remove the PermittedPeer line.
that only applies to the encryption settings on the server receiving TLS
connections.
and I don't think you need to set the NetStreamDriver, so I would remove those
liens from both configs.
David Lang
On Thu, 30 May 2024, Kathy Lyons wrote:
Date: Thu, 30 May 2024 06:01:38 -0400
From: Kathy Lyons <lyonsf...@gmail.com>
To: David Lang <da...@lang.hm>
Cc: Rainer Gerhards <rgerha...@hq.adiscon.com>,
rsyslog-users <rsyslog@lists.adiscon.com>
Subject: Re: [rsyslog] unencrypted rsyslog through a wireguard terminal
Sorry - hit send by mistake before.
Here is server conf file:
global(defaultNetStreamDriver="ptcp"
$InputTCPServerRun 12345
$template LDSTag,"<%PRI%>%TIMESTAMP% [nameofsystem] %syslogtag% %msg%"
if $fromhost-ip <> '127.0.0.1' then {
@10.x.x.x:LDSTAG
stop
}
auth.*;authpriv.*;cron.*;daemon.*;kern.*;local0.*;local4.*;local5.*
@10.x.x.x;LDSTag
Client config:
global(defaultNetStreamDriver="ptcp" )
$ActionSendStreamDriverPermittedPeer 10.10.10.1 #wg server ip
$template LDCTmpl,"<%PRI%>%TIMESTAMP:::date-rfc3339% [HOSTNAME]
%syslogtag%%msg%"
auth.*;authpriv.*;cron.*;daemon.*;kern.*;local0.*;local4.*;local5.*
@10.10.10.1:12345;LDCTmpl
On Thu, May 30, 2024 at 5:38 AM Kathy Lyons <lyonsf...@gmail.com> wrote:
Here is my server conf file:
global(defaultNetStreamDriver="ptcp")
On Wed, May 29, 2024 at 12:12 PM David Lang <da...@lang.hm> wrote:
you still have some encryption settings left in the file, please post
your full
config again so we can see what you have left.
I already posted the minimal config that removed all the encryption
settings.
David Lang
On Wed, 29 May 2024, Kathy Lyons wrote:
Date: Wed, 29 May 2024 06:35:44 -0400
From: Kathy Lyons <lyonsf...@gmail.com>
To: Rainer Gerhards <rgerha...@hq.adiscon.com>
Cc: rsyslog-users <rsyslog@lists.adiscon.com>, David Lang <
da...@lang.hm>
Subject: Re: [rsyslog] unencrypted rsyslog through a wireguard terminal
Thanks. I have removed that line from my files. When I restart
rsyslog, I
get this error:
* authentication not supported by ptcp netstream
driver.*
Are there other lines I should remove? Is the ptcp netstream driver the
default?
David, when I run tcpdump for the port 12345 on both client and server I
see data on both devices. Do I not need a TCP connection data for both
the
client and server?
On Wed, May 29, 2024 at 5:45 AM Rainer Gerhards <
rgerha...@hq.adiscon.com>
wrote:
Mode 0 indeed does turn any encryption off. It's primarily there for
technical reasons, and it is the default.
I strongly advise against defining encryption settings and then
disabling them this way.
Rainer
El mié, 29 may 2024 a las 11:26, David Lang via rsyslog
(<rsyslog@lists.adiscon.com>) escribió:
On Wed, 29 May 2024, Kathy Lyons wrote:
which part sets encryption? I thought these options set encryption
to
0,
or disabled.
leave out all the encryption settings to have them be disabled,
setting
the mode
to anon turns on encryption, but accepting any cert.
David Lang
On Tue, May 28, 2024 at 6:09 PM David Lang <da...@lang.hm> wrote:
On Tue, 28 May 2024, Kathy Lyons wrote:
let's simplify this to the minimum needed
*Server**
# I've tried both with and without the line below
$ModLoad imtcp
$InputTCPServerRun 12345
$template LDSTag, "<%PRI>%TIMESTAMP [nameofsystem] %syslog% %msg%"
# 10.50.x.x is where the server sends its local data and that of
the
clients via udp port 514
if $fromhost-ip <> '127.0.0.1' then @10.50.x.x;LDSTag
&stop
auth.*;authpriv.*;cron.*;daemon.*;kern.*;local0.*;local4.*
@10.50.x.x;LDSTag
**Client**
*#*I've tried both with and without the line below
$ModLoad imtcp
$template LDSTag,"<%PRI>%TIMESTAMP [PUBLIC_IP] %syslog% %msg%"
#Send Settings
auth.*;authpriv.*;cron.*;daemon.*;kern.*;local0.*;local4.*
@@10.10.10.10.1:12345;LDSTmpl
also note that the format of setting a bunch of $foo lines that then
affect
future lines is discouraged, it's better to use the newer action()
syntax
that
sets all those things explicitly in the one place.
David Lang
On 5/28/2024 5:42 PM, David Lang wrote:
your message is badly linewrapped, can you please try again?
also note that while you can ping between the systems, that
doesn't
mean
that port 514 (TCP or UDP) can get through, either due to
firewalls
at
the
network layer or iptables on the systems
David Lang
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
