root@debdev ~ # apt install rsyslog-gnutls

# make gtls driver the default and set certificate files
global(
DefaultNetstreamDriver="gtls"
DefaultNetstreamDriverCAFile="/root/myCert.pem"
DefaultNetstreamDriverCertFile="/root/myCert.pem"
DefaultNetstreamDriverKeyFile="/root/myKey.key"
)

# load TCP listener
module(
load="imtcp"
StreamDriver.Name="gtls"
StreamDriver.Mode="1"
StreamDriver.Authmode="anon"
)

# start up listener at port 6514
input(
type="imtcp"
port="6514"
)

$AllowedSender TCP,10.250.10.0/24

root@debdev ~ # mkdir -p /var/log/remote

$template remote-logs, "/var/log/remote/%HOSTNAME%.log"
*.* ?remote-logs

5 thoughts on “rsyslog: Configure TLS/SSL”

1. hi,
   I have used your example to configure my rsyslog server using TCP/TLS , configuration validation looks Okay but when I tried to validate the rsyslog listener by using openssl s_client command I got an error, it looks like certificate has not been loaded. Any idea what could be the problem?
   🙁
   [root@nsma2012-cb1143-1-clcm-01 ~]# openssl s_client -connect 100.73.145.22:3514
   CONNECTED(00000003)
   140029878425488:error:140790E5:SSL routines:ssl23_write:ssl handshake failure:s23_lib.c:177:
   —
   no peer certificate available
   —
   No client certificate CA names sent
   —
   SSL handshake has read 0 bytes and written 289 bytes
   —
   New, (NONE), Cipher is (NONE)
   Secure Renegotiation IS NOT supported
   Compression: NONE
   Expansion: NONE
   No ALPN negotiated
   SSL-Session:
   Protocol : TLSv1.2
   …..

   Log in to Reply

2. tls: either ServerName or InsecureSkipVerify must be specified in the tls.Config

   Getting this Error

   Log in to Reply

3. Does the client connecting to the rsyslog server need a certificate also? or does it just need the ca certificate

   Log in to Reply

   1. The client doesn’t need a certificate. But the client must trust root CA (and the intermediate CA if used) of the rsyslog server certificate.

      Michaek

      Log in to Reply

4. Michael how do you configure the client server?

   Log in to Reply