I have a tunnel that forwards connections from syslog-ng on localhost to my loghost. Or rather, I don't.
In the stunnel logs, I repeatedly get:
2004.08.16 21:28:30 LOG5[23452:1006768128]: syslogngs connected from 127.0.0.1:32479 2004.08.16 21:28:30 LOG7[23452:1006768128]: SSL state (accept): before/accept initialization 2004.08.16 21:28:30 LOG3[23452:1006768128]: SSL_accept: 140760FC: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol 2004.08.16 21:28:30 LOG7[23452:1006768128]: syslogngs finished (2 left) 2004.08.16 21:28:31 LOG7[23452:1006693376]: SSL socket closed on SSL_read 2004.08.16 21:28:31 LOG5[23452:1006693376]: Connection closed: 0 bytes sent to SSL, 0 bytes sent to socket 2004.08.16 21:28:31 LOG7[23452:1006693376]: syslogngs finished (1 left) 2004.08.16 21:30:01 LOG7[23452:1006763008]: waitforsocket: ok 2004.08.16 21:30:01 LOG3[23452:1006763008]: SSL_accept: 140760FC: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol 2004.08.16 21:30:01 LOG7[23452:1006763008]: syslogngs finished (0 left)
..yet connecting using:
$ openssl s_client -connect localhost:5515
successfully connects to my loghost and prints the certificate details.
Why on earth will s_client connect and not syslog-ng?
Specific details:
192.168.1.6 syslog-ng -> localhost:5515 | stunnel <----------| | stunnel ----------> loghost:5514
loghost: 192.168.1.7 (hosts) ---> stunnel (192.168.1.7:5514) | syslog-ng (localhost:5515)
I have now been trying to implement encrypted logging for a record time of three months now and so far every attempt has failed in some way or another. Can somebody please put an end to this adminstrative misery?
(more verbose program output on request)
mark
I seem to have fixed it, I'm not quite sure how, but I'm glad that my three months are finished. :)
-
markzero@logik.ath.cx