rsyslog: peer name not authorized - not permitted to talk to it

Turns out that the client was supplying an untrusted certificate.

Steps to figure this out:

  1. On client, run: openssl s_client -connect :10514 and remediate any errors

  2. on server, run: openssl s_client -connect :10514

  3. in rsyslogd.conf, switch: $InputTCPServerStreamDriverAuthMode x509/name to $InputTCPServerStreamDriverAuthMode anon that allows any client to connect without authorizing the client. This ought to allow events to be submitted.

This narrowed it down to a client cert issue.

Tags:

Ssl

Rsyslog