Basically we’ll set up another chain for it to be forwarded to, filter the packets to move them to the chain, then a logging command created to log if packets end up in that chain.
We’ll need to know where to put the filter for the redirection:
$ sudo iptables -L --line-numbers
Chain INPUT (policy ACCEPT)
num target prot opt source destination
[snip]
10 DROP all -- anywhere anywhere
In this example, use line 9 on the second command.
[Read More]Error on the sender end’s ($SPLUNK_HOME/var/log/splunk/splunkd.log)
02-18-2015 12:32:06.160 +1000 ERROR TcpOutputFd - Read error. Connection reset by peer
Error on the receive end’s ($SPLUNK_HOME/var/log/splunk/splunkd.log)
02-18-2015 12:31:14.423 +1000 ERROR TcpInputProc - Error encountered for connection from src=senderip:47960. error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
I checked the certificate to make sure the common name is right:
sudo openssl x509 -text -noout -in $SPLUNK_HOME/etc/auth/mycerts/sender.pem | grep Subj
Subject: C=AU, ST=Queensland, L=Brisbane, O=sender, OU=Company, CN=sender.example.com/[email protected]
/opt/splunkforwarder/etc$ sudo grep -i sender * -R
etc/system/local/server.conf:serverName = sender
etc/system/local/inputs.conf:host = sender
etc/system/local/outputs.conf:sslCertPath = $SPLUNK_HOME/etc/auth/mycerts/sender.pem
So, the common name on the certificate is different to the name presented by the server. I reissued the cert for the new server name, restart, still no no good.
[Read More]SSL is great, except when you’re trying to audit access or filter things, let alone simple troubleshooting. Long story short, we run a Man In The Middle style system where our proxies are the HTTPS clients and they have an SSL certificate which all of our clients trust.
This relies on the proxies trusting the certificate chain, and these chains need to be updated periodically. Here’s an example of how to fix it when it goes wrong.
[Read More]
This is most definitely my favourite set of this year’s advent calendar! I hope you enjoyed the journey, I’ll be putting up a list of all the posts soon.
Have a merry Christmas!
[Read More]After I was making changes to my Confluence instance to enable SSL yesterday I was trying to document my work on our wiki.
When creating a page I’d click “Create” then select the template and set the title. Next, clicking create to start the new page action would start a download of a file called “draft-createpage.action”
One of the steps of configuring SSL is to set the new base URL to include the HTTPS port. I’d done that, including the new port but hadn’t changed the http to https. Making that change fixed the problem instantly! 🙂
[Read More]This documentation takes into account the extra steps required for installing a certificate and chain issued by a Windows CA when configuring Atlassian Confluence for SSL/HTTPS. This is basically a replacement for Step #1 in the aforementioned link.
In this example “$Confluence$>” is the Confluence install directory. I keep the .keystore file in this directory for my own tracking purposes.
Create the CSR on the Confluence server $Confluence$>jre\bin\keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr -keystore .keystore
[Read More]
A dark side fireplace
