1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
|
************************************
imgssapi: GSSAPI Syslog Input Module
************************************
=========================== ===========================================================================
**Module Name:** **imgssapi**
**Author:** varmojfekoj
=========================== ===========================================================================
Purpose
=======
Provides the ability to receive syslog messages from the network
protected via Kerberos 5 encryption and authentication. This module also
accept plain tcp syslog messages on the same port if configured to do
so. If you need just plain tcp, use :doc:`imtcp <imtcp>` instead.
Note: This is a contributed module, which is not supported by the
rsyslog team. We recommend to use RFC5425 TLS-protected syslog
instead.
.. toctree::
:maxdepth: 1
gssapi
Configuration Parameters
========================
.. note::
Parameter names are case-insensitive.
Input Parameter
---------------
.. note::
Parameter are only available in Legacy Format.
InputGSSServerRun
^^^^^^^^^^^^^^^^^
.. csv-table::
:header: "type", "default", "mandatory", "|FmtObsoleteName| directive"
:widths: auto
:class: parameter-table
"word", "none", "no", "``$InputGSSServerRun``"
Starts a GSSAPI server on selected port - note that this runs
independently from the TCP server.
InputGSSServerServiceName
^^^^^^^^^^^^^^^^^^^^^^^^^
.. csv-table::
:header: "type", "default", "mandatory", "|FmtObsoleteName| directive"
:widths: auto
:class: parameter-table
"word", "none", "no", "``$InputGSSServerServiceName``"
The service name to use for the GSS server.
InputGSSServerPermitPlainTCP
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
.. csv-table::
:header: "type", "default", "mandatory", "|FmtObsoleteName| directive"
:widths: auto
:class: parameter-table
"binary", "0", "no", "``$InputGSSServerPermitPlainTCP``"
Permits the server to receive plain tcp syslog (without GSS) on the
same port.
InputGSSServerMaxSessions
^^^^^^^^^^^^^^^^^^^^^^^^^
.. csv-table::
:header: "type", "default", "mandatory", "|FmtObsoleteName| directive"
:widths: auto
:class: parameter-table
"integer", "200", "no", "``$InputGSSServerMaxSessions``"
Sets the maximum number of sessions supported.
InputGSSServerKeepAlive
^^^^^^^^^^^^^^^^^^^^^^^
.. csv-table::
:header: "type", "default", "mandatory", "|FmtObsoleteName| directive"
:widths: auto
:class: parameter-table
"binary", "0", "no", "``$InputGSSServerKeepAlive``"
.. versionadded:: 8.5.0
Enables or disable keep-alive handling.
InputGSSListenPortFileName
^^^^^^^^^^^^^^^^^^^^^^^^^^
.. csv-table::
:header: "type", "default", "mandatory", "|FmtObsoleteName| directive"
:widths: auto
:class: parameter-table
"word", "none", "no", "``$InputGSSListenPortFileName``"
.. versionadded:: 8.38.0
With this parameter you can specify the name for a file. In this file the
port, imtcp is connected to, will be written.
This parameter was introduced because the testbench works with dynamic ports.
.. note::
If this parameter is set, 0 will be accepted as the port. Otherwise it
is automatically changed to port 514
Caveats/Known Bugs
==================
- module always binds to all interfaces
- only a single listener can be bound
Example
=======
This sets up a GSS server on port 1514 that also permits to receive
plain tcp syslog messages (on the same port):
.. code-block:: none
$ModLoad imgssapi # needs to be done just once
$InputGSSServerRun 1514
$InputGSSServerPermitPlainTCP on
|
