On Tue, 28 May 2024, Kathy Lyons wrote:
I hope this is better.
much better
We have a server and two clients with wireguard on them. The server is
10.10.10.1, the first client is 10.10.10.2 and the second client is
10.10.10.3. The tunnel works and I can ping from server -> clients and vice
versa.
Rsyslog on the server is listening on TCP port 12345 and that is confirmed
via ss/netstat.
Both clients can reach the server at TCP port 12345 (used netcat)
Iptables is wide open for now.
There are no firewalls between the server and clients.
I want to send logs from both clients to the server via rsyslog through the
wireguard tunnel. The server will then forwards all logs to another server
via udp port 514.
For the rsyslog portion I do not need or want data traversing the tunnel to
be encrypted. As of now I cannot get an established TCP connection from
either client to the server.
Here are my configs - what am I doing wrong?
*
*Server**
# I've tried both with and without the line below
global(defaultNetStreamDriver="ptcp")
$ModLoad imtcp
$InputTCPServerStreamDriverAuthMode anon
$InputTCPServerStreamDriverMode 0
$InputTCPServerRun 12345
If they don't need to be encrypted, why are you setting encryption?
$template LDSTag, "<%PRI>%TIMESTAMP [nameofsystem] %syslog% %msg%"
# 10.50.x.x is where the server sends its local data and that of the clients
via udp port 514
if $fromhost-ip <> '127.0.0.1' then @10.50.x.x;LDSTag
&stop
note that a clearer way of writing this is:
if $fromhost-ip <> '127.0.0.1' then {
@10.50.x.x;LDSTag
stop
}
auth.*;authpriv.*;cron.*;daemon.*;kern.*;local0.*;local4.* @10.50.x.x;LDSTag
**Client**
*#*I've tried both with and without the line below
global(defaultNetStreamDriver="ptcp")
$ModLoad imtcp
$template LDSTag,"<%PRI>%TIMESTAMP [PUBLIC_IP] %syslog% %msg%"
#Send Settings
$ActionWriteAllMarkMessages on
$ActionSendStreamDriverPermittedPeer "10.10.10.1"
$ActionSendStreamDriverMode 0
auth.*;authpriv.*;cron.*;daemon.*;kern.*;local0.*;local4.*
@@10.10.10.10.1:12345;LDSTmpl
if you do a tcpdump on port 12345 what do you see happening on each side?
David Lang
On 5/28/2024 5:42 PM, David Lang wrote:
your message is badly linewrapped, can you please try again?
also note that while you can ping between the systems, that doesn't mean
that port 514 (TCP or UDP) can get through, either due to firewalls at the
network layer or iptables on the systems
David Lang
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
