1
response

Hello!

I need to process input syslog events via tls.

But in the nxlog.log I have the following errors:

2020-02-18 16:19:01 INFO SSL connection accepted from XX.XX.XX.XX:52616
2020-02-18 16:19:01 ERROR SSL error, SSL_ERROR_SSL: retval 0, reason: sslv3 alert certificate unknown
2020-02-18 16:19:01 WARNING SSL connection closed from XX.XX.XX.XX:52616

When I try to DEBUG I've got the following events:

2020-02-18 16:27:54 DEBUG worker 0 got signal for new job
2020-02-18 16:27:54 DEBUG worker 0 got no event to process
2020-02-18 16:27:54 DEBUG worker 0 waiting for new event
2020-02-18 16:27:54 DEBUG no events or no future events, event thread sleeping in condwait
2020-02-18 16:27:54 DEBUG [in_syslog_tcp_ssl] no poll events, pollset_poll timed out
2020-02-18 16:27:54 DEBUG nx_event_to_jobqueue: POLL (in_syslog_tcp_ssl)
2020-02-18 16:27:54 DEBUG event added to jobqueue
2020-02-18 16:27:54 DEBUG worker 2 processing event 0x7f0d140008c0
2020-02-18 16:27:54 DEBUG PROCESS_EVENT: POLL (in_syslog_tcp_ssl)
2020-02-18 16:27:54 DEBUG nx_module_pollset_poll: in_syslog_tcp_ssl
2020-02-18 16:27:54 DEBUG worker 1 got signal for new job
2020-02-18 16:27:54 DEBUG worker 1 got no event to process
2020-02-18 16:27:54 DEBUG worker 1 waiting for new event
2020-02-18 16:27:54 DEBUG no events or no future events, event thread sleeping in condwait
2020-02-18 16:27:54 DEBUG [in_syslog_tcp_ssl] no poll events, pollset_poll timed out
2020-02-18 16:27:54 DEBUG nx_event_to_jobqueue: POLL (in_syslog_tcp_ssl)
2020-02-18 16:27:54 DEBUG event added to jobqueue
2020-02-18 16:27:54 DEBUG worker 2 processing event 0x7f0d14000910
2020-02-18 16:27:54 DEBUG PROCESS_EVENT: POLL (in_syslog_tcp_ssl)
2020-02-18 16:27:54 DEBUG nx_module_pollset_poll: in_syslog_tcp_ssl
2020-02-18 16:27:54 DEBUG worker 3 got signal for new job
2020-02-18 16:27:54 DEBUG worker 3 got no event to process
2020-02-18 16:27:54 DEBUG worker 3 waiting for new event
2020-02-18 16:27:54 DEBUG no events or no future events, event thread sleeping in condwait

My input configuration:

<Input in_syslog_tcp_ssl>
Module im_ssl
Host 0.0.0.0
Port 12514
CAFile /opt/nxlog/ssl/rootCA.pem
AllowUntrusted TRUE
RequireCert FALSE
CertFile /opt/nxlog/ssl/server.crt
CertKeyFile /opt/nxlog/ssl/server.key
InputType Syslog_TLS
KeyPass XXXXXXXXXX
Exec parse_syslog();
</Input>

I create certificates by this guide: https://nxlog.co/documentation/nxlog-user-guide/encrypted.html#openssl-certs
I trying to use different variation with "AllowUntrusted", "RequireCert", but it's not working for me.

AskedFebruary 18, 2020 - 2:40pm

Comments (1)

Answers (0)