📖 ~1 min read
Table of contents
Symptom & Impact
Central log aggregator stops receiving logs from a host even though rsyslog is running.
Environment & Reproduction
Occurs after a SIEM endpoint change or TLS certificate rotation.
Root Cause Analysis
TLS handshake fails silently when the server certificate chain changes.
Quick Triage
Confirm rsyslog status and validate outbound TLS handshake with `openssl s_client`.
Step-by-Step Diagnosis
Inspect /var/log/messages for rsyslog warnings about TLS errors.
Solution – Primary Fix
Update the trusted CA bundle and the rsyslog configuration to match the new endpoint.
Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.
Solution – Alternative Approaches
Switch to UDP forwarding temporarily while the TLS path is repaired.
Verification & Acceptance Criteria
Aggregator receives events and `rsyslogd -N1` reports clean config.
Rollback Plan
Revert to prior cert bundle if downstream parsers reject events.
Prevention & Hardening
Monitor TLS expiry and rotate certificates with automation.
Related Errors & Cross-Refs
Linked to journald upload and audit forwarding failures.
Related tutorial: View the step-by-step tutorial for centos-stream-10.
View all centos-stream-10 tutorials on the Tutorials Hub →
Browse all common problems & solutions on the Tutorials Hub.
References & Further Reading
rsyslog TLS reference for CentOS Stream 10.
Need Expert Help?
If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today — we respond within one business day.
