compression during tls
Hi all, According to this https://www.balabit.com/documents/syslog-ng-ose-latest-guides/en/syslog-ng-o... Allow-compression() should be a working option under tls. I did google on this a lot and found no config snippetwhich shows allow-compress() to be working and to my surprise when I tried toinclude it in my config I get syntax error ___________________________________________________ 2016-08-11T15:27:19.538347] Registering candidate plugin;module='afsocket', context='source', name='systemd-syslog', preference='100' [2016-08-11T15:27:19.539190] Using /dev/log Unix socketwith systemd is not possible. Changing to systemd-syslog source, which supportssocket activation.; Error parsing afsocket, syntax error, unexpectedLL_IDENTIFIER, expecting ')' in /etc/syslog-ng/syslog-ng.conf at line 27,column 124: destination d_net_tls { network("syslog1.xxxxxxxxx.com" port(6514) transport("tls") tls(ca-dir("/etc/syslog-ng/ca") allow-compress(yes)peer-verify(required-trusted) ssl-options(no-sslv3,no-tlsv1) ) ^^^^^^^^^^^^^^ ___________________________________________________ I am using 3.8.0 on ubuntu 15.10. Is this even really supported as claimed in here https://www.balabit.com/network-security/syslog-ng/comparing/detailed # /usr/sbin/syslog-ng -V syslog-ng 3.8.0beta2 Installer-Version: 3.8.0beta2 Revision: 3.8.0beta2-1 Module-Directory: /usr/lib/syslog-ng/3.8 Module-Path: /usr/lib/syslog-ng/3.8 Available-Modules:affile,basicfuncs,system-source,cryptofuncs,pseudofile,afuser,csvparser,linux-kmsg-format,confgen,sdjournal,syslogformat,afprog,dbparser,afsocket Enable-Debug: off Enable-GProf: off Enable-Memtrace: off Enable-IPv6: on Enable-Spoof-Source: on Enable-TCP-Wrapper: on Enable-Linux-Caps: off
Hmm, I dont know that option, maybe the premium edition team added that and it trickled into the open source documentation. Iirc by default syslog-ng made sure compression happens within tls as long as the other party supports it. Or you want to disable it? On Aug 12, 2016 20:15, <thejaguar@tutanota.de> wrote:
Hi all,
According to this https://www.balabit.com/documents/syslog-ng-ose- latest-guides/en/syslog-ng-ose-guide-admin/html/tlsoptions.html
Allow-compression() should be a working option under tls.
I did google on this a lot and found no config snippet which shows allow-compress() to be working and to my surprise when I tried to include it in my config I get syntax error ______________________________ _____________________
2016-08-11T15:27:19.538347] Registering candidate plugin; module='afsocket', context='source', name='systemd-syslog', preference='100'
[2016-08-11T15:27:19.539190] Using /dev/log Unix socket with systemd is not possible. Changing to systemd-syslog source, which supports socket activation.; Error parsing afsocket, syntax error, unexpected LL_IDENTIFIER, expecting ')' in /etc/syslog-ng/syslog-ng.conf at line 27, column 124:
destination d_net_tls { network( "syslog1.xxxxxxxxx.com" port(6514) transport("tls") tls( ca-dir("/etc/syslog-ng/ca") allow-compress(yes) peer-verify(required-trusted) ssl-options(no-sslv3,no-tlsv1) )
^^^^^^^^^^^^^^ ___________________________________________________
I am using 3.8.0 on ubuntu 15.10.
Is this even really supported as claimed in here https://www.balabit.com/ network-security/syslog-ng/comparing/detailed
# /usr/sbin/syslog-ng -V
syslog-ng 3.8.0beta2
Installer-Version: 3.8.0beta2
Revision: 3.8.0beta2-1
Module-Directory: /usr/lib/syslog-ng/3.8
Module-Path: /usr/lib/syslog-ng/3.8
Available-Modules: affile,basicfuncs,system-source,cryptofuncs,pseudofile, afuser,csvparser,linux-kmsg-format,confgen,sdjournal, syslogformat,afprog,dbparser,afsocket
Enable-Debug: off
Enable-GProf: off
Enable-Memtrace: off
Enable-IPv6: on
Enable-Spoof-Source: on
Enable-TCP-Wrapper: on
Enable-Linux-Caps: off
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Thats fine if its a copy paste mistake and compression is enabled by default. Yes both sides are on tls. No I dont want to disable, rather wanted to make sure network transfers do get compressed. Except tcpdump , any other method to confirm ? Thanks for the response. Jagshah. 14. Aug 2016 22:54 by balazs.scheidler@balabit.com:
Hmm, I dont know that option, maybe the premium edition team added that and it trickled into the open source documentation. Iirc by default syslog-ng made sure compression happens within tls as long as the other party supports it.
Or you want to disable it? On Aug 12, 2016 20:15, <> thejaguar@tutanota.de> > wrote:
Hi all,
According to this >> https://www.balabit.com/documents/syslog-ng-ose-latest-guides/en/syslog-ng-o...
Allow-compression() should be a working option under tls.
I did google on this a lot and found no config snippetwhich shows allow-compress() to be working and to my surprise when I tried toinclude it in my config I get syntax error ___________________________________________________
2016-08-11T15:27:19.538347] Registering candidate plugin;module='afsocket', context='source', name='systemd-syslog', preference='100'
[2016-08-11T15:27:19.539190] Using /dev/log Unix socketwith systemd is not possible. Changing to systemd-syslog source, which supportssocket activation.; Error parsing afsocket, syntax error, unexpectedLL_IDENTIFIER, expecting ')' in /etc/syslog-ng/syslog-ng.conf at line 27,column 124:
destination d_net_tls { network(">> syslog1.xxxxxxxxx.com>> " port(6514) transport("tls") tls(ca-dir("/etc/syslog-ng/ca") allow-compress(yes)peer-verify(required-trusted) ssl-options(no-sslv3,no-tlsv1) )
^^^^^^^^^^^^^^ ___________________________________________________
I am using 3.8.0 on ubuntu 15.10.
Is this even really supported as claimed in here >> https://www.balabit.com/network-security/syslog-ng/comparing/detailed
# /usr/sbin/syslog-ng -V
syslog-ng 3.8.0beta2
Installer-Version: 3.8.0beta2
Revision: 3.8.0beta2-1
Module-Directory: /usr/lib/syslog-ng/3.8
Module-Path: /usr/lib/syslog-ng/3.8
Available-Modules:affile,basicfuncs,system-source,cryptofuncs,pseudofile,afuser,csvparser,linux-kmsg-format,confgen,sdjournal,syslogformat,afprog,dbparser,afsocket
Enable-Debug: off
Enable-GProf: off
Enable-Memtrace: off
Enable-IPv6: on
Enable-Spoof-Source: on
Enable-TCP-Wrapper: on
Enable-Linux-Caps: off
______________________________________________________________________________ Member info: >> https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: >> http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: >> http://www.balabit.com/wiki/syslog-ng-faq
well, since this is done transparently by openssl, the only hint you'd have is to look at the algorithm negotiation parts using wireshark and check whether the compression algorithm is negotiated. -- Bazsi On Mon, Aug 15, 2016 at 6:34 PM, <thejaguar@tutanota.de> wrote:
Thats fine if its a copy paste mistake and compression is enabled by default. Yes both sides are on tls. No I dont want to disable, rather wanted to make sure network transfers do get compressed. Except tcpdump , any other method to confirm ? Thanks for the response.
Jagshah.
14. Aug 2016 22:54 by balazs.scheidler@balabit.com:
Hmm, I dont know that option, maybe the premium edition team added that and it trickled into the open source documentation. Iirc by default syslog-ng made sure compression happens within tls as long as the other party supports it.
Or you want to disable it? On Aug 12, 2016 20:15, <thejaguar@tutanota.de> wrote:
Hi all,
According to this https://www.balabit.com/documents/syslog-ng-ose- latest-guides/en/syslog-ng-ose-guide-admin/html/tlsoptions.html
Allow-compression() should be a working option under tls.
I did google on this a lot and found no config snippet which shows allow-compress() to be working and to my surprise when I tried to include it in my config I get syntax error ______________________________ _____________________
2016-08-11T15:27:19.538347] Registering candidate plugin; module='afsocket', context='source', name='systemd-syslog', preference='100'
[2016-08-11T15:27:19.539190] Using /dev/log Unix socket with systemd is not possible. Changing to systemd-syslog source, which supports socket activation.; Error parsing afsocket, syntax error, unexpected LL_IDENTIFIER, expecting ')' in /etc/syslog-ng/syslog-ng.conf at line 27, column 124:
destination d_net_tls { network( "syslog1.xxxxxxxxx.com" port(6514) transport("tls") tls( ca-dir("/etc/syslog-ng/ca") allow-compress(yes) peer-verify(required-trusted) ssl-options(no-sslv3,no-tlsv1) )
^^^^^^^^^^^^^^ ___________________________________________________
I am using 3.8.0 on ubuntu 15.10.
Is this even really supported as claimed in here https://www.balabit.com/ network-security/syslog-ng/comparing/detailed
# /usr/sbin/syslog-ng -V
syslog-ng 3.8.0beta2
Installer-Version: 3.8.0beta2
Revision: 3.8.0beta2-1
Module-Directory: /usr/lib/syslog-ng/3.8
Module-Path: /usr/lib/syslog-ng/3.8
Available-Modules: affile,basicfuncs,system- source,cryptofuncs,pseudofile,afuser,csvparser,linux-kmsg- format,confgen,sdjournal,syslogformat,afprog,dbparser,afsocket
Enable-Debug: off
Enable-GProf: off
Enable-Memtrace: off
Enable-IPv6: on
Enable-Spoof-Source: on
Enable-TCP-Wrapper: on
Enable-Linux-Caps: off
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
participants (2)
-
Scheidler, Balázs
-
thejaguar@tutanota.de