Skip to main content
Question

Syslog Destination Inherit TLS

  • April 12, 2026
  • 1 reply
  • 56 views
M

I am attempting to send data to a syslog destination with TLS enabled since it is from Cribl cloud over the internet to a VPS. 

The VPS has rsyslog listening on port 6514 with TLS and a letsencrypt cert.
rsyslog is an rsyslog/rsyslog:latest docker container created yesterday.

I have been able to successfully send data to the syslog listener from that same VPS using the following command:

echo '<14>1 2026-04-12T14:14:00Z testhost test - - - My TLS log message' | openssl s_client -connect 127.0.0.1:6514

 

When I am attempting to set up the syslog destination in Cribl Cloud, I have the following settings:

load balancing: enabled
address: fqdn of destination listed in certificate
port: 6514
TLS: Inherit
TLS Servername: fqd nof destination listed in certificate
loadweight: 1

When I look at the config later it shows TLS disabled and the logs cycle through the following messages:
“adding sender”
“attempting to connect”
“sender state change”
“connected”
“Setting I/O metrics level”

When I do a test I get the following error:
error: read ECONNRESET
endpoint: {…, tls: false}

Host and port are correct.

How do I get the syslog destination to use TLS, or is there something else I am doing incorrectly?


Thanks

1 reply

rcalvert
  • rcalvert
  • Employee
  • April 17, 2026

Hello, for the “ECONNRESET” error, this is caused when a destination or intermediary interrupts the connection. This can be due to firewalls or network devices.
In your post, you’ve mentioned testing the ability to send data locally from the server. Could a network based firewall, host based firewall or similar device be blocking inbound traffic from Cribl Cloud?
I’d advise going through the troubleshooting steps focused on the inbound link (Can you resolve the address externally? Does the port look open? Is the IP reachable? etc).

Separately, your comment about checking the config later and seeing TLS disabled is something to revisit. Have you committed and deployed the changes you intended?
You might have the seen the JSON config lines stating TLS is not disabled looking like this:

  "tls": {

    "disabled": false,

This is a double negative so for what you are attempting to accomplish, this is fine.

Terms & ConditionsAccessibility statement