Syslog-ng-wec no communication betwen collector and host

Hello people,

Recently I've installed Syslog-NG PE. 
I need to forward events from Windows Servers to WEC.
I have carefully followed all steps from administration guide.
At the beginning the connection was established (Windows 10 -> CentOS 7 with WEC), but after couple seconds it was closed. Logs below:

2020-09-23T11:23:50.992+0200    DEBUG   Connection closed       {"address": "10.4.3.120:49424"}
2020-09-23T11:30:46.436+0200    DEBUG   Connection established  {"address": "10.4.2.3:55161"}
2020-09-23T11:30:46.546+0200    DEBUG   Connection closed       {"address": "10.4.2.3:55161"}
2020-09-23T11:30:46.608+0200    DEBUG   Connection established  {"address": "10.4.2.3:55162"}
2020-09-23T11:30:46.715+0200    DEBUG   Connection closed       {"address": "10.4.2.3:55162"}
2020-09-23T11:32:03.449+0200    DEBUG   Connection established  {"address": "10.4.2.3:55167"}
2020-09-23T11:32:03.567+0200    DEBUG   Connection closed       {"address": "10.4.2.3:55167"}
2020-09-23T11:32:03.595+0200    DEBUG   Connection established  {"address": "10.4.2.3:55168"}
2020-09-23T11:32:03.713+0200    DEBUG   Connection closed       {"address": "10.4.2.3:55168"}
2020-09-23T11:33:20.447+0200    DEBUG   Connection established  {"address": "10.4.2.3:55169"}
2020-09-23T11:33:20.556+0200    DEBUG   Connection closed       {"address": "10.4.2.3:55169"}
2020-09-23T11:33:20.623+0200    DEBUG   Connection established  {"address": "10.4.2.3:55170"}
2020-09-23T11:33:20.729+0200    DEBUG   Connection closed       {"address": "10.4.2.3:55170"}
2020-09-23T11:34:37.454+0200    DEBUG   Connection established  {"address": "10.4.2.3:55171"}
2020-09-23T11:34:37.554+0200    DEBUG   Connection closed       {"address": "10.4.2.3:55171"}
2020-09-23T11:34:37.625+0200    DEBUG   Connection established  {"address": "10.4.2.3:55172"}
2020-09-23T11:34:37.740+0200    DEBUG   Connection closed       {"address": "10.4.2.3:55172"}
2020-09-23T11:35:54.444+0200    DEBUG   Connection established  {"address": "10.4.2.3:55174"}
2020-09-23T11:35:54.544+0200    DEBUG   Connection closed       {"address": "10.4.2.3:55174"}
2020-09-23T11:35:54.621+0200    DEBUG   Connection established  {"address": "10.4.2.3:55175"}
2020-09-23T11:35:54.749+0200    DEBUG   Connection closed       {"address": "10.4.2.3:55175"}
2020-09-23T11:37:11.462+0200    DEBUG   Connection established  {"address": "10.4.2.3:55184"}
2020-09-23T11:37:11.572+0200    DEBUG   Connection closed       {"address": "10.4.2.3:55184"}
2020-09-23T11:37:11.639+0200    DEBUG   Connection established  {"address": "10.4.2.3:55185"}
2020-09-23T11:37:11.757+0200    DEBUG   Connection closed       {"address": "10.4.2.3:55185"}
2020-09-23T11:38:28.434+0200    DEBUG   Connection established  {"address": "10.4.2.3:55186"}
2020-09-23T11:38:28.540+0200    DEBUG   Connection closed       {"address": "10.4.2.3:55186"}
2020-09-23T11:38:28.559+0200    DEBUG   Connection established  {"address": "10.4.2.3:55187"}
2020-09-23T11:38:28.733+0200    DEBUG   Connection closed       {"address": "10.4.2.3:55187"}
2020-09-23T11:39:45.447+0200    DEBUG   Connection established  {"address": "10.4.2.3:55189"}

I thought maybe there were some issues with certificates, so I created a new for a client and for server as well.
After that I did not get any connection back from my host. I have tried with other hosts but the issue was the same.
Can anybody help me somehow to solve this problem? 
Thank you in advance.

Parents
  • There is a problem with SSL certificate on Windows site. I have used OpenSSL to check if certificates on both sides - client and server are valid, and it there was no issue with them.
    I attach log from my Windows host below:


    "The forwarder is having a problem communicating with subscription manager at address myserver.com:5986/.../WEC. Error code is 12175 and Error Message is <f:WSManFault xmlns:f="">schemas.microsoft.com/.../wsmanfault" Code="12175" Machine="PDFSERVER"><f:Message>The server certificate on the destination computer (logserver.wwa.pl:5986) has the following errors:
    The SSL certificate is invalid. </f:Message></f:WSManFault>."

    Can anyone help me? I am struggling for three days with this problem...

Reply
  • There is a problem with SSL certificate on Windows site. I have used OpenSSL to check if certificates on both sides - client and server are valid, and it there was no issue with them.
    I attach log from my Windows host below:


    "The forwarder is having a problem communicating with subscription manager at address myserver.com:5986/.../WEC. Error code is 12175 and Error Message is <f:WSManFault xmlns:f="">schemas.microsoft.com/.../wsmanfault" Code="12175" Machine="PDFSERVER"><f:Message>The server certificate on the destination computer (logserver.wwa.pl:5986) has the following errors:
    The SSL certificate is invalid. </f:Message></f:WSManFault>."

    Can anyone help me? I am struggling for three days with this problem...

Children
No Data