1. Describe your incident:
I’m trying to send Fortigate v7.0.9 logs to Graylog v5.1.0 (I have upgraded trying to solve the problem, but I was having the same problem in Graylog v5.0).
Watching server.log file I’m having this error:
ERROR [AbstractTcpTransport] Error in Input [Raw/Plaintext TCP/Raw TCP/646cfd4e37eac647f23b721b] (channel [id: 0xee36b0af, L:/X.X.X.217:5555 ! R:/Y.Y.Y.2:4204]) (cause io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: error:10000070:SSL routines:OPENSSL_internal:BAD_PACKET_LENGTH)
2. Describe your environment:
-
OS Information:
Debian 11 -
Package Version:
OpenSSL 3.1.0 (I’ve tryed with 1.1.1n)
openjdk / JRE 17.0.6 -
Service logs, configurations, and environment variables:
3. What steps have you already taken to try and solve the problem?
I have already reviewed all certificates (both sides Fortigate and Graylog), and tryed different connections (RAW TCP, CEF TCP, Syslog TCP).
I’ve already tryed the steps of this topic: TLS Input created
I’ve already reviewed all my configuration based on How to analyze FortiGate logs with a single-node Graylog instance
4. How can the community help?
If anyone have some idea about what could be wrong in TLS handshake it will be very much helpful.