I've got three certificate files (CA, server, and key) that I've set up according to the official rsyslog documentation. My configuration file looks something like this:
```
global(
DefaultNetstreamDriver="gtls"
DefaultNetstreamDriverCertFile="/etc/rsyslog.d/certs/server-cert.pem"
DefaultNetstreamDriverKeyFile="/etc/rsyslog.d/certs/server-key.pem"
DefaultNetstreamDriverCAFile="/etc/rsyslog.d/certs/ca.pem"
)
```
I made sure all these certificates are located in the directory "etc/rsyslog.d/certs/*". After restarting the rsyslog service, I didn't see any errors in journalctl. I provided the CA file to a customer who set up their client (a Huawei SecMaster that sends logs via TCP). However, when they check the connection using the command
`openssl s_client -connect :1514`, they only see the client hello part without any response from the server.
I noticed in the global rsyslog.conf file that the `$workDirectory` is set to "var/lib/rsyslog". Should I put the certificate files in that directory instead, like "var/lib/rsyslog/certs/*" and then reference them with relative paths in the configuration, like `DefaultNetstreamDriverCAFile="/certs/ca.pem"`? I also have the gtls module installed on my server. Any guidance would be greatly appreciated!
2 Answers
You can actually store certs for rsyslog in any directory that the rsyslog process can access. On my RedHat setup, I typically put them in `/etc/pki/tls/{certs,private}` where we keep other cert files. Just ensure the right SELinux labels and context policies are set for those locations.
A tip: running `rsyslogd -N1` is super helpful for spotting config issues, and `-N3` is even better if you have multiple included configuration files.
Also, stay consistent with the syntax style throughout your configs (either RainerScript or legacy), so you don't run into frustrating syntax problems later on!
Check out this error log from `rsyslogd -N1`. Any thoughts? https://preview.redd.it/opyulld4mq2g1.jpeg?width=4000&format=pjpg&auto=webp&s=e354ba7f12e44d89f9aeb7d09b57cb4c270fc9ac
Make sure you've got everything defined correctly. It should look something like this:
```
# Make gtls driver the default and set certificate files
global(
DefaultNetstreamDriver="gtls"
DefaultNetstreamDriverCAFile="/path/to/contrib/gnutls/ca.pem"
DefaultNetstreamDriverCertFile="/path/to/contrib/gnutls/cert.pem"
DefaultNetstreamDriverKeyFile="/path/to/contrib/gnutls/key.pem"
)
# Load TCP listener
module(
load="imtcp"
StreamDriver.Name="gtls"
StreamDriver.Mode="1"
StreamDriver.Authmode="anon"
)
# Start listener at port 6514
input(
type="imtcp"
port="6514"
)
```
Also, check your paths. If there are spaces, that might be an issue too!
Here's a snapshot of my script if it helps! https://preview.redd.it/k4znry31mq2g1.jpeg?width=4000&format=pjpg&auto=webp&s=8e9c0efbfd8a922cd2fd8c32715bf1c67d238bb4
I ran `rsyslogd -N1` and it didn't show any errors, which is really frustrating! I'm not sure what's going wrong.