[syslog-ng] certificate errors result in excessive logging.
Balazs Scheidler
bazsi77 at gmail.com
Mon Oct 21 19:47:00 UTC 2024
hi,
I literally submitted a patch this morning to mute #3 from the list above.
https://github.com/axoflow/axosyslog/pull/352
As for the other two, you can filter these out from your internal() source
using regexps.
Bazsi
On Mon, Oct 21, 2024 at 9:30 PM Evan Rempel <erempel at uvic.ca> wrote:
> I am using tls configuration with a locally signed certificate. This mans
> that I have to configure a custom root CA on to all client systems for them
> to be able to establish the tls connection to my syslog server.
>
> When the clients are unable to verify the server certificate, the server
> logs three messages for every connection attempt
>
> syslog-ng[452597]: SSL error while reading stream;
> tls_error='error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown
> ca', location='/etc/syslog-ng/syslog-ng.server.conf:71:17'
> syslog-ng[452597]: Error reading RFC6587 style framed data; fd='21',
> error='Connection reset by peer (104)'
> syslog-ng[452597]: Syslog connection closed; fd='21',
> client='AF_INET(1.2.3.4:1234)', local='AF_INET(1.2.3.4:1234)'
>
> If there are 100's of clients, and they try to reconnect at a fast rate
> (every 5 seconds) this can result in a large volume of messages.
>
> Is there any way to configure the logging rate of these types of errors or
> get rid of it altogether.
>
> Anyone have any comments on this?
>
>
>
> --
> Evan
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
--
Bazsi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20241021/0d409c3b/attachment.htm>
More information about the syslog-ng
mailing list