Version: 2020-09-04
57
Copyright of the European Union is effective (Copyright EU) (c) 2019 GENEREX Systems GmbH, Hamburg, Germany, All rights reserved
TEL +49(40)22692910 - EMAIL generex@generex.de - WEB www.generex.de (This and all other product datasheets are available for download.)
In addition to the IP address, a remote syslog server normally uses a pre-defined port for listening status logs. The default port for using
rsyslog is 601. Since this is not an official standard port for rsyslog, the port for the used server may differ. If necessary, refer to the local
administrator and change the port setting according to the requirements of the network.
Accept only TLS connection / Reject expired TLS certificates
The CS141 can be advised to use encrypted communication only. If checked, the CS141 will reject expired certificates for
communication. These functions are only available if you have imported a valid certificate. Please note that with the use of TLS
encryption, further configuration on the corresponding syslog server is necessary.
Importing a TLS –certificate for RSYSLOG
What kind of TLS certificate is needed?
Note:
The short tutorial "Creating a *.pem file" in this manual shows you how to create a valid certificate. All you need to do is renaming the
certificate into rsyslog.pem. To read the according chapter, click on the following link. This link will forward you to the according
chapter:
-> Click to read the Tutorial <-
A pem file is required for operation with TLS encryption. Make sure that both the rsyslog server and the CS141use the same certificate,
otherwise the encrypted communication cannot take place.
At the CS141, upload and install the certificate by
placing the file at the upload box:
Place the fila via drag’n’drop and click on upload.
If the certificate has been successfully uploaded,
the CS141 will show a corresponding message.
After installing the certificate, these additional
functions are available:
- Accept only TLS connection
- Reject expired TLS certificates
Activate the check boxes and save the
configuration.
The CS141 takes over your settings and
automatically restart the necessary syslog
service.
Check list: If the communication with the rsyslog server does not start
1. Check IP address and server port
Larger and well-secured networks may have restricted port access on network devices like managable switches. As a
consequence, the communication is not possible. Please check the internal firewall of the server as well as any 3rd party
security solution if the CS141 is allowed to communicate and by the way, check the IP address and port setting whether they
are correct.
2. Check network infrastructure
So-called V-LANS are often used in larger networks. Physical ports located on the same switch are stitched to a restricted
instance and seperated from other ports of the switch. As a consequence, your server may be logically in a complete other
network segment but connected to the same switch like the CS141. If your server is in a different network segment, no
communication can take place. Check if the all routers and switches are connected and configured as required.
3. Check the certificate(s)
Damaged and incorrectly created certificates (pem-files) mean that no communication can take place. Also make sure that the
sender and recipient use matching *.pem files, otherwise TLS will not work.
To Next Page
Loading...
