Internal Syslog connection fails in Aria Operations for Logs after applying new certificates
Article ID: 427118
Updated On:
Products
VCF Operations/Automation (formerly VMware Aria Suite)
Issue/Introduction
After applying new SSL certificates to the environment, the internal syslog connection and log transmission for the Aria Operations for Logs agent fail. The agent is unable to establish a secure handshake with the server, resulting in a loss of log data.
Environment
Aria Operations for Logs 8.18.x
Cause
The failure is caused by a missing or misconfigured SSL parameter in the agent configuration file. When new CA-signed certificates are implemented, the agent requires an explicit path to the Certificate Authority (CA) bundle to verify the connection peer. Without the
ssl_ca_path defined, the agent may fail to trust the new certificate chain.Resolution
To resolve this, manually define the SSL parameters in the agent configuration file (
liagent.ini).-
Verify agent status (Linux Only) by logging in to the Linux machine and run the following command to ensure the agent is running:
pgrep liagent -
Locate and edit the configuration file, navigate to the folder containing the
liagent.inifile/var/lib/loginsight-agentfile in a text editor with administrative / root privileges. -
Add the following keys to the [
server] section of theliagent.inifile.ssl_ca_path -
The following is an example of the SSL configuration for CA-signed certificates.
proto=cfapi port=9543 ssl=yes ssl_ca_path=/var/lib/loginsight-agent/cert ssl_accept_any=no ssl_accept_any_trusted=yes ssl_cn=LOGINSIGHT -
The following is an example of the SSL configuration for accepting any type of certificates, including self-signed.
proto=cfapi port=9543 ssl=yes ssl_accept_any=yes -
Save and close the
liagent.inifile after making the changes. -
Restart the agent service to apply changes:
systemctl restart liagentd
Additional Information
Feedback
Yes
No
Powered by
