TLS Connections with Barracuda Email Gateway Defense

1. Describe your incident: We are trying to send tcp logs via TLS. It does not seem to handshake

2. Describe your environment:
Linux Ubuntu

  • Package Version: Graylog 4.3.11

  • Service logs, configurations, and environment variables:
    Input Syslog TCP TLS, when we turn on TLS, we get no logs. TLS_Enable: false we get logs. We have tried a few different devices, but it does successfully create the TCP handshake.

  • expand_structured_data:


  • force_rdns:


  • max_message_size:


  • number_worker_threads:


  • override_source:

  • port:


  • recv_buffer_size:


  • store_full_message:


  • tcp_keepalive:


  • tls_cert_file:


  • tls_client_auth:


  • tls_client_auth_cert_file:

  • tls_enable:


  • tls_key_file:


  • tls_key_password:

  • use_null_delimiter:


3. What steps have you already taken to try and solve the problem?

4. How can the community help?

How do we troubleshoot the connection.

Helpful Posting Tips: Tips for Posting Questions that Get Answers [Hold down CTRL and link on link to open tips documents in a separate tab]

Hey @hrumbough

To be honest it could be a few diiferent things.

I personally use tcpdump on my linux servers, you can also “tail” your Graylog log file see what actually taking place.Once you enable TCP/TLS this will also effect you input/s, etc…

Maybe check this post out.

Thanks for that info. However, I want to make sure we are talking about the configuration in the same location within Graylog.

We are setting the cert and key info for a single input under System / Inputs → Inputs. We are only setting the http_tls_cert_file and http_tls_key_file fields then checking the http_enable_tls box. The key and cert were generated using the Graylog docs.

We have not touched the server.conf file for this. Do we need to make any changes to the server.conf file? In other words, do we need to configure SSL in the server.conf file AND for the input in the console to get SSL to work?

Hey @hrumbough

If you just want certificate for an INPUT you need to follow the documentation and place those certifcates where Graylog can access them I.E, Graylogs home directory is a good example. Also ensure the correct certificate is in the keystore and Graylog service can access them.

Next, if you noticed in the other post the settings

### Bind to localhost or IP Address ###
http_bind_address = 

### The URL need for HTTPS ####
http_publish_uri =

### Enable  HTTPS for TCP/TLS ###
http_enable_tls = true

#### The Two certificates made from the documentation.###
http_tls_cert_file = /etc/ssl/certs/graylog/graylog-certificate.pem
http_tls_key_file = /etc/ssl/certs/graylog/graylog-key.pem

###  PAssword/Code for the Key###
http_tls_key_password = secret

As for your INPUT


Hope that helps

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.