Hello,
I am attempting to send log messages from logstash to an upstream syslog-ng server using the ssl-tcp protocol. The syslog-ng server is configured to receive messages using:
syslog(
port(6514)
transport("tls")
so-keepalive(yes)
so_rcvbuf(1073741824)
log-fetch-limit(100)
log-iw-size(100)
max-connections(5000)
);
On the logstash side the output config is:
output {
syslog {
id => "siem"
host => "..."
port => 6514
rfc => "rfc5424"
protocol => "ssl-tcp"
}
}
However, syslog-ng complains about an invalid frame header when logstash attempts to send messages:
2018-02-01T18:53:20+00:00 syslog-ng[83027]: Syslog connection accepted; fd='46', client='AF_INET(...)', local='AF_INET(0.0.0.0:6514)'
2018-02-01T18:53:20+00:00 syslog-ng[83027]: Invalid frame header; header=''
2018-02-01T18:53:20+00:00 syslog-ng[83027]: Syslog connection closed; fd='46', client='AF_INET(...)', local='AF_INET(0.0.0.0:6514)'
I've also tried setting rfc => rfc3164 which made no difference. I'm using logstash 5.6.5 and syslog-ng 3.5.6.