[syslog-ng] Syslog over TLS : Protocol is TCP and TLS

Scheidler, Balázs balazs.scheidler at balabit.com
Tue Mar 8 22:15:01 CET 2016 

On Mar 8, 2016 07:22, "Girish Kumar" <girish.kumar at al-enterprise.com> wrote:
>
> Thanks Bazi.
>
>
>
> I would like to analyze little more on syslog-ng log files related to
TLS. Could you please let me know how to enable debug logs in syslog-ng.
>
>
>
> I have one more query on ssl option.
>
> There is a  TLS options in 3.7.2 ,  ssl-options()  which is used for
setting ssl option.  Options are no-sslv2, no-sslv3, no-tlsv1, no-tlsv11,
no-tlsv12 and by default option is no-sslv2. Hope my understanding is
correct. I referred the following link
>
>
https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/tlsoptions.html
>
>
>
> Could you please let me know how to set ssl-option in syslog-ng 3.6. I
didn’t find similar option there.  Currently my syslog-ng server is 3.6.2
and client is 3.7.2
>

In syslog-ng 3.6 nosslv2 was hardwired and couldn't be configured.

>
>
> Regards,
>
> Girish
>
>
>
>
>
> From: syslog-ng-bounces at lists.balabit.hu [mailto:
syslog-ng-bounces at lists.balabit.hu] On Behalf Of Scheidler, Balázs
> Sent: Monday, March 07, 2016 1:17 PM
> To: Syslog-ng users' and developers' mailing list
> Subject: Re: [syslog-ng] Syslog over TLS : Protocol is TCP and TLS
>
>
>
> Well, if you open the payload of the initial packages (e.g. after the
SYN-SYNACK-ACK handshake), you should see binary stuff instead of plain
text log messages.
>
>
> --
> Bazsi
>
>
>
> On Mon, Mar 7, 2016 at 7:07 AM, Girish Kumar <
girish.kumar at al-enterprise.com> wrote:
>
> Hi  All,
>
> Finally I was able to setup syslog-ng client and server. Communicate over
TLS. Thanks for all your help.
>
> In wireshark capture  I am seeing all protocol as TCP and not as TLS.
Please let me know whether my communication has happened over TLS.
>
> If yes how do I validate that. Can I  enable additional logs  in
 syslog-ng ?
>
>
>
>
>
> My tls part of conf file
>
>
>
> Client
>
> --------
>
> destination d_destination {
>
>     syslog("135.254.163.151" port(6514)
>
>                         transport("tls")
>
>         tls( ca_dir("/etc/ca.d")
>
>          key_file("/etc/cert.d/myCliPrivate.key")
>
>          cert_file("/etc/cert.d/myCliCert.pem") )
>
>     );
>
> };
>
>
>
>
>
> Server
>
> ---------
>
> source d_source {
>
>           syslog(ip("135.254.163.151") port(6514)
>
>                     transport("tls")
>
>              tls( key_file("/etc/syslog-ng/cert.d/mySerPrivate.key")
>
>              cert_file("/etc/syslog-ng/cert.d/mySerCert.pem")
>
>              ca_dir("/etc/syslog-ng/ca.d"))
>
>     );
>
> };
>
>
>
>
>
> Regards,
>
> Girish
>
>
>
______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
>
>
______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20160308/d28239f8/attachment.htm

More information about the syslog-ng mailing list