When I set up TLS, I added another input for syslog over tcp:
Code: Select all
tcp {
port => 8888
type => 'syslog'
ssl_extra_chain_certs => ['/etc/pki/tls/certs/ca.pem']
ssl_cert => '/etc/pki/tls/certs/device-nls.crt'
ssl_key => '/etc/pki/tls/private/device-nls.key'
ssl_enable => true
ssl_verify => false
}
Code: Select all
#tls setup
$DefaultNetstreamDriverCAFile /etc/rsyslog.d/ca.pem
$ActionSendStreamDriver gtls
$ActionSendStreamDriverMode 1
$ActionSendStreamDriverAuthMode x509/name
As far as I can tell, I didn't do anything to change the format of the messages, only the transport. However, something must be different. Any ideas?
Thanks,
Eric