HttpClient.SendAsync not working in EventCollectorSink.cs

[PavanThamatam]

Hi, I have used this reference to push application logs to splunk but I ended up with error. Actually when I went through repo I found EventCollectorSink.cs had EventCollectorRequest where actual httpclient properties are configured after that next line _httpClient.SendAsync(request).ConfigureAwait(false); Here I got error every time even though passed all parameters like splunk Uri and Token. Always throwing exception Error occurred while sending request. Could please let me know why it is behaving like this. Please help on this.Waiting to hear from You Thanks.

[merbla]

Hey @pavan2017git,

Do you have some detail on the exception being thrown? If you have a simple console app try adding the following to get some additional internal information about what is going on within the sink.

Serilog.Debugging.SelfLog.Enable(Console.Error);

Also, what package version are you targeting?

HTH

[merbla]

You can also checkout a full working example at https://github.com/serilog/serilog-docker, in particular https://github.com/serilog/serilog-docker/blob/master/console-sample/src/Program.cs#L22

[PavanThamatam]

Hey Matthew , error thrown by application is Security error occured even though passed splunk uri and Token. serilog 2.6.0 version was targeted.

[merbla]

Can you hit the HEC endpoint via a basic curl? e.g. http://dev.splunk.com/view/event-collector/SP-CAAAE7F

[PavanThamatam]

when I try with curl command It working fine.Problem I was facing when I try to hit from c# application. I tried this https://github.com/serilog/serilog-docker but no luck it was return Exception while emitting periodic batch from Serilog.Sinks.Splunk.EventCollectorSink: System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure. at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult)

[merbla]

Ok, hoping we are getting a little closer, so the URI endpoint is using SSL? Is it a trusted certificate?

Can you try ignoring the SSL validation?

e.g. pass in a HttpClientHandler as added in #33 & #26

[PavanThamatam]

Hey Matthew, I tried by ignoring SSL validation but this time I got below error Response status code does not indicate success: 401 (Unauthorized).

Below snippet used for Ignoring SSL Serilog.Debugging.SelfLog.Enable(Console.Error); System.Net.ServicePointManager.ServerCertificateValidationCallback += delegate (object sender, System.Security.Cryptography.X509Certificates.X509Certificate certificate, System.Security.Cryptography.X509Certificates.X509Chain chain, System.Net.Security.SslPolicyErrors sslPolicyErrors) { return true; // ** Always accept };**

[PavanThamatam]

Hey Matthew, I have tried https://github.com/serilog/serilog-docker/blob/master/console-sample/src/Program.cs#L22 in console application of .Net framework after bypass SSL validation It got worked.but same code I tried on .NetCore 2.0 Framework again ran into issue security error ocuured could you suggest me what could be the change need to do in .dotnet core 2.0

[PavanThamatam]

Hey Matthew, After by passing SSL validation on Dotnetcore 2.0 it was worked. so can you please add property to by pass SSL validation. so that I can directly use your Serilog.Splunk.Sink Nuget package.

[merbla]

Hey @pavan2017git,

Glad to see you made some progress. At this stage we are not looking to add the overload for configuration as it would not be great practice. You can still achieve this by passing in the HttpClientHandler in .NetCore (See this & here) overload.

Check out #26 which is a similar issue.

I will try to track some code, however I think it will be something like the following

var handler = new HttpClientHandler()
handler.ServerCertificateCustomValidationCallback = (message, cert, chain, errors) => { return true; };

# Then pass handler to the Serilog Splunk Sink as per the overload, which will then be used in the HttpClient 

[PavanThamatam]

Hey Matthew, Inorder to do by pass I would add code what you suggested but using your files in our project that is License compliance.So what steps I should take to achieve this.

[merbla]

Hi @pavan2017git, Did you manage to solve your issue?

[PavanThamatam]

Hi, No I couldn't, but I modified code as per my requirements.

Get Outlook for Androidhttps://aka.ms/ghei36

---

From: Matthew Erbs notifications@github.com Sent: Thursday, August 9, 2018 2:39:46 AM To: serilog/serilog-sinks-splunk Cc: pavan2017git; Mention Subject: Re: [serilog/serilog-sinks-splunk] HttpClient.SendAsync not working in EventCollectorSink.cs (#94)

Hi @pavan2017githttps://github.com/pavan2017git, Did you manage to solve your issue?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/serilog/serilog-sinks-splunk/issues/94#issuecomment-411553254, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AgmTglaVINuzY2z8DC7UYQspF8DECMZgks5uO1OagaJpZM4Ucu2F.

[merbla]

Closing this out as per solution above.