[rsyslog-notify] Forum Thread: TLS (SSL) Encryption in rsyslogd 7.4.9 - (Mode 'post')

noreply at adiscon.com noreply at adiscon.com
Wed Jan 29 00:00:25 CET 2014 

User: ktreese 
Forumlink: http://kb.monitorware.com/viewtopic.php?p=24144#p24144

Message: 
----------
I'm writing to inquire about configuring TLS (SSL) Encryption in the latest
stable release 7.4.9.  I've gone in circles trying to follow the docs from
rsyslog.com, partly because there seems to be many different write ups on
the topic adding to the confusion I've succumbed to.

I've successfully setup a client / server relationship, but now I'm
interested in encrypting the traffic.  While trying to follow:
<!-- m --><a class="postlink"
href="http://www.rsyslog.com/doc/tls_cert_machine.html">http://www.rsyslog.com/doc/tls_cert_machine.html</a><!--
m -->
<!-- m --><a class="postlink"
href="http://www.rsyslog.com/doc/rsyslog_tls.html">http://www.rsyslog.com/doc/rsyslog_tls.html</a><!--
m -->

I'm seeing the following in my log file:
Jan 28 11:14:53 repo rsyslogd-2222: command
'InputTCPServerStreamDriverAuthMode' is currently not permitted - did you
already set it via a RainerScript command (v6+ config)? [try
rsyslog.com/e/2222 ]
Jan 28 11:14:53 repo rsyslogd-2222: command
'InputTCPServerStreamDriverPermittedPeer' is currently not permitted - did
you already set it via a RainerScript command (v6+ config)? [try
rsyslog.com/e/2222 ]
Jan 28 11:14:53 repo rsyslogd-2222: command
'InputTCPServerStreamDriverMode' is currently not permitted - did you
already set it via a RainerScript command (v6+ config)? [try
rsyslog.com/e/2222 ]

The link to rsyslog.com/e/2222 identifies the issue as using obsoleted
legacy parameters in this release, but the rsyslog.com/doc/modules.html
page quite explicitly says not to use it, again adding to the confusion of
where I begin to setup TLS.

My goal is to setup
**[b:3gbdhfzc][u:3gbdhfzc]one[/u:3gbdhfzc][/b:3gbdhfzc]** client
certificate for a handful of client machines that are part of a subdomain:
server1.mysubdomain.com
server2.mysubdomain.com
server3.mysubdomain.com

I'd like this **[b:3gbdhfzc][u:3gbdhfzc]one[/u:3gbdhfzc][/b:3gbdhfzc]**
client certificate to be used on all 3 client hosts to simplify my
configuration so that future deployments of servers to this subdomain can
be autoconfigured to use rsyslog.

I then, of course, have a centralized logging server that needs (from what
I'm reading) its own certificate.

Does anyone have any insight or documentation that can help me achieve this
goal?  I've become lost in the overwhelming amount of documentation that
lends itself to legacy and cannot seem to find updated material for the
latest stable release.

Thank you.

More information about the rsyslog-notify mailing list