well, since this is done transparently by openssl, the only hint you'd have is to look at the algorithm negotiation parts using wireshark and check whether the compression algorithm is negotiated. -- Bazsi On Mon, Aug 15, 2016 at 6:34 PM, <thejaguar@tutanota.de> wrote:
Thats fine if its a copy paste mistake and compression is enabled by default. Yes both sides are on tls. No I dont want to disable, rather wanted to make sure network transfers do get compressed. Except tcpdump , any other method to confirm ? Thanks for the response.
Jagshah.
14. Aug 2016 22:54 by balazs.scheidler@balabit.com:
Hmm, I dont know that option, maybe the premium edition team added that and it trickled into the open source documentation. Iirc by default syslog-ng made sure compression happens within tls as long as the other party supports it.
Or you want to disable it? On Aug 12, 2016 20:15, <thejaguar@tutanota.de> wrote:
Hi all,
According to this https://www.balabit.com/documents/syslog-ng-ose- latest-guides/en/syslog-ng-ose-guide-admin/html/tlsoptions.html
Allow-compression() should be a working option under tls.
I did google on this a lot and found no config snippet which shows allow-compress() to be working and to my surprise when I tried to include it in my config I get syntax error ______________________________ _____________________
2016-08-11T15:27:19.538347] Registering candidate plugin; module='afsocket', context='source', name='systemd-syslog', preference='100'
[2016-08-11T15:27:19.539190] Using /dev/log Unix socket with systemd is not possible. Changing to systemd-syslog source, which supports socket activation.; Error parsing afsocket, syntax error, unexpected LL_IDENTIFIER, expecting ')' in /etc/syslog-ng/syslog-ng.conf at line 27, column 124:
destination d_net_tls { network( "syslog1.xxxxxxxxx.com" port(6514) transport("tls") tls( ca-dir("/etc/syslog-ng/ca") allow-compress(yes) peer-verify(required-trusted) ssl-options(no-sslv3,no-tlsv1) )
^^^^^^^^^^^^^^ ___________________________________________________
I am using 3.8.0 on ubuntu 15.10.
Is this even really supported as claimed in here https://www.balabit.com/ network-security/syslog-ng/comparing/detailed
# /usr/sbin/syslog-ng -V
syslog-ng 3.8.0beta2
Installer-Version: 3.8.0beta2
Revision: 3.8.0beta2-1
Module-Directory: /usr/lib/syslog-ng/3.8
Module-Path: /usr/lib/syslog-ng/3.8
Available-Modules: affile,basicfuncs,system- source,cryptofuncs,pseudofile,afuser,csvparser,linux-kmsg- format,confgen,sdjournal,syslogformat,afprog,dbparser,afsocket
Enable-Debug: off
Enable-GProf: off
Enable-Memtrace: off
Enable-IPv6: on
Enable-Spoof-Source: on
Enable-TCP-Wrapper: on
Enable-Linux-Caps: off
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq