Thank you Bazsi. Regards, Girish From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Scheidler, Balázs Sent: Wednesday, March 09, 2016 2:45 AM To: Syslog-ng users' and developers' mailing list Subject: Re: [syslog-ng] Syslog over TLS : Protocol is TCP and TLS On Mar 8, 2016 07:22, "Girish Kumar" <girish.kumar@al-enterprise.com<mailto:girish.kumar@al-enterprise.com>> wrote:
Thanks Bazi.
I would like to analyze little more on syslog-ng log files related to TLS. Could you please let me know how to enable debug logs in syslog-ng.
I have one more query on ssl option.
There is a TLS options in 3.7.2 , ssl-options() which is used for setting ssl option. Options are no-sslv2, no-sslv3, no-tlsv1, no-tlsv11, no-tlsv12 and by default option is no-sslv2. Hope my understanding is correct. I referred the following link
https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-g...
Could you please let me know how to set ssl-option in syslog-ng 3.6. I didn’t find similar option there. Currently my syslog-ng server is 3.6.2 and client is 3.7.2
In syslog-ng 3.6 nosslv2 was hardwired and couldn't be configured.
Regards,
Girish
From: syslog-ng-bounces@lists.balabit.hu<mailto:syslog-ng-bounces@lists.balabit.hu> [mailto:syslog-ng-bounces@lists.balabit.hu<mailto:syslog-ng-bounces@lists.balabit.hu>] On Behalf Of Scheidler, Balázs Sent: Monday, March 07, 2016 1:17 PM To: Syslog-ng users' and developers' mailing list Subject: Re: [syslog-ng] Syslog over TLS : Protocol is TCP and TLS
Well, if you open the payload of the initial packages (e.g. after the SYN-SYNACK-ACK handshake), you should see binary stuff instead of plain text log messages.
-- Bazsi
On Mon, Mar 7, 2016 at 7:07 AM, Girish Kumar <girish.kumar@al-enterprise.com<mailto:girish.kumar@al-enterprise.com>> wrote:
Hi All,
Finally I was able to setup syslog-ng client and server. Communicate over TLS. Thanks for all your help.
In wireshark capture I am seeing all protocol as TCP and not as TLS. Please let me know whether my communication has happened over TLS.
If yes how do I validate that. Can I enable additional logs in syslog-ng ?
My tls part of conf file
Client
--------
destination d_destination {
syslog("135.254.163.151" port(6514)
transport("tls")
tls( ca_dir("/etc/ca.d")
key_file("/etc/cert.d/myCliPrivate.key")
cert_file("/etc/cert.d/myCliCert.pem") )
);
};
Server
---------
source d_source {
syslog(ip("135.254.163.151") port(6514)
transport("tls")
tls( key_file("/etc/syslog-ng/cert.d/mySerPrivate.key")
cert_file("/etc/syslog-ng/cert.d/mySerCert.pem")
ca_dir("/etc/syslog-ng/ca.d"))
);
};
Regards,
Girish
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq