syslog-ng latest package broke tls
-
The latest syslog-ng package has broken tls.
Is there a way I can roll back to the working package and blacklist this broken update?
It worked fine until updating the package, now it looks like syslog-ng wasn't built with tls support or something:
-
Hello,
The latest syslog-ng package seems to be broken.
It is telling me that the plugin tls is not found.
This config was working fine until updating to the latest syslog-ng package.
Looks like it hasn't been built with tls plugin or something
Is it possible to roll back to working packages and blacklist this packing from being updated?
-
I guess no one uses syslog-ng with tls.... but tls is completely broken with the latest syslog-ng package.
Looks like it hasn't been built with the tls plugin or something.
This configuration was working just fine with the previous package of syslog-ng. i updated and it doesn't like tls settings now.
-
I have the same issue.
I dit open this thread earlier:
https://forum.netgate.com/topic/165292/syslog-ng-fails-after-2-5-2-update-due-to-tls-not-found -
see the patch that is listed here
https://github.com/pfsense/FreeBSD-ports/commit/a5b1eda67c40592e14806a4a4bbdd946f0461045#comments
-
@juve yea this is really bad, like I get errors and stuff but because there seems to be no way to roll back from a bad package, we then get stuck with broken functionality :/
Need a package rollback funtionality for this situation! My device can not ship logs to the SOC :( :( :(
-
@johnpoz How do I apply a patch?
-
-
@johnpoz The patch does not work.
It says it can't be cleanly applied and doesn't let me proceed to applying it.
-
@juve The fix is to go to patches in the GUI
Add a patch and give the patch a name, ignore the URL and in the big text box paste:
--- /usr/local/pkg/syslog-ng.inc +++ /usr/local/pkg/syslog-ng.inc @@ -135,10 +135,6 @@ function syslogng_build_default_objects($settings) { safe_mkdir(SYSLOGNG_DIR); safe_mkdir(SYSLOGNG_DIR . "/ca.d"); syslogng_build_cert($settings); - $default_objects[0]['objectparameters'] .= " tls( - key-file('/var/etc/syslog-ng/syslog-ng.key') - cert-file('/var/etc/syslog-ng/syslog-ng.cert') - ca-dir('/var/etc/syslog-ng/ca.d'))"; } else { rmdir_recursive(SYSLOGNG_DIR); } @@ -146,7 +142,11 @@ function syslogng_build_default_objects($settings) { foreach (explode(",", $interfaces) as $interface) { $interface_address = syslogng_get_real_interface_address($interface); if ($interface_address[0]) { - $default_objects[0]['objectparameters'] .= " syslog(transport($default_protocol) port($default_port) ip({$interface_address[0]}));"; + $default_objects[0]['objectparameters'] .= " syslog(transport($default_protocol) port($default_port) ip({$interface_address[0]})"; + if ($settings['default_protocol'] == 'tls') { + $default_objects[0]['objectparameters'] .= " tls(key-file('/var/etc/syslog-ng/syslog-ng.key') cert-file('/var/etc/syslog-ng/syslog-ng.cert') ca-dir('/var/etc/syslog-ng/ca.d'))"; + } + $default_objects[0]['objectparameters'] .= ");"; } } $default_objects[0]['objectparameters'] .= " };";Set the path strip from 2 to 0 and then save the patch.
You'll then see a button that says "Test" with a big tick, press that button and then another button should appear that says "Apply" press that and then try start syslog-ng it seems to have fixed for me.
A little concerning that a firewall can just have code pushed willy-nilly that cripples its ability to phone home :/
I think a package rollback feature is needed because if there is noone who can make a patch we are proper cactus!
-
I did upgrade the package today and now everything is working !
Thank you
