Hi. I'm so close to having a working loghost, with stunnel encrypted connections.
Not close enough however.
I have syslog-ng setup to log to 127.0.0.1:5515 on all clients.
The client config:
[syslogngs]
accept = 127.0.0.1:5515
connect = 192.168.1.7:5514
On the loghost, stunnel listens on *.5514 and forwards to connection to
127.0.0.1:5515 (which syslog-ng is listening on).
(server config):
[syslogngs]
accept = 192.168.1.7:5514
connect = 127.0.0.1:5515
I'm making an assumption that the certificates are working, as I'm
using (or attempting to use) both client and server authentication.
Watching the stream with a packet sniffer shows absolutely no connections
between the client and the loghost. Strings such as this appear in the
stunnel.log repeatedly:
2004.08.16 20:42:26 LOG7[7690:1006693376]: syslogngs started
2004.08.16 20:42:26 LOG5[7690:1006693376]: syslogngs connected from
127.0.0.1:2956
2004.08.16 20:42:26 LOG7[7690:1006693376]: SSL state (accept): before/accept
initialization
2004.08.16 20:42:26 LOG7[7690:1006693376]: waitforsocket: FD=13, DIR=read
2004.08.16 20:42:26 LOG7[7690:1006690304]: syslogngs accepted FD=14 from
127.0.0.1:24856
2004.08.16 20:42:26 LOG7[7690:1006690304]: FD 14 in non-blocking mode
2004.08.16 20:42:26 LOG7[7690:1006763008]: syslogngs started
2004.08.16 20:42:26 LOG5[7690:1006763008]: syslogngs connected from 127.0.0.1:24856
2004.08.16 20:42:26 LOG7[7690:1006763008]: SSL state (accept): before/accept
initialization
2004.08.16 20:42:26 LOG7[7690:1006763008]: waitforsocket: FD=14, DIR=read
2004.08.16 20:42:26 LOG7[7690:1006763008]: waitforsocket: ok
2004.08.16 20:42:26 LOG3[7690:1006763008]: SSL_accept: 140760FC: error:140760FC:SSL
routines:SSL23_GET_CLIENT_HELLO:unknown protocol
2004.08.16 20:42:26 LOG7[7690:1006763008]: syslogngs finished (1 left)
2004.08.16 20:47:26 LOG7[7690:1006693376]: waitforsocket: timeout
2004.08.16 20:47:26 LOG7[7690:1006693376]: syslogngs finished (0 left)
Have I made some glaring error that I'm not aware of?
thanks
mark