[syslog-ng] syslog-ng using ssl

Hahusseau, Thomas thomas.hahusseau at eads.com
Mon Mar 23 09:58:28 CET 2009 

Hi,

Maybe you should try to launch syslog-ng with debug & verbose options to see
error. I had some seg fault with ssl and syslog-ng and it's now fixed thanks
to a patch posted on this mailing list.

Bye
Thomas

-----Message d'origine-----
De : syslog-ng-bounces at lists.balabit.hu
[mailto:syslog-ng-bounces at lists.balabit.hu] De la part de Luigi Augello
Envoyé : dimanche 22 mars 2009 17:53
À : Syslog-ng users' and developers' mailing list;
syslog-ng-bounces at lists.balabit.hu
Objet : [syslog-ng] syslog-ng using ssl

Hello
I try to use ssl ad I have the follow scenario:

One server (192.168.1.2) with this syslog.ng.conf

###########################################
@version:3.0


source s_sk{file("/var/log/messages");};
source s_ssl{
    tcp(ip("0.0.0.0") port (1999)
        tls(key_file("/root/Scaricati/certificati/privkey.pem")
        cert_file("/root/Scaricati/certificati/cacert.pem")));};

destination d_file{file("/var/log/syslog-ng.log");};

log{source(s_sk);destination(d_file);};
log{source(s_ssl);destination(d_file);};


One client (192.168.1.3) with this syslog.ng.conf
###################################################

@version:3.0


source s_sk{file("/var/log/messages");};
destination d_file{file("/var/log/syslog-ng.log");};

destination d_ssl{tcp("192.168.1.2" port (1999)
tls(ca_dir("/root/software/ca/")));};

log{source(s_sk);destination(d_file);};
log{source(s_sk);destination(d_ssl);};



I haven't a CA certificate and I use a self-signed certificate created
by these instructions

opennsl genrsa -out privkey.pem
opennsl  req -new -x509 -key  prixkey.pem  -out cacert.pem -days 1095

I follow step by step the instructions on "The syslog-ng Administrators
guide "
page 58 and so on  and I copied the cacert.pem  generated in the server
in the client and I use ln -s ....
When I try to start the server it starts. Though the client doesn't give
me any errors it doesn't start. I suppose the certificate  may crate
some problems.

tanks for help
Luigi






____________________________________________________________________________
__
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation:
http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html

More information about the syslog-ng mailing list