Hi,
I am trying to enable TLS authentication between source and
destination in rsyslog. The TLS authentication is established and
working. However I am getting an error when I run `rsyslogd -N1`.
The configuration files are:
# cat /etc/rsyslog.d/tls.conf
global(
DefaultNetstreamDriver="gtls"
DefaultNetstreamDriverCAFile="/etc/ssl/certs/ca.pem"
DefaultNetstreamDriverCertFile="/etc/ssl/certs/mycert.pem"
DefaultNetstreamDriverKeyFile="/etc/ssl/certs/mykey.pem"
)
# cat /etc/rsyslog.d/ise.conf
input(type="imtcp" port="6515" ruleset="ise_logs")
template(name="ise_logs"
string="/opt/data/syslog/ise/%HOSTNAME%/ise_%$YEAR%-%$MONTH%-%$DAY%-%$HOUR%.log"
type="string")
ruleset(name="ise_logs") {
action(
queue.type="fixedArray"
queue.size="250000"
queue.dequeueBatchSize="4096"
queue.workerThreads="4"
queue.workerThreadMinimumMessages="60000"
type="omfile"
Dynafile="ise_logs"
dirCreateMode="0755"
fileCreateMode="0640"
dirGroup="splunk"
dirOwner="splunk"
fileGroup="splunk"
fileOwner="splunk"
StreamDriver="gtls"
StreamDriverMode="1"
StreamDriverAuthMode="x509/name"
StreamDriverPermittedPeers="*.orgname.com")
}
The error appears in line 22, 23, 24 and 25 of the ise.conf file:
# rsyslogd -N1
rsyslogd: version 8.24.0-52.el7, config validation run (level 1),
master config /etc/rsyslog.conf
rsyslogd: error during parsing file /etc/rsyslog.d/ise.conf, on or
before line 25: parameter 'StreamDriverPermittedPeers' not known --
typo in config file? [v8.24.0-52.el7 try http://www.rsyslog.com/e/2207
]
rsyslogd: error during parsing file /etc/rsyslog.d/ise.conf, on or
before line 25: parameter 'StreamDriverAuthMode' not known -- typo in
config file? [v8.24.0-52.el7 try http://www.rsyslog.com/e/2207 ]
rsyslogd: error during parsing file /etc/rsyslog.d/ise.conf, on or
before line 25: parameter 'StreamDriverMode' not known -- typo in
config file? [v8.24.0-52.el7 try http://www.rsyslog.com/e/2207 ]
rsyslogd: error during parsing file /etc/rsyslog.d/ise.conf, on or
before line 25: parameter 'StreamDriver' not known -- typo in config
file? [v8.24.0-52.el7 try http://www.rsyslog.com/e/2207 ]
What am I missing here? I confirmed that the parameter names are
correct (as per documentation of v8).
Thanks,
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
I am trying to enable TLS authentication between source and
destination in rsyslog. The TLS authentication is established and
working. However I am getting an error when I run `rsyslogd -N1`.
The configuration files are:
# cat /etc/rsyslog.d/tls.conf
global(
DefaultNetstreamDriver="gtls"
DefaultNetstreamDriverCAFile="/etc/ssl/certs/ca.pem"
DefaultNetstreamDriverCertFile="/etc/ssl/certs/mycert.pem"
DefaultNetstreamDriverKeyFile="/etc/ssl/certs/mykey.pem"
)
# cat /etc/rsyslog.d/ise.conf
input(type="imtcp" port="6515" ruleset="ise_logs")
template(name="ise_logs"
string="/opt/data/syslog/ise/%HOSTNAME%/ise_%$YEAR%-%$MONTH%-%$DAY%-%$HOUR%.log"
type="string")
ruleset(name="ise_logs") {
action(
queue.type="fixedArray"
queue.size="250000"
queue.dequeueBatchSize="4096"
queue.workerThreads="4"
queue.workerThreadMinimumMessages="60000"
type="omfile"
Dynafile="ise_logs"
dirCreateMode="0755"
fileCreateMode="0640"
dirGroup="splunk"
dirOwner="splunk"
fileGroup="splunk"
fileOwner="splunk"
StreamDriver="gtls"
StreamDriverMode="1"
StreamDriverAuthMode="x509/name"
StreamDriverPermittedPeers="*.orgname.com")
}
The error appears in line 22, 23, 24 and 25 of the ise.conf file:
# rsyslogd -N1
rsyslogd: version 8.24.0-52.el7, config validation run (level 1),
master config /etc/rsyslog.conf
rsyslogd: error during parsing file /etc/rsyslog.d/ise.conf, on or
before line 25: parameter 'StreamDriverPermittedPeers' not known --
typo in config file? [v8.24.0-52.el7 try http://www.rsyslog.com/e/2207
]
rsyslogd: error during parsing file /etc/rsyslog.d/ise.conf, on or
before line 25: parameter 'StreamDriverAuthMode' not known -- typo in
config file? [v8.24.0-52.el7 try http://www.rsyslog.com/e/2207 ]
rsyslogd: error during parsing file /etc/rsyslog.d/ise.conf, on or
before line 25: parameter 'StreamDriverMode' not known -- typo in
config file? [v8.24.0-52.el7 try http://www.rsyslog.com/e/2207 ]
rsyslogd: error during parsing file /etc/rsyslog.d/ise.conf, on or
before line 25: parameter 'StreamDriver' not known -- typo in config
file? [v8.24.0-52.el7 try http://www.rsyslog.com/e/2207 ]
What am I missing here? I confirmed that the parameter names are
correct (as per documentation of v8).
Thanks,
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.