Mailing List Archive

pls post your config - this could be a bug inside rsyslog.

Rainer

El mar., 25 jun. 2019 a las 19:02, Li, Mike via rsyslog
(<rsyslog@lists.adiscon.com>) escribió:
>
> Hi
> Working with
> rsyslog-8.1905.0-2.el6.x86_64
> rsyslog-gnutls-8.1905.0-2.el6.x86_64
> rsyslog-openssl-8.1905.0-2.el6.x86_64
> But saw the following:
> Starting system logger: rsyslogd: Error: OpenSSL Version to old, SSL_CONF_cmd API is not supported. [v8.1905.0 try https://www.rsyslog.com/e/2095 ]
>
> /usr/bin/openssl version
> OpenSSL 1.0.2k-fips 26 Jan 2017
>
> What is the recommended version of Openssl ?
> Thanks.
>
> Best Regards,
> Mike Li
>
> Confidentiality Notice:: This email, including attachments, may include non-public, proprietary, confidential or legally privileged information. If you are not an intended recipient or an authorized agent of an intended recipient, you are hereby notified that any dissemination, distribution or copying of the information contained in or transmitted with this e-mail is unauthorized and strictly prohibited. If you have received this email in error, please notify the sender by replying to this message and permanently delete this e-mail, its attachments, and any copies of it immediately. You should not retain, copy or use this e-mail or any attachment for any purpose, nor disclose all or any part of the contents to any other person. Thank you.
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.

Hi Rainer,

I'm debating whether to use ossl(was told to be more stable, but has the rsyslogd: Error: OpenSSL Version to old, SSL_CONF_cmd API is not supported issue) or otls (was told to be less stable?)
Please advise.
Thanks.
Mike
----
grep -v ^# /etc/rsyslog.conf

module(load="imuxsock") # provides support for local system logging (e.g. via logger command)
module(load="imklog") # provides kernel logging support (previously done by rklogd)

module(load="imudp" SchedulingPolicy="fifo" SchedulingPriority="5" threads="2" timeRequery="8" batchSize="128")
input(type="imudp" port="514")

module(load="imptcp") # needs to be done just once
input(type="imptcp" port="514")

$MaxOpenFiles 102400

$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat



$template FinraFileFormat, "%$year% %timegenerated% %HOSTNAME% %msg%\n"
$template FinraXDPFileFormat, "%msg%\n"
$template PanFileFormat, "%HOSTNAME%\,%msg%\r\n"
$template VormetricFF, "%$year% %timegenerated% %HOSTNAME% %syslogtag% %structured-data%\n"


$IncludeConfig /etc/rsyslog.d/*.conf
$IncludeConfig /etc/rsyslog.d/SPLUNK/*.conf






global(
defaultNetstreamDriverCAFile="/opt/splunk/etc/apps/proofpoint/certs/cis-eng-ca.pem"
defaultNetstreamDriverCertFile="/opt/splunk/etc/apps/proofpoint/certs/logforwarder.snipped.pem"
defaultNetstreamDriverKeyFile="/opt/splunk/etc/apps/proofpoint/certs/logforwarder.snipped-key.pem"
)
module(
load="imtcp"
StreamDriver.Name="ossl"
StreamDriver.mode="1"
StreamDriver.AuthMode="anon"
)
input(type="imtcp" port="10514")




if $programname == 'puppet-agent' then -/var/log/all/puppet
if $programname == 'puppet-master' then -/var/log/all/puppet
if $programname == 'puppet-user' then -/var/log/all/puppet


*.info;mail.none;authpriv.none;cron.none /var/log/messages

authpriv.* /var/log/secure

mail.* /var/log/maillog


cron.* /var/log/cron

*.emerg :omusrmsg:*

uucp,news.crit /var/log/spooler

local7.* /var/log/boot.log


auth.debug -/var/log/all/auth.log
authpriv.debug -/var/log/all/authpriv.log
cron.debug -/var/log/all/cron.log
daemon.debug -/var/log/all/daemon.log
ftp.debug -/var/log/all/ftp.log
kern.debug -/var/log/all/kern.log
lpr.debug -/var/log/all/lpr.log
mail.debug -/var/log/all/mail.log
news.debug -/var/log/all/news.log
syslog.debug -/var/log/all/syslog.log
user.debug -/var/log/all/user.log
uucp.debug -/var/log/all/uucp.log
local0.debug -/var/log/all/local0.log
local1.debug -/var/log/all/local1.log
local2.debug -/var/log/all/local2.log
local3.debug -/var/log/all/local3.log
local4.debug -/var/log/all/local4.log
local5.debug -/var/log/all/local5.log
local6.debug -/var/log/all/local6.log
local7.debug -/var/log/all/local7.log

if $programname == 'snipped-drupal' then /var/log/drupal/drupal.log

template (name="Trend" type="string" string="/var/log/trend/trend_ds.log")
if ( $source == 'localhost' or $fromhost-ip == '127.0.0.1' ) and $syslogfacility-text == 'local5' then
{
action(type="omfile" dynaFile="Trend" template="RSYSLOG_TraditionalFileFormat")
stop
}

-----Original Message-----
From: Rainer Gerhards <rgerhards@hq.adiscon.com>
Sent: Wednesday, June 26, 2019 4:47 AM
To: rsyslog-users <rsyslog@lists.adiscon.com>
Cc: Li, Mike <Mike.Li@snipped>
Subject: Re: [rsyslog] openssl version for rsyslog-gnutls-8.1905 or rsyslog-openssl-8.1905

EXTERNAL: Verify sender before opening attachments or links.

pls post your config - this could be a bug inside rsyslog.

Rainer

El mar., 25 jun. 2019 a las 19:02, Li, Mike via rsyslog
(<rsyslog@lists.adiscon.com>) escribió:
>
> Hi
> Working with
> rsyslog-8.1905.0-2.el6.x86_64
> rsyslog-gnutls-8.1905.0-2.el6.x86_64
> rsyslog-openssl-8.1905.0-2.el6.x86_64
> But saw the following:
> Starting system logger: rsyslogd: Error: OpenSSL Version to old,
> SSL_CONF_cmd API is not supported. [v8.1905.0 try
> https://www.rsyslog.com/e/2095 ]
>
> /usr/bin/openssl version
> OpenSSL 1.0.2k-fips 26 Jan 2017
>
> What is the recommended version of Openssl ?
> Thanks.
>
> Best Regards,
> Mike Li
>
> Confidentiality Notice:: This email, including attachments, may include non-public, proprietary, confidential or legally privileged information. If you are not an intended recipient or an authorized agent of an intended recipient, you are hereby notified that any dissemination, distribution or copying of the information contained in or transmitted with this e-mail is unauthorized and strictly prohibited. If you have received this email in error, please notify the sender by replying to this message and permanently delete this e-mail, its attachments, and any copies of it immediately. You should not retain, copy or use this e-mail or any attachment for any purpose, nor disclose all or any part of the contents to any other person. Thank you.
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE
> WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.