Syslog-ng invalid date from tls
I have set up my syslog-ng server to receive logs to udp, tcp and tls. No problem for simple udp and tcp, but with tls I get the wrong date in the syslog header.
I created a self-signed certificate with an insecure private key (as mentioned here ) and configured syslog-ng as follows:
options {
flush_lines (0);
time_reopen (10);
log_fifo_size (1000);
chain_hostnames (off);
use_dns (no);
use_fqdn (no);
create_dirs (no);
keep_hostname (yes);
};
source s_sys {
system();
internal();
# udp(ip(0.0.0.0) port(514));
};
# Source UDP 514
source s_udp {
network(
ip(0.0.0.0)
port(514)
transport("udp")
);
};
# Source TCP 514
source s_tcp {
network(
ip(0.0.0.0)
port(514)
transport("tcp")
log-msg-size(16384)
);
};
# Source TLS 6514
source s_tls {
network(
ip(0.0.0.0)
port(6514)
transport("tls")
tls(
key-file("/opt/certs/myserver.key")
cert-file("/opt/certs/myserver.crt")
peer-verify(optional-untrusted)
)
);
};
I am getting messages from a source in the cloud, I created an appropriate filter and logarithmic stataments:
filter myfilter { netmask("xx.xx.xx.xx"); }; <-- public ip here
destination mydestination { file("/var/log/mysender.log" group("foo") owner("foo"));};
log { source(s_tls); filter(myfilter); destination(mydestination); flags(final); };
The cloud source asks me for some information:
- chain certificate
- certificate
- key certificate
As I said, I created my own certificate on the server and installed it for both the certificate and the chain certificate in my cloud source. I don't know what it is asking key certificate
to make it work. I put the server private key here (although I don't think this is correct).
With this configuration, I can send test messages from my cloud source and I can see the messages are received correctly and written to the file, the content is clear. But the date is always Jan 1 00:00:00
.
note: I upgraded from syslog-ng 3.5 to 3.9, with the previous version I had the same problem but the date was Dec 31 00:00:00
.
I have many other sources using udp and plain tcp and they work. If I configure this source to use plain tcp it works as well.
I don't understand what the problem is, any idea on how to fix the date? thanks in advance
source to share
No one has answered this question yet
Check out similar questions: