Syslog Server Test Message Errors - Administrator Guide - 8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
8
Creation date
2024-02-14
Last date published
2024-05-30
Category
Administrator Guide
Solution
Cloud
Abstract

Learn more about Syslog Server test message errors.

When configuring a Syslog Server, Cortex XSOAR sends a test message. You can also manually send a test message, by going to Settings & InfoSettingsIntegrationsSyslog Servers, right-click the Syslog Server you want to test, and select Send test message.

If a test message cannot be sent, Cortex XSOAR displays an error message to help you troubleshoot. Below are the descriptions and suggested solutions for the error messages.

Error Message

Description/Solution

Host Resolving Failed

The IP address or hostname you provided does not exist, or cannot be resolved.

Ensure you have the correct IP address or hostname.

Configured Local Address

The IP address or hostname you provided is internal and cannot be used.

Ensure you have the correct IP address or hostname.

Wrong Certificate Format

The certificate you uploaded is in an unexpected format and cannot be used.

The certificate must be an ASCII string or a bytes-like object.

Recreate the certificate in the correct format, for example:

Connection Timed Out

Cortex XSOAR did not connect to the Syslog Server in the expected time, possibly because your firewall blocked the connection or the Syslog Server configuration caused it to drop the connection.

Check the firewall logs and the connection using a tool such as Wireshark.

Connection Refused

The Syslog Server refused the connection, possibly because your firewall blocked the connection or the Syslog Server configuration caused it to drop the connection.

Check the firewall logs and the connection using a connection network packet analyzer, such as Wireshark.

Connection Reset

The connection was reset by the Syslog server, possibly because your firewall blocked the connection or the Syslog Server configuration caused it to drop the connection.

Check the firewall logs and the connection using a connection network packet analyzer, such as Wireshark.

Certificate Verification Failed

The uploaded certificate could not be verified for one of the following reasons:

  • The certificate does not correspond to the certificate on the Syslog Server and cannot be validated.

    Check that the certificate you are uploading corresponds to the Syslog Server certificate, use the following openssl command.

    openssl verify -verbose -CAfile cortex_upload_certificate syslog_certificate

    If the certificate is correct, the result is syslog_certificate: OK.

  • The certificate does not have the correct hostname.

    Ensure that the hostname/IP address in the certificate matches the syslog server.

  • You are using a certificate chain and did not merge the certificates into one certificate.

    If you are using a list of certificates, merge the chain into one certificate. You can concatenate the certificates using the following cat command in Linux or macOS.

    cat intermediate_cert root_cert > merged_syslog.crt

    If the concatenated certificate doesn’t work, change the order of the root and intermediate certificates, and try again.

    To verify that the chain certificate was saved correctly, use the following openssl command.

    openssl verify -verbose -CAfile cortex_upload_certificate syslog_certificate

    If the certificate is correct, the result is syslog_certificate: OK.

Connection Terminated Abruptly

The firewall or the Syslog Server dropped the connection unexpectedly. This could be because the firewall on the customer side limits the number of connections, the configuration on the syslog server drops the connection, or the network is unstable.

Check the firewall logs and the connection using a connection network packet analyzer, such as Wireshark.

Host Unreachable

The network configuration is faulty and the connection can't reach the syslog server.

Check the network configuration to verify everything is configured correctly, such as a firewall or a load balancer which may be accidentally directing the connection to a dead server.

SSL Error

Unknown SSL error.

To investigate the issue, contact customer support.

Connection Unavailable

General error.

To investigate the issue, contact customer support.