There is properly a problem with the module 'lmnsd_gtls' on your system. Either it is damaged, or maybe compiled by an older installation / other version of RSyslog than installed. I would recommend to reconfigure and recompile RSyslog completely and make all old binaries are overwritten.
Best regards, Andre Lorbach > -----Original Message----- > From: [email protected] [mailto:rsyslog- > [email protected]] On Behalf Of Truhn, Chad M CTR NSWCDD, > CXA30 > Sent: Friday, August 02, 2013 5:12 PM > To: rsyslog-users > Subject: Re: [rsyslog] Rsyslog with TLS woes > > Long story short - I can't go newer than the latest major version release > delivered from the vendor (Oracle gives a newer version of rsyslog than RHEL > - 6.x). So 7.x will not be approved. I can probably sell them that I need RHEL > to match Solaris if that worked. > > However - I did both of the tests I mentioned before and both with no luck. I > installed 6.6.0 on the RHEL box and tried to send logs via TLS to/from the > Solaris 11 box and had the same issue. > > I then built another Solaris 11 (x86) machine so that I can do a Solaris > -> Solaris test using identical versions and STILL had the same generic > error message to the console. I really expected that one to work. > > Solaris 11 server debug error message: > <snip> > 4547.473551176:8: Called LogError, msg: gnutls returned error on > handshake: A TLS packet with unexpected length was received. > 4547.473595371:8: MsgSetTAG in: len 14, pszBuf: rsyslogd-2083: > 4547.473611941:8: MsgSetTAG exit: pMsg->iLenTAG 14, pMsg->TAG.szBuf: > rsyslogd-2083: > 4547.473661896:8: main Q: entry added, size now log 1, phys 1 entries > 4547.473718762:8: main Q: EnqueueMsg advised worker start > 4547.473810224:6: wti 80c5f30: worker awoke from idle processing > 4547.473856136:6: we deleted 0 objects and enqueued 0 objects > 4547.473832081:8: tcpsrv: error -2083 during accept <snip> > > Solaris 11 client debug error message: > <snip> > 4663.105890060:6: source file > /builds/hudson/workspace/nightly- > update/build/i386/components/rsyslog/rs > yslog-6.2.0/runtime/netstrms.c requested reference for module > 'lmnsd_gtls', reference count now 1 > 4663.122824985:6: unexpected GnuTLS error -53 in > /builds/hudson/workspace/nightly- > update/build/i386/components/rsyslog/rs > yslog-6.2.0/runtime/nsd_gtls.c:1628: Error in the push function. > 4663.122971746:6: file > /builds/hudson/workspace/nightly- > update/build/i386/components/rsyslog/rs > yslog-6.2.0/runtime/netstrms.c released module 'lmnsd_gtls', reference > count now 0 > 4663.122991113:6: module 'lmnsd_gtls' has zero reference count, unloading... > 4663.123005005:6: Unloading module lmnsd_gtls > 4663.123021138:6: file > /builds/hudson/workspace/nightly- > update/build/i386/components/rsyslog/rs > yslog-6.2.0/runtime/nsdsel_gtls.c released module 'lmnsd_ptcp', reference > count now 1 > 4663.123452360:6: file > /builds/hudson/workspace/nightly- > update/build/i386/components/rsyslog/rs > yslog-6.2.0/runtime/nsd_gtls.c released module 'lmnsd_ptcp', reference > count now 0 > 4663.123470518:6: module 'lmnsd_ptcp' has zero reference count, > unloading... > 4663.123484293:6: Unloading module lmnsd_ptcp > 4663.123502518:6: file > /builds/hudson/workspace/nightly- > update/build/i386/components/rsyslog/rs > yslog-6.2.0/runtime/nsd_ptcp.c released module 'lmnetstrms', reference > count now 2 > 4663.123580029:6: file > /builds/hudson/workspace/nightly- > update/build/i386/components/rsyslog/rs > yslog-6.2.0/runtime/nsd_gtls.c released module 'lmnet', reference count > now 3 > 4663.123612575:6: Action 80d2678 transitioned to state: rtry > 4663.123628413:6: action 80d2678 call returned -2007 > 4663.123642357:6: tryDoAction: unexpected error code -2007[nElem 1, > Commited UpTo 0], finalizing > 4663.123656433:6: XXXXX: tryDoAction 80d2678, pnElem 1, nElem 1 > 4663.123671100:6: 128.38.10.250 > 4663.123689220:6: caller requested object 'nsd_gtls', not found (iRet > -3003) > 4663.123703241:6: Requested to load module 'lmnsd_gtls' > 4663.123718256:6: loading module '/usr/lib/rsyslog/lmnsd_gtls.so' > 4663.123739261:6: source file > /builds/hudson/workspace/nightly- > update/build/i386/components/rsyslog/rs > yslog-6.2.0/runtime/nsd_gtls.c requested reference for module 'lmnet', > reference count now 4 > 4663.123757056:6: caller requested object 'nsd_ptcp', not found (iRet > -3003) > 4663.123770748:6: Requested to load module 'lmnsd_ptcp' > 4663.123785332:6: loading module '/usr/lib/rsyslog/lmnsd_ptcp.so' > 4663.123963382:6: source file > /builds/hudson/workspace/nightly- > update/build/i386/components/rsyslog/rs > yslog-6.2.0/runtime/nsd_ptcp.c requested reference for module > 'lmnetstrms', reference count now 3 > 4663.123995307:6: module of type 2 being loaded. > 4663.124010528:6: entry point 'isCompatibleWithFeature' not present in > module > 4663.124025644:6: source file > /builds/hudson/workspace/nightly- > update/build/i386/components/rsyslog/rs > yslog-6.2.0/runtime/nsd_gtls.c requested reference for module > 'lmnsd_ptcp', reference count now 1 > 4663.125145812:6: GTLS CA file: '/certs/ca.pem' > 4663.126243833:6: source file > /builds/hudson/workspace/nightly- > update/build/i386/components/rsyslog/rs > yslog-6.2.0/runtime/nsdsel_gtls.c requested reference for module > 'lmnsd_ptcp', reference count now 2 > 4663.126269595:6: module of type 2 being loaded. > 4663.126285049:6: entry point 'isCompatibleWithFeature' not present in > module > 4663.126300768:6: source file > /builds/hudson/workspace/nightly- > update/build/i386/components/rsyslog/rs > yslog-6.2.0/runtime/netstrms.c requested reference for module > 'lmnsd_gtls', reference count now 1 > 4663.128649886:6: unexpected GnuTLS error -9 in > /builds/hudson/workspace/nightly- > update/build/i386/components/rsyslog/rs > yslog-6.2.0/runtime/nsd_gtls.c:1628: A TLS packet with unexpected length > was received. > <snip> > > > I noticed that the client complains about 'nsd_gtls' a lot then goes to > 'lmnsd_gtls'. Is that just a library path thing that doesn't really matter much, > or is this indicative of a 'real' problem? > > Now that I look at the logs side by side, I probably should have enabled NTP > so that the times match... Sorry! > > Let me know if anyone wants to see the configs or the full debug log. I would > appreciate any help. > > Thanks, > Chad > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of David Lang > Sent: Thursday, August 01, 2013 11:36 AM > To: rsyslog-users > Subject: Re: [rsyslog] Rsyslog with TLS woes > > If you are going to upgrade, you are far better off going to 7.2 than 6.x > > 7.2 is still in support, for older versions, if you run into this sort of problem > you would have to go to RHEL or Solaris for support. > > David Lang > > On Thu, 1 Aug 2013, Truhn, Chad M CTR NSWCDD, CXA30 wrote: > > > Thanks for the response David, I was beginning to worry that no one > was > > going to have any ideas. > > > > The Solaris box is x86. I went in and loaded the supplied keys from > the > > source package to make sure it wasn't a key issue and had the same > > problem. I then stood up another RHEL6 box (rsyslog 5.8.10-6) and I > was > > able to successfully get them to talk over TLS. This rules out server > > configuration error and I tried to copy the client configuration as > > closely as I could. I also reversed the test and tried to send logs > > from the Linux box to the Solaris box but again had issues. That was > a > > different problem, but I can't recall the error off of the top of my > > head since I don't have my notes in front of me. > > > > I plan to try two more things (today hopefully). 1) Stand up another > > Solaris 10 (x86) box and see if I can send TLS encrypted messages from > > Solaris -> Solaris. 2) Pull down a rsyslog 6 package from EPEL for > the > > RHEL box and see if that allows the Solaris system to play nice. I > > don't know if I will get approval to update the package in production > or > > not, but it is worth testing. > > > > Thanks again and let me know if you have any further ideas. > > > > Chad > > > > -----Original Message----- > > From: [email protected] > > [mailto:[email protected]] On Behalf Of David Lang > > Sent: Thursday, August 01, 2013 3:21 AM > > To: rsyslog-users > > Subject: Re: [rsyslog] Rsyslog with TLS woes > > > > This is an area I don't know much about. Rainer is on vacation for > > several weeks, hopefully Andre can take a look at this. > > > > Is the Solaris system on Sparc or x86? If it's Sparc, I'd be very > > suspicious of a endian related bug. If it was possible for you to do a > > quick test between a Sparc and x86 Solaris box to see if that works or > > not it would be interesting (if that fails, same version on each, just > > the architecture difference, I would bet heavily on an endian bug) > > > > David Lang > > > > On Tue, 30 Jul 2013, Truhn, Chad M CTR NSWCDD, CXA30 wrote: > > > >> Date: Tue, 30 Jul 2013 11:26:52 -0400 > >> From: "Truhn, Chad M CTR NSWCDD, CXA30" > <[email protected]> > >> Reply-To: rsyslog-users <[email protected]> > >> To: [email protected] > >> Subject: [rsyslog] Rsyslog with TLS woes > >> > >> Hello All, > >> > >> I am trying to get rsyslog working with TLS and I am having some > > issues. > >> I am running a Red Hat 6 server (rsyslog 5.8.10-6) and a Solaris 11 > >> client (rsyslog 6.2.0), both in -c5 compatibility mode. I have > >> verified that I am can send data unencrypted between these two > >> machines, but when I enable TLS I get: > >> > >> rsyslogd: netstream session 0x7f938c01ad20 will be closed due to > error > > > >> [try http://www.rsyslog.com/e/2078 ] > >> > >> I followed the guide at > >> http://www.rsyslog.com/doc/rsyslog_secure_tls.html to get all of my > >> certificates and keys set up. I have tried re-creating the certs > >> again to make sure I don't have a typo and got the same results. > >> > >> I then ran the rsyslogd process in debug mode to try to get more > >> information and this is what I get: > >> > >> From the server (logserver): > >> unexpected GnuTLS error -9 in nsd_gtls.c:519: A TLS packet with > >> unexpected length was received. > >> > >> From the client (sol11): > >> unexpected GnuTLS error -24 in > >> > /builds/hudson/workspace/nightly-update/build/i386/components/rsyslog/ > >> rs > >> yslog-6.2.0/runtime/nsd_gtls.c:1628: Decryption has failed. > >> > >> The applicable lines in my config files are: > >> > >> Server: > >> $DefaultNetstreamDriver gtls > >> > >> $DefaultNetstreamDriverCAFile /certs/ca.pem > >> $DefaultNetstreamDriverCertFile /certs/logserver-cert.pem > >> $DefaultNetstreamDriverKeyFile /certs/logserver-key.pem > >> > >> $InputTCPServerStreamDriverAuthMode x509/name > >> $InputTCPServerStreamDriverPermittedPeer *.mydomain > >> $InputTCPServerStreamDriverMode 1 $InputTCPServerRun 514 > >> > >> > >> Client: > >> # make gtls driver the default > >> $DefaultNetstreamDriver gtls > >> > >> # certificate files > >> $DefaultNetstreamDriverCAFile /certs/ca.pem > >> $DefaultNetstreamDriverCertFile /certs/sol11-cert.pem > >> $DefaultNetstreamDriverKeyFile /certs/sol11-key.pem > >> > >> $ActionSendStreamDriverAuthMode x509/name > >> $ActionSendStreamDriverPermittedPeer *.mydomain > >> $ActionSendStreamDriverMode 1 # run driver in TLS-only mode > >> > >> *.* @@logserver:514 > >> > >> > >> Any ideas as to what I might be doing wrong? I can send along my > full > > > >> config files or debug log if needed, but I didn't want to make this > >> message too long. I am also fairly stuck on what versions of rsyslog > >> I can run (must be supplied by vendor, RedHat/Oracle) but if this is > a > > > >> bug in one of the versions or an issue with the version mismatch > >> between client and server I may be able to convince the right people > >> to update the minor revisions. > >> > >> > >> Thanks in advance! > >> > >> > >> > >> Thank you, > >> > >> Chad Truhn > >> > >> > >> _______________________________________________ > >> rsyslog mailing list > >> http://lists.adiscon.net/mailman/listinfo/rsyslog > >> http://www.rsyslog.com/professional-services/ > >> What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE > >> WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of > > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > > DON'T LIKE THAT. > >> > > _______________________________________________ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com/professional-services/ > > What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE > WELL: > > This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites > > beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T > LIKE > > THAT. > > _______________________________________________ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com/professional-services/ > > What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE > > WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a > myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST > if you DON'T LIKE THAT. > > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: > This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond > our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: > This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond > our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
