Hi Eero,
I found this page: http://www.sebdangerfield.me.uk/2011/12/setting-up-a-centralised-syslog-server-in-the-cloud/ which suggests that:
There is a good chance you’ve got the $InputTCPServerRun and $InputTCPServerStreamDriverMode directives in the wrong order, the $InputTCPServerRun should come last.
Then I got the error messages that the peer was not permitted to talk to the server. It looks like the order of commands is very specific and needs to be:
$InputTCPServerStreamDriverAuthMode x509/name
$InputTCPServerStreamDriverPermittedPeer *.example.net
$InputTCPServerStreamDriverMode 1 # run driver in TLS-only mode
$InputTCPServerRun 10514 # start up listener at port 10514
It seems to all be working now.
Do you know the selinux magic that I need to perform on the certificates so that it works without disabling selinux?
Thanks for all the help,
Robin.
________________________________________
From: [log in to unmask] [[log in to unmask]] on behalf of Eero Volotinen [[log in to unmask]]
Sent: 22 July 2014 18:01
To: Robin Eamonn Long
Cc: Scientific Linux Users
Subject: Re: Encrypted rsyslog
2014-07-22 18:58 GMT+03:00 Robin Long <[log in to unmask]<mailto:[log in to unmask]>>:
Hi Eero,
I set selinux to permissive as you suggested and the error went away. However, the logs on the remote server now look like this:
Jul 22 16:54:54 client.server #026#003#002#000V#001#000#000R#003#002Sºz<82>#002<CE><E7>-#021<A5>L<B6>j<A7>@<BB>#024X<E3><DB>|<FP
<B6>P<96><F4>N<A3>W#000#000$#0003#000E#0009#000<88>#000#026#0002#000D#0008#000<87>#000#023#000f#000/#000A#0005#000<84>
Usually something wrong with certificates, it's a bit hard to debug. try regeneration of all certificates including the ca.
--
Eero
