Syslog with TLS Input configuration

This support forum board is for support questions relating to Nagios Log Server, our solution for managing and monitoring critical log data.
Locked
mfur
Posts: 8
Joined: Mon Mar 27, 2017 5:15 am

Syslog with TLS Input configuration

Post by mfur »

Hello,

I need to set up Nagios Logging server as a syslog-tls sink (for Bluemix / CloudFoundry). I failed to find documentation on how to do that.

I generated TLS certificates and attempted to configure Inputs but failed:

Attempt #1:

Code: Select all

syslog {
    type => 'syslog'
    port => 5545
    ssl_cacert => "/etc/pki/tls/certs/rootCA.pem"
    ssl_cert => "/etc/pki/tls/certs/device-nls.crt"
    ssl_key => "/etc/pki/tls/private/device-nls.key"
    ssl_enable => true
}

I get errors at Verify Configuration:
{:timestamp=>"2017-03-27T15:19:22.405000+0200", :message=>"Unknown setting 'ssl_cacert' for syslog", :level=>:error}
{:timestamp=>"2017-03-27T15:19:22.411000+0200", :message=>"Unknown setting 'ssl_cert' for syslog", :level=>:error}
{:timestamp=>"2017-03-27T15:19:22.412000+0200", :message=>"Unknown setting 'ssl_key' for syslog", :level=>:error}
{:timestamp=>"2017-03-27T15:19:22.412000+0200", :message=>"Unknown setting 'ssl_enable' for syslog", :level=>:error}
Error: Something is wrong with your configuration.

Attempt #2:

Code: Select all

tcp {
    type => 'syslog'
    port => 5545
    ssl_cacert => "/etc/pki/tls/certs/rootCA.pem"
    ssl_cert => "/etc/pki/tls/certs/device-nls.crt"
    ssl_key => "/etc/pki/tls/private/device-nls.key"
    ssl_enable => true
}

This configuration is accepted, but I don’t get logs. I do get logs when using syslog without TLS, so firewall or client is not a problem.

How to approach that?
Top
scottwilkerson
DevOps Engineer
Posts: 19396
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises
Contact:
Contact scottwilkerson

Re: Syslog with TLS Input configuration

Post by scottwilkerson »

Attempt #2 is going to be the only way to accomplish this.

If you aren't getting logs with Attempt #2, I would either question that your syslog sender is setup to use TLS, and if so then I would look to the logstash logs for errors

Code: Select all

tail -f /var/log/logstash/logstash.log
Former Nagios employee
Creator:
Human Design Website
Get Your Human Design Chart
Top
mfur
Posts: 8
Joined: Mon Mar 27, 2017 5:15 am

Re: Syslog with TLS Input configuration

Post by mfur »

Thank you for your feedback. Issue is solved - indeed configuration #2 worked, but it looks like it needed some time and restarts on both client and server to take effect.
Top
User avatar
cdienger
Support Tech
Posts: 5045
Joined: Tue Feb 07, 2017 11:26 am

Re: Syslog with TLS Input configuration

Post by cdienger »

Glad we were able to help you out! Was there anything else related to this we can help with or are we okay to close the thread?
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Top
mfur
Posts: 8
Joined: Mon Mar 27, 2017 5:15 am

Re: Syslog with TLS Input configuration

Post by mfur »

Thread can be closed, thanks.
Top
Locked

Return to “Nagios Log Server”