Hi All, I have a problem from source tls... no logs are writing, no errors in logs file of syslog-ng . I hope that you have some ideas... :-) Follow the scenario : Server ----------------------------- syslog-ng log file : 2009-10-14T11:43:54+02:00 s_local@zpvm0306-1515 syslog-ng[14171]: Syslog connection accepted; fd='25', client='AF_INET(10.1.1.57:10865)', local='AF_INET(10.1.1.55:1999)' 2009-10-14T11:44:05+02:00 s_local@zpvm0306-1515 syslog-ng[14171]: Reaping unused destination files; template='/var/log/HOSTS/$HOST/encrypt-$PROGRAM-$YEAR-$MONTH.log' 2009-10-14T11:44:05+02:00 s_local@zpvm0306-1515 syslog-ng[14171]: Reaping unused destination files; template='/var/log/HOSTS/$HOST/$R_YEAR-$R_MONTH-$PROGRAM.log' syslog-ng.conf : source s_tcp_tls { tcp( ip(10.1.1.55) port(1999) tls( key_file("/opt/syslog-ng/etc/key.d/syslog-ng.key") cert_file("/opt/syslog-ng/etc/cert.d/syslo-ng.cert") peer_verify(optional-untrusted) ) ); }; destination zlog { file("/var/log/HOSTS/$HOST/$R_YEAR-$R_MONTH-$PROGRAM.log" template("$ISODATE\t[<$FACILITY.$PRIORITY>]\t$HOST\t$PROGRAM\t$MSGHDR $MSG\n") template_escape(no) ); }; log { source(s_tcp_tls); destination(zlog); }; -------------------------------------- Client ---------------------------- source s_local { unix-stream("/dev/log"); internal(); }; destination tls_syslog_destination { tcp("10.1.1.55" port(1999) tls( ca_dir("/opt/syslog-ng/etc/cert.d") ) ); }; log { source(s_local); destination(tls_syslog_destination); }; Oct 14 11:46:02 zpvm0306-1630 syslog-ng[30713]: Syslog connection established; fd='16', server='AF_INET(10.1.1.55:1999)', local='AF_INET( 0.0.0.0:0)' Oct 14 11:46:02 zpvm0306-1630 syslog-ng[30713]: Syslog connection broken; fd='16', server='AF_INET(10.1.1.55:1999)', time_reopen='60' Oct 14 11:46:02 zpvm0306-1630 syslog-ng[30713]: Closing log transport fd; fd='16' ------------------------------------- syslog-ng.key and syslog-ng.cert from syslog-ng.pem -----BEGIN RSA PRIVATE KEY----- MIICXAIBAAKBgQCmf/eIUSTa6jyPiqOfWnofHmVkYRHx+QG9Obml1g3oX6YQEecl UwpFtpaZQHNGbZoCiM3TNr8/rj92yT/i1X4HAuqVrnZ9ra4GD2SQ4/C06Xe5d2+L AlurTwVN9+4Zu73LpvCsfhJZgcros9A10Iq25TvYLu9pBchBLjnY1d2kewIDAQAB AoGAdCQhc8o+biIkenBX8Gl5dEmMqnd3wBVVHDyu/joRW32U5fLHDOce7EAQTviB MKh1XL027dVrlK0kgeSiFsWbcYKJdSLsY7J5osEPFAu9ZjaaXtE1hbQpAlZswLvE n12x6jbZSlVGBTfb6TsLWcgJ5QY2BAcntGZjz3ryffoE/BECQQDSIXBWX3OVuR6i +aFphzy5Hc+IUCsaPYQcSntnLLHa+W3W75sWMLTEjFZGXWQwtj8Ixk+4Ce650yLw B5CbnAYzAkEAythYir5ttKEPkixbGSrBntndJW8oNjXN6pR6ofklhGrV52oh7Y+A UW23lrvAyfAArArDiAcsxV+lYDRwQ5pQmQJADxAql2Z8SK1ejtxKP+Bb8AE9EU59 6IGkaMrGEd1YWpQq1Y+TlIGlU7mjraOgPQWzexOMP2sm29dQ19gS+7SxlQJAJwuD 55kGNvm1rJZbJroDMReQqO7/l4e9zkSsYlc58IY8DGJyi27O7V2oNByJ3JUVHAiq YJm49XkWtTEC1xByKQJBAKRiGABOrJwaOLOgMXreTykY7aX2uho+0gtOKewXoj42 3SwNLyW9rM0IK5lBKOyYyYZ6jn3bN9bYHE4jIjxiMfU= -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIIDpzCCAxCgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBmjELMAkGA1UEBhMCSVQx DjAMBgNVBAgTBU1pbGFuMQ4wDAYDVQQHEwVNaWxhbjEUMBIGA1UEChMLWmVyb3Bp dSBTcEExHTAbBgNVBAsMFFJlc2VhcmNoJkRldmVsb3BtZW50MRMwEQYDVQQDEwp6 ZXJvcGl1Lml0MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QHplcm9waXUuaXQwHhcN MDkxMDExMTA1NTQwWhcNMTAxMDExMTA1NTQwWjCBmjELMAkGA1UEBhMCSVQxDjAM BgNVBAgTBU1pbGFuMQ4wDAYDVQQHEwVNaWxhbjEUMBIGA1UEChMLWmVyb3BpdSBT cEExHTAbBgNVBAsMFFJlc2VhcmNoJkRldmVsb3BtZW50MRMwEQYDVQQDEwp6ZXJv cGl1Lml0MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QHplcm9waXUuaXQwgZ8wDQYJ KoZIhvcNAQEBBQADgY0AMIGJAoGBAKZ/94hRJNrqPI+Ko59aeh8eZWRhEfH5Ab05 uaXWDehfphAR5yVTCkW2lplAc0ZtmgKIzdM2vz+uP3bJP+LVfgcC6pWudn2trgYP ZJDj8LTpd7l3b4sCW6tPBU337hm7vcum8Kx+ElmByuiz0DXQirblO9gu72kFyEEu OdjV3aR7AgMBAAGjgfowgfcwHQYDVR0OBBYEFGxV+r7bTgQw7qQFq+NOM2ZKswh/ MIHHBgNVHSMEgb8wgbyAFGxV+r7bTgQw7qQFq+NOM2ZKswh/oYGgpIGdMIGaMQsw CQYDVQQGEwJJVDEOMAwGA1UECBMFTWlsYW4xDjAMBgNVBAcTBU1pbGFuMRQwEgYD VQQKEwtaZXJvcGl1IFNwQTEdMBsGA1UECwwUUmVzZWFyY2gmRGV2ZWxvcG1lbnQx EzARBgNVBAMTCnplcm9waXUuaXQxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRAemVy b3BpdS5pdIIBADAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAEND4ifb Ntd7JJKVa6FDNS5ouLdfQq5sk+uwI9OyDuD2SUdfMuhpF2PZQFxSlI2esOcTwHro tx9FBiNeZkFElPZ82vPjgchGjcgIFfUYHwWH+8lfVXEsmOub0r9xBPZNZ5/mzEXQ 7mpgGYO3aSCzqOPpz0OFBF5cBrpYSzwenaYl -----END CERTIFICATE----- -- /* Carlo http://oblab.com */
On Wed, 2009-10-14 at 11:53 +0200, Carlo Balbo wrote:
Hi All,
I have a problem from source tls... no logs are writing, no errors in logs file of syslog-ng . I hope that you have some ideas... :-)
Follow the scenario :
Server ----------------------------- syslog-ng log file : 2009-10-14T11:43:54+02:00 s_local@zpvm0306-1515 syslog-ng[14171]: Syslog connection accepted; fd='25', client='AF_INET(10.1.1.57:10865)', local='AF_INET(10.1.1.55:1999)' 2009-10-14T11:44:05+02:00 s_local@zpvm0306-1515 syslog-ng[14171]: Reaping unused destination files; template='/var/log/HOSTS/$HOST/encrypt-$PROGRAM-$YEAR-$MONTH.log' 2009-10-14T11:44:05+02:00 s_local@zpvm0306-1515 syslog-ng[14171]: Reaping unused destination files; template='/var/log/HOSTS/$HOST/$R_YEAR-$R_MONTH-$PROGRAM.log'
could you please enable --debug and --verbose messages on the server side? the client logs indicate that the server breaks the connection for some reason. Also, it might be useful to do some tcpdumps on the connection, maybe that'd reveal more information. -- Bazsi
participants (2)
-
Balazs Scheidler
-
Carlo Balbo