Syslog-NG and STunnel
I'm currently trying out this setup: - logserver at home, connected via ADSL with a fixed IPv4 subnet - IP address: 192.168.0.1 - syslog-ng listening on 127.0.0.1:514 TCP - stunnel listening on 192.168.0.1:514 TCP and connecting to 127.0.0.1:514 TCP - logclient at a remote datacenter - IP address: 172.16.0.1 - syslog-ng delivering to 127.0.0.1:514 TCP - stunnel listening on 127.0.0.1:514 TCP and connecting to 192.168.0.1:514 TCP Here are the STunnel configs: --8<--[ stunnel.conf on logserver (excluding cert/key stuff) ]--8<-- [syslog-ng] client = no accept = 192.168.0.1:514 local = 127.0.0.1 connect = 127.0.0.1:514 --8<-- --8<--[ stunnel.conf on logclient (excluding cert/key stuff) ]--8<-- [syslog-ng] client = yes accept = 127.0.0.1:514 local = 172.16.0.1 connect = 192.168.0.1:514 --8<-- This works fine so far, logs are sent over the encrypted tunnel without problems. Except one situation: the STunnel or Syslog-NG itself on the logserver goes down. Then this happens on the logclient: --8<-- syslog-ng[30119]: EOF occurred while idle; fd='33' --8<-- There are *lots* of those messages, like 20 per second. Is it possible to prevent Syslog-NG of creating such messages? -- Wolfram Schlich
On Wed, 2006-06-21 at 01:47 +0200, Wolfram Schlich wrote:
I'm currently trying out this setup:
Here are the STunnel configs:
--8<--[ stunnel.conf on logserver (excluding cert/key stuff) ]--8<-- [syslog-ng] client = no accept = 192.168.0.1:514 local = 127.0.0.1 connect = 127.0.0.1:514 --8<--
--8<--[ stunnel.conf on logclient (excluding cert/key stuff) ]--8<-- [syslog-ng] client = yes accept = 127.0.0.1:514 local = 172.16.0.1 connect = 192.168.0.1:514 --8<--
This works fine so far, logs are sent over the encrypted tunnel without problems. Except one situation: the STunnel or Syslog-NG itself on the logserver goes down. Then this happens on the logclient: --8<-- syslog-ng[30119]: EOF occurred while idle; fd='33' --8<-- There are *lots* of those messages, like 20 per second. Is it possible to prevent Syslog-NG of creating such messages?
I've fixed this after 1.9.11 was released, look for something like this in the NEWS file: * In the case of a broken connection don't reconnect immediately, but wait some time specified by time_reopen() to match 1.6.x behaviour. -- Bazsi
* Balazs Scheidler <bazsi@balabit.hu> [2006-06-21 13:10]:
On Wed, 2006-06-21 at 01:47 +0200, Wolfram Schlich wrote:
[Syslog-NG + STunnel setup] This works fine so far, logs are sent over the encrypted tunnel without problems. Except one situation: the STunnel or Syslog-NG itself on the logserver goes down. Then this happens on the logclient: --8<-- syslog-ng[30119]: EOF occurred while idle; fd='33' --8<-- There are *lots* of those messages, like 20 per second. Is it possible to prevent Syslog-NG of creating such messages?
I've fixed this after 1.9.11 was released, look for something like this in the NEWS file:
* In the case of a broken connection don't reconnect immediately, but wait some time specified by time_reopen() to match 1.6.x behaviour.
Tried 2.0rc1+20060621 -- much better: --8<-- 2006-06-21 23:24:05 +02:00; alpha; syslog.err; syslog-ng[32329]: EOF occurred while idle; fd='5' 2006-06-21 23:24:05 +02:00; alpha; syslog.err; syslog-ng[32329]: Connection broken; time_reopen='10' --8<-- Thanks :-) -- Wolfram Schlich
* Wolfram Schlich <lists@wolfram.schlich.org> [2006-06-21 23:26]:
[...] Tried 2.0rc1+20060621 [...]
Btw, a Gentoo ebuild for that version can be retrieved from my overlay: http://overlays.gentoo.org/dev/wschlich Note that Portage 2.1 seems to be needed for a version number like that (_rcX_pY). -- Regards, Wolfram Schlich <wschlich@gentoo.org> Gentoo Linux * http://dev.gentoo.org/~wschlich/
participants (2)
-
Balazs Scheidler
-
Wolfram Schlich