logging-log4j-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Blake Day <bl...@chewy.com>
Subject Re: RFC5424 over TCP without TLS
Date Tue, 19 Jan 2016 01:20:10 GMT
You can configure rsyslog or syslog-ng to use the regular TCP protocol without framing, but
then you lose support for multi-line logs.



On 1/18/16, 7:47 PM, "Ralph Goers" <ralph.goers@dslextreme.com> wrote:

>When I wrote the SyslogAppender and RFC5424Layout I am pretty sure I tested it with syslog-ng.
At that time we didn’t support TLS, so I wasn’t adding a TLSSyslogFrame. I don’t recall
having any problems with that or with rsyslog.
>
>Ralph
>
>> On Jan 18, 2016, at 5:42 PM, Gary Gregory <garydgregory@gmail.com> wrote:
>> 
>> What about using a <SyslogAppender> with a <Rfc5424Layout>?
>> 
>> Gary
>> 
>> On Mon, Jan 18, 2016 at 3:17 PM, Blake Day <blake@chewy.com> wrote:
>> 
>>> It was worth a look, but no. SocketAppender creates an SslSocketManager
>>> when protocol = SSL.
>>> 
>>> 
>>> 
>>> 
>>> On 1/18/16, 5:46 PM, "Gary Gregory" <garydgregory@gmail.com> wrote:
>>> 
>>>> I think you might be able to "cheat" by saying protocol="SSL" on the
>>>> appender...
>>>> 
>>>> Gary
>>>> 
>>>> On Mon, Jan 18, 2016 at 2:07 PM, Blake Day <blake@chewy.com> wrote:
>>>> 
>>>>> Hi all,
>>>>> 
>>>>> We are trying to achieve RFC5424 message formats over TCP transport
>>>>> without TLS.
>>>>> 
>>>>> As you may know, SyslogAppender uses an instance of Rfc5424Layout to
>>>>> provide the logging layout.  That layout takes a parameter called
>>>>> “useTlsMessageFormat”, which SyslogAppender sets based on whether
TLS is
>>>>> configured.  When true, the layout wraps the log event in a
>>>>> TlsSyslogFrame.  TlsSyslogFrame simply prepends a length to the full
log
>>>>> message, but that length is required by syslog-ng to frame RFC5424
>>>>> messages.  While the RFC for TCP-based transport of the RFC5424 format
>>> does
>>>>> not allow for non-TLS connections, some users (like us) would like to
>>> adopt
>>>>> the RFC5424 format over TCP *without* TLS.  We believe, but have not
>>>>> tested, that we could do this by simply adding a configuration
>>> parameter to
>>>>> the SyslogAppender that allows us to override useTlsMessageFormat to
>>> true.
>>>>> 
>>>>> Any thoughts on this change?  Have we overlooked an obvious alternative
>>> to
>>>>> achieving RFC5424 over TCP without TLS?
>>>>> 
>>>>> Thanks,
>>>>> 
>>>>> Michael Day
>>>>> 
>>>>> 
>>>> 
>>>> 
>>>> --
>>>> E-Mail: garydgregory@gmail.com | ggregory@apache.org
>>>> Java Persistence with Hibernate, Second Edition
>>>> <http://www.manning.com/bauer3/>
>>>> JUnit in Action, Second Edition <http://www.manning.com/tahchiev/>
>>>> Spring Batch in Action <http://www.manning.com/templier/>
>>>> Blog: http://garygregory.wordpress.com
>>>> Home: http://garygregory.com/
>>>> Tweet! http://twitter.com/GaryGregory
>>> 
>> 
>> 
>> 
>> -- 
>> E-Mail: garydgregory@gmail.com | ggregory@apache.org
>> Java Persistence with Hibernate, Second Edition
>> <http://www.manning.com/bauer3/>
>> JUnit in Action, Second Edition <http://www.manning.com/tahchiev/>
>> Spring Batch in Action <http://www.manning.com/templier/>
>> Blog: http://garygregory.wordpress.com
>> Home: http://garygregory.com/
>> Tweet! http://twitter.com/GaryGregory
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: log4j-user-unsubscribe@logging.apache.org
>For additional commands, e-mail: log4j-user-help@logging.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: log4j-user-unsubscribe@logging.apache.org
For additional commands, e-mail: log4j-user-help@logging.apache.org

Mime
View raw message