Mailing List Archive

Encrypted receiver
I am having trouble getting an encrypted receiver to work. I can send to
a syslog-ng setup just fine, but I can't seem to get it to work with
rsyslogd. I can see the packets hitting my server, but nothing shows up
in the log. I probably have a simple error in the config file, but I
don't know what it is.

thx

Here is my client file:

$DefaultNetStreamDriverCAFile /etc/ca.pem

$DefaultNetStreamDriver gtls
$ActionSendStreamDriverMode 1
$ActionSendStreamDriverAuthMode anon

$ActionQueueDequeueBatchSize 256
$ActionQueueDequeueSlowdown 1000

$ActionSendTCPRebindInterval 5

$WorkDirectory /var/log

$ModLoad imuxsock
$SystemLogSocketName /var/log/log
$OptimizeForUniprocessor on

*.* @@syslogserver:110


Here is my receiver file:

$DefaultNetstreamDriverCAFile /export/tls/ca.pem
$DefaultNetstreamDriverCertFile /export/tls/cert.pem
$DefaultNetstreamDriverKeyFile /export/tls/key.pem

$DefaultNetstreamDriver gtls

$ModLoad imtcp
$ModLoad imuxsock
$ModLoad omprog

$PreserveFQDN on

$WorkDirectory /var/rsyslog
$ActionQueueType LinkedList
$ActionQueueFileName rsyslog-fwd
$ActionResumeRetryCount -1
$ActionQueueSaveOnShutdown on
$ActionQueueMaxDiskSpace 1000m

$SystemLogSocketName /var/rsyslog/log

$InputTCPServerStreamDriverMode 1
$InputTCPServerStreamDriverAuthMode anon
$InputTCPServerRun 111

$template Ooma,"%HOSTNAME% %$now% %TIMESTAMP% %msg%"
#$actionomprogbinary /mongodb/tools/syslog/myxlog-import.pl
$actionomprogbinary /tmp/test-import.pl

#*.* :omprog:
*.* /var/rsyslog/foo



_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
Re: Encrypted receiver [ In reply to ]
2012/2/11 Rory Toma <rory@ooma.com>

> I am having trouble getting an encrypted receiver to work. I can send to a
> syslog-ng setup just fine, but I can't seem to get it to work with
> rsyslogd. I can see the packets hitting my server, but nothing shows up in
> the log. I probably have a simple error in the config file, but I don't
> know what it is.
>
> thx
>
> Here is my client file:
>
> $DefaultNetStreamDriverCAFile /etc/ca.pem
>
> $DefaultNetStreamDriver gtls
> $ActionSendStreamDriverMode 1
> $**ActionSendStreamDriverAuthMode anon
>
> $ActionQueueDequeueBatchSize 256
> $ActionQueueDequeueSlowdown 1000
>
> $ActionSendTCPRebindInterval 5
>
> $WorkDirectory /var/log
>
> $ModLoad imuxsock
> $SystemLogSocketName /var/log/log
> $OptimizeForUniprocessor on
>
> *.* @@syslogserver:110
>
>
> Here is my receiver file:
>
> $DefaultNetstreamDriverCAFile /export/tls/ca.pem
> $**DefaultNetstreamDriverCertFile /export/tls/cert.pem
> $DefaultNetstreamDriverKeyFile /export/tls/key.pem
>
> $DefaultNetstreamDriver gtls
>
> $ModLoad imtcp
> $ModLoad imuxsock
> $ModLoad omprog
>
> $PreserveFQDN on
>
> $WorkDirectory /var/rsyslog
> $ActionQueueType LinkedList
> $ActionQueueFileName rsyslog-fwd
> $ActionResumeRetryCount -1
> $ActionQueueSaveOnShutdown on
> $ActionQueueMaxDiskSpace 1000m
>
> $SystemLogSocketName /var/rsyslog/log
>
> $**InputTCPServerStreamDriverMode 1
> $**InputTCPServerStreamDriverAuth**Mode anon
> $InputTCPServerRun 111
>
> $template Ooma,"%HOSTNAME% %$now% %TIMESTAMP% %msg%"
> #$actionomprogbinary /mongodb/tools/syslog/myxlog-**import.pl<http://myxlog-import.pl>
> $actionomprogbinary /tmp/test-import.pl
>
> #*.* :omprog:
> *.* /var/rsyslog/foo
>
> Hi Rory,

Is it because you are sending to port 110 on the server:

*.* @@syslogserver:110

But listening on 111?

$InputTCPServerRun 111

Best regards,
Radu
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/