Syslog Server Test Message Errors

When configuring a syslog message,
Cortex
XDR
sends a test message. If a test message cannot be sent,
Cortex
XDR
displays an error message to help you troubleshoot. Below are the descriptions and suggested solutions for the error messages.
Error Message
Description
Suggested Solution
Host Resolving Failed
The IP address or hostname you provided doesn't exist, or can't be resolved.
Ensure you have the correct IP address or the hostname.
Configured Local Address
The IP address or hostname you provided is internal and can't be used.
Ensure you have the correct IP address or the hostname.
Wrong Certificate Format
The certificate you uploaded is in an unexpected format and can't be used. The certificate must be an ASCII string or a bytes-like object.
Re-create the certificate in the correct format, for example:
-----BEGIN CERTIFICATE-----MIIDHTCCAgWgAwIBAgIQSwieRyGdh6BNRQyp406bnTANBgkqhkiG9w0BAQsFADAhMR8wHQYDVQQDExZTVVJTLUNoYXJsaWVBbHBoYS1Sb290MB4XDTIwMDQzMDE4MjEzNFoXDTMwMDQzMDE4MzEzNFowITEfMB0GA1UEAxMWU1VSUy1DaGFybGllQWxwaGEtUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJHH2HR/CzVzm9lOIu6rrtF9opYeIJdtgJR2Le7w4M56lFKIoziAfZD9qR0DqXpAV+42PZC8Oe4ueweD44OKTnaofbOxQvygelvHkFyAj+oz0VppzhmeUXh1Eux96QKB+Q+vSm8FbNlBL2SI8RhceYsWtZe5vBm/zDdV2alO5LJ3rEj9ycG1a7re1wSDQ67NaSrny+C/7IL5utlVspcgjslEiGM7D30uKszpq3CCeV9f7aPHCVZbbFRBxe4cbgZjGvE7Mm1OBbsypMT3z8jmSj7Kz5ui6R8mlqtll5MkIGtvmc1aypJHKrobwcs2ozEmLiVR0F1oJrl+PIZy5MXhBUcCAwEAAaNRME8wCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFIJ1ZhG0dkgwF8OOB/eT4u/9yowaMBAGCSsGAQQBgjcVAQQDAgEAMA0GCSqGSIb3DQEBCwUAA4IBAQBvDQ4Epr0zxQHuyziDtlauddVsrLpckljHc+dCIhBvGMzGEj47Cb0c/eNt6tHrPThyzRxOHd9GBMX4AxLccPNuCZdWIRTgb4SYzDspGEYDK7v/N5+FvpYdWRgB4msUXhHt36ivH450XuY8Slt+qbQWNVU2+xIkMSSA3mUwnK+hz1GwO/Zc2JYOaVZUrW39EuzNePJ+O6BlgMRMRPNGzgT+xSxt316r/QnVA2sk4IXshdGGMG0VcuzBCyeuiCRP5/2QeFthas5EoXbdlB5eK3VzqLtiKyua/kS/hPuKahN9mI8FZ4TNB+nd6+eRQs2nsnbVOFmmOYu5KkGnDOjTzRh4-----END CERTIFICATE-----
Connection Timed Out
Cortex
XDR
didn’t connect to the syslog server in the expected time. This could be because your firewall blocked the connection or because the configuration of the syslog server caused it to drop the connection.
Check the firewall logs and the connection using WireShark.
Connection Refused
The syslog server refused the connection.This could be because your firewall blocked the connection or because the configuration of the syslog server caused it to drop the connection.
Check the firewall logs and the connection using WireShark.
Connection Reset
The connection was reset by the syslog server. This could be because your firewall blocked the connection or because the configuration of the syslog server caused it to drop the connection.
Check the firewall logs and the connection using WireShark.
Certificate Verification Failed
The uploaded certificate couldn’t be verified for one of the following reasons.
  • The certificate doesn't correspond to the certificate on the syslog server and can't be validated.
  • The certificate doesn’t have the correct hostname.
  • You are using a certificate chain and didn’t merge the certificates into one certificate.
  • Incorrect certificate—to check that the certificate you are uploading corresponds to the server syslog certificate, use the following openssl command.
    openssl verify -verbose -CAfile cortex_upload_certificate syslog_certificate
    If the certificate is correct, the result is
    syslog_certificate: OK
    .
  • Incorrect hostname—make sure that the hostname/ip in the certificate matches the syslog server.
  • Certificate chain—If you are using a list of certificates, merge the chain into one certificate. You can concatenate the certificates using the following cat command in Linux or macOS.
    cat intermediate_cert root_cert > merged_syslog.crt
    If the concatenated certificate doesn’t work, change the order of the root and intermediate certificates, and try again.
    To verify that the chain certificate was saved correctly, use the following openssl command.
    openssl verify -verbose -CAfile cortex_upload_certificate syslog_certificate
    If the certificate is correct, the result is
    syslog_certificate: OK
    .
Connection Terminated Abruptly
The firewall or the syslog server dropped the connection unexpectedly. This could be because the firewall on the customer side limits the number of connections, the configuration on the syslog server drops the connection, or the network is unstable.
Check the firewall logs and the connection using WireShark.
Host Unreachable
The network configuration is faulty and the connection can't reach the syslog server.
Check the network configuration to make sure that everything is configured correctly like a firewall or a load balancer which may be accidentally directing the connection to a dead server.
SSL Error
Unknown SSL error.
To investigate the issue, contact support.
Connection Unavailable
General error.
To investigate the issue, contact support.

Recommended For You