I'm trying unsuccessfully to create a central syslogd logging server between two OpenBSD 6.8 hosts, but I can't see what I'm missing.
My syslog server (logs.lan.ckure.com) has a certificate from my internal CA, and that certificate's Root & Intermediate certs are pushed out internally to the /etc/ssl/cert.pem file on each OpenBSD host on my network. I have created a symlink to that cert to reference the IP / port per the documentation: logs$ ls -all |grep logs.lan.ckure.com lrwxr-xr-x 1 root wheel 31 Jan 17 19:25 192.168.32.20:514.crt -> /etc/ssl/logs.lan.ckure.com.crt -rw-rw---- 1 root wheel 5605 Jan 16 12:42 logs.lan.ckure.com.crt I am running syslogd on the log server with the following flags: logs$ doas rcctl get syslogd flags -ZS 192.168.32.20:514 And the syslogd.conf has at its beginning a line for each host, for example: ++ns1.lan.ckure.com *.* /var/log/hosts/ns1.lan.ckure.com +* When I connect from ns1.lan.ckure.com via openssl, the cert verifies and anything I write to that connection I see becoming log entries written to /var/log/hosts/ns1.lan.ckure.com like so: logs$ cat /var/log/hosts/ns1.lan.ckure.com 2021-01-21T11:47:47.396Z ns1.lan.ckure.com Hello world! 2021-01-21T12:01:49.976Z ns1.lan.ckure.com Hello from ns1! But when I run syslogd on the client (with no flags), I never see logs arrive anywhere. ns1 /etc/syslog.conf is the default file, but with the destination changed like so: *.notice;auth,authpriv,cron,ftp,kern,lpr,mail,user.none @tls4://logs.lan.ckure.com:514 auth,daemon,syslog,user.info;authpriv,kern.debug @tls4://logs.lan.ckure.com:514 When I run both sides -d, I am never seeing the line "Logging to FILE /var/log/hosts/ns1.lan.ckure.com" that I do when I use "openssl s_client -connect":Accepting tcp connection. >From OpenSSL -connect: Peer addresss and port 192.168.32.251:25881 tcp accept callback: tls context success [priv]: msg PRIV_GETNAMEINFO received Peer hostname ns1.lan.ckure.com logline: pri 057, flags 0x4, from logs, msg syslogd[6330]: tls logger "192.168.32.251:25881" accepted tls logger "192.168.32.251:25881" non transparent framing, use 10 bytes logline: pri 015, flags 0x0, from ns1.lan.ckure.com, msg Hello world! Logging to FILE /var/log/hosts/ns1.lan.ckure.com logline: pri 057, flags 0x4, from logs, msg syslogd[6330]: tls logger "192.168.32.251:25881" connection close >From syslogd: Accepting tcp connection Peer addresss and port 192.168.32.251:14540 tcp accept callback: tls context success [priv]: msg PRIV_GETNAMEINFO received Peer hostname ns1.lan.ckure.com logline: pri 057, flags 0x4, from logs, msg syslogd[6330]: tls logger "192.168.32.251:14540" accepted logline: pri 057, flags 0x4, from logs, msg syslogd[6330]: tls logger "192.168.32.251:14540" connection close
