Long story short - I can't go newer than the latest major version release delivered from the vendor (Oracle gives a newer version of rsyslog than RHEL - 6.x). So 7.x will not be approved. I can probably sell them that I need RHEL to match Solaris if that worked.
However - I did both of the tests I mentioned before and both with no luck. I installed 6.6.0 on the RHEL box and tried to send logs via TLS to/from the Solaris 11 box and had the same issue. I then built another Solaris 11 (x86) machine so that I can do a Solaris -> Solaris test using identical versions and STILL had the same generic error message to the console. I really expected that one to work. Solaris 11 server debug error message: <snip> 4547.473551176:8: Called LogError, msg: gnutls returned error on handshake: A TLS packet with unexpected length was received. 4547.473595371:8: MsgSetTAG in: len 14, pszBuf: rsyslogd-2083: 4547.473611941:8: MsgSetTAG exit: pMsg->iLenTAG 14, pMsg->TAG.szBuf: rsyslogd-2083: 4547.473661896:8: main Q: entry added, size now log 1, phys 1 entries 4547.473718762:8: main Q: EnqueueMsg advised worker start 4547.473810224:6: wti 80c5f30: worker awoke from idle processing 4547.473856136:6: we deleted 0 objects and enqueued 0 objects 4547.473832081:8: tcpsrv: error -2083 during accept <snip> Solaris 11 client debug error message: <snip> 4663.105890060:6: source file /builds/hudson/workspace/nightly-update/build/i386/components/rsyslog/rs yslog-6.2.0/runtime/netstrms.c requested reference for module 'lmnsd_gtls', reference count now 1 4663.122824985:6: unexpected GnuTLS error -53 in /builds/hudson/workspace/nightly-update/build/i386/components/rsyslog/rs yslog-6.2.0/runtime/nsd_gtls.c:1628: Error in the push function. 4663.122971746:6: file /builds/hudson/workspace/nightly-update/build/i386/components/rsyslog/rs yslog-6.2.0/runtime/netstrms.c released module 'lmnsd_gtls', reference count now 0 4663.122991113:6: module 'lmnsd_gtls' has zero reference count, unloading... 4663.123005005:6: Unloading module lmnsd_gtls 4663.123021138:6: file /builds/hudson/workspace/nightly-update/build/i386/components/rsyslog/rs yslog-6.2.0/runtime/nsdsel_gtls.c released module 'lmnsd_ptcp', reference count now 1 4663.123452360:6: file /builds/hudson/workspace/nightly-update/build/i386/components/rsyslog/rs yslog-6.2.0/runtime/nsd_gtls.c released module 'lmnsd_ptcp', reference count now 0 4663.123470518:6: module 'lmnsd_ptcp' has zero reference count, unloading... 4663.123484293:6: Unloading module lmnsd_ptcp 4663.123502518:6: file /builds/hudson/workspace/nightly-update/build/i386/components/rsyslog/rs yslog-6.2.0/runtime/nsd_ptcp.c released module 'lmnetstrms', reference count now 2 4663.123580029:6: file /builds/hudson/workspace/nightly-update/build/i386/components/rsyslog/rs yslog-6.2.0/runtime/nsd_gtls.c released module 'lmnet', reference count now 3 4663.123612575:6: Action 80d2678 transitioned to state: rtry 4663.123628413:6: action 80d2678 call returned -2007 4663.123642357:6: tryDoAction: unexpected error code -2007[nElem 1, Commited UpTo 0], finalizing 4663.123656433:6: XXXXX: tryDoAction 80d2678, pnElem 1, nElem 1 4663.123671100:6: 128.38.10.250 4663.123689220:6: caller requested object 'nsd_gtls', not found (iRet -3003) 4663.123703241:6: Requested to load module 'lmnsd_gtls' 4663.123718256:6: loading module '/usr/lib/rsyslog/lmnsd_gtls.so' 4663.123739261:6: source file /builds/hudson/workspace/nightly-update/build/i386/components/rsyslog/rs yslog-6.2.0/runtime/nsd_gtls.c requested reference for module 'lmnet', reference count now 4 4663.123757056:6: caller requested object 'nsd_ptcp', not found (iRet -3003) 4663.123770748:6: Requested to load module 'lmnsd_ptcp' 4663.123785332:6: loading module '/usr/lib/rsyslog/lmnsd_ptcp.so' 4663.123963382:6: source file /builds/hudson/workspace/nightly-update/build/i386/components/rsyslog/rs yslog-6.2.0/runtime/nsd_ptcp.c requested reference for module 'lmnetstrms', reference count now 3 4663.123995307:6: module of type 2 being loaded. 4663.124010528:6: entry point 'isCompatibleWithFeature' not present in module 4663.124025644:6: source file /builds/hudson/workspace/nightly-update/build/i386/components/rsyslog/rs yslog-6.2.0/runtime/nsd_gtls.c requested reference for module 'lmnsd_ptcp', reference count now 1 4663.125145812:6: GTLS CA file: '/certs/ca.pem' 4663.126243833:6: source file /builds/hudson/workspace/nightly-update/build/i386/components/rsyslog/rs yslog-6.2.0/runtime/nsdsel_gtls.c requested reference for module 'lmnsd_ptcp', reference count now 2 4663.126269595:6: module of type 2 being loaded. 4663.126285049:6: entry point 'isCompatibleWithFeature' not present in module 4663.126300768:6: source file /builds/hudson/workspace/nightly-update/build/i386/components/rsyslog/rs yslog-6.2.0/runtime/netstrms.c requested reference for module 'lmnsd_gtls', reference count now 1 4663.128649886:6: unexpected GnuTLS error -9 in /builds/hudson/workspace/nightly-update/build/i386/components/rsyslog/rs yslog-6.2.0/runtime/nsd_gtls.c:1628: A TLS packet with unexpected length was received. <snip> I noticed that the client complains about 'nsd_gtls' a lot then goes to 'lmnsd_gtls'. Is that just a library path thing that doesn't really matter much, or is this indicative of a 'real' problem? Now that I look at the logs side by side, I probably should have enabled NTP so that the times match... Sorry! Let me know if anyone wants to see the configs or the full debug log. I would appreciate any help. Thanks, Chad -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of David Lang Sent: Thursday, August 01, 2013 11:36 AM To: rsyslog-users Subject: Re: [rsyslog] Rsyslog with TLS woes If you are going to upgrade, you are far better off going to 7.2 than 6.x 7.2 is still in support, for older versions, if you run into this sort of problem you would have to go to RHEL or Solaris for support. David Lang On Thu, 1 Aug 2013, Truhn, Chad M CTR NSWCDD, CXA30 wrote: > Thanks for the response David, I was beginning to worry that no one was > going to have any ideas. > > The Solaris box is x86. I went in and loaded the supplied keys from the > source package to make sure it wasn't a key issue and had the same > problem. I then stood up another RHEL6 box (rsyslog 5.8.10-6) and I was > able to successfully get them to talk over TLS. This rules out server > configuration error and I tried to copy the client configuration as > closely as I could. I also reversed the test and tried to send logs > from the Linux box to the Solaris box but again had issues. That was a > different problem, but I can't recall the error off of the top of my > head since I don't have my notes in front of me. > > I plan to try two more things (today hopefully). 1) Stand up another > Solaris 10 (x86) box and see if I can send TLS encrypted messages from > Solaris -> Solaris. 2) Pull down a rsyslog 6 package from EPEL for the > RHEL box and see if that allows the Solaris system to play nice. I > don't know if I will get approval to update the package in production or > not, but it is worth testing. > > Thanks again and let me know if you have any further ideas. > > Chad > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of David Lang > Sent: Thursday, August 01, 2013 3:21 AM > To: rsyslog-users > Subject: Re: [rsyslog] Rsyslog with TLS woes > > This is an area I don't know much about. Rainer is on vacation for > several weeks, hopefully Andre can take a look at this. > > Is the Solaris system on Sparc or x86? If it's Sparc, I'd be very > suspicious of a endian related bug. If it was possible for you to do a > quick test between a Sparc and x86 Solaris box to see if that works or > not it would be interesting (if that fails, same version on each, just > the architecture difference, I would bet heavily on an endian bug) > > David Lang > > On Tue, 30 Jul 2013, Truhn, Chad M CTR NSWCDD, CXA30 wrote: > >> Date: Tue, 30 Jul 2013 11:26:52 -0400 >> From: "Truhn, Chad M CTR NSWCDD, CXA30" <[email protected]> >> Reply-To: rsyslog-users <[email protected]> >> To: [email protected] >> Subject: [rsyslog] Rsyslog with TLS woes >> >> Hello All, >> >> I am trying to get rsyslog working with TLS and I am having some > issues. >> I am running a Red Hat 6 server (rsyslog 5.8.10-6) and a Solaris 11 >> client (rsyslog 6.2.0), both in -c5 compatibility mode. I have >> verified that I am can send data unencrypted between these two >> machines, but when I enable TLS I get: >> >> rsyslogd: netstream session 0x7f938c01ad20 will be closed due to error > >> [try http://www.rsyslog.com/e/2078 ] >> >> I followed the guide at >> http://www.rsyslog.com/doc/rsyslog_secure_tls.html to get all of my >> certificates and keys set up. I have tried re-creating the certs >> again to make sure I don't have a typo and got the same results. >> >> I then ran the rsyslogd process in debug mode to try to get more >> information and this is what I get: >> >> From the server (logserver): >> unexpected GnuTLS error -9 in nsd_gtls.c:519: A TLS packet with >> unexpected length was received. >> >> From the client (sol11): >> unexpected GnuTLS error -24 in >> /builds/hudson/workspace/nightly-update/build/i386/components/rsyslog/ >> rs >> yslog-6.2.0/runtime/nsd_gtls.c:1628: Decryption has failed. >> >> The applicable lines in my config files are: >> >> Server: >> $DefaultNetstreamDriver gtls >> >> $DefaultNetstreamDriverCAFile /certs/ca.pem >> $DefaultNetstreamDriverCertFile /certs/logserver-cert.pem >> $DefaultNetstreamDriverKeyFile /certs/logserver-key.pem >> >> $InputTCPServerStreamDriverAuthMode x509/name >> $InputTCPServerStreamDriverPermittedPeer *.mydomain >> $InputTCPServerStreamDriverMode 1 $InputTCPServerRun 514 >> >> >> Client: >> # make gtls driver the default >> $DefaultNetstreamDriver gtls >> >> # certificate files >> $DefaultNetstreamDriverCAFile /certs/ca.pem >> $DefaultNetstreamDriverCertFile /certs/sol11-cert.pem >> $DefaultNetstreamDriverKeyFile /certs/sol11-key.pem >> >> $ActionSendStreamDriverAuthMode x509/name >> $ActionSendStreamDriverPermittedPeer *.mydomain >> $ActionSendStreamDriverMode 1 # run driver in TLS-only mode >> >> *.* @@logserver:514 >> >> >> Any ideas as to what I might be doing wrong? I can send along my full > >> config files or debug log if needed, but I didn't want to make this >> message too long. I am also fairly stuck on what versions of rsyslog >> I can run (must be supplied by vendor, RedHat/Oracle) but if this is a > >> bug in one of the versions or an issue with the version mismatch >> between client and server I may be able to convince the right people >> to update the minor revisions. >> >> >> Thanks in advance! >> >> >> >> Thank you, >> >> Chad Truhn >> >> >> _______________________________________________ >> rsyslog mailing list >> http://lists.adiscon.net/mailman/listinfo/rsyslog >> http://www.rsyslog.com/professional-services/ >> What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE >> WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. >> > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: > This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites > beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE > THAT. > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
