I do not see any ossl or openssl module here root@myhost-02:/usr/lib/rsyslog# ls imfile.so immark.so imtcp.so imuxsock.so lmnet.so lmnsd_gtls.so lmregexp.so lmtcpsrv.so mmexternal.so mmsequence.so omprog.so pmciscoios.so pmlastmsg.so pmsnare.so imklog.so impstats.so imudp.so lmcry_gcry.so lmnetstrms.so lmnsd_ptcp.so lmtcpclt.so lmzlibw.so mmpstrucdata.so ommail.so pmaixforwardedfrom.so pmcisconames.so pmnull.so
# lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 14.04.2 LTS Release: 14.04 Codename: trusty # rsyslogd -v rsyslogd 8.1905.0 (aka 2019.05) compiled with: PLATFORM: x86_64-pc-linux-gnu PLATFORM (lsb_release -d): FEATURE_REGEXP: Yes GSSAPI Kerberos 5 support: No FEATURE_DEBUG (debug build, slow code): No 32bit Atomic operations supported: Yes 64bit Atomic operations supported: Yes memory allocator: system default Runtime Instrumentation (slow code): No uuid support: Yes systemd support: No Config file: /etc/rsyslog.conf PID file: /var/run/rsyslogd.pid Number of Bits in RainerScript integers: 64 On Mon, Jun 10, 2019 at 2:16 PM David Lang <[email protected]> wrote: > the poor error reporting is why openssl was added as an option, you may > want to > try using that (IIRC it's something like driver="ossl") > > David Lang > > On Mon, 10 Jun 2019, Asif Iqbal via rsyslog wrote: > > > I fixed the SLM-Prod-Intermediary.pem and openssl can read it now. It was > > missing BEGIN. > > > > However I am still seeing the same error > > > > rsyslogd: unexpected GnuTLS error -12 in nsd_gtls.c:2071: A TLS fatal > > alert has been received. > > > > > > > > > > > > On Mon, Jun 10, 2019 at 2:05 PM <[email protected]> wrote: > > > >> I noticed I can read SLM-Root.pem fine with openssl. But > >> SLM-Prod-Intermediary.pem fails. > >> > >> # openssl x509 -in SLM-Prod-Intermediary.pem -text > >> unable to load certificate > >> 139866841159328:error:0906D06C:PEM routines:PEM_read_bio:no start > >> line:pem_lib.c:703:Expecting: TRUSTED CERTIFICATE > >> > >> That is possibly why TLS syslog is failing? > >> > >> > >> > >> On Mon, Jun 10, 2019 at 1:41 PM <[email protected]> wrote: > >> > >>> I am failing send syslog to TLS server with error message like below > and > >>> related config file > >>> > >>> Jun 10 10:29:33 myhost-02 rsyslogd: unexpected GnuTLS error -12 in > >>> nsd_gtls.c:2071: A TLS fatal alert has been received. [v8.1905.0 try > >>> https://www.rsyslog.com/e/2078 ] > >>> Jun 10 10:29:33 myhost-02 rsyslogd: action 'action-0-builtin:omfwd' > >>> suspended (module 'builtin:omfwd'), retry 0. There should be messages > >>> before this one giving the reason for suspension. [v8.1905.0 try > >>> https://www.rsyslog.com/e/2007 ] > >>> Jun 10 10:29:34 myhost-02 rsyslogd: unexpected GnuTLS error -12 in > >>> nsd_gtls.c:2071: A TLS fatal alert has been received. [v8.1905.0 try > >>> https://www.rsyslog.com/e/2078 ] > >>> Jun 10 10:29:34 myhost-02 rsyslogd: action 'action-0-builtin:omfwd' > >>> suspended (module 'builtin:omfwd'), next retry is Mon Jun 10 10:30:04 > 2019, > >>> retry nbr 0. There should be messages before this one giving the > reason for > >>> suspension. [v8.1905.0 try https://www.rsyslog.com/e/2007 ] > >>> > >>> > >>> $ cat /etc/rsyslog.d/11-remote.conf > >>> > >>> $DefaultNetstreamDriver gtls > >>> $DefaultNetstreamDriverCAFile /etc/rsyslog.d/ssl/SLM-Root.pem > >>> $DefaultNetstreamDriverCertFile > >>> /etc/rsyslog.d/ssl/myhost-02.example.net.pem > >>> $DefaultNetstreamDriverKeyFile > /etc/ssl/private/myhost-02.example.net.key > >>> $ActionSendStreamDriverMode 1 > >>> $ActionSendStreamDriverAuthMode anon > >>> *.* @@192.168.1.100:6514 > >>> > >>> Some of the relevant files below > >>> > >>> root@myhost-02:/etc/rsyslog.d/ssl# ls -al > >>> total 20 > >>> drwxr-x--- 2 root syslog 4096 Jun 10 08:38 . > >>> drwxr-xr-x 3 root root 4096 Jun 10 09:16 .. > >>> lrwxrwxrwx 1 root root 25 Jun 10 08:38 .0 -> > SLM-Prod-Intermediary.pem > >>> lrwxrwxrwx 1 root root 12 Jun 5 11:53 790a51e4.0 -> SLM-Root.pem > >>> -rw-r----- 1 root syslog 1623 May 23 09:31 myhost-02.example.net.pem > >>> -rw-r----- 1 root syslog 1179 May 23 09:31 SLM-Prod-Intermediary.pem > >>> -rw-r----- 1 root syslog 1346 May 23 09:31 SLM-Root.pem > >>> > >>> root@myhost-02:~# ls -al /etc/ssl/private/ > >>> total 16 > >>> drwxr-x--- 2 root syslog 4096 Jun 5 11:58 . > >>> drwxr-xr-x 4 root root 4096 Mar 31 14:40 .. > >>> -rw-r----- 1 root syslog 1098 Jun 5 11:58 myhost-02.example.net.csr > >>> -rw-r----- 1 root syslog 1679 Jun 5 11:56 myhost-02.example.net.key > >>> > >>> > >>> Any suggestion where to look for error? > >>> > >>> > >>> -- > >>> Asif Iqbal > >>> PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu > >>> A: Because it messes up the order in which people normally read text. > >>> Q: Why is top-posting such a bad thing? > >>> > >>> > >> > >> -- > >> Asif Iqbal > >> PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu > >> A: Because it messes up the order in which people normally read text. > >> Q: Why is top-posting such a bad thing? > >> > >> > > > > > -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
