Hello,

Having an issue with using om_ssl from a Windows NXlog client to a Linux ELK server.

The issue lies with the encryption part, the connection is established on the associated destination SSL port I set but no SSL traffic can be see/captured.

For information here is the logstash config and the NXlog config, I believe the issue lies with the certs.

input {
  tcp {
    port => 5000
    type => syslog
  }
  udp {
    port => 5000
    type => syslog
  }
  tcp {
    port => 5001
    type => syslog
    ssl_cacert => "/etc/pki/tls/certs/rootCA.pem"
    ssl_cert => "/etc/pki/tls/certs/logstash.crt"
    ssl_key => "/etc/pki/tls/private/logstash.key"
    ssl_enable => true

nxlog.conf:
<Output syslogout>
#This is for TCP non-SSL traffic
  Module om_tcp
  Host 192.168.0.20
  Port 5000
</Output>

<Output omsslout>
#This is for SSL traffic only, omit all "#"
  Module          om_ssl
  Host            192.168.0.20
  Port            5001
  CAFile          %CERTDIR%\rootCA.pem
  OutputType LineBased
  AllowUntrusted FALSE
</Output>

<Route 1>
  Path eventlog => eventlog_transformer => omsslout
</Route>

Only included relative SSL parts as everything else works over TCP and UDP.

Many thanks