This looks like the server is not using TLS. Any rsyslog error messages in the server log?
Rainer El mié, 25 may 2022 a las 15:02, Grzegorz Zalewski via rsyslog (<rsyslog@lists.adiscon.com>) escribió: > > Hi > My version of rsyslogd on log sever: > rsyslogd 8.2106.0 (aka 2021.06) compiled with: > PLATFORM: x86_64-suse-linux-gnu > PLATFORM (lsb_release -d): > FEATURE_REGEXP: Yes > GSSAPI Kerberos 5 support: Yes > FEATURE_DEBUG (debug build, slow code): No > 32bit Atomic operations supported: Yes > 64bit Atomic operations supported: Yes > memory allocator: system default > Runtime Instrumentation (slow code): No > uuid support: Yes > systemd support: Yes > Config file: /etc/rsyslog.conf > PID file: /var/run/rsyslogd.pid > Number of Bits in RainerScript integers: 64 > > # ######### Receiving Messages from Remote Hosts ##########. > ########### Encrypting Syslog Traffic with TLS ########## > # -- TLS Syslog Server:. > ## make gtls driver the default > $DefaultNetstreamDriver gtls > # > ## certificate files > $DefaultNetstreamDriverCAFile /etc/rsyslog-keys/CA_server.pem > $DefaultNetstreamDriverCertFile /etc/rsyslog-keys/server.pem > $DefaultNetstreamDriverKeyFile /etc/rsyslog-keys/server.pem > > $ModLoad imtcp # load TCP listener > # > $InputTCPServerStreamDriverMode 1 # run driver in TLS-only mode > #$InputTCPServerStreamDriverAuthMode anon # client is NOT authenticated > $InputTCPServerStreamDriverAuthMode x509/name > $InputTCPServerStreamDriverPermittedPeer *.domain.com > $InputTCPServerRun 514 # start up listener at port 10514 > # > #$EscapeControlCharactersOnReceive off > #$Escape8BitCharactersOnReceive off > > $template RemoteServer, "/var/log/%HOSTNAME%/%SYSLOGFACILITY-TEXT%.log" > *.* ?RemoteServer > > Client conf: > # certificate files - just CA for a client > $DefaultNetstreamDriverCAFile /etc/rsyslog-keys/CA_client.pem > > # set up the action > $DefaultNetstreamDriver gtls # use gtls netstream driver > $ActionSendStreamDriverMode 1 # require TLS for the connection > $ActionSendStreamDriverAuthMode x509/name > > #$ActionSendStreamDriverAuthMode anon # server is NOT authenticated > > # Only send log to SERVER.EXAMPLE.COM host > $ActionSendStreamDriverPermittedPeer server.domain.com > *.* @@(o) server.domain.com:514 # send (all) messages > > What have in log on server: > 2022-05-25T14:44:32.782021+02:00 client.domain.com > #010#005#005#003#010#010#006#001#010#013#010#006#006#003#002#001#002#003#000#026#000#000#000#027#000#000#000##000#000.#001#000#001#000#000#000#000#034#000#032#000#000#027server. > domain.coml#000#034#000#002@ > 2022-05-25T14:44:32.887714+02:00 client.domain.com > #026#003#001#000.#001#000#000.#003#003·...愜#030J#026#004..#037)#021n.#030..#021..rw..F..#000#0002.,̩... > 2022-05-25T14:44:32.887714+02:00 client.domain.com > .+...#011.0̨.#024./.#023#000...#0005#000...#000/#000...#0009#000...#0003#001#000#000.#000#005#000#005#001#000#000#000#000 > 2022-05-25T14:44:32.887714+02:00 client.domain.com > #000#026#000#024#000#027#000#030#000#031#000#035#000#036#001#000#001#001#001#002#001#003#001#004#000#013#000#002#001#000#000#015#000"#000 > #004#001#010#011#010#004#004#003#010#007#00 > 5#001#010 > > Before 15 may working fine. > I don’t have any idea what is wrong > > _______________________________________________ > rsyslog mailing list > https://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T > LIKE THAT. _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
