Hello some days ago I sent this message ello I try to use ssl ad I have the follow scenario: but just now i not solved. Anyone may help me Tanks Luigi One server (192.168.1.2) with this syslog.ng.conf ########################################### @version:3.0 source s_sk{file("/var/log/messages");}; source s_ssl{ tcp(ip("0.0.0.0") port (1999) tls(key_file("/root/Scaricati/certificati/privkey.pem") cert_file("/root/Scaricati/certificati/cacert.pem")));}; destination d_file{file("/var/log/syslog-ng.log");}; log{source(s_sk);destination(d_file);}; log{source(s_ssl);destination(d_file);}; One client (192.168.1.3) with this syslog.ng.conf ################################################### @version:3.0 source s_sk{file("/var/log/messages");}; destination d_file{file("/var/log/syslog-ng.log");}; destination d_ssl{tcp("192.168.1.2" port (1999) tls(ca_dir("/root/software/ca/")));}; log{source(s_sk);destination(d_file);}; log{source(s_sk);destination(d_ssl);}; I haven't a CA certificate and I use a self-signed certificate created by these instructions opennsl genrsa -out privkey.pem opennsl req -new -x509 -key prixkey.pem -out cacert.pem -days 1095 I follow step by step the instructions on "The syslog-ng Administrators guide " page 58 and so on and I copied the cacert.pem generated in the server in the client and I use ln -s .... When I try to start the server it starts. Though the client doesn't give me any errors it doesn't start. I suppose the certificate may crate some problems. tanks for help Luigi
On Wed, 2009-03-25 at 11:17 +0100, Luigi Augello wrote:
Hello some days ago I sent this message ello I try to use ssl ad I have the follow scenario: but just now i not solved. Anyone may help me
Tanks Luigi
One server (192.168.1.2) with this syslog.ng.conf
########################################### @version:3.0
source s_sk{file("/var/log/messages");}; source s_ssl{ tcp(ip("0.0.0.0") port (1999) tls(key_file("/root/Scaricati/certificati/privkey.pem") cert_file("/root/Scaricati/certificati/cacert.pem")));};
destination d_file{file("/var/log/syslog-ng.log");};
log{source(s_sk);destination(d_file);}; log{source(s_ssl);destination(d_file);};
One client (192.168.1.3) with this syslog.ng.conf ###################################################
@version:3.0
source s_sk{file("/var/log/messages");}; destination d_file{file("/var/log/syslog-ng.log");};
destination d_ssl{tcp("192.168.1.2" port (1999) tls(ca_dir("/root/software/ca/")));};
log{source(s_sk);destination(d_file);}; log{source(s_sk);destination(d_ssl);};
I haven't a CA certificate and I use a self-signed certificate created by these instructions
opennsl genrsa -out privkey.pem opennsl req -new -x509 -key prixkey.pem -out cacert.pem -days 1095
I follow step by step the instructions on "The syslog-ng Administrators guide " page 58 and so on and I copied the cacert.pem generated in the server in the client and I use ln -s .... When I try to start the server it starts. Though the client doesn't give me any errors it doesn't start. I suppose the certificate may crate some problems.
hmm, and can you give us more information, like the error message that syslog-ng prints when the handshake fails? -- Bazsi
I not receive any error, I compiled with debug support, and the unique message that i receive on the log speak about a segfault luigi Balazs Scheidler ha scritto:
On Wed, 2009-03-25 at 11:17 +0100, Luigi Augello wrote:
Hello some days ago I sent this message ello I try to use ssl ad I have the follow scenario: but just now i not solved. Anyone may help me
Tanks Luigi
One server (192.168.1.2) with this syslog.ng.conf
########################################### @version:3.0
source s_sk{file("/var/log/messages");}; source s_ssl{ tcp(ip("0.0.0.0") port (1999) tls(key_file("/root/Scaricati/certificati/privkey.pem") cert_file("/root/Scaricati/certificati/cacert.pem")));};
destination d_file{file("/var/log/syslog-ng.log");};
log{source(s_sk);destination(d_file);}; log{source(s_ssl);destination(d_file);};
One client (192.168.1.3) with this syslog.ng.conf ###################################################
@version:3.0
source s_sk{file("/var/log/messages");}; destination d_file{file("/var/log/syslog-ng.log");};
destination d_ssl{tcp("192.168.1.2" port (1999) tls(ca_dir("/root/software/ca/")));};
log{source(s_sk);destination(d_file);}; log{source(s_sk);destination(d_ssl);};
I haven't a CA certificate and I use a self-signed certificate created by these instructions
opennsl genrsa -out privkey.pem opennsl req -new -x509 -key prixkey.pem -out cacert.pem -days 1095
I follow step by step the instructions on "The syslog-ng Administrators guide " page 58 and so on and I copied the cacert.pem generated in the server in the client and I use ln -s .... When I try to start the server it starts. Though the client doesn't give me any errors it doesn't start. I suppose the certificate may crate some problems.
hmm, and can you give us more information, like the error message that syslog-ng prints when the handshake fails?
On Wed, 2009-03-25 at 12:08 +0100, Luigi Augello wrote:
I not receive any error, I compiled with debug support, and the unique message that i receive on the log speak about a segfault luigi
As others already mentioned, there was a related bug in 3.0.1, but has already been fixed in git. So, please grab a nightly snapshot or get the syslog-ng sources from the git repo at git.balabit.hu. -- Bazsi
participants (2)
-
Balazs Scheidler
-
Luigi Augello