Open mreiger opened 3 years ago
Update: Using the selfsigned certificate as CA certificate (Parameter ca_file) works.
Still, it is not clear to me how the verify_mode parameter is supposed to work. Can anyone clarify?
Hi @mreiger
I have cerated self signed CA certificate. Created Server certificate and signed that with the CA.
Syslog server config ->
$ModLoad imtcp
$InputTCPServerRun 1514
$InputTCPServerStreamDriverMode 1 # run driver in TLS-only mode
$InputTCPServerStreamDriverAuthMode anon
#Make gtls driver the default
$DefaultNetstreamDriver gtls
# certificate files
#
$DefaultNetstreamDriverCAFile /etc/rsyslog-keys/ca.pem
$DefaultNetstreamDriverCertFile /etc/rsyslog-keys/server-cert.pem
$DefaultNetstreamDriverKeyFile /etc/rsyslog-keys/server-key.pem
Fluentd COnfig
<match *.*>
@type remote_syslog
host <syslogsrver-hostname>
port 1514
protocol tcp
tls true
ca_file /etc/rsyslog-keys-my-ss/ca.pem
</match>
getting err --> error="verification error"
2022-05-25 12:45:24 +0000 [warn]: #0 failed to flush the buffer. retry_time=11 next_retry_seconds=2022-05-25 13:04:30 +0000 chunk="5dfd52f20e6fd2d95309fb4f32b59316" error_class=RuntimeError error="verification error"
2022-05-25 12:45:24 +0000 [warn]: #0 suppressed same stacktrace
2022-05-25 13:04:34 +0000 [warn]: #0 failed to flush the buffer. retry_time=12 next_retry_seconds=2022-05-25 13:41:59 +0000 chunk="5dfd52f20e6fd2d95309fb4f32b59316" error_class=RuntimeError error="verification error"
2022-05-25 13:04:34 +0000 [warn]: #0 suppressed same stacktrace
Could you please suggest what i'm missing?
Hi I am trying to use this plugin (via the fluentd kubernetes daemonset Debian syslog docker image, which as far as I can tell uses this plugin for output.)
I need to use TLS encryption and the syslog receiver uses a selfsigned certificate. Therefore I tried to disable certificate verification with the verify_mode paramter; however I still get a verification error and no connection.
This is my output configuration:
Name matching is done via /etc/hosts (through Kubernetes hostAliases) entry.
The selfsigned certificate has "syslogserver" both as issuer and subject CN; but this should not matter since I try to disable certificate verification anyway.
The error message I get is:
I also tried other values for verify_mode after some searching:
but the result - and the error message - is the same.
Can you advise me what the correct use of the parameter is?