Scenario: Sending events to remote syslog server encrypted (TLS) with log exporter.
Successfully receive clear text logs to remote server. Again TLS fails. Is there a configuration within the policy that need to enable (ie. rules, syslog server object, etc)?
The remote syslog server is running syslog-ng 3.16. Is this a cert issue?
Don't understand the reference about the LEA... LEA is not in use.
Getting the following errors:
[log_indexer 17057 4093631296]@cpmgmt01[4 Oct 15:44:13] Start reading 127.0.0.1:online logs [log] [1538636400] at position 53142
[log_indexer 17057 4074761024]@cpmgmt01[4 Oct 15:44:13] Start reading 127.0.0.1:online logs [adtlog] [1538636400] at position 25
[log_indexer 17057 4102024000]@cpmgmt01[4 Oct 15:44:18] LogFetcherLea::IsSubscribeLeaToDb This is not SmartEvent Device
[log_indexer 17057 4102024000]@cpmgmt01[4 Oct 15:44:18] LogFetcherLea::IsSubscribeLeaToDb This is not SmartEvent Device
[log_indexer 17057 4102024000]@cpmgmt01[4 Oct 15:44:18] Files read rate [log] : Current=0 Avg=0 MinAvg=0 Total=0 buffers (0/0/0/0)
[log_indexer 17057 4102024000]@cpmgmt01[4 Oct 15:44:18] Sent current: 0 total: 0
[log_indexer 17057 4121975616]@cpmgmt01[4 Oct 15:44:18] TcpTlsSender::MakeConnection call: certificate file: [/opt/CPrt-R80.20/log_exporter/targets/syslogserver/certs/log_exporter.p12] CA file: [/opt/CPrt-R80.20/log_exporter/targets/syslogserver/certs/RootCA.pem]
[log_indexer 17057 4121975616]@cpmgmt01[4 Oct 15:44:18] TcpTlsSender::MakeConnection: keyHolder initiated OK
[log_indexer 17057 4121975616]@cpmgmt01[4 Oct 15:44:18] prefix: /opt/CPrt-R80.20/log_exporter/targets/syslogserver/certs/RootCA.pem cert: Email=blah@blah.com,CN=10.10.10.145,OU=BT ATM Certificate Authority,O=Lab Plc.,L=Nowhere,ST=Nowhere,C=US
[log_indexer 17057 4121975616]@cpmgmt01[4 Oct 15:44:18] TcpTlsSender::MakeConnection: create new fwCert to CA succeeded
[log_indexer 17057 4121975616]@cpmgmt01[4 Oct 15:44:18] TcpTlsSender::MakeConnection: create ckpSSLparams_New succeeded
[log_indexer 17057 4083153728]@cpmgmt01[4 Oct 15:44:18] Files read rate [adtlog] : Current=0 Avg=0 MinAvg=0 Total=0 buffers (0/0/0/0)
[log_indexer 17057 4083153728]@cpmgmt01[4 Oct 15:44:18] Sent current: 0 average: 0 total: 0
[log_indexer 17057 4121975616]@cpmgmt01[4 Oct 15:44:18] TcpTlsSender::MakeConnection: ckpSSL_Connect failed error: unknown