Syslog client disconnected due to a SSL handshake problem alert generated in Log Insight
search cancel

Syslog client disconnected due to a SSL handshake problem alert generated in Log Insight

book

Article ID: 342059

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

Within Log Insight the following alert is generating constantly:
Syslog client <name of host> disconnected due to an SSL handshake problem

Within the /storage/var/loginsight/runtime.log you see this:

[2019-08-04 15:40:01.605+0000] ["Thread-50325510"/10.9.10.41 ERROR] [com.vmware.loginsight.ingestion.syslog.SyslogEventHandler] [Syslog ssltcp exception by <host name> from port 41882]
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
at sun.security.ssl.InputRecord.handleUnknownRecord(Unknown Source)
at sun.security.ssl.InputRecord.read(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
at sun.security.ssl.AppInputStream.read(Unknown Source)
at sun.security.ssl.AppInputStream.read(Unknown Source)
at org.productivity.java.syslog4j.server.impl.net.tcp.SyslogMessageReader.nextOctetMessage(SyslogMessageReader.java:91)
at org.productivity.java.syslog4j.server.impl.net.tcp.SyslogMessageReader.nextMessage(SyslogMessageReader.java:182)
at org.productivity.java.syslog4j.server.impl.net.tcp.TCPNetSyslogServer$TCPNetSyslogSocketHandler.run(TCPNetSyslogServer.java:94)
at java.lang.Thread.run(Unknown Source)


Environment

VMware vRealize Log Insight 4.8.x
VMware vRealize Log Insight 8.x
VMware vRealize Log Insight 4.7.x

Cause

Within the syslog forwarding configuration, the syslog protocol is set to TCP with port set to 1514. This port is for SSL.

Resolution

Change the port to 514 and events from syslog will arrive as expected.

Additional Information



Powered by Wolken Software