No SSL data sent (om_ssl) from Windows NXlog to Linux ELK
Hello,
Having an issue with using om_ssl from a Windows NXlog client to a Linux ELK server.
The issue lies with the encryption part, the connection is established on the associated destination SSL port I set but no SSL traffic can be see/captured.
For information here is the logstash config and the NXlog config, I believe the issue lies with the certs.
input {
tcp {
port => 5000
type => syslog
}
udp {
port => 5000
type => syslog
}
tcp {
port => 5001
type => syslog
ssl_cacert => "/etc/pki/tls/certs/rootCA.pem"
ssl_cert => "/etc/pki/tls/certs/logstash.crt"
ssl_key => "/etc/pki/tls/private/logstash.key"
ssl_enable => true
nxlog.conf:
<Output syslogout>
#This is for TCP non-SSL traffic
Module om_tcp
Host 192.168.0.20
Port 5000
</Output>
<Output omsslout>
#This is for SSL traffic only, omit all "#"
Module om_ssl
Host 192.168.0.20
Port 5001
CAFile %CERTDIR%\rootCA.pem
OutputType LineBased
AllowUntrusted FALSE
</Output>
<Route 1>
Path eventlog => eventlog_transformer => omsslout
</Route>
Only included relative SSL parts as everything else works over TCP and UDP.
Many thanks
Are you sure it's not due to SSLv3 having been recently disabled in java? If it is, that should be visible in the logs (nxlog.log). SSLv3 can be reenabled in java.secuity, otherwise the EE already has TLS support and the next version of NXLog CE will also have this.