(Optional) Configure Custom Certificates on Log Collectors

You can configure custom certificates for the syslog listener on Log Collectors. This enables you to put your own trusted certificate in place on the syslog listener for specific event sources, while all other functionality uses the pre-installed certificates.

To configure custom certificates for an event source:

  1. Upload the custom certificate and key files onto the Log Collector or Virtual Log Collector, and save them into a folder. You need to add this path information in step 4 below.

  2. Go to netwitness_adminicon_25x22.png (Admin) > Services, select a Log Collector service and netwitness_ic-actns.png ​ > View > Config.
  3. Select the Event Sources tab, then choose Syslog from the drop-down menu.
  4. Add (or select) a syslog-tcp event source type.
  5. In the Sources pane, add (or edit) a source.

    The Add Source dialog box is displayed.

  6. In the Add Source dialog box, click the Advanced section toggle.

    The Advanced parameters are displayed.

  7. For the Certificate Directory Path, enter the pathname for the folder that contains the certificate files.

    netwitness_custcertsysloglc.png

    The Log Collector SSL syslog connections will use the logcollector_cert.pem and logcollector_key.pem files in the folder specified.

  8. Press OK to save all parameters that you added or changed.
  9. Restart syslog collection for the changes to take effect.

Note: More than one event source can use the same certificates: for each event source that shares the certificate, specify the same Certificate Directory Path. However, the specified path cannot contain more than one certificate (that is, one cert and one key file). To use a different custom certificate, you must specify a different Certificate Directory Path.