After upgrading Aria Operations for Logs to 8.18, the destination stops receiving the forwarded logs.
The following logs can be seen in /storage/core/loginsight/var/runtime.log:
[YYYY-MM-DD ##:##:##] ["IngestionForwarder-thread-1"/##.##.##.## INFO] [com.vmware.loginsight.ingestion.forwarding.SyslogForwarder] [Retry forwarding the previous data pack to target 'TargetName'.]
[YYYY-MM-DD ##:##:##] ["IngestionForwarder-thread-1"/##.##.##.## ERROR] [com.vmware.loginsight.ingestion.forwarding.SyslogForwarder] [Couldn't send message. Retrial will follow soon. Error: Socket is closed]
Aria Operations for Logs 8.18
Aria Operations for Logs 8.18 introduced a security change compared to previous versions. The logs are now forwarded using only secure cipher suites. Weaker ciphers have been discarded.
If the destination is not updated to accept the secure ciphers that Aria Operations for Logs is providing, the communication will fail.
To resolve the issue:
Follow up with the destination product vendor to support latest encryption secure standards.
For workaround that allows weaker level security(which is not recommended), please open a Support Request with Broadcom Technical Support and note this Article ID (387070) in the problem description. For more information, see Creating and managing Broadcom support cases.