syslog-ng rotates TLS key
-
I noticed recently a pfSense device stopped logging to our remote TLS syslog server. After investigating, I found the TLS key had been automatically configured to be archived and rotated like a log file.
syslog-ng config:
Object name: D_TLSSYSLOG
Object type: Destination
Object parameters:{ network("syslog.example.com" port(6514) transport("tls") tls( ca-dir("/home/user/syslog") key-file("/home/user/syslog/syslog-client.key") cert-file("/home/user/syslog/syslog-client.crt") peer_verify(required-untrusted) ) ); };
Resulting /usr/local/etc/logrotate.conf
# This file is automatically generated by pfSense # Do not edit manually ! /home/user/syslog/syslog-client.key /var/syslog-ng/default.log { rotate 30 daily compress postrotate kill -s HUP `cat /var/run/syslog-ng.pid` endscript }
-
I have also opened a bug report for this: https://redmine.pfsense.org/issues/8631