1
response

Hi,
Im actually having an issue with my nxlog server. We are trying to send antivirus log from a McAfee EPO to my NX. The problem we facing is that when we try a connection test from EPO to NXLOG we get this message on our Nxlog server.

2019-04-09 19:32:54 INFO SSL connection accepted from 10.28.26.214:59126
2019-04-09 19:32:54 ERROR SSL error, SSL_ERROR_SSL: retval -1, reason: peer did
not return a certificate
2019-04-09 19:32:54 WARNING SSL connection closed from 10.28.26.214:59126

Can we receive the AV log without using the certificate ? Do you know a way to bypass this ?.
The certificat have been created with OPENSSL with the help of one of your technicien and the certificat looks good... we have somme difficulty to understand why this operation fail. We have also put the certificat we create for NXLOG on our Antivirus server to let them communicate.
Do you have any idea of what is the problem ? Your help is very appreciated gain.

Greetings,

AskedApril 9, 2019 - 8:05pm

Answer (1)

Hi,
We finally fix this addind the line RequireCert FALSE in my SSL input.

#Antivirus
<Input ssl>
Module im_ssl
Host 0.0.0.0
RequireCert FALSE
Port 514
CAFile %CERTDIR%\rootCA.pem
CertFile %CERTDIR%\server.crt
CertKeyFile %CERTDIR%\server.key
Exec file_write('C:\AV.log', $raw_event + "\n");
</Input>

Sorry for the ticket, you can close it.

Greetings,