I am evaluating the om_ssl (GELF) module of nxlog EE agent for a large number of devices with TLS authentication of the devices enabled at Graylog. We already have the certificates in the Windows certificate manager on the devices which we would use for the nxlog agent as well. The certificates are rotated frequently, and thus nxlog.conf needs to be kept up to date (with the thumbprints) and due to the large number of devices we cannot create and update the configuration files by hand.

What is the best practice to populate nxlog.conf with the required certificate thumbprints from the certificate store on each device and keep the configuration up to date?

Thank you!

AskedFebruary 21, 2022 - 10:29am

Answers (0)