Hi all,
I need help to configure Syslog with TLS encryption,
I configured Syslog on the coordinator to send alerts to our SIEM system which is based on Elastic stack, I followed "Managing Syslog integration" section in "SIEM integration user guide", I start with TLS disabled and every thing works like a charm, now I need to enable TLS, our SIEM Administrator sent me a certificate "cacert.pem" to use it for encryption, but I don't know how to spicify or add it in the command line. Without certificate the logs are not readable.
I used the following commands line:
$conn = Connect-CAClient -ComputerName $CA_Server1 -Port XXXXX
$subSytems = Get-CAEventExportSubsystems -Connection $conn | ? { $_.DisplayName -eq "Active Directory" -or $_.DisplayName -eq "Registry" -or $_.DisplayName -eq "Change Auditor"}
New-CASyslogEventSubscription -Connection $conn -SyslogHost XXX.XXX.XXX.XXX -SyslogPort XXXX -TlsEnabled:$true -SyslogFormat LEEF -Subsystems $subSytems
Disconnect-CAClient -Connection $conn
Have you any idea to enable TLS correctly ?
Best regards.