
<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">


<head>


<meta http-equiv="Content-Type" content="text/html; charset=utf-8">


<meta name="Title" content="">


<meta name="Keywords" content="">


<meta name="Generator" content="Microsoft Word 15 (filtered medium)">


<style><!--


/* Font Definitions */


@font-face


        {font-family:"Cambria Math";


        panose-1:2 4 5 3 5 4 6 3 2 4;}


@font-face


        {font-family:Calibri;


        panose-1:2 15 5 2 2 2 4 3 2 4;}


@font-face


        {font-family:MingLiU;


        panose-1:2 2 5 9 0 0 0 0 0 0;}


/* Style Definitions */


p.MsoNormal, li.MsoNormal, div.MsoNormal


        {margin:0in;


        margin-bottom:.0001pt;


        font-size:12.0pt;


        font-family:"Times New Roman";}


a:link, span.MsoHyperlink


        {mso-style-priority:99;


        color:blue;


        text-decoration:underline;}


a:visited, span.MsoHyperlinkFollowed


        {mso-style-priority:99;


        color:purple;


        text-decoration:underline;}


span.EmailStyle17


        {mso-style-type:personal-reply;


        font-family:Calibri;


        color:windowtext;}


span.msoIns


        {mso-style-type:export-only;


        mso-style-name:"";


        text-decoration:underline;


        color:teal;}


.MsoChpDefault


        {mso-style-type:export-only;


        font-size:10.0pt;}


@page WordSection1


        {size:8.5in 11.0in;


        margin:1.0in 1.0in 1.0in 1.0in;}


div.WordSection1


        {page:WordSection1;}


--></style>


</head>


<body bgcolor="white" lang="EN-US" link="blue" vlink="purple">


<div class="WordSection1">


<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri">I made the change as suggested and it is complaining:<o:p></o:p></span></p>


<p class="MsoNormal">source s_net {<span style="font-family:MingLiU"><br>


</span>network(ip('&lt;our IP&gt;') port(&lt;our port&gt;)<br>


transport(&quot;tls&quot;)<br>


tls( key-file(&quot;/usr/local/etc/hostcert.key&quot;)<br>


cert-file(&quot;/usr/local/etc/hostcert.pem&quot;)<br>


peer_verify(optional-untrusted)<o:p></o:p></p>


<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri">ssl-options(no-sslv2, no-sslv3, no-tlsv1)<o:p></o:p></span></p>


<p class="MsoNormal">)<br>


);<br>


};<span style="font-size:11.0pt;font-family:Calibri"><o:p></o:p></span></p>


<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"><o:p>&nbsp;</o:p></span></p>


<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri">I got the following error when I tried to start it:<o:p></o:p></span></p>


<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"><o:p>&nbsp;</o:p></span></p>


<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri">-bash-4.1$ sudo service sys-ng1 start<o:p></o:p></span></p>


<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri">syslog-ng service starting.<o:p></o:p></span></p>


<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri">Error parsing afsocket, syntax error, unexpected LL_IDENTIFIER, expecting ')' in /opt/splunk/usr/local/etc/syslog-ng.conf at line 49, column 9:<o:p></o:p></span></p>


<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"><o:p>&nbsp;</o:p></span></p>


<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ssl-options(no-sslv2, no-sslv3, no-tlsv1)<o:p></o:p></span></p>


<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ^^^^^^^^^^^<o:p></o:p></span></p>


<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"><o:p>&nbsp;</o:p></span></p>


<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri">syslog-ng documentation: http://www.balabit.com/support/documentation/?product=syslog-ng<o:p></o:p></span></p>


<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri">mailing list:


<a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><o:p></o:p></span></p>


<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"><o:p>&nbsp;</o:p></span></p>


<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"><o:p>&nbsp;</o:p></span></p>


<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">


<p class="MsoNormal"><b><span style="font-family:Calibri;color:black">From: </span>


</b><span style="font-family:Calibri;color:black">&lt;syslog-ng-bounces@lists.balabit.hu&gt; on behalf of &quot;thejaguar@tutanota.de&quot; &lt;thejaguar@tutanota.de&gt;<br>


<b>Reply-To: </b>Syslog-ng users' and developers' mailing list &lt;syslog-ng@lists.balabit.hu&gt;<br>


<b>Date: </b>Tuesday, August 16, 2016 at 5:53 PM<br>


<b>To: </b>Joe Lupo &lt;Joseph.Lupo@T-Mobile.com&gt;<br>


<b>Cc: </b>Syslog-ng users' and developers' mailing list &lt;syslog-ng@lists.balabit.hu&gt;<br>


<b>Subject: </b>Re: [syslog-ng] Disabling SSLv3 with Syslog-NG<o:p></o:p></span></p>


</div>


<div>


<p class="MsoNormal"><o:p>&nbsp;</o:p></p>


</div>


<div>


<div>


<p class="MsoNormal">its part of tls options so&nbsp; <o:p></o:p></p>


<div>


<p class="MsoNormal"><o:p>&nbsp;</o:p></p>


</div>


<div>


<p class="MsoNormal">tls( key-file(&quot;/usr/local/etc/hostcert.key&quot;)<o:p></o:p></p>


</div>


<div>


<p class="MsoNormal">cert-file(&quot;/usr/local/etc/hostcert.pem&quot;)<br>


peer_verify(optional-untrusted)<o:p></o:p></p>


</div>


<div>


<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri">ssl-options(no-sslv3,no-tlsv1)&nbsp;</span><o:p></o:p></p>


</div>


<div>


<p class="MsoNormal" style="margin-bottom:12.0pt">)<br>


);<br>


The Jaguar<br>


<br>


16. Aug 2016 12:13 by <a href="mailto:Joseph.Lupo@T-Mobile.com" target="_blank">Joseph.Lupo@T-Mobile.com</a>:<o:p></o:p></p>


<blockquote style="border:none;border-left:solid #93A3B8 1.0pt;padding:0in 0in 0in 8.0pt;margin-left:3.75pt;margin-top:5.0pt;margin-bottom:5.0pt">


<p class="MsoNormal">The syslog-ng documentation is very unclear. Where would we put the ssl-options(no-sslv2, no-sslv3, no-tlsv1) entry for disabling sslv2, sslv3 and tlsv1?<br>


<br>


The following works for enabling TLS on our host, but I can’t figure out where to insert the ssl-options.<span style="font-family:MingLiU"><br>


<br>


</span>source s_net {<span style="font-family:MingLiU"><br>


</span>network(ip('&lt;our IP&gt;') port(&lt;our port&gt;)<br>


transport(&quot;tls&quot;)<br>


tls( key-file(&quot;/usr/local/etc/hostcert.key&quot;)<br>


cert-file(&quot;/usr/local/etc/hostcert.pem&quot;)<br>


peer_verify(optional-untrusted))<br>


);<br>


};<br>


<br>


<br>


<br>


______________________________________________________________________________<br>


Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">


https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>


Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">


http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>


FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><o:p></o:p></p>


</blockquote>


</div>


</div>


</div>


</div>


</body>


</html>