On Tuesday 20 November 2007 04:53:24 pm Rainer Gerhards wrote: > Hi Peter, > > this, as well as the doc, is most helpful. Now that we actually have doc > (I thought I'd have to pen it down ;)), I think I will release very > shortly, most probably tomorrow. doc would be perfect :-) I'm sorry I didn't have time to do it.
> I have thought about setting up a full lab before carrying on. For now, > I have decided to NOT do that. I am sure that you folks have tested it > quite good and the code that I have seen looks excellent. > > So I will pull it in as is and wait for some feedback from the field > (with the assumption "no feedback" equals "OK"). hold on, please. There is still some development and we need to make clear in one thing. Here it is: "-g" accepts only gss connections "-t" accepts all connections (gss as a plain text) but, we have a requirement to log both(gss and non-gss). Solutions: 1. -g somePort -t someOtherPort - this might be easy implemented 2. check if the mesaage is gss or not - a bit hackish, since there is no protocol I think patch is OK to release, but I'd like to avoid breaking compatibility in the future. > I will then begin to look at the loadable module de-initialization. This > is not really clean in the current release, but that's no problem > because modules never get unloaded. However, in the long term we need > this to be clean. > > The mysterios segfault issue is still dangling. I was hesitant to do any > larger-scale new development without fixing it. But given the fact that > it is extremely hard to find, and obviously happens very seldom, I'll > continue developing. I am right now looking into upgrading the dev > machine to an x64 OS, where most of the problems happened. My hope is > that I will see a segfault during further development work and then > hopefully be able to tackle it. I still think that the segfault must be > well understood and fixed before I go into some serious multithreading > redesign. As such, unfortunately, this issue still holds some of the > work scheduled for the next *major* version. This bug is my nightmare. I really don't know what to do. I run 2 syslogs in valgrind during a weekend. Sendind message via UDP on 64 architecture, messages generated every 1/3sec. RESULT: no segfault. :-( F8 is out for 2 weeks, we have only one bug report. I released an update to 1.19.10. > I thought I give you an update here in my end (will also post this to > the blog for the others). Any feedback/suggestion is highly welcome. > > Rainer > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:rsyslog- > > [EMAIL PROTECTED] On Behalf Of Peter Vrabec > > Sent: Tuesday, November 20, 2007 4:09 PM > > To: rsyslog-users > > Subject: Re: [rsyslog] gss-api support for rsyslog > > > > in case you need some help setting up krb stuff, here is some info: > > > > http://web.mit.edu/kerberos/www/krb5-1.6/ > > http://cryptnet.net/fdp/admin/kerby-infra/en/kerby-infra.html#install > > > > how was our env. set up? just brief instructions: > > > > SERVER SIDE (xen41.englab.brq.redhat.com) in WRABCO.ORG realm > > - running KDC, rsyslog listen to gss connections > > - 2 principals were added to database: > > host/[EMAIL PROTECTED] > > [EMAIL PROTECTED] > > - host/[EMAIL PROTECTED] must be exported to > > keytab > > file /etc/krb5.keytab > > - rsyslog started with -g514 option (not -t option is used) > > > > CLIENT SIDE > > - get ticket from kdc (#kinit pvrabec) > > - configure rsyslog (/etc/rsyslog.conf) > > $gssmode encryption > > *.info;mail.none;authpriv.none;cron.none @@xen41 > > - start rsyslog > > - #logger foo > > > > On Monday 19 November 2007 03:29:29 pm Rainer Gerhards wrote: > > > I have uploaded an interim version of the applied-patch-to-version > > to > > > > http://download.rsyslog.com/rsyslog/rsyslog-1.19.11.tar.gz > > > > > > in case that somebody would like to have an early look at the > > > > package. > > > > > It still lacks any doc. > > > > > > Feedback is appreciated. > > > > > > Rainer > > > > _______________________________________________ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog
