Problem: we would like to use czmq v3 + encryption and curve authentication #843
Conversation
|
Very cool, I'll try to play with this soon! |
|
@ddpbsd if you run into any issues or questions feel free to give me a holler. I have some other features I'd like to add to the zeromq support as well but I figured one thing at a time. I tried to not break anything for czmq v2 users but I have not tested against v2 yet. |
|
The hardest part is finding the free time. I'm not seeing any issues with my older zmq applications. Won't have time to test the v3 stuff for a bit, but looking forward to it. |
|
@ddpbsd for what it's worth I have it working here going from ossec -> command line test tool, and from ossec -> rsyslog (using my branch of rsyslog changes that should go out in 8.19 this month). Glad to hear it worked with v2, and thanks for trying that out before I could get to it! |
|
This is testing out without any issues to my zeromq/logstash test env. |
|
@atomicturtle fantastic - thanks for the feedback. |
|
I should add that was a v2 test. And thank you for the PR! |
Solution: add support for CZMQ v3. This helps move ossec off of deprecated CZMQ v2 APIs but maintains support for building against CZMQ v2. Additionally, if cert paths are defined in the config then the publish socket will be configured as a CURVE server - and will use certificate authentication for clients + encrypt all traffic.
These changes will work with the upcoming improved ZeroMQ support in rsyslog 8.19 - allowing the ossec analyzer to send encrypted messages over zeromq directly to rsyslog.