Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Log Forwarder - r-syslog TLS Encryption

Steel Contributor

Good day to all,


We are working on the configuration of TLS rsyslog service encryption and decided to try with a self-signed certificate. We walked through this manual: RSyslog Documentation - rsyslog (created a CA, issued certificates, keys, etc.) but had no success. We did the configuration only on the server side (log forwarder) and not on the client. The log source is a Cortex XDR cloud platform, so we cannot configure anything on its side.


From the Cortex XDR manual: 

"If your Syslog receiver uses a self-signed CA, Browse and upload your self-signed Syslog receiver CA."
We uploaded the certificate, but it doesn't. work. Cortex XDR cannot verify the connection.
Forwarding unencrypted logs works perfectly. 


Has anybody configured TLS rsyslog?  I would kindly appreciate any advice on it.


1 Reply
I don't believe that nobody but only me has this issue with the TLS configuration of rsyslog.