<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Title" content="">
<meta name="Keywords" content="">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:MingLiU;
        panose-1:2 2 5 9 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
span.EmailStyle17
        {mso-style-type:personal-reply;
        font-family:Calibri;
        color:windowtext;}
span.msoIns
        {mso-style-type:export-only;
        mso-style-name:"";
        text-decoration:underline;
        color:teal;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
--></style>
</head>
<body bgcolor="white" lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri">I made the change as suggested and it is complaining:<o:p></o:p></span></p>
<p class="MsoNormal">source s_net {<span style="font-family:MingLiU"><br>
</span>network(ip('&lt;our IP&gt;') port(&lt;our port&gt;)<br>
transport(&quot;tls&quot;)<br>
tls( key-file(&quot;/usr/local/etc/hostcert.key&quot;)<br>
cert-file(&quot;/usr/local/etc/hostcert.pem&quot;)<br>
peer_verify(optional-untrusted)<o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri">ssl-options(no-sslv2, no-sslv3, no-tlsv1)<o:p></o:p></span></p>
<p class="MsoNormal">)<br>
);<br>
};<span style="font-size:11.0pt;font-family:Calibri"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"><o:p>&nbsp;</o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri">I got the following error when I tried to start it:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"><o:p>&nbsp;</o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri">-bash-4.1$ sudo service sys-ng1 start<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri">syslog-ng service starting.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri">Error parsing afsocket, syntax error, unexpected LL_IDENTIFIER, expecting ')' in /opt/splunk/usr/local/etc/syslog-ng.conf at line 49, column 9:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"><o:p>&nbsp;</o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ssl-options(no-sslv2, no-sslv3, no-tlsv1)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ^^^^^^^^^^^<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"><o:p>&nbsp;</o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri">syslog-ng documentation: http://www.balabit.com/support/documentation/?product=syslog-ng<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri">mailing list:
<a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"><o:p>&nbsp;</o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri"><o:p>&nbsp;</o:p></span></p>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-family:Calibri;color:black">From: </span>
</b><span style="font-family:Calibri;color:black">&lt;syslog-ng-bounces@lists.balabit.hu&gt; on behalf of &quot;thejaguar@tutanota.de&quot; &lt;thejaguar@tutanota.de&gt;<br>
<b>Reply-To: </b>Syslog-ng users' and developers' mailing list &lt;syslog-ng@lists.balabit.hu&gt;<br>
<b>Date: </b>Tuesday, August 16, 2016 at 5:53 PM<br>
<b>To: </b>Joe Lupo &lt;Joseph.Lupo@T-Mobile.com&gt;<br>
<b>Cc: </b>Syslog-ng users' and developers' mailing list &lt;syslog-ng@lists.balabit.hu&gt;<br>
<b>Subject: </b>Re: [syslog-ng] Disabling SSLv3 with Syslog-NG<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><o:p>&nbsp;</o:p></p>
</div>
<div>
<div>
<p class="MsoNormal">its part of tls options so&nbsp; <o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p>&nbsp;</o:p></p>
</div>
<div>
<p class="MsoNormal">tls( key-file(&quot;/usr/local/etc/hostcert.key&quot;)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">cert-file(&quot;/usr/local/etc/hostcert.pem&quot;)<br>
peer_verify(optional-untrusted)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri">ssl-options(no-sslv3,no-tlsv1)&nbsp;</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt">)<br>
);<br>
The Jaguar<br>
<br>
16. Aug 2016 12:13 by <a href="mailto:Joseph.Lupo@T-Mobile.com" target="_blank">Joseph.Lupo@T-Mobile.com</a>:<o:p></o:p></p>
<blockquote style="border:none;border-left:solid #93A3B8 1.0pt;padding:0in 0in 0in 8.0pt;margin-left:3.75pt;margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">The syslog-ng documentation is very unclear. Where would we put the ssl-options(no-sslv2, no-sslv3, no-tlsv1) entry for disabling sslv2, sslv3 and tlsv1?<br>
<br>
The following works for enabling TLS on our host, but I can’t figure out where to insert the ssl-options.<span style="font-family:MingLiU"><br>
<br>
</span>source s_net {<span style="font-family:MingLiU"><br>
</span>network(ip('&lt;our IP&gt;') port(&lt;our port&gt;)<br>
transport(&quot;tls&quot;)<br>
tls( key-file(&quot;/usr/local/etc/hostcert.key&quot;)<br>
cert-file(&quot;/usr/local/etc/hostcert.pem&quot;)<br>
peer_verify(optional-untrusted))<br>
);<br>
};<br>
<br>
<br>
<br>
______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">
https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">
http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><o:p></o:p></p>
</blockquote>
</div>
</div>
</div>
</div>
</body>
</html>