[syslog-ng] syslog-ng using ssl

Wed Mar 25 11:33:17 CET 2009

On Wed, 2009-03-25 at 11:17 +0100, Luigi Augello wrote:
> Hello
> some days ago I sent this message
> ello
> I try to use ssl ad I have the follow scenario:
> but just now i not solved. Anyone may help me
> 
> Tanks
> Luigi
> 
> One server (192.168.1.2) with this syslog.ng.conf
> 
> ###########################################
> @version:3.0
> 
> source s_sk{file("/var/log/messages");};
> source s_ssl{
>     tcp(ip("0.0.0.0") port (1999)
>         tls(key_file("/root/Scaricati/certificati/privkey.pem")
>         cert_file("/root/Scaricati/certificati/cacert.pem")));};
> 
> destination d_file{file("/var/log/syslog-ng.log");};
> 
> log{source(s_sk);destination(d_file);};
> log{source(s_ssl);destination(d_file);};
> 
> One client (192.168.1.3) with this syslog.ng.conf
> ###################################################
> 
> @version:3.0
> 
> source s_sk{file("/var/log/messages");};
> destination d_file{file("/var/log/syslog-ng.log");};
> 
> destination d_ssl{tcp("192.168.1.2" port (1999)
> tls(ca_dir("/root/software/ca/")));};
> 
> log{source(s_sk);destination(d_file);};
> log{source(s_sk);destination(d_ssl);};
> 
> I haven't a CA certificate and I use a self-signed certificate created
> by these instructions
> 
> opennsl genrsa -out privkey.pem
> opennsl  req -new -x509 -key  prixkey.pem  -out cacert.pem -days 1095
> 
> I follow step by step the instructions on "The syslog-ng Administrators
> guide "
> page 58 and so on  and I copied the cacert.pem  generated in the server
> in the client and I use ln -s ....
> When I try to start the server it starts. Though the client doesn't give
> me any errors it doesn't start. I suppose the certificate  may crate
> some problems.

hmm, and can you give us more information, like the error message that
syslog-ng prints when the handshake fails?

-- 
Bazsi