Table of Content

Overview

This document provides a method to create the certificate and key for CCE to process logs sent using the protocol TCP over TLS. This key is then used to configure devices that will be sending the logs with TCP over TLS protocol instead of unencrypted TCP or UDP. Usually these logs are sent to CCE on port 514.

Steps to Fetch Certificate and Key

1. First login to the CCE and run the command otmdoc -m to check the container status .

2. otmdoc -s logs-p command should be run next.Run the command cd /docker/config

3. Then ls to ensure that you see the file logstash_base_var.yml

4. Edit the file using the command vi logstash_base_var.yml

5. Update the line tcp over tls = false tothe line tcp over tls = true

6. Save the file in vi and exit vi.

7. Run exit command at last to exit from the container that you got into in step 2 above

8. Then restart cce-logs-processor by otmdoc -r cce-log-processor

9. Go into the container again using the step 2 above

10. then go into seceon-cce with help of command cd seceon-cce

11. then go into the logstash/config folder with the help of command cd logstash/config

12. then ls and you should see the file logserver.crt

13. You will also see the key as a file logserver.key

14. Copy these two files and use them to configure devices sending logs using tcp over tls.