[syslog-ng] Syslog over TLS : Protocol is TCP and TLS
Girish Kumar
girish.kumar at al-enterprise.com
Tue Mar 8 17:54:19 CET 2016
Hi All,
Could you please update on the following
Regards,
Girish
From: syslog-ng-bounces at lists.balabit.hu [mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Girish Kumar
Sent: Tuesday, March 08, 2016 12:52 PM
To: Syslog-ng users' and developers' mailing list
Subject: Re: [syslog-ng] Syslog over TLS : Protocol is TCP and TLS
Thanks Bazi.
I would like to analyze little more on syslog-ng log files related to TLS. Could you please let me know how to enable debug logs in syslog-ng.
I have one more query on ssl option.
There is a TLS options in 3.7.2 , ssl-options() which is used for setting ssl option. Options are no-sslv2, no-sslv3, no-tlsv1, no-tlsv11, no-tlsv12 and by default option is no-sslv2. Hope my understanding is correct. I referred the following link
https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/tlsoptions.html
Could you please let me know how to set ssl-option in syslog-ng 3.6. I didn’t find similar option there. Currently my syslog-ng server is 3.6.2 and client is 3.7.2
Regards,
Girish
From: syslog-ng-bounces at lists.balabit.hu<mailto:syslog-ng-bounces at lists.balabit.hu> [mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Scheidler, Balázs
Sent: Monday, March 07, 2016 1:17 PM
To: Syslog-ng users' and developers' mailing list
Subject: Re: [syslog-ng] Syslog over TLS : Protocol is TCP and TLS
Well, if you open the payload of the initial packages (e.g. after the SYN-SYNACK-ACK handshake), you should see binary stuff instead of plain text log messages.
--
Bazsi
On Mon, Mar 7, 2016 at 7:07 AM, Girish Kumar <girish.kumar at al-enterprise.com<mailto:girish.kumar at al-enterprise.com>> wrote:
Hi All,
Finally I was able to setup syslog-ng client and server. Communicate over TLS. Thanks for all your help.
In wireshark capture I am seeing all protocol as TCP and not as TLS. Please let me know whether my communication has happened over TLS.
If yes how do I validate that. Can I enable additional logs in syslog-ng ?
My tls part of conf file
Client
--------
destination d_destination {
syslog("135.254.163.151" port(6514)
transport("tls")
tls( ca_dir("/etc/ca.d")
key_file("/etc/cert.d/myCliPrivate.key")
cert_file("/etc/cert.d/myCliCert.pem") )
);
};
Server
---------
source d_source {
syslog(ip("135.254.163.151") port(6514)
transport("tls")
tls( key_file("/etc/syslog-ng/cert.d/mySerPrivate.key")
cert_file("/etc/syslog-ng/cert.d/mySerCert.pem")
ca_dir("/etc/syslog-ng/ca.d"))
);
};
Regards,
Girish
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20160308/1b1f8922/attachment-0001.htm
More information about the syslog-ng
mailing list