configuring integration of SentinelOne to NXLog via SSL/TLS


#1 jake

Hi we wanted to send logs coming from SentinelOne to Google Chronicle using SSL/TLS NXlog. We are just using the Community Edition and based on the documentation SSL/TLS is supported for CE. But we are not sure if this is going to work or how to configure the “CAFile", “CertFile”, “CertKeyFile” thing for this to work or how do we install it? Is it free or paid? Please check the configuration we wanted to implement below.

 

<Input ssl> 

Module im_ssl 

Host localhost 

Port 6514 

CAFile %CERTDIR%/ca.pem 

CertFile %CERTDIR%/client-cert.pem 

CertKeyFile %CERTDIR%/client-key.pem 

KeyPass secret 

InputType Syslog_TLS 

Exec parse_syslog_ietf(); 

</Input>

#2 alexander.lifanov@nxlog.org Nxlog ✓

Basically, the generation of client's private and public keys is described at many internet sites, like Letsencrypt or OpenSSL-related. The way of certificate generation depends on your network configuration and requirements.

Second, client side of SSL for some cases can omit the presenation of it's digital signature (like ordinary web browser), so you can start with skipping key/cert files.

Third, there's a neighbor thread with tcp connection example to Chronicle. You can try that way:
https://nxlog.co/community-forum/t/1571-nxlog-on-windows-logs-sent-with-a-very-long-delay?page=1#post-2