Updated dir layout root@bst-collector-02:/etc/rsyslog.d/ssl# ls -lart total 28 -rw-r----- 1 root syslog 1346 May 23 09:31 SLM-Root.pem -rw-r----- 1 root syslog 1623 May 23 09:31 myhost-02.example.net.pem lrwxrwxrwx 1 root root 12 Jun 5 11:53 790a51e4.0 -> SLM-Root.pem -rw-r----- 1 root syslog 1188 Jun 10 11:08 SLM-Prod-Intermediary.pem lrwxrwxrwx 1 root root 25 Jun 10 11:09 b72ccc64.0 -> SLM-Prod-Intermediary.pem drwxr-xr-x 3 root root 4096 Jun 10 12:10 .. drwxr-x--- 2 root syslog 4096 Jun 10 12:27 .
Still getting the same error Jun 10 12:09:46 myhost-02 rsyslogd: unexpected GnuTLS error -12 in nsd_gtls.c:2071: A TLS fatal alert has been received. [v8.1905.0 try https://www.rsyslog.com/e/2078 ] Jun 10 12:09:46 myhost-02 rsyslogd: action 'action-0-builtin:omfwd' suspended (module 'builtin:omfwd'), retry 0. There should be messages before this one giving the reason for suspension. [v8.1905.0 try https://www.rsyslog.com/e/2007 ] Jun 10 12:09:47 myhost-02 rsyslogd: unexpected GnuTLS error -12 in nsd_gtls.c:2071: A TLS fatal alert has been received. [v8.1905.0 try https://www.rsyslog.com/e/2078 ] Jun 10 12:09:47 myhost-02 rsyslogd: action 'action-0-builtin:omfwd' suspended (module 'builtin:omfwd'), next retry is Mon Jun 10 12:10:17 2019, retry nbr 0. There should be messages before this one giving the reason for suspension. [v8.1905.0 try https://www.rsyslog.com/e/2007 ] On Mon, Jun 10, 2019 at 2:11 PM <[email protected]> wrote: > I fixed the SLM-Prod-Intermediary.pem and openssl can read it now. It was > missing BEGIN. > > However I am still seeing the same error > > rsyslogd: unexpected GnuTLS error -12 in nsd_gtls.c:2071: A TLS fatal > alert has been received. > > > > > > On Mon, Jun 10, 2019 at 2:05 PM <[email protected]> wrote: > >> I noticed I can read SLM-Root.pem fine with openssl. But >> SLM-Prod-Intermediary.pem fails. >> >> # openssl x509 -in SLM-Prod-Intermediary.pem -text >> unable to load certificate >> 139866841159328:error:0906D06C:PEM routines:PEM_read_bio:no start >> line:pem_lib.c:703:Expecting: TRUSTED CERTIFICATE >> >> That is possibly why TLS syslog is failing? >> >> >> >> On Mon, Jun 10, 2019 at 1:41 PM <[email protected]> wrote: >> >>> I am failing send syslog to TLS server with error message like below and >>> related config file >>> >>> Jun 10 10:29:33 myhost-02 rsyslogd: unexpected GnuTLS error -12 in >>> nsd_gtls.c:2071: A TLS fatal alert has been received. [v8.1905.0 try >>> https://www.rsyslog.com/e/2078 ] >>> Jun 10 10:29:33 myhost-02 rsyslogd: action 'action-0-builtin:omfwd' >>> suspended (module 'builtin:omfwd'), retry 0. There should be messages >>> before this one giving the reason for suspension. [v8.1905.0 try >>> https://www.rsyslog.com/e/2007 ] >>> Jun 10 10:29:34 myhost-02 rsyslogd: unexpected GnuTLS error -12 in >>> nsd_gtls.c:2071: A TLS fatal alert has been received. [v8.1905.0 try >>> https://www.rsyslog.com/e/2078 ] >>> Jun 10 10:29:34 myhost-02 rsyslogd: action 'action-0-builtin:omfwd' >>> suspended (module 'builtin:omfwd'), next retry is Mon Jun 10 10:30:04 2019, >>> retry nbr 0. There should be messages before this one giving the reason for >>> suspension. [v8.1905.0 try https://www.rsyslog.com/e/2007 ] >>> >>> >>> $ cat /etc/rsyslog.d/11-remote.conf >>> >>> $DefaultNetstreamDriver gtls >>> $DefaultNetstreamDriverCAFile /etc/rsyslog.d/ssl/SLM-Root.pem >>> $DefaultNetstreamDriverCertFile >>> /etc/rsyslog.d/ssl/myhost-02.example.net.pem >>> $DefaultNetstreamDriverKeyFile /etc/ssl/private/myhost-02.example.net.key >>> $ActionSendStreamDriverMode 1 >>> $ActionSendStreamDriverAuthMode anon >>> *.* @@192.168.1.100:6514 >>> >>> Some of the relevant files below >>> >>> root@myhost-02:/etc/rsyslog.d/ssl# ls -al >>> total 20 >>> drwxr-x--- 2 root syslog 4096 Jun 10 08:38 . >>> drwxr-xr-x 3 root root 4096 Jun 10 09:16 .. >>> lrwxrwxrwx 1 root root 25 Jun 10 08:38 .0 -> >>> SLM-Prod-Intermediary.pem >>> lrwxrwxrwx 1 root root 12 Jun 5 11:53 790a51e4.0 -> SLM-Root.pem >>> -rw-r----- 1 root syslog 1623 May 23 09:31 myhost-02.example.net.pem >>> -rw-r----- 1 root syslog 1179 May 23 09:31 SLM-Prod-Intermediary.pem >>> -rw-r----- 1 root syslog 1346 May 23 09:31 SLM-Root.pem >>> >>> root@myhost-02:~# ls -al /etc/ssl/private/ >>> total 16 >>> drwxr-x--- 2 root syslog 4096 Jun 5 11:58 . >>> drwxr-xr-x 4 root root 4096 Mar 31 14:40 .. >>> -rw-r----- 1 root syslog 1098 Jun 5 11:58 myhost-02.example.net.csr >>> -rw-r----- 1 root syslog 1679 Jun 5 11:56 myhost-02.example.net.key >>> >>> >>> Any suggestion where to look for error? >>> >>> >>> -- >>> Asif Iqbal >>> PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu >>> A: Because it messes up the order in which people normally read text. >>> Q: Why is top-posting such a bad thing? >>> >>> >> >> -- >> Asif Iqbal >> PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu >> A: Because it messes up the order in which people normally read text. >> Q: Why is top-posting such a bad thing? >> >> > > -- > Asif Iqbal > PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu > A: Because it messes up the order in which people normally read text. > Q: Why is top-posting such a bad thing? > > -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
