<div dir="ltr">well, since this is done transparently by openssl, the only hint you&#39;d have is to look at the algorithm negotiation parts using wireshark and check whether the compression algorithm is negotiated.<br><br></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">-- <br>Bazsi<br></div></div></div>
<br><div class="gmail_quote">On Mon, Aug 15, 2016 at 6:34 PM,  <span dir="ltr">&lt;<a href="mailto:thejaguar@tutanota.de" target="_blank">thejaguar@tutanota.de</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
  
    
  
  <div>
<div><span style="line-height:1.5">Thats fine if its a copy paste mistake and compression is enabled by default. Yes both sides are on tls. No I dont want to disable, rather wanted to make sure network transfers do get compressed.  Except tcpdump , any other method to confirm ?</span><br></div><div>Thanks for the response. </div><div><br></div><div>Jagshah.</div><div><br></div><div>14. Aug 2016 22:54 by <a href="mailto:balazs.scheidler@balabit.com" target="_blank">balazs.scheidler@balabit.com</a>:<div><div class="h5"><br><br><blockquote style="border-left:1px solid #93a3b8;padding-left:10px;margin-left:5px"><p>Hmm, I dont know that option, maybe the premium edition team added that and it trickled into the open source documentation. Iirc by default syslog-ng made sure compression happens within tls as long as the other party supports it.</p>
<p>Or you want to disable it?</p>
<div class="gmail_quote">On Aug 12, 2016 20:15,  &lt;<a href="mailto:thejaguar@tutanota.de" target="_blank">thejaguar@tutanota.de</a>&gt; wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 0.8ex;border-left:1px #ccc solid;padding-left:1ex">
  
    
  
  <div>
<p>Hi all,</p>

<p>According to this <a href="https://www.balabit.com/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/tlsoptions.html" target="_blank">https://www.balabit.com/<wbr>documents/syslog-ng-ose-<wbr>latest-guides/en/syslog-ng-<wbr>ose-guide-admin/html/<wbr>tlsoptions.html</a></p>

<p>Allow-compression() should be a working option under tls.</p>

<p>I did google on this a lot and found no config snippet
which shows allow-compress() to be working and to my surprise when I tried to
include it in my config I get syntax error ______________________________<wbr>_____________________</p>

<p> </p>

<p>2016-08-11T15:27:19.538347] Registering candidate plugin;
module=&#39;afsocket&#39;, context=&#39;source&#39;, name=&#39;systemd-syslog&#39;, preference=&#39;100&#39;</p>

<p>[2016-08-11T15:27:19.539190] Using /dev/log Unix socket
with systemd is not possible. Changing to systemd-syslog source, which supports
socket activation.; Error parsing afsocket, syntax error, unexpected
LL_IDENTIFIER, expecting &#39;)&#39; in /etc/syslog-ng/syslog-ng.conf at line 27,
column 124:</p>

<p> </p>

<p>destination d_net_tls { network(
&quot;<a href="http://syslog1.xxxxxxxxx.com" target="_blank">syslog1.xxxxxxxxx.com</a>&quot; port(6514) transport(&quot;tls&quot;) tls(
ca-dir(&quot;/etc/syslog-ng/ca&quot;) allow-compress(yes)
peer-verify(required-trusted) ssl-options(no-sslv3,no-tlsv1) )</p>

<p>                              <wbr>                              <wbr>                              <wbr>                              <wbr>                              <wbr>                              <wbr>                              <wbr>    
^^^^^^^^^^^^^^ ______________________________<wbr>_____________________</p>

<p>I am using 3.8.0 on 
ubuntu 15.10.  </p>

<p>Is this even really supported as claimed in here <a href="https://www.balabit.com/network-security/syslog-ng/comparing/detailed" target="_blank">https://www.balabit.com/<wbr>network-security/syslog-ng/<wbr>comparing/detailed</a></p>

<p> </p>

<p># /usr/sbin/syslog-ng -V</p>

<p>syslog-ng 3.8.0beta2</p>

<p>Installer-Version: 3.8.0beta2</p>

<p>Revision: 3.8.0beta2-1</p>

<p>Module-Directory: /usr/lib/syslog-ng/3.8</p>

<p>Module-Path: /usr/lib/syslog-ng/3.8</p>

<p>Available-Modules:
affile,basicfuncs,system-<wbr>source,cryptofuncs,pseudofile,<wbr>afuser,csvparser,linux-kmsg-<wbr>format,confgen,sdjournal,<wbr>syslogformat,afprog,dbparser,<wbr>afsocket</p>

<p>Enable-Debug: off</p>

<p>Enable-GProf: off</p>

<p>Enable-Memtrace: off</p>

<p>Enable-IPv6: on</p>

<p>Enable-Spoof-Source: on</p>

<p>Enable-TCP-Wrapper: on</p>

<p>Enable-Linux-Caps: off</p>

<p> </p><p><br></p><p><br></p>  </div>

<br>______________________________<wbr>______________________________<wbr>__________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/<wbr>mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/<wbr>support/documentation/?<wbr>product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/<wbr>syslog-ng-faq</a><br>
<br>
<br></blockquote></div></blockquote></div></div></div>  </div>

</blockquote></div><br></div>