Clever Geek Handbook

Syslog-ng invalid date from tls

I have set up my syslog-ng server to receive logs to udp, tcp and tls. No problem for simple udp and tcp, but with tls I get the wrong date in the syslog header.

I created a self-signed certificate with an insecure private key (as mentioned here ) and configured syslog-ng as follows:

options {
    flush_lines (0);
    time_reopen (10);
    log_fifo_size (1000);
    chain_hostnames (off);
    use_dns (no);
    use_fqdn (no);
    create_dirs (no);
    keep_hostname (yes);
};

source s_sys {
    system();
    internal();
    # udp(ip(0.0.0.0) port(514));
};

# Source UDP 514
source s_udp {
    network(
        ip(0.0.0.0)
        port(514)
        transport("udp")
    );
};

# Source TCP 514
source s_tcp {
    network(
        ip(0.0.0.0)
        port(514)
        transport("tcp")
        log-msg-size(16384)
    );
};

# Source TLS 6514
source s_tls {
    network(
        ip(0.0.0.0)
        port(6514)
        transport("tls")
        tls(
            key-file("/opt/certs/myserver.key")
            cert-file("/opt/certs/myserver.crt")
            peer-verify(optional-untrusted)
        )
    );
};

I am getting messages from a source in the cloud, I created an appropriate filter and logarithmic stataments:

filter myfilter { netmask("xx.xx.xx.xx"); };   <-- public ip here
destination mydestination { file("/var/log/mysender.log" group("foo") owner("foo"));};
log { source(s_tls); filter(myfilter); destination(mydestination); flags(final); };

The cloud source asks me for some information:

  • chain certificate
  • certificate
  • key certificate

As I said, I created my own certificate on the server and installed it for both the certificate and the chain certificate in my cloud source. I don't know what it is asking key certificate

to make it work. I put the server private key here (although I don't think this is correct).

With this configuration, I can send test messages from my cloud source and I can see the messages are received correctly and written to the file, the content is clear. But the date is always Jan 1 00:00:00

.

note: I upgraded from syslog-ng 3.5 to 3.9, with the previous version I had the same problem but the date was Dec 31 00:00:00

.

I have many other sources using udp and plain tcp and they work. If I configure this source to use plain tcp it works as well.

I don't understand what the problem is, any idea on how to fix the date? thanks in advance

+3


source to share


No one has answered this question yet

Check out similar questions:



More articles:


All Articles