Fortinet/Fortigate TLS certificate problem

1. Describe your incident:
I’m trying to send Fortigate v7.0.9 logs to Graylog v5.1.0 (I have upgraded trying to solve the problem, but I was having the same problem in Graylog v5.0).
Watching server.log file I’m having this error:

ERROR [AbstractTcpTransport] Error in Input [Raw/Plaintext TCP/Raw TCP/646cfd4e37eac647f23b721b] (channel [id: 0xee36b0af, L:/X.X.X.217:5555 ! R:/Y.Y.Y.2:4204]) (cause io.netty.handler.codec.DecoderException: error:10000070:SSL routines:OPENSSL_internal:BAD_PACKET_LENGTH)

2. Describe your environment:

  • OS Information:
    Debian 11

  • Package Version:
    OpenSSL 3.1.0 (I’ve tryed with 1.1.1n)
    openjdk / JRE 17.0.6

  • Service logs, configurations, and environment variables:

3. What steps have you already taken to try and solve the problem?
I have already reviewed all certificates (both sides Fortigate and Graylog), and tryed different connections (RAW TCP, CEF TCP, Syslog TCP).
I’ve already tryed the steps of this topic: TLS Input created
I’ve already reviewed all my configuration based on How to analyze FortiGate logs with a single-node Graylog instance

4. How can the community help?
If anyone have some idea about what could be wrong in TLS handshake it will be very much helpful.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.