Hi all,
first of all I am a newbye, I have a problem to activate a connection with TSL between graylog and NXLog for windows. The plaintext connection in UDP works correctly, the one using OM_SSL instead no, This isin the NXLOG log
2018-03-05 12:41:26 INFO successfully connected to 10.0.1.130: 12202
2018-03-05 12:41:26 INFO remote socket was closed during SSL handshake
2018-03-05 12:41:26 INFO reconnecting in 1 seconds
2018-03-05 12:41:27 INFO connecting to 10.0.1.130: 12202
2018-03-05 12:41:27 INFO successfully connected to 10.0.1.130: 12202
2018-03-05 12:41:27 INFO reconnecting in 1 seconds
2018-03-05 12:41:28 INFO connecting to 10.0.1.130: 12202
2018-03-05 12:41:28 INFO successfully connected to 10.0.1.130: 12202
2018-03-05 12:41:28 INFO reconnecting in 1 seconds
I created self-signed certificates by following this page
http://docs.graylog.org/en/2.2/pages/configuration/https.html
and I followed the instructions on these pages
https://nxlog.co/question/988/omssl-connection-questions
but the problem remains
the input connector is
bind_address: 0.0.0.0
decompress_size_limit: 8388608
max_message_size: 2097152
override_source: <empty>
port: 12202
recv_buffer_size: 1048576
tcp_keepalive: false
tls_cert_file: /path/cert/graylog-certificate.pem
tls_client_auth: disabled
tls_client_auth_cert_file: /path/cert/graylog-certificate.pem
tls_enable: true
tls_key_file: /path/cert/pkcs8-plain.pem
tls_key_password: ********
use_null_delimiter: true
and the NXLOG Conf
<Output out>
Module om_ssl
Host 10.0.1.130
Port 12202
CAFile %CERTDIR%\graylog-certificate.pem
#CertFile %CERTDIR%\graylog-certificate.pem
AllowUntrusted TRUE
#Exec to_syslog_snare();
Exec if ($ProcessName =~ /TbService.exe/ or $ProcessName =~ /w3wp.exe/) drop();
OutputType GELF_TCP
</Output>
I tried the configurations either by entering the CA certificate or without, the keys files both the encrypted and the flat ones, but I always get or this error or error 21
Thank you