TCP+TLS relay

This is the place for you, if you got rsyslog up and running but wonder how to make it do what you want.

Moderator: rgerhards

Google Ads


TCP+TLS relay

Postby yardenbar » Sun Aug 06, 2017 12:13 pm

Hi all,
I'm trying to configure rsyslog as a log TCP+TLS relay.
My use-case is that I have my own root-CA for receiving logs from clients/log-shippers and another CA crt that I need to use in order to relay logs to a TLS enabled 3rd party endpoint.

The issue is well described in https://github.com/rsyslog/rsyslog/issues/1702, but will outline it here in short form:
1. client submits a message to the rsyslog server using TLS+TCP input.
1.1. Both the client and the rsyslog server key/pem were issued using the same root-CA keypair.
2. The rsyslog server formats the message using a template
3. The rsyslog server tries to submit the formatted message to a 3rd part TLS enabled endpoint which its TLS crt was issued using a different CA than the one above (logs are shipped to SaaS log aggregation platform.)

When only the input OR the output are configured with TLS enabled, the pipeline works.
When I configure both imtcp and omfwd to use gtls, the pipeline doesn't work.

For the defaultNetstreamDriverCAFile I use a concatonation of *my* ca.pem and the 3rd paety ca.pem into one file.

Thanks in advance,
Jorden
yardenbar
New
 
Posts: 1
Joined: Sun Aug 06, 2017 11:59 am

Urgent Question?

  • Pulling out your Hair?
  • Wasting Time and Money?
  • Deadline Approaching?

Google Ads


Return to Configuration

Who is online

Users browsing this forum: No registered users and 2 guests

cron