[syslog-ng] certificate errors result in excessive logging.
Evan Rempel
erempel at uvic.ca
Mon Oct 21 19:29:50 UTC 2024
I am using tls configuration with a locally signed certificate. This mans that I have to configure a custom root CA on to all client systems for them to be able to establish the tls connection to my syslog server.
When the clients are unable to verify the server certificate, the server logs three messages for every connection attempt
syslog-ng[452597]: SSL error while reading stream; tls_error='error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca', location='/etc/syslog-ng/syslog-ng.server.conf:71:17'
syslog-ng[452597]: Error reading RFC6587 style framed data; fd='21', error='Connection reset by peer (104)'
syslog-ng[452597]: Syslog connection closed; fd='21', client='AF_INET(1.2.3.4:1234)', local='AF_INET(1.2.3.4:1234)'
If there are 100's of clients, and they try to reconnect at a fast rate (every 5 seconds) this can result in a large volume of messages.
Is there any way to configure the logging rate of these types of errors or get rid of it altogether.
Anyone have any comments on this?
--
Evan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20241021/71c06b62/attachment.htm>
More information about the syslog-ng
mailing list