If your collector stops logging into our SIEM platform we may ask you to check the expiry date of your Keystore certificate. This certificate ensures a secure connection between your collector and our SIEM platform. Without this, we won't be able to receive any logs from your collector.
How to check using keytool
To check the expiry date of a password-protected Java KeyStore (JKS) file (keystore.jks), you can use the "keytool" command that comes with the Java Development Kit (JDK). Here are the steps:
1. Open a command prompt or terminal window on your collector.
Type the following command and press Enter:
keytool -list -v -keystore /etc/logstash/certs/keystore.jks -storepass `grep ssl_keystore_password /etc/logstash/conf.d/90-output.conf | awk '{print $3}' | awk -F "\"" '{print $2}'` 2>/dev/null | grep "Valid from:" | head -n 1 | awk -F "until:" '{print $2}'
This will print the Valid from and Valid until dates to your screen.
How to check manually
You can complete the above check manually by following the steps below:
1. To find your keystore password we need to need to look at your 90-output.conf file.
2. Type the following command and press Enter:
cat /etc/logstash/conf.d/90-output.conf
3. Make a note of the password displayed on the following line:
ssl_keystore_password => ""
4. Type the following command and press Enter:
keytool -list -v -keystore /etc/logstash/certs/keystore.jks -storepass <password> | less
Note: Replace "<password>" with the password you made a note of in step 3.
5. Look for the Valid from and Valid until fields in the output. The Valid until field will show you the expiry date of the keystore file.