[syslog-ng] TLS problem

Carlo Balbo carlo.balbo at gmail.com
Wed Oct 14 11:53:29 CEST 2009 

Hi All,

I have a problem from source tls... no logs are writing, no errors in logs
file of syslog-ng .
I hope that you have some ideas... :-)

Follow the scenario :

Server -----------------------------
syslog-ng log file :
2009-10-14T11:43:54+02:00 s_local at zpvm0306-1515 syslog-ng[14171]: Syslog
connection accepted; fd='25', client='AF_INET(10.1.1.57:10865)',
local='AF_INET(10.1.1.55:1999)'
2009-10-14T11:44:05+02:00 s_local at zpvm0306-1515 syslog-ng[14171]: Reaping
unused destination files;
template='/var/log/HOSTS/$HOST/encrypt-$PROGRAM-$YEAR-$MONTH.log'
2009-10-14T11:44:05+02:00 s_local at zpvm0306-1515 syslog-ng[14171]: Reaping
unused destination files;
template='/var/log/HOSTS/$HOST/$R_YEAR-$R_MONTH-$PROGRAM.log'

syslog-ng.conf :

source s_tcp_tls {
        tcp(
                ip(10.1.1.55) port(1999)
                tls(
                        key_file("/opt/syslog-ng/etc/key.d/syslog-ng.key")
                        cert_file("/opt/syslog-ng/etc/cert.d/syslo-ng.cert")
                        peer_verify(optional-untrusted)
                )
        );
};

destination zlog {
        file("/var/log/HOSTS/$HOST/$R_YEAR-$R_MONTH-$PROGRAM.log"

template("$ISODATE\t[<$FACILITY.$PRIORITY>]\t$HOST\t$PROGRAM\t$MSGHDR
$MSG\n")
        template_escape(no)
        );
};

log {
        source(s_tcp_tls);
        destination(zlog);
};
--------------------------------------

Client ----------------------------
source s_local { unix-stream("/dev/log"); internal(); };

destination tls_syslog_destination {
  tcp("10.1.1.55" port(1999)
    tls(
      ca_dir("/opt/syslog-ng/etc/cert.d")
    )
  );
};

log {
  source(s_local);
  destination(tls_syslog_destination);
};

Oct 14 11:46:02 zpvm0306-1630 syslog-ng[30713]: Syslog connection
established; fd='16', server='AF_INET(10.1.1.55:1999)', local='AF_INET(
0.0.0.0:0)'
Oct 14 11:46:02 zpvm0306-1630 syslog-ng[30713]: Syslog connection broken;
fd='16', server='AF_INET(10.1.1.55:1999)', time_reopen='60'
Oct 14 11:46:02 zpvm0306-1630 syslog-ng[30713]: Closing log transport fd;
fd='16'

-------------------------------------

syslog-ng.key and syslog-ng.cert from syslog-ng.pem

-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCmf/eIUSTa6jyPiqOfWnofHmVkYRHx+QG9Obml1g3oX6YQEecl
UwpFtpaZQHNGbZoCiM3TNr8/rj92yT/i1X4HAuqVrnZ9ra4GD2SQ4/C06Xe5d2+L
AlurTwVN9+4Zu73LpvCsfhJZgcros9A10Iq25TvYLu9pBchBLjnY1d2kewIDAQAB
AoGAdCQhc8o+biIkenBX8Gl5dEmMqnd3wBVVHDyu/joRW32U5fLHDOce7EAQTviB
MKh1XL027dVrlK0kgeSiFsWbcYKJdSLsY7J5osEPFAu9ZjaaXtE1hbQpAlZswLvE
n12x6jbZSlVGBTfb6TsLWcgJ5QY2BAcntGZjz3ryffoE/BECQQDSIXBWX3OVuR6i
+aFphzy5Hc+IUCsaPYQcSntnLLHa+W3W75sWMLTEjFZGXWQwtj8Ixk+4Ce650yLw
B5CbnAYzAkEAythYir5ttKEPkixbGSrBntndJW8oNjXN6pR6ofklhGrV52oh7Y+A
UW23lrvAyfAArArDiAcsxV+lYDRwQ5pQmQJADxAql2Z8SK1ejtxKP+Bb8AE9EU59
6IGkaMrGEd1YWpQq1Y+TlIGlU7mjraOgPQWzexOMP2sm29dQ19gS+7SxlQJAJwuD
55kGNvm1rJZbJroDMReQqO7/l4e9zkSsYlc58IY8DGJyi27O7V2oNByJ3JUVHAiq
YJm49XkWtTEC1xByKQJBAKRiGABOrJwaOLOgMXreTykY7aX2uho+0gtOKewXoj42
3SwNLyW9rM0IK5lBKOyYyYZ6jn3bN9bYHE4jIjxiMfU=
-----END RSA PRIVATE KEY-----

-----BEGIN CERTIFICATE-----
MIIDpzCCAxCgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBmjELMAkGA1UEBhMCSVQx
DjAMBgNVBAgTBU1pbGFuMQ4wDAYDVQQHEwVNaWxhbjEUMBIGA1UEChMLWmVyb3Bp
dSBTcEExHTAbBgNVBAsMFFJlc2VhcmNoJkRldmVsb3BtZW50MRMwEQYDVQQDEwp6
ZXJvcGl1Lml0MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QHplcm9waXUuaXQwHhcN
MDkxMDExMTA1NTQwWhcNMTAxMDExMTA1NTQwWjCBmjELMAkGA1UEBhMCSVQxDjAM
BgNVBAgTBU1pbGFuMQ4wDAYDVQQHEwVNaWxhbjEUMBIGA1UEChMLWmVyb3BpdSBT
cEExHTAbBgNVBAsMFFJlc2VhcmNoJkRldmVsb3BtZW50MRMwEQYDVQQDEwp6ZXJv
cGl1Lml0MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QHplcm9waXUuaXQwgZ8wDQYJ
KoZIhvcNAQEBBQADgY0AMIGJAoGBAKZ/94hRJNrqPI+Ko59aeh8eZWRhEfH5Ab05
uaXWDehfphAR5yVTCkW2lplAc0ZtmgKIzdM2vz+uP3bJP+LVfgcC6pWudn2trgYP
ZJDj8LTpd7l3b4sCW6tPBU337hm7vcum8Kx+ElmByuiz0DXQirblO9gu72kFyEEu
OdjV3aR7AgMBAAGjgfowgfcwHQYDVR0OBBYEFGxV+r7bTgQw7qQFq+NOM2ZKswh/
MIHHBgNVHSMEgb8wgbyAFGxV+r7bTgQw7qQFq+NOM2ZKswh/oYGgpIGdMIGaMQsw
CQYDVQQGEwJJVDEOMAwGA1UECBMFTWlsYW4xDjAMBgNVBAcTBU1pbGFuMRQwEgYD
VQQKEwtaZXJvcGl1IFNwQTEdMBsGA1UECwwUUmVzZWFyY2gmRGV2ZWxvcG1lbnQx
EzARBgNVBAMTCnplcm9waXUuaXQxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRAemVy
b3BpdS5pdIIBADAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAEND4ifb
Ntd7JJKVa6FDNS5ouLdfQq5sk+uwI9OyDuD2SUdfMuhpF2PZQFxSlI2esOcTwHro
tx9FBiNeZkFElPZ82vPjgchGjcgIFfUYHwWH+8lfVXEsmOub0r9xBPZNZ5/mzEXQ
7mpgGYO3aSCzqOPpz0OFBF5cBrpYSzwenaYl
-----END CERTIFICATE-----



-- 
/*
Carlo
http://oblab.com
*/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20091014/d79ee8e7/attachment.htm

More information about the syslog-ng mailing list