Sorry - hit send by mistake before.
Here is server conf file:
global(defaultNetStreamDriver="ptcp"
$InputTCPServerRun 12345
$template LDSTag,"<%PRI%>%TIMESTAMP% [nameofsystem] %syslogtag% %msg%"
if $fromhost-ip <> '127.0.0.1' then {
@10.x.x.x:LDSTAG
stop
}
auth.*;authpriv.*;cron.*;daemon.*;kern.*;local0.*;local4.*;local5.*
@10.x.x.x;LDSTag
Client config:
global(defaultNetStreamDriver="ptcp" )
$ActionSendStreamDriverPermittedPeer 10.10.10.1 #wg server ip
$template LDCTmpl,"<%PRI%>%TIMESTAMP:::date-rfc3339% [HOSTNAME]
%syslogtag%%msg%"
auth.*;authpriv.*;cron.*;daemon.*;kern.*;local0.*;local4.*;local5.*
@10.10.10.1:12345;LDCTmpl
On Thu, May 30, 2024 at 5:38 AM Kathy Lyons <lyonsf...@gmail.com> wrote:
> Here is my server conf file:
>
> global(defaultNetStreamDriver="ptcp")
>
>
> On Wed, May 29, 2024 at 12:12 PM David Lang <da...@lang.hm> wrote:
>
>> you still have some encryption settings left in the file, please post
>> your full
>> config again so we can see what you have left.
>>
>> I already posted the minimal config that removed all the encryption
>> settings.
>>
>> David Lang
>>
>> On Wed, 29 May 2024, Kathy Lyons wrote:
>>
>> > Date: Wed, 29 May 2024 06:35:44 -0400
>> > From: Kathy Lyons <lyonsf...@gmail.com>
>> > To: Rainer Gerhards <rgerha...@hq.adiscon.com>
>> > Cc: rsyslog-users <rsyslog@lists.adiscon.com>, David Lang <
>> da...@lang.hm>
>> > Subject: Re: [rsyslog] unencrypted rsyslog through a wireguard terminal
>> >
>> > Thanks. I have removed that line from my files. When I restart
>> rsyslog, I
>> > get this error:
>> >
>> > * authentication not supported by ptcp netstream
>> driver.*
>> >
>> > Are there other lines I should remove? Is the ptcp netstream driver the
>> > default?
>> >
>> > David, when I run tcpdump for the port 12345 on both client and server I
>> > see data on both devices. Do I not need a TCP connection data for both
>> the
>> > client and server?
>> >
>> > On Wed, May 29, 2024 at 5:45 AM Rainer Gerhards <
>> rgerha...@hq.adiscon.com>
>> > wrote:
>> >
>> >> Mode 0 indeed does turn any encryption off. It's primarily there for
>> >> technical reasons, and it is the default.
>> >>
>> >> I strongly advise against defining encryption settings and then
>> >> disabling them this way.
>> >>
>> >> Rainer
>> >>
>> >> El mié, 29 may 2024 a las 11:26, David Lang via rsyslog
>> >> (<rsyslog@lists.adiscon.com>) escribió:
>> >>>
>> >>> On Wed, 29 May 2024, Kathy Lyons wrote:
>> >>>
>> >>>> which part sets encryption? I thought these options set encryption
>> to
>> >> 0,
>> >>>> or disabled.
>> >>>
>> >>> leave out all the encryption settings to have them be disabled,
>> setting
>> >> the mode
>> >>> to anon turns on encryption, but accepting any cert.
>> >>>
>> >>> David Lang
>> >>>
>> >>>> On Tue, May 28, 2024 at 6:09 PM David Lang <da...@lang.hm> wrote:
>> >>>>
>> >>>>> On Tue, 28 May 2024, Kathy Lyons wrote:
>> >>>>>
>> >>>>>
>> >>>>> let's simplify this to the minimum needed
>> >>>>>
>> >>>>>> *Server**
>> >>>>>>
>> >>>>>> # I've tried both with and without the line below
>> >>>>>> $ModLoad imtcp
>> >>>>>> $InputTCPServerRun 12345
>> >>>>>> $template LDSTag, "<%PRI>%TIMESTAMP [nameofsystem] %syslog% %msg%"
>> >>>>>> # 10.50.x.x is where the server sends its local data and that of
>> the
>> >>>>> clients via udp port 514
>> >>>>>> if $fromhost-ip <> '127.0.0.1' then @10.50.x.x;LDSTag
>> >>>>>> &stop
>> >>>>>> auth.*;authpriv.*;cron.*;daemon.*;kern.*;local0.*;local4.*
>> >>>>> @10.50.x.x;LDSTag
>> >>>>>>
>> >>>>>>
>> >>>>>> **Client**
>> >>>>>>
>> >>>>>> *#*I've tried both with and without the line below
>> >>>>>> $ModLoad imtcp
>> >>>>>> $template LDSTag,"<%PRI>%TIMESTAMP [PUBLIC_IP] %syslog% %msg%"
>> >>>>>> #Send Settings
>> >>>>>> auth.*;authpriv.*;cron.*;daemon.*;kern.*;local0.*;local4.*
>> >>>>>> @@10.10.10.10.1:12345;LDSTmpl
>> >>>>>
>> >>>>> also note that the format of setting a bunch of $foo lines that then
>> >>>>> affect
>> >>>>> future lines is discouraged, it's better to use the newer action()
>> >> syntax
>> >>>>> that
>> >>>>> sets all those things explicitly in the one place.
>> >>>>>
>> >>>>> David Lang
>> >>>>>
>> >>>>>>
>> >>>>>> On 5/28/2024 5:42 PM, David Lang wrote:
>> >>>>>>> your message is badly linewrapped, can you please try again?
>> >>>>>>>
>> >>>>>>> also note that while you can ping between the systems, that
>> doesn't
>> >>>>> mean
>> >>>>>>> that port 514 (TCP or UDP) can get through, either due to
>> firewalls
>> >> at
>> >>>>> the
>> >>>>>>> network layer or iptables on the systems
>> >>>>>>>
>> >>>>>>> David Lang
>> >>>>>>>
>> >>>>>>
>> >>>>>
>> >>>>
>> >>> _______________________________________________
>> >>> rsyslog mailing list
>> >>> https://lists.adiscon.net/mailman/listinfo/rsyslog
>> >>> http://www.rsyslog.com/professional-services/
>> >>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>> >>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
>> myriad
>> >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
>> >> DON'T LIKE THAT.
>> >>
>> >
>
>
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
