1. Describe your incident: We are trying to send tcp logs via TLS. It does not seem to handshake
2. Describe your environment:
Linux Ubuntu
Package Version: Graylog 4.3.11
Service logs, configurations, and environment variables:
Input Syslog TCP TLS, when we turn on TLS, we get no logs. TLS_Enable: false we get logs. We have tried a few different devices, but it does successfully create the TCP handshake.
I personally use tcpdump on my linux servers, you can also “tail” your Graylog log file see what actually taking place.Once you enable TCP/TLS this will also effect you input/s, etc…
Thanks for that info. However, I want to make sure we are talking about the configuration in the same location within Graylog.
We are setting the cert and key info for a single input under System / Inputs → Inputs. We are only setting the http_tls_cert_file and http_tls_key_file fields then checking the http_enable_tls box. The key and cert were generated using the Graylog docs.
We have not touched the server.conf file for this. Do we need to make any changes to the server.conf file? In other words, do we need to configure SSL in the server.conf file AND for the input in the console to get SSL to work?
If you just want certificate for an INPUT you need to follow the documentation and place those certifcates where Graylog can access them I.E, Graylogs home directory is a good example. Also ensure the correct certificate is in the keystore and Graylog service can access them.
Next, if you noticed in the other post the settings
### Bind to localhost or IP Address ###
http_bind_address = 192.168.1.100:9000
### The URL need for HTTPS ####
http_publish_uri = https://graylog.doamin.com:9000/
### Enable HTTPS for TCP/TLS ###
http_enable_tls = true
#### The Two certificates made from the documentation.###
http_tls_cert_file = /etc/ssl/certs/graylog/graylog-certificate.pem
http_tls_key_file = /etc/ssl/certs/graylog/graylog-key.pem
### PAssword/Code for the Key###
http_tls_key_password = secret
