Connectrix Brocade: Switch failing to establish a connection with the configured secure syslog server.
Summary: After importing the secure syslog server CA certificate by the secccertmgmt command and setting the IP address of the secure syslog server using the syslogadmin command, the switch fails to establish a connection with the secure syslog server. ...
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
After importing the secure syslog server CA certificate via the secccertmgmt command and setting the IP address of the secure syslog server using the syslogadmin command, the switch is failing to establish a connection with the secure syslog server.
sw0:admin> seccertmgmt show -all
ssh private key:
Exists
ssh public keys available for users:
None
| Protocol | Client CA | Server CA | SW | CSR | PVT Key | Passphrase |
|---|---|---|---|---|---|---|
| FCAP | Empty | NA | Empty | Empty | Empty | Empty |
| RADIUS | Empty | Empty | Empty | Empty | Empty | NA |
| LDAP | Empty | Empty | Empty | Empty | Empty | NA |
| SYSLOG | Empty | Exist | Empty | Empty | Empty | NA |
| HTTPS | NA | Empty | Exist | Empty | Exist | NA |
sw0:admin> syslogadmin --show -ip
syslog.1 192.168.0.100 secure: port 5003
Symptom:
The syslog server may contain the following errors in its logs: Nov 13 20:45:51 syslog01 rsyslogd: gnutls returned error on handshake: The TLS connection was non-properly terminated. Nov 13 20:45:51 syslog01 rsyslogd: rsyslogd: gnutls returned error on handshake: The TLS connection was non-properly terminated Nov 13 20:45:51 syslog01 rsyslogd: unexpected GnuTLS error -12 in nsdsel_gtls.c:178: A TLS fatal alert has been received. Nov 13 20:45:51 syslog01 rsyslogd: rsyslogd: unexpected GnuTLS error -12 in nsdsel_gtls.c:178: A TLS fatal alert has been received. Nov 13 20:45:51 syslog01 rsyslogd: rsyslogd: netstream session 0x7f993c00e0c0 from 192.168.0.1 will be closed due to error Nov 13 20:45:51 syslog01 rsyslogd: netstream session 0x7f993c00e0c0 from 192.168.0.1 will be closed due to error
Cause
Root Cause:
The switch will reject the TLS session with the syslog server, due to receiving an unknown certificate. This is caused by the syslog server certificate not containing the IP address of the syslog server. As a result, the switch cannot validate the certificate it receives against the one that is imported and subsequently terminates the connection.
Resolution
Update the switch configuration to use the fully qualified domain name of the secure syslog server instead of the IP address. The dnsconfig command may need to be updated to ensure the switch can resolve the name of the secure syslog server. Once completed, the switch will be able to establish a secure TLS session with the secure syslog server.
Command examples:
dnsconfig --add -domain dns.brocade.com -serverip1 192.168.0.200 syslogadmin --set -ip syslog01.lab.brocade.com -secure -port 5003
Affected Products
Brocade, Entry Level & MidrangeProducts
ConnectrixArticle Properties
Article Number: 000035471
Article Type: Solution
Last Modified: 14 Apr 2025
Version: 6
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.