Hi. I'm so close to having a working loghost, with stunnel encrypted connections.

Not close enough however.

I have syslog-ng setup to log to 127.0.0.1:5515 on all clients.

The client config:

[syslogngs] accept = 127.0.0.1:5515 connect = 192.168.1.7:5514

On the loghost, stunnel listens on *.5514 and forwards to connection to 127.0.0.1:5515 (which syslog-ng is listening on).

(server config):

[syslogngs] accept = 192.168.1.7:5514 connect = 127.0.0.1:5515

I'm making an assumption that the certificates are working, as I'm using (or attempting to use) both client and server authentication.

Watching the stream with a packet sniffer shows absolutely no connections between the client and the loghost. Strings such as this appear in the stunnel.log repeatedly:

2004.08.16 20:42:26 LOG7[7690:1006693376]: syslogngs started 2004.08.16 20:42:26 LOG5[7690:1006693376]: syslogngs connected from 127.0.0.1:2956 2004.08.16 20:42:26 LOG7[7690:1006693376]: SSL state (accept): before/accept initialization 2004.08.16 20:42:26 LOG7[7690:1006693376]: waitforsocket: FD=13, DIR=read 2004.08.16 20:42:26 LOG7[7690:1006690304]: syslogngs accepted FD=14 from 127.0.0.1:24856 2004.08.16 20:42:26 LOG7[7690:1006690304]: FD 14 in non-blocking mode 2004.08.16 20:42:26 LOG7[7690:1006763008]: syslogngs started 2004.08.16 20:42:26 LOG5[7690:1006763008]: syslogngs connected from 127.0.0.1:24856 2004.08.16 20:42:26 LOG7[7690:1006763008]: SSL state (accept): before/accept initialization 2004.08.16 20:42:26 LOG7[7690:1006763008]: waitforsocket: FD=14, DIR=read 2004.08.16 20:42:26 LOG7[7690:1006763008]: waitforsocket: ok 2004.08.16 20:42:26 LOG3[7690:1006763008]: SSL_accept: 140760FC: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol 2004.08.16 20:42:26 LOG7[7690:1006763008]: syslogngs finished (1 left) 2004.08.16 20:47:26 LOG7[7690:1006693376]: waitforsocket: timeout 2004.08.16 20:47:26 LOG7[7690:1006693376]: syslogngs finished (0 left)

Have I made some glaring error that I'm not aware of?

thanks mark