InputGSSServerPermitPlainTcp
Allows accepting plain TCP syslog traffic on the GSS-protected port.
This parameter applies to imgssapi: GSSAPI Syslog Input Module.
- Name:
InputGSSServerPermitPlainTcp
- Scope:
input
- Type:
boolean
- Default:
0
- Required?:
no
- Introduced:
3.11.6
Description
Permits the server to receive plain TCP syslog (without GSS protection) on the same port that the GSS listener uses.
Warning
This creates an intentional security downgrade path. Use it only on trusted networks. Plain TCP fallback is limited to connections that are identified as regular octet-counted syslog before GSS token processing begins; malformed GSS tokens are no longer reinterpreted as plain TCP traffic.
Input usage
module(load="imgssapi")
$inputGssServerPermitPlainTcp on
Legacy names (for reference)
$InputGSSServerPermitPlainTCP — maps to InputGSSServerPermitPlainTcp (status: legacy)
$inputGssServerPermitPlainTcp — maps to InputGSSServerPermitPlainTcp (status: legacy)
See also
See also imgssapi: GSSAPI Syslog Input Module.
Support: rsyslog Assistant | GitHub Discussions | GitHub Issues: rsyslog source project
Contributing: Source & docs: rsyslog source project
© 2008–2026 Rainer Gerhards and others. Licensed under the Apache License 2.0.