Re: [rsyslog] Qualys scan against rsyslog causes it to segfault

2017-10-27 Thread deoren
On 10/23/2017 7:55 PM, deoren wrote: On 10/23/2017 7:51 PM, deoren wrote: On 10/23/2017 7:38 PM, deoren wrote: On 10/23/2017 7:11 PM, David Lang wrote: do you have a tcpdump or info from Qualys saying what it sends as part of the scan? David Lang Thankfully (for troubleshooting

Re: [rsyslog] Qualys scan against rsyslog causes it to segfault

2017-10-23 Thread deoren
On 10/23/2017 7:51 PM, deoren wrote: On 10/23/2017 7:38 PM, deoren wrote: On 10/23/2017 7:11 PM, David Lang wrote: do you have a tcpdump or info from Qualys saying what it sends as part of the scan? David Lang Thankfully (for troubleshooting purposes), the problem isn't specific to the

Re: [rsyslog] Qualys scan against rsyslog causes it to segfault

2017-10-23 Thread deoren
On 10/23/2017 7:38 PM, deoren wrote: On 10/23/2017 7:11 PM, David Lang wrote: do you have a tcpdump or info from Qualys saying what it sends as part of the scan? David Lang Thankfully (for troubleshooting purposes), the problem isn't specific to the Qualys scan. I later learned that

Re: [rsyslog] Qualys scan against rsyslog causes it to segfault

2017-10-23 Thread deoren
On 10/23/2017 7:11 PM, David Lang wrote: do you have a tcpdump or info from Qualys saying what it sends as part of the scan? David Lang Thankfully (for troubleshooting purposes), the problem isn't specific to the Qualys scan. I later learned that messages coming from our ESXi hosts

Re: [rsyslog] Qualys scan against rsyslog causes it to segfault

2017-10-23 Thread David Lang
do you have a tcpdump or info from Qualys saying what it sends as part of the scan? David Lang ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow

Re: [rsyslog] Qualys scan against rsyslog causes it to segfault

2017-10-23 Thread deoren
On 10/7/2017 10:44 AM, deoren wrote: On 10/7/2017 5:25 AM, Rainer Gerhards wrote: 2017-10-07 7:57 GMT+02:00 deoren : As I dig more into this, I'm beginning to think the only thing the Qualys scan did was aggravate an existing problem and cause

Re: [rsyslog] Qualys scan against rsyslog causes it to segfault

2017-10-07 Thread deoren
On 10/7/2017 5:25 AM, Rainer Gerhards wrote: 2017-10-07 7:57 GMT+02:00 deoren : As I dig more into this, I'm beginning to think the only thing the Qualys scan did was aggravate an existing problem and cause rsyslog to tip over more quickly. While

Re: [rsyslog] Qualys scan against rsyslog causes it to segfault

2017-10-07 Thread Rainer Gerhards
2017-10-07 7:57 GMT+02:00 deoren : > As I dig more into this, I'm beginning to think the only thing the Qualys > scan did was aggravate an existing problem and cause rsyslog to tip over > more quickly. > > While I didn't observe the problem at the

Re: [rsyslog] Qualys scan against rsyslog causes it to segfault

2017-10-06 Thread deoren
On 10/6/2017 4:42 PM, David Lang wrote: On Fri, 6 Oct 2017, deoren wrote: I'm going to retest soon, one port at a time to see if the segfault is specific to one of the inputs. Once I determine that I'll likely setup a vanilla installation of rsyslog with imudp, imptcp and imrelp enabled and

Re: [rsyslog] Qualys scan against rsyslog causes it to segfault

2017-10-06 Thread David Lang
On Fri, 6 Oct 2017, deoren wrote: I'm going to retest soon, one port at a time to see if the segfault is specific to one of the inputs. Once I determine that I'll likely setup a vanilla installation of rsyslog with imudp, imptcp and imrelp enabled and try to replicate the segfault. If I can

Re: [rsyslog] Qualys scan against rsyslog causes it to segfault

2017-10-06 Thread deoren
2017-10-06 8:27 GMT+02:00 deoren : On October 6, 2017 1:03:32 AM CDT, Thomas Deutschmann via rsyslog wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2017-10-06 07:45, deoren wrote: Is this expected? I

Re: [rsyslog] Qualys scan against rsyslog causes it to segfault

2017-10-06 Thread Rainer Gerhards
In any case, I think it would make sense to use the current 8.29.0 version if not installed. Just a thought. Rainer 2017-10-06 8:27 GMT+02:00 deoren : > > > On October 6, 2017 1:03:32 AM CDT, Thomas Deutschmann via rsyslog >

Re: [rsyslog] Qualys scan against rsyslog causes it to segfault

2017-10-06 Thread deoren
On October 6, 2017 1:03:32 AM CDT, Thomas Deutschmann via rsyslog wrote: >-BEGIN PGP SIGNED MESSAGE- >Hash: SHA512 > >On 2017-10-06 07:45, deoren wrote: >> Is this expected? I recall reading that rsyslog should be properly >> firewalled to protect it from

Re: [rsyslog] Qualys scan against rsyslog causes it to segfault

2017-10-06 Thread Thomas Deutschmann via rsyslog
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2017-10-06 07:45, deoren wrote: > Is this expected? I recall reading that rsyslog should be properly > firewalled to protect it from malicious traffic, but I couldn't > recall what would happen if it were exposed to scans: fall over vs > trash

[rsyslog] Qualys scan against rsyslog causes it to segfault

2017-10-05 Thread deoren
Is this expected? I recall reading that rsyslog should be properly firewalled to protect it from malicious traffic, but I couldn't recall what would happen if it were exposed to scans: fall over vs trash data logged. ___ rsyslog mailing list