Problem with Ubuntu 14.04 rsyslog TLS

Claudio ML claudioml at mediaservice.net
Mon Mar 7 15:44:53 UTC 2016


Sorry, missing versions. Added now.
Il 07/03/16 16:40, Claudio ML ha scritto:
> Hi all,
>
> I am pretty lost with rsyslog with tcp reciever with TLS. My software
> versions are:
rsyslogd -v
rsyslogd 7.4.4, compiled with:
    FEATURE_REGEXP:                Yes
    FEATURE_LARGEFILE:            No
    GSSAPI Kerberos 5 support:        Yes
    FEATURE_DEBUG (debug build, slow code):    No
    32bit Atomic operations supported:    Yes
    64bit Atomic operations supported:    Yes
    Runtime Instrumentation (slow code):    No
    uuid support:                Yes

gnutls-cli -v
gnutls-cli (GnuTLS) 2.12.23
Packaged by Debian (2.12.23-12ubuntu2.5)
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Written by Nikos Mavrogiannopoulos.


> $DefaultNetstreamDriver gtls
> $DefaultNetstreamDriverCAFile /etc/rsyslog.d/ca-cert.pem
> $DefaultNetstreamDriverCertFile /etc/rsyslog.d/server-cert.pem
> $DefaultNetstreamDriverKeyFile /etc/rsyslog.d/server-key.pem
> #$ModLoad imtcp
> $InputTCPMaxSessions 1000
> $InputTCPServerStreamDriverMode 1
> $InputTCPServerStreamDriverAuthMode x509/name
> $InputTCPServerStreamDriverPermittedPeer host.host.com
>
> Into the client side i have generated the certificates from the same CA,
> and configured it like this:
> DefaultNetstreamDriverCAFile /etc/rsyslog/ca-key.pem
> $DefaultNetstreamDriverCertFile /etc/rsyslog/host-cert.pem
> $DefaultNetstreamDriverKeyFile /etc/rsyslog/host-key.pem
> $ActionSendStreamDriver gtls # use gtls netstream driver
> $ActionSendStreamDriverMode 1 # require TLS
> $ActionSendStreamDriverAuthMode x509/name
> #$ActionSendStreamDriverPermittedPeer server.host.host
>
> The error i have is the following:
>
> LogServer rsyslogd-2078: netstream session 0x7fb070004d80 will be closed
> due to error
>
> If i enable the debug, the rilevant parts are:
>
> 4604.960233682:7fb0777fe700: omfile: start of data: 'Mar  7 16:30:04
> LogServer rsyslogd-2078: netstream session 0x7fb070004d80 will be closed
> due to error [try http://www.rsyslog.c'
>
> For the certificate creation, i have used this guide:
>
> http://www.rsyslog.com/doc/v7-stable/tutorials/tls_cert_ca.html
>
> If i put the authentication of the tls to "anon", it works correctly
> ($ActionSendStreamDriverAuthMode anon).
>
> Any idea of how to debug this ?
>
> Cheers,
> Claudio.
>
>
>
>
>
>
>




More information about the ubuntu-users mailing list