Antwort: RE: [syslog-ng] Syslog-ng with stunnel
Stephen Tanner
stanner at leeclerk.org
Fri Jun 10 14:11:38 CEST 2005
Gentlemen,
I do believe that I have located my problem. It seems that the
PRNG is not producing enough random bytes before stunnel starts so it
never creates a stable tunnel and syslog-ng is unable to send outbound
messages. I appreciate all your help in tracking this down.
Stephen
2005.06.09 16:14:36 LOG5[1409:1]: stunnel 4.08 on hppa2.0w-hp-hpux11.11
PTHREAD+POLL+IPv4 with OpenSSL 0.9.7e 25 Oct 2004
2005.06.09 16:14:37 LOG4[1409:1]: PRNG may not have been seeded with
enough random bytes
2005.06.09 16:14:37 LOG5[1409:1]: 27 clients allowed
2005.06.09 16:14:37 LOG5[1410:2]: 5140 connected from 127.0.0.1:49153
2005.06.09 16:14:37 LOG3[1410:2]: SSL_connect: Peer suddenly
disconnected
2005.06.09 16:14:47 LOG5[1410:3]: 5140 connected from 127.0.0.1:49156
2005.06.09 16:14:47 LOG3[1410:3]: SSL_connect: Peer suddenly
disconnected
-----Original Message-----
From: syslog-ng-bounces at lists.balabit.hu
[mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Stew Redfield
Sent: Thursday, June 09, 2005 11:22 AM
To: Syslog-ng users' and developers' mailing list
Subject: RE: RE: Antwort: RE: [syslog-ng] Syslog-ng with stunnel
Since it starts cleanly from command line, run lsof against the pid and
see if anything else is may be needed (random number generator, pipes or
doors) that may be later in the boot stream.
Or start a local syslog prior to initiating the tunnel (to capture the
stunnel logs) just for error information.
HTH,
Stew
-----Original Message-----
From: syslog-ng-bounces at lists.balabit.hu
[mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Stephen Tanner
Sent: Thursday, June 09, 2005 11:14 AM
To: Syslog-ng users' and developers' mailing list
Subject: RE: RE: Antwort: RE: [syslog-ng] Syslog-ng with stunnel
>From everything that I can find, no it does not. It uses ssl to create
a secure tcp connection based on port. Nothing that I have found
indicates that it needs anything other than network connectivity and ssl
in order to function.
-----Original Message-----
From: syslog-ng-bounces at lists.balabit.hu
[mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Stew Redfield
Sent: Thursday, June 09, 2005 11:05 AM
To: Syslog-ng users' and developers' mailing list
Subject: RE: RE: Antwort: RE: [syslog-ng] Syslog-ng with stunnel
Does stunnel require a tty to function?
-----Original Message-----
From: syslog-ng-bounces at lists.balabit.hu
[mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of JF Suret
Sent: Thursday, June 09, 2005 11:00 AM
To: Syslog-ng users' and developers' mailing list
Subject: Re: RE: Antwort: RE: [syslog-ng] Syslog-ng with stunnel
Maybe you could use SSH instead ?
JF
> Message du 09/06/05 16:38
> De : "Stephen Tanner" <stanner at leeclerk.org>
> A : "Syslog-ng users' and developers' mailing list"
<syslog-ng at lists.balabit.hu>
> Copie à :
> Objet : RE: Antwort: RE: [syslog-ng] Syslog-ng with stunnel
>
> I understand what you guys are saying, but the programs are called
using
> the fully qualified path to them. Both start and are running, but
> syslog-ng seems unable to send logs through the tunnel to the loghost.
> I don't know of any environmental variables that would even have
> significance to either program.
>
> -----Original Message-----
> From: syslog-ng-bounces at lists.balabit.hu
> [mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Stew Redfield
> Sent: Thursday, June 09, 2005 10:32 AM
> To: Syslog-ng users' and developers' mailing list
> Subject: RE: Antwort: RE: [syslog-ng] Syslog-ng with stunnel
>
> Just like for cron called scripts, all environmental variables need to
> be either within the script itself or sourced by the script.
>
> cron and init scripts have no knowledge of the environmental settings
> that may be tied to your root (or any) shell.
>
> Also, it is best if you fully qualify program calls
(/usr/local/bin/nawk
> vs. nawk) within scripts if you don't set your path in environmental
> settings.
>
> Bottom line, for the teams I've managed: if you need it for cron to
> work, explicitly state it.
>
> Stew
>
>
> -----Original Message-----
> From: syslog-ng-bounces at lists.balabit.hu
> [mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Stephen
Tanner
> Sent: Thursday, June 09, 2005 9:51 AM
> To: Syslog-ng users' and developers' mailing list
> Subject: RE: Antwort: RE: [syslog-ng] Syslog-ng with stunnel
>
> Exactly what do you mean by environment being the same? The startup
> script works on this box if executed manually. The only thing that
> could possibly change would be what is actually running at the time rc
> starts stunnel and syslog-ng. I have place the startup script in rc2
> directly after inetd starts.
>
> -----Original Message-----
> From: syslog-ng-bounces at lists.balabit.hu
> [mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Hermann-Josef
> Beckers
> Sent: Thursday, June 09, 2005 9:47 AM
> To: Syslog-ng users' and developers' mailing list
> Subject: Antwort: RE: [syslog-ng] Syslog-ng with stunnel
>
> syslog-ng-bounces at lists.balabit.hu schrieb am 09.06.2005 15:32:38:
>
> > I have considered this. The only problem with this would be that I
> can
> > manually execute the script and everything starts up properly. It
> only
> > seems to barf when executed from rc on boot.
> >
> > --Stephen
>
> Did you check that the environment is exactly the same?
>
> Yours
> hjb
> _______________________________________________
> syslog-ng maillist - syslog-ng at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>
>
>
> _______________________________________________
> syslog-ng maillist - syslog-ng at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>
> _______________________________________________
> syslog-ng maillist - syslog-ng at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>
>
>
> _______________________________________________
> syslog-ng maillist - syslog-ng at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>
>
>
_______________________________________________
syslog-ng maillist - syslog-ng at lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
_______________________________________________
syslog-ng maillist - syslog-ng at lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
_______________________________________________
syslog-ng maillist - syslog-ng at lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
_______________________________________________
syslog-ng maillist - syslog-ng at lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
More information about the syslog-ng
mailing list