Re: [rsyslog] Rsyslog bad external log encoding ??????

Grzegorz Zalewski via rsyslog Wed, 25 May 2022 23:18:59 -0700

Hi

When I turn off TLS work fine :/


I does`t see any errors on server logs

-----Original Message-----
From: Rainer Gerhards <rgerha...@hq.adiscon.com> 
Sent: Wednesday, May 25, 2022 6:39 PM
To: rsyslog-users <rsyslog@lists.adiscon.com>
Cc: Grzegorz Zalewski <grzegorz.zalew...@inteco.pl>
Subject: Re: [rsyslog] Rsyslog bad external log encoding ??????

[EXTERNAL EMAIL] Please report any suspicious attachments, links, or requests 
for sensitive information.

This looks like the server is not using TLS. Any rsyslog error messages in the 
server log?

Rainer

El mié, 25 may 2022 a las 15:02, Grzegorz Zalewski via rsyslog
(<rsyslog@lists.adiscon.com>) escribió:
>
> Hi
> My version of rsyslogd on log sever:
> rsyslogd  8.2106.0 (aka 2021.06) compiled with:
>         PLATFORM:                               x86_64-suse-linux-gnu
>         PLATFORM (lsb_release -d):
>         FEATURE_REGEXP:                         Yes
>         GSSAPI Kerberos 5 support:              Yes
>         FEATURE_DEBUG (debug build, slow code): No
>         32bit Atomic operations supported:      Yes
>         64bit Atomic operations supported:      Yes
>         memory allocator:                       system default
>         Runtime Instrumentation (slow code):    No
>         uuid support:                           Yes
>         systemd support:                        Yes
>         Config file:                            /etc/rsyslog.conf
>         PID file:                               /var/run/rsyslogd.pid
>         Number of Bits in RainerScript integers: 64
>
> # ######### Receiving Messages from Remote Hosts ##########.
> ########### Encrypting Syslog Traffic with TLS ########## # -- TLS 
> Syslog Server:.
> ## make gtls driver the default
> $DefaultNetstreamDriver gtls
> #
> ## certificate files
> $DefaultNetstreamDriverCAFile /etc/rsyslog-keys/CA_server.pem 
> $DefaultNetstreamDriverCertFile /etc/rsyslog-keys/server.pem 
> $DefaultNetstreamDriverKeyFile /etc/rsyslog-keys/server.pem
>
> $ModLoad imtcp # load TCP listener
> #
> $InputTCPServerStreamDriverMode 1 # run driver in TLS-only mode 
> #$InputTCPServerStreamDriverAuthMode anon # client is NOT 
> authenticated $InputTCPServerStreamDriverAuthMode x509/name 
> $InputTCPServerStreamDriverPermittedPeer *.domain.com 
> $InputTCPServerRun 514 # start up listener at port 10514 # 
> #$EscapeControlCharactersOnReceive off #$Escape8BitCharactersOnReceive 
> off
>
> $template RemoteServer, "/var/log/%HOSTNAME%/%SYSLOGFACILITY-TEXT%.log"
> *.* ?RemoteServer
>
> Client conf:
> # certificate files - just CA for a client 
> $DefaultNetstreamDriverCAFile /etc/rsyslog-keys/CA_client.pem
>
> # set up the action
> $DefaultNetstreamDriver gtls # use gtls netstream driver 
> $ActionSendStreamDriverMode 1 # require TLS for the connection 
> $ActionSendStreamDriverAuthMode x509/name
>
> #$ActionSendStreamDriverAuthMode anon # server is NOT authenticated
>
> # Only send log to SERVER.EXAMPLE.COM host 
> $ActionSendStreamDriverPermittedPeer server.domain.com
> *.* @@(o) server.domain.com:514 # send (all) messages
>
> What have in log on server:
> 2022-05-25T14:44:32.782021+02:00 client.domain.com 
> #010#005#005#003#010#010#006#001#010#013#010#006#006#003#002#001#002#003#000#026#000#000#000#027#000#000#000##000#000.#001#000#001#000#000#000#000#034#000#032#000#000#027server.
> domain.coml#000#034#000#002@
> 2022-05-25T14:44:32.887714+02:00 client.domain.com 
> #026#003#001#000.#001#000#000.#003#003·...愜#030J#026#004..#037)#021n.#030..#021..rw..F..#000#0002.,̩...
> 2022-05-25T14:44:32.887714+02:00 client.domain.com 
> .+...#011.0̨.#024./.#023#000...#0005#000...#000/#000...#0009#000...#00
> 03#001#000#000.#000#005#000#005#001#000#000#000#000
> 2022-05-25T14:44:32.887714+02:00 client.domain.com 
> #000#026#000#024#000#027#000#030#000#031#000#035#000#036#001#000#001#0
> 01#001#002#001#003#001#004#000#013#000#002#001#000#000#015#000"#000 
> #004#001#010#011#010#004#004#003#010#007#00
> 5#001#010
>
> Before 15 may working fine.
> I don’t have any idea what is wrong
>
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE 
> WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites 
> beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] Rsyslog bad external log encoding ??????

Reply via email to