Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

rsyslog logging to multiple servers with different TLS configurations

Tags:

rsyslog

Is it possible to have rsyslog log to multiple servers with different TLS configurations? We're currently logging to a local syslog server using the following:

$DefaultNetstreamDriver gtls
$DefaultNetstreamDriverCAFile /etc/pki/rsyslog/ca.pem
$DefaultNetstreamDriverCertFile /etc/pki/rsyslog/local-cert.pem
$DefaultNetstreamDriverKeyFile /etc/pki/rsyslog/local-key.pem
$ActionSendStreamDriverAuthMode anon
$ActionSendStreamDriverMode 1

*.* @@10.50.59.241:6514

We're now in the process of setting up logging to a third party and want to use TLS there as well. They state that we should set up rsyslog like this:

$DefaultNetstreamDriverCAFile /path/to/their/ca.crt
$ActionSendStreamDriver gtls
$ActionSendStreamDriverMode 1
$ActionSendStreamDriverAuthMode x509/name
$ActionSendStreamDriverPermittedPeer *.theirhost.theirdomain

*.* @@theirhost.theirdomain:6514

I figure that I can simply combine the CA's into a single file and set DefaultNetstreamDriverCAFile to that. But if I simply add the remaining second set of options to the bottom of my rsyslog.conf then the permitted peer causes a conflict with the first host. So is there any way to configure rsyslog (we're currently using 7.4.8) to use vastly different TLS setups to two different targets?

like image 724
Bruce P Avatar asked Mar 21 '23 10:03

Bruce P

1 Answers

Well after a bunch of head-banging I figured this out on my own. First off, there's a bug in some versions of rsyslog that will prevent this from working (you'll never see a connection established to one or more of the target servers) so make sure you're using version 7.6 or later of rsyslog.

Make sure your CA file has any CA's needed for all targets listed in it. Order isn't important. Then your conf file should look something like this:

$DefaultNetstreamDriverCAFile /etc/pki/rsyslog/ca.pem

*.* action(type="omfwd"
           protocol="tcp"
           Target="10.50.59.241"
           Port="6514"
           StreamDriverMode="1"
           StreamDriver="gtls"
           StreamDriverAuthMode="anon"
           )

*.* action(type="omfwd"
           Protocol="tcp"
           Target="some.other.host.com"
           Port="6514"
           StreamDriverMode="1"
           StreamDriver="gtls"
           StreamDriverAuthMode="x509/name"
           StreamDriverPermittedPeers="*.some.other.host.com"
           )
like image 182
Bruce P Avatar answered Apr 07 '23 14:04

Bruce P
Sign in to Comment

Related questions

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!