I am trying to send audit trails from rsyslog running on CentOS to auditdistd on FreeBSD using TLS.
auditdistd can be both sender and receiver. I would like to trick auditdistd into thinking that rsyslog is auditdistd running on a different machine.
The problem is that auditdistd requires the connecting clients to have a certificate's public key fingerprint generated with
openssl x509 -in /etc/security/auditdistd.cert.pem -noout -fingerprint -sha256 | \
awk -F '[ =]' '{printf("%s=%s\n", $1, $3)}'
and a password. I cannot find any rsyslog documentation explaining how to provide a fingerprint and a password to the rsyslog sender.
Is it even possible? How can I achieve this?
