Hi
My version of rsyslogd on log sever:
rsyslogd 8.2106.0 (aka 2021.06) compiled with:
PLATFORM: x86_64-suse-linux-gnu
PLATFORM (lsb_release -d):
FEATURE_REGEXP: Yes
GSSAPI Kerberos 5 support: Yes
FEATURE_DEBUG (debug build, slow code): No
32bit Atomic operations supported: Yes
64bit Atomic operations supported: Yes
memory allocator: system default
Runtime Instrumentation (slow code): No
uuid support: Yes
systemd support: Yes
Config file: /etc/rsyslog.conf
PID file: /var/run/rsyslogd.pid
Number of Bits in RainerScript integers: 64
# ######### Receiving Messages from Remote Hosts ##########.
########### Encrypting Syslog Traffic with TLS ##########
# -- TLS Syslog Server:.
## make gtls driver the default
$DefaultNetstreamDriver gtls
#
## certificate files
$DefaultNetstreamDriverCAFile /etc/rsyslog-keys/CA_server.pem
$DefaultNetstreamDriverCertFile /etc/rsyslog-keys/server.pem
$DefaultNetstreamDriverKeyFile /etc/rsyslog-keys/server.pem
$ModLoad imtcp # load TCP listener
#
$InputTCPServerStreamDriverMode 1 # run driver in TLS-only mode
#$InputTCPServerStreamDriverAuthMode anon # client is NOT authenticated
$InputTCPServerStreamDriverAuthMode x509/name
$InputTCPServerStreamDriverPermittedPeer *.domain.com
$InputTCPServerRun 514 # start up listener at port 10514
#
#$EscapeControlCharactersOnReceive off
#$Escape8BitCharactersOnReceive off
$template RemoteServer, "/var/log/%HOSTNAME%/%SYSLOGFACILITY-TEXT%.log"
*.* ?RemoteServer
Client conf:
# certificate files - just CA for a client
$DefaultNetstreamDriverCAFile /etc/rsyslog-keys/CA_client.pem
# set up the action
$DefaultNetstreamDriver gtls # use gtls netstream driver
$ActionSendStreamDriverMode 1 # require TLS for the connection
$ActionSendStreamDriverAuthMode x509/name
#$ActionSendStreamDriverAuthMode anon # server is NOT authenticated
# Only send log to SERVER.EXAMPLE.COM host
$ActionSendStreamDriverPermittedPeer server.domain.com
*.* @@(o) server.domain.com:514 # send (all) messages
What have in log on server:
2022-05-25T14:44:32.782021+02:00 client.domain.com
#010#005#005#003#010#010#006#001#010#013#010#006#006#003#002#001#002#003#000#026#000#000#000#027#000#000#000##000#000.#001#000#001#000#000#000#000#034#000#032#000#000#027server.
domain.coml#000#034#000#002@
2022-05-25T14:44:32.887714+02:00 client.domain.com
#026#003#001#000.#001#000#000.#003#003·...愜#030J#026#004..#037)#021n.#030..#021..rw..F..#000#0002.,̩...
2022-05-25T14:44:32.887714+02:00 client.domain.com
.+...#011.0̨.#024./.#023#000...#0005#000...#000/#000...#0009#000...#0003#001#000#000.#000#005#000#005#001#000#000#000#000
2022-05-25T14:44:32.887714+02:00 client.domain.com
#000#026#000#024#000#027#000#030#000#031#000#035#000#036#001#000#001#001#001#002#001#003#001#004#000#013#000#002#001#000#000#015#000"#000
#004#001#010#011#010#004#004#003#010#007#00
5#001#010
Before 15 may working fine.
I don’t have any idea what is wrong
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
