?? Connection broken to AF_INET(127.0.0.1:514), reopening in 60 seconds
I don't know what is the trouble with my remote syslog-ng/stunnel setup since I turned off packet filtering. Any guidance would be greatly appreciated. Here is error message in log: Jul 26 11:06:47 seberino3 syslog-ng[3245]: Connection broken to AF_INET(127.0.0.1:514), reopening in 60 seconds Here is my syslog-ng.conf: options {long_hostnames(no); keep_hostname(yes); chain_hostnames(no);}; source client_sources {unix-stream("/dev/log"); pipe("/proc/kmsg"); internal();}; destination local_dest {file("/var/log/messages");}; destination remote_dest {tcp("127.0.0.1" port(514));}; log {source(client_sources); destination(local_dest);}; log {source(client_sources); destination(remote_dest);}; Chris
On Mon, Jul 26, 2004 at 11:11:19AM -0700, seberino@spawar.navy.mil wrote:
I don't know what is the trouble with my remote syslog-ng/stunnel setup since I turned off packet filtering. Any guidance would be greatly appreciated.
Here is error message in log:
Jul 26 11:06:47 seberino3 syslog-ng[3245]: Connection broken to AF_INET(127.0.0.1:514), reopening in 60 seconds
Do you know that the stunnel connection is up? Make sure it's running first, it's probably not a syslog-ng problem. -- Nate A complex system that works is invariably found to have evolved from a simple system that worked. -John Gall
Nate Thanks for help. Yes stunnel is up. You are right... it is not clear if problem is with stunnel or syslog-ng. Here is my stunnel.conf.. [laptop root /root] # more /etc/stunnel/stunnel.conf client = yes cert = /etc/stunnel/syslog-ng-client.pem CAfile = /etc/stunnel/syslog-ng-server.pem verify = 3 chroot = /usr/local/chrootjails/stunnel setuid = nobody setgid = nobody [5140] accept = 127.0.0.1:514 connect = 198.253.71.174:5140 On Mon, Jul 26, 2004 at 11:14:08AM -0700, Nate Campi wrote:
On Mon, Jul 26, 2004 at 11:11:19AM -0700, seberino@spawar.navy.mil wrote:
I don't know what is the trouble with my remote syslog-ng/stunnel setup since I turned off packet filtering. Any guidance would be greatly appreciated.
Here is error message in log:
Jul 26 11:06:47 seberino3 syslog-ng[3245]: Connection broken to AF_INET(127.0.0.1:514), reopening in 60 seconds
Do you know that the stunnel connection is up? Make sure it's running first, it's probably not a syslog-ng problem. -- Nate
A complex system that works is invariably found to have evolved from a simple system that worked. -John Gall
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
-- _______________________________________ Christian Seberino, Ph.D. SPAWAR Systems Center San Diego Code 2872 49258 Mills Street, Room 158 San Diego, CA 92152-5385 U.S.A. Phone: (619) 553-9973 Fax : (619) 553-6521 Email: seberino@spawar.navy.mil _______________________________________
I'd telnet to the local port where syslog-ng is trying to connect (the listenening stunnel socket) and type some junk. If you can establish a connection and send text that's accepted by the remote end, then it would seem stunnel works. On Mon, Jul 26, 2004 at 12:09:12PM -0700, seberino@spawar.navy.mil wrote:
Nate
Thanks for help. Yes stunnel is up. You are right... it is not clear if problem is with stunnel or syslog-ng.
Here is my stunnel.conf..
[laptop root /root] # more /etc/stunnel/stunnel.conf client = yes cert = /etc/stunnel/syslog-ng-client.pem CAfile = /etc/stunnel/syslog-ng-server.pem verify = 3 chroot = /usr/local/chrootjails/stunnel setuid = nobody setgid = nobody
[5140] accept = 127.0.0.1:514 connect = 198.253.71.174:5140
On Mon, Jul 26, 2004 at 11:14:08AM -0700, Nate Campi wrote:
On Mon, Jul 26, 2004 at 11:11:19AM -0700, seberino@spawar.navy.mil wrote:
I don't know what is the trouble with my remote syslog-ng/stunnel setup since I turned off packet filtering. Any guidance would be greatly appreciated.
Here is error message in log:
Jul 26 11:06:47 seberino3 syslog-ng[3245]: Connection broken to AF_INET(127.0.0.1:514), reopening in 60 seconds
Do you know that the stunnel connection is up? Make sure it's running first, it's probably not a syslog-ng problem. -- Nate
A complex system that works is invariably found to have evolved from a simple system that worked. -John Gall
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
-- _______________________________________
Christian Seberino, Ph.D. SPAWAR Systems Center San Diego Code 2872 49258 Mills Street, Room 158 San Diego, CA 92152-5385 U.S.A.
Phone: (619) 553-9973 Fax : (619) 553-6521 Email: seberino@spawar.navy.mil _______________________________________
-- Nate I've seen things you people wouldn't believe. Attack ships on fire off the shoulder of Orion. I watched C-beams glitter in the dark near the Tannhauser gate. All those moments will be lost in time, like tears in rain. Time to die. -- Roy Batty, Blade Runner
On Mon, 2004-07-26 at 21:09, seberino@spawar.navy.mil wrote:
Nate
Thanks for help. Yes stunnel is up. You are right... it is not clear if problem is with stunnel or syslog-ng.
Here is my stunnel.conf..
[laptop root /root] # more /etc/stunnel/stunnel.conf client = yes cert = /etc/stunnel/syslog-ng-client.pem CAfile = /etc/stunnel/syslog-ng-server.pem verify = 3 chroot = /usr/local/chrootjails/stunnel setuid = nobody setgid = nobody
[5140] accept = 127.0.0.1:514 connect = 198.253.71.174:5140
Hi Christian, are you sure that stunnel can listen on the privileged port 514 when running chroot'ed ? I don't remember if stunnel opens the port first and drops it's rights after that... Enable loggin of stunnel or try to open the tunnel on a high port e.g. udp/1514 and set the destination in syslog-ng to localhost:1514 Jens --- Citysavingsbank Munich Dep. of Network and Security Munich, Germany
participants (3)
-
Jens Grigel
-
Nate Campi
-
seberino@spawar.navy.mil