<div dir="ltr">Well, if you open the payload of the initial packages (e.g. after the SYN-SYNACK-ACK handshake), you should see binary stuff instead of plain text log messages.<br><br></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><div dir="ltr">-- <br>Bazsi<br></div></div></div>
<br><div class="gmail_quote">On Mon, Mar 7, 2016 at 7:07 AM, Girish Kumar <span dir="ltr"><<a href="mailto:girish.kumar@al-enterprise.com" target="_blank">girish.kumar@al-enterprise.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div link="blue" vlink="purple" lang="EN-US">
<div>
<p class="MsoNormal">Hi All,<u></u><u></u></p>
<p class="MsoNormal">Finally I was able to setup syslog-ng client and server. Communicate over TLS. Thanks for all your help.<u></u><u></u></p>
<p class="MsoNormal"><span style="color:#1f497d">In </span>wireshark capture<span style="color:#1f497d">
</span> I am seeing all protocol as TCP and not as TLS. Please let me know whether my communication has happened over TLS.<u></u><u></u></p>
<p class="MsoNormal">If yes how do I validate that. Can I enable additional logs in syslog-ng ?<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><b>My tls part of conf file<u></u><u></u></b></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Client<u></u><u></u></p>
<p class="MsoNormal">--------<u></u><u></u></p>
<p class="MsoNormal">destination d_destination {<u></u><u></u></p>
<p class="MsoNormal"> syslog("135.254.163.151" port(6514)<u></u><u></u></p>
<p class="MsoNormal"> transport("tls")<u></u><u></u></p>
<p class="MsoNormal"> tls( ca_dir("/etc/ca.d")<u></u><u></u></p>
<p class="MsoNormal"> key_file("/etc/cert.d/myCliPrivate.key")<u></u><u></u></p>
<p class="MsoNormal"> cert_file("/etc/cert.d/myCliCert.pem") )<u></u><u></u></p>
<p class="MsoNormal"> );<u></u><u></u></p>
<p class="MsoNormal">};<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Server<u></u><u></u></p>
<p class="MsoNormal">---------<u></u><u></u></p>
<p class="MsoNormal">source d_source {<u></u><u></u></p>
<p class="MsoNormal"> syslog(ip("135.254.163.151") port(6514)<u></u><u></u></p>
<p class="MsoNormal"> transport("tls")<u></u><u></u></p>
<p class="MsoNormal"> tls( key_file("/etc/syslog-ng/cert.d/mySerPrivate.key")<u></u><u></u></p>
<p class="MsoNormal"> cert_file("/etc/syslog-ng/cert.d/mySerCert.pem")<u></u><u></u></p>
<p class="MsoNormal"> ca_dir("/etc/syslog-ng/ca.d"))<u></u><u></u></p>
<p class="MsoNormal"> );<u></u><u></u></p>
<p class="MsoNormal">};<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Regards,<u></u><u></u></p>
<p class="MsoNormal">Girish<u></u><u></u></p>
</div>
</div>
<br>______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
<br></blockquote></div><br></div>