Forwarding syslog-ng logs over TLS

This is the scenario: I have a server that's listening on port 6514 on TCP for logs. I created the .key .crt files on the server as described here: https://www.logzilla.net/2014/10/17/configuring-tls-tunnels-in-syslog-ng.html : [root@server1 ~]$ openssl genrsa -des3 -out logserver.key 2048 Generating RSA private key, 2048 bit long modulus .................................................+++ .+++ e is 65537 (0x10001) Enter pass phrase for logserver.key: Verifying - Enter pass phrase for logserver.key: [root@server1 ~]$ openssl req -new -key logserver.key -out logserver.csr Enter pass phrase for logserver.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]: State or Province Name (full name) []: Locality Name (eg, city) [Default City]: Organization Name (eg, company) [Default Company Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []: Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: [root@server1 ~]$ cp logserver.key logserver.key.org [root@server1 ~]$ openssl rsa -in logserver.key.org -out logserver.key Enter pass phrase for logserver.key.org: writing RSA key [root@server1 ~]$ openssl x509 -req -days 365 -in logserver.csr -signkey logserver.key -out logserver.crt Signature ok subject=/C=XX/L=Default City/O=Default Company Ltd Getting Private key and placed the settings in a created file named tls.conf in the /etc/syslog-ng/conf.d I followed the next instructions. Connect to the Client and mkdir -p /etc/syslog-ng/ssl. Download/Upload the /etc/syslog-ng/ssl/logserver.crt (which was created earlier on the Server) to the Client system and put the file in /etc/syslog-ng/ssl on the Client. Find the hash for your key by running openssl x509 -noout -hash -in /etc/syslog-ng/ssl/logserver.crt Next, create a symbolic link to the certificate that uses the hash returned by the previous command, with an added .0 suffix. ln -s /etc/syslog-ng/ssl/logserver.crt /etc/syslog-ng/ssl/84d92a45.0 As soon as I add the client-to-server.conf under /etc/syslog-ng/conf.d/client-to-server.conf that has the following @version:3.14 @define allow-config-dups 1 @include "scl.conf" destination d_tls { tcp("192.168.1.7" port(6514) tls( ca_dir("/etc/syslog-ng/ssl/")) ); }; log { source(s_sys); destination(d_tls); }; the syslog-ng service won't start on the client. systemctl restart syslog-ng.service Job for syslog-ng.service failed because the control process exited with error code. See "systemctl status syslog-ng.service" and "journalctl -xe" for details. [root@localhost conf.d]# systemctl status syslog-ng.service -l ● syslog-ng.service - System Logger Daemon Loaded: loaded (/usr/lib/systemd/system/syslog-ng.service; enabled; vendor preset: enabled) Active: failed (Result: start-limit) since Thu 2018-06-07 22:50:30 EEST; 7min ago Docs: man:syslog-ng(8) Process: 18196 ExecStart=/usr/sbin/syslog-ng -F $SYSLOGNG_OPTS -p /var/run/syslogd.pid (code=exited, status=2) Main PID: 18196 (code=exited, status=2) Status: "Starting up... (Thu Jun 7 22:50:30 2018" Jun 07 22:50:30 localhost.localdomain systemd: syslog-ng.service: main process exited, code=exited, status=2/INVALIDARGUMENT Jun 07 22:50:30 localhost.localdomain systemd: Failed to start System Logger Daemon. Jun 07 22:50:30 localhost.localdomain systemd: Unit syslog-ng.service entered failed state. Jun 07 22:50:30 localhost.localdomain systemd: syslog-ng.service failed. Jun 07 22:50:30 localhost.localdomain systemd: syslog-ng.service holdoff time over, scheduling restart. Jun 07 22:50:30 localhost.localdomain systemd: start request repeated too quickly for syslog-ng.service Jun 07 22:50:30 localhost.localdomain systemd: Failed to start System Logger Daemon. Jun 07 22:50:30 localhost.localdomain systemd: Unit syslog-ng.service entered failed state. Jun 07 22:50:30 localhost.localdomain systemd: syslog-ng.service failed. [root@localhost conf.d]# journalctl -xe -- Subject: Unit syslog-ng.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit syslog-ng.service has begun starting up. Jun 07 22:50:30 localhost.localdomain syslog-ng: [2018-06-07T22:50:30.022361] Error setting up TLS session context; tls_error='(null):(null):(null)' Jun 07 22:50:30 localhost.localdomain syslog-ng: [2018-06-07T22:50:30.022410] Error initializing message pipeline; plugin name='tcp', location='/etc/syslog-ng/conf.d/client-to-server.conf:5:7' Jun 07 22:50:30 localhost.localdomain systemd: syslog-ng.service: main process exited, code=exited, status=2/INVALIDARGUMENT Jun 07 22:50:30 localhost.localdomain systemd: Failed to start System Logger Daemon. -- Subject: Unit syslog-ng.service has failed -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit syslog-ng.service has failed. -- -- The result is failed. Jun 07 22:50:30 localhost.localdomain systemd: Unit syslog-ng.service entered failed state. Jun 07 22:50:30 localhost.localdomain systemd: syslog-ng.service failed. Jun 07 22:50:30 localhost.localdomain systemd: syslog-ng.service holdoff time over, scheduling restart. Jun 07 22:50:30 localhost.localdomain systemd: Starting System Logger Daemon... -- Subject: Unit syslog-ng.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit syslog-ng.service has begun starting up. Jun 07 22:50:30 localhost.localdomain syslog-ng: [2018-06-07T22:50:30.281966] Error setting up TLS session context; tls_error='(null):(null):(null)' Jun 07 22:50:30 localhost.localdomain syslog-ng: [2018-06-07T22:50:30.282017] Error initializing message pipeline; plugin name='tcp', location='/etc/syslog-ng/conf.d/client-to-server.conf:5:7' Jun 07 22:50:30 localhost.localdomain systemd: syslog-ng.service: main process exited, code=exited, status=2/INVALIDARGUMENT Jun 07 22:50:30 localhost.localdomain systemd: Failed to start System Logger Daemon. -- Subject: Unit syslog-ng.service has failed -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit syslog-ng.service has failed. -- -- The result is failed. Jun 07 22:50:30 localhost.localdomain systemd: Unit syslog-ng.service entered failed state. Jun 07 22:50:30 localhost.localdomain systemd: syslog-ng.service failed. Jun 07 22:50:30 localhost.localdomain systemd: syslog-ng.service holdoff time over, scheduling restart. Jun 07 22:50:30 localhost.localdomain systemd: Starting System Logger Daemon... -- Subject: Unit syslog-ng.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit syslog-ng.service has begun starting up. Jun 07 22:50:30 localhost.localdomain syslog-ng: [2018-06-07T22:50:30.522580] Error setting up TLS session context; tls_error='(null):(null):(null)' Jun 07 22:50:30 localhost.localdomain syslog-ng: [2018-06-07T22:50:30.522870] Error initializing message pipeline; plugin name='tcp', location='/etc/syslog-ng/conf.d/client-to-server.conf:5:7' Jun 07 22:50:30 localhost.localdomain systemd: syslog-ng.service: main process exited, code=exited, status=2/INVALIDARGUMENT Jun 07 22:50:30 localhost.localdomain systemd: Failed to start System Logger Daemon. -- Subject: Unit syslog-ng.service has failed -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit syslog-ng.service has failed. -- -- The result is failed. Jun 07 22:50:30 localhost.localdomain systemd: Unit syslog-ng.service entered failed state. Jun 07 22:50:30 localhost.localdomain systemd: syslog-ng.service failed. Jun 07 22:50:30 localhost.localdomain systemd: syslog-ng.service holdoff time over, scheduling restart. Jun 07 22:50:30 localhost.localdomain systemd: start request repeated too quickly for syslog-ng.service Jun 07 22:50:30 localhost.localdomain systemd: Failed to start System Logger Daemon. -- Subject: Unit syslog-ng.service has failed -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit syslog-ng.service has failed. -- -- The result is failed. Jun 07 22:50:30 localhost.localdomain systemd: Unit syslog-ng.service entered failed state. Jun 07 22:50:30 localhost.localdomain systemd: syslog-ng.service failed. What am I doing wrong?