I am trying to encrypt the traffic between a Graylog Forwarder and another Graylog Node.
On the Graylog Node i have setup a ca.pem, a key.pem, and a certificate.pem.
I have also created the Forwarder Input which is using the certificate.pem and the key.pem.
(I would add a picture of the Input I have setup but as a new user in this Forum I can only post a single Image)
On the Forwarder i have setup a stream and the corresponding Output which points at the input of the other Graylog Node.
I then transferred the ca.pem to the Forwarder and setup the Output to use the ca.pem file so that it can verify the Server certificate.
When I am trying to connect to the Graylog Node via the openssl s_client program everything works fine. (Here I am also specifying the ca.pem)
When I look at the Stream Output, the messages are shown as being forwarded
BUT
When Graylog is trying to Forward the Log messages to the Server I am getting the following errors:
2020-07-23T09:32:20.299+02:00 INFO [ForwarderOutput] Launched Forwarder output [Output/5f193ca70cb76c4e060291d8] successfully.
2020-07-23T09:32:30.203+02:00 ERROR [GRPCStreamingSenderClient] A gRPC client error occurred: [UNAVAILABLE: io exception
Channel Pipeline: [SslHandler#0, ProtocolNegotiators$ClientTlsHandler#0, WriteBufferingAndExceptionHandler#0, DefaultChannelPipeline$TailContext#0]]
2020-07-23T09:32:30.211+02:00 INFO [GRPCStreamingSenderClient] Restarting Forwarder network sender in [10000 MILLISECONDS]…
2020-07-23T09:32:30.708+02:00 ERROR [GRPCStreamingSenderClient] An error occurred while sending message [call was cancelled]
And on the Graylog Node itself I am not recieving anything.
Any Ideas regarding the GRPC Error Messages would be helpful.
Yes the time on both servers is in sync and firewall is disabled on both servers.
When i disable TLS between those two, then the messages are being forwarded without any problem.
I also thought it could be a problem with the certificates but then i would expect that there are messages in the logs about it.
Is there any way to verbose the logging of Graylog?
When using GELF TCP with TLS enabled as Input on the Server instead of Forwarder Input everything works as expected. Even while using the same Certificate, CA and Key.
@bjarneeins how was the certificate issued? You may need to add the “Graylog Node”'s certificate to the forwarder’s jvm trust store so that the forwarder trusts it.