Hi,

I think the issue is caused by logstash forwarder requiring TLS 1.2 and
NXLog wanting SSLv3. Currently this can only be changed in NXLog by
modifying the code.

I'm not familiar with logstash forwarder but AFAIK it uses its own
protocol. Even if the ssl version wasn't an issue, are you sure the two
would be able to communicate?

Regards,
Botond


On Mon, 6 Oct 2014 09:45:07 +0700
Noel Lingga <maclin...@gmail.com> wrote:

> I am running nxlog on Centos as Server.
> 
> 
> Server :
> nxlog]# java -version
> java version “1.7.0_25″
> Java(TM) SE Runtime Environment (build 1.7.0_25-b15)
> Java HotSpot(TM) Client VM (build 23.25-b01, mixed mode)
> 
> nxlog.log
> 
> 2014-10-03 11:19:19 INFO SSL connection accepted from 192.168.xx.xxx:58454
> 2014-10-03 11:19:19 ERROR SSL error, SSL_ERROR_SSL: retval -1, wrong
> version number,
> 2014-10-03 11:19:19 WARNING SSL connection closed from 192.168.xx.xxx:58454
> 
> 
> 
> 
> Client:  ( logstash-forwarder )
> 2014/10/03 15:08:12.703193 Connecting to [10.147.xxx.xx]:6514
> (10.147.252.13)
> 2014/10/03 15:08:12.713337 Failed to tls handshake with 10.147.xxx.xx local
> error: protocol version not supported
> 2014/10/03 15:08:13.713718 Connecting to [10.147.xxx.xx]:6514
> (10.147.xxx.xx)
> 2014/10/03 15:08:13.715624 Failed to tls handshake with 10.147.xxx.xx local
> error: protocol version not supported
> 2014/10/03 15:08:14.716015 Connecting to [10.147.xxx.xx]:6514
> (10.147.xxx.xx)
> 
> 
> # java -version
> java version “1.7.0_67″
> Java(TM) SE Runtime Environment (build 1.7.0_67-b01)
> Java HotSpot(TM) Client VM (build 24.65-b04, mixed mode, sharing)
> 
> 
> All key and certificate are OK .. tested with openssl s_server and s_client
> ==> connected.
> 
> Please advice how to solve this problem.
> is the config file OK or not ?
> 
> 
> # more /usr/local/etc/nxlog/nxlog.conf
> ########################################
> # Global directives                    #
> ########################################
> User nxlog
> Group nxlog
> 
> LogFile /var/log/nxlog/nxlog.log
> #LogLevel DEBUG
> LogLevel INFO
> 
> ########################################
> # Modules                              #
> ########################################
> 
> # NXlog syslog extension activation (needed to receive syslog messages)
> <Extension _syslog>
>     Module      xm_syslog
> </Extension>
> 
> # NXlog JSON extension activation (needed to forward messages to Logstash)
> <Extension json>
>     Module      xm_json
> </Extension>
> 
> ## NXlog input to receive UDP syslog messages on standard UDP port.
> ## Note the parse syslog input to json exec.
> #<Input in_udp>
> #    Module      im_udp
> #    Host        0.0.0.0
> #    Port        514
> #    Exec        parse_syslog(); to_json();
> #</Input>
> 
> <Input in_ssl>
>     Module      im_ssl
>     Host        0.0.0.0
>     Port        6514
>     CAFile      /nxlog/LinggaCA-cert.pem
>     CertFile    /nxlog/server-cert.pem
>     CertKeyFile /nxlog/server-key.pem
>     KeyPass     xxxxxxxxx
>     InputType   Binary
> </Input>
> 
> 
> ########################################
> # Routes                               #
> ########################################
> 
> # The buffer needed to NOT loose events when Logstash restarts
> <Processor buffer_udp>
>     Module      pm_buffer
>     # 1Mb buffer
>     MaxSize 512
>     Type Mem
>     # warn at 512k
>     WarnLimit 256
> </Processor>
> 
> ## NXlog output to forward everything to Logstash listening on Localhost
> port 5140.
> #<Output out_tcp>
> #    Module      om_tcp
> #    Port        5140
> #    Host        localhost
> #</Output>
> 
> <Output nxlog_out>
>     Module      om_file
>     File "/var/log/nxlog/nxlog.out"
> </Output>
> 
> 
> # Let's tie all pieces together with a NXlog route
> <Route udp>
> #    Path        in_udp => buffer_udp => nxlog_out
>     Path        in_ssl => buffer_udp => nxlog_out
> </Route>
> 
> 
> 
> Best regards,
> Noel

------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
nxlog-ce-users mailing list
nxlog-ce-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users

Reply via email to