Log Forwarder - r-syslog TLS Encryption

Frequent Contributor

Good day to all,

 

We are working on the configuration of TLS rsyslog service encryption and decided to try with a self-signed certificate. We walked through this manual: RSyslog Documentation - rsyslog (created a CA, issued certificates, keys, etc.) but had no success. We did the configuration only on the server side (log forwarder) and not on the client. The log source is a Cortex XDR cloud platform, so we cannot configure anything on its side.

 

From the Cortex XDR manual: 

"If your Syslog receiver uses a self-signed CA, Browse and upload your self-signed Syslog receiver CA."
We uploaded the certificate, but it doesn't. work. Cortex XDR cannot verify the connection.
Forwarding unencrypted logs works perfectly. 

 

Has anybody configured TLS rsyslog?  I would kindly appreciate any advice on it.

 

1 Reply
I don't believe that nobody but only me has this issue with the TLS configuration of rsyslog.