Ok, those error messages are far more detailed and look like they will help.
I would suggest posting this info to the gnutls folks and see if they can
explain what's going on.
This makes it very clear that your client is receiving data from the server that
it considers invalid, and as a result it is terminating the session and closing
the connection.
What version of libgnutls do you have on the client and on the server? if they
are different versions, that may be a clue as to what's going on.
This looks like it's probably a very similar problem to the other one that was
posted this week.
David Lang
On Fri, 30 Jan 2015, Muhammad Asif wrote:
Please have a look rsyslog.conf on server. http://pastebin.com/kkmi1D05
rsyslog on client
http://pastebin.com/aVEJmRem
Actually error occure when we start rsyslog on client. Error on server.
Jan 29 11:36:16 server rsyslogd-pid: imrelp[20514]: error 'TLS handshake
failed [gnutls error -9: A TLS packet with unexpected length was
received.]', object 'lstn 20514: conn to clt IP/fqdn' - input may not work
as intended [try http://www.rsyslog.com/e/2353 ]
Jan 29 11:36:16 server rsyslogd-pid: imrelp[20514]: error 'TLS record write
failed [gnutls error -10: The specified session has been invalidated for
some reason.]', object 'lstn 20514: conn to clt IP/fqdn' - input may not
work as intended [try http://www.rsyslog.com/e/2353 ]
On Fri, Jan 30, 2015 at 1:00 AM, David Lang <[email protected]> wrote:
you will need to tell your OS to stop the process it's running
service rsyslog stop
then use ps ax |grep rsyslogd to make sure that it's not running.
if, after doing this, you have rsyslog complaining that it thinks it's
already running, then it's likely that you have rsyslog crashing rather
than exiting cleanly and cleaning up it's pid file
the debug file you list below (http://pastebin.com/Tn4ezbgG) says at the
bottom that /var/run/rsyslog.pid exists and contains 3092, saying that it
thinks that there is already a copy of rsyslog running as pic 3092, so it
didn't startup
please also give the config file you are using.
since it never starts up, it never tries to connect out. The connection
will not be established until the first log message is processed that needs
to be sent to the destination that uses TLS
David Lang
On Thu, 29 Jan 2015, Muhammad Asif wrote:
here are debug files.
http://pastebin.com/Tn4ezbgG
http://pastebin.com/6DBKEg65
what insights can I get from it. Now I compiled from source but there is
nothing in /etc/init.d/. "service rsyslog restart" is also not running.
I have to kill process first and then start it again by "rsyslogd". I
oftenface any issue that process is already running, how can I take over
this issue means restart the running process.
On Thu, Jan 29, 2015 at 5:31 PM, Muhammad Asif <[email protected]>
wrote:
Thanks Sir, Now I have compiled from source and using it and facing same
"TLS handshake failed" problem. How can i debug it as you was saying.
Should I debug it by using the following command.
rsyslogd -dn >rsyslog.stdout.log 2>rsyslog.stderr.log
On Thu, Jan 29, 2015 at 4:11 PM, Rainer Gerhards <
[email protected]
wrote:
as I said, that's too old. you need a daily build.
2015-01-29 12:10 GMT+01:00 Muhammad Asif <[email protected]>:
rsyslogd 8.7.0, compiled with:
FEATURE_REGEXP: Yes
GSSAPI Kerberos 5 support: No
FEATURE_DEBUG (debug build, slow code): No
32bit Atomic operations supported: Yes
64bit Atomic operations supported: Yes
memory allocator: jemalloc
Runtime Instrumentation (slow code): No
uuid support: Yes
Number of Bits in RainerScript integers: 64
On Thu, Jan 29, 2015 at 4:09 PM, Rainer Gerhards <
[email protected]
wrote:
which version?
2015-01-29 12:05 GMT+01:00 Muhammad Asif <[email protected]>:
We are adding it like this
global (
debug.gnutls = "10"
)
but we are facing following error.
rsyslogd: error during parsing file /etc/rsyslog.conf, on or before
line
20: parameter 'debug.gnutls' not known -- typo in config file? [try
http://www.rsyslog.com/e/2207 ]
I have also installed gnutls-bin and rsyslog-gnutls
On Thu, Jan 29, 2015 at 3:59 PM, Rainer Gerhards <
[email protected]
wrote:
2015-01-29 11:57 GMT+01:00 Muhammad Asif <[email protected]>:
Thanks.
I have to add it in /etc/rsyslog.conf file?
yes
or I have to add it in
configure script and then build it from source.
Is there any way if I want to install rsyslog v8.6 from your
repository.
it's new and in no existing release. If you use Ubuntu, you can
use a
daily
package, else you need to build from source (or wait until Feb
24th
for
8.8.0).
Rainer
On Thu, Jan 29, 2015 at 3:49 PM, Rainer Gerhards <
[email protected]
wrote:
sorry:
global(debug.gnutls="10")
2015-01-29 11:48 GMT+01:00 Rainer Gerhards <
[email protected]
:
global(debug.gnutls="on")
2015-01-29 11:47 GMT+01:00 Muhammad Asif <
[email protected]
:
Where to enable this debug.gnutls level.
On Thu, Jan 29, 2015 at 11:59 AM, Rainer Gerhards <
[email protected]>
wrote:
I don't know about the environment variable, but we have
just
added
a
"debug.gnutls" global parameter, which you can use to set
the
GnuTLS
debug
level (0-none to 10-extremely verbose as of GnuTLS doc).
If
set
to
somthing
greater than zero, it will forward GnuTLS debug info to
rsyslog's
debug
log.
I think it is already available via the daily builds as
tarball
and
Ubuntu
package.
http://www.rsyslog.com/downloads/download-daily-build/
HTH
Rainer
2015-01-29 0:49 GMT+01:00 kimleanne <[email protected]
:
I'm a bit confused. Nikos mentioned that adding the
environment
variable
GNUTLS_DEBUG_LEVEL=9 would provide more output (at
least
the
errno).
On 29/01/15 12:36, David Lang wrote:
unfortunantly rsyslog doesn't have a good way to see
the
details
of
gnutls errors. If you take a look at
https://github.com/rsyslog/rsyslog/issues/219 you
will
see
how
to
enable the GnuTLS debuggin, but it currently requires
editing
the
source and compiling it yourself.
David Lang
On Wed, 28 Jan 2015, Muhammad Asif wrote:
Date: Wed, 28 Jan 2015 17:27:04 +0500
From: Muhammad Asif <[email protected]>
Reply-To: rsyslog-users <[email protected]>
To: rsyslog-users <[email protected]>
Subject: [rsyslog] TLS Handshake Failed issue
Hi!
I am working on Ubuntu 14.4. I have created
certificates
for
server
and
clients many times but the following error is not
easing
my
life.
Please
help me what problem can be.
Jan 27 21:35:06 demo rsyslogd-2353: imrelp[20514]:
error
'TLS
handshake
failed [gnutls error -15: An unexpected TLS packet
was
received.]',
object
'lstn 20514: conn to clt IP/FDQN' - input may not
work
as
intended
[try
http://www.rsyslog.com/e/2353 ]
Regards
Asif
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow
https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are
ARCHIVED
by a
myriad of sites beyond our control. PLEASE
UNSUBSCRIBE
and
DO
NOT
POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow
https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are
ARCHIVED
by
a
myriad of sites beyond our control. PLEASE
UNSUBSCRIBE
and
DO
NOT
POST
if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow
https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are
ARCHIVED
by
a
myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO
NOT
POST
if
you
DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow
https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are
ARCHIVED
by
a
myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO
NOT
POST
if
you
DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow
https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are
ARCHIVED
by
a
myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT
POST
if
you
DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED
by a
myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT
POST
if
you
DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by
a
myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST
if
you
DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if
you
DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if
you
DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
