Atna Audit Config for TLS Connections

[Alexander Kreutz]

When trying to use the atna audit logging with the Gazelle Syslog Collector using TCP-TLS

I always receive 

TCP socket timeout reached, message may not have been completely received or socket has not been closed

like in

https://ehealthsuisse.ihe-europe.net/gss/syslog/view.seam?id=835556

How does the DefaultAuditContext need to be configured for TLS?

[Dmytro Rud]

Does your application stop immediately after sending the audit record?

--
You received this message because you are subscribed to the Google Groups "ipf-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ipf-dev+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ipf-dev/76e85067-3e3d-49fa-8cac-f6ea727896a5n%40googlegroups.com.

[Alexander Kreutz]

No it does not stop. It is a server using IPF Framework / Apache Camel / Springboot. It only stops if it is manually shut down.

[Christian Ohr]

IPF does in fact not close the connection as it would be too expensive to reopen it all the time.

Apart from that, the message has been received and parsed/validated successfully, so I guess the DefaultAuditContext should be properly set up.  

Not sure what this Gazelle message means. I noted that this was reported before (https://groups.google.com/g/ipf-user/c/n3Ez42FLO4o).

Christian

Am Mo., 21. Sept. 2020 um 11:50 Uhr schrieb Alexander Kreutz <akre...@gmail.com>:

--

[Dmytro Rud]

We experienced a similar problem when sending audit records over TLS to a Syslog-NG server.  The solution was to use NettyTLSSyslogSenderImpl instead of TLSSyslogSenderImpl, and call sender.shutdown() when the application finishes (our application is not based on Spring Boot, therefore this call had to be performed manually).  Hope this helps.

Best regards

Dmytro

To view this discussion on the web visit https://groups.google.com/d/msgid/ipf-dev/d24fad57-d571-4c7f-815a-4143f17ec1a8n%40googlegroups.com.