Hi, I think the issue is caused by logstash forwarder requiring TLS 1.2 and NXLog wanting SSLv3. Currently this can only be changed in NXLog by modifying the code.
I'm not familiar with logstash forwarder but AFAIK it uses its own protocol. Even if the ssl version wasn't an issue, are you sure the two would be able to communicate? Regards, Botond On Mon, 6 Oct 2014 09:45:07 +0700 Noel Lingga <maclin...@gmail.com> wrote: > I am running nxlog on Centos as Server. > > > Server : > nxlog]# java -version > java version “1.7.0_25″ > Java(TM) SE Runtime Environment (build 1.7.0_25-b15) > Java HotSpot(TM) Client VM (build 23.25-b01, mixed mode) > > nxlog.log > > 2014-10-03 11:19:19 INFO SSL connection accepted from 192.168.xx.xxx:58454 > 2014-10-03 11:19:19 ERROR SSL error, SSL_ERROR_SSL: retval -1, wrong > version number, > 2014-10-03 11:19:19 WARNING SSL connection closed from 192.168.xx.xxx:58454 > > > > > Client: ( logstash-forwarder ) > 2014/10/03 15:08:12.703193 Connecting to [10.147.xxx.xx]:6514 > (10.147.252.13) > 2014/10/03 15:08:12.713337 Failed to tls handshake with 10.147.xxx.xx local > error: protocol version not supported > 2014/10/03 15:08:13.713718 Connecting to [10.147.xxx.xx]:6514 > (10.147.xxx.xx) > 2014/10/03 15:08:13.715624 Failed to tls handshake with 10.147.xxx.xx local > error: protocol version not supported > 2014/10/03 15:08:14.716015 Connecting to [10.147.xxx.xx]:6514 > (10.147.xxx.xx) > > > # java -version > java version “1.7.0_67″ > Java(TM) SE Runtime Environment (build 1.7.0_67-b01) > Java HotSpot(TM) Client VM (build 24.65-b04, mixed mode, sharing) > > > All key and certificate are OK .. tested with openssl s_server and s_client > ==> connected. > > Please advice how to solve this problem. > is the config file OK or not ? > > > # more /usr/local/etc/nxlog/nxlog.conf > ######################################## > # Global directives # > ######################################## > User nxlog > Group nxlog > > LogFile /var/log/nxlog/nxlog.log > #LogLevel DEBUG > LogLevel INFO > > ######################################## > # Modules # > ######################################## > > # NXlog syslog extension activation (needed to receive syslog messages) > <Extension _syslog> > Module xm_syslog > </Extension> > > # NXlog JSON extension activation (needed to forward messages to Logstash) > <Extension json> > Module xm_json > </Extension> > > ## NXlog input to receive UDP syslog messages on standard UDP port. > ## Note the parse syslog input to json exec. > #<Input in_udp> > # Module im_udp > # Host 0.0.0.0 > # Port 514 > # Exec parse_syslog(); to_json(); > #</Input> > > <Input in_ssl> > Module im_ssl > Host 0.0.0.0 > Port 6514 > CAFile /nxlog/LinggaCA-cert.pem > CertFile /nxlog/server-cert.pem > CertKeyFile /nxlog/server-key.pem > KeyPass xxxxxxxxx > InputType Binary > </Input> > > > ######################################## > # Routes # > ######################################## > > # The buffer needed to NOT loose events when Logstash restarts > <Processor buffer_udp> > Module pm_buffer > # 1Mb buffer > MaxSize 512 > Type Mem > # warn at 512k > WarnLimit 256 > </Processor> > > ## NXlog output to forward everything to Logstash listening on Localhost > port 5140. > #<Output out_tcp> > # Module om_tcp > # Port 5140 > # Host localhost > #</Output> > > <Output nxlog_out> > Module om_file > File "/var/log/nxlog/nxlog.out" > </Output> > > > # Let's tie all pieces together with a NXlog route > <Route udp> > # Path in_udp => buffer_udp => nxlog_out > Path in_ssl => buffer_udp => nxlog_out > </Route> > > > > Best regards, > Noel ------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk _______________________________________________ nxlog-ce-users mailing list nxlog-ce-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users