dstoy53

I've attached the sanitized config for fluentd01. For fluentd01->splunkfwd01 the traffic is using the default 24284 port, and for fluentd01->efk01 I hard-set both sides to 24285 as a troubleshooting attempt....

I did some more testing and removed out_copy from the equation. Now I'm just using 2x match statements. Scenario 1: fluentd01 -> splunkfwd01 - logs are forwarded, no errors Scenario...

No luck with the new certificates either. Here are my current destinations from fluentd01: 1. 10.10.10.52 - influxdb01 (using your cacert1 cert/key/psk/passphrase) 2. 10.10.10.54 - efk01 (using your cacert2 cert/key/psk/passphrase)...

I've attached the sanitized logs with -vv. The "SSLErrorWaitReadable" error for the successfully established connection only shows up with -vv. [fluentd01_logs_sanitized.txt](https://github.com/tagomoris/fluent-plugin-secure-forward/files/394000/fluentd01_logs_sanitized.txt)

I've attached the logs from fluentd01 with one section commented out at a time. [fluentd_to_efk.txt](https://github.com/tagomoris/fluent-plugin-secure-forward/files/398241/fluentd_to_efk.txt) [fluentd_to_influx.txt](https://github.com/tagomoris/fluent-plugin-secure-forward/files/398240/fluentd_to_influx.txt)

fluentd01's version-manifest.txt: ruby: 2.1.8 (embedded, no ruby installed on the system itself) td-agent: 2.3.1 openssl: 1.0.1r influxdb01's version-manifest.txt: ruby: 2.1.10 (embedded, no ruby installed on the system itself) td-agent: 2.3.2...

I might have a case of doing it wrong in my lab, but I think arp snooping is what I'm missing for my experiments. I have a KVM host running...