
<p dir="ltr"><br>

On Mar 8, 2016 07:22, &quot;Girish Kumar&quot; &lt;<a href="mailto:girish.kumar@al-enterprise.com">girish.kumar@al-enterprise.com</a>&gt; wrote:<br>

&gt;<br>

&gt; Thanks Bazi.<br>

&gt;<br>

&gt;  <br>

&gt;<br>

&gt; I would like to analyze little more on syslog-ng log files related to TLS. Could you please let me know how to enable debug logs in syslog-ng.<br>

&gt;<br>

&gt;  <br>

&gt;<br>

&gt; I have one more query on ssl option.<br>

&gt;<br>

&gt; There is a  TLS options in 3.7.2 ,  ssl-options()  which is used for setting ssl option.  Options are no-sslv2, no-sslv3, no-tlsv1, no-tlsv11, no-tlsv12 and by default option is no-sslv2. Hope my understanding is correct. I referred the following link<br>

&gt;<br>

&gt; <a href="https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/tlsoptions.html">https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/tlsoptions.html</a><br>

&gt;<br>

&gt;  <br>

&gt;<br>

&gt; Could you please let me know how to set ssl-option in syslog-ng 3.6. I didn’t find similar option there.  Currently my syslog-ng server is 3.6.2 and client is 3.7.2<br>

&gt;<br></p>

<p dir="ltr">In syslog-ng 3.6 nosslv2 was hardwired and couldn&#39;t be configured.</p>

<p dir="ltr">&gt;  <br>

&gt;<br>

&gt; Regards,<br>

&gt;<br>

&gt; Girish<br>

&gt;<br>

&gt;  <br>

&gt;<br>

&gt;  <br>

&gt;<br>

&gt; From: <a href="mailto:syslog-ng-bounces@lists.balabit.hu">syslog-ng-bounces@lists.balabit.hu</a> [mailto:<a href="mailto:syslog-ng-bounces@lists.balabit.hu">syslog-ng-bounces@lists.balabit.hu</a>] On Behalf Of Scheidler, Balázs<br>

&gt; Sent: Monday, March 07, 2016 1:17 PM<br>

&gt; To: Syslog-ng users&#39; and developers&#39; mailing list<br>

&gt; Subject: Re: [syslog-ng] Syslog over TLS : Protocol is TCP and TLS<br>

&gt;<br>

&gt;  <br>

&gt;<br>

&gt; Well, if you open the payload of the initial packages (e.g. after the SYN-SYNACK-ACK handshake), you should see binary stuff instead of plain text log messages.<br>

&gt;<br>

&gt;<br>

&gt; -- <br>

&gt; Bazsi<br>

&gt;<br>

&gt;  <br>

&gt;<br>

&gt; On Mon, Mar 7, 2016 at 7:07 AM, Girish Kumar &lt;<a href="mailto:girish.kumar@al-enterprise.com">girish.kumar@al-enterprise.com</a>&gt; wrote:<br>

&gt;<br>

&gt; Hi  All,<br>

&gt;<br>

&gt; Finally I was able to setup syslog-ng client and server. Communicate over TLS. Thanks for all your help.<br>

&gt;<br>

&gt; In wireshark capture  I am seeing all protocol as TCP and not as TLS.  Please let me know whether my communication has happened over TLS.<br>

&gt;<br>

&gt; If yes how do I validate that. Can I  enable additional logs  in  syslog-ng ?<br>

&gt;<br>

&gt;  <br>

&gt;<br>

&gt;  <br>

&gt;<br>

&gt; My tls part of conf file<br>

&gt;<br>

&gt;  <br>

&gt;<br>

&gt; Client<br>

&gt;<br>

&gt; --------<br>

&gt;<br>

&gt; destination d_destination {<br>

&gt;<br>

&gt;     syslog(&quot;135.254.163.151&quot; port(6514)<br>

&gt;<br>

&gt;                         transport(&quot;tls&quot;)<br>

&gt;<br>

&gt;         tls( ca_dir(&quot;/etc/ca.d&quot;)<br>

&gt;<br>

&gt;          key_file(&quot;/etc/cert.d/myCliPrivate.key&quot;)<br>

&gt;<br>

&gt;          cert_file(&quot;/etc/cert.d/myCliCert.pem&quot;) )<br>

&gt;<br>

&gt;     );<br>

&gt;<br>

&gt; };<br>

&gt;<br>

&gt;  <br>

&gt;<br>

&gt;  <br>

&gt;<br>

&gt; Server<br>

&gt;<br>

&gt; ---------<br>

&gt;<br>

&gt; source d_source {<br>

&gt;<br>

&gt;           syslog(ip(&quot;135.254.163.151&quot;) port(6514)<br>

&gt;<br>

&gt;                     transport(&quot;tls&quot;)<br>

&gt;<br>

&gt;              tls( key_file(&quot;/etc/syslog-ng/cert.d/mySerPrivate.key&quot;)<br>

&gt;<br>

&gt;              cert_file(&quot;/etc/syslog-ng/cert.d/mySerCert.pem&quot;)<br>

&gt;<br>

&gt;              ca_dir(&quot;/etc/syslog-ng/ca.d&quot;))<br>

&gt;<br>

&gt;     );<br>

&gt;<br>

&gt; };<br>

&gt;<br>

&gt;  <br>

&gt;<br>

&gt;  <br>

&gt;<br>

&gt; Regards,<br>

&gt;<br>

&gt; Girish<br>

&gt;<br>

&gt;<br>

&gt; ______________________________________________________________________________<br>

&gt; Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>

&gt; Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>

&gt; FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq">http://www.balabit.com/wiki/syslog-ng-faq</a><br>

&gt;<br>

&gt;  <br>

&gt;<br>

&gt;<br>

&gt; ______________________________________________________________________________<br>

&gt; Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>

&gt; Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>

&gt; FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq">http://www.balabit.com/wiki/syslog-ng-faq</a><br>

&gt;<br>

&gt;<br>

</p>