On Thu, 8 May 2014, Rainer Gerhards wrote:
On Wed, May 7, 2014 at 5:20 PM, Barry Haycock <[email protected]>wrote:
a debug dump will be rather difficult as the logs are on a system not
connected to the Internet.
The debug log is alsways written to a local file, so you don't need an
Internet connection. Just copy it over like you normally do.
there's also a good chance that looking through the debug log you will see the
information you need (earch for the error message you got and look to see what
is happening shortly before that)
David Lang
Rainer
Will see what I can achieve.
Thanks.
--
Barry
(M) 0411 064 000
(F) 02 6257 7308
Banpen Fugyou - 10,000 Changes, No surprises
Key Fingerprint: 4CFF 5276 1BF5 DFD4 684B CBD2 E414 6292 D40E
BBFDQuoting David Lang <[email protected]>:
note that with v8 devel rsyslog-gnutls is obsolete and should be
uninstalled (it's rolled into the main rsyslog package now)
David Lang
On Wed, 7 May 2014, Radu Gheorghe wrote:
Date: Wed, 7 May 2014 17:11:01 +0300
From: Radu Gheorghe <[email protected]>
Reply-To: rsyslog-users <[email protected]>
To: rsyslog-users <[email protected]>
Subject: Re: [rsyslog] TCP Encryption Netstream Errors
Hi Barry,
I remember seeing this error, but I don't remember the context. Do you
have
the rsyslog-gnutls package installed? Or did you enable gnutls when
compiling it?
If yes, can you double-check the validity of your certificate. I see a
strange issue being reported in this thread:
http://kb.monitorware.com/rsyslog-with-tls-does-not-work-for-t12092.html
If these don't help, can you say more about your OS and GnuTLS versions?
Best regards,
Radu
--
Performance Monitoring * Log Analytics * Search Analytics
Solr & Elasticsearch Support * http://sematext.com/
On Wed, May 7, 2014 at 9:46 AM, Barry Haycock
<[email protected]>wrote:
Hi all,
I was wondering if I could request some assistance.
Currently, I am trying to setup TCP encryption and I get the following
error on my rsyslog server when the client is trying to send encrypted
TCP
log events.
<Date> <server>: netsteam session 0x7fae50001740 will be closed due to
error [try http://www.rsyslog.com/e/2089]
<Date> <server>: netsteam session 0x7fae50002db0 will be closed due to
error [try http://www.rsyslog.com/e/2089]
<Date> <server>: netsteam session 0x7fae500097a0 will be closed due to
error [try http://www.rsyslog.com/e/2089]
Web research states that there should be an error message preceding
this
error. I don't get any error messages prior to this.
My Server config is
Rsyslog V7.6.3 (GNUTLS V2.8.5)
$DefaultNetstreamDriver gtls
$DefaultNetstreamDriverCAFile <Path to CA PEM>
$DefaultNetstreamDriverCertFile <Path to Cert>
$DefaultNetstreamDriverKeyFile <Path to Key>
module(load="imtcp" MaxListeners="2000" StreamDriver.Name="gtls"
StreamDriver.Mode="1" StreamDriver.AuthMode="X509/name")
input(type-"imtcp" port="6173" name="tcp-tls")
My client config is
Rsyslog V5.8.10 (gnuTLSV2.8.5)
$DefaultNetstreamDriver gtls
$DefaultNetstreamDriverCAFile <Path to CA PEM>
$DefaultNetstreamDriverCertFile <Path to Cert>
$DefaultNetstreamDriverKeyFile <Path to Key>
$ActionSendStreamDriverAuthMode x509/name
$ActionSendSteamDriverMode 1
*.info;mail.none;authpriv.none;cron.none /var/log/messages
& @@<rsyslog_server>:6173;VLMessagesFwdFmt
The client is the bog standard rsyslog client as delivered on my centos
test machine while the server (which is the same OS) has been upgraded
to
the V7.6.3 release from the rsyslog website.
My CA and certificates for testing is one created using openssl.
Any ideas would be appreciated.
--
Barry
Banpen Fugyou - 10,000 Changes, No surprises
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT
POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT
POST if you DON'T LIKE THAT.
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
