diff options
author | Mathieu Bornoz <mathieu.bornoz@camptocamp.com> | 2013-05-01 10:10:35 +0200 |
---|---|---|
committer | Raphaƫl Pinson <raphael.pinson@camptocamp.com> | 2013-12-03 09:35:38 +0100 |
commit | fb924446a69b9ce07ea898d5d301ccca8de72b2f (patch) | |
tree | 8a31bba5306311dd81ec90bf443c501304c24320 /templates | |
parent | f8a05e0e6dd7a40fe53329a20ff81227b23bb398 (diff) |
SSL support
Diffstat (limited to 'templates')
-rw-r--r-- | templates/client.conf.erb | 13 | ||||
-rw-r--r-- | templates/server/_default-header.conf.erb | 13 |
2 files changed, 25 insertions, 1 deletions
diff --git a/templates/client.conf.erb b/templates/client.conf.erb index e5dfb8c..d86a271 100644 --- a/templates/client.conf.erb +++ b/templates/client.conf.erb @@ -8,6 +8,17 @@ $ActionQueueSaveOnShutdown on # save messages to disk on shutdown $ActionQueueType LinkedList # run asynchronously $ActionResumeRetryCount -1 # infinety retries if host is down +<% if scope.lookupvar('rsyslog::client::ssl') -%> +# Setup SSL connection. +# CA/Cert +$DefaultNetStreamDriverCAFile <%= scope.lookupvar('rsyslog::client::ssl_ca') %> + +# Connection settings. +$DefaultNetstreamDriver gtls +$ActionSendStreamDriverMode 1 +$ActionSendStreamDriverAuthMode anon +<% end -%> + <% if scope.lookupvar('rsyslog::client::log_remote') -%> # Log to remote syslog server using <%= scope.lookupvar('rsyslog::client::remote_type') %> <% if scope.lookupvar('rsyslog::client::remote_type') == 'tcp' -%> @@ -79,7 +90,7 @@ news.notice -/var/log/news/news.notice # The named pipe /dev/xconsole is for the `xconsole' utility. To use it, # you must invoke `xconsole' with the `-file' option: -# +# # $ xconsole -file /dev/xconsole [...] # # NOTE: adjust the list below, or you'll go crazy if you have a reasonably diff --git a/templates/server/_default-header.conf.erb b/templates/server/_default-header.conf.erb index 19eb173..95391ce 100644 --- a/templates/server/_default-header.conf.erb +++ b/templates/server/_default-header.conf.erb @@ -16,5 +16,18 @@ $ModLoad imtcp $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat <% end -%> +<% if scope.lookupvar('rsyslog::server::ssl') -%> +# Server side SSL. +$DefaultNetstreamDriver gtls + +# Cert files. +$DefaultNetstreamDriverCAFile <%= scope.lookupvar('rsyslog::server::ssl_ca') %> +$DefaultNetstreamDriverCertFile <%= scope.lookupvar('rsyslog::server::ssl_cert') %> +$DefaultNetstreamDriverKeyFile <%= scope.lookupvar('rsyslog::server::ssl_key') %> + +$InputTCPServerStreamDriverMode 1 +$InputTCPServerStreamDriverAuthMode anon +<% end -%> + # Switch to remote ruleset $RuleSet remote |