[rsyslog-notify] Forum Thread: Re: TLS (SSL) Encryption in rsyslogd 7.4.9 - (Mode 'reply')

noreply at adiscon.com noreply at adiscon.com
Wed Jan 29 20:27:14 CET 2014 

User: ktreese 
Forumlink: http://kb.monitorware.com/viewtopic.php?p=24150#p24150

Message: 
----------
I have figured this out:

First, when generating a machine cert for the client, I used a wildcard:

~# certtool --generate-certificate --load-request request.pem etc etc
...
Extensions.
...
...
Enter a dnsName of the subject of the certificate: *.mydomain.com
...

One the certs were created for the collector (rsyslog server) and the
clients (rsyslog clients), I updated the conf as follows:

------------------------------------
Server Config
------------------------------------
# make gtls driver the default
$DefaultNetstreamDriver gtls

# certificate files
$DefaultNetstreamDriverCAFile /etc/pki/tls/private/ca-cert.pem
$DefaultNetstreamDriverCertFile /etc/pki/tls/private/collector-cert.pem
$DefaultNetstreamDriverKeyFile /etc/pki/tls/private/collector-key.pem

# Provides TCP syslog reception
# for parameters see <!-- m --><a class="postlink"
href="http://www.rsyslog.com/doc/imtcp.html">http://www.rsyslog.com/doc/imtcp.html</a><!--
m -->
module(load="imtcp"
       streamdriver.mode="1"
       streamdriver.authmode="x509/name"
       PermittedPeer="*.mydomain.com")
input(type="imtcp" port="514" name="tcp-tls")



----------------------
CLIENT CONFIG
----------------------
# make gtls driver the default
$DefaultNetstreamDriver gtls

# certificate files
$DefaultNetstreamDriverCAFile /etc/pki/tls/private/ca-cert.pem
$DefaultNetstreamDriverCertFile /etc/pki/tls/private/mydomain-cert.pem
$DefaultNetstreamDriverKeyFile /etc/pki/tls/private/mydomain-key.pem

#### GLOBAL DIRECTIVES ####

# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$ActionSendStreamDriverAuthMode x509/name
$ActionSendStreamDriverPermittedPeer collector.mydomain.com
$ActionSendStreamDriverMode 1 # run driver in TLS-only mode

...
...

# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

:msg, contains, "Failed password"
authpriv.*                                              @@<collector ip
address>:514


----
I hope this helps someone.

Kristian Reese
[url:1xu55cj3]http://kristianreese.com[/url:1xu55cj3]

More information about the rsyslog-notify mailing list