secure syslog log forwarding with error-« syslog-ng no OCSP URI in cert »

secure syslog log forwarding with error-« syslog-ng no OCSP URI in cert »

8405
Created On 01/22/21 14:41 PM - Last Modified 06/12/24 01:57 AM


Symptom


  • Lors de l’adage sécurisé syslog vers le serveur syslog échoue, repérer les erreurs d’échantillon CLI ci-dessous dans la commande >sless mp-log syslog-ng.log

Jan 8 17:21:17 aws-okta-fw-1 syslog-ng[5789]: syslog-ng no OCSP URI in cert;
Jan 8 17:21:17 aws-okta-fw-1 syslog-ng[5789]: syslog-ng ocsp over-riding errors due à global-flag;
Jan 8 17:21:17 aws-okta-fw-1 syslog-ng[5789]: syslog-ng no OCSP URI in cert;
Jan 8 17:21:17 aws-okta-fw-1 syslog-ng[5789]: syslog-ng ocsp over-riding errors due à global-flag; J
an 8 17:21:18 aws-okta-fw-1 syslog-ng[5789]: Connexion Syslog cassée; fd='13', serveur='AF_INET(10.150.79.0:6514)', time_reopen='5'

Environment


  • Toutes les Pan-os versions

Cause


  • Le certificat utilisé dans le transmettage sécurisé de syslog ne passe pas OCSP la vérification lorsque l’environnement ne nécessite pas OCSP 

Resolution


  • Entrez les CLI commandes ci-dessous pour désactiver OCSP

> set syslogng-ssl-conn-validation OCSP explicite CRL skip skip skip EKU
>debug syslogng-params settings time-reopen 60 dst-keep-alive no
>configure
#commit force #exit

>debug syslog-ng restart

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HCX8CAO&lang=fr&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language