NXlog om_ssl infinite reconnection after handshake fail with a SaaS Log Centralizer

View thread

Pierre.Guceski

Hi, 

This question follow an old one: https://nxlog.co/question/1252/nxlog-omssl-infinite-reconnection-saas-log-centralizer

We are trying to connect NXLog with Logmatic.io with a SSL connection. 
The certificate provided by Logmatic is still valid and works with Rsyslog, Syslog-NG or Open-SSL.. (you can find the certificate here : https://doc.logmatic.io/docs/logging-from-windows)

However, no matter how hard we tried to connect NXLog we had no succes, and we are now stuck without any ideas of what can we do/test to make it work.

Our config hasn't changed:

<Output out>
Module om_ssl
Host api.logmatic.io
Port 10515
CAFile <path_to_your_.crt_file>

####Add the API key before the event
Exec $raw_event="<your_api_key> "+$raw_event;
</Output>

We tried a lot more configuration with AllowUntrusted TRUE/FALSE, CertFile, etc... But the result is always the same:

2016-01-06 16:19:56 INFO nxlog-ce-2.9.1504 started
2016-01-06 16:19:56 INFO connecting to api.logmatic.io:10515
2016-01-06 16:19:57 INFO successfully connected to api.logmatic.io:10515
2016-01-06 16:19:57 INFO reconnecting in 1 seconds

2016-01-06 16:19:57 ERROR SSL certificate verification failed: unable to get local issuer certificate (err: 20)
2016-01-06 16:19:58 INFO connecting to api.logmatic.io:10515
2016-01-06 16:19:58 INFO successfully connected to api.logmatic.io:10515
2016-01-06 16:19:58 INFO reconnecting in 1 seconds
2016-01-06 16:19:58 ERROR SSL certificate verification failed: unable to get local issuer certificate (err: 20)

We wiresharked the connection to logmatic (which doesn't work) and the connection to Loggly (which worked) both with the same configuration file.
https://drive.google.com/folderview?id=0B7GCHhnklusNcjgxM3ozeTZseVU&usp=sharing
The only difference were in the configuration settings (host, port, certificate..)

It seems that the Handshake between Nxlog and logmatic.io server is the root of this bug. Do you know why ? 
Since it's Nxlog which refuse to extablish the connection, do you know why the option "AllowUntrusted false" in Nxlog.conf doesn't work ? 

Sorry to bother you again with that but we tried everything and are now short of ideas :/

Many Thanks in advance !