[syslog-ng] Syslog over TLS : Protocol is TCP and TLS

Girish Kumar girish.kumar at al-enterprise.com
Tue Mar 8 17:54:19 CET 2016 

Hi All,
Could you please update on the following
Regards,
Girish

From: syslog-ng-bounces at lists.balabit.hu [mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Girish Kumar
Sent: Tuesday, March 08, 2016 12:52 PM
To: Syslog-ng users' and developers' mailing list
Subject: Re: [syslog-ng] Syslog over TLS : Protocol is TCP and TLS

Thanks Bazi.

I would like to analyze little more on syslog-ng log files related to TLS. Could you please let me know how to enable debug logs in syslog-ng.

I have one more query on ssl option.
There is a  TLS options in 3.7.2 ,  ssl-options()  which is used for setting ssl option.  Options are no-sslv2, no-sslv3, no-tlsv1, no-tlsv11, no-tlsv12 and by default option is no-sslv2. Hope my understanding is correct. I referred the following link
https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/tlsoptions.html

Could you please let me know how to set ssl-option in syslog-ng 3.6. I didn’t find similar option there.  Currently my syslog-ng server is 3.6.2 and client is 3.7.2

Regards,
Girish


From: syslog-ng-bounces at lists.balabit.hu<mailto:syslog-ng-bounces at lists.balabit.hu> [mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Scheidler, Balázs
Sent: Monday, March 07, 2016 1:17 PM
To: Syslog-ng users' and developers' mailing list
Subject: Re: [syslog-ng] Syslog over TLS : Protocol is TCP and TLS

Well, if you open the payload of the initial packages (e.g. after the SYN-SYNACK-ACK handshake), you should see binary stuff instead of plain text log messages.

--
Bazsi

On Mon, Mar 7, 2016 at 7:07 AM, Girish Kumar <girish.kumar at al-enterprise.com<mailto:girish.kumar at al-enterprise.com>> wrote:
Hi  All,
Finally I was able to setup syslog-ng client and server. Communicate over TLS. Thanks for all your help.
In wireshark capture  I am seeing all protocol as TCP and not as TLS.  Please let me know whether my communication has happened over TLS.
If yes how do I validate that. Can I  enable additional logs  in  syslog-ng ?


My tls part of conf file

Client
--------
destination d_destination {
    syslog("135.254.163.151" port(6514)
                        transport("tls")
        tls( ca_dir("/etc/ca.d")
         key_file("/etc/cert.d/myCliPrivate.key")
         cert_file("/etc/cert.d/myCliCert.pem") )
    );
};


Server
---------
source d_source {
          syslog(ip("135.254.163.151") port(6514)
                    transport("tls")
             tls( key_file("/etc/syslog-ng/cert.d/mySerPrivate.key")
             cert_file("/etc/syslog-ng/cert.d/mySerCert.pem")
             ca_dir("/etc/syslog-ng/ca.d"))
    );
};


Regards,
Girish

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20160308/1b1f8922/attachment-0001.htm

More information about the syslog-ng mailing list