om_ssl connection questions
Hello,
Because of my lack of encryption knowledge, I search and found these instructions that I followed in order to create an SSL connection between an nxlog client (Windows server 2008 R2) and a graylog server.
So I transfered the "nxlog-ca.crt
" to the client and indicated to the graylog server "nxlog-ca.key" as the TLS private key file and "nxlog-ca.crt" as the TLS cert file.
Here is the nxlog.conf :
define ROOT C:\Program Files (x86)\nxlog
define CERTDIR %ROOT%\cert
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
<Extension _syslog>
Module xm_gelf
</Extension>
<Input in>
Module im_msvistalog
Query <QueryList>\
<Query Id="0">\
<Select Path="Application">*[System[(Level=1 or Level=2 or Level=3)]]</Select>\
<Select Path="Security">*[System[(Level=1 or Level=2 or Level=3)]]</Select>\
<Select Path="System">*[System[(Level=1 or Level=2 or Level=3)]]</Select>\
<Select Path="HardwareEvents">*[System[(Level=1 or Level=2 or Level=3)]]</Select>\
</Query>\
</QueryList>
</Input>
<Output sslout>
Module om_ssl
Host host_ip_address
Port 12201
CAFile %CERTDIR%\nxlog-ca.crt
OutputType GELF_TCP
AllowUntrusted FALSE
</Output>
<Route 1>
Path in => sslout
</Route>
But when I launch "nxlog.exe -f" here is the error :
nxlog.exe -f
2015-08-04 12:23:05 INFO nxlog-ce-2.9.1347 started
2015-08-04 12:23:05 INFO connecting to host_ip_address:12201
2015-08-04 12:23:05 INFO successfully connect to host_ip_address:12201
2015-08-04 12:23:05 INFO remote socket was closed during SSL handshake
2015-08-04 12:23:05 INFO reconnecting in 1 seconds
And That's it. What am I missing ?
I read in the documentation that all the files about the certificates are in "pem" format but when I create it from certtool I have "crt" and "key" format files.
Thank you.
I tried something else today and nxlogclient send me : 2015-08-04 16:55:05 ERROR SSL certificate verification failed: self signed certificate (err: 18).
Please help.. :s