Problem with Ubuntu 14.04 rsyslog TLS
Claudio ML
claudioml at mediaservice.net
Mon Mar 7 15:40:52 UTC 2016
Hi all,
I am pretty lost with rsyslog with tcp reciever with TLS. My software
versions are:
$DefaultNetstreamDriver gtls
$DefaultNetstreamDriverCAFile /etc/rsyslog.d/ca-cert.pem
$DefaultNetstreamDriverCertFile /etc/rsyslog.d/server-cert.pem
$DefaultNetstreamDriverKeyFile /etc/rsyslog.d/server-key.pem
#$ModLoad imtcp
$InputTCPMaxSessions 1000
$InputTCPServerStreamDriverMode 1
$InputTCPServerStreamDriverAuthMode x509/name
$InputTCPServerStreamDriverPermittedPeer host.host.com
Into the client side i have generated the certificates from the same CA,
and configured it like this:
DefaultNetstreamDriverCAFile /etc/rsyslog/ca-key.pem
$DefaultNetstreamDriverCertFile /etc/rsyslog/host-cert.pem
$DefaultNetstreamDriverKeyFile /etc/rsyslog/host-key.pem
$ActionSendStreamDriver gtls # use gtls netstream driver
$ActionSendStreamDriverMode 1 # require TLS
$ActionSendStreamDriverAuthMode x509/name
#$ActionSendStreamDriverPermittedPeer server.host.host
The error i have is the following:
LogServer rsyslogd-2078: netstream session 0x7fb070004d80 will be closed
due to error
If i enable the debug, the rilevant parts are:
4604.960233682:7fb0777fe700: omfile: start of data: 'Mar 7 16:30:04
LogServer rsyslogd-2078: netstream session 0x7fb070004d80 will be closed
due to error [try http://www.rsyslog.c'
For the certificate creation, i have used this guide:
http://www.rsyslog.com/doc/v7-stable/tutorials/tls_cert_ca.html
If i put the authentication of the tls to "anon", it works correctly
($ActionSendStreamDriverAuthMode anon).
Any idea of how to debug this ?
Cheers,
Claudio.
More information about the ubuntu-users
mailing list