Forwarding syslog-ng logs over TLS
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
This is the scenario: I have a server that's listening on port 6514 on TCP
for logs. I created the .key .crt files on the server as described here: https://www.logzilla.net/2014/10/17/configuring-tls-tunnels-in-syslog-ng.html:
[root@server1 ~]$ openssl genrsa -des3 -out logserver.key 2048
Generating RSA private key, 2048 bit long modulus
.................................................+++
.+++
e is 65537 (0x10001)
Enter pass phrase for logserver.key:
Verifying - Enter pass phrase for logserver.key:
[root@server1 ~]$ openssl req -new -key logserver.key -out logserver.csr
Enter pass phrase for logserver.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a
DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:
State or Province Name (full name) :
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) :
Common Name (eg, your name or your server's hostname) :
Email Address :
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password :
An optional company name :
[root@server1 ~]$ cp logserver.key logserver.key.org
[root@server1 ~]$ openssl rsa -in logserver.key.org -out logserver.key
Enter pass phrase for logserver.key.org:
writing RSA key
[root@server1 ~]$ openssl x509 -req -days 365 -in logserver.csr -signkey
logserver.key -out logserver.crt
Signature ok
subject=/C=XX/L=Default City/O=Default Company Ltd
Getting Private key
and placed the settings in a created file named tls.conf in the /etc/syslog-ng/conf.d
I followed the next instructions. Connect to the Client and mkdir -p /etc/syslog-ng/ssl. Download/Upload the /etc/syslog-ng/ssl/logserver.crt (which was created earlier on the Server) to the Client system and put the file in /etc/syslog-ng/ssl on the Client.
Find the hash for your key by running openssl x509 -noout -hash -in /etc/syslog-ng/ssl/logserver.crt
Next, create a symbolic link to the certificate that uses the hash returned by the previous command, with an added .0 suffix.
ln -s /etc/syslog-ng/ssl/logserver.crt /etc/syslog-ng/ssl/84d92a45.0
As soon as I add the client-to-server.conf under /etc/syslog-ng/conf.d/client-to-server.conf
that has the following
@version:3.14
@define allow-config-dups 1
@include "scl.conf"
destination d_tls
tcp("192.168.1.7" port(6514)
tls( ca_dir("/etc/syslog-ng/ssl/")) );
;
log
source(s_sys);
destination(d_tls);
;
the syslog-ng service won't start on the client.
systemctl restart syslog-ng.service
Job for syslog-ng.service failed because the control process exited with
error code. See "systemctl status syslog-ng.service" and "journalctl -xe"
for details.
[root@localhost conf.d]# systemctl status syslog-ng.service -l
â syslog-ng.service - System Logger Daemon
Loaded: loaded (/usr/lib/systemd/system/syslog-ng.service; enabled; vendor preset: enabled)
Active: failed (Result: start-limit) since Thu 2018-06-07 22:50:30 EEST; 7min ago
Docs: man:syslog-ng(8)
Process: 18196 ExecStart=/usr/sbin/syslog-ng -F $SYSLOGNG_OPTS -p /var/run/syslogd.pid (code=exited, status=2)
Main PID: 18196 (code=exited, status=2)
Status: "Starting up... (Thu Jun 7 22:50:30 2018"
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service: main process exited, code=exited, status=2/INVALIDARGUMENT
Jun 07 22:50:30 localhost.localdomain systemd[1]: Failed to start System Logger Daemon.
Jun 07 22:50:30 localhost.localdomain systemd[1]: Unit syslog-ng.service entered failed state.
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service failed.
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service holdoff time over, scheduling restart.
Jun 07 22:50:30 localhost.localdomain systemd[1]: start request repeated too quickly for syslog-ng.service
Jun 07 22:50:30 localhost.localdomain systemd[1]: Failed to start System Logger Daemon.
Jun 07 22:50:30 localhost.localdomain systemd[1]: Unit syslog-ng.service entered failed state.
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service failed.
[root@localhost conf.d]# journalctl -xe
-- Subject: Unit syslog-ng.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit syslog-ng.service has begun starting up.
Jun 07 22:50:30 localhost.localdomain syslog-ng[18190]: [2018-06-07T22:50:30.022361] Error setting up TLS session context; tls_error='(null):(null):(null)'
Jun 07 22:50:30 localhost.localdomain syslog-ng[18190]: [2018-06-07T22:50:30.022410] Error initializing message pipeline; plugin name='tcp', location='/etc/syslog-ng/conf.d/client-to-server.conf:5:7'
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service: main process exited, code=exited, status=2/INVALIDARGUMENT
Jun 07 22:50:30 localhost.localdomain systemd[1]: Failed to start System Logger Daemon.
-- Subject: Unit syslog-ng.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit syslog-ng.service has failed.
--
-- The result is failed.
Jun 07 22:50:30 localhost.localdomain systemd[1]: Unit syslog-ng.service entered failed state.
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service failed.
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service holdoff time over, scheduling restart.
Jun 07 22:50:30 localhost.localdomain systemd[1]: Starting System Logger Daemon...
-- Subject: Unit syslog-ng.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit syslog-ng.service has begun starting up.
Jun 07 22:50:30 localhost.localdomain syslog-ng[18193]: [2018-06-07T22:50:30.281966] Error setting up TLS session context; tls_error='(null):(null):(null)'
Jun 07 22:50:30 localhost.localdomain syslog-ng[18193]: [2018-06-07T22:50:30.282017] Error initializing message pipeline; plugin name='tcp', location='/etc/syslog-ng/conf.d/client-to-server.conf:5:7'
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service: main process exited, code=exited, status=2/INVALIDARGUMENT
Jun 07 22:50:30 localhost.localdomain systemd[1]: Failed to start System Logger Daemon.
-- Subject: Unit syslog-ng.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit syslog-ng.service has failed.
--
-- The result is failed.
Jun 07 22:50:30 localhost.localdomain systemd[1]: Unit syslog-ng.service entered failed state.
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service failed.
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service holdoff time over, scheduling restart.
Jun 07 22:50:30 localhost.localdomain systemd[1]: Starting System Logger Daemon...
-- Subject: Unit syslog-ng.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit syslog-ng.service has begun starting up.
Jun 07 22:50:30 localhost.localdomain syslog-ng[18196]: [2018-06-07T22:50:30.522580] Error setting up TLS session context; tls_error='(null):(null):(null)'
Jun 07 22:50:30 localhost.localdomain syslog-ng[18196]: [2018-06-07T22:50:30.522870] Error initializing message pipeline; plugin name='tcp', location='/etc/syslog-ng/conf.d/client-to-server.conf:5:7'
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service: main process exited, code=exited, status=2/INVALIDARGUMENT
Jun 07 22:50:30 localhost.localdomain systemd[1]: Failed to start System Logger Daemon.
-- Subject: Unit syslog-ng.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit syslog-ng.service has failed.
--
-- The result is failed.
Jun 07 22:50:30 localhost.localdomain systemd[1]: Unit syslog-ng.service entered failed state.
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service failed.
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service holdoff time over, scheduling restart.
Jun 07 22:50:30 localhost.localdomain systemd[1]: start request repeated too quickly for syslog-ng.service
Jun 07 22:50:30 localhost.localdomain systemd[1]: Failed to start System Logger Daemon.
-- Subject: Unit syslog-ng.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit syslog-ng.service has failed.
--
-- The result is failed.
Jun 07 22:50:30 localhost.localdomain systemd[1]: Unit syslog-ng.service entered failed state.
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service failed.
What am I doing wrong?
ssl syslog-ng
 |Â
show 3 more comments
up vote
0
down vote
favorite
This is the scenario: I have a server that's listening on port 6514 on TCP
for logs. I created the .key .crt files on the server as described here: https://www.logzilla.net/2014/10/17/configuring-tls-tunnels-in-syslog-ng.html:
[root@server1 ~]$ openssl genrsa -des3 -out logserver.key 2048
Generating RSA private key, 2048 bit long modulus
.................................................+++
.+++
e is 65537 (0x10001)
Enter pass phrase for logserver.key:
Verifying - Enter pass phrase for logserver.key:
[root@server1 ~]$ openssl req -new -key logserver.key -out logserver.csr
Enter pass phrase for logserver.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a
DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:
State or Province Name (full name) :
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) :
Common Name (eg, your name or your server's hostname) :
Email Address :
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password :
An optional company name :
[root@server1 ~]$ cp logserver.key logserver.key.org
[root@server1 ~]$ openssl rsa -in logserver.key.org -out logserver.key
Enter pass phrase for logserver.key.org:
writing RSA key
[root@server1 ~]$ openssl x509 -req -days 365 -in logserver.csr -signkey
logserver.key -out logserver.crt
Signature ok
subject=/C=XX/L=Default City/O=Default Company Ltd
Getting Private key
and placed the settings in a created file named tls.conf in the /etc/syslog-ng/conf.d
I followed the next instructions. Connect to the Client and mkdir -p /etc/syslog-ng/ssl. Download/Upload the /etc/syslog-ng/ssl/logserver.crt (which was created earlier on the Server) to the Client system and put the file in /etc/syslog-ng/ssl on the Client.
Find the hash for your key by running openssl x509 -noout -hash -in /etc/syslog-ng/ssl/logserver.crt
Next, create a symbolic link to the certificate that uses the hash returned by the previous command, with an added .0 suffix.
ln -s /etc/syslog-ng/ssl/logserver.crt /etc/syslog-ng/ssl/84d92a45.0
As soon as I add the client-to-server.conf under /etc/syslog-ng/conf.d/client-to-server.conf
that has the following
@version:3.14
@define allow-config-dups 1
@include "scl.conf"
destination d_tls
tcp("192.168.1.7" port(6514)
tls( ca_dir("/etc/syslog-ng/ssl/")) );
;
log
source(s_sys);
destination(d_tls);
;
the syslog-ng service won't start on the client.
systemctl restart syslog-ng.service
Job for syslog-ng.service failed because the control process exited with
error code. See "systemctl status syslog-ng.service" and "journalctl -xe"
for details.
[root@localhost conf.d]# systemctl status syslog-ng.service -l
â syslog-ng.service - System Logger Daemon
Loaded: loaded (/usr/lib/systemd/system/syslog-ng.service; enabled; vendor preset: enabled)
Active: failed (Result: start-limit) since Thu 2018-06-07 22:50:30 EEST; 7min ago
Docs: man:syslog-ng(8)
Process: 18196 ExecStart=/usr/sbin/syslog-ng -F $SYSLOGNG_OPTS -p /var/run/syslogd.pid (code=exited, status=2)
Main PID: 18196 (code=exited, status=2)
Status: "Starting up... (Thu Jun 7 22:50:30 2018"
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service: main process exited, code=exited, status=2/INVALIDARGUMENT
Jun 07 22:50:30 localhost.localdomain systemd[1]: Failed to start System Logger Daemon.
Jun 07 22:50:30 localhost.localdomain systemd[1]: Unit syslog-ng.service entered failed state.
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service failed.
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service holdoff time over, scheduling restart.
Jun 07 22:50:30 localhost.localdomain systemd[1]: start request repeated too quickly for syslog-ng.service
Jun 07 22:50:30 localhost.localdomain systemd[1]: Failed to start System Logger Daemon.
Jun 07 22:50:30 localhost.localdomain systemd[1]: Unit syslog-ng.service entered failed state.
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service failed.
[root@localhost conf.d]# journalctl -xe
-- Subject: Unit syslog-ng.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit syslog-ng.service has begun starting up.
Jun 07 22:50:30 localhost.localdomain syslog-ng[18190]: [2018-06-07T22:50:30.022361] Error setting up TLS session context; tls_error='(null):(null):(null)'
Jun 07 22:50:30 localhost.localdomain syslog-ng[18190]: [2018-06-07T22:50:30.022410] Error initializing message pipeline; plugin name='tcp', location='/etc/syslog-ng/conf.d/client-to-server.conf:5:7'
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service: main process exited, code=exited, status=2/INVALIDARGUMENT
Jun 07 22:50:30 localhost.localdomain systemd[1]: Failed to start System Logger Daemon.
-- Subject: Unit syslog-ng.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit syslog-ng.service has failed.
--
-- The result is failed.
Jun 07 22:50:30 localhost.localdomain systemd[1]: Unit syslog-ng.service entered failed state.
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service failed.
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service holdoff time over, scheduling restart.
Jun 07 22:50:30 localhost.localdomain systemd[1]: Starting System Logger Daemon...
-- Subject: Unit syslog-ng.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit syslog-ng.service has begun starting up.
Jun 07 22:50:30 localhost.localdomain syslog-ng[18193]: [2018-06-07T22:50:30.281966] Error setting up TLS session context; tls_error='(null):(null):(null)'
Jun 07 22:50:30 localhost.localdomain syslog-ng[18193]: [2018-06-07T22:50:30.282017] Error initializing message pipeline; plugin name='tcp', location='/etc/syslog-ng/conf.d/client-to-server.conf:5:7'
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service: main process exited, code=exited, status=2/INVALIDARGUMENT
Jun 07 22:50:30 localhost.localdomain systemd[1]: Failed to start System Logger Daemon.
-- Subject: Unit syslog-ng.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit syslog-ng.service has failed.
--
-- The result is failed.
Jun 07 22:50:30 localhost.localdomain systemd[1]: Unit syslog-ng.service entered failed state.
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service failed.
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service holdoff time over, scheduling restart.
Jun 07 22:50:30 localhost.localdomain systemd[1]: Starting System Logger Daemon...
-- Subject: Unit syslog-ng.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit syslog-ng.service has begun starting up.
Jun 07 22:50:30 localhost.localdomain syslog-ng[18196]: [2018-06-07T22:50:30.522580] Error setting up TLS session context; tls_error='(null):(null):(null)'
Jun 07 22:50:30 localhost.localdomain syslog-ng[18196]: [2018-06-07T22:50:30.522870] Error initializing message pipeline; plugin name='tcp', location='/etc/syslog-ng/conf.d/client-to-server.conf:5:7'
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service: main process exited, code=exited, status=2/INVALIDARGUMENT
Jun 07 22:50:30 localhost.localdomain systemd[1]: Failed to start System Logger Daemon.
-- Subject: Unit syslog-ng.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit syslog-ng.service has failed.
--
-- The result is failed.
Jun 07 22:50:30 localhost.localdomain systemd[1]: Unit syslog-ng.service entered failed state.
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service failed.
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service holdoff time over, scheduling restart.
Jun 07 22:50:30 localhost.localdomain systemd[1]: start request repeated too quickly for syslog-ng.service
Jun 07 22:50:30 localhost.localdomain systemd[1]: Failed to start System Logger Daemon.
-- Subject: Unit syslog-ng.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit syslog-ng.service has failed.
--
-- The result is failed.
Jun 07 22:50:30 localhost.localdomain systemd[1]: Unit syslog-ng.service entered failed state.
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service failed.
What am I doing wrong?
ssl syslog-ng
Use "-s" with "-f" options for syslog-ng to check if your configuration is correct:syslog-ng -s -f /path/to/syslog-ng-master-config-file
â mariaczi
Jun 7 at 9:01
Thank you for this suggestion. May I add that I've just updated the syslog-ng version which is version:3.14. The commands return nothing: ` [root@localhost ~]# syslog-ng -s -f /etc/syslog-ng/conf.d/sendlog.conf [root@localhost ~]# syslog-ng -s -f /etc/syslog-ng/syslog-ng.conf [root@localhost ~]# syslog-ng -s -f /etc/syslog-ng/syslog-ng.conf [root@localhost ~]# syslog-ng -s -f /etc/syslog-ng/conf.d/sendlog.conf`
â Aiurea Adica tot YO
Jun 7 at 10:38
What you got in logs? Are you sure, that you don't have running other instance of syslog-ng:ps -ef | grep syslog
?
â mariaczi
Jun 7 at 10:44
[root@localhost ~]# ps -ef | grep syslog root 2952 2628 0 13:52 pts/0 00:00:00 grep --color=auto syslog
â Aiurea Adica tot YO
Jun 7 at 10:53
Jun 07 14:01:51 localhost.localdomain syslog-ng[3118]: /usr/sbin/syslog-ng: relocation error: /usr/lib64/libsyslog-ng-3.14.so.0: symbol SSL_CTX_get0_param, version libs Jun 07 14:01:51 localhost.localdomain systemd[1]: syslog-ng.service: main process exited, code=exited, status=127/n/a
â Aiurea Adica tot YO
Jun 7 at 11:02
 |Â
show 3 more comments
up vote
0
down vote
favorite
up vote
0
down vote
favorite
This is the scenario: I have a server that's listening on port 6514 on TCP
for logs. I created the .key .crt files on the server as described here: https://www.logzilla.net/2014/10/17/configuring-tls-tunnels-in-syslog-ng.html:
[root@server1 ~]$ openssl genrsa -des3 -out logserver.key 2048
Generating RSA private key, 2048 bit long modulus
.................................................+++
.+++
e is 65537 (0x10001)
Enter pass phrase for logserver.key:
Verifying - Enter pass phrase for logserver.key:
[root@server1 ~]$ openssl req -new -key logserver.key -out logserver.csr
Enter pass phrase for logserver.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a
DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:
State or Province Name (full name) :
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) :
Common Name (eg, your name or your server's hostname) :
Email Address :
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password :
An optional company name :
[root@server1 ~]$ cp logserver.key logserver.key.org
[root@server1 ~]$ openssl rsa -in logserver.key.org -out logserver.key
Enter pass phrase for logserver.key.org:
writing RSA key
[root@server1 ~]$ openssl x509 -req -days 365 -in logserver.csr -signkey
logserver.key -out logserver.crt
Signature ok
subject=/C=XX/L=Default City/O=Default Company Ltd
Getting Private key
and placed the settings in a created file named tls.conf in the /etc/syslog-ng/conf.d
I followed the next instructions. Connect to the Client and mkdir -p /etc/syslog-ng/ssl. Download/Upload the /etc/syslog-ng/ssl/logserver.crt (which was created earlier on the Server) to the Client system and put the file in /etc/syslog-ng/ssl on the Client.
Find the hash for your key by running openssl x509 -noout -hash -in /etc/syslog-ng/ssl/logserver.crt
Next, create a symbolic link to the certificate that uses the hash returned by the previous command, with an added .0 suffix.
ln -s /etc/syslog-ng/ssl/logserver.crt /etc/syslog-ng/ssl/84d92a45.0
As soon as I add the client-to-server.conf under /etc/syslog-ng/conf.d/client-to-server.conf
that has the following
@version:3.14
@define allow-config-dups 1
@include "scl.conf"
destination d_tls
tcp("192.168.1.7" port(6514)
tls( ca_dir("/etc/syslog-ng/ssl/")) );
;
log
source(s_sys);
destination(d_tls);
;
the syslog-ng service won't start on the client.
systemctl restart syslog-ng.service
Job for syslog-ng.service failed because the control process exited with
error code. See "systemctl status syslog-ng.service" and "journalctl -xe"
for details.
[root@localhost conf.d]# systemctl status syslog-ng.service -l
â syslog-ng.service - System Logger Daemon
Loaded: loaded (/usr/lib/systemd/system/syslog-ng.service; enabled; vendor preset: enabled)
Active: failed (Result: start-limit) since Thu 2018-06-07 22:50:30 EEST; 7min ago
Docs: man:syslog-ng(8)
Process: 18196 ExecStart=/usr/sbin/syslog-ng -F $SYSLOGNG_OPTS -p /var/run/syslogd.pid (code=exited, status=2)
Main PID: 18196 (code=exited, status=2)
Status: "Starting up... (Thu Jun 7 22:50:30 2018"
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service: main process exited, code=exited, status=2/INVALIDARGUMENT
Jun 07 22:50:30 localhost.localdomain systemd[1]: Failed to start System Logger Daemon.
Jun 07 22:50:30 localhost.localdomain systemd[1]: Unit syslog-ng.service entered failed state.
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service failed.
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service holdoff time over, scheduling restart.
Jun 07 22:50:30 localhost.localdomain systemd[1]: start request repeated too quickly for syslog-ng.service
Jun 07 22:50:30 localhost.localdomain systemd[1]: Failed to start System Logger Daemon.
Jun 07 22:50:30 localhost.localdomain systemd[1]: Unit syslog-ng.service entered failed state.
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service failed.
[root@localhost conf.d]# journalctl -xe
-- Subject: Unit syslog-ng.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit syslog-ng.service has begun starting up.
Jun 07 22:50:30 localhost.localdomain syslog-ng[18190]: [2018-06-07T22:50:30.022361] Error setting up TLS session context; tls_error='(null):(null):(null)'
Jun 07 22:50:30 localhost.localdomain syslog-ng[18190]: [2018-06-07T22:50:30.022410] Error initializing message pipeline; plugin name='tcp', location='/etc/syslog-ng/conf.d/client-to-server.conf:5:7'
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service: main process exited, code=exited, status=2/INVALIDARGUMENT
Jun 07 22:50:30 localhost.localdomain systemd[1]: Failed to start System Logger Daemon.
-- Subject: Unit syslog-ng.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit syslog-ng.service has failed.
--
-- The result is failed.
Jun 07 22:50:30 localhost.localdomain systemd[1]: Unit syslog-ng.service entered failed state.
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service failed.
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service holdoff time over, scheduling restart.
Jun 07 22:50:30 localhost.localdomain systemd[1]: Starting System Logger Daemon...
-- Subject: Unit syslog-ng.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit syslog-ng.service has begun starting up.
Jun 07 22:50:30 localhost.localdomain syslog-ng[18193]: [2018-06-07T22:50:30.281966] Error setting up TLS session context; tls_error='(null):(null):(null)'
Jun 07 22:50:30 localhost.localdomain syslog-ng[18193]: [2018-06-07T22:50:30.282017] Error initializing message pipeline; plugin name='tcp', location='/etc/syslog-ng/conf.d/client-to-server.conf:5:7'
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service: main process exited, code=exited, status=2/INVALIDARGUMENT
Jun 07 22:50:30 localhost.localdomain systemd[1]: Failed to start System Logger Daemon.
-- Subject: Unit syslog-ng.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit syslog-ng.service has failed.
--
-- The result is failed.
Jun 07 22:50:30 localhost.localdomain systemd[1]: Unit syslog-ng.service entered failed state.
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service failed.
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service holdoff time over, scheduling restart.
Jun 07 22:50:30 localhost.localdomain systemd[1]: Starting System Logger Daemon...
-- Subject: Unit syslog-ng.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit syslog-ng.service has begun starting up.
Jun 07 22:50:30 localhost.localdomain syslog-ng[18196]: [2018-06-07T22:50:30.522580] Error setting up TLS session context; tls_error='(null):(null):(null)'
Jun 07 22:50:30 localhost.localdomain syslog-ng[18196]: [2018-06-07T22:50:30.522870] Error initializing message pipeline; plugin name='tcp', location='/etc/syslog-ng/conf.d/client-to-server.conf:5:7'
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service: main process exited, code=exited, status=2/INVALIDARGUMENT
Jun 07 22:50:30 localhost.localdomain systemd[1]: Failed to start System Logger Daemon.
-- Subject: Unit syslog-ng.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit syslog-ng.service has failed.
--
-- The result is failed.
Jun 07 22:50:30 localhost.localdomain systemd[1]: Unit syslog-ng.service entered failed state.
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service failed.
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service holdoff time over, scheduling restart.
Jun 07 22:50:30 localhost.localdomain systemd[1]: start request repeated too quickly for syslog-ng.service
Jun 07 22:50:30 localhost.localdomain systemd[1]: Failed to start System Logger Daemon.
-- Subject: Unit syslog-ng.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit syslog-ng.service has failed.
--
-- The result is failed.
Jun 07 22:50:30 localhost.localdomain systemd[1]: Unit syslog-ng.service entered failed state.
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service failed.
What am I doing wrong?
ssl syslog-ng
This is the scenario: I have a server that's listening on port 6514 on TCP
for logs. I created the .key .crt files on the server as described here: https://www.logzilla.net/2014/10/17/configuring-tls-tunnels-in-syslog-ng.html:
[root@server1 ~]$ openssl genrsa -des3 -out logserver.key 2048
Generating RSA private key, 2048 bit long modulus
.................................................+++
.+++
e is 65537 (0x10001)
Enter pass phrase for logserver.key:
Verifying - Enter pass phrase for logserver.key:
[root@server1 ~]$ openssl req -new -key logserver.key -out logserver.csr
Enter pass phrase for logserver.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a
DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:
State or Province Name (full name) :
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) :
Common Name (eg, your name or your server's hostname) :
Email Address :
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password :
An optional company name :
[root@server1 ~]$ cp logserver.key logserver.key.org
[root@server1 ~]$ openssl rsa -in logserver.key.org -out logserver.key
Enter pass phrase for logserver.key.org:
writing RSA key
[root@server1 ~]$ openssl x509 -req -days 365 -in logserver.csr -signkey
logserver.key -out logserver.crt
Signature ok
subject=/C=XX/L=Default City/O=Default Company Ltd
Getting Private key
and placed the settings in a created file named tls.conf in the /etc/syslog-ng/conf.d
I followed the next instructions. Connect to the Client and mkdir -p /etc/syslog-ng/ssl. Download/Upload the /etc/syslog-ng/ssl/logserver.crt (which was created earlier on the Server) to the Client system and put the file in /etc/syslog-ng/ssl on the Client.
Find the hash for your key by running openssl x509 -noout -hash -in /etc/syslog-ng/ssl/logserver.crt
Next, create a symbolic link to the certificate that uses the hash returned by the previous command, with an added .0 suffix.
ln -s /etc/syslog-ng/ssl/logserver.crt /etc/syslog-ng/ssl/84d92a45.0
As soon as I add the client-to-server.conf under /etc/syslog-ng/conf.d/client-to-server.conf
that has the following
@version:3.14
@define allow-config-dups 1
@include "scl.conf"
destination d_tls
tcp("192.168.1.7" port(6514)
tls( ca_dir("/etc/syslog-ng/ssl/")) );
;
log
source(s_sys);
destination(d_tls);
;
the syslog-ng service won't start on the client.
systemctl restart syslog-ng.service
Job for syslog-ng.service failed because the control process exited with
error code. See "systemctl status syslog-ng.service" and "journalctl -xe"
for details.
[root@localhost conf.d]# systemctl status syslog-ng.service -l
â syslog-ng.service - System Logger Daemon
Loaded: loaded (/usr/lib/systemd/system/syslog-ng.service; enabled; vendor preset: enabled)
Active: failed (Result: start-limit) since Thu 2018-06-07 22:50:30 EEST; 7min ago
Docs: man:syslog-ng(8)
Process: 18196 ExecStart=/usr/sbin/syslog-ng -F $SYSLOGNG_OPTS -p /var/run/syslogd.pid (code=exited, status=2)
Main PID: 18196 (code=exited, status=2)
Status: "Starting up... (Thu Jun 7 22:50:30 2018"
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service: main process exited, code=exited, status=2/INVALIDARGUMENT
Jun 07 22:50:30 localhost.localdomain systemd[1]: Failed to start System Logger Daemon.
Jun 07 22:50:30 localhost.localdomain systemd[1]: Unit syslog-ng.service entered failed state.
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service failed.
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service holdoff time over, scheduling restart.
Jun 07 22:50:30 localhost.localdomain systemd[1]: start request repeated too quickly for syslog-ng.service
Jun 07 22:50:30 localhost.localdomain systemd[1]: Failed to start System Logger Daemon.
Jun 07 22:50:30 localhost.localdomain systemd[1]: Unit syslog-ng.service entered failed state.
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service failed.
[root@localhost conf.d]# journalctl -xe
-- Subject: Unit syslog-ng.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit syslog-ng.service has begun starting up.
Jun 07 22:50:30 localhost.localdomain syslog-ng[18190]: [2018-06-07T22:50:30.022361] Error setting up TLS session context; tls_error='(null):(null):(null)'
Jun 07 22:50:30 localhost.localdomain syslog-ng[18190]: [2018-06-07T22:50:30.022410] Error initializing message pipeline; plugin name='tcp', location='/etc/syslog-ng/conf.d/client-to-server.conf:5:7'
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service: main process exited, code=exited, status=2/INVALIDARGUMENT
Jun 07 22:50:30 localhost.localdomain systemd[1]: Failed to start System Logger Daemon.
-- Subject: Unit syslog-ng.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit syslog-ng.service has failed.
--
-- The result is failed.
Jun 07 22:50:30 localhost.localdomain systemd[1]: Unit syslog-ng.service entered failed state.
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service failed.
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service holdoff time over, scheduling restart.
Jun 07 22:50:30 localhost.localdomain systemd[1]: Starting System Logger Daemon...
-- Subject: Unit syslog-ng.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit syslog-ng.service has begun starting up.
Jun 07 22:50:30 localhost.localdomain syslog-ng[18193]: [2018-06-07T22:50:30.281966] Error setting up TLS session context; tls_error='(null):(null):(null)'
Jun 07 22:50:30 localhost.localdomain syslog-ng[18193]: [2018-06-07T22:50:30.282017] Error initializing message pipeline; plugin name='tcp', location='/etc/syslog-ng/conf.d/client-to-server.conf:5:7'
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service: main process exited, code=exited, status=2/INVALIDARGUMENT
Jun 07 22:50:30 localhost.localdomain systemd[1]: Failed to start System Logger Daemon.
-- Subject: Unit syslog-ng.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit syslog-ng.service has failed.
--
-- The result is failed.
Jun 07 22:50:30 localhost.localdomain systemd[1]: Unit syslog-ng.service entered failed state.
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service failed.
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service holdoff time over, scheduling restart.
Jun 07 22:50:30 localhost.localdomain systemd[1]: Starting System Logger Daemon...
-- Subject: Unit syslog-ng.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit syslog-ng.service has begun starting up.
Jun 07 22:50:30 localhost.localdomain syslog-ng[18196]: [2018-06-07T22:50:30.522580] Error setting up TLS session context; tls_error='(null):(null):(null)'
Jun 07 22:50:30 localhost.localdomain syslog-ng[18196]: [2018-06-07T22:50:30.522870] Error initializing message pipeline; plugin name='tcp', location='/etc/syslog-ng/conf.d/client-to-server.conf:5:7'
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service: main process exited, code=exited, status=2/INVALIDARGUMENT
Jun 07 22:50:30 localhost.localdomain systemd[1]: Failed to start System Logger Daemon.
-- Subject: Unit syslog-ng.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit syslog-ng.service has failed.
--
-- The result is failed.
Jun 07 22:50:30 localhost.localdomain systemd[1]: Unit syslog-ng.service entered failed state.
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service failed.
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service holdoff time over, scheduling restart.
Jun 07 22:50:30 localhost.localdomain systemd[1]: start request repeated too quickly for syslog-ng.service
Jun 07 22:50:30 localhost.localdomain systemd[1]: Failed to start System Logger Daemon.
-- Subject: Unit syslog-ng.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit syslog-ng.service has failed.
--
-- The result is failed.
Jun 07 22:50:30 localhost.localdomain systemd[1]: Unit syslog-ng.service entered failed state.
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service failed.
What am I doing wrong?
ssl syslog-ng
edited Jun 7 at 18:59
asked Jun 7 at 8:12
Aiurea Adica tot YO
14
14
Use "-s" with "-f" options for syslog-ng to check if your configuration is correct:syslog-ng -s -f /path/to/syslog-ng-master-config-file
â mariaczi
Jun 7 at 9:01
Thank you for this suggestion. May I add that I've just updated the syslog-ng version which is version:3.14. The commands return nothing: ` [root@localhost ~]# syslog-ng -s -f /etc/syslog-ng/conf.d/sendlog.conf [root@localhost ~]# syslog-ng -s -f /etc/syslog-ng/syslog-ng.conf [root@localhost ~]# syslog-ng -s -f /etc/syslog-ng/syslog-ng.conf [root@localhost ~]# syslog-ng -s -f /etc/syslog-ng/conf.d/sendlog.conf`
â Aiurea Adica tot YO
Jun 7 at 10:38
What you got in logs? Are you sure, that you don't have running other instance of syslog-ng:ps -ef | grep syslog
?
â mariaczi
Jun 7 at 10:44
[root@localhost ~]# ps -ef | grep syslog root 2952 2628 0 13:52 pts/0 00:00:00 grep --color=auto syslog
â Aiurea Adica tot YO
Jun 7 at 10:53
Jun 07 14:01:51 localhost.localdomain syslog-ng[3118]: /usr/sbin/syslog-ng: relocation error: /usr/lib64/libsyslog-ng-3.14.so.0: symbol SSL_CTX_get0_param, version libs Jun 07 14:01:51 localhost.localdomain systemd[1]: syslog-ng.service: main process exited, code=exited, status=127/n/a
â Aiurea Adica tot YO
Jun 7 at 11:02
 |Â
show 3 more comments
Use "-s" with "-f" options for syslog-ng to check if your configuration is correct:syslog-ng -s -f /path/to/syslog-ng-master-config-file
â mariaczi
Jun 7 at 9:01
Thank you for this suggestion. May I add that I've just updated the syslog-ng version which is version:3.14. The commands return nothing: ` [root@localhost ~]# syslog-ng -s -f /etc/syslog-ng/conf.d/sendlog.conf [root@localhost ~]# syslog-ng -s -f /etc/syslog-ng/syslog-ng.conf [root@localhost ~]# syslog-ng -s -f /etc/syslog-ng/syslog-ng.conf [root@localhost ~]# syslog-ng -s -f /etc/syslog-ng/conf.d/sendlog.conf`
â Aiurea Adica tot YO
Jun 7 at 10:38
What you got in logs? Are you sure, that you don't have running other instance of syslog-ng:ps -ef | grep syslog
?
â mariaczi
Jun 7 at 10:44
[root@localhost ~]# ps -ef | grep syslog root 2952 2628 0 13:52 pts/0 00:00:00 grep --color=auto syslog
â Aiurea Adica tot YO
Jun 7 at 10:53
Jun 07 14:01:51 localhost.localdomain syslog-ng[3118]: /usr/sbin/syslog-ng: relocation error: /usr/lib64/libsyslog-ng-3.14.so.0: symbol SSL_CTX_get0_param, version libs Jun 07 14:01:51 localhost.localdomain systemd[1]: syslog-ng.service: main process exited, code=exited, status=127/n/a
â Aiurea Adica tot YO
Jun 7 at 11:02
Use "-s" with "-f" options for syslog-ng to check if your configuration is correct:
syslog-ng -s -f /path/to/syslog-ng-master-config-file
â mariaczi
Jun 7 at 9:01
Use "-s" with "-f" options for syslog-ng to check if your configuration is correct:
syslog-ng -s -f /path/to/syslog-ng-master-config-file
â mariaczi
Jun 7 at 9:01
Thank you for this suggestion. May I add that I've just updated the syslog-ng version which is version:3.14. The commands return nothing: ` [root@localhost ~]# syslog-ng -s -f /etc/syslog-ng/conf.d/sendlog.conf [root@localhost ~]# syslog-ng -s -f /etc/syslog-ng/syslog-ng.conf [root@localhost ~]# syslog-ng -s -f /etc/syslog-ng/syslog-ng.conf [root@localhost ~]# syslog-ng -s -f /etc/syslog-ng/conf.d/sendlog.conf`
â Aiurea Adica tot YO
Jun 7 at 10:38
Thank you for this suggestion. May I add that I've just updated the syslog-ng version which is version:3.14. The commands return nothing: ` [root@localhost ~]# syslog-ng -s -f /etc/syslog-ng/conf.d/sendlog.conf [root@localhost ~]# syslog-ng -s -f /etc/syslog-ng/syslog-ng.conf [root@localhost ~]# syslog-ng -s -f /etc/syslog-ng/syslog-ng.conf [root@localhost ~]# syslog-ng -s -f /etc/syslog-ng/conf.d/sendlog.conf`
â Aiurea Adica tot YO
Jun 7 at 10:38
What you got in logs? Are you sure, that you don't have running other instance of syslog-ng:
ps -ef | grep syslog
?â mariaczi
Jun 7 at 10:44
What you got in logs? Are you sure, that you don't have running other instance of syslog-ng:
ps -ef | grep syslog
?â mariaczi
Jun 7 at 10:44
[root@localhost ~]# ps -ef | grep syslog root 2952 2628 0 13:52 pts/0 00:00:00 grep --color=auto syslog
â Aiurea Adica tot YO
Jun 7 at 10:53
[root@localhost ~]# ps -ef | grep syslog root 2952 2628 0 13:52 pts/0 00:00:00 grep --color=auto syslog
â Aiurea Adica tot YO
Jun 7 at 10:53
Jun 07 14:01:51 localhost.localdomain syslog-ng[3118]: /usr/sbin/syslog-ng: relocation error: /usr/lib64/libsyslog-ng-3.14.so.0: symbol SSL_CTX_get0_param, version libs Jun 07 14:01:51 localhost.localdomain systemd[1]: syslog-ng.service: main process exited, code=exited, status=127/n/a
â Aiurea Adica tot YO
Jun 7 at 11:02
Jun 07 14:01:51 localhost.localdomain syslog-ng[3118]: /usr/sbin/syslog-ng: relocation error: /usr/lib64/libsyslog-ng-3.14.so.0: symbol SSL_CTX_get0_param, version libs Jun 07 14:01:51 localhost.localdomain systemd[1]: syslog-ng.service: main process exited, code=exited, status=127/n/a
â Aiurea Adica tot YO
Jun 7 at 11:02
 |Â
show 3 more comments
1 Answer
1
active
oldest
votes
up vote
0
down vote
The syslog-ng client configuration section with tls for you should looks as below:
destination d_tls
network("192.168.1.7" port(6514)
transport("tls")
tls( ca-dir("/etc/syslog-ng/ssl/ca.d")
key-file("/etc/syslog-ng/ssl/mykey.key")
cert-file("/etc/syslog-ng/ssl/mykey.pem")) );
;
log
source(s_sys);
destination(d_tls);
;
Thank you very much! How do I create/get the ca.d file? As mentioned before, all I have is the .pem and .key files.
â Aiurea Adica tot YO
Jun 7 at 12:23
ca.d
is a directory with CA certificate. It must be the same as is installed on the server site (was used for issue certificate for client).
â mariaczi
Jun 7 at 12:28
May I please know how to configure it if the key and cert were generated using this command: openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 ?
â Aiurea Adica tot YO
Jun 7 at 14:10
Could you please looks on syslog-ng documentation - chapter about TLS: syslog-ng.com/documents/html/syslog-ng-ose-latest-guides/en/⦠Here, you have a step by step how to configure syslog-ng server and client to use TLS: nineproductions.com/â¦
â mariaczi
Jun 8 at 6:19
This is the error I'm can't get past by and don't know how to solve:Error setting up TLS session context; tls_error='(null):(null):(null)'
â Aiurea Adica tot YO
Jun 8 at 11:39
 |Â
show 1 more comment
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
The syslog-ng client configuration section with tls for you should looks as below:
destination d_tls
network("192.168.1.7" port(6514)
transport("tls")
tls( ca-dir("/etc/syslog-ng/ssl/ca.d")
key-file("/etc/syslog-ng/ssl/mykey.key")
cert-file("/etc/syslog-ng/ssl/mykey.pem")) );
;
log
source(s_sys);
destination(d_tls);
;
Thank you very much! How do I create/get the ca.d file? As mentioned before, all I have is the .pem and .key files.
â Aiurea Adica tot YO
Jun 7 at 12:23
ca.d
is a directory with CA certificate. It must be the same as is installed on the server site (was used for issue certificate for client).
â mariaczi
Jun 7 at 12:28
May I please know how to configure it if the key and cert were generated using this command: openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 ?
â Aiurea Adica tot YO
Jun 7 at 14:10
Could you please looks on syslog-ng documentation - chapter about TLS: syslog-ng.com/documents/html/syslog-ng-ose-latest-guides/en/⦠Here, you have a step by step how to configure syslog-ng server and client to use TLS: nineproductions.com/â¦
â mariaczi
Jun 8 at 6:19
This is the error I'm can't get past by and don't know how to solve:Error setting up TLS session context; tls_error='(null):(null):(null)'
â Aiurea Adica tot YO
Jun 8 at 11:39
 |Â
show 1 more comment
up vote
0
down vote
The syslog-ng client configuration section with tls for you should looks as below:
destination d_tls
network("192.168.1.7" port(6514)
transport("tls")
tls( ca-dir("/etc/syslog-ng/ssl/ca.d")
key-file("/etc/syslog-ng/ssl/mykey.key")
cert-file("/etc/syslog-ng/ssl/mykey.pem")) );
;
log
source(s_sys);
destination(d_tls);
;
Thank you very much! How do I create/get the ca.d file? As mentioned before, all I have is the .pem and .key files.
â Aiurea Adica tot YO
Jun 7 at 12:23
ca.d
is a directory with CA certificate. It must be the same as is installed on the server site (was used for issue certificate for client).
â mariaczi
Jun 7 at 12:28
May I please know how to configure it if the key and cert were generated using this command: openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 ?
â Aiurea Adica tot YO
Jun 7 at 14:10
Could you please looks on syslog-ng documentation - chapter about TLS: syslog-ng.com/documents/html/syslog-ng-ose-latest-guides/en/⦠Here, you have a step by step how to configure syslog-ng server and client to use TLS: nineproductions.com/â¦
â mariaczi
Jun 8 at 6:19
This is the error I'm can't get past by and don't know how to solve:Error setting up TLS session context; tls_error='(null):(null):(null)'
â Aiurea Adica tot YO
Jun 8 at 11:39
 |Â
show 1 more comment
up vote
0
down vote
up vote
0
down vote
The syslog-ng client configuration section with tls for you should looks as below:
destination d_tls
network("192.168.1.7" port(6514)
transport("tls")
tls( ca-dir("/etc/syslog-ng/ssl/ca.d")
key-file("/etc/syslog-ng/ssl/mykey.key")
cert-file("/etc/syslog-ng/ssl/mykey.pem")) );
;
log
source(s_sys);
destination(d_tls);
;
The syslog-ng client configuration section with tls for you should looks as below:
destination d_tls
network("192.168.1.7" port(6514)
transport("tls")
tls( ca-dir("/etc/syslog-ng/ssl/ca.d")
key-file("/etc/syslog-ng/ssl/mykey.key")
cert-file("/etc/syslog-ng/ssl/mykey.pem")) );
;
log
source(s_sys);
destination(d_tls);
;
edited Jun 7 at 12:07
answered Jun 7 at 11:44
mariaczi
42915
42915
Thank you very much! How do I create/get the ca.d file? As mentioned before, all I have is the .pem and .key files.
â Aiurea Adica tot YO
Jun 7 at 12:23
ca.d
is a directory with CA certificate. It must be the same as is installed on the server site (was used for issue certificate for client).
â mariaczi
Jun 7 at 12:28
May I please know how to configure it if the key and cert were generated using this command: openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 ?
â Aiurea Adica tot YO
Jun 7 at 14:10
Could you please looks on syslog-ng documentation - chapter about TLS: syslog-ng.com/documents/html/syslog-ng-ose-latest-guides/en/⦠Here, you have a step by step how to configure syslog-ng server and client to use TLS: nineproductions.com/â¦
â mariaczi
Jun 8 at 6:19
This is the error I'm can't get past by and don't know how to solve:Error setting up TLS session context; tls_error='(null):(null):(null)'
â Aiurea Adica tot YO
Jun 8 at 11:39
 |Â
show 1 more comment
Thank you very much! How do I create/get the ca.d file? As mentioned before, all I have is the .pem and .key files.
â Aiurea Adica tot YO
Jun 7 at 12:23
ca.d
is a directory with CA certificate. It must be the same as is installed on the server site (was used for issue certificate for client).
â mariaczi
Jun 7 at 12:28
May I please know how to configure it if the key and cert were generated using this command: openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 ?
â Aiurea Adica tot YO
Jun 7 at 14:10
Could you please looks on syslog-ng documentation - chapter about TLS: syslog-ng.com/documents/html/syslog-ng-ose-latest-guides/en/⦠Here, you have a step by step how to configure syslog-ng server and client to use TLS: nineproductions.com/â¦
â mariaczi
Jun 8 at 6:19
This is the error I'm can't get past by and don't know how to solve:Error setting up TLS session context; tls_error='(null):(null):(null)'
â Aiurea Adica tot YO
Jun 8 at 11:39
Thank you very much! How do I create/get the ca.d file? As mentioned before, all I have is the .pem and .key files.
â Aiurea Adica tot YO
Jun 7 at 12:23
Thank you very much! How do I create/get the ca.d file? As mentioned before, all I have is the .pem and .key files.
â Aiurea Adica tot YO
Jun 7 at 12:23
ca.d
is a directory with CA certificate. It must be the same as is installed on the server site (was used for issue certificate for client).â mariaczi
Jun 7 at 12:28
ca.d
is a directory with CA certificate. It must be the same as is installed on the server site (was used for issue certificate for client).â mariaczi
Jun 7 at 12:28
May I please know how to configure it if the key and cert were generated using this command: openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 ?
â Aiurea Adica tot YO
Jun 7 at 14:10
May I please know how to configure it if the key and cert were generated using this command: openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 ?
â Aiurea Adica tot YO
Jun 7 at 14:10
Could you please looks on syslog-ng documentation - chapter about TLS: syslog-ng.com/documents/html/syslog-ng-ose-latest-guides/en/⦠Here, you have a step by step how to configure syslog-ng server and client to use TLS: nineproductions.com/â¦
â mariaczi
Jun 8 at 6:19
Could you please looks on syslog-ng documentation - chapter about TLS: syslog-ng.com/documents/html/syslog-ng-ose-latest-guides/en/⦠Here, you have a step by step how to configure syslog-ng server and client to use TLS: nineproductions.com/â¦
â mariaczi
Jun 8 at 6:19
This is the error I'm can't get past by and don't know how to solve:
Error setting up TLS session context; tls_error='(null):(null):(null)'
â Aiurea Adica tot YO
Jun 8 at 11:39
This is the error I'm can't get past by and don't know how to solve:
Error setting up TLS session context; tls_error='(null):(null):(null)'
â Aiurea Adica tot YO
Jun 8 at 11:39
 |Â
show 1 more comment
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f448361%2fforwarding-syslog-ng-logs-over-tls%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Use "-s" with "-f" options for syslog-ng to check if your configuration is correct:
syslog-ng -s -f /path/to/syslog-ng-master-config-file
â mariaczi
Jun 7 at 9:01
Thank you for this suggestion. May I add that I've just updated the syslog-ng version which is version:3.14. The commands return nothing: ` [root@localhost ~]# syslog-ng -s -f /etc/syslog-ng/conf.d/sendlog.conf [root@localhost ~]# syslog-ng -s -f /etc/syslog-ng/syslog-ng.conf [root@localhost ~]# syslog-ng -s -f /etc/syslog-ng/syslog-ng.conf [root@localhost ~]# syslog-ng -s -f /etc/syslog-ng/conf.d/sendlog.conf`
â Aiurea Adica tot YO
Jun 7 at 10:38
What you got in logs? Are you sure, that you don't have running other instance of syslog-ng:
ps -ef | grep syslog
?â mariaczi
Jun 7 at 10:44
[root@localhost ~]# ps -ef | grep syslog root 2952 2628 0 13:52 pts/0 00:00:00 grep --color=auto syslog
â Aiurea Adica tot YO
Jun 7 at 10:53
Jun 07 14:01:51 localhost.localdomain syslog-ng[3118]: /usr/sbin/syslog-ng: relocation error: /usr/lib64/libsyslog-ng-3.14.so.0: symbol SSL_CTX_get0_param, version libs Jun 07 14:01:51 localhost.localdomain systemd[1]: syslog-ng.service: main process exited, code=exited, status=127/n/a
â Aiurea Adica tot YO
Jun 7 at 11:02