Use https://seceonhelp.freshdesk.com/support/login to access updated Knowledge Base Articles, Submit Technical Support Tickets and Review Status of submitted support tickets.
Self Signed Certificate and Key Creation in CCE for logs forwarding with TCP over TLS
Table of Content
Overview
This document provides a method to create the certificate and key for CCE to process logs sent using the protocol TCP over TLS. This key is then used to configure devices that will be sending the logs with TCP over TLS protocol instead of unencrypted TCP or UDP. Usually these logs are sent to CCE on port 514.
Steps to Fetch Certificate and Key
First login to the CCE and run the command otmdoc -m to check the container status .
otmdoc -s logs-p command should be run next.Run the command cd /docker/config
Then ls to ensure that you see the file logstash_base_var.yml
Edit the file using the command vi logstash_base_var.yml
Update the line tcp over tls = false to the line tcp over tls = true
Save the file in vi and exit vi.
Run exit command at last to exit from the container that you got into in step 2 above
Then restart cce-logs-processor by otmdoc -r cce-log-processor
Go into the container again using the step 2 above
then go into seceon-cce with help of command cd seceon-cce
then go into the logstash/config folder with the help of command cd logstash/config
then ls and you should see the file logserver.crt
You will also see the key as a file logserver.key
Copy these two files and use them to configure devices sending logs using tcp over tls.
Steps to follow If LTS enabled:
Go into cce-logs-manager container
otmdoc -s logs-p
2. Command should be run next.Run the command cd /docker/scripts
3. Then ls to ensure that you see the file syslog_base_var.yml
4. Edit the file using the command vi syslog_base_var.yml
5. Update the line tcp over tls = false to the line tcp over tls = True
6. Save the file by running cmd- :wq!
7. Run exit command at last to exit from the container that you got into in step 2 above
8. Then restart cce-logs-manager by otmdoc -r cce-log-manager
To get the cerificate follow the below process:
a) cd syslog/config/
b) ls
You will get a .crt and .key file which you can copy on the /home/seceon and retrieve.
Seceon Inc. All rights reserved. https://www.seceon.com