Actually, a quick glance over the code of ommysql.c and docs for it
suggests that the connection handling might be influenced by a specified
mysql config file (my.cnf or such).
So you should be able to get away with something like (haven't tested
that, it's just something I came up with reading the docs)
action(type="ommysql" [...] MySQLConfig.File="/etc/my.cnf"
MySQLConfig.Section="rsyslog")
and adding to your my.cnf:
[rsyslog]
ssl-mode=REQUIRE
[...]
On 16.05.2023 21:33, David Lang via rsyslog wrote:
I don't think the ommysql module supports TLS (I'm not absolutly sure)
note that the action() syntax almost always ignores $foo definitions.
TLS is the one exception to that, but not all modules support TLS.
David Lang
On Tue, 16 May 2023, Levi Wilbert via rsyslog wrote:
Date: Tue, 16 May 2023 12:05:51 -0600
From: Levi Wilbert via rsyslog <rsyslog@lists.adiscon.com>
To: rsyslog@lists.adiscon.com
Cc: Levi Wilbert <voidnos...@gmail.com>
Subject: [rsyslog] Help w/ ommysql and TLS?
Greetings all,
I'm trying to forward syslogs from one of our servers to a new DB
server running MariaDB, and running into some issues I was wondering
if someone could help with.
I have rsyslog already installed on our logging server (RHEL7.9), and
further have installed rsyslog-mysql on this server as well.
I've copied the rsyslog DB setup script over to our DB server
(RHEL9.1), and setup permissions for the rsyslog user to access
MariaDB from our logging server.
Back on the logging server, I've configured rsyslog to load the
ommysql module and passed the server and MariaDB login info to the
module. With this setup and a mostly default MariaDB config, rsyslog
appears to work ok. However, we'd like to run our MariaDB securely
using TLS. When I activate TLS in MariaDB on our DB server, rsyslog
is no longer able to connect, and shows the following error:
rsyslogd[26271]: db error (1045): Access denied for user
'rsyslog'@'log-svr.arcc.uwyo.edu' (using password: YES)
[v8.24.0-57.el7_9.3]
(log-svr is our logging server, db-svr is our db server)
I've added the DB server's CA certificate to the logging server under
/etc/pki/ca-trust/source/anchors/, and run update-ca-trust. I have
tested connecting to MariaDB from our logging server w/ mysql, which
works fine, yet rsyslog doesn't appear to be able to connect!
I've tried configuring rsyslog on the logging server w/ the following
options:
$DefaultNetstreamDriverCAFile
/etc/pki/tls/certs/db-svr_arcc_uwyo_edu_interm.cer
$DefaultNetStreamDriver gtls
$ActionSendStreamDriverMode 1 # run driver in TLS-only mode
$ActionSendStreamDriverAuthMode x509/name
$ActionSendStreamDriverPermittedPeer db-svr.arcc.uwyo.edu
action(type="ommysql" server="db-svr.arcc.uwyo.edu" serverport="3306"
db="Syslog" uid="rsyslog" pwd="<password>")
Can anyone help w/ getting rsyslog to connect w/ TLS to our remote DB
server?
Thanks,
Levi Wilbert
HPC & Linux Systems Administrator
ARCC - Division of Research and Economic Development
Information Technology Ctr 226
1000 E. University Avenue, Laramie, WY 82071-200
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT
POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST
if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
