Mar 15 11:20:37 marte stunnel: LOG7: Initializing application specific data for session authenticated Mar 15 11:20:37 marte stunnel: LOG7: TLS state (connect): before SSL initialization Mar 15 11:20:37 marte stunnel: LOG6: Peer certificate required Mar 15 11:20:37 marte stunnel: LOG6: SNI: sending servername: Mar 15 11:20:37 marte stunnel: LOG7: Remote descriptor (FD=10) initialized Mar 15 11:20:37 marte stunnel: LOG7: Option TCP_NODELAY set on remote socket Mar 15 11:20:37 marte stunnel: LOG7: Setting remote socket options (FD=10) # Also tested with: CApath = /etc/ssl/certs/ Also tested with other common domains and always results in the same issue. One alternative to syslog-ng is Splunk.Installed without issues but could not get it to work due to "unknown CA" verification issues. The message should appear on bu3 in /var/backup/CentralizedLogging/remoteclients To test the remote logging run on the logger “Testing remote logging” Make sure syslog-ng does not start (on client) through the init chkconfig –level 2345 syslog-ng offĮdit /etc/rc.d/rc.local (on client) and add syslog-ng and vi /etc/rc.d/rc.local Restart stunnel on the server for it to re-read the certificates file and accept the newly added killall stunnel stunnel /etc/stunnel/nf If stunnel is not running you can uncomment the debug line in the nf file, start stunnel again and check the logs for detailed description of the problem. Make sure stunnel is running by checking the tail -f /var/log/messages Make sure it’s running by checking the tail -f /var/log/messages Start syslong-ng BEFORE stunnel by syslog-ng -f /etc/syslog-ng/nf Make sure syslog-ng is not running (it automatically start once you install it from the killall syslog-ng Note:It is very important that you put the server’s short name when you’re asked about the Common Name !Ĭreate the nf configuration file in /etc/stunnel on the vi /etc/stunnel/nfĬAfile = /etc/stunnel/syslog-ng-server.pemįor nf you can start vi /etc/syslog-ng/nf In other words, remove the private key sections from all syslog-ng-client.pem files and concatenate what is left to create server’s special syslog-ng-client.pem. For server, create a special syslog-ng-client.pem containing the certificate sections for all clients and place in /etc/stunnel. Place every client’s syslog-ng-client.pem in /etc/stunnel. In other words, remove the private key section from syslog-ng-server.pem on all clients. The clients only need the certificate section of syslog-ng-server.pem. Place copies of syslog-ng-server.pem on all machines in /etc/stunnel with one important alteration. If you have more than one client that will log to the server you have to generate new client cd make make syslog-ng-client.pem Login to the client and the server, download syslog-ng and stunnel and install yum install -y openssl-devel glibc gcc wget lynx mkdir -p cd tar zxfv cd make cd rpm -Uvh libdbi8-0.8. libdbi8-dev-0.8. libevtlog0-0.2. syslog-ng-2.1.Īfter the installation is complete login to your CA server and create the server and the client certificate.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |