Use this documentation with care! It describes the heavily outdated version 5, which was actively developed around 2010 and is considered dead by the rsyslog team for many years now.

This documentation reflects the latest update of the previously existing (now removed) v5-stable branch. It describes the 5.10.2 version, which was never released. As such, it contains some content that does not apply to any released version.

To obtain the doc that properly matches your installed v5 version, obtain the doc set from your distro. Each version of rsyslog contained the version that exactly matches it.

As general advise, it is strongly suggested to upgrade to the current version supported by the rsyslog project. The current version can always be found on the right-hand side info box on the rsyslog web site.

Note that there is no rsyslog community support available for this heavily outdated version. If you need to stick with it, please ask your distribution for support.

GSSAPI module support in rsyslog v3

What is it good for.

  • client-serverauthentication
  • Log messages encryption


  • Kerberos infrastructure
  • rsyslog, rsyslog-gssapi


Let’s assume there are 3 machines in kerberos Realm:

  • the first is running KDC (Kerberos Authentication Service and Key Distribution Center),
  • the second is a client sending its logs to the server,
  • the third is receiver, gathering all logs.
  1. KDC:
  • Kerberos database must be properly set-up on KDC machine first. Use kadmin/kadmin.local to do that. Two principals need to be add in our case:
  1. sender@REALM.ORG
  • client must have ticket for pricipal sender
  • REALM.ORG is kerberos Realm
  1. host/ - service principal
  • Use ktadd to export service principal and transfer it to /etc/krb5.keytab on receiver
  1. CLIENT:
  • set-up rsyslog, in /etc/rsyslog.conf
  • $ModLoad omgssapi - load output gss module
  • $GSSForwardServiceName otherThanHost - set the name of service principal, “host” is the default one
  • *.* - action line, forward logs to receiver
  • kinit root - get the TGT ticket
  • service rsyslog start
  1. SERVER:
  • set-up rsyslog, in /etc/rsyslog.conf
  • $ModLoad imgssapi - load input gss module
  • $InputGSSServerServiceName otherThanHost - set the name of service principal, “host” is the default one
  • $InputGSSServerPermitPlainTCP on - accept GSS and TCP connections (not authenticated senders), off by default
  • $InputGSSServerRun 514 - run server on port
  • service rsyslog start

The picture demonstrate how things work.

rsyslog gssapi support

rsyslog gssapi support

[rsyslog.conf overview] [manual index] [rsyslog site]

This documentation is part of the rsyslog project.

Copyright © 2008 by Rainer Gerhards and Adiscon. Released under the GNU GPL version 3 or higher.

Previous topic

imgssapi: GSSAPI Syslog Input Module

Next topic

imklog: Kernel Log Input Module

This Page