David, That was the fix. I needed to install rsyslog-openssl package to get the ossl driver
So this was the final version using ossl driver instead of gtls driver on ubuntu trusty $ cat /etc/rsyslog.d/11-remote.conf $DefaultNetstreamDriver *ossl* $DefaultNetstreamDriverCAFile /etc/rsyslog.d/ssl/SLM-Root.pem $DefaultNetstreamDriverCertFile /etc/rsyslog.d/ssl/myhost-02.example.net.pem $DefaultNetstreamDriverKeyFile /etc/ssl/private/myhost-02.example.net.key $ActionSendStreamDriverMode 1 $ActionSendStreamDriverAuthMode anon *.* @@192.168.1.100:6514 Thanks a lot for your help On Mon, Jun 10, 2019 at 3:54 PM <[email protected]> wrote: > I am trying like this but I am getting > > > https://www.rsyslog.com/doc/v8-stable/configuration/modules/omrelp.html?highlight=relp#sending-msgs-with-omrelp-via-tls > > rsyslogd: could not load module 'lmnsd_openssl', errors: trying to load > module /usr/lib/rsyslog/lmnsd_openssl.so: > /usr/lib/rsyslog/lmnsd_openssl.so: cannot open shared object file: No such > file or directory [v8.1905.0 try https://www.rsyslog.com/e/2066 ] > > > > > On Mon, Jun 10, 2019 at 3:35 PM <[email protected]> wrote: > >> I do not see any ossl or openssl module here >> >> root@myhost-02:/usr/lib/rsyslog# ls >> imfile.so immark.so imtcp.so imuxsock.so lmnet.so >> lmnsd_gtls.so lmregexp.so lmtcpsrv.so mmexternal.so mmsequence.so >> omprog.so pmciscoios.so pmlastmsg.so pmsnare.so >> imklog.so impstats.so imudp.so lmcry_gcry.so lmnetstrms.so >> lmnsd_ptcp.so lmtcpclt.so lmzlibw.so mmpstrucdata.so ommail.so >> pmaixforwardedfrom.so pmcisconames.so pmnull.so >> >> # lsb_release -a >> No LSB modules are available. >> Distributor ID: Ubuntu >> Description: Ubuntu 14.04.2 LTS >> Release: 14.04 >> Codename: trusty >> >> # rsyslogd -v >> rsyslogd 8.1905.0 (aka 2019.05) compiled with: >> PLATFORM: x86_64-pc-linux-gnu >> PLATFORM (lsb_release -d): >> FEATURE_REGEXP: Yes >> GSSAPI Kerberos 5 support: No >> FEATURE_DEBUG (debug build, slow code): No >> 32bit Atomic operations supported: Yes >> 64bit Atomic operations supported: Yes >> memory allocator: system default >> Runtime Instrumentation (slow code): No >> uuid support: Yes >> systemd support: No >> Config file: /etc/rsyslog.conf >> PID file: /var/run/rsyslogd.pid >> Number of Bits in RainerScript integers: 64 >> >> >> >> On Mon, Jun 10, 2019 at 2:16 PM David Lang <[email protected]> wrote: >> >>> the poor error reporting is why openssl was added as an option, you may >>> want to >>> try using that (IIRC it's something like driver="ossl") >>> >>> David Lang >>> >>> On Mon, 10 Jun 2019, Asif Iqbal via rsyslog wrote: >>> >>> > I fixed the SLM-Prod-Intermediary.pem and openssl can read it now. It >>> was >>> > missing BEGIN. >>> > >>> > However I am still seeing the same error >>> > >>> > rsyslogd: unexpected GnuTLS error -12 in nsd_gtls.c:2071: A TLS fatal >>> > alert has been received. >>> > >>> > >>> > >>> > >>> > >>> > On Mon, Jun 10, 2019 at 2:05 PM <[email protected]> wrote: >>> > >>> >> I noticed I can read SLM-Root.pem fine with openssl. But >>> >> SLM-Prod-Intermediary.pem fails. >>> >> >>> >> # openssl x509 -in SLM-Prod-Intermediary.pem -text >>> >> unable to load certificate >>> >> 139866841159328:error:0906D06C:PEM routines:PEM_read_bio:no start >>> >> line:pem_lib.c:703:Expecting: TRUSTED CERTIFICATE >>> >> >>> >> That is possibly why TLS syslog is failing? >>> >> >>> >> >>> >> >>> >> On Mon, Jun 10, 2019 at 1:41 PM <[email protected]> wrote: >>> >> >>> >>> I am failing send syslog to TLS server with error message like below >>> and >>> >>> related config file >>> >>> >>> >>> Jun 10 10:29:33 myhost-02 rsyslogd: unexpected GnuTLS error -12 in >>> >>> nsd_gtls.c:2071: A TLS fatal alert has been received. [v8.1905.0 try >>> >>> https://www.rsyslog.com/e/2078 ] >>> >>> Jun 10 10:29:33 myhost-02 rsyslogd: action 'action-0-builtin:omfwd' >>> >>> suspended (module 'builtin:omfwd'), retry 0. There should be messages >>> >>> before this one giving the reason for suspension. [v8.1905.0 try >>> >>> https://www.rsyslog.com/e/2007 ] >>> >>> Jun 10 10:29:34 myhost-02 rsyslogd: unexpected GnuTLS error -12 in >>> >>> nsd_gtls.c:2071: A TLS fatal alert has been received. [v8.1905.0 try >>> >>> https://www.rsyslog.com/e/2078 ] >>> >>> Jun 10 10:29:34 myhost-02 rsyslogd: action 'action-0-builtin:omfwd' >>> >>> suspended (module 'builtin:omfwd'), next retry is Mon Jun 10 >>> 10:30:04 2019, >>> >>> retry nbr 0. There should be messages before this one giving the >>> reason for >>> >>> suspension. [v8.1905.0 try https://www.rsyslog.com/e/2007 ] >>> >>> >>> >>> >>> >>> $ cat /etc/rsyslog.d/11-remote.conf >>> >>> >>> >>> $DefaultNetstreamDriver gtls >>> >>> $DefaultNetstreamDriverCAFile /etc/rsyslog.d/ssl/SLM-Root.pem >>> >>> $DefaultNetstreamDriverCertFile >>> >>> /etc/rsyslog.d/ssl/myhost-02.example.net.pem >>> >>> $DefaultNetstreamDriverKeyFile >>> /etc/ssl/private/myhost-02.example.net.key >>> >>> $ActionSendStreamDriverMode 1 >>> >>> $ActionSendStreamDriverAuthMode anon >>> >>> *.* @@192.168.1.100:6514 >>> >>> >>> >>> Some of the relevant files below >>> >>> >>> >>> root@myhost-02:/etc/rsyslog.d/ssl# ls -al >>> >>> total 20 >>> >>> drwxr-x--- 2 root syslog 4096 Jun 10 08:38 . >>> >>> drwxr-xr-x 3 root root 4096 Jun 10 09:16 .. >>> >>> lrwxrwxrwx 1 root root 25 Jun 10 08:38 .0 -> >>> SLM-Prod-Intermediary.pem >>> >>> lrwxrwxrwx 1 root root 12 Jun 5 11:53 790a51e4.0 -> SLM-Root.pem >>> >>> -rw-r----- 1 root syslog 1623 May 23 09:31 myhost-02.example.net.pem >>> >>> -rw-r----- 1 root syslog 1179 May 23 09:31 SLM-Prod-Intermediary.pem >>> >>> -rw-r----- 1 root syslog 1346 May 23 09:31 SLM-Root.pem >>> >>> >>> >>> root@myhost-02:~# ls -al /etc/ssl/private/ >>> >>> total 16 >>> >>> drwxr-x--- 2 root syslog 4096 Jun 5 11:58 . >>> >>> drwxr-xr-x 4 root root 4096 Mar 31 14:40 .. >>> >>> -rw-r----- 1 root syslog 1098 Jun 5 11:58 myhost-02.example.net.csr >>> >>> -rw-r----- 1 root syslog 1679 Jun 5 11:56 myhost-02.example.net.key >>> >>> >>> >>> >>> >>> Any suggestion where to look for error? >>> >>> >>> >>> >>> >>> -- >>> >>> Asif Iqbal >>> >>> PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu >>> >>> A: Because it messes up the order in which people normally read text. >>> >>> Q: Why is top-posting such a bad thing? >>> >>> >>> >>> >>> >> >>> >> -- >>> >> Asif Iqbal >>> >> PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu >>> >> A: Because it messes up the order in which people normally read text. >>> >> Q: Why is top-posting such a bad thing? >>> >> >>> >> >>> > >>> > >>> >> >> >> -- >> Asif Iqbal >> PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu >> A: Because it messes up the order in which people normally read text. >> Q: Why is top-posting such a bad thing? >> >> > > -- > Asif Iqbal > PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu > A: Because it messes up the order in which people normally read text. > Q: Why is top-posting such a bad thing? > > -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
