Thanks Rainer, This is working smashingly!
The next issue I'm trying to solve is how do I add the client certificate information into the log message? I'd like to add e.g. the client certificate subject (or subjectAltName) into my log template (similar to how you can add the client hostname or fromhost-ip). Again, I am having issues searching, as any combination of "rsyslog" and "certificate" seems to bring up documentation on "how to configure TLS" which, obviously, I already know how to do... Any help or guidance would be appreciated. Thanks, -derek On Tue, May 17, 2022 4:12 pm, Rainer Gerhards wrote: > https://www.rsyslog.com/doc/v8-stable/configuration/modules/imtcp.html > > https://www.rsyslog.com/doc/v8-stable/configuration/modules/omfwd.html > > HTH > Rainer > > Sent from phone, thus brief. > > Derek Atkins <de...@ihtfp.com> schrieb am Di., 17. Mai 2022, 22:01: > >> Hi, >> >> Are there docs on how to set this up on a per-input and/or per-omfwd >> basis? >> >> All the docs I can find suggest setting the global >> DefaultNetstreamDriver* >> variables, which in my case are not what I want because I need to be >> able >> to use different keys/certs/CAs for the input/imtcp vs the omfwd >> operations. >> >> I am running 8.2204.1. >> >> Thanks, >> >> -derek >> >> On Mon, April 25, 2022 3:03 am, Rainer Gerhards via rsyslog wrote: >> > Yes, it's possible. Worked on that for quite some time last year ;-) >> > >> > Rainer >> > >> > El lun, 25 abr 2022 a las 7:41, Mariusz Kruk via rsyslog >> > (<rsyslog@lists.adiscon.com>) escribió: >> >> >> >> There were some improvements to TLS handling introduced over several >> >> versions so you'd have to review the changelog and docs. >> >> >> >> But from what I see, the omfwd module supports setting separate TLS >> >> key/cert/cacert per action since 8.2108. >> >> >> >> The imtcp module also supports setting those on a per-input level >> since >> >> 8.2108. >> >> >> >> So it should work. >> >> >> >> It is always a good idea to do a tcpdump and see how the handshake >> >> progresses and when and where it fails. >> >> >> >> MK >> >> >> >> On 24.04.2022 00:35, Shane via rsyslog wrote: >> >> > Hi I am trying to get rsyslog to receive store/forward messages w/ >> tls >> >> on >> >> > both sides. >> >> > >> >> > client --->tls---> rsyslog --->tls---> remote.something >> >> > >> >> > I got it set up so i could send to the rsyslog server but then i >> >> couldn't >> >> > add another ca/cert files. My config was using global and >> >> defaultnetstream >> >> > >> >> > I found on rsyslog.com that prior to 8.2202 it couldn't use tls on >> two >> >> > different source/dest. I found the cent 7 repo and got >> rsyslog-8.2204 >> >> > installed. Now nothing works. I think i got the config correct >> but >> >> the >> >> > client keeps getting rejected. >> >> > >> >> > Apr 23 17:13:39 rlog rsyslogd[11417]: GnuTLS handshake retry >> returned >> >> > error: The TLS connection was non-properly terminated. [v8.2204.0 >> try >> >> > https://www.rsyslog.com/e/2083 ] >> >> > Apr 23 17:13:39 rlog rsyslogd[11417]: netstream session >> 0x7f6a04013360 >> >> from >> >> > 192.168.5.22 will be closed due to error [v8.2204.0 try >> >> > https://www.rsyslog.com/e/2089 ] >> >> > >> >> > So then i tried going to the ossl module. Now its even worse. My >> >> config >> >> > is a mess now too. >> >> > >> >> > Does tls on both sides work? >> >> > Do I need the 8.2202+ version? >> >> > Do you have an example config? >> >> > _______________________________________________ >> >> > rsyslog mailing list >> >> > https://lists.adiscon.net/mailman/listinfo/rsyslog >> >> > http://www.rsyslog.com/professional-services/ >> >> > What's up with rsyslog? Follow https://twitter.com/rgerhards >> >> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a >> >> myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT >> POST >> >> if you DON'T LIKE THAT. >> >> _______________________________________________ >> >> rsyslog mailing list >> >> https://lists.adiscon.net/mailman/listinfo/rsyslog >> >> http://www.rsyslog.com/professional-services/ >> >> What's up with rsyslog? Follow https://twitter.com/rgerhards >> >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a >> myriad >> >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if >> you >> >> DON'T LIKE THAT. >> > _______________________________________________ >> > rsyslog mailing list >> > https://lists.adiscon.net/mailman/listinfo/rsyslog >> > http://www.rsyslog.com/professional-services/ >> > What's up with rsyslog? Follow https://twitter.com/rgerhards >> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a >> myriad >> > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >> > DON'T LIKE THAT. >> >> >> -- >> Derek Atkins 617-623-3745 >> de...@ihtfp.com www.ihtfp.com >> Computer and Internet Security Consultant >> >> > -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
