We are using Logstash to accept TLS encrypted TCP syslog messages from various devices. Some work fine, but some don't. Looking at a packet capture, we can see that after the TLS handshake, Logstash sends a TCP FIN, just as the client is about to send its data. We have increased the log level in Logstash to debug, but there is nothing in the logs related to this issue. We have a local certificate authority and all devices have the CA cert installed. I was wondering if anybody else had experienced something similar, or had any pointers on things to investigate further? Thanks.
Are you doing this with a TCP input? Did you unset ssl_verify? The TCP input requires a client certificate by default. If you don't submit one with the client hello I would expect it to drop the connection.
logstash relies on other code (netty) to negotiate and implement TLS, so it will never log anything more than the configuration it passes to netty.
Yes, we are using a TCP input. We already have unset ssl_verify, but thanks for the reminder because that could easily have been the cause.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.