McAfee log TO Nxlog - Certificat error


#1 MaxiTremblaycgi

Hi, Im actually having an issue with my nxlog server. We are trying to send antivirus log from a McAfee EPO to my NX. The problem we facing is that when we try a connection test from EPO to NXLOG we get this message on our Nxlog server.

2019-04-09 19:32:54 INFO SSL connection accepted from 10.28.26.214:59126 2019-04-09 19:32:54 ERROR SSL error, SSL_ERROR_SSL: retval -1, reason: peer did not return a certificate 2019-04-09 19:32:54 WARNING SSL connection closed from 10.28.26.214:59126

Can we receive the AV log without using the certificate ? Do you know a way to bypass this ?. The certificat have been created with OPENSSL with the help of one of your technicien and the certificat looks good... we have somme difficulty to understand why this operation fail. We have also put the certificat we create for NXLOG on our Antivirus server to let them communicate. Do you have any idea of what is the problem ? Your help is very appreciated gain.

Greetings,

#2 MaxiTremblaycgi (Last updated )
#1 MaxiTremblaycgi
Hi, Im actually having an issue with my nxlog server. We are trying to send antivirus log from a McAfee EPO to my NX. The problem we facing is that when we try a connection test from EPO to NXLOG we get this message on our Nxlog server. 2019-04-09 19:32:54 INFO SSL connection accepted from 10.28.26.214:59126 2019-04-09 19:32:54 ERROR SSL error, SSL_ERROR_SSL: retval -1, reason: peer did not return a certificate 2019-04-09 19:32:54 WARNING SSL connection closed from 10.28.26.214:59126 Can we receive the AV log without using the certificate ? Do you know a way to bypass this ?. The certificat have been created with OPENSSL with the help of one of your technicien and the certificat looks good... we have somme difficulty to understand why this operation fail. We have also put the certificat we create for NXLOG on our Antivirus server to let them communicate. Do you have any idea of what is the problem ? Your help is very appreciated gain. Greetings,

Hi, We finally fix this addind the line RequireCert FALSE in my SSL input.

#Antivirus <Input ssl> Module im_ssl Host 0.0.0.0 RequireCert FALSE Port 514 CAFile %CERTDIR%\rootCA.pem CertFile %CERTDIR%\server.crt CertKeyFile %CERTDIR%\server.key Exec file_write('C:\AV.log', $raw_event + "\n"); </Input>

Sorry for the ticket, you can close it.

Greetings,