summaryrefslogtreecommitdiff
path: root/templates
diff options
context:
space:
mode:
authorMathieu Bornoz <mathieu.bornoz@camptocamp.com>2013-05-01 10:10:35 +0200
committerRaphaƫl Pinson <raphael.pinson@camptocamp.com>2013-12-03 09:35:38 +0100
commitfb924446a69b9ce07ea898d5d301ccca8de72b2f (patch)
tree8a31bba5306311dd81ec90bf443c501304c24320 /templates
parentf8a05e0e6dd7a40fe53329a20ff81227b23bb398 (diff)
SSL support
Diffstat (limited to 'templates')
-rw-r--r--templates/client.conf.erb13
-rw-r--r--templates/server/_default-header.conf.erb13
2 files changed, 25 insertions, 1 deletions
diff --git a/templates/client.conf.erb b/templates/client.conf.erb
index e5dfb8c..d86a271 100644
--- a/templates/client.conf.erb
+++ b/templates/client.conf.erb
@@ -8,6 +8,17 @@ $ActionQueueSaveOnShutdown on # save messages to disk on shutdown
$ActionQueueType LinkedList # run asynchronously
$ActionResumeRetryCount -1 # infinety retries if host is down
+<% if scope.lookupvar('rsyslog::client::ssl') -%>
+# Setup SSL connection.
+# CA/Cert
+$DefaultNetStreamDriverCAFile <%= scope.lookupvar('rsyslog::client::ssl_ca') %>
+
+# Connection settings.
+$DefaultNetstreamDriver gtls
+$ActionSendStreamDriverMode 1
+$ActionSendStreamDriverAuthMode anon
+<% end -%>
+
<% if scope.lookupvar('rsyslog::client::log_remote') -%>
# Log to remote syslog server using <%= scope.lookupvar('rsyslog::client::remote_type') %>
<% if scope.lookupvar('rsyslog::client::remote_type') == 'tcp' -%>
@@ -79,7 +90,7 @@ news.notice -/var/log/news/news.notice
# The named pipe /dev/xconsole is for the `xconsole' utility. To use it,
# you must invoke `xconsole' with the `-file' option:
-#
+#
# $ xconsole -file /dev/xconsole [...]
#
# NOTE: adjust the list below, or you'll go crazy if you have a reasonably
diff --git a/templates/server/_default-header.conf.erb b/templates/server/_default-header.conf.erb
index 19eb173..95391ce 100644
--- a/templates/server/_default-header.conf.erb
+++ b/templates/server/_default-header.conf.erb
@@ -16,5 +16,18 @@ $ModLoad imtcp
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
<% end -%>
+<% if scope.lookupvar('rsyslog::server::ssl') -%>
+# Server side SSL.
+$DefaultNetstreamDriver gtls
+
+# Cert files.
+$DefaultNetstreamDriverCAFile <%= scope.lookupvar('rsyslog::server::ssl_ca') %>
+$DefaultNetstreamDriverCertFile <%= scope.lookupvar('rsyslog::server::ssl_cert') %>
+$DefaultNetstreamDriverKeyFile <%= scope.lookupvar('rsyslog::server::ssl_key') %>
+
+$InputTCPServerStreamDriverMode 1
+$InputTCPServerStreamDriverAuthMode anon
+<% end -%>
+
# Switch to remote ruleset
$RuleSet remote
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-18 08:57:50 +0000