Apache Filter stopped working when adding TLS
Posted: Fri Jul 13, 2018 2:35 pm
I set up a CentOS 7 server with apache to forward access log and error log files to Nagios Log Server using rsyslog. I used the scripts from NLS to configure rsyslog on the client. Everything worked as expected. Log entries are showing up as apache_access and apache_error.
When I set up TLS, I added another input for syslog over tcp:
I added the following to the client config:
Now, the log messages are still loaded into NLS, but they don't appear to be running through the Apache filter. They are all identified as "syslog" and the program value for apache_access or apache_error is not present.
As far as I can tell, I didn't do anything to change the format of the messages, only the transport. However, something must be different. Any ideas?
Thanks,
Eric
When I set up TLS, I added another input for syslog over tcp:
Code: Select all
tcp {
port => 8888
type => 'syslog'
ssl_extra_chain_certs => ['/etc/pki/tls/certs/ca.pem']
ssl_cert => '/etc/pki/tls/certs/device-nls.crt'
ssl_key => '/etc/pki/tls/private/device-nls.key'
ssl_enable => true
ssl_verify => false
}
Code: Select all
#tls setup
$DefaultNetstreamDriverCAFile /etc/rsyslog.d/ca.pem
$ActionSendStreamDriver gtls
$ActionSendStreamDriverMode 1
$ActionSendStreamDriverAuthMode x509/name
As far as I can tell, I didn't do anything to change the format of the messages, only the transport. However, something must be different. Any ideas?
Thanks,
Eric