Hello,
I am quite stuck with relp relay failures on rsyslog-8.12.0 forwarding
relp to rsyslog-8.10.0-1.fc23.x86_64
Source system is SunOS5.10 Generic_147147-26 sun4u sparc SUNW with
following components:
gmp-6.1.0
gnutls-3.4.11
json-c-json-c-0.12-20140410
libestr-0.1.10
libgcrypt-1.4.1
libgpg-error-1.11
liblogging-1.0.5
librelp-1.2.7
nettle-3.1
rsyslog-7.6.1
rsyslog-8.12.0
Configured as:
action
(
type="omrelp"
name="cut"
target="cut"
port="601"
queue.size="5000"
queue.type="LinkedList"
queue.filename="rsyslog_relpfwd"
queue.lowwatermark="2000"
queue.highwatermark="3500"
queue.discardmark="5000"
queue.maxfilesize="1g"
queue.saveonshutdown="on"
action.ResumeInterval="10"
action.ResumeRetryCount="-1"
action.reportSuspension="on"
action.reportSuspensionContinuation="on"
)
Destination is a standard Fedora release 23 (Twenty Three) running on
x86_64 configured as follows:
input(type="imrelp" port="601")
Delivery from other systems (Fedora, RHEL) is working fine with RELP.
As well is plain TCP delivery from Solaris.
Here is tcpdump of the conversation:
14:23:28.588098 IP 10.7.7.105.33107 > rsyslog.host.tld.syslog-conn:
Flags [S], seq 3476335432, win 49640, options [mss 1350,nop,wscale
0,nop,nop,sackOK], length 0
0x0000: 5254 005b 6a59 0010 dbef ae8e 0800 4500 RT.[jY........E.
0x0010: 0034 c6ad 4000 3e06 b88f 0a07 0769 ac14 .4..@.>......i..
0x0020: 0003 8153 0259 cf34 ab48 0000 0000 8002 ...S.Y.4.H......
0x0030: c1e8 f1ec 0000 0204 0546 0103 0300 0101 .........F......
0x0040: 0402 ..
14:23:28.588161 IP rsyslog.host.tld.syslog-conn > 10.7.7.105.33107:
Flags [S.], seq 240901927, ack 3476335433, win 29200, options [mss
1460,nop,nop,sackOK,nop,wscale 7], length 0
0x0000: 0010 dbef ae8e 5254 005b 6a59 0800 4500 ......RT.[jY..E.
0x0010: 0034 0000 4000 4006 7d3d ac14 0003 0a07 .4..@.@.}=......
0x0020: 0769 0259 8153 0e5b df27 cf34 ab49 8012 .i.Y.S.[.'.4.I..
0x0030: 7210 bdad 0000 0204 05b4 0101 0402 0103 r...............
0x0040: 0307 ..
14:23:28.600234 IP 10.7.7.105.33107 > rsyslog.host.tld.syslog-conn:
Flags [.], ack 1, win 49950, length 0
0x0000: 5254 005b 6a59 0010 dbef ae8e 0800 4500 RT.[jY........E.
0x0010: 0028 c6ae 4000 3e06 b89a 0a07 0769 ac14 .(..@.>......i..
0x0020: 0003 8153 0259 cf34 ab49 0e5b df28 5010 ...S.Y.4.I.[.(P.
0x0030: c31e 4380 0000 0000 0000 0000 ..C.........
14:23:28.610238 IP 10.7.7.105.33107 > rsyslog.host.tld.syslog-conn:
Flags [P.], seq 1:97, ack 1, win 49950, length 96
0x0000: 5254 005b 6a59 0010 dbef ae8e 0800 4500 RT.[jY........E.
0x0010: 0088 c6b0 4000 3e06 b838 0a07 0769 ac14 ....@.>..8...i..
0x0020: 0003 8153 0259 cf34 ab49 0e5b df28 5018 ...S.Y.4.I.[.(P.
0x0030: c31e ff06 0000 3120 6f70 656e 2038 3520 ......1.open.85.
0x0040: 7265 6c70 5f76 6572 7369 6f6e 3d30 0a72 relp_version=0.r
0x0050: 656c 705f 736f 6674 7761 7265 3d6c 6962 elp_software=lib
0x0060: 7265 6c70 2c31 2e32 2e37 2c68 7474 703a relp,1.2.7,http:
0x0070: 2f2f 6c69 6272 656c 702e 6164 6973 636f //librelp.adisco
0x0080: 6e2e 636f 6d0a 636f 6d6d 616e 6473 3d73 n.com.commands=s
0x0090: 7973 6c6f 670a yslog.
14:23:28.610258 IP rsyslog.host.tld.syslog-conn > 10.7.7.105.33107:
Flags [.], ack 97, win 229, length 0
0x0000: 0010 dbef ae8e 5254 005b 6a59 0800 4500 ......RT.[jY..E.
0x0010: 0028 9df1 4000 4006 df57 ac14 0003 0a07 .(..@[email protected]......
0x0020: 0769 0259 8153 0e5b df28 cf34 aba9 5010 .i.Y.S.[.(.4..P.
0x0030: 00e5 bda1 0000 ......
14:23:28.610345 IP 10.7.7.105.33107 > rsyslog.host.tld.syslog-conn:
Flags [F.], seq 97, ack 1, win 49950, length 0
0x0000: 5254 005b 6a59 0010 dbef ae8e 0800 4500 RT.[jY........E.
0x0010: 0028 c6b1 4000 3e06 b897 0a07 0769 ac14 .(..@.>......i..
0x0020: 0003 8153 0259 cf34 aba9 0e5b df28 5011 ...S.Y.4...[.(P.
0x0030: c31e 431f 0000 0000 0000 0000 ..C.........
14:23:29.967109 IP rsyslog.host.tld.syslog-conn > 10.7.7.105.33107:
Flags [P.], seq 1:103, ack 98, win 229, length 102
0x0000: 0010 dbef ae8e 5254 005b 6a59 0800 4500 ......RT.[jY..E.
0x0010: 008e 9df3 4000 4006 deef ac14 0003 0a07 ....@.@.........
0x0020: 0769 0259 8153 0e5b df28 cf34 abaa 5018 .i.Y.S.[.(.4..P.
0x0030: 00e5 be07 0000 3120 7273 7020 3932 2032 ......1.rsp.92.2
0x0040: 3030 204f 4b0a 7265 6c70 5f76 6572 7369 00.OK.relp_versi
0x0050: 6f6e 3d30 0a72 656c 705f 736f 6674 7761 on=0.relp_softwa
0x0060: 7265 3d6c 6962 7265 6c70 2c31 2e32 2e37 re=librelp,1.2.7
0x0070: 2c68 7474 703a 2f2f 6c69 6272 656c 702e ,http://librelp.
0x0080: 6164 6973 636f 6e2e 636f 6d0a 636f 6d6d adiscon.com.comm
0x0090: 616e 6473 3d73 7973 6c6f 670a ands=syslog.
14:23:29.977781 IP 10.7.7.105.33107 > rsyslog.host.tld.syslog-conn:
Flags [R], seq 3476335530, win 49950, length 0
0x0000: 5254 005b 6a59 0010 dbef ae8e 0800 4500 RT.[jY........E.
0x0010: 0028 c6b8 4000 3e06 b890 0a07 0769 ac14 .(..@.>......i..
0x0020: 0003 8153 0259 cf34 abaa 0000 0000 5004 ...S.Y.4......P.
0x0030: c31e 30af 0000 0000 0000 0000 ..0.........
Is there a better way to debug this?
For me it seems that the client rejects server response even though
1.rsp.92.200.OK sounds quite willing for a server response.
-Mikko
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.