Hello, i think you should completely uninstall rsyslog and compile and install it because i think rpm package you have doesnt support TLS.
git clone https://github.com/rsyslog/rsyslog.git ./autogen.sh ./configure --enable-imudp --enable-imtcp --enable-omstdout --enable-gnutls --enable-openssl make make install Ozgur Mehmet Avcioglu <[email protected]>, 25 Haz 2025 Çar, 22:56 tarihinde şunu yazdı: > > > also remember dont forget that openssl is experimental. > > I am trying to find the more stable one, as mentioned before I see > crashes with gnutls, and I figured I would try openssl based on > earlier comments from David. > > My config is like below, I don't have load=gtls and I uninstalled > rsyslog-gnutls package. I can compile the rsyslog package but was > hoping that I could do it with precompiled packages. > > action( > type="omrelp" > target="10.3.2.5" > port="11514" > tls="on" > tls.authmode="name" > tls.permittedpeer=["host.domain.com"] > ) > > # rsyslogd -v > rsyslogd 8.2502.0 (aka 2025.02) compiled with: > PLATFORM: x86_64-redhat-linux-gnu > PLATFORM (lsb_release -d): > FEATURE_REGEXP: Yes > GSSAPI Kerberos 5 support: Yes > FEATURE_DEBUG (debug build, slow code): No > 32bit Atomic operations supported: Yes > 64bit Atomic operations supported: Yes > memory allocator: system default > Runtime Instrumentation (slow code): No > uuid support: Yes > systemd support: Yes > Config file: /etc/rsyslog.conf > PID file: /var/run/syslogd.pid > Number of Bits in RainerScript integers: 64 > > # rpm -qa|grep rsyslog > rsyslog-8.2502.0-1.el8.x86_64 > rsyslog-relp-8.2502.0-1.el8.x86_64 > rsyslog-openssl-8.2502.0-1.el8.x86_64 > > > On Wed, Jun 25, 2025 at 9:56 PM Ozgur Karatas <[email protected]> wrote: > > > > Mehmet Avcioglu via rsyslog <[email protected]>, 25 Haz 2025 > > Çar, 15:38 tarihinde şunu yazdı: > > > > > > How does rsyslog decide whether to use gnutls or openssl? I > > > specifically installed the rsyslog-openssl package and removed > > > rsyslog-gnutls package from Rocky8 servers, but possibly gnutls is > > > still used instead of openssl, as the logs reference gnutls and I > > > still see rsyslog linking to gnutls library. Any insight would be > > > appreciated. > > > > > > > Hello, > > > > first use rsyslogd -v and check TLS support. > > second check your config: > > > > module(load="gtls") - gnutls > > module(load="omrelp") - relp tls > > > > also remember dont forget that openssl is experimental. > > if you use source code please use: > > > > ./configure --enable-openssl > > > > Ozgur > > > > > > > I am using 8.2502 and relp. The reason why I want to try openssl > > > instead of gnutls is that sometimes (which I cannot reproduce myself) > > > right after gnutls error messages, like the ones given below, client > > > rsyslog exits. > > > > > > omrelp[11514]: error 'TLS record write failed [gnutls error -53: Error > > > in the push function.]' > > > imrelp[11514]: error 'TLS record write failed [gnutls error -408: > > > Cannot perform this action while handshake is in progress.]', object > > > 'lstn 11514: conn to clt 10.6.9.4' - input may not work as intended > > > "imrelp[11514]: error 'TLS handshake failed [gnutls error -54: Error > > > in the pull function.]', object 'lstn 11514: conn to clt 10.6.9.4' - > > > input may not work as intended" > > > > > > # ldd /lib64/rsyslog/omrelp.so | grep -E 'ssl|gnutls' > > > libgnutls.so.30 => /lib64/libgnutls.so.30 (0x00007894a4400000) > > > libssl.so.1.1 => /lib64/libssl.so.1.1 (0x00007894a4000000) > > > > > > # lsof -p $(pidof rsyslogd) | grep -E 'ssl|gnutls' > > > rsyslogd 2077751 root mem REG 253,0 619872 > > > 402886459 /usr/lib64/libssl.so.1.1.1k > > > rsyslogd 2077751 root mem REG 253,0 2051648 > > > 402886940 /usr/lib64/libgnutls.so.30.28.2 > > > > > > # cat /proc/$(pidof rsyslogd)/maps | grep -E 'ssl|gnutls' > > > 7ffad7d8d000-7ffad7e14000 r-xp 00000000 fd:00 402886459 > > > /usr/lib64/libssl.so.1.1.1k > > > 7ffad7e14000-7ffad8014000 ---p 00087000 fd:00 402886459 > > > /usr/lib64/libssl.so.1.1.1k > > > 7ffad8014000-7ffad801d000 r--p 00087000 fd:00 402886459 > > > /usr/lib64/libssl.so.1.1.1k > > > 7ffad801d000-7ffad8021000 rw-p 00090000 fd:00 402886459 > > > /usr/lib64/libssl.so.1.1.1k > > > 7ffad8022000-7ffad81ff000 r-xp 00000000 fd:00 402886940 > > > /usr/lib64/libgnutls.so.30.28.2 > > > 7ffad81ff000-7ffad83fe000 ---p 001dd000 fd:00 402886940 > > > /usr/lib64/libgnutls.so.30.28.2 > > > 7ffad83fe000-7ffad840f000 r--p 001dc000 fd:00 402886940 > > > /usr/lib64/libgnutls.so.30.28.2 > > > 7ffad840f000-7ffad8411000 rw-p 001ed000 fd:00 402886940 > > > /usr/lib64/libgnutls.so.30.28.2 > > > > > > Thank you > > > > > > -- > > > Mehmet > > > _______________________________________________ > > > rsyslog mailing list > > > https://lists.adiscon.net/mailman/listinfo/rsyslog > > > http://www.rsyslog.com/professional-services/ > > > What's up with rsyslog? Follow https://twitter.com/rgerhards > > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > > > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > > > DON'T LIKE THAT. > > > > _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
