diff options
Diffstat (limited to 'templates')
-rw-r--r-- | templates/client.conf.erb | 13 | ||||
-rw-r--r-- | templates/server/_default-header.conf.erb | 13 |
2 files changed, 25 insertions, 1 deletions
diff --git a/templates/client.conf.erb b/templates/client.conf.erb index e5dfb8c..d86a271 100644 --- a/templates/client.conf.erb +++ b/templates/client.conf.erb @@ -8,6 +8,17 @@ $ActionQueueSaveOnShutdown on # save messages to disk on shutdown $ActionQueueType LinkedList # run asynchronously $ActionResumeRetryCount -1 # infinety retries if host is down +<% if scope.lookupvar('rsyslog::client::ssl') -%> +# Setup SSL connection. +# CA/Cert +$DefaultNetStreamDriverCAFile <%= scope.lookupvar('rsyslog::client::ssl_ca') %> + +# Connection settings. +$DefaultNetstreamDriver gtls +$ActionSendStreamDriverMode 1 +$ActionSendStreamDriverAuthMode anon +<% end -%> + <% if scope.lookupvar('rsyslog::client::log_remote') -%> # Log to remote syslog server using <%= scope.lookupvar('rsyslog::client::remote_type') %> <% if scope.lookupvar('rsyslog::client::remote_type') == 'tcp' -%> @@ -79,7 +90,7 @@ news.notice -/var/log/news/news.notice # The named pipe /dev/xconsole is for the `xconsole' utility. To use it, # you must invoke `xconsole' with the `-file' option: -# +# # $ xconsole -file /dev/xconsole [...] # # NOTE: adjust the list below, or you'll go crazy if you have a reasonably diff --git a/templates/server/_default-header.conf.erb b/templates/server/_default-header.conf.erb index 19eb173..95391ce 100644 --- a/templates/server/_default-header.conf.erb +++ b/templates/server/_default-header.conf.erb @@ -16,5 +16,18 @@ $ModLoad imtcp $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat <% end -%> +<% if scope.lookupvar('rsyslog::server::ssl') -%> +# Server side SSL. +$DefaultNetstreamDriver gtls + +# Cert files. +$DefaultNetstreamDriverCAFile <%= scope.lookupvar('rsyslog::server::ssl_ca') %> +$DefaultNetstreamDriverCertFile <%= scope.lookupvar('rsyslog::server::ssl_cert') %> +$DefaultNetstreamDriverKeyFile <%= scope.lookupvar('rsyslog::server::ssl_key') %> + +$InputTCPServerStreamDriverMode 1 +$InputTCPServerStreamDriverAuthMode anon +<% end -%> + # Switch to remote ruleset $RuleSet remote |