[syslog-ng] Syslog-ng 3.8

Tue May 10 12:30:32 CEST 2016

Hi,

First of all, as it was already stated here, and also on the Copr
website: 3.8 is still a development version. It works fine on my
server, passes the tests, still as it's a development version,
mysterious things can happen.

I tried to reproduce your problem, but I could not. I followed
instructions from
https://www.balabit.com/documents/syslog-ng-ose-3.7-guides/en/syslog-ng-tutorial-mutual-auth-tls/html-single/index.html
to generate self signed certificates and used the following config:

[root at localhost conf.d]# cat tls.conf
source demo_tls_source {
    network(ip(0.0.0.0) port(6514)
        transport("tls")
        tls( key_file("/etc/syslog-ng/cert.d/serverkey.pem")
             cert_file("/etc/syslog-ng/cert.d/servercert.pem")
             ca_dir("/etc/syslog-ng/ca.d")
             peer-verify(optional-untrusted))
    ); };

log { source(demo_tls_source); destination(d_mesg); };

First I tested the configuration by starting syslog-ng from the
command line: syslog-ng -Fvd, and it worked fine. Next I started it
with "systemctl start syslog-ng" and that worked as well.

In both cases I tested using:

[root at localhost conf.d]# loggen -U -i -S 127.0.0.1 6514
average rate = 1030.54 msg/sec, count=10315, time=10.009, (average)
msg size=256, bandwidth=257.49 kB/sec

Note: all my test machines have SELinux and iptables disabled. Check
/var/log/audit/audit.log for SELinux related messages, and your
firewall config if it blocks port 6514. If needed, change your
configurations.

Bye,
Peter Czanik (CzP) <peter.czanik at balabit.com>
Balabit / syslog-ng upstream
http://czanik.blogs.balabit.com/
https://twitter.com/PCzanik

On Tue, May 10, 2016 at 11:03 AM, Czanik, Péter
<peter.czanik at balabit.com> wrote:
> Oh, that's my repository. TLS worked fine for me earlier. I'll try to
> reproduce the problem later this week.
>
> Bye,
> Peter Czanik (CzP) <peter.czanik at balabit.com>
> Balabit / syslog-ng upstream
> http://czanik.blogs.balabit.com/
> https://twitter.com/PCzanik
>
>
> On Mon, May 9, 2016 at 5:43 PM, Ivan Adji - Krstev
> <akivanradix at gmail.com> wrote:
>> I'm using this one:
>> https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng38/
>> To be more specific
>> https://copr.fedorainfracloud.org/coprs/czanik/syslog-ng38/repo/epel-7/czanik-syslog-ng38-epel-7.repo
>>
>> And im truing to use it with TLS, self signed certificate
>>
>> Kind regards
>> Ivan
>>
>> On 05/09/2016 04:37 PM, Scot Needy wrote:
>>
>> What repo are you using ?
>>
>>
>> On May 9, 2016, at 5:02 AM, Ivan Adji - Krstev <akivanradix at gmail.com>
>> wrote:
>>
>> Guys,
>> Any news on this ? I relay need this syslog up and running.
>>
>> Kind regards
>>
>>
>> On 05/06/2016 02:35 PM, Tibor Benke wrote:
>>
>> If you get the mentioned errors right after the upgrade, maybe the install
>> scripts are not able to stop syslog-ng -> the upgraded syslog-ng isn't able
>> to start. Could you check the install scripts, please?
>>
>> 2016-05-06 14:28 GMT+02:00 Ivan Adji - Krstev <akivanradix at gmail.com>:
>>>
>>> Here it is
>>>
>>> [root at syslogserver syslog-ng]# lsof | grep LISTEN
>>> sshd        854          root    3u     IPv4              15103       0t0
>>> TCP *:ssh (LISTEN)
>>> sshd        854          root    4u     IPv6              15105       0t0
>>> TCP *:ssh (LISTEN)
>>> mongod     1325        mongod    6u     IPv4              15950       0t0
>>> TCP localhost:27017 (LISTEN)
>>> mongod     1325  1346  mongod    6u     IPv4              15950       0t0
>>> TCP localhost:27017 (LISTEN)
>>> mongod     1325  1922  mongod    6u     IPv4              15950       0t0
>>> TCP localhost:27017 (LISTEN)
>>> mongod     1325  1923  mongod    6u     IPv4              15950       0t0
>>> TCP localhost:27017 (LISTEN)
>>> mongod     1325  1924  mongod    6u     IPv4              15950       0t0
>>> TCP localhost:27017 (LISTEN)
>>> mongod     1325  2010  mongod    6u     IPv4              15950       0t0
>>> TCP localhost:27017 (LISTEN)
>>> mongod     1325  2011  mongod    6u     IPv4              15950       0t0
>>> TCP localhost:27017 (LISTEN)
>>> mongod     1325  2012  mongod    6u     IPv4              15950       0t0
>>> TCP localhost:27017 (LISTEN)
>>> mongod     1325  2013  mongod    6u     IPv4              15950       0t0
>>> TCP localhost:27017 (LISTEN)
>>> mongod     1325  2165  mongod    6u     IPv4              15950       0t0
>>> TCP localhost:27017 (LISTEN)
>>> mongod     1325  2167  mongod    6u     IPv4              15950       0t0
>>> TCP localhost:27017 (LISTEN)
>>> mongod     1325  2168  mongod    6u     IPv4              15950       0t0
>>> TCP localhost:27017 (LISTEN)
>>> mongod     1325  2169  mongod    6u     IPv4              15950       0t0
>>> TCP localhost:27017 (LISTEN)
>>> mongod     1325  2170  mongod    6u     IPv4              15950       0t0
>>> TCP localhost:27017 (LISTEN)
>>> mongod     1325  2171  mongod    6u     IPv4              15950       0t0
>>> TCP localhost:27017 (LISTEN)
>>> mongod     1325  2172  mongod    6u     IPv4              15950       0t0
>>> TCP localhost:27017 (LISTEN)
>>> mongod     1325 27857  mongod    6u     IPv4              15950       0t0
>>> TCP localhost:27017 (LISTEN)
>>> mongod     1325 27874  mongod    6u     IPv4              15950       0t0
>>> TCP localhost:27017 (LISTEN)
>>> mongod     1325 27876  mongod    6u     IPv4              15950       0t0
>>> TCP localhost:27017 (LISTEN)
>>> mongod     1325 28175  mongod    6u     IPv4              15950       0t0
>>> TCP localhost:27017 (LISTEN)
>>> master     1577          root   13u     IPv4              16582       0t0
>>> TCP localhost:smtp (LISTEN)
>>> master     1577          root   14u     IPv6              16583       0t0
>>> TCP localhost:smtp (LISTEN)
>>> syslog-ng 28172          root   21u     IPv4            3116883       0t0
>>> TCP *:syslog-tls (LISTEN)
>>> syslog-ng 28172 28173    root   21u     IPv4            3116883       0t0
>>> TCP *:syslog-tls (LISTEN)
>>>
>>>
>>> [root at syslogserver syslog-ng]# netstat -antp | grep 6514
>>> tcp        0      0 0.0.0.0:6514            0.0.0.0:*               LISTEN
>>> 28172/syslog-ng
>>> [root at syslogserver syslog-ng]#
>>>
>>> Kind regards
>>> Ivan
>>>
>>>
>>>
>>> On 05/06/2016 02:25 PM, Tibor Benke wrote:
>>>
>>> Hi Ivan,
>>>
>>> Could you check what program listens on 0.0.0.0:6514? Thanks! (I suppose
>>> it's a syslog-ng which failed to stop from some unknown reason.)
>>>
>>> Tibor
>>>
>>> 2016-05-06 14:18 GMT+02:00 Ivan Adji - Krstev <akivanradix at gmail.com>:
>>>>
>>>> I have to say ... defenetly we have a problem with this version. I have
>>>> install minimal CentOS 7 (CentOS Linux release 7.2.1511 (Core) ) and
>>>> Syslog-NG 3.8 and again i have the problem when i update from 3.7 to 3.8.
>>>>
>>>> [2016-05-06T08:14:35.480042] Error binding socket;
>>>> addr='AF_INET(0.0.0.0:6514)', error='Address already in use (98)'
>>>> [2016-05-06T08:14:35.480091] Error initializing message pipeline;
>>>>
>>>> If you have any suggestions about this problem pleas do it as im on the
>>>> way to go back on 3.7
>>>>
>>>> Kind regards
>>>> Ivan
>>>>
>>>> On 04/26/2016 02:40 AM, Scot Needy wrote:
>>>>
>>>> No issues on CentOS 7.1
>>>>
>>>> On Apr 25, 2016, at 1:11 PM, Scheidler, Balázs
>>>> <balazs.scheidler at balabit.com> wrote:
>>>>
>>>> Hi,
>>>>
>>>> 3.8 is not yet considered stable, although we do everything to keep it
>>>> that way. It is where we integrate new stuff, both features and bugfixes. I
>>>> would stick to 3.7 in a production environment, even though your feedback of
>>>> 3.8 is very valuable and appreciated, so it becomes really stable when we
>>>> get to the release button.
>>>>
>>>> Anyway, I don't think your "address is already in use" is a 3.8 related
>>>> issue, it is most probably systemd/initscript related.
>>>>
>>>>
>>>> --
>>>> Bazsi
>>>>
>>>> On Mon, Apr 25, 2016 at 2:18 PM, Ivan Adji - Krstev
>>>> <akivanradix at gmail.com> wrote:
>>>>>
>>>>> Hi all,
>>>>> I have open a issue about the error i got when i update the Syslog-NG to
>>>>> 3.8 for "syslog-ng Address already in use (98)". I'm still working on
>>>>> the issue, but i would like to know if this newest version 3.8 is
>>>>> stabled as im building new environment and im asking myself do i use
>>>>> this 3.8 version or 3.7 ?
>>>>>
>>>>> Thanks
>>>>> Ivan
>>>>>
>>>>> ______________________________________________________________________________
>>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>>> Documentation:
>>>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>>
>>>>
>>>>
>>>> ______________________________________________________________________________
>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>> Documentation:
>>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> ______________________________________________________________________________
>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>> Documentation:
>>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>
>>>>
>>>>
>>>>
>>>> ______________________________________________________________________________
>>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>>> Documentation:
>>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>>
>>>>
>>>
>>>
>>>
>>>
>>> ______________________________________________________________________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Documentation:
>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>
>>>
>>>
>>>
>>> ______________________________________________________________________________
>>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>>> Documentation:
>>> http://www.balabit.com/support/documentation/?product=syslog-ng
>>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>>
>>>
>>
>>
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation:
>> http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation:
>> http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
>>
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation:
>> http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
>>
>> ______________________________________________________________________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation:
>> http://www.balabit.com/support/documentation/?product=syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>