Log Forwarding using SSL stops working after upgrade to 8.18
search cancel

Log Forwarding using SSL stops working after upgrade to 8.18

book

Article ID: 387070

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

After upgrading Aria Operations for Logs to 8.18, the destination stops receiving the forwarded logs.

The following logs can be seen in /storage/core/loginsight/var/runtime.log:

[YYYY-MM-DD ##:##:##] ["IngestionForwarder-thread-1"/##.##.##.## INFO] [com.vmware.loginsight.ingestion.forwarding.SyslogForwarder] [Retry forwarding the previous data pack to target 'TargetName'.]
[YYYY-MM-DD ##:##:##] ["IngestionForwarder-thread-1"/##.##.##.## ERROR] [com.vmware.loginsight.ingestion.forwarding.SyslogForwarder] [Couldn't send message. Retrial will follow soon. Error: Socket is closed]

Environment

Aria Operations for Logs 8.18

Cause

Aria Operations for Logs 8.18 introduced a security change compared to previous versions. The logs are now forwarded using only secure cipher suites. Weaker ciphers have been discarded.
If the destination is not updated to accept the secure ciphers that Aria Operations for Logs is providing, the communication will fail.

Resolution

To resolve the issue:

Follow up with the destination product vendor to support latest encryption secure standards.

For workaround that allows weaker level security(which is not recommended), please open a Support Request with Broadcom Technical Support and note this Article ID (387070) in the problem description. For more information, see Creating and managing Broadcom support cases.