> I just did, but I have to admit it looks rather strange. Could you create a
> combined debug log & strace so that I can see what is issued in the case it
> works. I'd like to see the difference. Sorry for my ignorance , but what do
> you mean " create a combined debug log & strace "How can I do this ?
> From: [email protected]
> To: [email protected]
> Date: Mon, 28 Jan 2013 09:40:47 +0000
> Subject: Re: [rsyslog] Hi - Rsyslog run in debug mode only
>
>
> > -----Original Message-----
> > From: [email protected] [mailto:rsyslog-
> > [email protected]] On Behalf Of Rahul Bhat
> > Sent: Monday, January 28, 2013 10:13 AM
> > To: [email protected]
> > Subject: Re: [rsyslog] Hi - Rsyslog run in debug mode only
> >
> >
> > Hi Rainer, did you find any time to see the trace logs ?
>
> I just did, but I have to admit it looks rather strange. Could you create a
> combined debug log & strace so that I can see what is issued in the case it
> works. I'd like to see the difference.
>
> Rainer
>
> > Not sure if I can dig
> > deeper today. If you ghave note heard back on Monday, pls ping me!
> > > >
> > > > Rainer
> > > From: [email protected]
> > > To: [email protected]
> > > Date: Fri, 25 Jan 2013 23:57:50 +0100
> > > Subject: Re: [rsyslog] Hi - Rsyslog run in debug mode only
> > >
> > >
> > >
> > > Thanks for the help, appreciate it very much.
> > > > From: [email protected]
> > > > To: [email protected]
> > > > Date: Thu, 24 Jan 2013 11:39:46 +0000
> > > > Subject: Re: [rsyslog] Hi - Rsyslog run in debug mode only
> > > >
> > > > Not sure if I can dig deeper today. If you ghave note heard back on
> > Monday, pls ping me!
> > > >
> > > > Rainer
> > > >
> > > > > -----Original Message-----
> > > > > From: [email protected] [mailto:rsyslog-
> > > > > [email protected]] On Behalf Of Rahul Bhat
> > > > > Sent: Thursday, January 24, 2013 12:39 PM
> > > > > To: [email protected]
> > > > > Subject: Re: [rsyslog] Hi - Rsyslog run in debug mode only
> > > > >
> > > > >
> > > > >
> > > > > So here is the entire trace , and thanks for taking time for
> > > > > this, appreciate the time. > From: [email protected]
> > > > > > To: [email protected]
> > > > > > Date: Thu, 24 Jan 2013 11:31:32 +0000
> > > > > > Subject: Re: [rsyslog] Hi - Rsyslog run in debug mode only
> > > > > >
> > > > > >
> > > > > >
> > > > > > > -----Original Message-----
> > > > > > > From: [email protected] [mailto:rsyslog-
> > > > > > > [email protected]] On Behalf Of Rahul Bhat
> > > > > > > Sent: Thursday, January 24, 2013 12:11 PM
> > > > > > > To: [email protected]
> > > > > > > Subject: Re: [rsyslog] Hi - Rsyslog run in debug mode only
> > > > > > >
> > > > > > >
> > > > > > > Any ideas are welcome :)
> > > > > >
> > > > > > Ah, that's too few info. Can you send me the complete strace? I
> > > > > > am not so
> > > > > interested in single calls, but rather in the sequence (as I try
> > > > > to re-construct a kind of debug log from it). What I see below
> > > > > doesn't look like the problem cause.
> > > > > >
> > > > > > Rainer
> > > > > > > > From: [email protected]
> > > > > > > > To: [email protected]
> > > > > > > > Date: Wed, 23 Jan 2013 15:36:26 +0100
> > > > > > > > Subject: Re: [rsyslog] Hi - Rsyslog run in debug mode only
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > > Rainer :
> > > > > > > > > Actually, I am a bit puzzled. Can you try running an
> > > > > > > > > strace of an instance in
> > > > > > > non-debug mode? Maybe this provides some insight...
> > > > > > > > Comment - Hi , I was able to run the strace and here is the
> > > > > > > > output from the
> > > > > > > same . I believe rsyslogd is missing or not able to find some
> > > > > > > libraries.
> > > > > > > >
> > > > > > > > more service.txt.29923 |grep "(No"
> > > > > > > >
> > > > > > > > access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such
> > > > > > > > file or
> > > > > > > directory)
> > > > > > > >
> > > > > > > > open("/usr/lib64/tls/x86_64/libz.so.1",
> > > > > > > > O_RDONLY) = -1 ENOENT (No such file or directory)
> > > > > > > > stat("/usr/lib64/tls/x86_64", 0x7fff79ac2440) = -1 ENOENT
> > > > > > > > (No such file or directory) open("/usr/lib64/tls/libz.so.1",
> > > > > > > > O_RDONLY) = -1 ENOENT (No such file or directory)
> > > > > > > > open("/usr/lib64/x86_64/libz.so.1",
> > > > > > > > O_RDONLY) = -1 ENOENT (No such file or directory)
> > > > > > > > stat("/usr/lib64/x86_64", 0x7fff79ac2440) = -1 ENOENT (No
> > > > > > > > such file or
> > > > > > > > directory) open("/usr/lib64/tls/libpthread.so.0",
> > > > > > > > O_RDONLY) = -1 ENOENT (No such file or directory)
> > > > > > > > open("/usr/lib64/libpthread.so.0", O_RDONLY) = -1 ENOENT (No
> > > > > > > > such file or directory) open("/usr/lib64/tls/libdl.so.2",
> > > > > > > > O_RDONLY) =
> > > > > > > > -1 ENOENT (No such file or directory)
> > > > > > > > open("/usr/lib64/libdl.so.2",
> > > > > > > > O_RDONLY) = -1 ENOENT (No such file or directory)
> > > > > > > > open("/usr/lib64/tls/librt.so.1", O_RDONLY) = -1 ENOENT (No
> > > > > > > > such file or directory) open("/usr/lib64/librt.so.1",
> > > > > > > > O_RDONLY) = -1 ENOENT (No such file or directory)
> > > > > > > > open("/usr/lib64/tls/libestr.so.0", O_RDONLY) = -1 ENOENT
> > > > > > > > (No such file or directory)
> > > > > > > > open("/usr/lib64/tls/libjson.so.0", O_RDONLY) =
> > > > > > > > -1 ENOENT (No such file or directory)
> > > > > > > > open("/usr/lib64/tls/libee.so.0", O_RDONLY) = -1 ENOENT (No
> > > > > > > > such file or directory) open("/usr/lib64/tls/libm.so.6",
> > > > > > > > O_RDONLY) = -1 ENOENT (No such file or directory)
> > > > > > > > open("/usr/lib64/libm.so.6", O_RDONLY) = -1 ENOENT (No such
> > > > > > > > file or
> > > > > > > > directory) open("/usr/lib64/tls/libgcc_s.so.1", O_RDONLY) =
> > > > > > > > -1 ENOENT (No such file or directory)
> > > > > > > > open("/usr/lib64/libgcc_s.so.1", O_RDONLY) = -1 ENOENT (No
> > > > > > > > such file or directory) open("/usr/lib64/tls/libc.so.6",
> > > > > > > > O_RDONLY) = -1 ENOENT (No such file or directory)
> > > > > > > > open("/usr/lib64/libc.so.6", O_RDONLY) = -1 ENOENT (No such
> > > > > > > > file or
> > > > > > > > directory) open("/usr/lib64/tls/libnet.so.1", O_RDONLY) = -1
> > > > > > > > ENOENT (No such file or directory)
> > > > > > > > open("/usr/lib64/libnet.so.1",
> > > > > > > > O_RDONLY) =
> > > > > > > > -1 ENOENT (No such file or directory)
> > > > > > > > open("/var/run/rsyslogd.pid",
> > > > > > > > O_RDONLY) = -1 ENOENT (No such file or directory)
> > > > > > > > [root@mob2l720k strace]# gzip
> > > > > > > > service.txt.29923 [root@mob2l720k strace]# ls -ltr
> > > > > > > >
> > > > > > > > > From: [email protected]
> > > > > > > > > To: [email protected]
> > > > > > > > > Date: Wed, 23 Jan 2013 07:44:52 +0000
> > > > > > > > > Subject: Re: [rsyslog] Hi - Rsyslog run in debug mode only
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > > -----Original Message-----
> > > > > > > > > > From: [email protected] [mailto:rsyslog-
> > > > > > > > > > [email protected]] On Behalf Of Rahul Bhat
> > > > > > > > > > Sent: Wednesday, January 23, 2013 12:41 AM
> > > > > > > > > > To: [email protected]
> > > > > > > > > > Subject: Re: [rsyslog] Hi - Rsyslog run in debug mode
> > > > > > > > > > only
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > Hi Rado/Rainer,I tried running the rsyslog -n but
> > > > > > > > > > nothing happened , I didn't have any output . So we have
> > > > > > > > > > the same issue , spoofing and forwarding runs only with
> > > > > > > > > > debug mode -dn and rest nothing works.Any ideas are
> > > > > > > > > > welcome
> > > > > > > > >
> > > > > > > > > Actually, I am a bit puzzled. Can you try running an
> > > > > > > > > strace of an instance in
> > > > > > > non-debug mode? Maybe this provides some insight...
> > > > > > > > >
> > > > > > > > > Rainer
> > > > > > > > > >
> > > > > > > > > > > Date: Tue, 15 Jan 2013 13:55:27 +0200
> > > > > > > > > > > From: [email protected]
> > > > > > > > > > > To: [email protected]
> > > > > > > > > > > Subject: Re: [rsyslog] Hi - Rsyslog run in debug mode
> > > > > > > > > > > only
> > > > > > > > > > >
> > > > > > > > > > > Hi Rahul,
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > > 2013/1/15 Rahul Bhat <[email protected]>
> > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > > > hi radu, thanks for checking !! I am using -dn
> > > > > > > > > > > > option for debug mode. I didn't use -n only mode, I
> > > > > > > > > > > > can try. But how can I check the difference b/w the
> > > > > > > > > > > > two modes ( treat me new to rsyslog )
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > > I wasn't thinking about anything fancy, just that if
> > > > > > > > > > > you start it with -dn, it's not only debug mode, it's
> > > > > > > > > > > also foreground. So to narrow things down, you can try
> > > > > > > > > > > just with -n and see what
> > > > > > > happens.
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > > > I modified rulesets/modules/tempates and nothing
> > > > > > > > > > > > happens :(
> > > > > >
> > > > > > > Date:
> > > > > > > > > > > > Tue, 15 Jan 2013 13:09:10 +0200
> > > > > > > > > > > > > From: [email protected]
> > > > > > > > > > > > > To: [email protected]
> > > > > > > > > > > > > Subject: Re: [rsyslog] Hi - Rsyslog run in debug
> > > > > > > > > > > > > mode only
> > > > > > > > > > > > >
> > > > > > > > > > > > > Hi Rahul,
> > > > > > > > > > > > >
> > > > > > > > > > > > > I've never used UDP spoofing, so my best bet is to
> > > > > > > > > > > > > check out the differences between debug and non-
> > debug:
> > > > > > > > > > > > > - when you start it with debug, do you use -n? If
> > > > > > > > > > > > > yes, what happens if
> > > > > > > > > > > > you
> > > > > > > > > > > > > only do rsyslog -n?
> > > > > > > > > > > > > - do you drop privileges in your config?
> > > > > > > > > > > > >
> > > > > > > > > > > > > Best regards,
> > > > > > > > > > > > > Radu
> > > > > > > > > > > > >
> > > > > > > > > > > > > 2013/1/15 Rahul Bhat <[email protected]>
> > > > > > > > > > > > >
> > > > > > > > > > > > > >
> > > > > > > > > > > > > >
> > > > > > > > > > > > > >
> > > > > > > > > > > > > >
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > Dear Friends ,
> > > > > > > > > > > > > > Hope you doing great !!I came across this
> > > > > > > > > > > > > > mailing list while trying to configure the
> > > > > > > > > > > > > > rsyslog v 7.2.4 with spoofing using -
> > > > > > > > > > > > > > http://www.rsyslog.com/doc/omudpspoof.html.
> > > > > > > > > > > > > > Thanks for making the information available.
> > > > > > > > > > > > > > Unfortunately, I have a problem with the rsyslog
> > > > > > > > > > > > > > config and have been trying to sort it out for
> > > > > > > > > > > > > > sometime now. I have
> > > > > > > > > > > > Linux
> > > > > > > > > > > > > > rsyslog server which needs to send the logs to
> > > > > > > > > > > > > > the central syslog
> > > > > > > > > > > > server
> > > > > > > > > > > > > > keeping the originator Ip unchanged hence I am
> > > > > > > > > > > > > > using
> > > > > > > spooofing.
> > > > > > > > > > > > > > Current conf parameter regarding spoofing:
> > > > > > > > > > > > > > $ModLoad omudpspoof $template
> > spoofaddr,"%fromhost-ip%"
> > > > > > > > > > > > > > $template spooftemplate,"%rawmsg%"
> > > > > > > > > > > > > > $ActionOMUDPSpoofSourceNameTemplate spoofaddr
> > > > > > > > > > > > > > $ActionOMUDPSpoofTargetHost 10.xxx.xxx.xx
> > > > > > > > > > > > > > $ActionOMUDPSpoofTargetPort 514
> > > > > > > > > > $ActionOMUDPSpoofSourcePortStart
> > > > > > > > > > > > > > 514 $ActionOMUDPSpoofSourcePortEnd 514
> > > > > > > > > > > > > > *.* :omudpspoof:;spooftemplate My rsyslog
> > > > > > > > > > > > > > config works well when i am running the debug
> > > > > > > > > > > > > > mode but as
> > > > > > > > > > > > soon
> > > > > > > > > > > > > > as i go back to non-debug mode, i don't see the
> > > > > > > > > > > > > > logs being forwarded
> > > > > > > > > > > > to the
> > > > > > > > > > > > > > syslog server.All works well in debug but i
> > > > > > > > > > > > > > don't understand how and
> > > > > > > > > > > > which
> > > > > > > > > > > > > > entries should i change for corrective action.
> > > > > > > > > > > > > > If you have some time , would appreciate any ideas .
> > > > > > > > > > > > > > Thanks Rahul
> > > > > > > > > > > > > >
> > > > > > > > > > > > > >
> > > > > _______________________________________________
> > > > > > > > > > > > > > rsyslog mailing list
> > > > > > > > > > > > > > http://lists.adiscon.net/mailman/listinfo/rsyslo
> > > > > > > > > > > > > > g http://www.rsyslog.com/professional-services/
> > > > > > > > > > > > > > What's up with rsyslog? Follow
> > > > > > > > > > > > > > https://twitter.com/rgerhards NOTE WELL: This is
> > > > > > > > > > > > > > a PUBLIC mailing list, posts are ARCHIVED by a
> > > > > > > > > > > > myriad
> > > > > > > > > > > > > > of sites beyond our control. PLEASE UNSUBSCRIBE
> > > > > > > > > > > > > > and DO NOT POST if you DON'T LIKE THAT.
> > > > > > > > > > > > > >
> > > > > > > > > > > > >
> > _______________________________________________
> > > > > > > > > > > > > rsyslog mailing list
> > > > > > > > > > > > > http://lists.adiscon.net/mailman/listinfo/rsyslog
> > > > > > > > > > > > > http://www.rsyslog.com/professional-services/
> > > > > > > > > > > > > What's up with rsyslog? Follow
> > > > > > > > > > > > > https://twitter.com/rgerhards NOTE
> > > > > > > > > > > > > WELL: This is a PUBLIC mailing list, posts are
> > > > > > > > > > > > > ARCHIVED by a myriad
> > > > > > > > > > > > of sites beyond our control. PLEASE UNSUBSCRIBE and
> > > > > > > > > > > > DO NOT POST if you DON'T LIKE THAT.
> > > > > > > > > > > >
> > > > > > > > > > > >
> > _______________________________________________
> > > > > > > > > > > > rsyslog mailing list
> > > > > > > > > > > > http://lists.adiscon.net/mailman/listinfo/rsyslog
> > > > > > > > > > > > http://www.rsyslog.com/professional-services/
> > > > > > > > > > > > What's up with rsyslog? Follow
> > > > > > > > > > > > https://twitter.com/rgerhards NOTE
> > > > > > > > > > > > WELL: This is a PUBLIC mailing list, posts are
> > > > > > > > > > > > ARCHIVED by a myriad of sites beyond our control.
> > > > > > > > > > > > PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
> > THAT.
> > > > > > > > > > > >
> > > > > > > > > > >
> > _______________________________________________
> > > > > > > > > > > rsyslog mailing list
> > > > > > > > > > > http://lists.adiscon.net/mailman/listinfo/rsyslog
> > > > > > > > > > > http://www.rsyslog.com/professional-services/
> > > > > > > > > > > What's up with rsyslog? Follow
> > > > > > > > > > > https://twitter.com/rgerhards NOTE
> > > > > > > > > > > WELL: This is a PUBLIC mailing list, posts are
> > > > > > > > > > > ARCHIVED by a myriad of sites
> > > > > > > > > > beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST
> > > > > > > > > > if you DON'T LIKE THAT.
> > > > > > > > > >
> > > > > > > > > > _______________________________________________
> > > > > > > > > > rsyslog mailing list
> > > > > > > > > > http://lists.adiscon.net/mailman/listinfo/rsyslog
> > > > > > > > > > http://www.rsyslog.com/professional-services/
> > > > > > > > > > What's up with rsyslog? Follow
> > > > > > > > > > https://twitter.com/rgerhards NOTE
> > > > > > > WELL:
> > > > > > > > > > This is a PUBLIC mailing list, posts are ARCHIVED by a
> > > > > > > > > > myriad of sites beyond our control. PLEASE UNSUBSCRIBE
> > > > > > > > > > and DO NOT POST if
> > > > > > > you DON'T LIKE THAT.
> > > > > > > > > _______________________________________________
> > > > > > > > > rsyslog mailing list
> > > > > > > > > http://lists.adiscon.net/mailman/listinfo/rsyslog
> > > > > > > > > http://www.rsyslog.com/professional-services/
> > > > > > > > > What's up with rsyslog? Follow
> > > > > > > > > https://twitter.com/rgerhards NOTE
> > > > > > > > > WELL: This is a PUBLIC mailing list, posts are ARCHIVED by
> > > > > > > > > a myriad of sites
> > > > > > > beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> > > > > DON'T
> > > > > > > LIKE THAT.
> > > > > > > >
> > > > > > > > _______________________________________________
> > > > > > > > rsyslog mailing list
> > > > > > > > http://lists.adiscon.net/mailman/listinfo/rsyslog
> > > > > > > > http://www.rsyslog.com/professional-services/
> > > > > > > > What's up with rsyslog? Follow https://twitter.com/rgerhards
> > > > > > > > NOTE
> > > > > > > > WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
> > > > > > > > myriad of sites
> > > > > > > beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> > > > > DON'T
> > > > > > > LIKE THAT.
> > > > > > >
> > > > > > > _______________________________________________
> > > > > > > rsyslog mailing list
> > > > > > > http://lists.adiscon.net/mailman/listinfo/rsyslog
> > > > > > > http://www.rsyslog.com/professional-services/
> > > > > > > What's up with rsyslog? Follow https://twitter.com/rgerhards
> > > > > > > NOTE
> > > > > WELL:
> > > > > > > This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
> > > > > > > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT
> > > > > > > POST if you
> > > > > DON'T LIKE THAT.
> > > > > > _______________________________________________
> > > > > > rsyslog mailing list
> > > > > > http://lists.adiscon.net/mailman/listinfo/rsyslog
> > > > > > http://www.rsyslog.com/professional-services/
> > > > > > What's up with rsyslog? Follow https://twitter.com/rgerhards
> > > > > > NOTE
> > > > > > WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
> > > > > > myriad of sites
> > > > > beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> > > > > DON'T LIKE THAT.
> > > > >
> > > > _______________________________________________
> > > > rsyslog mailing list
> > > > http://lists.adiscon.net/mailman/listinfo/rsyslog
> > > > http://www.rsyslog.com/professional-services/
> > > > What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE
> > > > WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
> > > > sites
> > beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T
> > LIKE THAT.
> > >
> > > _______________________________________________
> > > rsyslog mailing list
> > > http://lists.adiscon.net/mailman/listinfo/rsyslog
> > > http://www.rsyslog.com/professional-services/
> > > What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE
> > > WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
> > > sites
> > beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T
> > LIKE THAT.
> >
> > _______________________________________________
> > rsyslog mailing list
> > http://lists.adiscon.net/mailman/listinfo/rsyslog
> > http://www.rsyslog.com/professional-services/
> > What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL:
> > This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites
> > beyond
> > our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
> sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T
> LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
