Hi Botond,
i see ...so the differences is in the encryption method.
yes ... i want the two would be able to communicate. please help me how to
make it work.
Regards,
Noel
On Thu, Oct 9, 2014 at 10:38 PM, Botond Botyanszki <b...@nxlog.org> wrote:
> Hi,
>
> I think the issue is caused by logstash forwarder requiring TLS 1.2 and
> NXLog wanting SSLv3. Currently this can only be changed in NXLog by
> modifying the code.
>
> I'm not familiar with logstash forwarder but AFAIK it uses its own
> protocol. Even if the ssl version wasn't an issue, are you sure the two
> would be able to communicate?
>
> Regards,
> Botond
>
>
> On Mon, 6 Oct 2014 09:45:07 +0700
> Noel Lingga <maclin...@gmail.com> wrote:
>
> > I am running nxlog on Centos as Server.
> >
> >
> > Server :
> > nxlog]# java -version
> > java version “1.7.0_25″
> > Java(TM) SE Runtime Environment (build 1.7.0_25-b15)
> > Java HotSpot(TM) Client VM (build 23.25-b01, mixed mode)
> >
> > nxlog.log
> >
> > 2014-10-03 11:19:19 INFO SSL connection accepted from
> 192.168.xx.xxx:58454
> > 2014-10-03 11:19:19 ERROR SSL error, SSL_ERROR_SSL: retval -1, wrong
> > version number,
> > 2014-10-03 11:19:19 WARNING SSL connection closed from
> 192.168.xx.xxx:58454
> >
> >
> >
> >
> > Client: ( logstash-forwarder )
> > 2014/10/03 15:08:12.703193 Connecting to [10.147.xxx.xx]:6514
> > (10.147.252.13)
> > 2014/10/03 15:08:12.713337 Failed to tls handshake with 10.147.xxx.xx
> local
> > error: protocol version not supported
> > 2014/10/03 15:08:13.713718 Connecting to [10.147.xxx.xx]:6514
> > (10.147.xxx.xx)
> > 2014/10/03 15:08:13.715624 Failed to tls handshake with 10.147.xxx.xx
> local
> > error: protocol version not supported
> > 2014/10/03 15:08:14.716015 Connecting to [10.147.xxx.xx]:6514
> > (10.147.xxx.xx)
> >
> >
> > # java -version
> > java version “1.7.0_67″
> > Java(TM) SE Runtime Environment (build 1.7.0_67-b01)
> > Java HotSpot(TM) Client VM (build 24.65-b04, mixed mode, sharing)
> >
> >
> > All key and certificate are OK .. tested with openssl s_server and
> s_client
> > ==> connected.
> >
> > Please advice how to solve this problem.
> > is the config file OK or not ?
> >
> >
> > # more /usr/local/etc/nxlog/nxlog.conf
> > ########################################
> > # Global directives #
> > ########################################
> > User nxlog
> > Group nxlog
> >
> > LogFile /var/log/nxlog/nxlog.log
> > #LogLevel DEBUG
> > LogLevel INFO
> >
> > ########################################
> > # Modules #
> > ########################################
> >
> > # NXlog syslog extension activation (needed to receive syslog messages)
> > <Extension _syslog>
> > Module xm_syslog
> > </Extension>
> >
> > # NXlog JSON extension activation (needed to forward messages to
> Logstash)
> > <Extension json>
> > Module xm_json
> > </Extension>
> >
> > ## NXlog input to receive UDP syslog messages on standard UDP port.
> > ## Note the parse syslog input to json exec.
> > #<Input in_udp>
> > # Module im_udp
> > # Host 0.0.0.0
> > # Port 514
> > # Exec parse_syslog(); to_json();
> > #</Input>
> >
> > <Input in_ssl>
> > Module im_ssl
> > Host 0.0.0.0
> > Port 6514
> > CAFile /nxlog/LinggaCA-cert.pem
> > CertFile /nxlog/server-cert.pem
> > CertKeyFile /nxlog/server-key.pem
> > KeyPass xxxxxxxxx
> > InputType Binary
> > </Input>
> >
> >
> > ########################################
> > # Routes #
> > ########################################
> >
> > # The buffer needed to NOT loose events when Logstash restarts
> > <Processor buffer_udp>
> > Module pm_buffer
> > # 1Mb buffer
> > MaxSize 512
> > Type Mem
> > # warn at 512k
> > WarnLimit 256
> > </Processor>
> >
> > ## NXlog output to forward everything to Logstash listening on Localhost
> > port 5140.
> > #<Output out_tcp>
> > # Module om_tcp
> > # Port 5140
> > # Host localhost
> > #</Output>
> >
> > <Output nxlog_out>
> > Module om_file
> > File "/var/log/nxlog/nxlog.out"
> > </Output>
> >
> >
> > # Let's tie all pieces together with a NXlog route
> > <Route udp>
> > # Path in_udp => buffer_udp => nxlog_out
> > Path in_ssl => buffer_udp => nxlog_out
> > </Route>
> >
> >
> >
> > Best regards,
> > Noel
>
>
> ------------------------------------------------------------------------------
> Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
> Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
> Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
> Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
>
> http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
> _______________________________________________
> nxlog-ce-users mailing list
> nxlog-ce-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
>
------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://p.sf.net/sfu/Zoho
_______________________________________________
nxlog-ce-users mailing list
nxlog-ce-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
