On Wed, 2009-03-25 at 11:17 +0100, Luigi Augello wrote:
Hello some days ago I sent this message ello I try to use ssl ad I have the follow scenario: but just now i not solved. Anyone may help me
Tanks Luigi
One server (192.168.1.2) with this syslog.ng.conf
########################################### @version:3.0
source s_sk{file("/var/log/messages");}; source s_ssl{ tcp(ip("0.0.0.0") port (1999) tls(key_file("/root/Scaricati/certificati/privkey.pem") cert_file("/root/Scaricati/certificati/cacert.pem")));};
destination d_file{file("/var/log/syslog-ng.log");};
log{source(s_sk);destination(d_file);}; log{source(s_ssl);destination(d_file);};
One client (192.168.1.3) with this syslog.ng.conf ###################################################
@version:3.0
source s_sk{file("/var/log/messages");}; destination d_file{file("/var/log/syslog-ng.log");};
destination d_ssl{tcp("192.168.1.2" port (1999) tls(ca_dir("/root/software/ca/")));};
log{source(s_sk);destination(d_file);}; log{source(s_sk);destination(d_ssl);};
I haven't a CA certificate and I use a self-signed certificate created by these instructions
opennsl genrsa -out privkey.pem opennsl req -new -x509 -key prixkey.pem -out cacert.pem -days 1095
I follow step by step the instructions on "The syslog-ng Administrators guide " page 58 and so on and I copied the cacert.pem generated in the server in the client and I use ln -s .... When I try to start the server it starts. Though the client doesn't give me any errors it doesn't start. I suppose the certificate may crate some problems.
hmm, and can you give us more information, like the error message that syslog-ng prints when the handshake fails? -- Bazsi