From 0e86e9149f814cdb30fb5db0f1a1b8bb6d2b6ea3 Mon Sep 17 00:00:00 2001
From: root <root@slamuf.jones.dk>
Date: Wed, 4 Mar 2009 17:45:05 +0100
Subject: Add rsyslog config snippets to use TLS.

---
 rsyslog.d/local-gtls-client.conf |  6 ++++++
 rsyslog.d/local-gtls-server.conf |  5 +++++
 rsyslog.d/local-gtls.conf        | 21 +++++++++++++++++++++
 3 files changed, 32 insertions(+)
 create mode 100644 rsyslog.d/local-gtls-client.conf
 create mode 100644 rsyslog.d/local-gtls-server.conf
 create mode 100644 rsyslog.d/local-gtls.conf

(limited to 'rsyslog.d')

diff --git a/rsyslog.d/local-gtls-client.conf b/rsyslog.d/local-gtls-client.conf
new file mode 100644
index 0000000..e692b07
--- /dev/null
+++ b/rsyslog.d/local-gtls-client.conf
@@ -0,0 +1,6 @@
+# restrict access based on server certificate
+# (repeat all lines for each server)
+#$ActionSendStreamDriverAuthMode x509/name
+#$ActionSendStreamDriverMode 1 # run driver in TLS-only mode
+#$ActionSendStreamDriverPermittedPeer central.example.net
+#*.* @@central.example.net:514 # forward everything to remote server
diff --git a/rsyslog.d/local-gtls-server.conf b/rsyslog.d/local-gtls-server.conf
new file mode 100644
index 0000000..b17d55a
--- /dev/null
+++ b/rsyslog.d/local-gtls-server.conf
@@ -0,0 +1,5 @@
+# enable gtls reception
+$InputTCPServerRun 514
+
+# restrict access based on client certificate
+#$InputTCPServerStreamDriverPermittedPeer *.example.net
diff --git a/rsyslog.d/local-gtls.conf b/rsyslog.d/local-gtls.conf
new file mode 100644
index 0000000..aef8117
--- /dev/null
+++ b/rsyslog.d/local-gtls.conf
@@ -0,0 +1,21 @@
+# enable gtls driver and make it the default
+$ModLoad imtcp
+$DefaultNetstreamDriver gtls
+
+# certificate files
+$DefaultNetstreamDriverCAFile /etc/ssl/certs/ca-certificates.crt
+$DefaultNetstreamDriverCertFile /etc/ssl/certs/rsyslog.pem
+$DefaultNetstreamDriverKeyFile /etc/ssl/private/rsyslog.pem
+
+$InputTCPServerStreamDriverAuthMode x509/name
+$InputTCPServerStreamDriverMode 1 # run driver in TLS-only mode
+
+# sample reception (repeat last line for each client)
+#$InputTCPServerRun 514
+#$InputTCPServerStreamDriverPermittedPeer *.example.net
+
+# sample sending (repeat all lines for each server)
+#$ActionSendStreamDriverAuthMode x509/name
+#$ActionSendStreamDriverMode 1 # run driver in TLS-only mode
+#$ActionSendStreamDriverPermittedPeer central.example.net
+#*.* @@central.example.net:514 # forward everything to remote server
-- 
cgit v1.2.3