Clients doesn't forward logs to remote syslog server

kathirvel

New Member
Joined
Oct 7, 2020
Messages
3
Reaction score
0
Credits
27
Hi Everyone,

We have configured all the clients to forward it's log messages to remote syslog server. It is traversing over TCP port 514 and we do have certificates generated for each client. 90% of servers are sending logs perfect, but very few servers suddenly stops sending to remote syslog server.

We get following error messages while debugging,

unexpected GnuTLS error -9 in nsd_gtls.c:1653: A TLS packet with unexpected length was received. --> This error message in Oracle Enterprise Linux 6
unexpected GnuTLS error -110 in nsd_gtls.c:1840: The TLS connection was non-properly terminated --> This error message in Oracle Enterprise Linux 7

We are unable to identify what is causing this issue, Can anyone help me on this.
 


Do a network capture on both one of the clients and on the syslog server side.
Capture1 from the client side: capture traffic from the client to the server
Capture2 from the server to the client: capture traffic from the server to the client.

Use wireshark to analyze the traffic and look for TLS traffic, and you could also try enabling debugging mode on the client side to see if that gives any more useful information.
 
Do a network capture on both one of the clients and on the syslog server side.
Capture1 from the client side: capture traffic from the client to the server
Capture2 from the server to the client: capture traffic from the server to the client.

Use wireshark to analyze the traffic and look for TLS traffic, and you could also try enabling debugging mode on the client side to see if that gives any more useful information.
Thanks, have verified with tcpdump and we see Reset flag from remote server most of the time.
 

Members online


Latest posts

Top