[syslog-ng] rsyslog client produces "Error processing log message"
Andreas Heinlein
aheinlein at gmx.com
Tue Nov 6 11:34:16 CET 2012
Hello,
we have a centralised log server running syslog-ng 3.1 OSE on Debian
6.0. On the client side, we were using syslog-ng but now I'd like to use
rsyslog instead (for several reasons). Transport should be TLS-encrypted
TCP. I have set up a connection between the two, but apparently
syslog-ng fails to parse the log messages sent by rsyslog. Every log
line goes like this:
Nov 6 11:15:31 admin2-desktop syslog-ng[1578]: Error processing log
message: <13>Nov 6 11:15:31 admin2-desktop ah: Test4
Does anyone have an idea what to configure with either rsyslog or
syslog-ng so the two understand each other?
Relevant server side config:
source s_all { syslog(ip(172.16.x.x) port(6514) max_connections(50) tls(
key_file("/etc/ssl/private/xxx.pem")
cert_file("/etc/ssl/private/xxx.pem") ca_dir("/etc/ssl/certs")
peer_verify(optional-untrusted) ) ); };
Relevant client side config:
$DefaultNetstreamDriverCAFile /etc/ssl/certs/xxx.pem
$DefaultNetstreamDriver gtls # use gtls netstream driver
$ActionSendStreamDriverMode 1 # require TLS for the connection
$ActionSendStreamDriverAuthMode anon # server is NOT authenticated
*.* @@(o)mail:6514;RSYSLOG_TraditionalForwardFormat
# (o) seems to be neccessary or syslog-ng will not even accept the
connection; RSYSLOG_TraditionalForwardFormat apparently doesn't matter
Thanks,
Andreas
More information about the syslog-ng
mailing list