Ask questions. Get answers. Find technical product solutions from passionate experts in the NXLog community.

ERROR remote ssl socket was reset? (SSL_ERROR_SSL with errno=9); End of file found
Hi, I am trying to use an ssl connection between client and server in "server-side authentication only" mode. I placed the certificates in the respective /conf folder of nxlog server. these are the current configurations: >>> CLIENT <<< <Output to_syslog_server> Module om_ssl Host 10.1.1.1 Port 516 Exec $Message = to_leef(); to_syslog_ietf(); </Output> >>> SERVER <<< <Input in_syslog_ssl> Module im_ssl Host 0.0.0.0 Port 516 CAFile %CERTDIR%/rootCA.pem CertFile %CERTDIR%/central.crt CertKeyFile %CERTDIR%/central.key KeyPass password FlowControl TRUE AllowUntrusted TRUE <Exec> if $raw_event =~ /LEEF/ parse_leef(); else parse_syslog(); </Exec> </Input> but it makes me this Error: 2019-09-06 17:43:26 ERROR remote ssl socket was reset? (SSL_ERROR_SSL with errno=9); End of file found Do you have any ideas to solve this? Thank you Antonio

antoniosoc created
Replies: 2
View post »
last updated
NXlog om_ssl infinite reconnection with a SaaS Log Centralizer
Hi, We are trying to connect NXLog with Logmatic.io with a SSL connection. The certificate provided by Logmatic is valid and works with Rsyslog, Syslog-NG or Open-SSL. However, no matter how hard we try to connect NXLog we have no success and not enough debugging information to troubleshoot it ourselves. Here is our config: <Output out> Module om_ssl Host api.logmatic.io Port 10515 CAFile <path_to_your_.crt_file> ####Add the API key before the event Exec $raw_event="<your_api_key> "+$raw_event; </Output> We tried a lot more configuration with AllowUntrusted TRUE/FALSE, CertFile, etc... But the result is always the same: 2015-12-18 18:25:39 INFO connecting to api.logmatic.io:10515 2015-12-18 18:25:39 INFO successfully connected to api.logmatic.io:10515 2015-12-18 18:25:39 INFO reconnecting in 1 seconds 2015-12-18 18:25:40 INFO connecting to api.logmatic.io:10515 2015-12-18 18:25:40 INFO successfully connected to api.logmatic.io:10515 2015-12-18 18:25:41 INFO reconnecting in 1 seconds 2015-12-18 18:25:42 INFO connecting to api.logmatic.io:10515 2015-12-18 18:25:42 INFO successfully connected to api.logmatic.io:10515   Do you have any idea about what it could be? You can find the certificate here: http://doc.logmatic.io/docs/logging-from-windows#section-enabling-security Sorry to bother you with that but we spent a lot of time doing our homework before asking this question. Thanks!!  

Renaud.Boutet created
Replies: 1
View post »
last updated
Problems using SSL input with NXLog
TL;DR summary: NXLog won't load my certificate - why? I've set up an NXlog CE server to act as an encrypted entrypoint for a Graylog server. After creating a self-signed certificate and adding it to the configuration, I get an unexpected error in the log when NXlogs starts up. 2015-07-10 06:49:22 INFO reloading configuration and restarting modules 2015-07-10 06:49:22 ERROR SSL error, Failed to open certfile: "/certificates/client.pem";No such file or directory 2015-07-10 06:49:22 INFO configuration reloaded successfully. I assumed it might be a file rights issue, but looking at the files, it seems like the rights are actually a little too loose for comfort: root@e757dae37501:/# ll /certificates/ total 20 drwxr-xr-x 2 nxlog nxlog 4096 Jul 10 06:32 ./ drwxr-xr-x 49 root root 4096 Jul 10 06:32 ../ -rw-r--r-- 1 nxlog nxlog 1387 Jul 9 15:51 ca.pem -rw-r--r-- 1 nxlog nxlog 887 Jul 9 15:54 client.key -rw-r--r-- 1 nxlog nxlog 1001 Jul 9 15:55 client.pem My NXlog configuration looks like this: ... <Input inssl> Module im_ssl Host 0.0.0.0 Port 1515 InputType Binary CAFile "/certificates/ca.pem" CertFile "/certificates/client.pem" CertKeyFile "/certificates/client.key" KeyPass secret RequireCert FALSE AllowUntrusted TRUE </Input> ... I've tried looking at the source code for the SSL module, but it looks like the line that fails is not related to validation but simple file access. I have no idea how to proceed. Suggestions?

Mads.Hvelplund created
Replies: 1
View post »
last updated
NXlog cannot verify self-signed CA certificate
Hi, I'm trying to foward log events with NXlog to logstash over a SSL connection. Therefore, I generated my own CA certificate and a certificate to be used by logstash for the SSL connection. NXlog is installed on a Ubuntu 14.04 (virtual) machine with the CA certificate added as '/etc/ssl/certs/logstash-ca.crt'. I tested the connection with openssl s_client -CAfile /etc/ssl/certs/logstash-ca.cert -connect localhost:5000 and everything works fine (all entered text lines are received by logstash). However, when I start NXlog with the appropriate om_ssl output configuration it fails with ERROR SSL certificate verification failed: unable to get local issuer certificate (err: 20) My NXlog configuration looks like this: User nxlog Group nxlog LogFile /var/log/nxlog/nxlog.log LogLevel DEBUG # Modules <Extension _syslog> Module xm_syslog </Extension> <Extension json> Module xm_json </Extension> # Nxlog internal logs <Input internal> Module im_internal Exec $EventReceivedTime = integer($EventReceivedTime) / 1000000; to_json(); </Input> <Output sslout> Module om_ssl Host localhost Port 5000 CertFile "/etc/ssl/certs/logstash-ca.crt" OutputType LineBased </Output> <Route logstash> Path internal => sslout </Route>   When I start NXlog with sudo nxlog -f -c nxlog.conf the debug output looks like this: 2015-03-05 20:37:05 DEBUG module sslout got 1 poll events 2015-03-05 20:37:05 DEBUG Module sslout can read 2015-03-05 20:37:05 DEBUG [...] 2015-03-05 20:37:05 DEBUG PROCESS_EVENT: READ (sslout) 2015-03-05 20:37:05 DEBUG om_ssl read 2015-03-05 20:37:05 DEBUG doing handshake 2015-03-05 20:37:05 DEBUG verify callback (ok: 0) 2015-03-05 20:37:05 DEBUG preverification returned non-OK: unable to get local issuer certificate 2015-03-05 20:37:05 DEBUG STOP: sslout 2015-03-05 20:37:05 DEBUG remove socket [21] 2015-03-05 20:37:05 DEBUG executing statements 2015-03-05 20:37:05 DEBUG [...] 2015-03-05 20:37:05 INFO reconnecting in 1 seconds 2015-03-05 20:37:05 ERROR [om_ssl.c:532/io_err_handler()] -;[ssl.c:168/nx_ssl_check_io_error()] SSL certificate verification failed: unable to get local issuer certificate (err: 20) I have no idea why the verification work with OpenSSL but fails with NXlog (I'm using nxlog-ce-2.8.1248 and OpenSSL version is 1.0.1f). Any help is highly appreciated.  

goerlitz created
Replies: 1
View post »
last updated