Secure ULDP Settings

From the Administration > System Settings > General tab > Secure ULDP Settings section, you can set the secure Universal Lossless Data Protocol (ULDP) settings.

By default, the Secure ULDP field is disabled. If you enable it, you can change the Secure ULDP Port and the Minimum Secure ULDP Protocol version fields. If you want to change the default secure ULDP port and if the firewall is enabled, then you must add the port to the firewall rule by running the firewall command.

The default value of Minimum Secure ULDP Protocol is TLSv1.2, and the other available option is TLSv1.3

TLS version Supported with Not supported with
TLSv1.3 Secure ULDP running on port 5515 or a non-default port
  • FIPS with ULDP
  • TIBCO LogLogic® Universal Collector or TIBCO® Operational Intelligence Agent
TLSv1.2
  • Secure ULDP running on port 5515 or a non-default port
  • FIPS with ULDP when FIPS is enabled
  • TIBCO LogLogic® Universal Collector or TIBCO® Operational Intelligence Agent
 None
Note:
  • TLSv1.1 and lower versions are not supported.
  • To set up a secure connection with ULDP, perform the steps described in the Setting Up a Secure Connection With ULDP section in the TIBCO LogLogic® Log Management Intelligence User Guide.

Changing the TLS version

Before selecting the TLS version on the GUI in the Minimum Secure ULDP Protocol field, you must perform the following steps:

  1. Generate the certificates required for establishing a secured connection with LogLogic® Universal Collector or TIBCO® Operational Intelligence Agent.
  2. Install the certificates in LogLogic LMI.
  3. Restart engine_uldpcollector by running the following commands:
    $  mtask -s engine_uldpcollector stop
$  mtask -s engine_uldpcollector start
  4. Select the required TLS version from the GUI.

Sending Logs from LogLogic Universal Collector

To send logs from LogLogic Universal Collector to LogLogic LMI you cannot use TLSv1.3; you must use TLSv1.2.  

However, if you had set the TLS version field to TLSv1.3 earlier and then change it to TLSv1.2, then you must perform the following steps:

  1. Stop engine_stunnel by running the following command:
    $  mtask -s engine_stunnel stop
  2. Get a list of all running stunnel processes by running the following command:
    $ps -ef | grep stunnel
  3. Terminate each running process by running the following command for each process ID obtained from the output of the $ps command in the earlier step:
    $  kill -9 <process_ID>
  4. Start engine_stunnel by running the following command:
    $  mtask -s engine_stunnel start
  5. Test the connection from LogLogic Universal Collector to LogLogic LMI.

Sending Logs from TIBCO® Operational Intelligence Agent

To send logs from TIBCO Operational Intelligence Agent to LogLogic LMI you cannot use TLSv1.3; you must use TLSv1.2. Follow the steps described in Forwarding Logs in the TIBCO® Operational Intelligence Agent User Guide.