I am trying like this but I am getting https://www.rsyslog.com/doc/v8-stable/configuration/modules/omrelp.html?highlight=relp#sending-msgs-with-omrelp-via-tls
rsyslogd: could not load module 'lmnsd_openssl', errors: trying to load module /usr/lib/rsyslog/lmnsd_openssl.so: /usr/lib/rsyslog/lmnsd_openssl.so: cannot open shared object file: No such file or directory [v8.1905.0 try https://www.rsyslog.com/e/2066 ] On Mon, Jun 10, 2019 at 3:35 PM <[email protected]> wrote: > I do not see any ossl or openssl module here > > root@myhost-02:/usr/lib/rsyslog# ls > imfile.so immark.so imtcp.so imuxsock.so lmnet.so > lmnsd_gtls.so lmregexp.so lmtcpsrv.so mmexternal.so mmsequence.so > omprog.so pmciscoios.so pmlastmsg.so pmsnare.so > imklog.so impstats.so imudp.so lmcry_gcry.so lmnetstrms.so > lmnsd_ptcp.so lmtcpclt.so lmzlibw.so mmpstrucdata.so ommail.so > pmaixforwardedfrom.so pmcisconames.so pmnull.so > > # lsb_release -a > No LSB modules are available. > Distributor ID: Ubuntu > Description: Ubuntu 14.04.2 LTS > Release: 14.04 > Codename: trusty > > # rsyslogd -v > rsyslogd 8.1905.0 (aka 2019.05) compiled with: > PLATFORM: x86_64-pc-linux-gnu > PLATFORM (lsb_release -d): > FEATURE_REGEXP: Yes > GSSAPI Kerberos 5 support: No > FEATURE_DEBUG (debug build, slow code): No > 32bit Atomic operations supported: Yes > 64bit Atomic operations supported: Yes > memory allocator: system default > Runtime Instrumentation (slow code): No > uuid support: Yes > systemd support: No > Config file: /etc/rsyslog.conf > PID file: /var/run/rsyslogd.pid > Number of Bits in RainerScript integers: 64 > > > > On Mon, Jun 10, 2019 at 2:16 PM David Lang <[email protected]> wrote: > >> the poor error reporting is why openssl was added as an option, you may >> want to >> try using that (IIRC it's something like driver="ossl") >> >> David Lang >> >> On Mon, 10 Jun 2019, Asif Iqbal via rsyslog wrote: >> >> > I fixed the SLM-Prod-Intermediary.pem and openssl can read it now. It >> was >> > missing BEGIN. >> > >> > However I am still seeing the same error >> > >> > rsyslogd: unexpected GnuTLS error -12 in nsd_gtls.c:2071: A TLS fatal >> > alert has been received. >> > >> > >> > >> > >> > >> > On Mon, Jun 10, 2019 at 2:05 PM <[email protected]> wrote: >> > >> >> I noticed I can read SLM-Root.pem fine with openssl. But >> >> SLM-Prod-Intermediary.pem fails. >> >> >> >> # openssl x509 -in SLM-Prod-Intermediary.pem -text >> >> unable to load certificate >> >> 139866841159328:error:0906D06C:PEM routines:PEM_read_bio:no start >> >> line:pem_lib.c:703:Expecting: TRUSTED CERTIFICATE >> >> >> >> That is possibly why TLS syslog is failing? >> >> >> >> >> >> >> >> On Mon, Jun 10, 2019 at 1:41 PM <[email protected]> wrote: >> >> >> >>> I am failing send syslog to TLS server with error message like below >> and >> >>> related config file >> >>> >> >>> Jun 10 10:29:33 myhost-02 rsyslogd: unexpected GnuTLS error -12 in >> >>> nsd_gtls.c:2071: A TLS fatal alert has been received. [v8.1905.0 try >> >>> https://www.rsyslog.com/e/2078 ] >> >>> Jun 10 10:29:33 myhost-02 rsyslogd: action 'action-0-builtin:omfwd' >> >>> suspended (module 'builtin:omfwd'), retry 0. There should be messages >> >>> before this one giving the reason for suspension. [v8.1905.0 try >> >>> https://www.rsyslog.com/e/2007 ] >> >>> Jun 10 10:29:34 myhost-02 rsyslogd: unexpected GnuTLS error -12 in >> >>> nsd_gtls.c:2071: A TLS fatal alert has been received. [v8.1905.0 try >> >>> https://www.rsyslog.com/e/2078 ] >> >>> Jun 10 10:29:34 myhost-02 rsyslogd: action 'action-0-builtin:omfwd' >> >>> suspended (module 'builtin:omfwd'), next retry is Mon Jun 10 10:30:04 >> 2019, >> >>> retry nbr 0. There should be messages before this one giving the >> reason for >> >>> suspension. [v8.1905.0 try https://www.rsyslog.com/e/2007 ] >> >>> >> >>> >> >>> $ cat /etc/rsyslog.d/11-remote.conf >> >>> >> >>> $DefaultNetstreamDriver gtls >> >>> $DefaultNetstreamDriverCAFile /etc/rsyslog.d/ssl/SLM-Root.pem >> >>> $DefaultNetstreamDriverCertFile >> >>> /etc/rsyslog.d/ssl/myhost-02.example.net.pem >> >>> $DefaultNetstreamDriverKeyFile >> /etc/ssl/private/myhost-02.example.net.key >> >>> $ActionSendStreamDriverMode 1 >> >>> $ActionSendStreamDriverAuthMode anon >> >>> *.* @@192.168.1.100:6514 >> >>> >> >>> Some of the relevant files below >> >>> >> >>> root@myhost-02:/etc/rsyslog.d/ssl# ls -al >> >>> total 20 >> >>> drwxr-x--- 2 root syslog 4096 Jun 10 08:38 . >> >>> drwxr-xr-x 3 root root 4096 Jun 10 09:16 .. >> >>> lrwxrwxrwx 1 root root 25 Jun 10 08:38 .0 -> >> SLM-Prod-Intermediary.pem >> >>> lrwxrwxrwx 1 root root 12 Jun 5 11:53 790a51e4.0 -> SLM-Root.pem >> >>> -rw-r----- 1 root syslog 1623 May 23 09:31 myhost-02.example.net.pem >> >>> -rw-r----- 1 root syslog 1179 May 23 09:31 SLM-Prod-Intermediary.pem >> >>> -rw-r----- 1 root syslog 1346 May 23 09:31 SLM-Root.pem >> >>> >> >>> root@myhost-02:~# ls -al /etc/ssl/private/ >> >>> total 16 >> >>> drwxr-x--- 2 root syslog 4096 Jun 5 11:58 . >> >>> drwxr-xr-x 4 root root 4096 Mar 31 14:40 .. >> >>> -rw-r----- 1 root syslog 1098 Jun 5 11:58 myhost-02.example.net.csr >> >>> -rw-r----- 1 root syslog 1679 Jun 5 11:56 myhost-02.example.net.key >> >>> >> >>> >> >>> Any suggestion where to look for error? >> >>> >> >>> >> >>> -- >> >>> Asif Iqbal >> >>> PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu >> >>> A: Because it messes up the order in which people normally read text. >> >>> Q: Why is top-posting such a bad thing? >> >>> >> >>> >> >> >> >> -- >> >> Asif Iqbal >> >> PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu >> >> A: Because it messes up the order in which people normally read text. >> >> Q: Why is top-posting such a bad thing? >> >> >> >> >> > >> > >> > > > -- > Asif Iqbal > PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu > A: Because it messes up the order in which people normally read text. > Q: Why is top-posting such a bad thing? > > -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
