configuring integration of SentinelOne to NXLog via SSL/TLS
Hi we wanted to send logs coming from SentinelOne to Google Chronicle using SSL/TLS NXlog. We are just using the Community Edition and based on the documentation SSL/TLS is supported for CE. But we are not sure if this is going to work or how to configure the “CAFile", “CertFile”, “CertKeyFile” thing for this to work or how do we install it? Is it free or paid? Please check the configuration we wanted to implement below.
<Input ssl>
Module im_ssl
Host localhost
Port 6514
CAFile %CERTDIR%/ca.pem
CertFile %CERTDIR%/client-cert.pem
CertKeyFile %CERTDIR%/client-key.pem
KeyPass secret
InputType Syslog_TLS
Exec parse_syslog_ietf();
</Input>
Basically, the generation of client's private and public keys is described at many internet sites, like Letsencrypt or OpenSSL-related. The way of certificate generation depends on your network configuration and requirements.
Second, client side of SSL for some cases can omit the presenation of it's digital signature (like ordinary web browser), so you can start with skipping key/cert files.
Third, there's a neighbor thread with tcp connection example to Chronicle. You can try that way:
https://nxlog.co/community-forum/t/1571-nxlog-on-windows-logs-sent-with-a-very-long-delay?page=1#post-2
