NXlog om_ssl infinite reconnection with a SaaS Log Centralizer


#1 Renaud.Boutet

Hi,



We are trying to connect NXLog with Logmatic.io with a SSL connection. The certificate provided by Logmatic is valid and works with Rsyslog, Syslog-NG or Open-SSL.



However, no matter how hard we try to connect NXLog we have no success and not enough debugging information to troubleshoot it ourselves.



Here is our config:




<Output out>
Module om_ssl
Host api.logmatic.io
Port 10515
CAFile <path_to_your_.crt_file>

####Add the API key before the event
Exec $raw_event="<your_api_key> "+$raw_event;
</Output>


We tried a lot more configuration with AllowUntrusted TRUE/FALSE, CertFile, etc... But the result is always the same:



2015-12-18 18:25:39 INFO connecting to api.logmatic.io:10515



2015-12-18 18:25:39 INFO successfully connected to api.logmatic.io:10515



2015-12-18 18:25:39 INFO reconnecting in 1 seconds



2015-12-18 18:25:40 INFO connecting to api.logmatic.io:10515



2015-12-18 18:25:40 INFO successfully connected to api.logmatic.io:10515



2015-12-18 18:25:41 INFO reconnecting in 1 seconds



2015-12-18 18:25:42 INFO connecting to api.logmatic.io:10515



2015-12-18 18:25:42 INFO successfully connected to api.logmatic.io:10515



 



Do you have any idea about what it could be?



You can find the certificate here: http://doc.logmatic.io/docs/logging-from-windows#section-enabling-security



Sorry to bother you with that but we spent a lot of time doing our homework before asking this question.



Thanks!!



 


#2 adm Nxlog ✓
#1 Renaud.Boutet
Hi, We are trying to connect NXLog with Logmatic.io with a SSL connection. The certificate provided by Logmatic is valid and works with Rsyslog, Syslog-NG or Open-SSL. However, no matter how hard we try to connect NXLog we have no success and not enough debugging information to troubleshoot it ourselves. Here is our config: <Output out> Module om_ssl Host api.logmatic.io Port 10515 CAFile <path_to_your_.crt_file> ####Add the API key before the event Exec $raw_event="<your_api_key> "+$raw_event; </Output> We tried a lot more configuration with AllowUntrusted TRUE/FALSE, CertFile, etc... But the result is always the same: 2015-12-18 18:25:39 INFO connecting to api.logmatic.io:10515 2015-12-18 18:25:39 INFO successfully connected to api.logmatic.io:10515 2015-12-18 18:25:39 INFO reconnecting in 1 seconds 2015-12-18 18:25:40 INFO connecting to api.logmatic.io:10515 2015-12-18 18:25:40 INFO successfully connected to api.logmatic.io:10515 2015-12-18 18:25:41 INFO reconnecting in 1 seconds 2015-12-18 18:25:42 INFO connecting to api.logmatic.io:10515 2015-12-18 18:25:42 INFO successfully connected to api.logmatic.io:10515   Do you have any idea about what it could be? You can find the certificate here: http://doc.logmatic.io/docs/logging-from-windows#section-enabling-security Sorry to bother you with that but we spent a lot of time doing our homework before asking this question. Thanks!!  

The logmatic.io service is closing the connection for some reason. It might be possible that this isn't even related to the SSL handshake and perhaps it's closing the connection because of receiving invalid data? Things to try:

* Put LogLevel Debug into your conf and check the logs. It's quite verbose but might tell you more.

* Capture the openssl s_client handshake with wireshark and compare to what NXLog does.

* Ask logmatic.io to tell you why it's closing the connection.