[syslog-ng] compression during tls

Scheidler, Balázs balazs.scheidler at balabit.com
Wed Aug 17 11:57:18 CEST 2016


well, since this is done transparently by openssl, the only hint you'd have
is to look at the algorithm negotiation parts using wireshark and check
whether the compression algorithm is negotiated.


-- 
Bazsi

On Mon, Aug 15, 2016 at 6:34 PM, <thejaguar at tutanota.de> wrote:

> Thats fine if its a copy paste mistake and compression is enabled by
> default. Yes both sides are on tls. No I dont want to disable, rather
> wanted to make sure network transfers do get compressed.  Except tcpdump ,
> any other method to confirm ?
> Thanks for the response.
>
> Jagshah.
>
> 14. Aug 2016 22:54 by balazs.scheidler at balabit.com:
>
>
> Hmm, I dont know that option, maybe the premium edition team added that
> and it trickled into the open source documentation. Iirc by default
> syslog-ng made sure compression happens within tls as long as the other
> party supports it.
>
> Or you want to disable it?
> On Aug 12, 2016 20:15, <thejaguar at tutanota.de> wrote:
>
>> Hi all,
>>
>> According to this https://www.balabit.com/documents/syslog-ng-ose-
>> latest-guides/en/syslog-ng-ose-guide-admin/html/tlsoptions.html
>>
>> Allow-compression() should be a working option under tls.
>>
>> I did google on this a lot and found no config snippet which shows
>> allow-compress() to be working and to my surprise when I tried to include
>> it in my config I get syntax error ______________________________
>> _____________________
>>
>>
>>
>> 2016-08-11T15:27:19.538347] Registering candidate plugin;
>> module='afsocket', context='source', name='systemd-syslog', preference='100'
>>
>> [2016-08-11T15:27:19.539190] Using /dev/log Unix socket with systemd is
>> not possible. Changing to systemd-syslog source, which supports socket
>> activation.; Error parsing afsocket, syntax error, unexpected
>> LL_IDENTIFIER, expecting ')' in /etc/syslog-ng/syslog-ng.conf at line 27,
>> column 124:
>>
>>
>>
>> destination d_net_tls { network( "syslog1.xxxxxxxxx.com" port(6514)
>> transport("tls") tls( ca-dir("/etc/syslog-ng/ca") allow-compress(yes)
>> peer-verify(required-trusted) ssl-options(no-sslv3,no-tlsv1) )
>>
>>
>>
>>
>>                                    ^^^^^^^^^^^^^^
>> ___________________________________________________
>>
>> I am using 3.8.0 on  ubuntu 15.10.
>>
>> Is this even really supported as claimed in here https://www.balabit.com/
>> network-security/syslog-ng/comparing/detailed
>>
>>
>>
>> # /usr/sbin/syslog-ng -V
>>
>> syslog-ng 3.8.0beta2
>>
>> Installer-Version: 3.8.0beta2
>>
>> Revision: 3.8.0beta2-1
>>
>> Module-Directory: /usr/lib/syslog-ng/3.8
>>
>> Module-Path: /usr/lib/syslog-ng/3.8
>>
>> Available-Modules: affile,basicfuncs,system-
>> source,cryptofuncs,pseudofile,afuser,csvparser,linux-kmsg-
>> format,confgen,sdjournal,syslogformat,afprog,dbparser,afsocket
>>
>> Enable-Debug: off
>>
>> Enable-GProf: off
>>
>> Enable-Memtrace: off
>>
>> Enable-IPv6: on
>>
>> Enable-Spoof-Source: on
>>
>> Enable-TCP-Wrapper: on
>>
>> Enable-Linux-Caps: off
>>
>>
>>
>>
>>
>>
>> ____________________________________________________________
>> __________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation: http://www.balabit.com/support/documentation/?
>> product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20160817/3bf61590/attachment-0001.htm 


More information about the syslog-ng mailing list