You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by "Bryan Bende (JIRA)" <ji...@apache.org> on 2015/12/02 22:49:11 UTC
[jira] [Updated] (NIFI-1227) ListenSyslog should support TLS
[ https://issues.apache.org/jira/browse/NIFI-1227?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Bryan Bende updated NIFI-1227:
------------------------------
Attachment: NIFI-1227.patch
Attaching a patch which adds TLS support to both syslog processors. Each processor now has a SSLContextService property which will enable TLS. Validation prevents setting the service and choosing UDP so that it can only be used with TCP.
One downside that I can't seem to figure out is related to the error handling. For example, on the put side if I send a message without a context service set to a syslog server listening with TLS, it still goes through but the syslog log shows it couldn't read the message. Same thing on listening side, if listening without a context service and a message is sent from a TLS forwarder, we receive it but the payload is encrypted and can't be parsed so routed to invalid. Not sure what else we can do here, but wanted to note these scenarios.
> ListenSyslog should support TLS
> -------------------------------
>
> Key: NIFI-1227
> URL: https://issues.apache.org/jira/browse/NIFI-1227
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Core Framework
> Affects Versions: 0.4.0
> Reporter: Andre
> Assignee: Bryan Bende
> Attachments: NIFI-1227.patch
>
>
> It would be good if the ListenSyslog supported TLS as described here:
> http://www.rsyslog.com/doc/v8-stable/tutorials/tls_cert_summary.html
> and
> https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/procedure-configuring-tls-server.html
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)