Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Syslog with TLS Input configuration

https://support.nagios.com/forum/viewtopic.php?t=43119

Page 1 of 1

Syslog with TLS Input configuration

Posted: Mon Mar 27, 2017 9:58 am
by mfur
Hello,

I need to set up Nagios Logging server as a syslog-tls sink (for Bluemix / CloudFoundry). I failed to find documentation on how to do that.

I generated TLS certificates and attempted to configure Inputs but failed:

Attempt #1:

Code: Select all

syslog {
    type => 'syslog'
    port => 5545
    ssl_cacert => "/etc/pki/tls/certs/rootCA.pem"
    ssl_cert => "/etc/pki/tls/certs/device-nls.crt"
    ssl_key => "/etc/pki/tls/private/device-nls.key"
    ssl_enable => true
}

I get errors at Verify Configuration:
{:timestamp=>"2017-03-27T15:19:22.405000+0200", :message=>"Unknown setting 'ssl_cacert' for syslog", :level=>:error}
{:timestamp=>"2017-03-27T15:19:22.411000+0200", :message=>"Unknown setting 'ssl_cert' for syslog", :level=>:error}
{:timestamp=>"2017-03-27T15:19:22.412000+0200", :message=>"Unknown setting 'ssl_key' for syslog", :level=>:error}
{:timestamp=>"2017-03-27T15:19:22.412000+0200", :message=>"Unknown setting 'ssl_enable' for syslog", :level=>:error}
Error: Something is wrong with your configuration.

Attempt #2:

Code: Select all

tcp {
    type => 'syslog'
    port => 5545
    ssl_cacert => "/etc/pki/tls/certs/rootCA.pem"
    ssl_cert => "/etc/pki/tls/certs/device-nls.crt"
    ssl_key => "/etc/pki/tls/private/device-nls.key"
    ssl_enable => true
}

This configuration is accepted, but I don’t get logs. I do get logs when using syslog without TLS, so firewall or client is not a problem.

How to approach that?

Re: Syslog with TLS Input configuration

Posted: Mon Mar 27, 2017 10:34 am
by scottwilkerson
Attempt #2 is going to be the only way to accomplish this.

If you aren't getting logs with Attempt #2, I would either question that your syslog sender is setup to use TLS, and if so then I would look to the logstash logs for errors

Code: Select all

tail -f /var/log/logstash/logstash.log

Re: Syslog with TLS Input configuration

Posted: Tue Mar 28, 2017 7:43 am
by mfur
Thank you for your feedback. Issue is solved - indeed configuration #2 worked, but it looks like it needed some time and restarts on both client and server to take effect.

Re: Syslog with TLS Input configuration

Posted: Tue Mar 28, 2017 9:58 am
by cdienger
Glad we were able to help you out! Was there anything else related to this we can help with or are we okay to close the thread?

Re: Syslog with TLS Input configuration

Posted: Wed Mar 29, 2017 1:43 am
by mfur
Thread can be closed, thanks.
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited