Use https://seceonhelp.freshdesk.com/support/login to access updated Knowledge Base Articles, Submit Technical Support Tickets and Review Status of submitted support tickets.

Self Signed Certificate and Key Creation in CCE for logs forwarding with TCP over TLS

Owned by Customer Success & Engineering
Last updated: Mar 09, 2023
2 min read

Table of Content

Overview

This document provides a method to create the certificate and key for CCE to process logs sent using the protocol TCP over TLS. This key is then used to configure devices that will be sending the logs with TCP over TLS protocol instead of unencrypted TCP or UDP. Usually these logs are sent to CCE on port 514.

Steps to Fetch Certificate and Key

  1. First login to the CCE and run the command otmdoc -m to check the container status .

  2. otmdoc -s logs-p command should be run next.Run the command cd /docker/config

  3. Then ls to ensure that you see the file logstash_base_var.yml

  4. Edit the file using the command vi logstash_base_var.yml

  5. Update the line tcp over tls = false to the line tcp over tls = true

  6. Save the file in vi and exit vi.

  7. Run exit command at last to exit from the container that you got into in step 2 above

  8. Then restart cce-logs-processor by otmdoc -r cce-log-processor

  9. Go into the container again using the step 2 above

  10. then go into seceon-cce with help of command cd seceon-cce

  11. then go into the logstash/config folder with the help of command cd logstash/config

  12. then ls and you should see the file logserver.crt

  13. You will also see the key as a file logserver.key

  14. Copy these two files and use them to configure devices sending logs using tcp over tls.

Steps to follow If LTS enabled:

  1. Go into cce-logs-manager container

otmdoc -s logs-p

2. Command should be run next.Run the command cd /docker/scripts

3. Then ls to ensure that you see the file syslog_base_var.yml

4. Edit the file using the command vi syslog_base_var.yml

5. Update the line tcp over tls = false to the line tcp over tls = True

6. Save the file by running cmd- :wq!

7. Run exit command at last to exit from the container that you got into in step 2 above

8. Then restart cce-logs-manager by otmdoc -r cce-log-manager

 To get the cerificate follow the below process:

a) cd syslog/config/

b) ls

You will get a .crt and .key file which you can copy on the /home/seceon and retrieve.

Seceon Inc. All rights reserved. https://www.seceon.com