diff options
| author | root <root@slamuf.jones.dk> | 2009-09-13 22:39:50 +0200 |
|---|---|---|
| committer | root <root@slamuf.jones.dk> | 2009-09-13 22:39:50 +0200 |
| commit | fad935026196426beb9ddbc76abe97a744417b9e (patch) | |
| tree | e1c86d6f5281d6c713f6bb5c4accce7f83b8da75 /rsyslog.d | |
| parent | 876557dbdfbd4b03043dacc84d202d61ba794054 (diff) | |
Fix rsyslog-gnutls config files and improve comments.
Diffstat (limited to 'rsyslog.d')
| -rw-r--r-- | rsyslog.d/local-gtls-common.conf | 21 | ||||
| -rw-r--r-- | rsyslog.d/local-gtls-receive.conf | 20 | ||||
| -rw-r--r-- | rsyslog.d/local-gtls-send.conf | 21 |
3 files changed, 41 insertions, 21 deletions
diff --git a/rsyslog.d/local-gtls-common.conf b/rsyslog.d/local-gtls-common.conf index aef8117..ebdab86 100644 --- a/rsyslog.d/local-gtls-common.conf +++ b/rsyslog.d/local-gtls-common.conf @@ -1,21 +1,10 @@ -# enable gtls driver and make it the default -$ModLoad imtcp +# common options for both server reception and client sending + +# use gtls driver by default $DefaultNetstreamDriver gtls # certificate files -$DefaultNetstreamDriverCAFile /etc/ssl/certs/ca-certificates.crt +# (only CAFile needed at client if using AuthMode anon) +$DefaultNetstreamDriverCAFile /etc/ssl/certs/cacert.org.pem $DefaultNetstreamDriverCertFile /etc/ssl/certs/rsyslog.pem $DefaultNetstreamDriverKeyFile /etc/ssl/private/rsyslog.pem - -$InputTCPServerStreamDriverAuthMode x509/name -$InputTCPServerStreamDriverMode 1 # run driver in TLS-only mode - -# sample reception (repeat last line for each client) -#$InputTCPServerRun 514 -#$InputTCPServerStreamDriverPermittedPeer *.example.net - -# sample sending (repeat all lines for each server) -#$ActionSendStreamDriverAuthMode x509/name -#$ActionSendStreamDriverMode 1 # run driver in TLS-only mode -#$ActionSendStreamDriverPermittedPeer central.example.net -#*.* @@central.example.net:514 # forward everything to remote server diff --git a/rsyslog.d/local-gtls-receive.conf b/rsyslog.d/local-gtls-receive.conf index b17d55a..1427da1 100644 --- a/rsyslog.d/local-gtls-receive.conf +++ b/rsyslog.d/local-gtls-receive.conf @@ -1,5 +1,21 @@ -# enable gtls reception -$InputTCPServerRun 514 +# server reception + +# load support for tcp-based network reception +$ModLoad imtcp + +# run driver in TLS-only mode +$InputTCPServerStreamDriverMode 1 + +# enable only one of below authentication schemes + +# client is NOT authenticated +#$InputTCPServerStreamDriverAuthMode anon # restrict access based on client certificate +# (adjust and add Peer lines as needed) +$InputTCPServerStreamDriverAuthMode x509/name #$InputTCPServerStreamDriverPermittedPeer *.example.net +#$InputTCPServerStreamDriverPermittedPeer foo.example.org + +# enable gtls reception +$InputTCPServerRun 10514 diff --git a/rsyslog.d/local-gtls-send.conf b/rsyslog.d/local-gtls-send.conf index e692b07..b3ec4a4 100644 --- a/rsyslog.d/local-gtls-send.conf +++ b/rsyslog.d/local-gtls-send.conf @@ -1,6 +1,21 @@ +# client sending + +# run driver in TLS-only mode +$ActionSendStreamDriverMode 1 + +# enable only one of below authentication schemes + +# client is NOT authenticated +# (client needs only CAFile certificate) +#$ActionSendStreamDriverAuthMode anon + # restrict access based on server certificate -# (repeat all lines for each server) +# (adjust Peer line as needed) #$ActionSendStreamDriverAuthMode x509/name -#$ActionSendStreamDriverMode 1 # run driver in TLS-only mode #$ActionSendStreamDriverPermittedPeer central.example.net -#*.* @@central.example.net:514 # forward everything to remote server + +# forward everything to remote server +# (adjust as needed) +#*.* @@central.example.net:10514 + +# (repeat all above lines for each restricted server, not just last two) |