Forwarding secure syslog to syslog server fails with error "syslog-ng no OCSP URI in cert" in log.

Forwarding secure syslog to syslog server fails with error "syslog-ng no OCSP URI in cert" in log.

8384
Created On 01/22/21 14:41 PM - Last Modified 06/12/24 01:57 AM


Symptom


  • Forwarding secure syslog to syslog server fails with error "syslog-ng no OCSP URI in cert".
  • The error can be seen using the CLI command "less mp-log syslog-ng.log"
>less mp-log syslog-ng.log

17:21:17 aws-okta-fw-1 syslog-ng[5789]: syslog-ng no OCSP URI in cert;
17:21:17 aws-okta-fw-1 syslog-ng[5789]: syslog-ng ocsp over-riding errors due to global-flag;
17:21:17 aws-okta-fw-1 syslog-ng[5789]: syslog-ng no OCSP URI in cert;
17:21:17 aws-okta-fw-1 syslog-ng[5789]: syslog-ng ocsp over-riding errors due to global-flag; J
17:21:18 aws-okta-fw-1 syslog-ng[5789]: Syslog connection broken; fd='13', server='AF_INET(10.150.79.0:6514)', time_reopen='5'

 

Environment


  • Palo Alto Firewalls
  • Supported PAN-OS
  • Syslog-ng

Cause


Certificate used in secure syslog forwarding does not pass OCSP check when the environment does not require OCSP. 

Resolution


  1. Disable OCSP using the CLI commands.
  2. Commit the changes.
  3. Restart syslog-ng process.
Details:
>set syslogng-ssl-conn-validation explicit OCSP skip CRL skip EKU skip
>debug syslogng-params settings time-reopen 60 dst-keep-alive no
>configure
#commit force
#exit
>debug syslog-ng restart

 

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HCX8CAO&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language