secure rsyslog using tls

zippy-flop

8/11/23, 12:29 PM

I followed along several methods, for using TLS with rsyslog. I end up with a anon error message among others. Is TLS with rsyslog possible on a Rocky Linux 8.5 latest kernel?

Last method used: https://www.rsyslog.com/doc/master/tutorials/tls.html

Server Conf:

# make gtls driver the default and set certificate files
global(
DefaultNetstreamDriver="gtls"
DefaultNetstreamDriverCAFile="/path/to/contrib/gnutls/ca.pem"
DefaultNetstreamDriverCertFile="/path/to/contrib/gnutls/cert.pem"
DefaultNetstreamDriverKeyFile="/path/to/contrib/gnutls/key.pem"
)

# load TCP listener
module(
load="imtcp"
StreamDriver.Name="gtls"
StreamDriver.Mode="1"
StreamDriver.Authmode="anon"
)

# start up listener at port 6514
input(
type="imtcp"
port="6514"
)

And the client Conf:

# certificate files - just CA for a client
global(DefaultNetstreamDriverCAFile="/path/to/contrib/gnutls/ca.pem")

# set up the action for all messages
action(type="omfwd" protocol="tcp" port="6514"
       StreamDriver="gtls" StreamDriverMode="1" StreamDriverAuthMode="anon")

TCP port 6514 is open, the pem files are owned by root on server and client.

Still gettin "anon" error messages.

0 + 0

ssl

rsyslog

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: secure rsyslog using tls

TH: rsyslog ปลอดภัยโดยใช้ tls

RO: rsyslog securizat folosind tls

RU: безопасный rsyslog с помощью tls

VI: bảo mật rsyslog bằng tls

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.