You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by "Mark Payne (JIRA)" <ji...@apache.org> on 2015/12/03 15:45:10 UTC

[jira] [Commented] (NIFI-1227) ListenSyslog should support TLS

    [ https://issues.apache.org/jira/browse/NIFI-1227?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15037861#comment-15037861 ] 

Mark Payne commented on NIFI-1227:
----------------------------------

[~bbende] - I tested this out and it seems to work well. I agree that there may be a bit of weirdness when trying to use SSL by one of the communicants and not use SSL by the other - but I'm not sure that there is a lot that you can do about it. I think if you are listening for Syslog messages from the listener and a connection is established using SSL sending FlowFiles to invalid is acceptable - probably not too much we could do about that. We may be able to detect that the incoming bytes are an initial SSL Handshake message and reject it, with a pretty error message and avoid sending those things to Invalid. However, I think that's not necessary for this initial cut. You may want to consider that for an 0.5.0 release, though?

The only real problem that I have with the Processor is that PutSyslog is establishing a connection in the @OnScheduled method. We should avoid doing this, as it can create some weirdness and is not necessary because in onTrigger, we create a connection if none is available. So I would just remove this from the @OnScheduled method:

{code}
        for (int i=0; i < context.getMaxConcurrentTasks(); i++) {
            senderPool.offer(createSender(context, bufferPool));
        }
{code} 

If that change is made, then I'm a +1.

> ListenSyslog should support TLS
> -------------------------------
>
>                 Key: NIFI-1227
>                 URL: https://issues.apache.org/jira/browse/NIFI-1227
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Core Framework
>    Affects Versions: 0.4.0
>            Reporter: Andre
>            Assignee: Bryan Bende
>             Fix For: 0.4.0
>
>         Attachments: NIFI-1227.patch
>
>
> It would be good if the ListenSyslog supported TLS as described here:
> http://www.rsyslog.com/doc/v8-stable/tutorials/tls_cert_summary.html
> and
> https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/procedure-configuring-tls-server.html



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)