Discussion:
[syslog-ng]?? Connection broken to AF_INET(127.0.0.1:514), reopening in 60 seconds
s***@spawar.navy.mil
21 years ago
Permalink
I don't know what is the trouble with my remote syslog-ng/stunnel
setup since I turned off packet filtering. Any guidance would
be greatly appreciated.

Here is error message in log:

Jul 26 11:06:47 seberino3 syslog-ng[3245]: Connection broken to AF_INET(127.0.0.1:514), reopening in 60 seconds

Here is my syslog-ng.conf:

options {long_hostnames(no);
keep_hostname(yes);
chain_hostnames(no);};

source client_sources {unix-stream("/dev/log"); pipe("/proc/kmsg");
internal();};

destination local_dest {file("/var/log/messages");};
destination remote_dest {tcp("127.0.0.1" port(514));};

log {source(client_sources); destination(local_dest);};
log {source(client_sources); destination(remote_dest);};


Chris
Nate Campi
21 years ago
Permalink
Post by s***@spawar.navy.mil
I don't know what is the trouble with my remote syslog-ng/stunnel
setup since I turned off packet filtering. Any guidance would
be greatly appreciated.
Jul 26 11:06:47 seberino3 syslog-ng[3245]: Connection broken to AF_INET(127.0.0.1:514), reopening in 60 seconds
Do you know that the stunnel connection is up? Make sure it's running
first, it's probably not a syslog-ng problem.
--
Nate

A complex system that works is invariably found to have evolved from
a simple system that worked. -John Gall
s***@spawar.navy.mil
21 years ago
Permalink
Nate

Thanks for help. Yes stunnel is up. You are right... it is not
clear if problem is with stunnel or syslog-ng.

Here is my stunnel.conf..

[laptop root /root] # more /etc/stunnel/stunnel.conf
client = yes
cert = /etc/stunnel/syslog-ng-client.pem
CAfile = /etc/stunnel/syslog-ng-server.pem
verify = 3
chroot = /usr/local/chrootjails/stunnel
setuid = nobody
setgid = nobody

[5140]
accept = 127.0.0.1:514
connect = 198.253.71.174:5140
...
--
_______________________________________

Christian Seberino, Ph.D.
SPAWAR Systems Center San Diego
Code 2872
49258 Mills Street, Room 158
San Diego, CA 92152-5385
U.S.A.

Phone: (619) 553-9973
Fax : (619) 553-6521
Email: ***@spawar.navy.mil
_______________________________________
Nate Campi
21 years ago
Permalink
I'd telnet to the local port where syslog-ng is trying to connect (the
listenening stunnel socket) and type some junk. If you can establish a
connection and send text that's accepted by the remote end, then it
would seem stunnel works.
...
--
Nate

I've seen things you people wouldn't believe. Attack ships on fire off
the shoulder of Orion. I watched C-beams glitter in the dark near the
Tannhauser gate. All those moments will be lost in time, like tears in
rain. Time to die. -- Roy Batty, Blade Runner
Jens Grigel
21 years ago
Permalink
Post by s***@spawar.navy.mil
Nate
Thanks for help. Yes stunnel is up. You are right... it is not
clear if problem is with stunnel or syslog-ng.
Here is my stunnel.conf..
[laptop root /root] # more /etc/stunnel/stunnel.conf
client = yes
cert = /etc/stunnel/syslog-ng-client.pem
CAfile = /etc/stunnel/syslog-ng-server.pem
verify = 3
chroot = /usr/local/chrootjails/stunnel
setuid = nobody
setgid = nobody
[5140]
accept = 127.0.0.1:514
connect = 198.253.71.174:5140
Hi Christian,

are you sure that stunnel can listen on the privileged port 514 when
running chroot'ed ? I don't remember if stunnel opens the port first and
drops it's rights after that...

Enable loggin of stunnel or try to open the tunnel on a high port e.g.
udp/1514 and set the destination in syslog-ng to localhost:1514

Jens

---
Citysavingsbank Munich
Dep. of Network and Security

Munich, Germany

Loading...