No SSL data sent (om_ssl) from Windows NXlog to Linux ELK
Hello,
Having an issue with using om_ssl from a Windows NXlog client to a Linux ELK server.
The issue lies with the encryption part, the connection is established on the associated destination SSL port I set but no SSL traffic can be see/captured.
For information here is the logstash config and the NXlog config, I believe the issue lies with the certs.
input {
tcp {
port => 5000
type => syslog
}
udp {
port => 5000
type => syslog
}
tcp {
port => 5001
type => syslog
ssl_cacert => "/etc/pki/tls/certs/rootCA.pem"
ssl_cert => "/etc/pki/tls/certs/logstash.crt"
ssl_key => "/etc/pki/tls/private/logstash.key"
ssl_enable => true
nxlog.conf:
<Output syslogout>
#This is for TCP non-SSL traffic
Module om_tcp
Host 192.168.0.20
Port 5000
</Output>
<Output omsslout>
#This is for SSL traffic only, omit all "#"
Module om_ssl
Host 192.168.0.20
Port 5001
CAFile %CERTDIR%\rootCA.pem
OutputType LineBased
AllowUntrusted FALSE
</Output>
<Route 1>
Path eventlog => eventlog_transformer => omsslout
</Route>
Only included relative SSL parts as everything else works over TCP and UDP.
Many thanks