tilo64
Goto Top

Debian5 (syslog-ng - stunnel)

Hallo Allerseits,

ich habe ein kleines Problem....

Hier eine kurze Erklärung was ich gemacht habe.

Syslog-ng(client) läuft und wird auf einem log-server(server) ausgegeben, funktioniert auch wunderbar(loghost).

netstat -an
tcp 0 0 0.0.0.6:8888 0.0.0.5:48573 VERBUNDEN
tcp 0 0 0.0.0.5:48573 0.0.0.6:8888 VERBUNDEN
die netstat ausgaben von beiden servern.

nach der installation von stunnel4 wird zwar auf beiden seiten stunnel gestartet(fehlerfrei) aber es wird keine verbindung über den stunnel port aufgebaut(port
5140)

server:
tcp 0 0 0.0.0.6:5140 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.6:8888 0.0.0.5:48573 VERBUNDEN


0.0.0.5 = Client
0.0.0.6 = Server

ich werde hier mal noch einige wichtige dateien reinkopieren:

Client: /etc/stunnel/stunnel.conf (abweichend von der default einstellung)

cert = /etc/stunnel/stunnelC.pem
CAfile = /etc/stunnel/stunnelS.pem
debug = 7
output = /var/log/stunnel4/stunnel.log
client = yes
[syslog]
accept = 127.0.0.1:8888
connect = 0.0.0.6:5140

Logfile Client: tail -25 /var/log/stunnel4/stunnel.log

2010.09.16 05:03:52 LOG5[5617:3074321280]: Received signal 15; terminating
2010.09.16 05:03:52 LOG7[5617:3074321280]: removing pid file /stunnel4.pid
2010.09.16 07:03:57 LOG7[5637:3075017600]: Snagged 64 random bytes from /home/ndbbk01/.rnd
2010.09.16 07:03:57 LOG7[5637:3075017600]: Wrote 1024 new random bytes to /home/ndbbk01/.rnd
2010.09.16 07:03:57 LOG7[5637:3075017600]: RAND_status claims sufficient entropy for the PRNG
2010.09.16 07:03:57 LOG7[5637:3075017600]: PRNG seeded successfully
2010.09.16 07:03:57 LOG7[5637:3075017600]: Certificate: /etc/stunnel/stunnelC.pem
2010.09.16 07:03:57 LOG7[5637:3075017600]: Certificate loaded
2010.09.16 07:03:57 LOG7[5637:3075017600]: Key file: /etc/stunnel/stunnelC.pem
2010.09.16 07:03:57 LOG7[5637:3075017600]: Private key loaded
2010.09.16 07:03:57 LOG7[5637:3075017600]: Loaded verify certificates from /etc/stunnel/stunnelS.pem
2010.09.16 07:03:57 LOG7[5637:3075017600]: Loaded /etc/stunnel/stunnelS.pem revocation lookup file
2010.09.16 07:03:57 LOG7[5637:3075017600]: SSL context initialized for service syslog
2010.09.16 07:03:57 LOG5[5637:3075017600]: stunnel 4.22 on i486-pc-linux-gnu with OpenSSL 0.9.8g 19 Oct 2007
2010.09.16 07:03:57 LOG5[5637:3075017600]: ThreadingTHREAD SSL:ENGINE SocketsOLL,IPv6 Auth:LIBWRAP
2010.09.16 07:03:57 LOG6[5637:3075017600]: file ulimit = 1024 (can be changed with 'ulimit -n')
2010.09.16 07:03:57 LOG6[5637:3075017600]: poll() used - no FD_SETSIZE limit for file descriptors
2010.09.16 07:03:57 LOG5[5637:3075017600]: 500 clients allowed
2010.09.16 07:03:57 LOG7[5637:3075017600]: FD 10 in non-blocking mode
2010.09.16 07:03:57 LOG7[5637:3075017600]: FD 11 in non-blocking mode
2010.09.16 07:03:57 LOG7[5637:3075017600]: FD 12 in non-blocking mode
2010.09.16 07:03:57 LOG7[5637:3075017600]: SO_REUSEADDR option set on accept socket
2010.09.16 07:03:57 LOG7[5637:3075017600]: syslog bound to 127.0.0.1:8888
2010.09.16 07:03:57 LOG7[5643:3075017600]: Created pid file /stunnel4.pid

Client: ps -ax
4280 ? Ss 0:00 /usr/sbin/syslog-ng -p /var/run/syslog-ng.pid
5638 pts/1 S 0:00 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf
5639 pts/1 S 0:00 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf
5640 pts/1 S 0:00 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf
5641 pts/1 S 0:00 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf
5642 pts/1 S 0:00 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf
5643 ? Ss 0:00 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf


Server: /etc/stunnel/stunnel.conf (abweichend von der default einstellung)

cert = /etc/stunnel/stunnelS.pem
CAfile = /etc/stunnel/stunnelC.pem
debug = 7
output = /var/log/stunnel4/stunnel.log
[syslog]
accept = 0.0.0.6:5140
connect = 127.0.0.1:8888

Logfile Server: tail -25 /var/log/stunnel4/stunnel.log

2010.09.16 05:03:46 LOG5[3021:3074505600]: Received signal 15; terminating
2010.09.16 05:03:46 LOG7[3021:3074505600]: removing pid file /stunnel4.pid
2010.09.16 07:03:51 LOG7[3088:3074874240]: Snagged 64 random bytes from /home/ndbbk01/.rnd
2010.09.16 07:03:51 LOG7[3088:3074874240]: Wrote 1024 new random bytes to /home/ndbbk01/.rnd
2010.09.16 07:03:51 LOG7[3088:3074874240]: RAND_status claims sufficient entropy for the PRNG
2010.09.16 07:03:51 LOG7[3088:3074874240]: PRNG seeded successfully
2010.09.16 07:03:51 LOG7[3088:3074874240]: Certificate: /etc/stunnel/stunnelS.pem
2010.09.16 07:03:51 LOG7[3088:3074874240]: Certificate loaded
2010.09.16 07:03:51 LOG7[3088:3074874240]: Key file: /etc/stunnel/stunnelS.pem
2010.09.16 07:03:51 LOG7[3088:3074874240]: Private key loaded
2010.09.16 07:03:51 LOG7[3088:3074874240]: Loaded verify certificates from /etc/stunnel/stunnelC.pem
2010.09.16 07:03:51 LOG7[3088:3074874240]: Loaded /etc/stunnel/stunnelC.pem revocation lookup file
2010.09.16 07:03:51 LOG7[3088:3074874240]: SSL context initialized for service syslog
2010.09.16 07:03:51 LOG5[3088:3074874240]: stunnel 4.22 on i486-pc-linux-gnu with OpenSSL 0.9.8g 19 Oct 2007
2010.09.16 07:03:51 LOG5[3088:3074874240]: ThreadingTHREAD SSL:ENGINE SocketsOLL,IPv6 Auth:LIBWRAP
2010.09.16 07:03:51 LOG6[3088:3074874240]: file ulimit = 1024 (can be changed with 'ulimit -n')
2010.09.16 07:03:51 LOG6[3088:3074874240]: poll() used - no FD_SETSIZE limit for file descriptors
2010.09.16 07:03:51 LOG5[3088:3074874240]: 500 clients allowed
2010.09.16 07:03:51 LOG7[3088:3074874240]: FD 10 in non-blocking mode
2010.09.16 07:03:51 LOG7[3088:3074874240]: FD 11 in non-blocking mode
2010.09.16 07:03:51 LOG7[3088:3074874240]: FD 12 in non-blocking mode
2010.09.16 07:03:51 LOG7[3088:3074874240]: SO_REUSEADDR option set on accept socket
2010.09.16 07:03:51 LOG7[3088:3074874240]: syslog bound to 141.38.81.6:5140
2010.09.16 07:03:51 LOG7[3094:3074874240]: Created pid file /stunnel4.pid

Server: ps -ax
2910 ? Ss 0:00 /usr/sbin/syslog-ng -p /var/run/syslog-ng.pid
3089 pts/0 S 0:00 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf
3090 pts/0 S 0:00 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf
3091 pts/0 S 0:00 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf
3092 pts/0 S 0:00 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf
3093 pts/0 S 0:00 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf
3094 ? Ss 0:00 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf

ich denke, wenn er den tunnel sauber aufgebaut hätte müsste die verbindung über port 5140 und nicht über port 8888 laufen....
server:
tcp 0 0 0.0.0.6:5140 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.6:8888 0.0.0.5:48573 VERBUNDEN

vielen dank im vorraus dirk

Content-Key: 151140

Url: https://administrator.de/contentid/151140

Ausgedruckt am: 28.03.2024 um 21:03 Uhr

Mitglied: Fitzcarraldo
Fitzcarraldo 17.09.2010 um 11:01:45 Uhr
Goto Top
Dieses Problem wird auch an folgenden Stellen behandelt:

http://www.linuxforen.de/forums/showthread.php?t=269056
http://www.unixboard.de/vb3/showthread.php?46675-Debian-5-%28syslog-ng- ...

p.s. Wie wird eigentlich das Wetter? face-wink