Hi, I am trying to use an ssl connection between client and server in "server-side authentication only" mode. I placed the certificates in the respective /conf folder of nxlog server. these are the current configurations:
>>> CLIENT <<< <Output to_syslog_server> Module om_ssl Host 10.1.1.1 Port 516 Exec $Message = to_leef(); to_syslog_ietf(); </Output>
>>> SERVER <<< <Input in_syslog_ssl> Module im_ssl Host 0.0.0.0 Port 516 CAFile %CERTDIR%/rootCA.pem CertFile %CERTDIR%/central.crt CertKeyFile %CERTDIR%/central.key KeyPass password FlowControl TRUE AllowUntrusted TRUE <Exec> if $raw_event =~ /LEEF/ parse_leef(); else parse_syslog(); </Exec> </Input>
but it makes me this Error:
2019-09-06 17:43:26 ERROR remote ssl socket was reset? (SSL_ERROR_SSL with errno=9); End of file found
Do you have any ideas to solve this?
Thank you Antonio
antoniosoc created
Hi,
We are trying to connect NXLog with Logmatic.io with a SSL connection. The certificate provided by Logmatic is valid and works with Rsyslog, Syslog-NG or Open-SSL.
However, no matter how hard we try to connect NXLog we have no success and not enough debugging information to troubleshoot it ourselves.
Here is our config:
<Output out>
Module om_ssl
Host api.logmatic.io
Port 10515
CAFile <path_to_your_.crt_file>
####Add the API key before the event
Exec $raw_event="<your_api_key> "+$raw_event;
</Output>
We tried a lot more configuration with AllowUntrusted TRUE/FALSE, CertFile, etc... But the result is always the same:
2015-12-18 18:25:39 INFO connecting to api.logmatic.io:10515
2015-12-18 18:25:39 INFO successfully connected to api.logmatic.io:10515
2015-12-18 18:25:39 INFO reconnecting in 1 seconds
2015-12-18 18:25:40 INFO connecting to api.logmatic.io:10515
2015-12-18 18:25:40 INFO successfully connected to api.logmatic.io:10515
2015-12-18 18:25:41 INFO reconnecting in 1 seconds
2015-12-18 18:25:42 INFO connecting to api.logmatic.io:10515
2015-12-18 18:25:42 INFO successfully connected to api.logmatic.io:10515
Do you have any idea about what it could be?
You can find the certificate here: http://doc.logmatic.io/docs/logging-from-windows#section-enabling-security
Sorry to bother you with that but we spent a lot of time doing our homework before asking this question.
Thanks!!
Renaud.Boutet created
TL;DR summary: NXLog won't load my certificate - why?
I've set up an NXlog CE server to act as an encrypted entrypoint for a Graylog server. After creating a self-signed certificate and adding it to the configuration, I get an unexpected error in the log when NXlogs starts up.
2015-07-10 06:49:22 INFO reloading configuration and restarting modules
2015-07-10 06:49:22 ERROR SSL error, Failed to open certfile: "/certificates/client.pem";No such file or directory
2015-07-10 06:49:22 INFO configuration reloaded successfully.
I assumed it might be a file rights issue, but looking at the files, it seems like the rights are actually a little too loose for comfort:
root@e757dae37501:/# ll /certificates/
total 20
drwxr-xr-x 2 nxlog nxlog 4096 Jul 10 06:32 ./
drwxr-xr-x 49 root root 4096 Jul 10 06:32 ../
-rw-r--r-- 1 nxlog nxlog 1387 Jul 9 15:51 ca.pem
-rw-r--r-- 1 nxlog nxlog 887 Jul 9 15:54 client.key
-rw-r--r-- 1 nxlog nxlog 1001 Jul 9 15:55 client.pem
My NXlog configuration looks like this:
...
<Input inssl>
Module im_ssl
Host 0.0.0.0
Port 1515
InputType Binary
CAFile "/certificates/ca.pem"
CertFile "/certificates/client.pem"
CertKeyFile "/certificates/client.key"
KeyPass secret
RequireCert FALSE
AllowUntrusted TRUE
</Input>
...
I've tried looking at the source code for the SSL module, but it looks like the line that fails is not related to validation but simple file access. I have no idea how to proceed. Suggestions?
Mads.Hvelplund created
Hi,
I'm trying to foward log events with NXlog to logstash over a SSL connection. Therefore, I generated my own CA certificate and a certificate to be used by logstash for the SSL connection. NXlog is installed on a Ubuntu 14.04 (virtual) machine with the CA certificate added as '/etc/ssl/certs/logstash-ca.crt'.
I tested the connection with
openssl s_client -CAfile /etc/ssl/certs/logstash-ca.cert -connect localhost:5000
and everything works fine (all entered text lines are received by logstash).
However, when I start NXlog with the appropriate om_ssl output configuration it fails with
ERROR SSL certificate verification failed: unable to get local issuer certificate (err: 20)
My NXlog configuration looks like this:
User nxlog
Group nxlog
LogFile /var/log/nxlog/nxlog.log
LogLevel DEBUG
# Modules
<Extension _syslog>
Module xm_syslog
</Extension>
<Extension json>
Module xm_json
</Extension>
# Nxlog internal logs
<Input internal>
Module im_internal
Exec $EventReceivedTime = integer($EventReceivedTime) / 1000000; to_json();
</Input>
<Output sslout>
Module om_ssl
Host localhost
Port 5000
CertFile "/etc/ssl/certs/logstash-ca.crt"
OutputType LineBased
</Output>
<Route logstash>
Path internal => sslout
</Route>
When I start NXlog with
sudo nxlog -f -c nxlog.conf
the debug output looks like this:
2015-03-05 20:37:05 DEBUG module sslout got 1 poll events
2015-03-05 20:37:05 DEBUG Module sslout can read
2015-03-05 20:37:05 DEBUG [...]
2015-03-05 20:37:05 DEBUG PROCESS_EVENT: READ (sslout)
2015-03-05 20:37:05 DEBUG om_ssl read
2015-03-05 20:37:05 DEBUG doing handshake
2015-03-05 20:37:05 DEBUG verify callback (ok: 0)
2015-03-05 20:37:05 DEBUG preverification returned non-OK: unable to get local issuer certificate
2015-03-05 20:37:05 DEBUG STOP: sslout
2015-03-05 20:37:05 DEBUG remove socket [21]
2015-03-05 20:37:05 DEBUG executing statements
2015-03-05 20:37:05 DEBUG [...]
2015-03-05 20:37:05 INFO reconnecting in 1 seconds
2015-03-05 20:37:05 ERROR [om_ssl.c:532/io_err_handler()] -;[ssl.c:168/nx_ssl_check_io_error()] SSL certificate verification failed: unable to get local issuer certificate (err: 20)
I have no idea why the verification work with OpenSSL but fails with NXlog (I'm using nxlog-ce-2.8.1248 and OpenSSL version is 1.0.1f).
Any help is highly appreciated.
goerlitz created
