imgssapi: GSSAPI Syslog Input Module

Module Name:

imgssapi

Author:

varmojfekoj

Purpose

Provides the ability to receive syslog messages from the network protected via Kerberos 5 encryption and authentication. This module also accept plain tcp syslog messages on the same port if configured to do so. If you need just plain tcp, use imtcp instead.

Note: This is a contributed module, which is not supported by the rsyslog team. We recommend to use RFC5425 TLS-protected syslog instead.

Configuration Parameters

Note

Parameter names are case-insensitive.

Input Parameter

Note

Parameter are only available in Legacy Format.

InputGSSServerRun

type

default

mandatory

obsolete legacy directive

word

none

no

$InputGSSServerRun

Starts a GSSAPI server on selected port - note that this runs independently from the TCP server.

InputGSSServerServiceName

type

default

mandatory

obsolete legacy directive

word

none

no

$InputGSSServerServiceName

The service name to use for the GSS server.

InputGSSServerPermitPlainTCP

type

default

mandatory

obsolete legacy directive

binary

0

no

$InputGSSServerPermitPlainTCP

Permits the server to receive plain tcp syslog (without GSS) on the same port.

InputGSSServerMaxSessions

type

default

mandatory

obsolete legacy directive

integer

200

no

$InputGSSServerMaxSessions

Sets the maximum number of sessions supported.

InputGSSServerKeepAlive

type

default

mandatory

obsolete legacy directive

binary

0

no

$InputGSSServerKeepAlive

New in version 8.5.0.

Enables or disable keep-alive handling.

InputGSSListenPortFileName

type

default

mandatory

obsolete legacy directive

word

none

no

$InputGSSListenPortFileName

New in version 8.38.0.

With this parameter you can specify the name for a file. In this file the port, imtcp is connected to, will be written. This parameter was introduced because the testbench works with dynamic ports.

Note

If this parameter is set, 0 will be accepted as the port. Otherwise it is automatically changed to port 514

Caveats/Known Bugs

  • module always binds to all interfaces

  • only a single listener can be bound

Example

This sets up a GSS server on port 1514 that also permits to receive plain tcp syslog messages (on the same port):

$ModLoad imgssapi # needs to be done just once
$InputGSSServerRun 1514
$InputGSSServerPermitPlainTCP on

See also

Help with configuring/using Rsyslog:

See also

Contributing to Rsyslog:

Copyright 2008-2023 Rainer Gerhards (Großrinderfeld), and Others.