The rocket-fast system for log processing

GSSAPI module support in rsyslog v3

What is it good for.

  • client-serverauthentication
  • Log messages encryption


  • Kerberos infrastructure
  • rsyslog, rsyslog-gssapi


Let’s assume there are 3 machines in kerberos Realm:

  • the first is running KDC (Kerberos Authentication Service and Key Distribution Center),
  • the second is a client sending its logs to the server,
  • the third is receiver, gathering all logs.
  1. KDC:
  • Kerberos database must be properly set-up on KDC machine first. Use kadmin/kadmin.local to do that. Two principals need to be add in our case:
  1. sender@REALM.ORG
  • client must have ticket for pricipal sender
  • REALM.ORG is kerberos Realm
  1. host/ - service principal
  • Use ktadd to export service principal and transfer it to /etc/krb5.keytab on receiver
  1. CLIENT:
  • set-up rsyslog, in /etc/rsyslog.conf
  • $ModLoad omgssapi - load output gss module
  • $GSSForwardServiceName otherThanHost - set the name of service principal, “host” is the default one
  • *.* - action line, forward logs to receiver
  • kinit root - get the TGT ticket
  • service rsyslog start
  1. SERVER:
  • set-up rsyslog, in /etc/rsyslog.conf
  • $ModLoad imgssapi - load input gss module
  • $InputGSSServerServiceName otherThanHost - set the name of service principal, “host” is the default one
  • $InputGSSServerPermitPlainTCP on - accept GSS and TCP connections (not authenticated senders), off by default
  • $InputGSSServerRun 514 - run server on port
  • service rsyslog start

The picture demonstrate how things work.

rsyslog gssapi support

rsyslog gssapi support

See also

If you would like to contribute to these docs, but are unsure where to start, please see the rsyslog-doc project README for an overview of the process. If you would like to contribute to the main source project, please review the contribution guidelines listed in the rsyslog project README.

If you have a question about these docs or Rsyslog in general, please see the following resources:

© 2008-2017, Rainer Gerhards and Others. This site uses the “better” theme for Sphinx.