Graylog TLS INPUT with Nxlog for Windows


(Samuele) #1

Hi all,
first of all I am a newbye, I have a problem to activate a connection with TSL between graylog and NXLog for windows. The plaintext connection in UDP works correctly, the one using OM_SSL instead no, This isin the NXLOG log

2018-03-05 12:41:26 INFO successfully connected to 10.0.1.130: 12202
2018-03-05 12:41:26 INFO remote socket was closed during SSL handshake
2018-03-05 12:41:26 INFO reconnecting in 1 seconds
2018-03-05 12:41:27 INFO connecting to 10.0.1.130: 12202
2018-03-05 12:41:27 INFO successfully connected to 10.0.1.130: 12202
2018-03-05 12:41:27 INFO reconnecting in 1 seconds
2018-03-05 12:41:28 INFO connecting to 10.0.1.130: 12202
2018-03-05 12:41:28 INFO successfully connected to 10.0.1.130: 12202
2018-03-05 12:41:28 INFO reconnecting in 1 seconds

I created self-signed certificates by following this page

http://docs.graylog.org/en/2.2/pages/configuration/https.html

and I followed the instructions on these pages

https://nxlog.co/question/988/omssl-connection-questions

but the problem remains

the input connector is

bind_address:  0.0.0.0
decompress_size_limit:  8388608
max_message_size:  2097152
override_source:  <empty>
port:  12202
recv_buffer_size:  1048576
tcp_keepalive:  false
tls_cert_file: /path/cert/graylog-certificate.pem
tls_client_auth:  disabled
tls_client_auth_cert_file:  /path/cert/graylog-certificate.pem
tls_enable:  true
tls_key_file:  /path/cert/pkcs8-plain.pem
tls_key_password:  ********
use_null_delimiter:  true

and the NXLOG Conf

<Output out>
    Module      om_ssl
    Host        10.0.1.130
    Port        12202
    CAFile 	%CERTDIR%\graylog-certificate.pem 
    #CertFile    %CERTDIR%\graylog-certificate.pem
    AllowUntrusted TRUE
    #Exec       to_syslog_snare();
    Exec if ($ProcessName =~ /TbService.exe/ or $ProcessName =~ /w3wp.exe/)  drop();
    OutputType  GELF_TCP
</Output>

I tried the configurations either by entering the CA certificate or without, the keys files both the encrypted and the flat ones, but I always get or this error or error 21

Thank you


(Jochen) #2

Did you create a self-signed certificate or a CA certificate which you’re using to create client certificates for the clients?

Looking at your configuration, it should be the latter, but from your description you’ve only created a self-signed certificate.


(system) #3

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.