Graylog not accepting messages over encrypted GELF

(Beth) #1

I have had a Graylog encrypted GELF input configured for over a year, and it stopped working a few days ago. I use nxlog to send messages to Graylog. I think the problem has something to do with my certificates on my server. I did not change anything, however. I am using a private certificate authority, but added the root certificate to the Java keystore a long time ago. The same certificate is working for my nginx proxy as well. But here is the error in my graylog log file:

2018-06-06T09:51:19.881-07:00 WARN  [AbstractNioSelector] Failed to initialize an accepted socket. overrun, bytes = 614
        at javax.crypto.EncryptedPrivateKeyInfo.<init>( ~[?:1.8.0_111]
        at org.graylog2.plugin.inputs.transports.util.KeyUtil.createKeySpec( ~[graylog.jar:?]
        at org.graylog2.plugin.inputs.transports.util.KeyUtil.loadPrivateKey( ~[graylog.jar:?]
        at org.graylog2.plugin.inputs.transports.util.KeyUtil.initKeyStore( ~[graylog.jar:?]
        at org.graylog2.plugin.inputs.transports.AbstractTcpTransport$1.createSslEngine( ~[graylog.jar:?]
        at org.graylog2.plugin.inputs.transports.AbstractTcpTransport$ ~[graylog.jar:?]
        at org.graylog2.plugin.inputs.transports.AbstractTcpTransport$ ~[graylog.jar:?]
        at org.graylog2.plugin.inputs.transports.NettyTransport$1.getPipeline( ~[graylog.jar:?]
        at [graylog.jar:?]
        at [graylog.jar:?]
        at [graylog.jar:?]
        at [graylog.jar:?]
        at [graylog.jar:?]
        at org.jboss.netty.util.internal.DeadLockProofWorker$ [graylog.jar:?]
        at java.util.concurrent.ThreadPoolExecutor.runWorker( [?:1.8.0_111]
        at java.util.concurrent.ThreadPoolExecutor$ [?:1.8.0_111]
        at [?:1.8.0_111]

Here is my input configuration:

decompress_size_limit: 8388608
max_message_size: 2097152
override_source: <empty>
port: 12388
recv_buffer_size: 1048576
tcp_keepalive: false
tls_cert_file: /etc/ssl/mypubliccert_all.crt
tls_client_auth: disabled
tls_client_auth_cert_file: <empty>
tls_enable: true
tls_key_file: /etc/ssl/private/mykeyfile.key
tls_key_password: ********
use_null_delimiter: true

The public key file has the public cert, intermediate cert, and root cert appended in that order.

(Beth) #2

Ok, it looks like Graylog lost my private key password. I reentered it in the configuration, and voila, all started working. This is strange, however, because I did not change anything.

(system) closed #3

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.