imgssapi: GSSAPI Syslog Input Module

Module Name:	imgssapi
Author:	varmojfekoj

Purpose

Provides the ability to receive syslog messages from the network protected via Kerberos 5 encryption and authentication. This module also accept plain tcp syslog messages on the same port if configured to do so. If you need just plain tcp, use imtcp instead.

Note: This is a contributed module, which is not supported by the rsyslog team. We recommend to use RFC5425 TLS-protected syslog instead.

• GSSAPI module support in rsyslog v3

Configuration Parameters

Note

Parameter names are case-insensitive; camelCase is recommended for readability.

Input Parameters

Note

Parameters are only available in Legacy Format.

Parameter	Summary
InputGSSServerRun	Starts a dedicated GSSAPI syslog listener on the specified port.
InputGSSServerServiceName	Sets the Kerberos service principal name used by the GSS server.
InputGSSServerPermitPlainTcp	Allows accepting plain TCP syslog traffic on the GSS-protected port.
InputGSSServerMaxSessions	Sets the maximum number of concurrent sessions supported by the server.
InputGSSServerKeepAlive	Enables TCP keep-alive handling for GSS-protected connections.
InputGSSListenPortFileName	Writes the listener’s bound port number to the specified file.

Caveats/Known Bugs

• module always binds to all interfaces

• only a single listener can be bound

Example

This sets up a GSS server on port 1514 that also permits to receive plain tcp syslog messages (on the same port):

$ModLoad imgssapi # needs to be done just once
$InputGSSServerRun 1514
$InputGSSServerPermitPlainTCP on

---

Support: rsyslog Assistant | GitHub Discussions | GitHub Issues: rsyslog source project

Contributing: Source & docs: rsyslog source project

© 2008–2025 Rainer Gerhards and others. Licensed under the Apache License 2.0.