Support Logging setup Upgrade TLS certificate

Upgrade TLS Certificate

Loggly has upgraded our TLS encryption certificates. If you are currently using TLS encryption to send logs to Loggly, you may need to take action in order to keep sending them to Loggly.

*If you are running an operating system that does not fully support TLS 1.1 or 1.2, (e.g. CentOS 5, RHEL5, etc) please scroll to the end of this page for specific options.

Syslog

If you are using our syslog TLS endpoint, you must install the new certificate. We have instructions available for rsyslog, syslog-ng, and nxlog. Additionally, you may download the new certificate directly and manually update.

Upgrade Linux Rsyslog TLS Certificate

This guide shows you how to upgrade your current certificate to a new certificate and is tested on Ubuntu, CentOS and Redhat. This guide assumes you already have set up Rsyslog TLS in your machine.


1. Run Automatic Script

Run our automatic upgrade certificate script below to setup and verify if logs are reaching Loggly with the new certificate.

curl -O https://www.loggly.com/install/update-loggly-certificate.sh 
sudo bash update-loggly-certificate.sh -a SUBDOMAIN -u USERNAME

By default the script runs in test mode which verifies the updated certificate by sending an event to Loggly. To disable the test mode you can run the script using –notest.

sudo bash update-loggly-certificate.sh -a SUBDOMAIN -u USERNAME --notest

Replace:

  • SUBDOMAIN: your account subdomain that you created when you signed up for Loggly
  • USERNAME: your Loggly username, which is visible at the top right of the Loggly console

2. Verify Events

Search Loggly for events with the tag as RsyslogTLS over the past hour. If if doesn’t work, see the troubleshooting section below.

tag:"RsyslogTLS"
Upgrade TLS cert

Manual Certificate Upgrade

For Linux or Unix-based machines, follow the instructions below to upgrade your rsyslog TLS certificate.

For Windows machines, follow the instructions on the nxlog TLS Configuration page. For Syslog-ng, follow the instructions on the Syslog-ng TLS configuration page.

1. Install New Certificate

Browse to ca.d directory inside /etc/rsyslog.d/keys/ca.d which we created in Rsyslog TLS Configuration.

cd /etc/rsyslog.d/keys/ca.d/
sudo curl -O https://logdog.loggly.com/media/logs-01.loggly.com_sha12.crt

2. Change Certificate name in 22-loggly.conf

Open up the configuration file (22-loggly.conf)

sudo vim /etc/rsyslog.d/22-loggly.conf

Update the certificate path with the new path given below.

/etc/rsyslog.d/keys/ca.d/logs-01.loggly.com_sha12.crt

3. Restart Rsyslog

Restart rsyslog after making changes in configuration.

sudo service rsyslog restart

4. Manually test the Updated Certificate

We provide a test collector with the new certificate installed so that you can test the connection to Loggly. The test collector is only meant for temporary use and should not be used for full data volume. Therefore, you should switch back to the regular collector after the test is complete. Follow the steps below to perform the test:

Open the /etc/hosts file

sudo vim /etc/hosts

Update the hosts file with test collector IP.

54.209.84.18 logs-01.loggly.com

Send a Sample event through logger

$ logger 'Hello'

After the event has reached Loggly, revert the changes made in hosts file by removing the test collector IP from it.

Advanced Rsyslog TLS Configuration Options

  • Rsyslog TLS Configuration – – sending logs using TLS Encryption.
  • Syslog-ng TLS Configuration – sending syslog-ng logs using TLS Encryption.
  • Nxlog TLS Configuration – sending Windows nxlog logs using TLS Encryption.
  • Revert changes – if you want to revert the changes which the script made and shift back to previous configuration. Run the following command and replace SUBDOMAIN with your account subdomain that you created when you signed up for Loggly.
    sudo bash update-loggly-certificate.sh -a SUBDOMAIN -r
  • Search or post your own rsyslog TLS configuration questions in the community forum.

Troubleshooting Your Rsyslog TLS Configuration

  • Wait a few minutes in case indexing needs to catch up
  • Make sure you restarted rsyslog
  • Troubleshooting Rsyslog if the files are being written but not being sent to Loggly
  • Search or post your own Rsyslog TLS questions in the community forum.

Operating Systems that do not Fully Support TLS 1.1 or 1.2 (CentOS 5, RHEL5, etc)

Customers that are running Operating Systems that do not fully support TLS 1.1 or 1.2 have a few options to ensure their logs continue to flow to Loggly.

 

  • For traffic that does not need to be encrypted, customers can switch back to non-encrypted syslog traffic on these Operating Systems.
  • For traffic that requires encryption, customers can configure their application to send to our HTTP(S) endpoint via our RESTful API.
  • Customers can upgrade to an Operating System that does support a version of OpenSSL that supports TLS 1.1 or 1.2, for example, CentOS 6.

 

Thanks for the feedback! We'll use it to improve our support documentation.