I'm trying to send logs from one heavy forwarder to another over the port 9998. It connects but for some reason, it closes right after
04-26-2023 16:33:48.141 -0400 INFO AutoLoadBalancedConnectionStrategy [18998 TcpOutEloop] - Connected to idx=<ip>:9998:0, pset=0, reuse=0. autoBatch=1
04-26-2023 16:33:48.238 -0400 INFO AutoLoadBalancedConnectionStrategy [18998 TcpOutEloop] - Connection to <ip>:9998 closed. context=write sock_error=104. ssl_error=error:00000000:lib(0):func(0):reason(0)
Is this really ssl related issue? But I have this in my outputs.conf though
sslCertPath = $SPLUNK_HOME/etc/auth/server.pem
sslRootCAPath = $SPLUNK_HOME/etc/auth/ca.pem
sslPassword = password
Can anyone please help me to get around this?
@lawrence_magpoc - I would say this is difficult to say without looking at the actual configuration on the System.
But I would recommended looking at all the configuration again and see with this document if you have done all the steps and done it right or not.
I hope this helps!!! upvote is appreciated!!
@lawrence_magpoc - I would say this is difficult to say without looking at the actual configuration on the System.
But I would recommended looking at all the configuration again and see with this document if you have done all the steps and done it right or not.
I hope this helps!!! upvote is appreciated!!
You were right. It was my config after all. It had this line before
sendCookedData = false
and apparently that's what was giving the "connection closed" message. I omitted that and now I'm no longer getting that message. Thanks for the help!