when you get into this mode, run top and hit H to show per-thread cpu usage
does it show the imtcp thread using 100% cpu? if so, you may have run into a problem that I am occasionally having.
does tis happen during the time of your debug log? David Lang On Mon, 24 Aug 2020, Tod A Sandman via rsyslog wrote:
Date: Mon, 24 Aug 2020 21:30:49 -0500 From: Tod A Sandman via rsyslog <[email protected]> To: [email protected] Cc: Tod A Sandman <[email protected]> Subject: [rsyslog] Palo Alto Network device logging stopped working I am running a central log server with rsyslog-8.2006 and the latest release of RHEL7. A few weeks ago logging stopped working for one type of client, our security group's (ISO) Palo Alto Network (PAN) devices. These log to a dedicated port (9022) using SSL and imtcp. I've tried both the ossl and gtls drivers and get the same result: tcpdump shows network traffic from the clients and lsof shows established connections, but no logging is taking place. Logging via the same port/config works fine for Linux rsyslog clients I've tested. It sure seems like a client or a network issue to me: imtcp.c : nsd_ossl.c: osslRecordRecv: Errno 104, connection resetted by peer But our ISO group is at a loss and I have no more ideas. I'm hoping that someone can look at my config and error logs and confirm this is a client issue and/or give me any suggestions for further debugging. To minimize the configuration debugging and noise, today I had the ISO folk point a single PAN device to a standby rsyslog server identical to the production server. I then removed all client logging configuration on the standby except for the PAN client configuration. Attached (rsyslog_debug_fail.log.gz) is a debug log after starting rsyslog, waiting a few minutes, and stopping rsyslog. Attached also are my config files. Thanks for any advice. Tod A. Sandman Office of Information Technology Rice University
_______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
