Bug #8631: syslog-ng - logrotate incorrectly configured to rotate TLS key - pfSense Packages - pfSense bugtracker

Actions

Copy link

Bug #8631

closed

syslog-ng - logrotate incorrectly configured to rotate TLS key

Added by Aaron Morris almost 6 years ago. Updated over 5 years ago.

Status:

Resolved

Priority:

Normal-package

Assignee:

Jim Pingle

Category:

syslog-ng

Target version:

pfSense - 2.4.4

Start date:

07/10/2018

Due date:

% Done:

Estimated time:

Plus Target Version:

Affected Version:

2.4.3_1

Affected Plus Version:

Affected Architecture:

Description

I noticed recently a pfSense device stopped logging to our remote TLS syslog server. After investigating, I found the TLS key had been automatically configured to be archived and rotated like a log file.

syslog-ng config:

Object name: D_TLSSYSLOG
Object type: Destination
Object parameters:

{
  network("syslog.example.com" port(6514)
    transport("tls")
    tls(
      ca-dir("/home/user/syslog")
      key-file("/home/user/syslog/syslog-client.key")
      cert-file("/home/user/syslog/syslog-client.crt")
      peer_verify(required-untrusted)
    )
  );
};

Resulting /usr/local/etc/logrotate.conf

# This file is automatically generated by pfSense
# Do not edit manually !
/home/user/syslog/syslog-client.key /var/syslog-ng/default.log {
    rotate 30
    daily
    compress
    postrotate
        kill -s HUP `cat /var/run/syslog-ng.pid`
    endscript
}

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense » pfSense Packages

Custom queries

Bug #8631

syslog-ng - logrotate incorrectly configured to rotate TLS key

Updated by Aaron Morris almost 6 years ago

Updated by Aaron Morris almost 6 years ago

Updated by Jim Thompson almost 6 years ago

Updated by Jim Pingle almost 6 years ago

Updated by Anonymous over 5 years ago

Updated by Jim Pingle over 5 years ago

Updated by Jim Pingle over 5 years ago