I'm having issues getting reliable and encrypted syslog working.

I have a 6.0.6 FG60D test system and I'm sending my logs to a linux system running rsyslogd.

I can send the logs to the rsyslogd server using the default parameters (UDP 514, unreliable and no encryption).

However, when I enable reliable (TCP 6514) and encrypted (high) my rsyslogd server is not processing (receiving?) them

correctly.

My Linux guru indicates the following.

Any help/pointers would be greatly appreciated.

Thank you in advance.

-tony

We were receiving “local7.*” logs until 13:31 yesterday. Today we are receiving a new log “user.*” which started at 6:52am, it has a fair number of unreadable characters:

[root@syslog-server syslog-facility]# head -1 user.log.2019-08-27

2019-08-27 06:52:24  User.Notice  tonytest1   #000 ej 砯 ڄ C   g7Q`   3\ L  ~   1 @? S  #000( " : qb |YH#000  , 0#000 #000 ̨̩̪         ] a W S $ (#000k#000j s w#000 #000 

[root@syslog-server syslog-facility]#

I see errors in /var/log/messages around the time that the logs came in (5:52am), I’ll need to google these for clues:

Aug 27 06:52:24 syslog-server rsyslogd: Framing Error in received TCP message: delimiter is not SP but has ASCII value -90.

Aug 27 06:54:39 syslog-servert rsyslogd: Framing Error in received TCP message: delimiter is not SP but has ASCII value -99.