summaryrefslogtreecommitdiffstats
path: root/source/configuration/modules/imgssapi.rst
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--source/configuration/modules/imgssapi.rst154
1 files changed, 154 insertions, 0 deletions
diff --git a/source/configuration/modules/imgssapi.rst b/source/configuration/modules/imgssapi.rst
new file mode 100644
index 0000000..de51b36
--- /dev/null
+++ b/source/configuration/modules/imgssapi.rst
@@ -0,0 +1,154 @@
+************************************
+imgssapi: GSSAPI Syslog Input Module
+************************************
+
+=========================== ===========================================================================
+**Module Name:**  **imgssapi**
+**Author:** varmojfekoj
+=========================== ===========================================================================
+
+
+Purpose
+=======
+
+Provides the ability to receive syslog messages from the network
+protected via Kerberos 5 encryption and authentication. This module also
+accept plain tcp syslog messages on the same port if configured to do
+so. If you need just plain tcp, use :doc:`imtcp <imtcp>` instead.
+
+Note: This is a contributed module, which is not supported by the
+rsyslog team. We recommend to use RFC5425 TLS-protected syslog
+instead.
+
+.. toctree::
+ :maxdepth: 1
+
+ gssapi
+
+
+Configuration Parameters
+========================
+
+.. note::
+
+ Parameter names are case-insensitive.
+
+
+Input Parameter
+---------------
+
+.. note::
+
+ Parameter are only available in Legacy Format.
+
+
+InputGSSServerRun
+^^^^^^^^^^^^^^^^^
+
+.. csv-table::
+ :header: "type", "default", "mandatory", "|FmtObsoleteName| directive"
+ :widths: auto
+ :class: parameter-table
+
+ "word", "none", "no", "``$InputGSSServerRun``"
+
+Starts a GSSAPI server on selected port - note that this runs
+independently from the TCP server.
+
+
+InputGSSServerServiceName
+^^^^^^^^^^^^^^^^^^^^^^^^^
+
+.. csv-table::
+ :header: "type", "default", "mandatory", "|FmtObsoleteName| directive"
+ :widths: auto
+ :class: parameter-table
+
+ "word", "none", "no", "``$InputGSSServerServiceName``"
+
+The service name to use for the GSS server.
+
+
+InputGSSServerPermitPlainTCP
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+.. csv-table::
+ :header: "type", "default", "mandatory", "|FmtObsoleteName| directive"
+ :widths: auto
+ :class: parameter-table
+
+ "binary", "0", "no", "``$InputGSSServerPermitPlainTCP``"
+
+Permits the server to receive plain tcp syslog (without GSS) on the
+same port.
+
+
+InputGSSServerMaxSessions
+^^^^^^^^^^^^^^^^^^^^^^^^^
+
+.. csv-table::
+ :header: "type", "default", "mandatory", "|FmtObsoleteName| directive"
+ :widths: auto
+ :class: parameter-table
+
+ "integer", "200", "no", "``$InputGSSServerMaxSessions``"
+
+Sets the maximum number of sessions supported.
+
+
+InputGSSServerKeepAlive
+^^^^^^^^^^^^^^^^^^^^^^^
+
+.. csv-table::
+ :header: "type", "default", "mandatory", "|FmtObsoleteName| directive"
+ :widths: auto
+ :class: parameter-table
+
+ "binary", "0", "no", "``$InputGSSServerKeepAlive``"
+
+.. versionadded:: 8.5.0
+
+Enables or disable keep-alive handling.
+
+
+InputGSSListenPortFileName
+^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+.. csv-table::
+ :header: "type", "default", "mandatory", "|FmtObsoleteName| directive"
+ :widths: auto
+ :class: parameter-table
+
+ "word", "none", "no", "``$InputGSSListenPortFileName``"
+
+.. versionadded:: 8.38.0
+
+With this parameter you can specify the name for a file. In this file the
+port, imtcp is connected to, will be written.
+This parameter was introduced because the testbench works with dynamic ports.
+
+.. note::
+
+ If this parameter is set, 0 will be accepted as the port. Otherwise it
+ is automatically changed to port 514
+
+
+Caveats/Known Bugs
+==================
+
+- module always binds to all interfaces
+- only a single listener can be bound
+
+Example
+=======
+
+This sets up a GSS server on port 1514 that also permits to receive
+plain tcp syslog messages (on the same port):
+
+.. code-block:: none
+
+ $ModLoad imgssapi # needs to be done just once
+ $InputGSSServerRun 1514
+ $InputGSSServerPermitPlainTCP on
+
+