Hello,

Because of my lack of encryption knowledge, I search and found these instructions that I followed in order to create an SSL connection between an nxlog client (Windows server 2008 R2) and a graylog server.

So I transfered the "nxlog-ca.crt" to the client and indicated to the graylog server "nxlog-ca.key" as the TLS private key file and "nxlog-ca.crt" as the TLS cert file.

Here is the nxlog.conf :
define ROOT C:\Program Files (x86)\nxlog
define CERTDIR %ROOT%\cert

Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log

<Extension _syslog>
    Module      xm_gelf
</Extension>

<Input in>
    Module      im_msvistalog
        Query    <QueryList>\
            <Query Id="0">\
                <Select Path="Application">*[System[(Level=1  or Level=2 or Level=3)]]</Select>\
                <Select Path="Security">*[System[(Level=1  or Level=2 or Level=3)]]</Select>\
                <Select Path="System">*[System[(Level=1  or Level=2 or Level=3)]]</Select>\
                <Select Path="HardwareEvents">*[System[(Level=1  or Level=2 or Level=3)]]</Select>\
            </Query>\
        </QueryList>
</Input>

<Output sslout>
   Module          om_ssl
   Host            host_ip_address
   Port            12201
   CAFile          %CERTDIR%\nxlog-ca.crt
   OutputType      GELF_TCP
   AllowUntrusted  FALSE
</Output>

<Route 1>
    Path        in => sslout
</Route>

But when I launch "nxlog.exe -f" here is the error :

nxlog.exe -f

2015-08-04 12:23:05 INFO nxlog-ce-2.9.1347 started

2015-08-04 12:23:05 INFO connecting to host_ip_address:12201

2015-08-04 12:23:05 INFO successfully connect to host_ip_address:12201

2015-08-04 12:23:05 INFO remote socket was closed during SSL handshake
2015-08-04 12:23:05 INFO reconnecting in 1 seconds

And That's it. What am I missing ?

I read in the documentation that all the files about the certificates are in "pem" format but when I create it from certtool I have "crt" and "key" format files.

Thank you.