Dear all, I don't want forwarding the syslog messages which contain the following to my local syslog, so I setup the filter like below ISDN-6-CONNECT ISDN-6-DISCONNECT changed by user However the messages contain the above are still show up in my local syslog file ForMe.log Below is from my syslog-ng.conf source s_network { network( transport("udp") port(514) flags(syslog_protocol) keep_hostname(yes) keep_timestamp(yes) use_dns(yes) use_fqdn(yes) ); }; destination d_ForMe_logs { file("/app/syslog-ng/custom/output/ForMe.log"); }; filter f_DoNotSendtoMe { not match("ISDN-6-CONNECT" value("MESSAGE")); or not match("ISDN-6-DISCONNECT" value("MESSAGE")); or not match("changed by user" value("MESSAGE")); }; log { source(s_network); filter(f_DoNotSendtoMe); destination(d_ForMe_logs); }; Do I missing any confing ? Thank you so much for your expertize! VL -----Original Message----- From: syslog-ng [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of syslog-ng-request@lists.balabit.hu Sent: 2019, September, 27 12:52 PM To: syslog-ng@lists.balabit.hu Subject: syslog-ng Digest, Vol 173, Issue 33 Send syslog-ng mailing list submissions to syslog-ng@lists.balabit.hu To subscribe or unsubscribe via the World Wide Web, visit https://lists.balabit.hu/mailman/listinfo/syslog-ng or, via email, send a message with subject or body 'help' to syslog-ng-request@lists.balabit.hu You can reach the person managing the list at syslog-ng-owner@lists.balabit.hu When replying, please edit your Subject line so it is more specific than "Re: Contents of syslog-ng digest..." Today's Topics: 1. Re: Enable SNI (Server Name Identification) in TLS connection (Raghunath Adhyapak) ---------------------------------------------------------------------- Message: 1 Date: Fri, 27 Sep 2019 22:22:14 +0530 From: Raghunath Adhyapak <funduraghu@gmail.com> To: "Syslog-ng users' and developers' mailing list" <syslog-ng@lists.balabit.hu> Subject: Re: [syslog-ng] Enable SNI (Server Name Identification) in TLS connection Message-ID: <CAEiok=Qrmw-s5r-ttRrQyQ+8CSq0BzdXgfzw+L0GhvR0_w-gUg@mail.gmail.com> Content-Type: text/plain; charset="utf-8" I built from source and tested and it worked fine I need Deb package to ease install on my machines. I can wait for some more time. Raghu On Fri, Sep 27, 2019, 12:35 Gabor Nagy (gnagy) <Gabor.Nagy@oneidentity.com> wrote:
If you would like to test before the upcoming release, you can create a deb package with our docker based package scripts: https://github.com/syslog-ng/syslog-ng/tree/master/dbld
depending on your platform, it would be "dbld/rules deb" or "dbld/rules deb-ubuntu-xenial"
Regards, Gabor ------------------------------ *From:* syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Raghunath Adhyapak <funduraghu@gmail.com> *Sent:* Thursday, September 26, 2019 15:30 *To:* Syslog-ng users' and developers' mailing list < syslog-ng@lists.balabit.hu> *Subject:* Re: [syslog-ng] Enable SNI (Server Name Identification) in TLS connection
CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.
Thanks. Now waiting for Debian package
Raghu
On Thu, Sep 26, 2019, 18:26 Attila Szakacs (aszakacs) < Attila.Szakacs@oneidentity.com> wrote:
Hi Raghu,
It got merged to master! 🙂 https://github.com/syslog-ng/syslog-ng/pull/2930 <https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgit hub.com%2Fsyslog-ng%2Fsyslog-ng%2Fpull%2F2930&data=02%7C01%7Cgabor.nag y%40oneidentity.com%7Cfb559bbffddf430b07d408d74285c639%7C91c369b51c9e4 39c989c1867ec606603%7C0%7C0%7C637051014645449880&sdata=CYEi5latvJWnPQo 7xYHa3klvdXiNVyXai5PhV51yVeI%3D&reserved=0>
Best regards, Attila ------------------------------ *From:* syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Raghunath Adhyapak <funduraghu@gmail.com> *Sent:* Wednesday, September 18, 2019 5:35 PM *To:* Syslog-ng users' and developers' mailing list < syslog-ng@lists.balabit.hu> *Subject:* Re: [syslog-ng] Enable SNI (Server Name Identification) in TLS connection
CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.
That's awesome.
Thanks Raghu
On Wed, Sep 18, 2019, 17:05 Attila Szakacs (aszakacs) < Attila.Szakacs@oneidentity.com> wrote:
To the other question: It will be merged on the master branch probably in a week.
Attila ------------------------------ *From:* syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Attila Szakacs (aszakacs) <Attila.Szakacs@oneidentity.com> *Sent:* Wednesday, September 18, 2019 1:28 PM *To:* Syslog-ng users' and developers' mailing list < syslog-ng@lists.balabit.hu> *Subject:* Re: [syslog-ng] Enable SNI (Server Name Identification) in TLS connection
CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.
Hi Raghu,
You are welcome! Thanks for the good idea. If everything goes well, this feature will be released in version 3.24, in 3-4 weeks. The packaging happens at the same time, you will find the 3.24 installer at https://download.opensuse.org/repositories/home:/laszlo_budai:/syslog- ng/ <https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdow nload.opensuse.org%2Frepositories%2Fhome%3A%2Flaszlo_budai%3A%2Fsyslog -ng%2F&data=02%7C01%7Cgabor.nagy%40oneidentity.com%7Cfb559bbffddf430b0 7d408d74285c639%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637051014 645459869&sdata=krct3nD%2BVSMEQG00R0VJO2D1CeLqITAi8ZNTI7mV1a8%3D&reser ved=0>
Best regards, Attila ------------------------------ *From:* syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Raghunath Adhyapak <funduraghu@gmail.com> *Sent:* Wednesday, September 18, 2019 12:50 PM *To:* Syslog-ng users' and developers' mailing list < syslog-ng@lists.balabit.hu> *Subject:* Re: [syslog-ng] Enable SNI (Server Name Identification) in TLS connection
CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.
Hi Atilla,
I updated the code, compiled it and tested the changes. The changes works as expected. Thanks for the addressing the issue in such a short time.
Follow-up question: When will this change get merged into the master branch? Also, when will this get packaged in Debian package?
Thanks Raghu
On Tue, Sep 17, 2019 at 4:27 PM Attila Szakacs (aszakacs) < Attila.Szakacs@oneidentity.com> wrote:
Hi Raghu,
Currently we are not sending SNI extension in the Client Hello message. However, I made a PR to implement this: https://github.com/balabit/syslog-ng/pull/2930 <https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgit hub.com%2Fbalabit%2Fsyslog-ng%2Fpull%2F2930&data=02%7C01%7Cgabor.nagy% 40oneidentity.com%7Cfb559bbffddf430b07d408d74285c639%7C91c369b51c9e439 c989c1867ec606603%7C0%7C0%7C637051014645459869&sdata=IlcWEnngIqkJFPjWv S7hrar4Tli4Kqgad5IdN7X5WVc%3D&reserved=0>
Can you build syslog-ng from source? It would be great, if you tested the PR.
Best regards, Attila ------------------------------ *From:* syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Raghunath Adhyapak <funduraghu@gmail.com> *Sent:* Tuesday, September 17, 2019 9:05 AM *To:* syslog-ng@lists.balabit.hu <syslog-ng@lists.balabit.hu> *Subject:* [syslog-ng] Enable SNI (Server Name Identification) in TLS connection
CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.
Hi,
I am using TLS over TCP connection to forward my syslog events to a remote server. My remote server uses SNI (Server Name Identification) to route connections/events to one of the available backend servers.
I observe that syslog-ng doesn't send SNI during TLS handshake.
How can I enable it?
My configuration is as follows:
=================================== source s_net { syslog(transport(udp) port(1514)); }; destination d_tcp { tcp( "XX.example.net <https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2FXX.e xample.net&data=02%7C01%7Cgabor.nagy%40oneidentity.com%7Cfb559bbffddf4 30b07d408d74285c639%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C63705 1014645469860&sdata=RTiMaNycpB56zTGx2gmqeFESNI2QO3JvOvSXUyC2MRk%3D&res erved=0> " port(96) tls( peer-verify(required-untrusted) ca_dir("/etc/syslog-ng/ssl")
key-file("/etc/syslog-ng/ssl/globaltest/XX.example.net.key.pem")
cert-file("/etc/syslog-ng/ssl/globaltest/XX.example.net.cert.pem") ) ); }; log { source(s_net); destination(d_tcp); }; ===================================
I want syslog-ng to send XX.example.net <https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2FXX.e xample.net&data=02%7C01%7Cgabor.nagy%40oneidentity.com%7Cfb559bbffddf4 30b07d408d74285c639%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C63705 1014645469860&sdata=RTiMaNycpB56zTGx2gmqeFESNI2QO3JvOvSXUyC2MRk%3D&res erved=0> as SNI to my remote server
Please advise
Thanks Raghu
______________________________________________________________________ ________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng <https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flis ts.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=02%7C01%7Cgabor.na gy%40oneidentity.com%7Cfb559bbffddf430b07d408d74285c639%7C91c369b51c9e 439c989c1867ec606603%7C0%7C0%7C637051014645479861&sdata=gHBU5J5tU99NDH J4PwjtxlnS0jVp2Vxh%2BgAuiTsVKaE%3D&reserved=0> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng <https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww. balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=02 %7C01%7Cgabor.nagy%40oneidentity.com%7Cfb559bbffddf430b07d408d74285c63 9%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637051014645479861&sdat a=NmD0lHSiQw0DbM8voUKjVOFX2fSnDwhyqaZvA7%2BBmnA%3D&reserved=0> FAQ: http://www.balabit.com/wiki/syslog-ng-faq <https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww. balabit.com%2Fwiki%2Fsyslog-ng-faq&data=02%7C01%7Cgabor.nagy%40oneiden tity.com%7Cfb559bbffddf430b07d408d74285c639%7C91c369b51c9e439c989c1867 ec606603%7C0%7C0%7C637051014645489858&sdata=9VaEY4yqC3Y8y0gQZbVY6M0g%2 F2rhXsfXRlw2%2Fwbik2s%3D&reserved=0>
______________________________________________________________________ ________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng <https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flis ts.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=02%7C01%7Cgabor.na gy%40oneidentity.com%7Cfb559bbffddf430b07d408d74285c639%7C91c369b51c9e 439c989c1867ec606603%7C0%7C0%7C637051014645489858&sdata=EWEYbbHYLIenlm GBceeB%2B0pLauNIABFmT0dt6%2F77TUs%3D&reserved=0> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng <https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww. balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=02 %7C01%7Cgabor.nagy%40oneidentity.com%7Cfb559bbffddf430b07d408d74285c63 9%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637051014645499850&sdat a=mVlgDpNt3RVoHdr7ESi2Im89VnA0W7NOjkQbB11V3LM%3D&reserved=0> FAQ: http://www.balabit.com/wiki/syslog-ng-faq <https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww. balabit.com%2Fwiki%2Fsyslog-ng-faq&data=02%7C01%7Cgabor.nagy%40oneiden tity.com%7Cfb559bbffddf430b07d408d74285c639%7C91c369b51c9e439c989c1867 ec606603%7C0%7C0%7C637051014645499850&sdata=mNe53MBvTKfpkm1a%2FS6rEvCt YPwO3Pfjca0jLyPNeqw%3D&reserved=0>
______________________________________________________________________ ________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng <https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flis ts.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=02%7C01%7Cgabor.na gy%40oneidentity.com%7Cfb559bbffddf430b07d408d74285c639%7C91c369b51c9e 439c989c1867ec606603%7C0%7C0%7C637051014645509849&sdata=YUrhyXSF6MkgRf RsxlOWqsSBsedoNo8UPb292Y0vTps%3D&reserved=0> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng <https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww. balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=02 %7C01%7Cgabor.nagy%40oneidentity.com%7Cfb559bbffddf430b07d408d74285c63 9%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637051014645509849&sdat a=I2zhc1DPDcvLEShMr4v2V2MgtEZf72oDOvqx%2F607r%2BA%3D&reserved=0> FAQ: http://www.balabit.com/wiki/syslog-ng-faq <https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww. balabit.com%2Fwiki%2Fsyslog-ng-faq&data=02%7C01%7Cgabor.nagy%40oneiden tity.com%7Cfb559bbffddf430b07d408d74285c639%7C91c369b51c9e439c989c1867 ec606603%7C0%7C0%7C637051014645519834&sdata=eicWBDsPB4aguw98EKqegLs0ZB NcHmbifbm8lEFeKF0%3D&reserved=0>
______________________________________________________________________ ________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20190927/04aa6f04/attachment.html> ------------------------------ Subject: Digest Footer _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng ------------------------------ End of syslog-ng Digest, Vol 173, Issue 33 ****************************************** _______________________________________________________________________ If you received this email in error, please advise the sender (by return email or otherwise) immediately. You have consented to receive the attached electronically at the above-noted email address; please retain a copy of this confirmation for future reference. Si vous recevez ce courriel par erreur, veuillez en aviser l'expéditeur immédiatement, par retour de courriel ou par un autre moyen. Vous avez accepté de recevoir le(s) document(s) ci-joint(s) par voie électronique à l'adresse courriel indiquée ci-dessus; veuillez conserver une copie de cette confirmation pour les fins de reference future.
Hi, I think your filter expression should have "and" instead of "or", like: filter f_DoNotSendtoMe { not match("ISDN-6-CONNECT" value("MESSAGE")); and not match("ISDN-6-DISCONNECT" value("MESSAGE")); and not match("changed by user" value("MESSAGE")); }; Just imagine: with "or" connections, when you receive a message with "ISDN-6-DISCONNECT", syslog-ng checks the first expression: not match("ISDN-6-CONNECT" value("MESSAGE")); It will be true, as it does not match with "ISDN-6-CONNECT", so the whole filter returns true. With "and" connections, we make sure, that none of the expressions match with the message. Best regards, Attila ________________________________ From: syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Lin, Victor <victor.lin@rbc.com> Sent: Monday, September 30, 2019 3:19 AM To: syslog-ng@lists.balabit.hu <syslog-ng@lists.balabit.hu> Subject: [syslog-ng] filter not working CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe. Dear all, I don't want forwarding the syslog messages which contain the following to my local syslog, so I setup the filter like below ISDN-6-CONNECT ISDN-6-DISCONNECT changed by user However the messages contain the above are still show up in my local syslog file ForMe.log Below is from my syslog-ng.conf source s_network { network( transport("udp") port(514) flags(syslog_protocol) keep_hostname(yes) keep_timestamp(yes) use_dns(yes) use_fqdn(yes) ); }; destination d_ForMe_logs { file("/app/syslog-ng/custom/output/ForMe.log"); }; filter f_DoNotSendtoMe { not match("ISDN-6-CONNECT" value("MESSAGE")); or not match("ISDN-6-DISCONNECT" value("MESSAGE")); or not match("changed by user" value("MESSAGE")); }; log { source(s_network); filter(f_DoNotSendtoMe); destination(d_ForMe_logs); }; Do I missing any confing ? Thank you so much for your expertize! VL -----Original Message----- From: syslog-ng [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of syslog-ng-request@lists.balabit.hu Sent: 2019, September, 27 12:52 PM To: syslog-ng@lists.balabit.hu Subject: syslog-ng Digest, Vol 173, Issue 33 Send syslog-ng mailing list submissions to syslog-ng@lists.balabit.hu To subscribe or unsubscribe via the World Wide Web, visit https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=02%7C01%7Cattila.szakacs%40oneidentity.com%7Cb9e9365d670d40a9c18708d7454447a9%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637054031891964192&sdata=epd5fu2gxcoVBdgKmIdqjo9flkvR%2Berxp3qWtVPC%2Bhc%3D&reserved=0 or, via email, send a message with subject or body 'help' to syslog-ng-request@lists.balabit.hu You can reach the person managing the list at syslog-ng-owner@lists.balabit.hu When replying, please edit your Subject line so it is more specific than "Re: Contents of syslog-ng digest..." Today's Topics: 1. Re: Enable SNI (Server Name Identification) in TLS connection (Raghunath Adhyapak) ---------------------------------------------------------------------- Message: 1 Date: Fri, 27 Sep 2019 22:22:14 +0530 From: Raghunath Adhyapak <funduraghu@gmail.com> To: "Syslog-ng users' and developers' mailing list" <syslog-ng@lists.balabit.hu> Subject: Re: [syslog-ng] Enable SNI (Server Name Identification) in TLS connection Message-ID: <CAEiok=Qrmw-s5r-ttRrQyQ+8CSq0BzdXgfzw+L0GhvR0_w-gUg@mail.gmail.com> Content-Type: text/plain; charset="utf-8" I built from source and tested and it worked fine I need Deb package to ease install on my machines. I can wait for some more time. Raghu On Fri, Sep 27, 2019, 12:35 Gabor Nagy (gnagy) <Gabor.Nagy@oneidentity.com> wrote:
If you would like to test before the upcoming release, you can create a deb package with our docker based package scripts: https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fsyslog-ng%2Fsyslog-ng%2Ftree%2Fmaster%2Fdbld&data=02%7C01%7Cattila.szakacs%40oneidentity.com%7Cb9e9365d670d40a9c18708d7454447a9%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637054031891964192&sdata=KqQzgSFM9LZjrO8Yoe%2FInZ64tgMoydhB4REPmH7TEM8%3D&reserved=0
depending on your platform, it would be "dbld/rules deb" or "dbld/rules deb-ubuntu-xenial"
Regards, Gabor ------------------------------ *From:* syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Raghunath Adhyapak <funduraghu@gmail.com> *Sent:* Thursday, September 26, 2019 15:30 *To:* Syslog-ng users' and developers' mailing list < syslog-ng@lists.balabit.hu> *Subject:* Re: [syslog-ng] Enable SNI (Server Name Identification) in TLS connection
CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.
Thanks. Now waiting for Debian package
Raghu
On Thu, Sep 26, 2019, 18:26 Attila Szakacs (aszakacs) < Attila.Szakacs@oneidentity.com> wrote:
Hi Raghu,
It got merged to master! 🙂 https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fsyslog-ng%2Fsyslog-ng%2Fpull%2F2930&data=02%7C01%7Cattila.szakacs%40oneidentity.com%7Cb9e9365d670d40a9c18708d7454447a9%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637054031891964192&sdata=8vSuSCX6t33xfYtXSKmsH2WIxkr6CXrKT0MnGnYVulw%3D&reserved=0 <https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgit hub.com%2Fsyslog-ng%2Fsyslog-ng%2Fpull%2F2930&data=02%7C01%7Cgabor.nag y%40oneidentity.com%7Cfb559bbffddf430b07d408d74285c639%7C91c369b51c9e4 39c989c1867ec606603%7C0%7C0%7C637051014645449880&sdata=CYEi5latvJWnPQo 7xYHa3klvdXiNVyXai5PhV51yVeI%3D&reserved=0>
Best regards, Attila ------------------------------ *From:* syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Raghunath Adhyapak <funduraghu@gmail.com> *Sent:* Wednesday, September 18, 2019 5:35 PM *To:* Syslog-ng users' and developers' mailing list < syslog-ng@lists.balabit.hu> *Subject:* Re: [syslog-ng] Enable SNI (Server Name Identification) in TLS connection
CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.
That's awesome.
Thanks Raghu
On Wed, Sep 18, 2019, 17:05 Attila Szakacs (aszakacs) < Attila.Szakacs@oneidentity.com> wrote:
To the other question: It will be merged on the master branch probably in a week.
Attila ------------------------------ *From:* syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Attila Szakacs (aszakacs) <Attila.Szakacs@oneidentity.com> *Sent:* Wednesday, September 18, 2019 1:28 PM *To:* Syslog-ng users' and developers' mailing list < syslog-ng@lists.balabit.hu> *Subject:* Re: [syslog-ng] Enable SNI (Server Name Identification) in TLS connection
CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.
Hi Raghu,
You are welcome! Thanks for the good idea. If everything goes well, this feature will be released in version 3.24, in 3-4 weeks. The packaging happens at the same time, you will find the 3.24 installer at https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdownload.opensuse.org%2Frepositories%2Fhome%3A%2Flaszlo_budai%3A%2Fsyslog-&data=02%7C01%7Cattila.szakacs%40oneidentity.com%7Cb9e9365d670d40a9c18708d7454447a9%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637054031891964192&sdata=hLf%2BXVakNoLjXSxORRVifqFgKK%2F84YvD564uAe1AErE%3D&reserved=0 ng/ <https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdow nload.opensuse.org%2Frepositories%2Fhome%3A%2Flaszlo_budai%3A%2Fsyslog -ng%2F&data=02%7C01%7Cgabor.nagy%40oneidentity.com%7Cfb559bbffddf430b0 7d408d74285c639%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637051014 645459869&sdata=krct3nD%2BVSMEQG00R0VJO2D1CeLqITAi8ZNTI7mV1a8%3D&reser ved=0>
Best regards, Attila ------------------------------ *From:* syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Raghunath Adhyapak <funduraghu@gmail.com> *Sent:* Wednesday, September 18, 2019 12:50 PM *To:* Syslog-ng users' and developers' mailing list < syslog-ng@lists.balabit.hu> *Subject:* Re: [syslog-ng] Enable SNI (Server Name Identification) in TLS connection
CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.
Hi Atilla,
I updated the code, compiled it and tested the changes. The changes works as expected. Thanks for the addressing the issue in such a short time.
Follow-up question: When will this change get merged into the master branch? Also, when will this get packaged in Debian package?
Thanks Raghu
On Tue, Sep 17, 2019 at 4:27 PM Attila Szakacs (aszakacs) < Attila.Szakacs@oneidentity.com> wrote:
Hi Raghu,
Currently we are not sending SNI extension in the Client Hello message. However, I made a PR to implement this: https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fbalabit%2Fsyslog-ng%2Fpull%2F2930&data=02%7C01%7Cattila.szakacs%40oneidentity.com%7Cb9e9365d670d40a9c18708d7454447a9%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637054031891964192&sdata=cTMURGBeAIsPwwGsBUmmsIwPDwJpDabqBkek6LlASEo%3D&reserved=0 <https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgit hub.com%2Fbalabit%2Fsyslog-ng%2Fpull%2F2930&data=02%7C01%7Cgabor.nagy% 40oneidentity.com%7Cfb559bbffddf430b07d408d74285c639%7C91c369b51c9e439 c989c1867ec606603%7C0%7C0%7C637051014645459869&sdata=IlcWEnngIqkJFPjWv S7hrar4Tli4Kqgad5IdN7X5WVc%3D&reserved=0>
Can you build syslog-ng from source? It would be great, if you tested the PR.
Best regards, Attila ------------------------------ *From:* syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Raghunath Adhyapak <funduraghu@gmail.com> *Sent:* Tuesday, September 17, 2019 9:05 AM *To:* syslog-ng@lists.balabit.hu <syslog-ng@lists.balabit.hu> *Subject:* [syslog-ng] Enable SNI (Server Name Identification) in TLS connection
CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.
Hi,
I am using TLS over TCP connection to forward my syslog events to a remote server. My remote server uses SNI (Server Name Identification) to route connections/events to one of the available backend servers.
I observe that syslog-ng doesn't send SNI during TLS handshake.
How can I enable it?
My configuration is as follows:
=================================== source s_net { syslog(transport(udp) port(1514)); }; destination d_tcp { tcp( "XX.example.net <https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2FXX.e xample.net&data=02%7C01%7Cgabor.nagy%40oneidentity.com%7Cfb559bbffddf4 30b07d408d74285c639%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C63705 1014645469860&sdata=RTiMaNycpB56zTGx2gmqeFESNI2QO3JvOvSXUyC2MRk%3D&res erved=0> " port(96) tls( peer-verify(required-untrusted) ca_dir("/etc/syslog-ng/ssl")
key-file("/etc/syslog-ng/ssl/globaltest/XX.example.net.key.pem")
cert-file("/etc/syslog-ng/ssl/globaltest/XX.example.net.cert.pem") ) ); }; log { source(s_net); destination(d_tcp); }; ===================================
I want syslog-ng to send XX.example.net <https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2FXX.e xample.net&data=02%7C01%7Cgabor.nagy%40oneidentity.com%7Cfb559bbffddf4 30b07d408d74285c639%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C63705 1014645469860&sdata=RTiMaNycpB56zTGx2gmqeFESNI2QO3JvOvSXUyC2MRk%3D&res erved=0> as SNI to my remote server
Please advise
Thanks Raghu
______________________________________________________________________ ________ Member info: https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=02%7C01%7Cattila.szakacs%40oneidentity.com%7Cb9e9365d670d40a9c18708d7454447a9%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637054031891974190&sdata=t7d8IBFLJO9uUAMf4s%2BzfzYHgA3SBOR58DmTfnuxE1M%3D&reserved=0 <https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flis ts.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=02%7C01%7Cgabor.na gy%40oneidentity.com%7Cfb559bbffddf430b07d408d74285c639%7C91c369b51c9e 439c989c1867ec606603%7C0%7C0%7C637051014645479861&sdata=gHBU5J5tU99NDH J4PwjtxlnS0jVp2Vxh%2BgAuiTsVKaE%3D&reserved=0> Documentation: https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=02%7C01%7Cattila.szakacs%40oneidentity.com%7Cb9e9365d670d40a9c18708d7454447a9%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637054031891974190&sdata=RsEoc2uH1DoInM3kgU6h710DWrWqLC5LwFe99F9wBro%3D&reserved=0 <https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww. balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=02 %7C01%7Cgabor.nagy%40oneidentity.com%7Cfb559bbffddf430b07d408d74285c63 9%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637051014645479861&sdat a=NmD0lHSiQw0DbM8voUKjVOFX2fSnDwhyqaZvA7%2BBmnA%3D&reserved=0> FAQ: https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=02%7C01%7Cattila.szakacs%40oneidentity.com%7Cb9e9365d670d40a9c18708d7454447a9%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637054031891974190&sdata=vExFemoXWyItsTkVAxjJAlKpv4FODd8IFP2BktJpwio%3D&reserved=0 <https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww. balabit.com%2Fwiki%2Fsyslog-ng-faq&data=02%7C01%7Cgabor.nagy%40oneiden tity.com%7Cfb559bbffddf430b07d408d74285c639%7C91c369b51c9e439c989c1867 ec606603%7C0%7C0%7C637051014645489858&sdata=9VaEY4yqC3Y8y0gQZbVY6M0g%2 F2rhXsfXRlw2%2Fwbik2s%3D&reserved=0>
______________________________________________________________________ ________ Member info: https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=02%7C01%7Cattila.szakacs%40oneidentity.com%7Cb9e9365d670d40a9c18708d7454447a9%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637054031891974190&sdata=t7d8IBFLJO9uUAMf4s%2BzfzYHgA3SBOR58DmTfnuxE1M%3D&reserved=0 <https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flis ts.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=02%7C01%7Cgabor.na gy%40oneidentity.com%7Cfb559bbffddf430b07d408d74285c639%7C91c369b51c9e 439c989c1867ec606603%7C0%7C0%7C637051014645489858&sdata=EWEYbbHYLIenlm GBceeB%2B0pLauNIABFmT0dt6%2F77TUs%3D&reserved=0> Documentation: https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=02%7C01%7Cattila.szakacs%40oneidentity.com%7Cb9e9365d670d40a9c18708d7454447a9%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637054031891974190&sdata=RsEoc2uH1DoInM3kgU6h710DWrWqLC5LwFe99F9wBro%3D&reserved=0 <https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww. balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=02 %7C01%7Cgabor.nagy%40oneidentity.com%7Cfb559bbffddf430b07d408d74285c63 9%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637051014645499850&sdat a=mVlgDpNt3RVoHdr7ESi2Im89VnA0W7NOjkQbB11V3LM%3D&reserved=0> FAQ: https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=02%7C01%7Cattila.szakacs%40oneidentity.com%7Cb9e9365d670d40a9c18708d7454447a9%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637054031891974190&sdata=vExFemoXWyItsTkVAxjJAlKpv4FODd8IFP2BktJpwio%3D&reserved=0 <https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww. balabit.com%2Fwiki%2Fsyslog-ng-faq&data=02%7C01%7Cgabor.nagy%40oneiden tity.com%7Cfb559bbffddf430b07d408d74285c639%7C91c369b51c9e439c989c1867 ec606603%7C0%7C0%7C637051014645499850&sdata=mNe53MBvTKfpkm1a%2FS6rEvCt YPwO3Pfjca0jLyPNeqw%3D&reserved=0>
______________________________________________________________________ ________ Member info: https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=02%7C01%7Cattila.szakacs%40oneidentity.com%7Cb9e9365d670d40a9c18708d7454447a9%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637054031891974190&sdata=t7d8IBFLJO9uUAMf4s%2BzfzYHgA3SBOR58DmTfnuxE1M%3D&reserved=0 <https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flis ts.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=02%7C01%7Cgabor.na gy%40oneidentity.com%7Cfb559bbffddf430b07d408d74285c639%7C91c369b51c9e 439c989c1867ec606603%7C0%7C0%7C637051014645509849&sdata=YUrhyXSF6MkgRf RsxlOWqsSBsedoNo8UPb292Y0vTps%3D&reserved=0> Documentation: https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=02%7C01%7Cattila.szakacs%40oneidentity.com%7Cb9e9365d670d40a9c18708d7454447a9%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637054031891974190&sdata=RsEoc2uH1DoInM3kgU6h710DWrWqLC5LwFe99F9wBro%3D&reserved=0 <https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww. balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=02 %7C01%7Cgabor.nagy%40oneidentity.com%7Cfb559bbffddf430b07d408d74285c63 9%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637051014645509849&sdat a=I2zhc1DPDcvLEShMr4v2V2MgtEZf72oDOvqx%2F607r%2BA%3D&reserved=0> FAQ: https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=02%7C01%7Cattila.szakacs%40oneidentity.com%7Cb9e9365d670d40a9c18708d7454447a9%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637054031891974190&sdata=vExFemoXWyItsTkVAxjJAlKpv4FODd8IFP2BktJpwio%3D&reserved=0 <https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww. balabit.com%2Fwiki%2Fsyslog-ng-faq&data=02%7C01%7Cgabor.nagy%40oneiden tity.com%7Cfb559bbffddf430b07d408d74285c639%7C91c369b51c9e439c989c1867 ec606603%7C0%7C0%7C637051014645519834&sdata=eicWBDsPB4aguw98EKqegLs0ZB NcHmbifbm8lEFeKF0%3D&reserved=0>
______________________________________________________________________ ________ Member info: https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=02%7C01%7Cattila.szakacs%40oneidentity.com%7Cb9e9365d670d40a9c18708d7454447a9%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637054031891974190&sdata=t7d8IBFLJO9uUAMf4s%2BzfzYHgA3SBOR58DmTfnuxE1M%3D&reserved=0 Documentation: https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=02%7C01%7Cattila.szakacs%40oneidentity.com%7Cb9e9365d670d40a9c18708d7454447a9%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637054031891974190&sdata=RsEoc2uH1DoInM3kgU6h710DWrWqLC5LwFe99F9wBro%3D&reserved=0 FAQ: https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=02%7C01%7Cattila.szakacs%40oneidentity.com%7Cb9e9365d670d40a9c18708d7454447a9%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637054031891974190&sdata=vExFemoXWyItsTkVAxjJAlKpv4FODd8IFP2BktJpwio%3D&reserved=0
-------------- next part -------------- An HTML attachment was scrubbed... URL: <https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.balabit.hu%2Fpipermail%2Fsyslog-ng%2Fattachments%2F20190927%2F04aa6f04%2Fattachment.html&data=02%7C01%7Cattila.szakacs%40oneidentity.com%7Cb9e9365d670d40a9c18708d7454447a9%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637054031891974190&sdata=4TMlhdebo%2FEPcOnyCgRZC4IIZFIvcpWQPh3lDlt5jRI%3D&reserved=0> ------------------------------ Subject: Digest Footer _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=02%7C01%7Cattila.szakacs%40oneidentity.com%7Cb9e9365d670d40a9c18708d7454447a9%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637054031891984178&sdata=GvPpjh9MTgR7P0IkzaZ2TsTUqJtlEhY3297a%2BKqBOJ8%3D&reserved=0 ------------------------------ End of syslog-ng Digest, Vol 173, Issue 33 ****************************************** _______________________________________________________________________ If you received this email in error, please advise the sender (by return email or otherwise) immediately. You have consented to receive the attached electronically at the above-noted email address; please retain a copy of this confirmation for future reference. Si vous recevez ce courriel par erreur, veuillez en aviser l'expéditeur immédiatement, par retour de courriel ou par un autre moyen. Vous avez accepté de recevoir le(s) document(s) ci-joint(s) par voie électronique à l'adresse courriel indiquée ci-dessus; veuillez conserver une copie de cette confirmation pour les fins de reference future. ______________________________________________________________________________ Member info: https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=02%7C01%7Cattila.szakacs%40oneidentity.com%7Cb9e9365d670d40a9c18708d7454447a9%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637054031891984178&sdata=GvPpjh9MTgR7P0IkzaZ2TsTUqJtlEhY3297a%2BKqBOJ8%3D&reserved=0 Documentation: https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=02%7C01%7Cattila.szakacs%40oneidentity.com%7Cb9e9365d670d40a9c18708d7454447a9%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637054031891984178&sdata=HpEVWyGFCPYW9vrhn72mlnijdWWaK%2FBCnX8vVwByx5g%3D&reserved=0 FAQ: https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=02%7C01%7Cattila.szakacs%40oneidentity.com%7Cb9e9365d670d40a9c18708d7454447a9%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637054031891984178&sdata=E%2BazoAReGvSIJkBlDMtKffc%2F5h%2FR%2F1hOQg32BJv4xGo%3D&reserved=0
participants (2)
-
Attila Szakacs (aszakacs)
-
Lin, Victor