should rsyslog TLS configuration work after CA/machine certificate expiry?

Question

I have done tls configuration between two nodes (client and server). i want to know what will happen if either one of the certificate ca.pem(CA certificate) or machine certificate get exipred.

rsyslog communication will stop working?

#$DefaultNetstreamDriver gtls

#certificate files for a client
#$DefaultNetstreamDriverCAFile /etc/tlscert/ca.pem
#$DefaultNetstreamDriverCertFile /etc/tlscert/machine-cert.pem
#$DefaultNetstreamDriverKeyFile /etc/tlscert/machine-key.pem

#set up the action
#$ActionSendStreamDriverMode 1
#$ActionSendStreamDriverAuthMode anon

score 0 · Answer 1 · answered Mar 13 '15 at 21:29

Yes. The rsyslogd server will refuse new syslog packets and the remote logging will stop working. You would see in the /var/log/[messages,syslog] which certificate is causing the problem.

By the way, I always use x509/name as parameter to the directive $ActionSendStreamDriverAuthMode on production environments to ensure the certificate check. I actually don't know what this parameter anon means. It seems that it's use is only suggested to test environments.

Anon means not to check the certificate. – cjs Apr 21 '17 at 05:38 — cjs, Apr 21 '17 at 05:38

should rsyslog TLS configuration work after CA/machine certificate expiry?

1 Answers1