I don't think the ommysql module supports TLS (I'm not absolutly sure)
note that the action() syntax almost always ignores $foo definitions. TLS is the
one exception to that, but not all modules support TLS.
David Lang
On Tue, 16 May 2023, Levi Wilbert via rsyslog wrote:
Date: Tue, 16 May 2023 12:05:51 -0600
From: Levi Wilbert via rsyslog <rsyslog@lists.adiscon.com>
To: rsyslog@lists.adiscon.com
Cc: Levi Wilbert <voidnos...@gmail.com>
Subject: [rsyslog] Help w/ ommysql and TLS?
Greetings all,
I'm trying to forward syslogs from one of our servers to a new DB server running MariaDB, and running into some issues I was wondering if someone could help with.
I have rsyslog already installed on our logging server (RHEL7.9), and further
have installed rsyslog-mysql on this server as well.
I've copied the rsyslog DB setup script over to our DB server (RHEL9.1), and
setup permissions for the rsyslog user to access MariaDB from our logging
server.
Back on the logging server, I've configured rsyslog to load the ommysql module
and passed the server and MariaDB login info to the module. With this setup and
a mostly default MariaDB config, rsyslog appears to work ok. However, we'd like
to run our MariaDB securely using TLS. When I activate TLS in MariaDB on our DB
server, rsyslog is no longer able to connect, and shows the following error:
rsyslogd[26271]: db error (1045): Access denied for user
'rsyslog'@'log-svr.arcc.uwyo.edu' (using password: YES) [v8.24.0-57.el7_9.3]
(log-svr is our logging server, db-svr is our db server)
I've added the DB server's CA certificate to the logging server under
/etc/pki/ca-trust/source/anchors/, and run update-ca-trust. I have tested
connecting to MariaDB from our logging server w/ mysql, which works fine, yet
rsyslog doesn't appear to be able to connect!
I've tried configuring rsyslog on the logging server w/ the following options:
$DefaultNetstreamDriverCAFile
/etc/pki/tls/certs/db-svr_arcc_uwyo_edu_interm.cer
$DefaultNetStreamDriver gtls
$ActionSendStreamDriverMode 1 # run driver in TLS-only mode
$ActionSendStreamDriverAuthMode x509/name
$ActionSendStreamDriverPermittedPeer db-svr.arcc.uwyo.edu
action(type="ommysql" server="db-svr.arcc.uwyo.edu" serverport="3306"
db="Syslog" uid="rsyslog" pwd="<password>")
Can anyone help w/ getting rsyslog to connect w/ TLS to our remote DB server?
Thanks,
Levi Wilbert
HPC & Linux Systems Administrator
ARCC - Division of Research and Economic Development
Information Technology Ctr 226
1000 E. University Avenue, Laramie, WY 82071-200
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
