yes I do that
but it don’t works
This indicates that your rsyslog client is not configured to use TCP+TLS for sending log messages to Graylog:
yes, it’s before when I succeeded to send data without TLS encryption.
Now I can’t receive any log with the TLS configuration
It’s write this for the client configuration :
The client setup is equally simple. You need less certificates, just the CA cert.
But we don’t have a CA cert on the server because we use the JVM Store.
The JVM certificate and trust stores are where the certificates, CA certificates, and private keys are stored.
What is the default CA when you follow your tutorial with the JVM store ?
Because I try to found the self signed certificate with this command :
keytool -list -v -keystore /etc/graylog/server/certificats/cacerts.jks
In the https tutorial, it’s write to add self signed certificat, but at no time there is CA part :
$ keytool -importcert -keystore /path/to/cacerts.jks -storepass changeit -alias graylog-self-signed -file cert.pem
Do you have an idea ?
This is a community forum. If you want fixed SLA for your questions and support requests, you’ll have to buy professional support: https://www.graylog.org/pricing
if you have to buy a support every time you ask questions about your documents because it’s not clear, we will not get out.
This is what worked for me.
I add this to a file in /etc/rsyslog.d
#First, setup disk assisted queues
$WorkDirectory /var/spool/rsyslog # where to place spool files
$ActionQueueFileName fwdRule1 # unique name prefix for spool files
$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
$ActionQueueType LinkedList # run asynchronously
$ActionResumeRetryCount -1 # infinite retries if host is down
#RsyslogGnuTLS
$DefaultNetstreamDriverCAFile /etc/ssl/yourcert.pem
$ActionSendStreamDriver gtls
$ActionSendStreamDriverMode 1
$ActionSendStreamDriverAuthMode x509/name
$ActionSendStreamDriverPermittedPeer *.your.domain.com
. @@10.20.x.x:12255;RSYSLOG_SyslogProtocol23Format
We also have our own certificate authority, so had to import the root cert into both the Java keystore and server keystore.
apt-get install java-common
apt-get install openjdk-8-jdk-headless
- Make sure the public certificate is in pem format and Linux file (no Windows characters)
- The default trust store of an installed Java runtime environment can be found at $JAVA_HOME/jre/lib/security/cacerts or /etc/ssl/certs/java/cacerts (due to all the symbolic links).
import:
keytool -importcert -keystore /etc/ssl/certs/cacerts -storepass changeit -alias YourCA -file cert.pem
View:
keytool -list -v -keystore /etc/ssl/certs/java/cacerts | grep your.domain.com
For my server root certificate store I followed the process in:
https://manpages.debian.org/jessie/ca-certificates/update-ca-certificates.8.en.html
Good luck!
Thanks a lot for informations.
I managed to encrypt the data using the nxlog solution finally
1 Like
Hello,
I have some questions about your solution. Do you have installed the java-common packet on the client ?
Because, I have only installed this on the Graylog server
Thanks
Have a good day
Hi,
I don’t think Java is needed on any syslog client. The one other think I did not mention in my solution above is selinux may need configuration if you have it on.
Good luck.
OK, thanks I try to use your configuration for a CentOS server, but it can’t work
What is the name of your file in /etc/rsyslog.d ? Because you don’t use the /etc/rsyslong.conf files ?
Thanks in advance
Do you use the same certificat than https ?
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.