[rsyslog] rsyslog RELP and TLS - creating the certificates

Discussion:

sophie.loewenthal--- via rsyslog

2018-12-05 11:52:08 UTC

Hi,

One and off for a few months I've been trying toget TLS working with RELP. I've set up so many certificates for client and servers, and never managed to them to talk. Frankly, with all the hundreds of options in openssl/certtool and that the default values and order of questions that change depending on the version and O/S used, it's bound to god wrong. For example: this guide from 2013 doesn't work https://www.rsyslog.com/using-tls-with-relp

I know that lots of people setting TLS up in rsyslog will be creating certificates daily, and they know OpenSSL pretty well , but I do not: I create a certificate once every six months, if this.

Are there any recent guides to setting this up? Particularly for the part for creating CA/server/client certificates.

The actual omrelp/imrelp part is quite straight forward.

Best wishes,
Sophie

This message and any attachments (the "message") is
intended solely for the intended addressees and is confidential.
If you receive this message in error,or are not the intended recipient(s),
please delete it and any copies from your systems and immediately notify
the sender. Any unauthorized view, use that does not comply with its purpose,
dissemination or disclosure, either whole or partial, is prohibited. Since the internet
cannot guarantee the integrity of this message which may not be reliable, BNP PARIBAS
(and its subsidiaries) shall not be liable for the message if modified, changed or falsified.
Do not print this message unless it is necessary, consider the environment.

----------------------------------------------------------------------------------------------------------------------------------

Ce message et toutes les pieces jointes (ci-apres le "message")
sont etablis a l'intention exclusive de ses destinataires et sont confidentiels.
Si vous recevez ce message par erreur ou s'il ne vous est pas destine,
merci de le detruire ainsi que toute copie de votre systeme et d'en avertir
immediatement l'expediteur. Toute lecture non autorisee, toute utilisation de
ce message qui n'est pas conforme a sa destination, toute diffusion ou toute
publication, totale ou partielle, est interdite. L'Internet ne permettant pas d'assurer
l'integrite de ce message electronique susceptible d'alteration, BNP Paribas
(et ses filiales) decline(nt) toute responsabilite au titre de ce message dans l'hypothese
ou il aurait ete modifie, deforme ou falsifie.
N'imprimez ce message que si necessaire, pensez a l'environnement.

_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.

Flo Rance via rsyslog

2018-12-05 15:05:37 UTC

Permalink

Hi,

What's wrong with this guide https://www.rsyslog.com/using-tls-with-relp/ ?

The commands used in it still apply nowadays.

Regards,
Flo

On Wed, Dec 5, 2018 at 12:52 PM sophie.loewenthal--- via rsyslog <

Post by sophie.loewenthal--- via rsyslog
Hi,
One and off for a few months I've been trying toget TLS working with RELP.
I've set up so many certificates for client and servers, and never managed
to them to talk. Frankly, with all the hundreds of options in
openssl/certtool and that the default values and order of questions that
change depending on the version and O/S used, it's bound to god wrong. For
example: this guide from 2013 doesn't work
https://www.rsyslog.com/using-tls-with-relp
I know that lots of people setting TLS up in rsyslog will be creating
certificates daily, and they know OpenSSL pretty well , but I do not: I
create a certificate once every six months, if this.
Are there any recent guides to setting this up? Particularly for the part
for creating CA/server/client certificates.
The actual omrelp/imrelp part is quite straight forward.
Best wishes,
Sophie
This message and any attachments (the "message") is
intended solely for the intended addressees and is confidential.
If you receive this message in error,or are not the intended recipient(s),
please delete it and any copies from your systems and immediately notify
the sender. Any unauthorized view, use that does not comply with its purpose,
dissemination or disclosure, either whole or partial, is prohibited. Since the internet
cannot guarantee the integrity of this message which may not be reliable, BNP PARIBAS
(and its subsidiaries) shall not be liable for the message if modified,
changed or falsified.
Do not print this message unless it is necessary, consider the environment.
----------------------------------------------------------------------------------------------------------------------------------
Ce message et toutes les pieces jointes (ci-apres le "message")
sont etablis a l'intention exclusive de ses destinataires et sont confidentiels.
Si vous recevez ce message par erreur ou s'il ne vous est pas destine,
merci de le detruire ainsi que toute copie de votre systeme et d'en avertir
immediatement l'expediteur. Toute lecture non autorisee, toute utilisation de
ce message qui n'est pas conforme a sa destination, toute diffusion ou toute
publication, totale ou partielle, est interdite. L'Internet ne permettant pas d'assurer
l'integrite de ce message electronique susceptible d'alteration, BNP Paribas
(et ses filiales) decline(nt) toute responsabilite au titre de ce message dans l'hypothese
ou il aurait ete modifie, deforme ou falsifie.
N'imprimez ce message que si necessaire, pensez a l'environnement.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.

_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.

sophie.loewenthal--- via rsyslog

2018-12-05 15:32:44 UTC

Permalink

Hi Flo,
I tried a few times from scratch and could not get it to work. The certtool output is different along with the defaults.

From: Flo Rance [mailto:***@gmail.com]
Sent: Wednesday, December 05, 2018 4:06 PM
To: rsyslog-users
Cc: LOEWENTHAL Sophie
Subject: Re: [rsyslog] rsyslog RELP and TLS - creating the certificates

Hi,

What's wrong with this guide https://www.rsyslog.com/using-tls-with-relp/ ?

The commands used in it still apply nowadays.

Regards,
Flo

On Wed, Dec 5, 2018 at 12:52 PM sophie.loewenthal--- via rsyslog <***@lists.adiscon.com<mailto:***@lists.adiscon.com>> wrote:
Hi,

One and off for a few months I've been trying toget TLS working with RELP. I've set up so many certificates for client and servers, and never managed to them to talk. Frankly, with all the hundreds of options in openssl/certtool and that the default values and order of questions that change depending on the version and O/S used, it's bound to god wrong. For example: this guide from 2013 doesn't work https://www.rsyslog.com/using-tls-with-relp

I know that lots of people setting TLS up in rsyslog will be creating certificates daily, and they know OpenSSL pretty well , but I do not: I create a certificate once every six months, if this.

Are there any recent guides to setting this up? Particularly for the part for creating CA/server/client certificates.

The actual omrelp/imrelp part is quite straight forward.

Best wishes,
Sophie

This message and any attachments (the "message") is
intended solely for the intended addressees and is confidential.
If you receive this message in error,or are not the intended recipient(s),
please delete it and any copies from your systems and immediately notify
the sender. Any unauthorized view, use that does not comply with its purpose,
dissemination or disclosure, either whole or partial, is prohibited. Since the internet
cannot guarantee the integrity of this message which may not be reliable, BNP PARIBAS
(and its subsidiaries) shall not be liable for the message if modified, changed or falsified.
Do not print this message unless it is necessary, consider the environment.

----------------------------------------------------------------------------------------------------------------------------------

Ce message et toutes les pieces jointes (ci-apres le "message")
sont etablis a l'intention exclusive de ses destinataires et sont confidentiels.
Si vous recevez ce message par erreur ou s'il ne vous est pas destine,
merci de le detruire ainsi que toute copie de votre systeme et d'en avertir
immediatement l'expediteur. Toute lecture non autorisee, toute utilisation de
ce message qui n'est pas conforme a sa destination, toute diffusion ou toute
publication, totale ou partielle, est interdite. L'Internet ne permettant pas d'assurer
l'integrite de ce message electronique susceptible d'alteration, BNP Paribas
(et ses filiales) decline(nt) toute responsabilite au titre de ce message dans l'hypothese
ou il aurait ete modifie, deforme ou falsifie.
N'imprimez ce message que si necessaire, pensez a l'environnement.

_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.

Derek DiFilippo via rsyslog

2018-12-05 15:59:32 UTC

Permalink

I wonder if something has changed/broken with TLS for rsyslog as well.

About a year ago I created a streamlined version of the rsyslog TLS
certificate creation process for our internal use here. It worked for me
as well as for others at our company.

However, recently I needed to create some new TLS certificates and could
not get them to work. I ran through the rsyslog documentation
left/right/up/down and nothing would connect with the more recently created
certificates. There were some subtle differences between the new process
and what I had previously captured in my streamlined document.

Is it possible that something has changed/broken with either TLS support or
that the documentation needs updating? If that's a possibility I can try to
help here by sharing my previously working procedure.

Thanks all,
-Derek.

On Wed, Dec 5, 2018, 07:32 sophie.loewenthal--- via rsyslog <

Post by sophie.loewenthal--- via rsyslog
Hi Flo,
I tried a few times from scratch and could not get it to work. The
certtool output is different along with the defaults.
Sent: Wednesday, December 05, 2018 4:06 PM
To: rsyslog-users
Cc: LOEWENTHAL Sophie
Subject: Re: [rsyslog] rsyslog RELP and TLS - creating the certificates
Hi,
What's wrong with this guide https://www.rsyslog.com/using-tls-with-relp/ ?
The commands used in it still apply nowadays.
Regards,
Flo
On Wed, Dec 5, 2018 at 12:52 PM sophie.loewenthal--- via rsyslog <
Hi,
One and off for a few months I've been trying toget TLS working with RELP.
I've set up so many certificates for client and servers, and never managed
to them to talk. Frankly, with all the hundreds of options in
openssl/certtool and that the default values and order of questions that
change depending on the version and O/S used, it's bound to god wrong. For
example: this guide from 2013 doesn't work
https://www.rsyslog.com/using-tls-with-relp
I know that lots of people setting TLS up in rsyslog will be creating
certificates daily, and they know OpenSSL pretty well , but I do not: I
create a certificate once every six months, if this.
Are there any recent guides to setting this up? Particularly for the part
for creating CA/server/client certificates.
The actual omrelp/imrelp part is quite straight forward.
Best wishes,
Sophie
This message and any attachments (the "message") is
intended solely for the intended addressees and is confidential.
If you receive this message in error,or are not the intended recipient(s),
please delete it and any copies from your systems and immediately notify
the sender. Any unauthorized view, use that does not comply with its purpose,
dissemination or disclosure, either whole or partial, is prohibited. Since the internet
cannot guarantee the integrity of this message which may not be reliable, BNP PARIBAS
(and its subsidiaries) shall not be liable for the message if modified,
changed or falsified.
Do not print this message unless it is necessary, consider the environment.
----------------------------------------------------------------------------------------------------------------------------------
Ce message et toutes les pieces jointes (ci-apres le "message")
sont etablis a l'intention exclusive de ses destinataires et sont confidentiels.
Si vous recevez ce message par erreur ou s'il ne vous est pas destine,
merci de le detruire ainsi que toute copie de votre systeme et d'en avertir
immediatement l'expediteur. Toute lecture non autorisee, toute utilisation de
ce message qui n'est pas conforme a sa destination, toute diffusion ou toute
publication, totale ou partielle, est interdite. L'Internet ne permettant pas d'assurer
l'integrite de ce message electronique susceptible d'alteration, BNP Paribas
(et ses filiales) decline(nt) toute responsabilite au titre de ce message dans l'hypothese
ou il aurait ete modifie, deforme ou falsifie.
N'imprimez ce message que si necessaire, pensez a l'environnement.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.

Flo Rance via rsyslog

2018-12-06 10:40:15 UTC

Permalink

Hi,

I've never used relp, with or without tls, but this is what I've used to
create certificates to secure our DB connections.

Let me know if this works for you with rsyslog.

Regards,
Flo

Post by sophie.loewenthal--- via rsyslog
Hi Flo,
I tried a few times from scratch and could not get it to work. The
certtool output is different along with the defaults.
*Sent:* Wednesday, December 05, 2018 4:06 PM
*To:* rsyslog-users
*Cc:* LOEWENTHAL Sophie
*Subject:* Re: [rsyslog] rsyslog RELP and TLS - creating the certificates
Hi,
What's wrong with this guide https://www.rsyslog.com/using-tls-with-relp/ ?
The commands used in it still apply nowadays.
Regards,
Flo
On Wed, Dec 5, 2018 at 12:52 PM sophie.loewenthal--- via rsyslog <
Hi,
One and off for a few months I've been trying toget TLS working with RELP.
I've set up so many certificates for client and servers, and never managed
to them to talk. Frankly, with all the hundreds of options in
openssl/certtool and that the default values and order of questions that
change depending on the version and O/S used, it's bound to god wrong. For
example: this guide from 2013 doesn't work
https://www.rsyslog.com/using-tls-with-relp
I know that lots of people setting TLS up in rsyslog will be creating
certificates daily, and they know OpenSSL pretty well , but I do not: I
create a certificate once every six months, if this.
Are there any recent guides to setting this up? Particularly for the part
for creating CA/server/client certificates.
The actual omrelp/imrelp part is quite straight forward.
Best wishes,
Sophie
This message and any attachments (the "message") is
intended solely for the intended addressees and is confidential.
If you receive this message in error,or are not the intended recipient(s),
please delete it and any copies from your systems and immediately notify
the sender. Any unauthorized view, use that does not comply with its purpose,
dissemination or disclosure, either whole or partial, is prohibited. Since the internet
cannot guarantee the integrity of this message which may not be reliable, BNP PARIBAS
(and its subsidiaries) shall not be liable for the message if modified,
changed or falsified.
Do not print this message unless it is necessary, consider the environment.
----------------------------------------------------------------------------------------------------------------------------------
Ce message et toutes les pieces jointes (ci-apres le "message")
sont etablis a l'intention exclusive de ses destinataires et sont confidentiels.
Si vous recevez ce message par erreur ou s'il ne vous est pas destine,
merci de le detruire ainsi que toute copie de votre systeme et d'en avertir
immediatement l'expediteur. Toute lecture non autorisee, toute utilisation de
ce message qui n'est pas conforme a sa destination, toute diffusion ou toute
publication, totale ou partielle, est interdite. L'Internet ne permettant pas d'assurer
l'integrite de ce message electronique susceptible d'alteration, BNP Paribas
(et ses filiales) decline(nt) toute responsabilite au titre de ce message dans l'hypothese
ou il aurait ete modifie, deforme ou falsifie.
N'imprimez ce message que si necessaire, pensez a l'environnement.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.

sophie.loewenthal--- via rsyslog

2018-12-06 14:18:18 UTC

Permalink

Hi Flo,

This won't work over here, yet

Got a RELP peer authentication failed. Also we have multiple FQDNs for each host that resolve round robin, so the FQDN changes each time, which won't help. Don't ask me why...

rsyslogd: imrelp[2514]: error 'TLS record write failed [gnutls error -10: The specified session has been invalidated for some reason.]', object 'lstn 2514: conn to clt 10.1.1.1/s24.oob.be.zzz.bbb.local' - input may not work as intended [v8.39.0 try http://www.rsyslog.com/e/2353 ]

Thanks anyway. I'll try modifying it.

Best wishes,
Sophie

Team mailbox : ***@bnpparibas.com
or direct ***@bnpparibas.com

From: Flo Rance [mailto:***@gmail.com]
Sent: Thursday, December 06, 2018 11:40 AM
To: LOEWENTHAL Sophie
Cc: rsyslog-users
Subject: Re: [rsyslog] rsyslog RELP and TLS - creating the certificates

Hi,

I've never used relp, with or without tls, but this is what I've used to create certificates to secure our DB connections.

Let me know if this works for you with rsyslog.

Regards,
Flo

On Wed, Dec 5, 2018 at 4:32 PM ***@externe.bnpparibas.com <***@externe.bnpparibas.com> wrote:
Hi Flo,
I tried a few times from scratch and could not get it to work. The certtool output is different along with the defaults.

From: Flo Rance [mailto:***@gmail.com]
Sent: Wednesday, December 05, 2018 4:06 PM
To: rsyslog-users
Cc: LOEWENTHAL Sophie
Subject: Re: [rsyslog] rsyslog RELP and TLS - creating the certificates

Hi,

What's wrong with this guide https://www.rsyslog.com/using-tls-with-relp/ ?

The commands used in it still apply nowadays.

Regards,
Flo

On Wed, Dec 5, 2018 at 12:52 PM sophie.loewenthal--- via rsyslog <***@lists.adiscon.com> wrote:
Hi,

One and off for a few months I've been trying toget TLS working with RELP. I've set up so many certificates for client and servers, and never managed to them to talk. Frankly, with all the hundreds of options in openssl/certtool and that the default values and order of questions that change depending on the version and O/S used, it's bound to god wrong. For example: this guide from 2013 doesn't work https://www.rsyslog.com/using-tls-with-relp

I know that lots of people setting TLS up in rsyslog will be creating certificates daily, and they know OpenSSL pretty well , but I do not: I create a certificate once every six months, if this.

Are there any recent guides to setting this up? Particularly for the part for creating CA/server/client certificates.

The actual omrelp/imrelp part is quite straight forward.

Best wishes,
Sophie

This message and any attachments (the "message") is
intended solely for the intended addressees and is confidential.
If you receive this message in error,or are not the intended recipient(s),
please delete it and any copies from your systems and immediately notify
the sender. Any unauthorized view, use that does not comply with its purpose,
dissemination or disclosure, either whole or partial, is prohibited. Since the internet
cannot guarantee the integrity of this message which may not be reliable, BNP PARIBAS
(and its subsidiaries) shall not be liable for the message if modified, changed or falsified.
Do not print this message unless it is necessary, consider the environment.

----------------------------------------------------------------------------------------------------------------------------------

Ce message et toutes les pieces jointes (ci-apres le "message")
sont etablis a l'intention exclusive de ses destinataires et sont confidentiels.
Si vous recevez ce message par erreur ou s'il ne vous est pas destine,
merci de le detruire ainsi que toute copie de votre systeme et d'en avertir
immediatement l'expediteur. Toute lecture non autorisee, toute utilisation de
ce message qui n'est pas conforme a sa destination, toute diffusion ou toute
publication, totale ou partielle, est interdite. L'Internet ne permettant pas d'assurer
l'integrite de ce message electronique susceptible d'alteration, BNP Paribas
(et ses filiales) decline(nt) toute responsabilite au titre de ce message dans l'hypothese
ou il aurait ete modifie, deforme ou falsifie.
N'imprimez ce message que si necessaire, pensez a l'environnement.

_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE T

Flo Rance via rsyslog

2018-12-06 14:41:59 UTC

Permalink

I made some tests, and I was able to connect the client (8.4.2) and the
server (8.39.0) with the configuration provided here
https://www.rsyslog.com/using-tls-with-relp/ (of course with few
modifications for hostnames) and the certificates generated with the doc
I've sent.

You may try to give the server a CN=*.example.net to allow round robin FQDN.

Otherwise, it's most probably a config issue in one of the files.

Regards,
Flo

Post by sophie.loewenthal--- via rsyslog
Hi Flo,
This won't work over here, yet
Got a RELP peer authentication failed. Also we have multiple FQDNs for
each host that resolve round robin, so the FQDN changes each time, which
won't help. Don't ask me why...
The specified session has been invalidated for some reason.]', object
'lstn 2514: conn to clt 10.1.1.1/s24.oob.be.zzz.bbb.local' - input may
not work as intended [v8.39.0 try http://www.rsyslog.com/e/2353 ]
Thanks anyway. I'll try modifying it.
Best wishes,
Sophie
Sent: Thursday, December 06, 2018 11:40 AM
To: LOEWENTHAL Sophie
Cc: rsyslog-users
Subject: Re: [rsyslog] rsyslog RELP and TLS - creating the certificates
Hi,
I've never used relp, with or without tls, but this is what I've used to
create certificates to secure our DB connections.
Let me know if this works for you with rsyslog.
Regards,
Flo
Hi Flo,
I tried a few times from scratch and could not get it to work. The
certtool output is different along with the defaults.
Sent: Wednesday, December 05, 2018 4:06 PM
To: rsyslog-users
Cc: LOEWENTHAL Sophie
Subject: Re: [rsyslog] rsyslog RELP and TLS - creating the certificates
Hi,
What's wrong with this guide https://www.rsyslog.com/using-tls-with-relp/ ?
The commands used in it still apply nowadays.
Regards,
Flo
On Wed, Dec 5, 2018 at 12:52 PM sophie.loewenthal--- via rsyslog <
Hi,
One and off for a few months I've been trying toget TLS working with RELP.
I've set up so many certificates for client and servers, and never managed
to them to talk. Frankly, with all the hundreds of options in
openssl/certtool and that the default values and order of questions that
change depending on the version and O/S used, it's bound to god wrong. For
example: this guide from 2013 doesn't work
https://www.rsyslog.com/using-tls-with-relp
I know that lots of people setting TLS up in rsyslog will be creating
certificates daily, and they know OpenSSL pretty well , but I do not: I
create a certificate once every six months, if this.
Are there any recent guides to setting this up? Particularly for the part
for creating CA/server/client certificates.
The actual omrelp/imrelp part is quite straight forward.
Best wishes,
Sophie
This message and any attachments (the "message") is
intended solely for the intended addressees and is confidential.
If you receive this message in error,or are not the intended recipient(s),
please delete it and any copies from your systems and immediately notify
the sender. Any unauthorized view, use that does not comply with its purpose,
dissemination or disclosure, either whole or partial, is prohibited. Since the internet
cannot guarantee the integrity of this message which may not be reliable, BNP PARIBAS
(and its subsidiaries) shall not be liable for the message if modified,
changed or falsified.
Do not print this message unless it is necessary, consider the environment.
----------------------------------------------------------------------------------------------------------------------------------
Ce message et toutes les pieces jointes (ci-apres le "message")
sont etablis a l'intention exclusive de ses destinataires et sont confidentiels.
Si vous recevez ce message par erreur ou s'il ne vous est pas destine,
merci de le detruire ainsi que toute copie de votre systeme et d'en avertir
immediatement l'expediteur. Toute lecture non autorisee, toute utilisation de
ce message qui n'est pas conforme a sa destination, toute diffusion ou toute
publication, totale ou partielle, est interdite. L'Internet ne permettant pas d'assurer
l'integrite de ce message electronique susceptible d'alteration, BNP Paribas
(et ses filiales) decline(nt) toute responsabilite au titre de ce message dans l'hypothese
ou il aurait ete modifie, deforme ou falsifie.
N'imprimez ce message que si necessaire, pensez a l'environnement.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.

sophie.loewenthal--- via rsyslog

2018-12-06 14:47:15 UTC

Permalink

Little more info whilst I was looking:

The rsyslog.conf configuration,

The CLIENT has
action(
type="omrelp"
target="a-be-s3005-msl"
port="2514"
tls="on"
tls.caCert="/etc/rsyslog.d/ssl/company-ca.crt"
tls.myCert="/etc/rsyslog.d/ssl/client.crt"
tls.myPrivKey="/etc/rsyslog.d/ssl/client.key"

The SERVER has
input(
type="imrelp"
port="2514"
maxDataSize="8k"
tls="on"
tls.caCert="/etc/rsyslog.d/ssl/company-ca.crt"
tls.myCert="/etc/rsyslog.d/ssl/server.crt"
tls.myPrivKey="/etc/rsyslog.d/ssl/server.key"
)

CLIENT connects to server and gets this,
# openssl s_client -connect be-s3005-msl:2514 -CAfile company-ca.crt -cert client.crt -key client.key
CONNECTED(00000003)
140081314850704:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:794:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 289 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1544107265
Timeout : 300 (sec)
Verify return code: 0 (ok)
---

This message and any attachments (the "message") is
intended solely for the intended addressees and is confidential.
If you receive this message in error,or are not the intended recipient(s),
please delete it and any copies from your systems and immediately notify
the sender. Any unauthorized view, use that does not comply with its purpose,
dissemination or disclosure, either whole or partial, is prohibited. Since the internet
cannot guarantee the integrity of this message which may not be reliable, BNP PARIBAS
(and its subsidiaries) shall not be liable for the message if modified, changed or falsified.
Do not print this message unless it is necessary, consider the environment.

----------------------------------------------------------------------------------------------------------------------------------

Ce message et toutes les pieces jointes (ci-apres le "message")
sont etablis a l'intention exclusive de ses destinataires et sont confidentiels.
Si vous recevez ce message par erreur ou s'il ne vous est pas destine,
merci de le detruire ainsi que toute copie de votre systeme et d'en avertir
immediatement l'expediteur. Toute lecture non autorisee, toute utilisation de
ce message qui n'est pas conforme a sa destination, toute diffusion ou toute
publication, totale ou partielle, est interdite. L'Internet ne permettant pas d'assurer
l'integrite de ce message electronique susceptible d'alteration, BNP Paribas
(et ses filiales) decline(nt) toute responsabilite au titre de ce message dans l'hypothese
ou il aurait ete modifie, deforme ou falsifie.
N'imprimez ce message que si necessaire, pensez a l'environnement.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.

Flo Rance via rsyslog

2018-12-06 14:58:30 UTC

Permalink

Unable to reproduce that here. It might indicate that the server doesn't
provide tls.

You should check the permissions on the files.

Btw, did you generate all the certificates with the same openssl binary ?

Regards,
Flo

Post by sophie.loewenthal--- via rsyslog
The rsyslog.conf configuration,
The CLIENT has
action(
type="omrelp"
target="a-be-s3005-msl"
port="2514"
tls="on"
tls.caCert="/etc/rsyslog.d/ssl/company-ca.crt"
tls.myCert="/etc/rsyslog.d/ssl/client.crt"
tls.myPrivKey="/etc/rsyslog.d/ssl/client.key"
The SERVER has
input(
type="imrelp"
port="2514"
maxDataSize="8k"
tls="on"
tls.caCert="/etc/rsyslog.d/ssl/company-ca.crt"
tls.myCert="/etc/rsyslog.d/ssl/server.crt"
tls.myPrivKey="/etc/rsyslog.d/ssl/server.key"
)
CLIENT connects to server and gets this,
# openssl s_client -connect be-s3005-msl:2514 -CAfile company-ca.crt -cert
client.crt -key client.key
CONNECTED(00000003)
140081314850704:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 289 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Protocol : TLSv1.2
Cipher : 0000
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1544107265
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
This message and any attachments (the "message") is
intended solely for the intended addressees and is confidential.
If you receive this message in error,or are not the intended recipient(s),
please delete it and any copies from your systems and immediately notify
the sender. Any unauthorized view, use that does not comply with its purpose,
dissemination or disclosure, either whole or partial, is prohibited. Since the internet
cannot guarantee the integrity of this message which may not be reliable, BNP PARIBAS
(and its subsidiaries) shall not be liable for the message if modified,
changed or falsified.
Do not print this message unless it is necessary, consider the environment.
----------------------------------------------------------------------------------------------------------------------------------
Ce message et toutes les pieces jointes (ci-apres le "message")
sont etablis a l'intention exclusive de ses destinataires et sont confidentiels.
Si vous recevez ce message par erreur ou s'il ne vous est pas destine,
merci de le detruire ainsi que toute copie de votre systeme et d'en avertir
immediatement l'expediteur. Toute lecture non autorisee, toute utilisation de
ce message qui n'est pas conforme a sa destination, toute diffusion ou toute
publication, totale ou partielle, est interdite. L'Internet ne permettant pas d'assurer
l'integrite de ce message electronique susceptible d'alteration, BNP Paribas
(et ses filiales) decline(nt) toute responsabilite au titre de ce message dans l'hypothese
ou il aurait ete modifie, deforme ou falsifie.
N'imprimez ce message que si necessaire, pensez a l'environnement.

sophie.loewenthal--- via rsyslog

2018-12-06 15:04:37 UTC

Permalink

It might indicate that the server doesn't provide tls.

Unsure what you mean.

Btw, did you generate all the certificates with the same openssl binary ?

Yes, same openssl bin on the same server.
Files can be read by the process. 444 except the key which is 400 and rsyslog runs as root on the client.

It's running rsyslog 8.3.9 and OpenSSL 1.0.2k-fips

# rsyslogd -v
rsyslogd 8.39.0, compiled with:
PLATFORM: x86_64-redhat-linux-gnu
PLATFORM (lsb_release -d):
FEATURE_REGEXP: Yes
GSSAPI Kerberos 5 support: Yes
FEATURE_DEBUG (debug build, slow code): No
32bit Atomic operations supported: Yes
64bit Atomic operations supported: Yes
memory allocator: system default
Runtime Instrumentation (slow code): No
uuid support: Yes
systemd support: Yes
Number of Bits in RainerScript integers: 64

This message and any attachments (the "message") is
intended solely for the intended addressees and is confidential.
If you receive this message in error,or are not the intended recipient(s),
please delete it and any copies from your systems and immediately notify
the sender. Any unauthorized view, use that does not comply with its purpose,
dissemination or disclosure, either whole or partial, is prohibited. Since the internet
cannot guarantee the integrity of this message which may not be reliable, BNP PARIBAS
(and its subsidiaries) shall not be liable for the message if modified, changed or falsified.
Do not print this message unless it is necessary, consider the environment.

----------------------------------------------------------------------------------------------------------------------------------

Ce message et toutes les pieces jointes (ci-apres le "message")
sont etablis a l'intention exclusive de ses destinataires et sont confidentiels.
Si vous recevez ce message par erreur ou s'il ne vous est pas destine,
merci de le detruire ainsi que toute copie de votre systeme et d'en avertir
immediatement l'expediteur. Toute lecture non autorisee, toute utilisation de
ce message qui n'est pas conforme a sa destination, toute diffusion ou toute
publication, totale ou partielle, est interdite. L'Internet ne permettant pas d'assurer
l'integrite de ce message electronique susceptible d'alteration, BNP Paribas
(et ses filiales) decline(nt) toute responsabilite au titre de ce message dans l'hypothese
ou il aurait ete modifie, deforme ou falsifie.
N'imprimez ce message que si necessaire, pensez a l'environnement.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.

Flo Rance via rsyslog

2018-12-06 15:02:33 UTC

Permalink

Oh, and you didn't provide any "tls.permittedpeer=["..."]" so the next
error that you should see on the server side is something like:

rsyslogd: imrelp[2514]: authentication error 'non-permited fingerprint',
peer is '�� r� '
rsyslogd: imrelp[2514]: error 'TLS handshake failed [gnutls error -43:
Error in the certificate.]', object 'lstn 2514: conn to clt ....

Regards,
Flo

sophie.loewenthal--- via rsyslog

2018-12-06 15:07:18 UTC

Permalink

I got this:

2018-12-06T15:38:59.909637+01:00 s3005 rsyslogd: imrelp[2514]: authentication error 'peer did not provide a certificate', peer is '' [v8.39.0 try http://www.rsyslog.com/e/2353 ]
2018-12-06T15:38:59.909646+01:00 s3005 rsyslogd: imrelp[2514]: error 'TLS handshake failed [gnutls error -43: Error in the certificate.]', object 'lstn 2514: conn to clt ::1/localhost' - input may not work as intended [v8.39.0 try http://www.rsyslog.com/e/2353 ]

Best wishes,
Sophie

From: Flo Rance [mailto:***@gmail.com]
Sent: Thursday, December 06, 2018 4:03 PM
To: LOEWENTHAL Sophie
Cc: rsyslog-users
Subject: Re: [rsyslog] rsyslog RELP and TLS - creating the certificates

Oh, and you didn't provide any "tls.permittedpeer=["..."]" so the next error that you should see on the server side is something like:

rsyslogd: imrelp[2514]: authentication error 'non-permited fingerprint', peer is '�� r� '
rsyslogd: imrelp[2514]: error 'TLS handshake failed [gnutls error -43: Error in the certificate.]', object 'lstn 2514: conn to clt ....

Regards,
Flo

On Thu, Dec 6, 2018 at 3:47 PM ***@externe.bnpparibas.com <***@externe.bnpparibas.com> wrote:
Little more info whilst I was looking:

The rsyslog.conf configuration,

The CLIENT has
action(
type="omrelp"
target="a-be-s3005-msl"
port="2514"
tls="on"
tls.caCert="/etc/rsyslog.d/ssl/company-ca.crt"
tls.myCert="/etc/rsyslog.d/ssl/client.crt"
tls.myPrivKey="/etc/rsyslog.d/ssl/client.key"

The SERVER has
input(
type="imrelp"
port="2514"
maxDataSize="8k"
tls="on"
tls.caCert="/etc/rsyslog.d/ssl/company-ca.crt"
tls.myCert="/etc/rsyslog.d/ssl/server.crt"
tls.myPrivKey="/etc/rsyslog.d/ssl/server.key"
)

CLIENT connects to server and gets this,
# openssl s_client -connect be-s3005-msl:2514 -CAfile company-ca.crt -cert client.crt -key client.key
CONNECTED(00000003)
140081314850704:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:794:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 289 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1544107265
Timeout : 300 (sec)
Verify return code: 0 (ok)
---

This message and any attachments (the "message") is
intended solely for the intended addressees and is confidential.
If you receive this message in error,or are not the intended recipient(s),
please delete it and any copies from your systems and immediately notify
the sender. Any unauthorized view, use that does not comply with its purpose,
dissemination or disclosure, either whole or partial, is prohibited. Since the internet
cannot guarantee the integrity of this message which may not be reliable, BNP PARIBAS
(and its subsidiaries) shall not be liable for the message if modified, changed or falsified.
Do not print this message unless it is necessary, consider the environment.

----------------------------------------------------------------------------------------------------------------------------------

Ce message et toutes les pieces jointes (ci-apres le "message")
sont etablis a l'intention exclusive de ses destinataires et sont confidentiels.
Si vous recevez ce message par erreur ou s'il ne vous est pas destine,
merci de le detruire ainsi que toute copie de votre systeme et d'en avertir
immediatement l'expediteur. Toute lecture non autorisee, toute utilisation de
ce message qui n'est pas conforme a sa destination, toute diffusion ou toute
publication, totale ou partielle, est interdite. L'Internet ne permettant pas d'assurer
l'integrite de ce message electronique susceptible d'alteration, BNP Paribas
(et ses filiales) decline(nt) toute responsabilite au titre de ce message dans l'hypothese
ou il aurait ete modifie, deforme ou falsifie.
N'imprimez ce message que si necessaire, pensez a l'environnement.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T

Flo Rance via rsyslog

2018-12-06 15:57:23 UTC

Permalink

Ok, it looks like the same error as described here:
https://github.com/rsyslog/rsyslog/issues/435

I must admit that I'm not able to reproduce it with 8.39.

But you might try to set "tls.authMode" on both server and client to see if
it helps.

Regards,
Flo

Post by sophie.loewenthal--- via rsyslog
authentication error 'peer did not provide a certificate', peer is ''
[v8.39.0 try http://www.rsyslog.com/e/2353 ]
2018-12-06T15:38:59.909646+01:00 s3005 rsyslogd: imrelp[2514]: error 'TLS
handshake failed [gnutls error -43: Error in the certificate.]', object
'lstn 2514: conn to clt ::1/localhost' - input may not work as intended
[v8.39.0 try http://www.rsyslog.com/e/2353 ]
Best wishes,
Sophie
Sent: Thursday, December 06, 2018 4:03 PM
To: LOEWENTHAL Sophie
Cc: rsyslog-users
Subject: Re: [rsyslog] rsyslog RELP and TLS - creating the certificates
Oh, and you didn't provide any "tls.permittedpeer=["..."]" so the next
rsyslogd: imrelp[2514]: authentication error 'non-permited fingerprint',
peer is '�� r� '
Error in the certificate.]', object 'lstn 2514: conn to clt ....
Regards,
Flo
The rsyslog.conf configuration,
The CLIENT has
action(
type="omrelp"
target="a-be-s3005-msl"
port="2514"
tls="on"
tls.caCert="/etc/rsyslog.d/ssl/company-ca.crt"
tls.myCert="/etc/rsyslog.d/ssl/client.crt"
tls.myPrivKey="/etc/rsyslog.d/ssl/client.key"
The SERVER has
input(
type="imrelp"
port="2514"
maxDataSize="8k"
tls="on"
tls.caCert="/etc/rsyslog.d/ssl/company-ca.crt"
tls.myCert="/etc/rsyslog.d/ssl/server.crt"
tls.myPrivKey="/etc/rsyslog.d/ssl/server.key"
)
CLIENT connects to server and gets this,
# openssl s_client -connect be-s3005-msl:2514 -CAfile company-ca.crt -cert
client.crt -key client.key
CONNECTED(00000003)
140081314850704:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 289 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Protocol : TLSv1.2
Cipher : 0000
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1544107265
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
This message and any attachments (the "message") is
intended solely for the intended addressees and is confidential.
If you receive this message in error,or are not the intended recipient(s),
please delete it and any copies from your systems and immediately notify
the sender. Any unauthorized view, use that does not comply with its purpose,
dissemination or disclosure, either whole or partial, is prohibited. Since the internet
cannot guarantee the integrity of this message which may not be reliable, BNP PARIBAS
(and its subsidiaries) shall not be liable for the message if modified,
changed or falsified.
Do not print this message unless it is necessary, consider the environment.
----------------------------------------------------------------------------------------------------------------------------------
Ce message et toutes les pieces jointes (ci-apres le "message")
sont etablis a l'intention exclusive de ses destinataires et sont confidentiels.
Si vous recevez ce message par erreur ou s'il ne vous est pas destine,
merci de le detruire ainsi que toute copie de votre systeme et d'en avertir
immediatement l'expediteur. Toute lecture non autorisee, toute utilisation de
ce message qui n'est pas conforme a sa destination, toute diffusion ou toute
publication, totale ou partielle, est interdite. L'Internet ne permettant pas d'assurer
l'integrite de ce message electronique susceptible d'alteration, BNP Paribas
(et ses filiales) decline(nt) toute responsabilite au titre de ce message dans l'hypothese
ou il aurait ete modifie, deforme ou falsifie.
N'imprimez ce message que si necessaire, pensez a l'environnement.

sophie.loewenthal--- via rsyslog

2018-12-07 14:01:29 UTC

Permalink

Hi folks,

I added the tls.permittedpeer part and had similar errors produced,

input(type="imrelp" port="2514" maxDataSize="8k" tls="on" tls.caCert="/etc/rsyslog.d/ssl/company-ca.crt" tls.myCert="/etc/rsyslog.d/ssl/server.crt" tls.myPrivKey="/etc/rsyslog.d/ssl/server.key" tls.permittedpeer=["*be.local", "*.oob.intra", "*.intra"] )

2018-12-07T14:48:45.173348+01:00 3005 rsyslogd: [origin software="rsyslogd" swVersion="8.39.0" x-pid="4636" x-info="http://www.rsyslog.com"] start
2018-12-07T14:48:45.384140+01:00 3005 rsyslogd: imrelp[2514]: error 'TLS handshake failed [gnutls error -54: Error in the pull function.]', object 'lstn 2514: conn to clt 192.168.101.34/2450.oob.intra' - input may not work as intended [v8.39.0 try http://www.rsyslog.com/e/2353 ]
2018-12-07T14:48:45.384156+01:00 3005 rsyslogd: imrelp[2514]: error 'TLS record write failed [gnutls error -10: The specified session has been invalidated for some reason.]', object 'lstn 2514: conn to clt 192.168.101.34/2450.oob.intra' - input may not work as intended [v8.39.0 try http://www.rsyslog.com/e/2353 ]

-----Original Message-----
sophie.loewenthal--- via rsyslog
Sent: Thursday, December 06, 2018 4:07 PM
To: Flo Rance
Cc: LOEWENTHAL Sophie; rsyslog-users
Subject: Re: [rsyslog] rsyslog RELP and TLS - creating the certificates
authentication error 'peer did not provide a certificate', peer is '' [v8.39.0 try
http://www.rsyslog.com/e/2353 ]
2018-12-06T15:38:59.909646+01:00 s3005 rsyslogd: imrelp[2514]: error 'TLS
conn to clt ::1/localhost' - input may not work as intended [v8.39.0 try
http://www.rsyslog.com/e/2353 ]
Best wishes,
Sophie
Sent: Thursday, December 06, 2018 4:03 PM
To: LOEWENTHAL Sophie
Cc: rsyslog-users
Subject: Re: [rsyslog] rsyslog RELP and TLS - creating the certificates
Oh, and you didn't provide any "tls.permittedpeer=["..."]" so the next error that
rsyslogd: imrelp[2514]: authentication error 'non-permited fingerprint', peer is
'�� r� '
rsyslogd: imrelp[2514]: error 'TLS handshake failed [gnutls error -43: Error in the
certificate.]', object 'lstn 2514: conn to clt ....
Regards,
Flo
The rsyslog.conf configuration,
The CLIENT has
action(
type="omrelp"
target="a-be-s3005-msl"
port="2514"
tls="on"
tls.caCert="/etc/rsyslog.d/ssl/company-ca.crt"
tls.myCert="/etc/rsyslog.d/ssl/client.crt"
tls.myPrivKey="/etc/rsyslog.d/ssl/client.key"
The SERVER has
input(
type="imrelp"
port="2514"
maxDataSize="8k"
tls="on"
tls.caCert="/etc/rsyslog.d/ssl/company-ca.crt"
tls.myCert="/etc/rsyslog.d/ssl/server.crt"
tls.myPrivKey="/etc/rsyslog.d/ssl/server.key"
)
CLIENT connects to server and gets this,
# openssl s_client -connect be-s3005-msl:2514 -CAfile company-ca.crt -cert
client.crt -key client.key
CONNECTED(00000003)
140081314850704:error:140770FC:SSL
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 289 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Protocol : TLSv1.2
Cipher : 0000
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1544107265
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
This message and any attachments (the "message") is
intended solely for the intended addressees and is confidential.
If you receive this message in error,or are not the intended recipient(s),
please delete it and any copies from your systems and immediately notify
the sender. Any unauthorized view, use that does not comply with its purpose,
dissemination or disclosure, either whole or partial, is prohibited. Since the internet
cannot guarantee the integrity of this message which may not be reliable, BNP PARIBAS
(and its subsidiaries) shall not be liable for the message if modified, changed or
falsified.
Do not print this message unless it is necessary, consider the environment.
--------------------------------------------------------------------------------------------------
--------------------------------
Ce message et toutes les pieces jointes (ci-apres le "message")
sont etablis a l'intention exclusive de ses destinataires et sont confidentiels.
Si vous recevez ce message par erreur ou s'il ne vous est pas destine,
merci de le detruire ainsi que toute copie de votre systeme et d'en avertir
immediatement l'expediteur. Toute lecture non autorisee, toute utilisation de
ce message qui n'est pas conforme a sa destination, toute diffusion ou toute
publication, totale ou partielle, est interdite. L'Internet ne permettant pas d'assurer
l'integrite de ce message electronique susceptible d'alteration, BNP Paribas
(et ses filiales) decline(nt) toute responsabilite au titre de ce message dans l'hypothese
ou il aurait ete modifie, deforme ou falsifie.
N'imprimez ce message que si necessaire, pensez a l'environnement.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T
LIKE THAT.

13 Replies
146 Views
Permalink to this page
Disable enhanced parsing

Thread Navigation

sophie.loewenthal--- via rsyslog 2018-12-05 11:52:08 UTC

Flo Rance via rsyslog 2018-12-05 15:05:37 UTC

sophie.loewenthal--- via rsyslog 2018-12-05 15:32:44 UTC

Derek DiFilippo via rsyslog 2018-12-05 15:59:32 UTC

Flo Rance via rsyslog 2018-12-06 10:40:15 UTC

sophie.loewenthal--- via rsyslog 2018-12-06 14:18:18 UTC

Flo Rance via rsyslog 2018-12-06 14:41:59 UTC

sophie.loewenthal--- via rsyslog 2018-12-06 14:47:15 UTC

Flo Rance via rsyslog 2018-12-06 14:58:30 UTC

sophie.loewenthal--- via rsyslog 2018-12-06 15:04:37 UTC

Flo Rance via rsyslog 2018-12-06 15:02:33 UTC

sophie.loewenthal--- via rsyslog 2018-12-06 15:07:18 UTC

Flo Rance via rsyslog 2018-12-06 15:57:23 UTC

sophie.loewenthal--- via rsyslog 2018-12-07 14:01:29 UTC

about - legalese