Bug #10490
closedSyslog-ng syntax test failed
100%
Description
Steps to reproduce:Install syslog-ng on a new pfSense instance, version 1.15_4;>Services: Syslog-ng->General;
-go to Package
-toggle "Enabled" checkbox;
-choose LAN interface only, as it's selected by default;
-select default protocol TLS;
-select CA already configured on firewall;
-select certificate already present on firewall (even the webConfigurator default);
-leave other options as default and click Save.
Error message, formatted for easier reading:
*Syslog-ng syntax test failed: Error parsing afsocket,
File "/var/etc/syslog-ng/syslog-ng.key" not found: No such file or directory in /usr/local/etc/syslog-ng.conf:7:16-7:50:
2 # Do not edit manually !
3 @version:3.25
4 destination _DEFAULT { file("/var/syslog-ng/default.log"); };
5 log { source(_DEFAULT); destination(_DEFAULT); };
6 source _DEFAULT { internal(); syslog(transport(tls) port(5140) tls( 7-----> key-file('/var/etc/syslog-ng/syslog-ng.key')
7-----> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
8 cert-file('/var/etc/syslog-ng/syslog-ng.cert')
9 ca-dir('/var/etc/syslog-ng/ca.d')) ip({FW IP here})); };
*
Checking via SSH, it looks like there's no /var/etc/syslog-ng/syslog-ng.key created.
Could not find an existing bug report that matches this behaviour.
Quirk: if selecting TCP first, Save button works, daemon is enabled and running. If then selection changes to TLS, save button works as well. After this, there is still no /var/etc/syslog-ng/syslog-ng.key file created.
Updated by Jim Pingle about 4 years ago
- Project changed from pfSense to pfSense Packages
- Category set to syslog-ng
- Target version deleted (
2.5.0) - Affected Version deleted (
2.4.5)
Updated by Viktor Gurov about 4 years ago
On initial setup, syslogng_build_cert() tries to get the parameters from $config, but it needs to get it from $post, because $config has no tls configuration parameters
Fix:
https://github.com/pfsense/FreeBSD-ports/pull/848
As a workaround you can select CA and cert, but UDP or TCP as default protocol,
save it, and then switch to TLS
Updated by Jim Pingle about 4 years ago
- Status changed from New to Pull Request Review
Updated by Renato Botelho about 4 years ago
- Status changed from Pull Request Review to Feedback
- Assignee set to Renato Botelho
- % Done changed from 0 to 100
PR has been merged. Thanks!
Updated by Viktor Gurov about 4 years ago
- Status changed from Feedback to Resolved
1.15_5 works as expected