Hi, I've been using RSyslog to accumulate and aggregate messages in an intermediary and then send them to another server. This intermediary runs rsyslog with an Omfwd rule and uses OpenSSL to connect to the main server. I've been running with this configuration for a while and it's been working just fine for a while with the same configuration.
I've got one intermediary running 8.2302.0 and it works just fine, but another one that is running 8.2304.0 is failing with the following repeating logs: May 31 16:12:51 DIA-SLHS rsyslogd: Warning: Certificate file is not set [v8.2304.0 try https://www.rsyslog.com/e/2330 ] May 31 16:12:51 DIA-SLHS rsyslogd: Warning: Key file is not set [v8.2304.0 try https://www.rsyslog.com/e/2331 ] May 31 16:12:51 DIA-SLHS rsyslogd: nsd_ossl: TLS Connection initiated with remote syslog server. [v8.2304.0] May 31 16:12:51 DIA-SLHS rsyslogd: SSL_ERROR_SYSCALL Error in 'osslHandshakeCheck Client': 'error:00000005:lib(0):func(0):DH lib(5)' with ret=-1, errno=104, sslapi='SSL_do_handshake' [v8.2304.0] The rsyslog omfwd rule says: action(type="omfwd" protocol="tcp" StreamDriver="ossl" StreamDriverAuthMode="x509/certvalid" StreamDriverMode="1" StreamDriver.CAFile="/etc/ssl/certs/rsyslog_ca_cert.pem" target="<log server>" port="6514" gnutlsPriorityString="Protocol=ALL,-SSLv2,-SSLv3,-TLSv1 MinProtocol=TLSv1.2" template="<my template>" ) If it matters, I also have an input imtcp rule with openssl turned on, but that appears to be working just fine and I'm getting data into the intermediary. Is there some way to better debug why the omfwd is not working? Thanks, -derek -- Derek Atkins 617-623-3745 de...@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
