Re: [rsyslog] Forward to multiple syslog servers with TLS protocol (multiple sets of CA/cert/key)

[David Lang via rsyslog]

am I correct in thinking that things need to be set in the new format with 
action() and input() and that multiple instances of the old format (as in the 
original email below) will not work?

David Lang
On Wed, 6 Apr 2022, Rainer Gerhards wrote:

Date: Wed, 6 Apr 2022 10:01:35 +0200
From: Rainer Gerhards <rgerha...@hq.adiscon.com>
To: rsyslog-users <rsyslog@lists.adiscon.com>
Cc: David Lang <da...@lang.hm>
Subject: Re: [rsyslog] Forward to multiple syslog servers with TLS protocol
    (multiple sets of CA/cert/key)

Yes, it's in. I think for roughly a year now.

Rainer

Sent from phone, thus brief.

David Lang via rsyslog <rsyslog@lists.adiscon.com> schrieb am Mi., 6. Apr.
2022, 00:12:

up until at least very recently this was not possible. There has been work
to
make the connection configuration able to be on a per-connection basis,
but I'm
not sure if that's completed and been merged yet. If it has, it would not
have
hit before about 8.2110 or newer.

This will absolutly require using the new format (not $foo bar followed by
what
it applies to, but action(foo="bar"...) specifying all parameters for that
action)

Rainer would need to comment on the status of that.

the super-ugly work-around would be to forward unencrypted via localhost
or unix
socket to additional instances of rsyslog (one per destination) that would
have
the encryption settings you need.

David Lang

On Tue, 5 Apr 2022, ZHU Joshua via rsyslog wrote:

Hi,
I need to set up syslog forwarding from a single host (source) to
multiple remote syslog servers using the TLS protocol, and

1)      each remote server has its own trusted CA

2)      each forward configuration on the source host has its own
certificate and private key

For example, suppose I need to forward logs to remoteSyslogServer1 and
remoteSyslogServer2, I'd have two sets of CA/cert/key

$DefaultNetstreamDriverCAFile /path/to/remoteSyslogServer1/ca1.pem
$DefaultNetstreamDriverCertFile
/path/to/remoteSyslogServer1/ca1-signed-cert.pem
$DefaultNetstreamDriverKeyFile
/path/to/remoteSyslogServer1/private-key-for-ca1-signed-cert.pem

and

$DefaultNetstreamDriverCAFile /path/to/remoteSyslogServer2/ca2.pem
$DefaultNetstreamDriverCertFile
/path/to/remoteSyslogServer2/ca2-signed-cert.pem
$DefaultNetstreamDriverKeyFile
/path/to/remoteSyslogServer2/private-key-for-ca2-signed-cert.pem

In other words, I need somehow to scope the above directives by the two
remote syslog servers in the source host's rsyslog configuration.

Question: any idea on how this can be done?  or pointers to
documentations explaining how to do this?

Thanks very much,
Joshua

_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.

_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.


_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.