.pem', cert: '/etc/rsyslog/rslclient-cert.pem' > [v8.2206.0.c74f5c8523ef try https://www.rsyslog.com/e/2078 > <https://www.rsyslog.com/e/2078> ]* > > > Please help me to fix this issue if anything i missed. > > Thanks and Regards, > Sachin > _______________________________________________ > rsyslog mailing list > https://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T > LIKE THAT. _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
