Ask questions. Get answers. Find technical product solutions from passionate experts in the NXLog community.

Authenticate macOS senders over TLS with certificates in System Keychain?
Hello, We are deploying NXLog Enterprise on a fleet of macOS devices with the goals to collect endpoint events even remotely. Which mean Graylog GELF exposed over Internet, with TLS encryption and certificate authentication requirements. I see that om_ssl can do the job of TLS communication and even client authentication, but the settings I see are using file path for the Private Key. Is there a way to have NXLog with om_ssl on macOS using a certificate from the System Keychain ? Thanks

ygini created
Replies: 1
View post »
last updated
Usage of TLS protocol in CE
NXLOG version: NXLog CE 3.0.2272 OS version: Windows 2019 server \ Windows 10 for client Issue: I inspect the communication between NXLog client and server via Wireshark. Client output module is om_ssl and server input module is im_ssl. I've been expecting to see the usage of TLS protocol, but all I see is TCP and RSH protocols, which are non secure protocols. How can this be explained? Client config: <Output out_ssl> Module om_ssl Host <host_ip> Port 514 OutputType Binary AllowUntrusted TRUE </Output> Server config: <Input in_ssl> Module im_ssl Host 0.0.0.0 Port 514 InputType Binary CAFile <CA path> CertFile <Certificate path> CertKeyFile <private key path> KeyPass <key password> AllowUntrusted TRUE RequireCert FALSE </Input> Wireshark is tracking 514 port on the server. Thanks!

LaniMils created
ERROR invalid keyword: CAThumbprint
Hey everyone! I'm attempting to use the om_ssl module on an NXLog Community Edition but checking the logs at "C:\Program Files (x86)\nxlog\data\nxlog" showed the following message: "ERROR invalid keyword: CAThumbprint" After not finding anything about the error above, I decided to use a combination of CAFile, CertFile, CertKeyFile and KeyPass on the Output configuration which worked but I'd rather use the CAThumbprint directive. What am I doing wrong? Output tag from the "C:\Program Files (x86)\nxlog\conf\nxlog.conf" looked like this: <Output out> Module om_ssl CAThumbprint xxxxxxxxxxxxxxxxxxxxxxxxxxxx # numbers and letters, without spaces Host 10.0.0.10 # representative IP Port 1514 Exec to_syslog_bsd(); </Output>

peggers created
Replies: 1
View post »
last updated