Getting Data In

Error in splunkd logs of Universal Forwarders (After updating certs)

Contributor

Hi,

I am getting below error after updating certificate in syslog forwarder

06-29-2019 05:48:23.650 -0400 ERROR TcpOutputFd - Read error. Connection reset by peer
06-29-2019 05:48:23.651 -0400 ERROR TcpOutputFd - Read error. Connection reset by peer
06-29-2019 05:48:23.653 -0400 ERROR TcpOutputFd - Read error. Connection reset by peer
06-29-2019 05:48:23.654 -0400 ERROR TcpOutputFd - Read error. Connection reset by peer
06-29-2019 05:48:23.655 -0400 ERROR TcpOutputFd - Read error. Connection reset by peer

0 Karma
1 Solution

Contributor

Hi,

Now what I have done is generated the cert with the same password as the forwarder and now it is working fine.

View solution in original post

0 Karma

Contributor

Hi,

Now what I have done is generated the cert with the same password as the forwarder and now it is working fine.

View solution in original post

0 Karma

SplunkTrust
SplunkTrust

Are the forwarders and indexers using the same certificate?

---
If this reply helps you, an upvote would be appreciated.
0 Karma

Contributor

Hi,

Both seem to use the same certificate. Forwarders having different password and indexers having different password

0 Karma

SplunkTrust
SplunkTrust

If the passwords are different then the certificates probably are different, too. The certificates need to be the same on each end.

---
If this reply helps you, an upvote would be appreciated.
0 Karma

Contributor

As of now only forwarders are upgraded with new cert indexers are yet to be updated

0 Karma