For Cloud Platform to forward your logs to your destination service, you must have already installed a valid SSL certificate. When troubleshooting your SSL certificate, review the following SSL certificate issues and any returned HTTP response codes to address the most common problems with log forwarding:
Before you try to set up log forwarding:
After uploading your certificate to the log forwarding service, Cloud Platform attempts to evaluate the connection, and returns an error message if it can’t. The details for each of the following response codes can help you diagnose problems with your log forwarding configuration:
Response code | Error | Description |
---|---|---|
200 | (None) | The log forwarding service connected with the remote infrastructure. |
301 | SSL connection error | Cloud Platform couldn’t establish a SSL connection with the log forwarding service. The error message should contain a stack trace. |
302 | SSL verification error | SSL verification failed, the SSL certificate is invalid, or SSL is not
accepted by the infrastructure. For more information, see the
Diagnostics section
of the openssl-verify information page at OpenSSL.org. |
303 | Invalid key | The SSL certificate wasn’t signed with the same key as the infrastructure’s SSL certificate. |
401 | Connection timed out | The destination infrastructure hasn’t responded after a pre-determined period of time. The error message does not include information regarding the cause of the time out. |
402 | Connection refused | The remote infrastructure being accessed isn’t configured to listen at the requested port, or has a firewall installed that’s rejecting the connection request initiated from Cloud Platform. |
403 | Connection aborted | The client sent a TCP Reset (RST ) response before the infrastructure
accepted the connection requested by client. The remote infrastructure
may have a firewall enabled, have NAT or router issues, a slow
connection, or the infrastructure didn’t send the SSL/TLS closure
notification as required by the SSL/TLS specifications. |
404 | Connection reset | The destination infrastructure abruptly closed its end of the connection. Review the infrastructure logs on the destination infrastructure for application protocol errors and traffic spikes. |
405 | Socket error | Communication between the Cloud Platform and destination infrastructure was blocked (such as by antivirus software or a firewall), a previously established network connection is terminated, or the destination infrastructure crashed or rebooted. |
406 | Host unreachable | The log forwarding client cannot connect to the specified host. It might be that the host is on a private network. |
407 | Peer verification failed, please check the destination certificate chain matches the infrastructure certificate chain | The log forwarding client can’t verify the infrastructure’s identity.
Certificates are incorrect or missing. Use
Make sure you’ve included in the log forwarding destination’s certificate field all the CA certificates from the chain in the listed depth order (biggest depth is last). |
500 | Unknown | An error not matching any of the previously described conditions has occurred. |