This section provides general tips and recommendations on using syslog-ng.
This will convert the file to a Linux-compatible style.Īlternatively, replace the EOL characters in the file manually.īest practices and examples > General recommendations Ĭhange the value from UTF-8-BOMto UTF-8.In Notepad++, from the menu, select Encoding. Windows Notepad is not able to save the file in normal UTF-8, even if you select it. On Windows, save the certificate using UTF-8, for example, using Notepad++. Notice the ^Mcharacters as shown in the image below:įigure 20: Example of OpenSSL character processing error To verify this, open the certificate in a text editor, for example, MCEdit. On Windows, the end of line (EOL) character is different (\r\n) compared to Linux (\n). The error occurs when the certificate comes from Windows and you want to use it on a Linux-based computer. The syslog-ng application uses OpenSSL for TLS and this message indicates that the certificate contains characters that OpenSSL cannot process. The error message is displayed when using Transport Layer Security (TLS). Line:pem_lib.c:701:Expecting: TRUSTED CERTIFICATE PEM routines:PEM_read_bio:no start line Error openssl x509 -in cert.pem -textġ40178126276248:error:0906D06C:PEM routines:PEM_read_bio:no start This message indicates that the other (remote) side could not verify the certificate sent by syslog-ng.Ĭheck the logs on the remote site and identify why the receiving syslog-ng could not find the CA certificate that signed this certificate. SSL error while writing stream tls_error='SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca' Sometimes this error occurs only at a specific time interval, for example, only between 7:00AM and 8:00AM or between 16:00PM and 17:00PM when your users log in or log off and that generates a lot of messages within a short interval.įor more information, see Managing incoming and outgoing messages with flow-control.
If the remote server accepts logs at a slower rate than the sender syslog-ng receives them, the sender syslog-ng will fill up the destination queue, then drop the newer messages. Note that syslog-ng will drop messages even if the server is alive. If flow-control is disabled, syslog-ng will drop messages if the destination queues are full. If flow-control is enabled, syslog-ng will only drop messages if the destination queues/window sizes are improperly sized. When flow-control is enabled, syslog-ng will stop reading messages from the sources of the log statement if the destinations are not able to process the messages at the required speed. Persist_name='afsocket_dd_qfile(stream,serverdown:514)'įlow-control must be enabled in the log path. Troubleshooting syslog-ng > Error messages Destination queue full Error message:ĭestination queue full, dropping messages queue_len='10000',
0 kommentar(er)
