通过 TLS 转发 syslog-ng 日志

通过 TLS 转发 syslog-ng 日志

这是这样的场景:我有一个正在侦听端口6514 on TCP日志的服务器。我在服务器上创建了 .key .crt 文件,如下所述:https://www.logzilla.net/2014/10/17/configuring-tls-tunnels-in-syslog-ng.html:

   [root@server1 ~]$ openssl genrsa -des3 -out logserver.key 2048
   Generating RSA private key, 2048 bit long modulus
   .................................................+++
   .+++
   e is 65537 (0x10001)
   Enter pass phrase for logserver.key:
   Verifying - Enter pass phrase for logserver.key:
   [root@server1 ~]$ openssl req -new -key logserver.key -out logserver.csr
   Enter pass phrase for logserver.key:
   You are about to be asked to enter information that will be incorporated
   into your certificate request.
   What you are about to enter is what is called a Distinguished Name or a 
   DN.
   There are quite a few fields but you can leave some blank
   For some fields there will be a default value,
   If you enter '.', the field will be left blank.
   -----
   Country Name (2 letter code) [XX]:
   State or Province Name (full name) []:
   Locality Name (eg, city) [Default City]:
   Organization Name (eg, company) [Default Company Ltd]:
   Organizational Unit Name (eg, section) []:
   Common Name (eg, your name or your server's hostname) []:
   Email Address []:

   Please enter the following 'extra' attributes
   to be sent with your certificate request
   A challenge password []:
   An optional company name []:
   [root@server1 ~]$ cp logserver.key logserver.key.org
   [root@server1 ~]$ openssl rsa -in logserver.key.org -out logserver.key
   Enter pass phrase for logserver.key.org:
   writing RSA key
   [root@server1 ~]$ openssl x509 -req -days 365 -in logserver.csr -signkey 
   logserver.key -out logserver.crt
   Signature ok
   subject=/C=XX/L=Default City/O=Default Company Ltd
   Getting Private key

并将设置放置在名为的创建的文件中tls.conf in the /etc/syslog-ng/conf.d

我按照接下来的指示进行操作。 Connect to the Client and mkdir -p /etc/syslog-ng/ssl. Download/Upload the /etc/syslog-ng/ssl/logserver.crt (which was created earlier on the Server) to the Client system and put the file in /etc/syslog-ng/ssl on the Client.

Find the hash for your key by running openssl x509 -noout -hash -in /etc/syslog-ng/ssl/logserver.crt

Next, create a symbolic link to the certificate that uses the hash returned by the previous command, with an added .0 suffix.

ln -s /etc/syslog-ng/ssl/logserver.crt /etc/syslog-ng/ssl/84d92a45.0

一旦我添加 client-to-server.conf ,/etc/syslog-ng/conf.d/client-to-server.conf其下就有以下内容

@version:3.14
@define allow-config-dups 1
@include "scl.conf"
destination d_tls {
      tcp("192.168.1.7" port(6514)
      tls( ca_dir("/etc/syslog-ng/ssl/")) );
  };

  log {
      source(s_sys);
      destination(d_tls);
  };

syslog-ng 服务不会在客户端上启动。

  systemctl restart syslog-ng.service
  Job for syslog-ng.service failed because the control process exited with 
  error code. See "systemctl status syslog-ng.service" and "journalctl -xe" 
  for details.



    [root@localhost conf.d]# systemctl status syslog-ng.service -l
● syslog-ng.service - System Logger Daemon
   Loaded: loaded (/usr/lib/systemd/system/syslog-ng.service; enabled; vendor preset: enabled)
   Active: failed (Result: start-limit) since Thu 2018-06-07 22:50:30 EEST; 7min ago
     Docs: man:syslog-ng(8)
  Process: 18196 ExecStart=/usr/sbin/syslog-ng -F $SYSLOGNG_OPTS -p /var/run/syslogd.pid (code=exited, status=2)
 Main PID: 18196 (code=exited, status=2)
   Status: "Starting up... (Thu Jun  7 22:50:30 2018"

Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service: main process exited, code=exited, status=2/INVALIDARGUMENT
Jun 07 22:50:30 localhost.localdomain systemd[1]: Failed to start System Logger Daemon.
Jun 07 22:50:30 localhost.localdomain systemd[1]: Unit syslog-ng.service entered failed state.
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service failed.
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service holdoff time over, scheduling restart.
Jun 07 22:50:30 localhost.localdomain systemd[1]: start request repeated too quickly for syslog-ng.service
Jun 07 22:50:30 localhost.localdomain systemd[1]: Failed to start System Logger Daemon.
Jun 07 22:50:30 localhost.localdomain systemd[1]: Unit syslog-ng.service entered failed state.
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service failed.

[root@localhost conf.d]# journalctl -xe
-- Subject: Unit syslog-ng.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit syslog-ng.service has begun starting up.
Jun 07 22:50:30 localhost.localdomain syslog-ng[18190]: [2018-06-07T22:50:30.022361] Error setting up TLS session context; tls_error='(null):(null):(null)'
Jun 07 22:50:30 localhost.localdomain syslog-ng[18190]: [2018-06-07T22:50:30.022410] Error initializing message pipeline; plugin name='tcp', location='/etc/syslog-ng/conf.d/client-to-server.conf:5:7'
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service: main process exited, code=exited, status=2/INVALIDARGUMENT
Jun 07 22:50:30 localhost.localdomain systemd[1]: Failed to start System Logger Daemon.
-- Subject: Unit syslog-ng.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit syslog-ng.service has failed.
-- 
-- The result is failed.
Jun 07 22:50:30 localhost.localdomain systemd[1]: Unit syslog-ng.service entered failed state.
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service failed.
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service holdoff time over, scheduling restart.
Jun 07 22:50:30 localhost.localdomain systemd[1]: Starting System Logger Daemon...
-- Subject: Unit syslog-ng.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit syslog-ng.service has begun starting up.
Jun 07 22:50:30 localhost.localdomain syslog-ng[18193]: [2018-06-07T22:50:30.281966] Error setting up TLS session context; tls_error='(null):(null):(null)'
Jun 07 22:50:30 localhost.localdomain syslog-ng[18193]: [2018-06-07T22:50:30.282017] Error initializing message pipeline; plugin name='tcp', location='/etc/syslog-ng/conf.d/client-to-server.conf:5:7'
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service: main process exited, code=exited, status=2/INVALIDARGUMENT
Jun 07 22:50:30 localhost.localdomain systemd[1]: Failed to start System Logger Daemon.
-- Subject: Unit syslog-ng.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit syslog-ng.service has failed.
-- 
-- The result is failed.
Jun 07 22:50:30 localhost.localdomain systemd[1]: Unit syslog-ng.service entered failed state.
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service failed.
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service holdoff time over, scheduling restart.
Jun 07 22:50:30 localhost.localdomain systemd[1]: Starting System Logger Daemon...
-- Subject: Unit syslog-ng.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit syslog-ng.service has begun starting up.
Jun 07 22:50:30 localhost.localdomain syslog-ng[18196]: [2018-06-07T22:50:30.522580] Error setting up TLS session context; tls_error='(null):(null):(null)'
Jun 07 22:50:30 localhost.localdomain syslog-ng[18196]: [2018-06-07T22:50:30.522870] Error initializing message pipeline; plugin name='tcp', location='/etc/syslog-ng/conf.d/client-to-server.conf:5:7'
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service: main process exited, code=exited, status=2/INVALIDARGUMENT
Jun 07 22:50:30 localhost.localdomain systemd[1]: Failed to start System Logger Daemon.
-- Subject: Unit syslog-ng.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit syslog-ng.service has failed.
-- 
-- The result is failed.
Jun 07 22:50:30 localhost.localdomain systemd[1]: Unit syslog-ng.service entered failed state.
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service failed.
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service holdoff time over, scheduling restart.
Jun 07 22:50:30 localhost.localdomain systemd[1]: start request repeated too quickly for syslog-ng.service
Jun 07 22:50:30 localhost.localdomain systemd[1]: Failed to start System Logger Daemon.
-- Subject: Unit syslog-ng.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit syslog-ng.service has failed.
-- 
-- The result is failed.
Jun 07 22:50:30 localhost.localdomain systemd[1]: Unit syslog-ng.service entered failed state.
Jun 07 22:50:30 localhost.localdomain systemd[1]: syslog-ng.service failed.

我究竟做错了什么?

答案1

带有 tls 的 syslog-ng 客户端配置部分应如下所示:

destination d_tls {
    network("192.168.1.7" port(6514)
        transport("tls")
        tls( ca-dir("/etc/syslog-ng/ssl/ca.d")
             key-file("/etc/syslog-ng/ssl/mykey.key")
             cert-file("/etc/syslog-ng/ssl/mykey.pem")) );
};
log {
    source(s_sys);
    destination(d_tls);
};

相关内容