I have download an eval copy of nxlog EE, and am trying to send Microsoft DNS logs to my Splunk Cloud instance. I've read thru various documentation, but am getting an error "ERROR SSL certificate verification failed: self signed certificate in certificate chain (err: 19)", which is confusing me, because I am sending this to Splunk Cloud over HEC, which should have proper cert chain, so I'm not sure where it's getting a self-signed cert from. Here is what my config file looks like (not the whole thing, just the points of interest):

<Input dns_analytical>
Module im_etw
Provider Microsoft-Windows-DNSServer

<Output splunk_out>
Module om_http
URL https://http-inputs-xxx.splunkcloud.com/services/collector
AddHeader Authorization: Splunk <auth key from Splunk HEC>

<Route splunk>
Path dns_analytical => splunk_out

I could use on my local on-prem heavy forwarder but I would really like to send directly to Splunk Cloud over HEC, since it will minimize some moving parts.

AskedDecember 30, 2019 - 2:46pm

Comments (1)

  • Misaziv's picture


    Module om_http should contain path to the cert, please check this example:

     <Output http>
      Module om_http
      URL https://server:8080/
      AddHeader Auth-Token: 4ddf1d3c9
      HTTPSCertFile %CERTDIR%/client-cert.pem
      HTTPSCertKeyFile %CERTDIR%/client-key.pem
      HTTPSCAFile %CERTDIR%/ca.pem
      HTTPSAllowUntrusted FALSE

    Please find more on om_http here: https://nxlog.co/documentation/nxlog-user-guide/om_http.html

Answers (0)