Syslog client disconnected due to SSL Handshake Error
Article ID: 409988
Updated On:
Products
Issue/Introduction
The following alert has been triggered for the NSX Integration:
SSL Certificate Error (Host = COALogInsight2
Syslog client IP disconnected due to a SSL handshake problem. This may be a problem with the SSL Certificate or with the Network Time Service. In order for VMware Aria Operations for Logs to accept syslog messages over SSL, a certificate that is validated by the client is required and the clocks of the systems must be in sync.
Environment
Aria Operations for Logs 8.x
Cause
The Certificate for the NSX Identity Firewall Integration has expired.
In Aria Operations for Logs GUI, the expired certificate can be seen under Management > Certificates.
Since syslog is no longer able to establish a connection to Aria Operations for Logs, logs for this endpoint will no longer be forwarding to the Aria Operations for Logs environment.
Resolution
Perform a Test Validation on the NSX Identity Firewall Integration. During this process, if a new certificate has been identified, it can be added to the Aria Operations for Logs truststore to replace the existing expired one.
- Login to Aria Operations for Logs GUI
- Go to
Integrations > NSX Identity Firewall. - Click on the 3-dots ellipsis, then click "
Edit" - Insert the password, then click on "Test"
- A new certificate acceptance pop-up screen will display. Click "
Accept", then click "Save". - The new certificate will be updated on the Aria Operations for Logs Certificate Truststore.
Confirm data ingestion is working for the NSX Identity Firewall endpoint, and confirm the SSL Certificate alert is no longer triggering.
Feedback
