The rocket-fast system for log processing

imgssapi: GSSAPI Syslog Input Module

Provides the ability to receive syslog messages from the network protected via Kerberos 5 encryption and authentication. This module also accept plain tcp syslog messages on the same port if configured to do so. If you need just plain tcp, use imtcp instead.

Note: This is a contributed module, which is not supported by the rsyslog team. We recommend to use RFC5425 TLS-protected syslog instead.


Configuration Parameters

Note: parameter names are case-insensitive.

$InputGSSServerRun <port>

Starts a GSSAPI server on selected port - note that this runs independently from the TCP server.

$InputGSSServerServiceName <name>

The service name to use for the GSS server.

$InputGSSServerPermitPlainTCP on|off

Permits the server to receive plain tcp syslog (without GSS) on the same port

$InputGSSServerMaxSessions <number>

Sets the maximum number of sessions supported

$InputGSSServerKeepAlive on|off

Requires: 8.5.0 or above

Default: off

Enables or disable keep-alive handling.

Caveats/Known Bugs

  • module always binds to all interfaces
  • only a single listener can be bound


This sets up a GSS server on port 1514 that also permits to receive plain tcp syslog messages (on the same port):

$ModLoad imgssapi # needs to be done just once
$InputGSSServerRun 1514
$InputGSSServerPermitPlainTCP on

See also

If you would like to contribute to these docs, but are unsure where to start, please see the rsyslog-doc project README for an overview of the process. If you would like to contribute to the main source project, please review the contribution guidelines listed in the rsyslog project README.

If you have a question about these docs or Rsyslog in general, please see the following resources:

© 2008-2017, Rainer Gerhards and Others. This site uses the “better” theme for Sphinx.