well, since this is done transparently by openssl, the only hint you'd have is to look at the algorithm negotiation parts using wireshark and check whether the compression algorithm is negotiated.


--
Bazsi

On Mon, Aug 15, 2016 at 6:34 PM, <thejaguar@tutanota.de> wrote:
Thats fine if its a copy paste mistake and compression is enabled by default. Yes both sides are on tls. No I dont want to disable, rather wanted to make sure network transfers do get compressed.  Except tcpdump , any other method to confirm ?
Thanks for the response. 

Jagshah.

14. Aug 2016 22:54 by balazs.scheidler@balabit.com:


Hmm, I dont know that option, maybe the premium edition team added that and it trickled into the open source documentation. Iirc by default syslog-ng made sure compression happens within tls as long as the other party supports it.

Or you want to disable it?

On Aug 12, 2016 20:15, <thejaguar@tutanota.de> wrote:

Hi all,

According to this https://www.balabit.com/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/tlsoptions.html

Allow-compression() should be a working option under tls.

I did google on this a lot and found no config snippet which shows allow-compress() to be working and to my surprise when I tried to include it in my config I get syntax error ___________________________________________________

 

2016-08-11T15:27:19.538347] Registering candidate plugin; module='afsocket', context='source', name='systemd-syslog', preference='100'

[2016-08-11T15:27:19.539190] Using /dev/log Unix socket with systemd is not possible. Changing to systemd-syslog source, which supports socket activation.; Error parsing afsocket, syntax error, unexpected LL_IDENTIFIER, expecting ')' in /etc/syslog-ng/syslog-ng.conf at line 27, column 124:

 

destination d_net_tls { network( "syslog1.xxxxxxxxx.com" port(6514) transport("tls") tls( ca-dir("/etc/syslog-ng/ca") allow-compress(yes) peer-verify(required-trusted) ssl-options(no-sslv3,no-tlsv1) )

                                                                                                                                                                                                                       ^^^^^^^^^^^^^^ ___________________________________________________

I am using 3.8.0 on  ubuntu 15.10. 

Is this even really supported as claimed in here https://www.balabit.com/network-security/syslog-ng/comparing/detailed

 

# /usr/sbin/syslog-ng -V

syslog-ng 3.8.0beta2

Installer-Version: 3.8.0beta2

Revision: 3.8.0beta2-1

Module-Directory: /usr/lib/syslog-ng/3.8

Module-Path: /usr/lib/syslog-ng/3.8

Available-Modules: affile,basicfuncs,system-source,cryptofuncs,pseudofile,afuser,csvparser,linux-kmsg-format,confgen,sdjournal,syslogformat,afprog,dbparser,afsocket

Enable-Debug: off

Enable-GProf: off

Enable-Memtrace: off

Enable-IPv6: on

Enable-Spoof-Source: on

Enable-TCP-Wrapper: on

Enable-Linux-Caps: off

 




______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq