Hello,

We are deploying NXLog Enterprise on a fleet of macOS devices with the goals to collect endpoint events even remotely. Which mean Graylog GELF exposed over Internet, with TLS encryption and certificate authentication requirements.

I see that om_ssl can do the job of TLS communication and even client authentication, but the settings I see are using file path for the Private Key.

Is there a way to have NXLog with om_ssl on macOS using a certificate from the System Keychain ?

Thanks

NXLOG version: NXLog CE 3.0.2272

OS version: Windows 2019 server \ Windows 10 for client

Issue: I inspect the communication between NXLog client and server via Wireshark. Client output module is om_ssl and server input module is im_ssl. I've been expecting to see the usage of TLS protocol, but all I see is TCP and RSH protocols, which are non secure protocols. How can this be explained?

Client config: <Output out_ssl> Module om_ssl Host <host_ip> Port 514 OutputType Binary AllowUntrusted TRUE </Output>

Server config: <Input in_ssl> Module im_ssl Host 0.0.0.0 Port 514 InputType Binary CAFile <CA path> CertFile <Certificate path> CertKeyFile <private key path> KeyPass <key password> AllowUntrusted TRUE RequireCert FALSE </Input>

Wireshark is tracking 514 port on the server.

Thanks!

Hey everyone!

I'm attempting to use the om_ssl module on an NXLog Community Edition but checking the logs at "C:\Program Files (x86)\nxlog\data\nxlog" showed the following message: "ERROR invalid keyword: CAThumbprint"

After not finding anything about the error above, I decided to use a combination of CAFile, CertFile, CertKeyFile and KeyPass on the Output configuration which worked but I'd rather use the CAThumbprint directive. What am I doing wrong?

Output tag from the "C:\Program Files (x86)\nxlog\conf\nxlog.conf" looked like this: <Output out> Module om_ssl CAThumbprint xxxxxxxxxxxxxxxxxxxxxxxxxxxx # numbers and letters, without spaces Host 10.0.0.10 # representative IP Port 1514 Exec to_syslog_bsd(); </Output>