Hello, i’m using Graylog 4.0 with Ubuntu 20.04.2 LTS, elasticsearch 7.10.2 and mongodb 4.4.2.
Graylog is working fine with HTTPS and logs coming from other servers.
I tried to implement TLS for the inputs coming from RSYSLOG.
But unfortunaly it’s not working. I tried to use the same certificates .pem as i did for making HTTPS working, but it’s not working !
Maybe someone know how to do it properly with commands?
Yes i already saw your post on this topic !
Unfortunaly i don’t know if i’m doing badly my self-signed certificate.
But it’s working for the web page of graylog in HTTPS so … Or maybe the problem is maybe because i didn’t put :
The first one of this file wasn’t with IP.2 and DNS.2
I’ve wrote this file yesterday and took the cert.pem and key.pem to the rsyslog client.
The other things is that i don’t know if my RSYSLOG.CONF file is good. Because in the :
I took the same cert.pem (generated on the graylog server) for the CA and the CERTFile so i don’t know if this is that.
Furthermore, i changed some settings by adding the x509 streamdriver auth and now i have this error (and not the other one that i show you in the other message):
rsyslogd[3681]: authentication not supported by gtls netstream driver in the configured authentication mode - ignored [v8.1901.0 try You searched for error 2087 - rsyslog ]
Answer: The server you have tried to connect has its certificate marked for encryption-only but the server uses it with a ciphersuite that requires signing (or vice-versa). This is either due to an attack, or due to a serious server misconfiguration. Contact the server administrator.