From 8a8b6ff2d67099f590fb4887c4d427690b56f723 Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Thu, 7 Sep 2023 14:12:49 +0200
Subject: [PATCH] System: Settings: Logging / targets - simplify tls handling
 and handle rfc5424 consistently. closes
 https://github.com/opnsense/core/issues/6813

---
 .../OPNsense/Syslog/syslog-ng-destinations.conf      | 12 +++---------
 1 file changed, 3 insertions(+), 9 deletions(-)

diff --git a/src/opnsense/service/templates/OPNsense/Syslog/syslog-ng-destinations.conf b/src/opnsense/service/templates/OPNsense/Syslog/syslog-ng-destinations.conf
index 4113f0a11..733bcaf42 100644
--- a/src/opnsense/service/templates/OPNsense/Syslog/syslog-ng-destinations.conf
+++ b/src/opnsense/service/templates/OPNsense/Syslog/syslog-ng-destinations.conf
@@ -22,7 +22,7 @@ filter f_{{dest_key}}_{{key}} {
 {%            endfor %}
 
 destination d_{{dest_key}} {
-{%           if destination.transport in ['udp4', 'udp6', 'tcp4', 'tcp6'] %}
+{%           if destination.transport in ['udp4', 'udp6', 'tcp4', 'tcp6', 'tls4', 'tls6'] %}
     network(
         "{{destination.hostname}}"
         transport("{{destination.transport[:3]}}")
@@ -32,19 +32,13 @@ destination d_{{dest_key}} {
         flags(syslog-protocol)
 {%             endif %}
         persist-name("{{dest_key}}")
-    );
-{%           elif destination.transport in ['tls4', 'tls6'] %}
-    network(
-        "{{destination.hostname}}"
-        transport("tls")
-        port({{destination.port}})
-        ip-protocol({{destination.transport[3]}})
-        persist-name("{{dest_key}}")
+{%             if destination.transport in ['tls4', 'tls6'] %}
         tls(
                 ca-file("/etc/ssl/cert.pem")
                 key-file("/usr/local/etc/syslog-ng/cert.d/{{dest_key}}.key")
                 cert-file("/usr/local/etc/syslog-ng/cert.d/{{dest_key}}.crt")
         )
+{%             endif %}
     );
 {%           endif %}
 };