Compression and Encryption

#1 billychua


I have configured compression and encryption for locally stored logs, and it seems to be working fine. However, when I run the command c:\program files\nxlog\nxlog-processor.exe -c d:\data\decrypted.conf, I encounter an error while attempting to decrypt the currently active file. The error message reads: 'error [im_file:enc_in] Crypto SSL error: error:0606506D:digital envelope routines:EVP_DecryptFinal_ex:wrong final block length.' Despite this error, the file is decrypted successfully, and we are able to read the log file clearly. Could you please advise on the meaning of this error? 

I have not encountered any errors for older encrypted files. Thank you

Our current config is as follows:


Panic Soft

define INSTALLDIR D:\Program Files\nxlog

#ModuleDir %INSTALLDIR%\modules#CacheDir  %INSTALLDIR%\data#SpoolDir  %INSTALLDIR%\data

define CERTDIR %INSTALLDIR%\certdefine CONFDIR %INSTALLDIR%\conf\nxlog.d

# Note that these two lines define constants only; the log file location# is ultimately set by the `LogFile` directive (see below). The# `MYLOGFILE` define is also used to rotate the log file automatically# (see the `_fileop` block).define LOGDIR D:\Program Files\nxlog\datadefine MYLOGFILE %LOGDIR%/nxlog.log

# If you are not using NXLog Manager, disable the `include` line# and enable LogLevel and LogFile.#include %CONFDIR%\*.conf

LogLevel    INFOLogFile     %MYLOGFILE%

<Extension xml>   Module      xm_xml</Extension>

<Extension exec>   Module      xm_exec</Extension>

<Extension _syslog>Module xm_syslog</Extension>

<Extension zlib>   Module      xm_zlib</Extension>

<Extension crypto>   Module       xm_cryptoPasswordFile "d:\\Program Files\\nxlog\\conf\\nxlogkeyfile.pem"</Extension>

<Extension fileop>   Module      xm_fileop</Extension>

# Input from remote relay<Input nxlog_relay> Module   im_ssl ListenAddr CAFile  %CERTDIR%/root.pem CertFile %CERTDIR%/xxx..pem CertkeyFile %CERTDIR%/xxx..pem RequireCert FALSE Exec  $Hostname = hostname(); parse_syslog(); $DeviceHostname = $Hostname;</Input>

# This Section contains the configuration to receive logs forwarded by  Servers<Input servers_ssl> Module      im_ssl ListenAddr CAFile  %CERTDIR%/root.pem CertFile %CERTDIR%/xxx..pem CertkeyFile %CERTDIR%/xxx..pem RequireCert FALSE Exec  $Hostname = hostname(); parse_syslog(); $DeviceHostname = $Hostname; </Input>

<Output log_local_encrypted>Module   om_fileFile     "d:/data/nxlogstore/" + $DeviceHostname + "/" + $DeviceHostname + "-" + strftime(now(), '%Y%m%d') + ".log"CreateDir trueExec  to_syslog_ietf();OutputType zlib.compress, crypto.aes_encrypt</Output>

<Output log_remote_encrypted>   Module   om_fileFile     "d:/data/nxlogstore/" + $DeviceHostname + "/" + $DeviceHostname + "-" + strftime(now(), '%Y%m%d') + ".log.gz.enc"CreateDir trueExec  to_syslog_ietf();OutputType zlib.compress, crypto.aes_encrypt</Output>

# Path to forward logs to locally<Route Windows_Network_To_Locally>       Path    servers_ssl, network_tcp_ssl => log_local_encrypted</Route>

# Path to forward logs to locally<Route Remote_Windows_Network_To_Locally>       Path    nxlog_relay => log_remote_encrypted</Route>

# This block rotates `%MYLOGFILE%` on a schedule. Note that if `LogFile`# is changed in managed.conf via NXLog Manager, rotation of the new# file should also be configured there.<Extension _fileop>   Module  xm_fileop

   # Check the size of our log file hourly, rotate if larger than 5MB   <Schedule>       Every   1 hour       <Exec>           if ( file_exists('%MYLOGFILE%') and                (file_size('%MYLOGFILE%') >= 5M) )           {                file_cycle('%MYLOGFILE%', 8);           }       </Exec>   </Schedule>

   # Rotate our log file every week on Sunday at midnight   <Schedule>       When    @weekly       Exec    if file_exists('%MYLOGFILE%') file_cycle('%MYLOGFILE%', 8);   </Schedule></Extension>

Regards, Billy