TIBCO LogLogic LMI - Using openssl to test sending data over TLS syslog
Article ID: KB0079347
Updated On:
| Products | Versions |
|---|---|
| TIBCO LogLogic Log Management Intelligence | 6.2.0 and higher |
Description
Version 6.2.0 and higher of LogLogic LMI supports sending TLS TCP syslog data over port 514 or 6514 (by default). Additional ports can be configured if necessary. In some scenarios you may wish to send a test message from a source device to check the connectivity.
Note that this test assumes that your appliance's TLS TCP syslog configuration has already been completed. By default, this feature is enabled however, by default it reuses the certificate used by LMI for receiving events from Blue Coat proxy log sources over HTTPS. The Blue Coat certificate is generated as a result of choosing to have it generated as part of executing the 'set ip' command as root for the LMI appliance. This means after executing the 'set ip' command if the option to not create the Blue Coat certificate was chosen then the TLS TCP syslog configuration will be incomplete because the default certificate will be missing. To have a valid default configuration requires generating the Blue Coat certificate. If you don't know whether that certificate was ever created or you know you need to create it then refer to article 000037324.
Note that this test assumes that your appliance's TLS TCP syslog configuration has already been completed. By default, this feature is enabled however, by default it reuses the certificate used by LMI for receiving events from Blue Coat proxy log sources over HTTPS. The Blue Coat certificate is generated as a result of choosing to have it generated as part of executing the 'set ip' command as root for the LMI appliance. This means after executing the 'set ip' command if the option to not create the Blue Coat certificate was chosen then the TLS TCP syslog configuration will be incomplete because the default certificate will be missing. To have a valid default configuration requires generating the Blue Coat certificate. If you don't know whether that certificate was ever created or you know you need to create it then refer to article 000037324.
Issue/Introduction
For testing purposes it may be useful to send a test message to check that TLS is working. This article explains how to send the test message.
Resolution
From the CLI on the source device run the following command:
$ openssl s_client -connect <lmi_ip>:6514
You will now be able to type a test message in the terminal after the OpenSSL output followed by a period. To quit out of the OpenSSL prompt you can now press CTRL+C.
If you now check the LogLogic LMI appliance you will see a new log source from the source device IP from which the message was sent. You can search for that test message using LMI. You can also repeat the test and run a tcpdump to show that the traffic in transit was encrypted.
$ openssl s_client -connect <lmi_ip>:6514
You will now be able to type a test message in the terminal after the OpenSSL output followed by a period. To quit out of the OpenSSL prompt you can now press CTRL+C.
If you now check the LogLogic LMI appliance you will see a new log source from the source device IP from which the message was sent. You can search for that test message using LMI. You can also repeat the test and run a tcpdump to show that the traffic in transit was encrypted.
Feedback
Yes
No
Powered by
