unfortunately, this property is not yet available :-( Rainer
El jue, 26 may 2022 a las 13:53, Derek Atkins (<de...@ihtfp.com>) escribió: > > Thanks Rainer, > > This is working smashingly! > > The next issue I'm trying to solve is how do I add the client certificate > information into the log message? I'd like to add e.g. the client > certificate subject (or subjectAltName) into my log template (similar to > how you can add the client hostname or fromhost-ip). > > Again, I am having issues searching, as any combination of "rsyslog" and > "certificate" seems to bring up documentation on "how to configure TLS" > which, obviously, I already know how to do... > > Any help or guidance would be appreciated. > > Thanks, > > -derek > > On Tue, May 17, 2022 4:12 pm, Rainer Gerhards wrote: > > https://www.rsyslog.com/doc/v8-stable/configuration/modules/imtcp.html > > > > https://www.rsyslog.com/doc/v8-stable/configuration/modules/omfwd.html > > > > HTH > > Rainer > > > > Sent from phone, thus brief. > > > > Derek Atkins <de...@ihtfp.com> schrieb am Di., 17. Mai 2022, 22:01: > > > >> Hi, > >> > >> Are there docs on how to set this up on a per-input and/or per-omfwd > >> basis? > >> > >> All the docs I can find suggest setting the global > >> DefaultNetstreamDriver* > >> variables, which in my case are not what I want because I need to be > >> able > >> to use different keys/certs/CAs for the input/imtcp vs the omfwd > >> operations. > >> > >> I am running 8.2204.1. > >> > >> Thanks, > >> > >> -derek > >> > >> On Mon, April 25, 2022 3:03 am, Rainer Gerhards via rsyslog wrote: > >> > Yes, it's possible. Worked on that for quite some time last year ;-) > >> > > >> > Rainer > >> > > >> > El lun, 25 abr 2022 a las 7:41, Mariusz Kruk via rsyslog > >> > (<rsyslog@lists.adiscon.com>) escribió: > >> >> > >> >> There were some improvements to TLS handling introduced over several > >> >> versions so you'd have to review the changelog and docs. > >> >> > >> >> But from what I see, the omfwd module supports setting separate TLS > >> >> key/cert/cacert per action since 8.2108. > >> >> > >> >> The imtcp module also supports setting those on a per-input level > >> since > >> >> 8.2108. > >> >> > >> >> So it should work. > >> >> > >> >> It is always a good idea to do a tcpdump and see how the handshake > >> >> progresses and when and where it fails. > >> >> > >> >> MK > >> >> > >> >> On 24.04.2022 00:35, Shane via rsyslog wrote: > >> >> > Hi I am trying to get rsyslog to receive store/forward messages w/ > >> tls > >> >> on > >> >> > both sides. > >> >> > > >> >> > client --->tls---> rsyslog --->tls---> remote.something > >> >> > > >> >> > I got it set up so i could send to the rsyslog server but then i > >> >> couldn't > >> >> > add another ca/cert files. My config was using global and > >> >> defaultnetstream > >> >> > > >> >> > I found on rsyslog.com that prior to 8.2202 it couldn't use tls on > >> two > >> >> > different source/dest. I found the cent 7 repo and got > >> rsyslog-8.2204 > >> >> > installed. Now nothing works. I think i got the config correct > >> but > >> >> the > >> >> > client keeps getting rejected. > >> >> > > >> >> > Apr 23 17:13:39 rlog rsyslogd[11417]: GnuTLS handshake retry > >> returned > >> >> > error: The TLS connection was non-properly terminated. [v8.2204.0 > >> try > >> >> > https://www.rsyslog.com/e/2083 ] > >> >> > Apr 23 17:13:39 rlog rsyslogd[11417]: netstream session > >> 0x7f6a04013360 > >> >> from > >> >> > 192.168.5.22 will be closed due to error [v8.2204.0 try > >> >> > https://www.rsyslog.com/e/2089 ] > >> >> > > >> >> > So then i tried going to the ossl module. Now its even worse. My > >> >> config > >> >> > is a mess now too. > >> >> > > >> >> > Does tls on both sides work? > >> >> > Do I need the 8.2202+ version? > >> >> > Do you have an example config? > >> >> > _______________________________________________ > >> >> > rsyslog mailing list > >> >> > https://lists.adiscon.net/mailman/listinfo/rsyslog > >> >> > http://www.rsyslog.com/professional-services/ > >> >> > What's up with rsyslog? Follow https://twitter.com/rgerhards > >> >> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a > >> >> myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT > >> POST > >> >> if you DON'T LIKE THAT. > >> >> _______________________________________________ > >> >> rsyslog mailing list > >> >> https://lists.adiscon.net/mailman/listinfo/rsyslog > >> >> http://www.rsyslog.com/professional-services/ > >> >> What's up with rsyslog? Follow https://twitter.com/rgerhards > >> >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a > >> myriad > >> >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if > >> you > >> >> DON'T LIKE THAT. > >> > _______________________________________________ > >> > rsyslog mailing list > >> > https://lists.adiscon.net/mailman/listinfo/rsyslog > >> > http://www.rsyslog.com/professional-services/ > >> > What's up with rsyslog? Follow https://twitter.com/rgerhards > >> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a > >> myriad > >> > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > >> > DON'T LIKE THAT. > >> > >> > >> -- > >> Derek Atkins 617-623-3745 > >> de...@ihtfp.com www.ihtfp.com > >> Computer and Internet Security Consultant > >> > >> > > > > > -- > Derek Atkins 617-623-3745 > de...@ihtfp.com www.ihtfp.com > Computer and Internet Security Consultant > _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
