Fix rsyslog-gnutls config files and improve comments.

1 files changed, 5 insertions, 16 deletions

diff --git a/rsyslog.d/local-gtls-common.conf b/rsyslog.d/local-gtls-common.conf
index aef8117..ebdab86 100644
--- a/rsyslog.d/local-gtls-common.conf
+++ b/rsyslog.d/local-gtls-common.conf
@@ -1,21 +1,10 @@
-# enable gtls driver and make it the default
-$ModLoad imtcp
+# common options for both server reception and client sending
+
+# use gtls driver by default
 $DefaultNetstreamDriver gtls
 
 # certificate files
-$DefaultNetstreamDriverCAFile /etc/ssl/certs/ca-certificates.crt
+# (only CAFile needed at client if using AuthMode anon)
+$DefaultNetstreamDriverCAFile /etc/ssl/certs/cacert.org.pem
 $DefaultNetstreamDriverCertFile /etc/ssl/certs/rsyslog.pem
 $DefaultNetstreamDriverKeyFile /etc/ssl/private/rsyslog.pem
-
-$InputTCPServerStreamDriverAuthMode x509/name
-$InputTCPServerStreamDriverMode 1 # run driver in TLS-only mode
-
-# sample reception (repeat last line for each client)
-#$InputTCPServerRun 514
-#$InputTCPServerStreamDriverPermittedPeer *.example.net
-
-# sample sending (repeat all lines for each server)
-#$ActionSendStreamDriverAuthMode x509/name
-#$ActionSendStreamDriverMode 1 # run driver in TLS-only mode
-#$ActionSendStreamDriverPermittedPeer central.example.net
-#*.* @@central.example.net:514 # forward everything to remote server