我已经配置 Rsyslog 通过 Tls 传输,一切正常,但我想强制 Rsyslog 客户端通过 Tls 1.1 或更高版本发送,并自定义用于 Tls 的加密算法。
客户端配置文件
$FileOwner syslog
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
$PrivDropToUser syslog
$PrivDropToGroup syslog
$WorkDirectory /var/spool/rsyslog
global(
defaultNetstreamDriverCAFile = "/etc/ssl/certs/rsyslog_ca.pem"
)
if $msg contains', "operation": ' or $msg contains "[f:" or $msg
contains "sshd" or $msg contains "[NET] " or $msg contains "[MGR] " or
$msg contains "[IKE] " or $msg contains "[JOB] " or $msg contains "
[ENC] " or $msg contains "[CFG] " or $msg contains "[LIB] " or $msg
contains "[KNL] " then action(type="omfwd" target = "192.168.5.228"
port = "514" protocol = "tcp" TCP_Framing="octet-counted"
StreamDriver="gtls" StreamDriverMode="1"
StreamDriverAuthMode="x509/certvalid" rebindinterval = "10000"
queue.filename = "192-168-5-228-tcp-514" queue.type =
"fixedarray" queue.size = "100")
我不希望 Rsyslog 使用这些算法 secp244r1、secp192r1
答案1
我发现这对我有用
'gnutlsPriorityString="SECURE128:-VERS-TLS1.0:-CAMELLIA-128-CBC:-ECDHE-RSA:-
AES-256-GCM:-AEAD"