AnsweredAssumed Answered

R80.20 syslog - TLS

Question asked by Ethan Keaton on Oct 4, 2018
Latest reply on Oct 7, 2018 by Yonatan Philip

Scenario: Sending events to remote syslog server encrypted (TLS) with log exporter.

Successfully receive clear text logs to remote server. Again TLS fails. Is there a configuration within the policy that need to enable (ie. rules, syslog server object, etc)? 

The remote syslog server is running syslog-ng 3.16.  Is this a cert issue? 

 

Don't understand the reference about the LEA... LEA is not in use. 

 

Getting the following errors: 

 

[log_indexer 17057 4093631296]@cpmgmt01[4 Oct 15:44:13] Start reading 127.0.0.1:online logs [log] [1538636400] at position 53142

 [log_indexer 17057 4074761024]@cpmgmt01[4 Oct 15:44:13] Start reading 127.0.0.1:online logs [adtlog] [1538636400] at position 25

 [log_indexer 17057 4102024000]@cpmgmt01[4 Oct 15:44:18] LogFetcherLea::IsSubscribeLeaToDb This is not SmartEvent Device

[log_indexer 17057 4102024000]@cpmgmt01[4 Oct 15:44:18] LogFetcherLea::IsSubscribeLeaToDb This is not SmartEvent Device

[log_indexer 17057 4102024000]@cpmgmt01[4 Oct 15:44:18] Files read rate [log] : Current=0 Avg=0 MinAvg=0 Total=0 buffers (0/0/0/0)

[log_indexer 17057 4102024000]@cpmgmt01[4 Oct 15:44:18] Sent  current: 0   total: 0

[log_indexer 17057 4121975616]@cpmgmt01[4 Oct 15:44:18] TcpTlsSender::MakeConnection call: certificate file: [/opt/CPrt-R80.20/log_exporter/targets/syslogserver/certs/log_exporter.p12] CA file: [/opt/CPrt-R80.20/log_exporter/targets/syslogserver/certs/RootCA.pem]

 [log_indexer 17057 4121975616]@cpmgmt01[4 Oct 15:44:18] TcpTlsSender::MakeConnection: keyHolder initiated OK

 [log_indexer 17057 4121975616]@cpmgmt01[4 Oct 15:44:18] prefix: /opt/CPrt-R80.20/log_exporter/targets/syslogserver/certs/RootCA.pem cert: Email=blah@blah.com,CN=10.10.10.145,OU=BT ATM Certificate Authority,O=Lab Plc.,L=Nowhere,ST=Nowhere,C=US

 [log_indexer 17057 4121975616]@cpmgmt01[4 Oct 15:44:18] TcpTlsSender::MakeConnection: create new fwCert to CA succeeded

 [log_indexer 17057 4121975616]@cpmgmt01[4 Oct 15:44:18] TcpTlsSender::MakeConnection: create ckpSSLparams_New succeeded

[log_indexer 17057 4083153728]@cpmgmt01[4 Oct 15:44:18] Files read rate [adtlog] : Current=0 Avg=0 MinAvg=0 Total=0 buffers (0/0/0/0)

[log_indexer 17057 4083153728]@cpmgmt01[4 Oct 15:44:18] Sent  current: 0   average: 0 total: 0

 [log_indexer 17057 4121975616]@cpmgmt01[4 Oct 15:44:18] TcpTlsSender::MakeConnection: ckpSSL_Connect failed error: unknown

Outcomes