MonitorWare Knowledge Base

no problem. I now see the error cause, looks like in some instance a user error is not generated. There is a problem with the certificate, GnuTLS returns that it can't read it. I think the one in question is the CA file.

• Custom written rsyslog.conf?
• Maintenance Contract?
• Installation support?

Hmm... the CA file? I'll go through the whole process again...

thanks for the advice...

did you use the step-by-step guide from the doc set? If not, I suggest it.

Hi,

it has been sorted.

The problems were 2:

1. wrong filename for a certificate file... my bad
2. the order of rsyslog's directives in /etc/rsyslog.conf is also important.

--
$ModLoad immark.so # provides --MARK-- message capability
$ModLoad imuxsock.so # provides support for local system logging (e.g. via logger command)
$ModLoad imklog.so # provides kernel logging support (previously done by rklogd)
$ModLoad imudp.so # provides UDP syslog reception
$ModLoad imtcp.so # load module

# make gtls driver the default
$DefaultNetstreamDriver gtls

# certificate files
$DefaultNetstreamDriverCAFile /etc/certs/mainca.pem
$DefaultNetstreamDriverCertFile /etc/certs/logserver-cert.pem
$DefaultNetstreamDriverKeyFile /etc/certs/logserver-key.pem

# UDP Syslog Server:
$UDPServerRun 514 # start a UDP syslog server at standard port 514

$InputTCPServerStreamDriverAuthMode x509/name
$InputTCPServerStreamDriverPermittedPeer *.domain.tld
$InputTCPServerStreamDriverMode 1 # run driver in TLS-only mode
$InputTCPServerRun 514

--

My 2 cents...
Martin

glad it works now. And sorry I overlooked the order issue. With rsyslog, order is very important, in anything you do in the config file.