Hi Sir,
I build librelp 1.2.7 with --enable-tls and --disable-tls but no to avail.
Problem is there. What is the recommended way for buillding librelp.
Certificates which i have generated are according to the way mention on
link http://www.rsyslog.com/using-tls-with-relp/ . I have also updated to
rsyslog v8.6.
On Sat, Nov 29, 2014 at 1:43 PM, Rainer Gerhards <rgerha...@hq.adiscon.com>
wrote:
> You need to build librelp from source so that it can use the new gnutls
> functionality.
>
> Sent from phone, thus brief.
> Am 29.11.2014 07:21 schrieb "Muhammad Asif" <masifpa...@gmail.com>:
>
> > Hi Rainer,
> >
> > May I have installed udated gnutls but issue is still there. Can you
> guide
> > at what place i have to mention "TLS in anonymous mode". I want TLS on
> > RELP. so please guid me accordingly.
> >
> > On Fri, Nov 21, 2014 at 1:49 PM, Rainer Gerhards <
> rgerha...@hq.adiscon.com
> > >
> > wrote:
> >
> > > FYI: I have also improved the error message, so that it now more
> > precisely
> > > tells what is going on.
> > >
> > > Rainer
> > >
> > > 2014-11-21 9:36 GMT+01:00 Rainer Gerhards <rgerha...@hq.adiscon.com>:
> > >
> > > > 2014-11-21 6:55 GMT+01:00 Muhammad Asif <masifpa...@gmail.com>:
> > > >
> > > >> Hi Geeks,
> > > >>
> > > >> I have installed rsyslog 8.4 and rsyslog-relp in Centos 6.5. I want
> to
> > > use
> > > >> TLS on RELP between remote server and client machine. Here is my
> > > >> configuration.
> > > >>
> > > >> module(load="imuxsock")
> > > >> module(load="imrelp" ruleset="relp")
> > > >>
> > > >> input(type="imrelp" port="10514" tls="on"
> > > >> tls.caCert="/etc/rsyslog.d/cert/cacert.pem"
> > > >> tls.myCert="/etc/rsyslog.d/cert/bloggercert.pem"
> > > >> tls.myPrivKey="/etc/rsyslog.d/cert/bloggerkey.pem"
> > > >> tls.authMode="name"
> > > >> tls.permittedpeer=["172.20.16.22","172.20.16.25"]
> > > >> )
> > > >> ruleset (name="relp") {
> > > >> action(type="omfile" file="/var/log/relp_log")
> > > >> }
> > > >>
> > > >> When I restart the service, i receive log in message file as
> > > >> Nov 21 10:48:32 blogger rsyslogd-2291: imrelp: could not activate
> relp
> > > >> listner, code 10046 [try http://www.rsyslog.com/e/2291 ]
> > > >>
> > > >>
> > > > I have just checked the code. It means that the platform does not
> > provide
> > > > TLS auth support. In general, this means that GnuTLS is too old. I
> > > remember
> > > > this is the case for Centos 6.5. You should be able to use TLS in
> > > anonymous
> > > > mode. While this does not guard against man-in-the-middle attacks, it
> > at
> > > > least keeps message flow encrypted.
> > > >
> > > > The alternate solution is to install a current version of GnuTLS on
> > that
> > > > system and rebuild librelp from source.
> > > >
> > > > Rainer
> > > >
> > > >
> > > >> What problem can be. Please guide me in this regard.
> > > >> _______________________________________________
> > > >> rsyslog mailing list
> > > >> http://lists.adiscon.net/mailman/listinfo/rsyslog
> > > >> http://www.rsyslog.com/professional-services/
> > > >> What's up with rsyslog? Follow https://twitter.com/rgerhards
> > > >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
> > myriad
> > > >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if
> you
> > > >> DON'T LIKE THAT.
> > > >>
> > > >
> > > >
> > > _______________________________________________
> > > rsyslog mailing list
> > > http://lists.adiscon.net/mailman/listinfo/rsyslog
> > > http://www.rsyslog.com/professional-services/
> > > What's up with rsyslog? Follow https://twitter.com/rgerhards
> > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
> myriad
> > > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> > > DON'T LIKE THAT.
> > >
> > _______________________________________________
> > rsyslog mailing list
> > http://lists.adiscon.net/mailman/listinfo/rsyslog
> > http://www.rsyslog.com/professional-services/
> > What's up with rsyslog? Follow https://twitter.com/rgerhards
> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
> > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> > DON'T LIKE THAT.
> >
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> DON'T LIKE THAT.
>
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
