I unfortunately do not have enough insight into GSSAPI to provide a real answer. My guess is that this happens for the same reason it can happen with any ack-less transport. In the plain tcp driver, I have done quite some work to try to limit loss potential. I have also some ideas of how to further try to prevent message loss, but you cannot totally aovid it.
some background: http://blog.gerhards.net/2008/04/on-unreliability-of-plain-tcp-syslog.html Rainer > -----Original Message----- > From: [email protected] [mailto:rsyslog- > [email protected]] On Behalf Of Tomas Kubina > Sent: Monday, November 30, 2009 2:56 PM > To: [email protected] > Subject: [rsyslog] TLS/GSSAPI client message lost > > Hi, > > I want to use TLS or GSS for message delivering to central rsyslog > server. > The problem is that the first message logged after server's shutdown is > lost, > but when I use plain TCP this issue doesn't happen. Is it a feature or > mistake > in my config? > > This is config for client: > > ################# > #### MODULES #### > ################# > > $ModLoad imuxsock # provides support for local system logging > $ModLoad imklog # provides kernel logging support (previously done by > rklogd) > $ModLoad immark # provides --MARK-- message capability > > > ########################### > #### GLOBAL DIRECTIVES #### > ########################### > > # > # Use traditional timestamp format. > # To enable high precision timestamps, comment out the following line. > # > $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat > > ############### > #### RULES #### > ############### > > # > # First some standard log files. Log by facility. > # > auth,authpriv.* /var/log/auth.log > *.*;auth,authpriv.none -/var/log/syslog > #cron.* /var/log/cron.log > daemon.* -/var/log/daemon.log > kern.* -/var/log/kern.log > lpr.* -/var/log/lpr.log > mail.* -/var/log/mail.log > user.* -/var/log/user.log > > # > # Logging for the mail system. Split it up so that > # it is easy to write scripts to parse these files. > # > mail.info -/var/log/mail.info > mail.warn -/var/log/mail.warn > mail.err /var/log/mail.err > > # > # Logging for INN news system. > # > news.crit /var/log/news/news.crit > news.err /var/log/news/news.err > news.notice -/var/log/news/news.notice > > # > # Some "catch-all" log files. > # > *.=debug;\ > auth,authpriv.none;\ > news.none;mail.none -/var/log/debug > *.=info;*.=notice;*.=warn;\ > auth,authpriv.none;\ > cron,daemon.none;\ > mail,news.none -/var/log/messages > > # > # Emergencies are sent to everybody logged in. > # > *.emerg * > > # > # I like to have messages displayed on the console, but only on a > virtual > # console I usually leave idle. > # > #daemon,mail.*;\ > # news.=crit;news.=err;news.=notice;\ > # *.=debug;*.=info;\ > # *.=notice;*.=warn /dev/tty8 > > # The named pipe /dev/xconsole is for the `xconsole' utility. To use > it, > # you must invoke `xconsole' with the `-file' option: > # > # $ xconsole -file /dev/xconsole [...] > # > # NOTE: adjust the list below, or you'll go crazy if you have a > reasonably > # busy site.. > # > daemon.*;mail.*;\ > news.err;\ > *.=debug;*.=info;\ > *.=notice;*.=warn |/dev/xconsole > > # Remote Logging (we use TCP for reliable delivery) > # An on-disk queue is created for this action. If the remote host is > # down, messages are spooled to disk and sent when it is up again. > $WorkDirectory /var/tmp/rsyslog/spool # where to place spool files > $ActionQueueFileName uniqName # unique name prefix for spool files > $ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible) > $ActionQueueSaveOnShutdown on # save messages to disk on shutdown > #$ActionQueueType LinkedList # run asynchronously > $ActionResumeRetryCount -1 # infinite retries if host is down > > > #$DefaultNetstreamDriver gtls # use gtls netstream driver > > # certificate files - just CA for a client > #$DefaultNetstreamDriverCAFile /root/ils/cacert.pem > #$DefaultNetstreamDriverCertFile /root/ils/bobatko_cert.pem > #$DefaultNetstreamDriverKeyFile /root/ils/bobatko_cert.pem > > # set up the action > #$ActionSendStreamDriverMode 1 # require TLS for the connection > #$ActionSendStreamDriverAuthMode anon # server is NOT authenticated > > #local7.info @@example.com:10514 > > > $ModLoad omgssapi > local7.info : omgssapi:example.com:10514 > > > and the server side: > > $ModLoad immark # provides --MARK-- message capability > $ModLoad imuxsock # provides support for local system logging (e.g. via > logger command) > $ModLoad imklog # kernel logging (formerly provided by rklogd) > > # Log all kernel messages to the console. > # Logging much else clutters up the screen. > #kern.* /dev/console > > # Log anything (except mail) of level info or higher. > # Don't log private authentication messages! > *.info;mail.none;authpriv.none;cron.none -/var/log/messages > > # The authpriv file has restricted access. > authpriv.* /var/log/secure > > # Log all the mail messages in one place. > mail.* -/var/log/maillog > > > # Log cron stuff > cron.* -/var/log/cron > > # Everybody gets emergency messages > *.emerg * > > # Save news errors of level crit and higher in a special file. > uucp,news.crit -/var/log/spooler > > # Save boot messages also to boot.log > local7.* /var/log/boot.log > > # ######### Receiving Messages from Remote Hosts ########## > # TCP Syslog Server: > # provides TCP syslog reception and GSS-API (if compiled to support it) > > #$ModLoad imtcp # TCP listener > > # make gtls driver the default > #$DefaultNetstreamDriver gtls > > # certificate files > #$DefaultNetstreamDriverCAFile /root/rsyslog/cacert.pem > #$DefaultNetstreamDriverCertFile /root/rsyslog/rsyslog_cert.pem > #$DefaultNetstreamDriverKeyFile /root/rsyslog/rsyslog_key.pem > > #$InputTCPServerStreamDriverAuthMode x509/name > #$InputTCPServerStreamDriverPermittedPeer bobatko > #$InputTCPServerStreamDriverMode 1 # run driver in TLS-only mode > > #$InputTCPServerRun 10514 # start up listener at port 10514 > > $ModLoad imgssapi > $InputGSSServerRun 10514 > > Thank you for the answer, > > Regards, > Tomas Kubina > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
