Compression and Encryption
Hi
I have configured compression and encryption for locally stored logs, and it seems to be working fine. However, when I run the command c:\program files\nxlog\nxlog-processor.exe -c d:\data\decrypted.conf, I encounter an error while attempting to decrypt the currently active file. The error message reads: 'error [im_file:enc_in] Crypto SSL error: error:0606506D:digital envelope routines:EVP_DecryptFinal_ex:wrong final block length.' Despite this error, the file is decrypted successfully, and we are able to read the log file clearly. Could you please advise on the meaning of this error?
I have not encountered any errors for older encrypted files. Thank you
Our current config is as follows:
nxlog.conf
Panic Soft
define INSTALLDIR D:\Program Files\nxlog
#ModuleDir %INSTALLDIR%\modules#CacheDir %INSTALLDIR%\data#SpoolDir %INSTALLDIR%\data
define CERTDIR %INSTALLDIR%\certdefine CONFDIR %INSTALLDIR%\conf\nxlog.d
# Note that these two lines define constants only; the log file location# is ultimately set by the `LogFile` directive (see below). The# `MYLOGFILE` define is also used to rotate the log file automatically# (see the `_fileop` block).define LOGDIR D:\Program Files\nxlog\datadefine MYLOGFILE %LOGDIR%/nxlog.log
# If you are not using NXLog Manager, disable the `include` line# and enable LogLevel and LogFile.#include %CONFDIR%\*.conf
LogLevel INFOLogFile %MYLOGFILE%
<Extension xml> Module xm_xml</Extension>
<Extension exec> Module xm_exec</Extension>
<Extension _syslog>Module xm_syslog</Extension>
<Extension zlib> Module xm_zlib</Extension>
<Extension crypto> Module xm_cryptoPasswordFile "d:\\Program Files\\nxlog\\conf\\nxlogkeyfile.pem"</Extension>
<Extension fileop> Module xm_fileop</Extension>
# Input from remote relay<Input nxlog_relay> Module im_ssl ListenAddr 0.0.0.0:8514 CAFile %CERTDIR%/root.pem CertFile %CERTDIR%/xxx..pem CertkeyFile %CERTDIR%/xxx..pem RequireCert FALSE Exec $Hostname = hostname(); parse_syslog(); $DeviceHostname = $Hostname;</Input>
# This Section contains the configuration to receive logs forwarded by Servers<Input servers_ssl> Module im_ssl ListenAddr 0.0.0.0:7514 CAFile %CERTDIR%/root.pem CertFile %CERTDIR%/xxx..pem CertkeyFile %CERTDIR%/xxx..pem RequireCert FALSE Exec $Hostname = hostname(); parse_syslog(); $DeviceHostname = $Hostname; </Input>
<Output log_local_encrypted>Module om_fileFile "d:/data/nxlogstore/" + $DeviceHostname + "/" + $DeviceHostname + "-" + strftime(now(), '%Y%m%d') + ".log"CreateDir trueExec to_syslog_ietf();OutputType zlib.compress, crypto.aes_encrypt</Output>
<Output log_remote_encrypted> Module om_fileFile "d:/data/nxlogstore/" + $DeviceHostname + "/" + $DeviceHostname + "-" + strftime(now(), '%Y%m%d') + ".log.gz.enc"CreateDir trueExec to_syslog_ietf();OutputType zlib.compress, crypto.aes_encrypt</Output>
# Path to forward logs to locally<Route Windows_Network_To_Locally> Path servers_ssl, network_tcp_ssl => log_local_encrypted</Route>
# Path to forward logs to locally<Route Remote_Windows_Network_To_Locally> Path nxlog_relay => log_remote_encrypted</Route>
# This block rotates `%MYLOGFILE%` on a schedule. Note that if `LogFile`# is changed in managed.conf via NXLog Manager, rotation of the new# file should also be configured there.<Extension _fileop> Module xm_fileop
# Check the size of our log file hourly, rotate if larger than 5MB <Schedule> Every 1 hour <Exec> if ( file_exists('%MYLOGFILE%') and (file_size('%MYLOGFILE%') >= 5M) ) { file_cycle('%MYLOGFILE%', 8); } </Exec> </Schedule>
# Rotate our log file every week on Sunday at midnight <Schedule> When @weekly Exec if file_exists('%MYLOGFILE%') file_cycle('%MYLOGFILE%', 8); </Schedule></Extension>
Regards, Billy
