Hi there We have set up our first Cisco ASA (8.4) to send syslog (TLS) messages through to graylog via
logging host outside ip.add.ress TCP/6666 secure We already have some Unix systems using rsyslog successfully doing the same thing, but the Cisco records aren't being accepted. A sniffer shows traffic coming in from the Cisco, but server.log reports the following. That sounds like the Cisco attempted to handshake TLS and then sent an alert to graylog stating the error was "certificate_unknown"? That would make sense, but our network group have no idea how to make the CA trusted. Can someone point me at something they need to read to do this properly? Thanks, Jason 2017-01-09T00:07:56.088Z ERROR [NettyTransport] Error in Input [Syslog TCP/570cc00b9cdbc22f13f5cecd] (channel [id: 0x525ae1a4, /1.2.3.4:56720 => / 4.3.2.1:6666]) javax.net.ssl.SSLException: Received fatal alert: certificate_unknown at sun.security.ssl.Alerts.getSSLException(Unknown Source) ~[?:1.8.0_77] at sun.security.ssl.SSLEngineImpl.fatal(Unknown Source) ~[?:1.8.0_77] at sun.security.ssl.SSLEngineImpl.fatal(Unknown Source) ~[?:1.8.0_77] at sun.security.ssl.SSLEngineImpl.recvAlert(Unknown Source) ~[?:1.8.0_77] at sun.security.ssl.SSLEngineImpl.readRecord(Unknown Source) ~[?:1.8.0_77] at sun.security.ssl.SSLEngineImpl.readNetRecord(Unknown Source) ~[?:1.8.0_77] at sun.security.ssl.SSLEngineImpl.unwrap(Unknown Source) ~[?:1.8.0_77] at javax.net.ssl.SSLEngine.unwrap(Unknown Source) ~[?:1.8.0_77] at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1219) ~[graylog.jar:?] at org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:852) ~[graylog.jar:?] at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:425) ~[graylog.jar:?] at org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:303) ~[graylog.jar:?] at org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70) ~[graylog.jar:?] at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564) [graylog.jar:?] at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:559) [graylog.jar:?] at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:268) [graylog.jar:?] at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:255) [graylog.jar:?] at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88) [graylog.jar:?] at org.jboss.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.java:108) [graylog.jar:?] at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:337) [graylog.jar:?] at org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:89) [graylog.jar:?] at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178) [graylog.jar:?] at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108) [graylog.jar:?] at org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42) [graylog.jar:?] at com.codahale.metrics.InstrumentedExecutorService$InstrumentedRunnable.run(InstrumentedExecutorService.java:176) [graylog.jar:?] at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [?:1.8.0_77] at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [?:1.8.0_77] at java.lang.Thread.run(Unknown Source) [?:1.8.0_77] -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/CAFChrgLt-7-4MWjn4rv7Uf-Z861oO7bo-KGCzhrmUGNTMsaeJQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
