Configure tcp input to accept syslog over ssl

This is my input config, but I don't get anything passed input in my pipeline or I would see something in my ruby debug output. No errors in the log.

> tcp {
>          type => "syslog"
>          port => "4000"
>          tags => [ "SysLog" ]
>          ssl_enable => true
>          ssl_cert => "/usr/share/logstash/logstash_site.crt"
>          ssl_key => "/usr/share/logstash/logstash-site.key"
>         # ssl_extra_chain_certs => ["/usr/share/logstash/"]
>          ssl_verify => false

How do I configure my type argument here? is it still just "syslog"??

type doesn’t matter, it can be anything.
you should check the sender for errors after the logstash listen on that port

What do you mean by sender? There are no errors on the source and I can capture the traffic with tcpdump on Logstash..

if you're sure that the traffic has reach logstash on the designated port, then if you configure stdout output, you should see logstash printing the traffic in the stdout.

1 Like

thank you. I do send to stdout but still can't see anything.. Will it print anything even if ssl config is incorrect?

if you're sending output stdout, and not doing any filtering, then yes logstash will print whatever it receives in the input to stdout. If you don't see anything, then I would suspect that there's input problem.

you can try sending(from the source) and receiving the log (with logstash) without ssl to confirm whether it's ssl issue

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.