If you want to use certless TLS communication, there is no need to configure DefaultNetstreamDriverCAFile, DefaultNetstreamDriverCertFile or DefaultNetstreamDriverKeyFile. See our sample configuratrions from the testbench: https://github.com/rsyslog/rsyslog/blob/91885676001c9df1c2c91514d144cf71755d5d14/tests/sndrcv_tls_gtls_serveranon_gtls_clientanon.sh
I would recommend to switch over to the openssl (ossl) driver which gives us way more detailed error messages. My guess is that rsyslog and your NAS are not finding a shared cipher. Best regards, Andre Lorbach -- Adiscon GmbH Mozartstr. 21 97950 Großrinderfeld, Germany Ph. +49-9349-9298530 Geschäftsführer/President: Rainer Gerhards Reg.-Gericht Mannheim, HRB 560610 Ust.-IDNr.: DE 81 22 04 622 Web: www.adiscon.com - Mail: i...@adiscon.com Informations regarding your data privacy policy can be found here: https://www.adiscon.com/data-privacy-policy/ This e-mail may contain confidential and/or privileged information. If you are not the intended recipient or have received this e-mail in error please notify the sender immediately and delete this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese E-Mail. Das unerlaubte Kopieren und die unbefugte Weitergabe dieser E-Mail sind nicht gestattet. > -----Ursprüngliche Nachricht----- > Von: rsyslog <rsyslog-boun...@lists.adiscon.com> Im Auftrag von Solarer > via > rsyslog > Gesendet: Dienstag, 17. Mai 2022 17:46 > An: rsyslog@lists.adiscon.com > Cc: Solarer <sola...@hotmail.de> > Betreff: [rsyslog] Fwd: Disable Client Certificate Request > > Hi everybody, > I am trying to get a Synology NAS to send its internal logs to a VM > running > rsyslog via TCP and TLS. The transmission works fine using UDP but once I > enable encryption in the Synology, I am getting a (not very > helpful) error message (see attached). > > Eventually I recorded the traffic with tcpdump on the VM running rsyslog > and > I see the a repeating pattern (second attachment). > > As you can see, the connection is reset after an internal error by the > Synology box which happens right after the server HELLO. To me it looks > like > the rsyslog server is doing a certificate request for client auth but that > is not > supported by the Synology and so it crashes (I can only upload a CA to > verify > the server certificate but not a client cert). > > How can I disable this behavior? I am using StreamDriver.Authmode="anon" > which should disable the client certificate request. > > Please find attached the rsyslog.conf in question. > Thank you very much in advance > > OS: Fedora 35 > Packages: > rsyslog.x86_64 8.2204.0-1.fc35 @updates-testing > rsyslog-gnutls.x86_64 8.2204.0-1.fc35 @updates-testing > rsyslog-openssl.x86_64 8.2204.0-1.fc35 @updates-testing _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
