This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Secure Syslog...How?

Hello All, 

First time poster long time lurker. 

I have a fairly limited understanding of certificates, handshakes, authentication etc....Most of my previous work involves creating a CSR and getting a cert back then adding it to mmc and I have only had to do that twice. 

Scenario:

I am operating in a test environment and we are required to collect syslogs over TCP port 6514 instead of the normally used UDP port 514. According to this article SolarWinds will accept secure syslogs by default.: https://documentation.solarwinds.com/en/Success_Center/LA/Content/LM/LA-SecureSyslogSettingsExternal.htm 

  Secure Syslog Article (1).PNG

This is the error I am receiving (error attachment) .

Errors.PNG

We are only monitoring two of those nodes in SW though so lets look at those specific errors. "Encrypted syslog error detected on [polling engine] from [source] using SolarWinds-Orion (which is the server certificate). A call to SSPI failed. See inner Excemption"

Those monitored nodes are two Dell switches. They are using TLS 1.2 (same as polling server) and have tried to use the exported SolarWinds-Orion certificate as well as a root trust certificate from our internal test environment CA. 

Clicking more info on those error links leads to the above KB article. Diving deeper into that article it mentions there are some checks and errors that are not performed as well as some reasons why it may fail. 

Do the Orion Server and the switch need to have the same certificate to communicate? i.e an export of the SolarWinds-Orion server certificate to put on the switch? Why does the article mention that SolarWinds-Orion server certificate can only be changed by customer support? Do I need to generate certificates from elsewhere and put them on both the switch and the Orion server? 

Can anyone simplify this process down for me? I'm sure someone has had to do this before If i haven't been specific enough please let me know. 

Thanks

attachments.zip