Hello,

I am quite stuck with relp relay failures on rsyslog-8.12.0 forwarding
relp to rsyslog-8.10.0-1.fc23.x86_64

Source system is SunOS5.10 Generic_147147-26 sun4u sparc SUNW with
following components:

gmp-6.1.0
gnutls-3.4.11
json-c-json-c-0.12-20140410
libestr-0.1.10
libgcrypt-1.4.1
libgpg-error-1.11
liblogging-1.0.5
librelp-1.2.7
nettle-3.1
rsyslog-7.6.1
rsyslog-8.12.0

Configured as:
action
(
type="omrelp"
name="cut"
target="cut"
port="601"
queue.size="5000"
queue.type="LinkedList"
queue.filename="rsyslog_relpfwd"
queue.lowwatermark="2000"
queue.highwatermark="3500"
queue.discardmark="5000"
queue.maxfilesize="1g"
queue.saveonshutdown="on"
action.ResumeInterval="10"
action.ResumeRetryCount="-1"
action.reportSuspension="on"
action.reportSuspensionContinuation="on"
)


Destination is a standard Fedora release 23 (Twenty Three) running on
x86_64 configured as follows:
input(type="imrelp" port="601")

Delivery from other systems (Fedora, RHEL) is working fine with RELP.
As well is plain TCP delivery from Solaris.

Here is tcpdump of the conversation:
14:23:28.588098 IP 10.7.7.105.33107 > rsyslog.host.tld.syslog-conn:
Flags [S], seq 3476335432, win 49640, options [mss 1350,nop,wscale
0,nop,nop,sackOK], length 0
    0x0000:  5254 005b 6a59 0010 dbef ae8e 0800 4500  RT.[jY........E.
    0x0010:  0034 c6ad 4000 3e06 b88f 0a07 0769 ac14  .4..@.>......i..
    0x0020:  0003 8153 0259 cf34 ab48 0000 0000 8002  ...S.Y.4.H......
    0x0030:  c1e8 f1ec 0000 0204 0546 0103 0300 0101  .........F......
    0x0040:  0402                                     ..
14:23:28.588161 IP rsyslog.host.tld.syslog-conn > 10.7.7.105.33107:
Flags [S.], seq 240901927, ack 3476335433, win 29200, options [mss
1460,nop,nop,sackOK,nop,wscale 7], length 0
    0x0000:  0010 dbef ae8e 5254 005b 6a59 0800 4500  ......RT.[jY..E.
    0x0010:  0034 0000 4000 4006 7d3d ac14 0003 0a07  .4..@.@.}=......
    0x0020:  0769 0259 8153 0e5b df27 cf34 ab49 8012  .i.Y.S.[.'.4.I..
    0x0030:  7210 bdad 0000 0204 05b4 0101 0402 0103  r...............
    0x0040:  0307                                     ..
14:23:28.600234 IP 10.7.7.105.33107 > rsyslog.host.tld.syslog-conn:
Flags [.], ack 1, win 49950, length 0
    0x0000:  5254 005b 6a59 0010 dbef ae8e 0800 4500  RT.[jY........E.
    0x0010:  0028 c6ae 4000 3e06 b89a 0a07 0769 ac14  .(..@.>......i..
    0x0020:  0003 8153 0259 cf34 ab49 0e5b df28 5010  ...S.Y.4.I.[.(P.
    0x0030:  c31e 4380 0000 0000 0000 0000            ..C.........
14:23:28.610238 IP 10.7.7.105.33107 > rsyslog.host.tld.syslog-conn:
Flags [P.], seq 1:97, ack 1, win 49950, length 96
    0x0000:  5254 005b 6a59 0010 dbef ae8e 0800 4500  RT.[jY........E.
    0x0010:  0088 c6b0 4000 3e06 b838 0a07 0769 ac14  ....@.>..8...i..
    0x0020:  0003 8153 0259 cf34 ab49 0e5b df28 5018  ...S.Y.4.I.[.(P.
    0x0030:  c31e ff06 0000 3120 6f70 656e 2038 3520  ......1.open.85.
    0x0040:  7265 6c70 5f76 6572 7369 6f6e 3d30 0a72  relp_version=0.r
    0x0050:  656c 705f 736f 6674 7761 7265 3d6c 6962  elp_software=lib
    0x0060:  7265 6c70 2c31 2e32 2e37 2c68 7474 703a  relp,1.2.7,http:
    0x0070:  2f2f 6c69 6272 656c 702e 6164 6973 636f  //librelp.adisco
    0x0080:  6e2e 636f 6d0a 636f 6d6d 616e 6473 3d73  n.com.commands=s
    0x0090:  7973 6c6f 670a                           yslog.
14:23:28.610258 IP rsyslog.host.tld.syslog-conn > 10.7.7.105.33107:
Flags [.], ack 97, win 229, length 0
    0x0000:  0010 dbef ae8e 5254 005b 6a59 0800 4500  ......RT.[jY..E.
    0x0010:  0028 9df1 4000 4006 df57 ac14 0003 0a07  .(..@[email protected]......
    0x0020:  0769 0259 8153 0e5b df28 cf34 aba9 5010  .i.Y.S.[.(.4..P.
    0x0030:  00e5 bda1 0000                           ......
14:23:28.610345 IP 10.7.7.105.33107 > rsyslog.host.tld.syslog-conn:
Flags [F.], seq 97, ack 1, win 49950, length 0
    0x0000:  5254 005b 6a59 0010 dbef ae8e 0800 4500  RT.[jY........E.
    0x0010:  0028 c6b1 4000 3e06 b897 0a07 0769 ac14  .(..@.>......i..
    0x0020:  0003 8153 0259 cf34 aba9 0e5b df28 5011  ...S.Y.4...[.(P.
    0x0030:  c31e 431f 0000 0000 0000 0000            ..C.........
14:23:29.967109 IP rsyslog.host.tld.syslog-conn > 10.7.7.105.33107:
Flags [P.], seq 1:103, ack 98, win 229, length 102
    0x0000:  0010 dbef ae8e 5254 005b 6a59 0800 4500  ......RT.[jY..E.
    0x0010:  008e 9df3 4000 4006 deef ac14 0003 0a07  ....@.@.........
    0x0020:  0769 0259 8153 0e5b df28 cf34 abaa 5018  .i.Y.S.[.(.4..P.
    0x0030:  00e5 be07 0000 3120 7273 7020 3932 2032  ......1.rsp.92.2
    0x0040:  3030 204f 4b0a 7265 6c70 5f76 6572 7369  00.OK.relp_versi
    0x0050:  6f6e 3d30 0a72 656c 705f 736f 6674 7761  on=0.relp_softwa
    0x0060:  7265 3d6c 6962 7265 6c70 2c31 2e32 2e37  re=librelp,1.2.7
    0x0070:  2c68 7474 703a 2f2f 6c69 6272 656c 702e  ,http://librelp.
    0x0080:  6164 6973 636f 6e2e 636f 6d0a 636f 6d6d  adiscon.com.comm
    0x0090:  616e 6473 3d73 7973 6c6f 670a            ands=syslog.
14:23:29.977781 IP 10.7.7.105.33107 > rsyslog.host.tld.syslog-conn:
Flags [R], seq 3476335530, win 49950, length 0
    0x0000:  5254 005b 6a59 0010 dbef ae8e 0800 4500  RT.[jY........E.
    0x0010:  0028 c6b8 4000 3e06 b890 0a07 0769 ac14  .(..@.>......i..
    0x0020:  0003 8153 0259 cf34 abaa 0000 0000 5004  ...S.Y.4......P.
    0x0030:  c31e 30af 0000 0000 0000 0000            ..0.........


Is there a better way to debug this?

For me it seems that the client rejects server response even though
1.rsp.92.200.OK sounds quite willing for a server response.

-Mikko
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Reply via email to