syslog-ng EC2 TLS

MarcF asked:

I am attempting to add TLS support to my syslog-ng service running on an AWS EC2 instance (logs are being sent to loggly). The basic configuration without TLS works, but when I replace the destination in the config with :

destination d_loggly {
    tcp("logs-01.loggly.com" port(6514) 
    tls(peer-verify(required-untrusted) ca_dir('/opt/syslog-ng/keys/ca.d/'))
    template(LogglyFormat));
};

I get the following error when I restart the syslog-ng service:

[ec2-user@ip-10-0-1-123 syslog-ng]$ sudo /etc/init.d/syslog-ng restart
Stopping syslog-ng: [ OK ]
Error parsing afsocket, syntax error, unexpected LL_IDENTIFIER, expecting ')' in /etc/syslog-ng/syslog-ng.conf at line 74, column 5:

tls(peer-verify(required-untrusted) ca_dir('/opt/syslog-ng/keys/ca.d/'))
^^^

syslog-ng documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
mailing list: https://lists.balabit.hu/mailman/listinfo/syslog-ng

I can confirm the certificates are located at /opt/syslog-ng/keys/ca.d/:

[ec2-user@ip-10-0-1-123 /]$ ls -l /opt/syslog-ng/keys/ca.d/
total 16
-rw-r--r-- 1 root root 1968 Jul 18 11:39 loggly.com.crt
-rw-r--r-- 1 root root 5241 Jul 18 11:39 loggly_full.crt
-rw-r--r-- 1 root root 3273 Jul 18 11:39 sf_bundle.crt

Any help to get TLS support working would be greatly appreciated.


I answered:

The missing ) should be added to the previous line. This is an obvious syntax error:

    tcp("logs-01.loggly.com" port(6514) 

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.