• 1

Collector could not verify/register if using Palo Alto SSL decryption feature


  • LogicMonitor Staff

Just in case this helps other customers...

SYMPTOMS:  The Windows collector installed ok and the two Collector services were running but the collector could not finish the verification/registration step and showing the 'flame alert' on Settings > Collectors screen.  After some troubleshooting, we looked in the wrapper.log file on the collector and saw this error message:

[MSG] [CRITICAL] [main::controller:main] [AgentHttpService.checkCertificateOrWait2Valid:1029] The santaba server is not trusted, and "EnforceLogicMonitorSSL" is enabled. Wait 1 minute to retry. Please check the network settings, or disable "EnforceLogicMonitorSSL" in agent.conf and restart collector

The customer set up a whitelist on their Palo Alto firewall for *.logicmonitor.com and it started working (or list of ~15 IP address ranges).  Alternatively you can lower security and change the agent.conf (config file) from EnforceLogicMonitorSSL=true to false.

Link to post
Share on other sites

1 answer to this question

Recommended Posts

  • 1
  • LogicMonitor Staff

Note that LogicMonitor does not endorse running Collectors with the EnforceLogicMonitorSSL configuration item set to "false". This setting disables certificate verification the Collector uses to authenticate our service platform before sending sensitive data. By disabling this, you risk exposing the data your Collector sends upstream to a man-in-the-middle attack.

Where a decryption proxy is in use, we recommend that you disable proxying for Collector traffic as Mike specifies above.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.