Log Forwarder - r-syslog TLS Encryption

%3CLINGO-SUB%20id%3D%22lingo-sub-3193125%22%20slang%3D%22en-US%22%3ELog%20Forwarder%20-%20r-syslog%20TLS%20Encryption%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3193125%22%20slang%3D%22en-US%22%3E%3CP%3EGood%20day%20to%20all%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20are%20working%20on%20the%20configuration%20of%20TLS%20rsyslog%20service%20encryption%20and%20decided%20to%20try%20with%20a%20self-signed%20certificate.%20We%20walked%20through%20this%20manual%3A%20%3CA%20href%3D%22https%3A%2F%2Fwww.rsyslog.com%2Fdoc%2Fv8-stable%2Ftutorials%2Ftls_cert_summary.html%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3ERSyslog%20Documentation%20-%20rsyslog%3C%2FA%3E%20(created%20a%20CA%2C%20issued%20certificates%2C%20keys%2C%20etc.)%20but%20had%20no%20success.%20We%20did%20the%20configuration%20only%20on%20the%20server%20side%20(log%20forwarder)%20and%20%3CSTRONG%3Enot%20on%20the%20client%3C%2FSTRONG%3E.%20The%20log%20source%20is%20a%20Cortex%20XDR%20cloud%20platform%2C%20so%20we%20cannot%20configure%20anything%20on%20its%20side.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFrom%20the%20Cortex%20XDR%20manual%3A%26nbsp%3B%3C%2FP%3E%3CDIV%20class%3D%22%22%3E%22If%20your%20Syslog%20receiver%20uses%20a%20self-signed%20CA%2C%3CSPAN%3E%26nbsp%3BBrowse%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3Eand%20upload%20your%20self-signed%20Syslog%20receiver%20CA.%22%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%20class%3D%22%22%3E%3CSPAN%3EWe%20uploaded%20the%20certificate%2C%20but%20it%20doesn't.%20work.%20Cortex%20XDR%20cannot%20verify%20the%20connection.%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%20class%3D%22%22%3E%3CDIV%3E%3CDIV%3E%3CSPAN%3EForwarding%20unencrypted%20logs%20works%20perfectly.%26nbsp%3B%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHas%20anybody%20configured%20TLS%20rsyslog%3F%26nbsp%3B%26nbsp%3BI%20would%20kindly%20appreciate%20any%20advice%20on%20it.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3215918%22%20slang%3D%22en-US%22%3ERe%3A%20Log%20Forwarder%20-%20r-syslog%20TLS%20Encryption%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3215918%22%20slang%3D%22en-US%22%3EI%20don't%20believe%20that%20nobody%20but%20only%20me%20has%20this%20issue%20with%20the%20TLS%20configuration%20of%20rsyslog.%3C%2FLINGO-BODY%3E
Contributor

Good day to all,

 

We are working on the configuration of TLS rsyslog service encryption and decided to try with a self-signed certificate. We walked through this manual: RSyslog Documentation - rsyslog (created a CA, issued certificates, keys, etc.) but had no success. We did the configuration only on the server side (log forwarder) and not on the client. The log source is a Cortex XDR cloud platform, so we cannot configure anything on its side.

 

From the Cortex XDR manual: 

"If your Syslog receiver uses a self-signed CA, Browse and upload your self-signed Syslog receiver CA."
We uploaded the certificate, but it doesn't. work. Cortex XDR cannot verify the connection.
Forwarding unencrypted logs works perfectly. 

 

Has anybody configured TLS rsyslog?  I would kindly appreciate any advice on it.

 

1 Reply
I don't believe that nobody but only me has this issue with the TLS configuration of rsyslog.