Hi All,
I now have the following running:
global(
defaultNetstreamDriver="gtls"
defaultNetstreamDriverCAFile=”/rsyslog/protected/ca.pem”
defaultNetstreamDriverCertFile=”/rsyslog/protected/machine-cert.pem”
defaultNetstreamDriverKeyFile=”/rsyslog/protected/machine-key.pem”
)
module(
load="imtcp"
StreamDriver.mode="1"
StreamDreiver.authmode="x509/name"
PermittedPeer="*.example.net [example.net]<https://urldefense.proofpoint.com/v2/url?u=http-3A__example.net&d=DwMFaQ&c=XK1GVu0Y2HvWRiFNJ9Hesw&r=QXMWS0iA1qwbOfy5sZbDJ1AtJyfHKq92dz87pCMZQOU&m=s4YpwkfmAqwEsJiqMSqmlsApJSamAoR3-vRcwrz-1xI&s=g6X85l5Olm7ho4IUiuM45tqdbbIjUtMeMDMqeLoRiHc&e=>"
)
input(
type="imtcp"
port="10514"
)
tcp 0 0 0.0.0.0:10514 0.0.0.0:* LISTEN
Is there a good way to test this?
I wrote a python script:
import socket
import ssl
import sys
import argparse
import requests
from jinja2 import Template
import os
import json
import time
import logging
import logging.handlers
import traceback
import hashlib
import fcntl
cacert_pem_path = "/rsyslog/protected/ca.pem "
os.environ["REQUESTS_CA_BUNDLE"] = cacert_pem_path
server_url='localhost'
port='10514'
data='test-4-26-2018'
output_type='tcp+tls'
unsecured_client_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
cert_reqs = ssl.CERT_REQUIRED
client_socket = ssl.wrap_socket(unsecured_client_socket,ca_certs=cacert_pem_path,cert_reqs=cert_reqs,ssl_version=ssl.PROTOCOL_TLSv1_2,ciphers="AES256-SHA256")
client_socket.connect((server_url, port))
client_socket.send(data.encode("utf-8"))

But I'm getting:
Traceback (most recent call last):
File "test.py", line 24, in <module>
client_socket.connect((server_url, port))
File "/usr/lib64/python2.7/ssl.py", line 866, in connect
self._real_connect(addr, False)
File "/usr/lib64/python2.7/ssl.py", line 853, in _real_connect
socket.connect(self, addr)
File "/usr/lib64/python2.7/socket.py", line 228, in meth
return getattr(self._sock,name)(*args)
TypeError: an integer is required

Using openssl: openssl s_client -showcerts -connect localhost:514 got following:


Client Certificate Types: RSA sign, DSA sign
Requested Signature Algorithms: RSA+SHA256:RSA+SHA1:DSA+SHA1
Shared Requested Signature Algorithms: RSA+SHA256:RSA+SHA1:DSA+SHA1
---
SSL handshake has read 2273 bytes and written 659 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : AES256-SHA256
Session-ID: CADF46FEB3066291CA75C441D28D8273871D62B9C8B29D38EE34762E7BD52D9C
Session-ID-ctx:
Master-Key: 879655950BB046125F941917A9996B7EA356228005FB1E19A8E61857BC6270E9C417E6294C46926988B440EAB08F0FAB
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1524780037
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)
---
read:errno=0

Thanks
-----Original Message-----
From: rsyslog <rsyslog-***@lists.adiscon.com> On Behalf Of Li, Mike via rsyslog
Sent: Thursday, April 26, 2018 9:58 AM
To: Ryan Ward <***@gliacelltechnologies.com>; rsyslog-users <***@lists.adiscon.com>
Cc: Li, Mike <***@finra.org>
Subject: [EXTERNAL] Re: [rsyslog] Resend: rsyslog v8.x server config with tls

Ryan,
I got following:
Starting system logger: rsyslogd: error during parsing file /etc/rsyslog.conf, on or before line 67: invalid character '/' in object definition - is there an invalid escape sequence somewhere? [v8.34.0 try http://www.rsyslog.com/e/2207 ]
rsyslogd: error during parsing file /etc/rsyslog.conf, on or before line 67: syntax error on token rsyslog' [v8.34.0 try http://www.rsyslog.com/e/2207 ]
rsyslogd: CONFIG ERROR: could not interpret master config file '/etc/rsyslog.conf'. [v8.34.0 try http://www.rsyslog.com/e/2207 ] rsyslog startup failure: error reading "fork pipe": No such file or directory with global( defaultNetstreamDriver="gtls"
defaultNetstreamDriverCAFile /rsyslog/protected/ca.pem defaultNetstreamDriverCertFile /rsyslog/protected/machine-cert.pem
defaultNetstreamDriverKeyFile /rsyslog/protected/machine-key.pem
)

but when I changed to
global(
defaultNetstreamDriver="gtls"
defaultNetstreamDriverCAFile=”/rsyslog/protected/ca.pem”
defaultNetstreamDriverCertFile=”/rsyslog/protected/machine-cert.pem”
defaultNetstreamDriverKeyFile=”/rsyslog/protected/machine-key.pem”
)
module(
load="imtcp"
StreamDriver.mode="1"
StreamDreiver.authmode="x509/name"
PermittedPeer="*.example.net [example.net]<https://urldefense.proofpoint.com/v2/url?u=http-3A__example.net&d=DwMFaQ&c=XK1GVu0Y2HvWRiFNJ9Hesw&r=QXMWS0iA1qwbOfy5sZbDJ1AtJyfHKq92dz87pCMZQOU&m=s4YpwkfmAqwEsJiqMSqmlsApJSamAoR3-vRcwrz-1xI&s=g6X85l5Olm7ho4IUiuM45tqdbbIjUtMeMDMqeLoRiHc&e=>"
)
input(
type="imtcp"
port="10514"
)

It worked!
tcp 0 0 0.0.0.0:10514 0.0.0.0:* LISTEN

I’ll do some testing and see.
Thanks.
Mike

From: Ryan Ward <***@gliacelltechnologies.com>
Sent: Thursday, April 26, 2018 9:26 AM
To: rsyslog-users <***@lists.adiscon.com>
Cc: David Lang <***@lang.hm>; Li, Mike <***@finra.org>
Subject: [EXTERNAL] Re: [rsyslog] Resend: rsyslog v8.x server config with tls

Have you taken a look at [1] as it shows all the module parameters. I believe something like below will work global( defaultNetstreamDriver="gtls"
defaultNetstreamDriverCAFile /rsyslog/protected/ca.pem defaultNetstreamDriverCertFile /rsyslog/protected/machine-cert.pem
defaultNetstreamDriverKeyFile /rsyslog/protected/machine-key.pem
)
module(
load="imtcp"
StreamDriver.mode="1"
StreamDreiver.authmode="x509/name"
PermittedPeer="*.example.net [example.net]<https://urldefense.proofpoint.com/v2/url?u=http-3A__example.net&d=DwMFaQ&c=XK1GVu0Y2HvWRiFNJ9Hesw&r=QXMWS0iA1qwbOfy5sZbDJ1AtJyfHKq92dz87pCMZQOU&m=s4YpwkfmAqwEsJiqMSqmlsApJSamAoR3-vRcwrz-1xI&s=g6X85l5Olm7ho4IUiuM45tqdbbIjUtMeMDMqeLoRiHc&e=>"
)
input(
type="imtcp"
port="10514"
)


[1] https://www.rsyslog.com/doc/v8-stable/configuration/modules/imtcp.html [rsyslog.com]<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.rsyslog.com_doc_v8-2Dstable_configuration_modules_imtcp.html&d=DwMFaQ&c=XK1GVu0Y2HvWRiFNJ9Hesw&r=QXMWS0iA1qwbOfy5sZbDJ1AtJyfHKq92dz87pCMZQOU&m=s4YpwkfmAqwEsJiqMSqmlsApJSamAoR3-vRcwrz-1xI&s=MIeavCMVIBR_PQNlUVbRk1ULDls3SQG1i7eT0k7u3Cw&e=>

Thank you,

Ryan Ward

<mailto:Email%***@gliacelltechnologies.com>
[http://www.gliacelltechnologies.com/images/email-logo.png]
GliaCell Technologies
www.gliacelltechnologies.com [gliacelltechnologies.com]<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.gliacelltechnologies.com&d=DwMFaQ&c=XK1GVu0Y2HvWRiFNJ9Hesw&r=QXMWS0iA1qwbOfy5sZbDJ1AtJyfHKq92dz87pCMZQOU&m=s4YpwkfmAqwEsJiqMSqmlsApJSamAoR3-vRcwrz-1xI&s=gJBg1rRdWtg4fh-eeI92qvN2t2V9FyuPIUMi_9nZAls&e=>

On Thu, Apr 26, 2018 at 8:41 AM, Li, Mike via rsyslog <***@lists.adiscon.com<mailto:***@lists.adiscon.com>> wrote:
David,
I would like to continue using the input() statements because I changed all the "template (name, type ), if then { action(), stop}" stanzas to support rsyslog v8.34 I also using module(load="imudp" SchedulingPolicy="fifo" SchedulingPriority="5" threads="2" timeRequery="8" batchSize="128") to support receiving heavy rsyslogs traffic with rsyslog v8

Or will "$template, if then ?; & ~" stanzas still work with rsyslog v 8.34? How to convert "module(load="imudp" SchedulingPolicy="fifo" SchedulingPriority="5" threads="2" timeRequery="8" batchSize="128")" in old syntax?

I have following rpms installed
rsyslog-gnutls-8.34.0-2.el6.x86_64
rsyslog-8.34.0-2.el6.x86_64

Could I be directed to the correct information on how to convert following:
# make gtls driver the default
$DefaultNetstreamDriver gtls

# certificate files
$DefaultNetstreamDriverCAFile /rsyslog/protected/ca.pem $DefaultNetstreamDriverCertFile /rsyslog/protected/machine-cert.pem
$DefaultNetstreamDriverKeyFile /rsyslog/protected/machine-key.pem

$InputTCPServerStreamDriverAuthMode x509/name $InputTCPServerStreamDriverPermittedPeer *.example.net [example.net]<https://urldefense.proofpoint.com/v2/url?u=http-3A__example.net&d=DwMFaQ&c=XK1GVu0Y2HvWRiFNJ9Hesw&r=QXMWS0iA1qwbOfy5sZbDJ1AtJyfHKq92dz87pCMZQOU&m=s4YpwkfmAqwEsJiqMSqmlsApJSamAoR3-vRcwrz-1xI&s=g6X85l5Olm7ho4IUiuM45tqdbbIjUtMeMDMqeLoRiHc&e=>
$InputTCPServerStreamDriverMode 1 # run driver in TLS-only mode $InputTCPServerRun 10514 # start up listener at port 10514

To work on rsyslog v8.34 ?
Thanks
Mike

-----Original Message-----
From: David Lang <***@lang.hm<mailto:***@lang.hm>>
Sent: Wednesday, April 25, 2018 8:19 PM
To: Li, Mike via rsyslog <***@lists.adiscon.com<mailto:***@lists.adiscon.com>>
Cc: Li, Mike <***@finra.org<mailto:***@finra.org>>
Subject: [EXTERNAL] Re: [rsyslog] Resend: rsyslog v8.x server config with tls

it would be clearer if you could show us a copy of your full config.

But I believe that the problem is that you are mixing old and new syntax in one of the few ways that rsyslog complains about.

If you have no input() statements, the obsolete multi-line version works

But as soon as you have one new style input() statement, you need to convert the rest of them over as well.

Confidentiality Notice:: This email, including attachments, may include non-public, proprietary, confidential or legally privileged information. If you are not an intended recipient or an authorized agent of an intended recipient, you are hereby notified that any dissemination, distribution or copying of the information contained in or transmitted with this e-mail is unauthorized and strictly prohibited. If you have received this email in error, please notify the sender by replying to this message and permanently delete this e-mail, its attachments, and any copies of it immediately. You should not retain, copy or use this e-mail or any attachment for any purpose, nor disclose all or any part of the contents to any other person. Thank you.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog [lists.adiscon.net]<https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.adiscon.net_mailman_listinfo_rsyslog&d=DwMFaQ&c=XK1GVu0Y2HvWRiFNJ9Hesw&r=QXMWS0iA1qwbOfy5sZbDJ1AtJyfHKq92dz87pCMZQOU&m=s4YpwkfmAqwEsJiqMSqmlsApJSamAoR3-vRcwrz-1xI&s=DF5T5Y2XloY52Fl8SBt1TBh3ic1__DfS4SApBVL2s9w&e=>
http://www.rsyslog.com/professional-services/ [rsyslog.com]<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.rsyslog.com_professional-2Dservices_&d=DwMFaQ&c=XK1GVu0Y2HvWRiFNJ9Hesw&r=QXMWS0iA1qwbOfy5sZbDJ1AtJyfHKq92dz87pCMZQOU&m=s4YpwkfmAqwEsJiqMSqmlsApJSamAoR3-vRcwrz-1xI&s=fi9JrvJjm4ZnpZJo3NhU93Ul02sh6d-OQ1Qc26Pv9Eo&e=>
What's up with rsyslog? Follow https://twitter.com/rgerhards [twitter.com]<https://urldefense.proofpoint.com/v2/url?u=https-3A__twitter.com_rgerhards&d=DwMFaQ&c=XK1GVu0Y2HvWRiFNJ9Hesw&r=QXMWS0iA1qwbOfy5sZbDJ1AtJyfHKq92dz87pCMZQOU&m=s4YpwkfmAqwEsJiqMSqmlsApJSamAoR3-vRcwrz-1xI&s=BlWWgRtQdyVYUjGHBJIzfwtAerbY92Jf5lMj8a4wGAg&e=>
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.

_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE