Hello,
I have a question to ask:
I have an rsyslog server that will have to be both a receiver and a transmitter.
At the moment my rsyslog send sends the system logs in TLS via the certificate (A) to an rsyslog receiver (A) in TCP.
In the future he will have to receive other logs from a client (B) and keep them in local files (all via TLS with another certificate (B))
Furthermore, the logs received from the client (B) must be sent to another client (C) via the certificate (B)
I try to make a pattern ????
my_RSYSLOG with certificate (A) [send ->] other rsyslog via certificate (A)
Client with certificate (B) [send ->] my_RSYSLOG with Certificate (B)
my_RSYSLOG with certificate (B) [send ->] other rsyslog client (C) via certificate (B)
What is the correct configuration to manage different certificates for log entry and exit?
It is correct the following configuration?
ACTUAL RSYSLOG.CONF:
$ InputTCPServerStreamDriverMode 1
$ InputTCPServerStreamDriverAuthMode anon
$ DefaultNetstreamDriver gtls
# certificate files
$ DefaultNetstreamDriverCAFile /etc/rsyslog-ssl/CAcertificate(A).pem
$ DefaultNetstreamDriverCertFile /etc/rsyslog-ssl/certificate(A).pem
$ DefaultNetstreamDriverKeyFile /etc/rsyslog-ssl/key(A).pem
auth, authpriv. * @@ rsyslog_receiver (A): 1234
=======================================
Hypothesis: (/etc/rsyslog.d/file_receive_and_forward.conf)
$ RemoteTCP2001 template, “/ path / to / log / aaaaaa.log”
$ RuleSet RemoteTCP2001
*. * -? RemoteTCP2001
$ InputTCPServerBindRuleset RemoteTCP2001
$ InputTCPServerRun 2001
/path/to/log/aaaaaa.log action (
type = “omfwd”
queue.type = “LinkedList”
action.resumeRetryCount = “- 1”
queue.saveOnShutdown = “on”
queue.filename = “rsyslog_backup”
queue.size = “10000000”
queue.dequeueSlowDown = “1000”
target = “CLIENT (C)”
port = “3001”
protocol = “tcp”
StreamDriver = “GTLS”
StreamDriverMode = “1”
StreamDriverAuthMode = “x509 / name”
StreamDriverPermittedPeers = “*”
tls.cacert = “/ etc / rsyslog-ssl / caCertificate (B) .pem”
tls.mycert = “/ etc / rsyslog-ssl / certificate (B) .pem”
tls.myprivkey = “/ etc / rsyslog-ssl / key (B) .pem”
)
… and so on for the other logs …
=======================================
Would such a configuration be correct to send some logs from my rsyslog to the client (C) through the certificate (B)?
Thanks in advance for your reply!
Marco
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
I have a question to ask:
I have an rsyslog server that will have to be both a receiver and a transmitter.
At the moment my rsyslog send sends the system logs in TLS via the certificate (A) to an rsyslog receiver (A) in TCP.
In the future he will have to receive other logs from a client (B) and keep them in local files (all via TLS with another certificate (B))
Furthermore, the logs received from the client (B) must be sent to another client (C) via the certificate (B)
I try to make a pattern ????
my_RSYSLOG with certificate (A) [send ->] other rsyslog via certificate (A)
Client with certificate (B) [send ->] my_RSYSLOG with Certificate (B)
my_RSYSLOG with certificate (B) [send ->] other rsyslog client (C) via certificate (B)
What is the correct configuration to manage different certificates for log entry and exit?
It is correct the following configuration?
ACTUAL RSYSLOG.CONF:
$ InputTCPServerStreamDriverMode 1
$ InputTCPServerStreamDriverAuthMode anon
$ DefaultNetstreamDriver gtls
# certificate files
$ DefaultNetstreamDriverCAFile /etc/rsyslog-ssl/CAcertificate(A).pem
$ DefaultNetstreamDriverCertFile /etc/rsyslog-ssl/certificate(A).pem
$ DefaultNetstreamDriverKeyFile /etc/rsyslog-ssl/key(A).pem
auth, authpriv. * @@ rsyslog_receiver (A): 1234
=======================================
Hypothesis: (/etc/rsyslog.d/file_receive_and_forward.conf)
$ RemoteTCP2001 template, “/ path / to / log / aaaaaa.log”
$ RuleSet RemoteTCP2001
*. * -? RemoteTCP2001
$ InputTCPServerBindRuleset RemoteTCP2001
$ InputTCPServerRun 2001
/path/to/log/aaaaaa.log action (
type = “omfwd”
queue.type = “LinkedList”
action.resumeRetryCount = “- 1”
queue.saveOnShutdown = “on”
queue.filename = “rsyslog_backup”
queue.size = “10000000”
queue.dequeueSlowDown = “1000”
target = “CLIENT (C)”
port = “3001”
protocol = “tcp”
StreamDriver = “GTLS”
StreamDriverMode = “1”
StreamDriverAuthMode = “x509 / name”
StreamDriverPermittedPeers = “*”
tls.cacert = “/ etc / rsyslog-ssl / caCertificate (B) .pem”
tls.mycert = “/ etc / rsyslog-ssl / certificate (B) .pem”
tls.myprivkey = “/ etc / rsyslog-ssl / key (B) .pem”
)
… and so on for the other logs …
=======================================
Would such a configuration be correct to send some logs from my rsyslog to the client (C) through the certificate (B)?
Thanks in advance for your reply!
Marco
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.