Coexistence of TCP and TLS log forwarding

This is the place for you, if you got rsyslog up and running but wonder how to make it do what you want.

Moderator: rgerhards

Google Ads


Coexistence of TCP and TLS log forwarding

Postby indivara » Tue Dec 12, 2017 1:17 pm

I've uncovered an issue when using omfwd to multiple syslog servers over different protocols.
For reasons that I won't go into right now, I'm using the legacy syntax.

The configuration is like this (only relevant parts shown) -

Code: Select all
$RuleSet server0
$ActionSendStreamDriver         ptcp
$ActionSendStreamDriverMode     0
$ActionSendStreamDriverAuthMode anon
*.* @@192.168.0.1:601

$RuleSet server1
$ActionSendStreamDriver         gtls
$ActionSendStreamDriverMode     1
$ActionSendStreamDriverAuthMode anon
*.* @@192.168.0.2:6514

$RuleSet server2
*.* @192.168.0.3:514

$RuleSet RSYSLOG_DefaultRuleset

# ---

$InputFileName        /path/to/file
$InputFileTag         tmpm:
$InputFileStateFile   server0.state
$InputFileSeverity    info
$InputFileFacility    local3
$InputFileBindRuleset server0
$InputRunFileMonitor

$InputFileName        /path/to/file
$InputFileTag         tmpm:
$InputFileStateFile   server1.state
$InputFileSeverity    info
$InputFileFacility    local3
$InputFileBindRuleset server1
$InputRunFileMonitor

# third setting omitted



What this does is send the contents of 'file' to several servers as defined in the rulesets.

The problem is that although the rulesets define independent protocol settings for each omfwd action (plain TCP and TLS), the ActionSendStreamDriverMode for gtls seems to be getting applied to the ptcp action. This occurs only when the ptcp ruleset precedes gtls.

When run with debug enabled, the following error gets displayed (even though ptcp is set to 0 in its ruleset)
Code: Select all
error: driver mode 1 not supported by ptcp netstream driver [v8.24.0 try http://www.rsyslog.com/e/2081 ]


Is this a known issue or does rsyslog version 8 not fully support legacy configuration? Version 7 seems to work properly (checked with v7.4.7 and v8.24.0, on Red Hat Enterprise Linux 7.x).


Thanks
Indivara
indivara
New
 
Posts: 2
Joined: Tue Dec 12, 2017 1:01 pm

Urgent Question?

  • Pulling out your Hair?
  • Wasting Time and Money?
  • Deadline Approaching?

Re: Coexistence of TCP and TLS log forwarding

Postby rgerhards » Tue Dec 12, 2017 1:37 pm

works as expected by the definition of obsolete legacy format. If you want to change that setting, you must set the action parameter to the new value right in front of the definition where it applies to. It's ugly, and that's why it's obsoleted ;-)
rgerhards
Site Admin
 
Posts: 3806
Joined: Thu Feb 13, 2003 11:57 am

Re: Coexistence of TCP and TLS log forwarding

Postby indivara » Wed Dec 13, 2017 4:41 am

Thanks for the quick response, Rainer, much appreciated!

I'm sorry but I don't quite follow what you meant by putting the action parameter ($ActionSendStreamDriverMode) right in front of the definition.
I tried several combinations but it made no difference. Could you link to an example or the relevant documentation?

In any case it is looking like we'll be better off migrating this to Rainerscript. The reason it is in legacy is because there was no way to specify per-action stream drivers using Rainerscript on older versions of rsyslog. Now that v8 is officially supported by Red Hat (finally!), I'm considering rewriting the rules using the new syntax (still would be nice to know what is wrong with what I've already written)

Thanks
Indivara
indivara
New
 
Posts: 2
Joined: Tue Dec 12, 2017 1:01 pm

Google Ads



Return to Configuration

Who is online

Users browsing this forum: No registered users and 2 guests

cron