0

OS: CentOS 7 syslog-ng version: 3.6.5

TLS is configured in /etc/syslog-ng/syslog-ng.conf file.

key file is located in /etc/syslog-ng/key.d

cert file is located in /etc/syslog-ng/cert.d

It works fine if syslog-ng has been started from shell.

syslog-ng fails on TLS if it has been started via service syslog-ng start.

With attached strace I can see that there is a permission problem.

access("/etc/syslog-ng/key.d/syslog-ng.key", R_OK) = -1 EACCES (Permission denied)
write(2, "Error opening TLS file; filename"..., 102) = 102
access("/etc/syslog-ng/cert.d/syslog-ng.cert", R_OK) = -1 EACCES (Permission denied)
write(2, "Error opening TLS file; filename"..., 104) = 104

drw-rw-rw-. 2 root root   26 Jan 10 10:44 key.d
-rw-rw-rw-. 1 root root 5196 Jan 10 10:42 syslog-ng.key

I do simple TLS test with this command.

openssl s_client -connect <syslog-ng address>:6514

I've no clue why this is not working? Can someone help on this? Best regards Klaus

Klaus Schulte
  • 1
  • Hi, probably the script is running as a non-root user, and does not have access to the files/directories. Or some Apparmor/selinux rule is interfering with the script accessing these files. – Robert Fekete Jan 11 '17 at 09:28
  • Hi, thank you. Yes SELinux was enabled that caused the problem. I set it to disable now the files can be read. – Klaus Schulte Jan 12 '17 at 09:53

0 Answers0