Syslog client disconnected due to a SSL handshake problem alert generated in Aria Operations for Logs
Article ID: 342059
Updated On:
Products
VCF Operations/Automation (formerly VMware Aria Suite)
Issue/Introduction
- The syslog client is configured to send syslog to Aria Operations for Logs over TCP port 1514 with SSL encryption but unable to.
- The following alert is generated in Aria Operations for Logs:
Syslog client <name or ip of syslog client> disconnected due to a SSL handshake problem. This may be a problem with the SSL Certificate or with the Network Time Service. In order for Log Insight to accept syslog messages over SSL, a certificate that is validated by the client is required and the clocks of the systems must be in sync.Log messages from <name or ip of syslog client> are not being accepted, reconfigure that system to not use SSL or see Online Help for instructions on how to install a new SSL certificate. /storage/var/loginsight/runtime.logof Aria Operations for Logs has below error:Syslog ssltcp disconnect by <name or ip of syslog client> from port <port number>: Remote host terminated the handshake
Environment
Aria Operations for Logs 8.x
Cause
Syslog client doesn't trust the certificate of Aria Operations for Logs thus is unable to send syslog over SSL.
Resolution
The issue can be mitigated in either of the two ways:
- Change the port to the default port 514 without SSL.
- Configure syslog client to trust the certificate of Aria Operations for Logs.
Feedback
Yes
No
Powered by
