[syslog-ng] Docker syslog-ng TLS issue

Wed Mar 17 20:28:50 UTC 2021

Wow that did the trick. Thanks Kokan!

On Wed, Mar 17, 2021 at 1:13 PM Peter Kokai (pkokai) <
Peter.Kokai at oneidentity.com> wrote:

> Hello,
>
> Strange behaviour. But this is due to permission issue. Fix the permission
> of the certs and it should work.
>
> --
> kokan
>
> ________________________________________
> From: syslog-ng <syslog-ng-bounces at lists.balabit.hu> on behalf of Steven
> La <steven.la at datastax.com>
> Sent: 17 March 2021 21:05
> To: syslog-ng at lists.balabit.hu
> Subject: [syslog-ng] Docker syslog-ng TLS issue
>
> CAUTION: This email originated from outside of the organization. Do not
> follow guidance, click links, or open attachments unless you recognize the
> sender and know the content is safe.
>
> I created a CA cert following the instructions here:
>
> https://urldefense.proofpoint.com/v2/url?u=https-3A__support.oneidentity.com_fr-2Dfr_technical-2Ddocuments_syslog-2Dng-2Dopen-2Dsource-2Dedition_3.22_mutual-2Dauthentication-2Dusing-2Dtls&d=DwIGaQ&c=adz96Xi0w1RHqtPMowiL2g&r=lGZyUVBNUg4qZembwSzde7cgoOzLrxdYqgshn8CzW3I&m=qxVOm32OYBL_xgoaR4oJFGYNOOp3oUGMn5w2lY0cEZc&s=g5jhnNG_v7CDrZXzFk2aPLD4QwqoDzbCvHcTOVaNp1I&e=
> <
> https://urldefense.proofpoint.com/v2/url?u=https-3A__nam12.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fsupport.oneidentity.com-252Ffr-2Dfr-252Ftechnical-2Ddocuments-252Fsyslog-2Dng-2Dopen-2Dsource-2Dedition-252F3.22-252Fmutual-2Dauthentication-2Dusing-2Dtls-26data-3D04-257C01-257Cpeter.kokai-2540oneidentity.com-257C45e47ddcea3c4a02cafa08d8e9800e5d-257C91c369b51c9e439c989c1867ec606603-257C0-257C1-257C637516083526340795-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C1000-26sdata-3D9aMTUEqPJJCzb8pYuXcy9ILAFAEs4Re5lB9iPKXWguM-253D-26reserved-3D0&d=DwIGaQ&c=adz96Xi0w1RHqtPMowiL2g&r=lGZyUVBNUg4qZembwSzde7cgoOzLrxdYqgshn8CzW3I&m=qxVOm32OYBL_xgoaR4oJFGYNOOp3oUGMn5w2lY0cEZc&s=bdt2-lA5WmMqVwRi1v1pg6K-THb1quJ2DK83TPzOi-4&e=
> >
>
> And the serverkey.pem is not encrypted, but syslog-ng is asking for a
> password when it starts up for the serverkey.pem. Any help would be
> appreciate
>
>
> Head of the server.key
> -----BEGIN PRIVATE KEY-----
> MIIEvAI....
>
> syslog error:
> [2021-03-17T19:56:03.552322] Error setting up TLS session context;
> tls_error='system library:fopen:Permission denied',
> location='/etc/syslog-ng/syslog-ng.conf:21:2'
> [2021-03-17T19:56:03.552355] Error setting up TLS context;
> keyfile='/etc/ssl/certs/cert.d/serverkey.pem'
> [2021-03-17T19:56:03.552407] Waiting for password;
> keyfile='/etc/ssl/certs/cert.d/serverkey.pem'
>
>
> syslog-ng config:
> @version: 3.29
> @include "scl.conf"
>
> source s_local {
> internal();
> };
>
> source s_network {
> default-network-drivers(
> # NOTE: TLS support
> #
> # the default-network-drivers() source driver opens the TLS
> # enabled ports as well, however without an actual key/cert
> # pair they will not operate and syslog-ng would display a
> # warning at startup.
> #
> tls(key-file("/etc/ssl/certs/cert.d/serverkey.pem")
> cert-file("/etc/ssl/certs/cert.d/servercert.pem")
> ca_dir("/etc/ssl/certs/ca.d"))
>                 peer_verify(optional-untrusted)
> );
> };
>
> destination d_local {
> file("/var/log/messages");
> file("/var/log/messages-kv.log" template("$ISODATE $HOST $(format-welf
> --scope all-nv-pairs)\n") frac-digits(3));
> };
>
> log {
> source(s_local);
> source(s_network);
> destination(d_local);
> };
>
> docker run command:
> sudo docker run -d --privileged -it -v
> "/data/syslog-ng/config/syslog-ng.conf:/etc/syslog-ng/syslog-ng.conf" -v
> "/data/syslog-ng/logs:/var/log" -v "/data/syslog-ng/certs:/etc/ssl/certs"
> -p 514:514/udp -p 601:601 -p 6514:6514 --name syslog-ng2
> balabit/syslog-ng:latest -edv
>
> Thanks,
> Steven
> --
>
> Steven La
>
> 408-503-0289
>
> steven.la at datastax.com<mailto:Steven.La at datastax.com>  |  datastax.com<
> https://urldefense.proofpoint.com/v2/url?u=https-3A__nam12.safelinks.protection.outlook.com_-3Furl-3Dhttp-253A-252F-252Fdatastax.com-252F-26data-3D04-257C01-257Cpeter.kokai-2540oneidentity.com-257C45e47ddcea3c4a02cafa08d8e9800e5d-257C91c369b51c9e439c989c1867ec606603-257C0-257C1-257C637516083526350793-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C1000-26sdata-3D7ehIPJytFEFpe1iA-252F9XfVIX8VcmRBagO2BC16LHMsH4-253D-26reserved-3D0&d=DwIGaQ&c=adz96Xi0w1RHqtPMowiL2g&r=lGZyUVBNUg4qZembwSzde7cgoOzLrxdYqgshn8CzW3I&m=qxVOm32OYBL_xgoaR4oJFGYNOOp3oUGMn5w2lY0cEZc&s=WzkauGW3KGh2LBCDAtXrmyJZ5yI-v640SAEcHhwCO6o&e=
> >
>
> ______________________________________________________________________________
> Member info:
> https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.balabit.hu_mailman_listinfo_syslog-2Dng&d=DwIGaQ&c=adz96Xi0w1RHqtPMowiL2g&r=lGZyUVBNUg4qZembwSzde7cgoOzLrxdYqgshn8CzW3I&m=qxVOm32OYBL_xgoaR4oJFGYNOOp3oUGMn5w2lY0cEZc&s=0PguRxd6M1XXqwVuClH-EuzswJ-qOsGnaNX-z3voieM&e=
> Documentation:
> https://urldefense.proofpoint.com/v2/url?u=http-3A__www.balabit.com_support_documentation_-3Fproduct-3Dsyslog-2Dng&d=DwIGaQ&c=adz96Xi0w1RHqtPMowiL2g&r=lGZyUVBNUg4qZembwSzde7cgoOzLrxdYqgshn8CzW3I&m=qxVOm32OYBL_xgoaR4oJFGYNOOp3oUGMn5w2lY0cEZc&s=czdDcIgd1E4lO6IVrabY9cU6k_IpCujybkT4R_aEqoE&e=
> FAQ:
> https://urldefense.proofpoint.com/v2/url?u=http-3A__www.balabit.com_wiki_syslog-2Dng-2Dfaq&d=DwIGaQ&c=adz96Xi0w1RHqtPMowiL2g&r=lGZyUVBNUg4qZembwSzde7cgoOzLrxdYqgshn8CzW3I&m=qxVOm32OYBL_xgoaR4oJFGYNOOp3oUGMn5w2lY0cEZc&s=CfuAJED9sil3YJnKAH7yf-BFrqu_WrzmGTvJK0xHx2M&e=
>
>

-- 

Steven La

408-503-0289

steven.la at datastax.com <Steven.La at datastax.com>  |  datastax.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20210317/c74998dd/attachment-0001.html>