TLS.PermanentFailureDisablesAction

Controls whether TLS authentication failures disable the action or suspend it for retry.

This parameter applies to omrelp: RELP Output Module.

Name:

TLS.PermanentFailureDisablesAction

Scope:

action

Type:

boolean

Default:

on

Required?:

no

Introduced:

8.2606.0

Description

Controls how omrelp handles TLS authentication failures such as certificate validation or permitted peer mismatches.

When enabled, the default, omrelp treats these failures as permanent and disables the action. This preserves the historical behavior and prevents continuous retry loops for configuration errors that usually need operator intervention.

When disabled, omrelp suspends the action instead. This lets configured action queues continue accepting messages while rsyslog retries according to the action retry settings. Use this mode when certificate or CA changes may be temporary and queued messages should be retained until the TLS configuration is corrected.

Action usage

action(type="omrelp" target="centralserv" tls="on"
       tls.permanentFailureDisablesAction="off")

YAML usage

actions:
  - type: omrelp
    target: centralserv
    tls: "on"
    tls.permanentFailureDisablesAction: "off"

See also

See also omrelp: RELP Output Module.

---

Support: rsyslog Assistant | GitHub Discussions | GitHub Issues: rsyslog source project

Contributing: Source & docs: rsyslog source project

© 2008–2026 Rainer Gerhards and others. Licensed under the Apache License 2.0.