• Log Forwarding under Administration > Control Panel > Log Forwarding in Aria Operations has been configured but no logs are being sent to the syslog endpoint.
  
  
  
• Entries like below will be seen in the /var/log/loginsight-agent/liagent_<date>.log file on the appliance Aria Operations VM:
  
  yyyy-mm-dd hh:mm:ss.307072 0x00007fbc4f7f66c0 <trace> SyslogConnectio:260| Connecting to <Syslog Endpoint FQDN> : <PORT>
  yyyy-mm-dd hh:mm:ss.359868 0x00007fbc4f7f66c0 <warng> AsyncSocket:46     | SSL: certificate subject name '<FQDN>' does not match target host name.
  yyyy-mm-dd hh:mm:ss.359899 0x00007fbc4f7f66c0 <warng> AsyncSocket:88     | SSL fatal alert: handshake failure

Aria Operations 8.18.x

 This issue occurs when there is a mismatch in the SSL certificate presented by the syslog endpoint. The certificate's subject name does not match the actual hostname of the target server.

Ideally, the syslog server should present a certificate whose Common Name (CN) or Subject Alternative Name (SAN) matches the target hostname. Until a valid certificate is obtained, the following temporary workarounds could be performed:

• Modify liagent.ini to Accept Any SSL Certificate: On the Aria Operations node(s), set ssl_accept_any=yes in the liagent.ini file. This change may be reverted if the Administration > Log Forwarding UI is accessed. For detailed steps, refer to the VMware documentation.
• Update /etc/hosts to Match Certificate Name: Add an entry in /etc/hosts file like: x.x.x.x   abc.example.com. Replace x.x.x.x with the IP address of the syslog server and and abc.example.com with a FQDN that matches the CN or SAN of the certificate presented by the syslog server. Then configure Aria Operations to send logs to the FQDN present in certificate's subject name avoiding the hostname mismatch.