Graylog not accepting messages over encrypted GELF


(Beth) #1

I have had a Graylog encrypted GELF input configured for over a year, and it stopped working a few days ago. I use nxlog to send messages to Graylog. I think the problem has something to do with my certificates on my server. I did not change anything, however. I am using a private certificate authority, but added the root certificate to the Java keystore a long time ago. The same certificate is working for my nginx proxy as well. But here is the error in my graylog log file:

2018-06-06T09:51:19.881-07:00 WARN  [AbstractNioSelector] Failed to initialize an accepted socket.
java.io.IOException: overrun, bytes = 614
        at javax.crypto.EncryptedPrivateKeyInfo.<init>(EncryptedPrivateKeyInfo.java:92) ~[?:1.8.0_111]
        at org.graylog2.plugin.inputs.transports.util.KeyUtil.createKeySpec(KeyUtil.java:181) ~[graylog.jar:?]
        at org.graylog2.plugin.inputs.transports.util.KeyUtil.loadPrivateKey(KeyUtil.java:154) ~[graylog.jar:?]
        at org.graylog2.plugin.inputs.transports.util.KeyUtil.initKeyStore(KeyUtil.java:118) ~[graylog.jar:?]
        at org.graylog2.plugin.inputs.transports.AbstractTcpTransport$1.createSslEngine(AbstractTcpTransport.java:205) ~[graylog.jar:?]
        at org.graylog2.plugin.inputs.transports.AbstractTcpTransport$1.call(AbstractTcpTransport.java:186) ~[graylog.jar:?]
        at org.graylog2.plugin.inputs.transports.AbstractTcpTransport$1.call(AbstractTcpTransport.java:182) ~[graylog.jar:?]
        at org.graylog2.plugin.inputs.transports.NettyTransport$1.getPipeline(NettyTransport.java:110) ~[graylog.jar:?]
        at org.jboss.netty.channel.socket.nio.NioServerBoss.registerAcceptedChannel(NioServerBoss.java:134) [graylog.jar:?]
        at org.jboss.netty.channel.socket.nio.NioServerBoss.process(NioServerBoss.java:104) [graylog.jar:?]
        at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:337) [graylog.jar:?]
        at org.jboss.netty.channel.socket.nio.NioServerBoss.run(NioServerBoss.java:42) [graylog.jar:?]
        at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108) [graylog.jar:?]
        at org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42) [graylog.jar:?]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [?:1.8.0_111]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [?:1.8.0_111]
        at java.lang.Thread.run(Thread.java:745) [?:1.8.0_111]

Here is my input configuration:

bind_address: 0.0.0.0
decompress_size_limit: 8388608
max_message_size: 2097152
override_source: <empty>
port: 12388
recv_buffer_size: 1048576
tcp_keepalive: false
tls_cert_file: /etc/ssl/mypubliccert_all.crt
tls_client_auth: disabled
tls_client_auth_cert_file: <empty>
tls_enable: true
tls_key_file: /etc/ssl/private/mykeyfile.key
tls_key_password: ********
use_null_delimiter: true

The public key file has the public cert, intermediate cert, and root cert appended in that order.


(Beth) #2

Ok, it looks like Graylog lost my private key password. I reentered it in the configuration, and voila, all started working. This is strange, however, because I did not change anything.


(system) #3

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.