Merge branch 'master' of git://source.jones.dk/local-COMMON

3 files changed, 32 insertions, 0 deletions

diff --git a/rsyslog.d/local-gtls-common.conf b/rsyslog.d/local-gtls-common.conf
new file mode 100644
index 0000000..aef8117
--- /dev/null
+++ b/rsyslog.d/local-gtls-common.conf
@@ -0,0 +1,21 @@
+# enable gtls driver and make it the default
+$ModLoad imtcp
+$DefaultNetstreamDriver gtls
+
+# certificate files
+$DefaultNetstreamDriverCAFile /etc/ssl/certs/ca-certificates.crt
+$DefaultNetstreamDriverCertFile /etc/ssl/certs/rsyslog.pem
+$DefaultNetstreamDriverKeyFile /etc/ssl/private/rsyslog.pem
+
+$InputTCPServerStreamDriverAuthMode x509/name
+$InputTCPServerStreamDriverMode 1 # run driver in TLS-only mode
+
+# sample reception (repeat last line for each client)
+#$InputTCPServerRun 514
+#$InputTCPServerStreamDriverPermittedPeer *.example.net
+
+# sample sending (repeat all lines for each server)
+#$ActionSendStreamDriverAuthMode x509/name
+#$ActionSendStreamDriverMode 1 # run driver in TLS-only mode
+#$ActionSendStreamDriverPermittedPeer central.example.net
+#*.* @@central.example.net:514 # forward everything to remote server
diff --git a/rsyslog.d/local-gtls-receive.conf b/rsyslog.d/local-gtls-receive.conf
new file mode 100644
index 0000000..b17d55a
--- /dev/null
+++ b/rsyslog.d/local-gtls-receive.conf
@@ -0,0 +1,5 @@
+# enable gtls reception
+$InputTCPServerRun 514
+
+# restrict access based on client certificate
+#$InputTCPServerStreamDriverPermittedPeer *.example.net
diff --git a/rsyslog.d/local-gtls-send.conf b/rsyslog.d/local-gtls-send.conf
new file mode 100644
index 0000000..e692b07
--- /dev/null
+++ b/rsyslog.d/local-gtls-send.conf
@@ -0,0 +1,6 @@
+# restrict access based on server certificate
+# (repeat all lines for each server)
+#$ActionSendStreamDriverAuthMode x509/name
+#$ActionSendStreamDriverMode 1 # run driver in TLS-only mode
+#$ActionSendStreamDriverPermittedPeer central.example.net
+#*.* @@central.example.net:514 # forward everything to remote server