subject:"Re\: \[rsyslog\] Updates 8.29 \-> 8.30 broke several logs"

Re: [rsyslog] Updates 8.29 -> 8.30 broke several logs

2017-11-29 Thread Rainer Gerhards

just quickly (busy for obvious reason ;-))

https://github.com/rsyslog/rsyslog/issues/2134

Rainer

2017-11-29 15:20 GMT+01:00 Mike Schleif :
> On Fri, Nov 24, 2017 at 11:55 AM, Rainer Gerhards 
> wrote:
>
>> 2017-11-24 16:49 GMT+01:00 Mike Schleif :
>> > How will we return to the $basearch repository?
>>
>> It'll be part of next Tuesday's 8.31.0 release. Packages are done
>> usually on the same day or day after. You should be safe to switch
>> back to them once this is done.
>>
>> Rainer
>>
>
> Yesterday, we updated: rsyslog.x86_64 0:8.30.0.2-1.el7
>
> To:
> $ /usr/sbin/rsyslogd -v
> rsyslogd 8.31.0, compiled with:
> PLATFORM:   x86_64-redhat-linux-gnu
> PLATFORM (lsb_release -d):
> FEATURE_REGEXP: Yes
> GSSAPI Kerberos 5 support:  No
> FEATURE_DEBUG (debug build, slow code): No
> 32bit Atomic operations supported:  Yes
> 64bit Atomic operations supported:  Yes
> memory allocator:   system default
> Runtime Instrumentation (slow code):No
> uuid support:   Yes
> Number of Bits in RainerScript integers: 64
>
> Everything regarding this issue appeared to function properly. So, we
> decided to restart rsyslogd:
>
> # /bin/systemctl restart rsyslog
>
> Unfortunately, that never returns to the prompt! rsyslogd -n is in the
> process table, logs are being logged and ommysql is writing to two
> databases.
>
> /bin/systemctl stop rsyslog - behaves properly; but, /bin/systemctl start
> rsyslog - also never returns to prompt.
>
> Full reboot appears to complete properly, although /bin/systemctl status
> rsyslog - contains two errors about connecting to the databases.
>
>
> Is this topic for new thread?
>
> Ought we revert to rsyslog.x86_64 0:8.30.0.2-1.el7 ?
> ___
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
> sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T 
> LIKE THAT.
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] Updates 8.29 -> 8.30 broke several logs

2017-11-29 Thread Mike Schleif

On Fri, Nov 24, 2017 at 11:55 AM, Rainer Gerhards 
wrote:

> 2017-11-24 16:49 GMT+01:00 Mike Schleif :
> > How will we return to the $basearch repository?
>
> It'll be part of next Tuesday's 8.31.0 release. Packages are done
> usually on the same day or day after. You should be safe to switch
> back to them once this is done.
>
> Rainer
>

Yesterday, we updated: rsyslog.x86_64 0:8.30.0.2-1.el7

To:
$ /usr/sbin/rsyslogd -v
rsyslogd 8.31.0, compiled with:
PLATFORM:   x86_64-redhat-linux-gnu
PLATFORM (lsb_release -d):
FEATURE_REGEXP: Yes
GSSAPI Kerberos 5 support:  No
FEATURE_DEBUG (debug build, slow code): No
32bit Atomic operations supported:  Yes
64bit Atomic operations supported:  Yes
memory allocator:   system default
Runtime Instrumentation (slow code):No
uuid support:   Yes
Number of Bits in RainerScript integers: 64

Everything regarding this issue appeared to function properly. So, we
decided to restart rsyslogd:

# /bin/systemctl restart rsyslog

Unfortunately, that never returns to the prompt! rsyslogd -n is in the
process table, logs are being logged and ommysql is writing to two
databases.

/bin/systemctl stop rsyslog - behaves properly; but, /bin/systemctl start
rsyslog - also never returns to prompt.

Full reboot appears to complete properly, although /bin/systemctl status
rsyslog - contains two errors about connecting to the databases.

Is this topic for new thread?

Ought we revert to rsyslog.x86_64 0:8.30.0.2-1.el7 ?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] Updates 8.29 -> 8.30 broke several logs

2017-11-24 Thread Rainer Gerhards

2017-11-24 16:49 GMT+01:00 Mike Schleif :
> Rainer,
>
> It looks like this this testing package is working properly. Thank you.

Thanks for reporting!

>
> We have updated rsyslog from the testing repository via yum:
>
> Updated:
>   rsyslog.x86_64 0:8.30.0.2-1.el7
>
> Dependency Updated:
>   rsyslog-mysql.x86_64 0:8.30.0.2-1.el7
>
>
> This host has rebooted twice (2x) and we do have debug logs.
>
> How will we return to the $basearch repository?

It'll be part of next Tuesday's 8.31.0 release. Packages are done
usually on the same day or day after. You should be safe to switch
back to them once this is done.

Rainer
>
>
>
> On Tue, Nov 21, 2017 at 6:26 AM, Rainer Gerhards 
> wrote:
>
>> Mike,
>>
>> did you have a chance to look at the new package?
>>
>> Rainer
>>
>> 2017-11-17 17:57 GMT+01:00 Rainer Gerhards :
>> > Mike,
>> >
>> > Florian has created a new 8.30.0.2 package. It's not actually like I
>> > would like to have it, but at least it contains what you need to check
>> > the imjournal issue.
>> >
>> > Rainer
>>
> ___
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
> sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T 
> LIKE THAT.
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] Updates 8.29 -> 8.30 broke several logs

2017-11-24 Thread Mike Schleif

Rainer,

It looks like this this testing package is working properly. Thank you.

We have updated rsyslog from the testing repository via yum:

Updated:
  rsyslog.x86_64 0:8.30.0.2-1.el7

Dependency Updated:
  rsyslog-mysql.x86_64 0:8.30.0.2-1.el7


This host has rebooted twice (2x) and we do have debug logs.

How will we return to the $basearch repository?



On Tue, Nov 21, 2017 at 6:26 AM, Rainer Gerhards 
wrote:

> Mike,
>
> did you have a chance to look at the new package?
>
> Rainer
>
> 2017-11-17 17:57 GMT+01:00 Rainer Gerhards :
> > Mike,
> >
> > Florian has created a new 8.30.0.2 package. It's not actually like I
> > would like to have it, but at least it contains what you need to check
> > the imjournal issue.
> >
> > Rainer
>
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] Updates 8.29 -> 8.30 broke several logs

2017-11-21 Thread Rainer Gerhards

2017-11-21 14:49 GMT+01:00 Mike Schleif :
> Rainer,
>
> No, not yet. I'm hoping to work on it this Friday. Thank you.

OK, no problem.

Rainer
>
>
>
> On Tue, Nov 21, 2017 at 6:26 AM, Rainer Gerhards 
> wrote:
>
>> Mike,
>>
>> did you have a chance to look at the new package?
>>
>> Rainer
>>
>> 2017-11-17 17:57 GMT+01:00 Rainer Gerhards :
>> > Mike,
>> >
>> > Florian has created a new 8.30.0.2 package. It's not actually like I
>> > would like to have it, but at least it contains what you need to check
>> > the imjournal issue.
>> >
>> > Rainer
>> >
>> > 2017-11-13 16:12 GMT+01:00 Rainer Gerhards :
>> >> will come this week
>> >>
>> >> 2017-11-13 15:56 GMT+01:00 Mike Schleif :
>> >>> Rainer,
>> >>>
>> >>> Please, advise status. Thank you.
>>
> ___
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
> sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T 
> LIKE THAT.
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] Updates 8.29 -> 8.30 broke several logs

2017-11-21 Thread Mike Schleif

Rainer,

No, not yet. I'm hoping to work on it this Friday. Thank you.



On Tue, Nov 21, 2017 at 6:26 AM, Rainer Gerhards 
wrote:

> Mike,
>
> did you have a chance to look at the new package?
>
> Rainer
>
> 2017-11-17 17:57 GMT+01:00 Rainer Gerhards :
> > Mike,
> >
> > Florian has created a new 8.30.0.2 package. It's not actually like I
> > would like to have it, but at least it contains what you need to check
> > the imjournal issue.
> >
> > Rainer
> >
> > 2017-11-13 16:12 GMT+01:00 Rainer Gerhards :
> >> will come this week
> >>
> >> 2017-11-13 15:56 GMT+01:00 Mike Schleif :
> >>> Rainer,
> >>>
> >>> Please, advise status. Thank you.
>
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] Updates 8.29 -> 8.30 broke several logs

2017-11-21 Thread Rainer Gerhards

Mike,

did you have a chance to look at the new package?

Rainer

2017-11-17 17:57 GMT+01:00 Rainer Gerhards :
> Mike,
>
> Florian has created a new 8.30.0.2 package. It's not actually like I
> would like to have it, but at least it contains what you need to check
> the imjournal issue.
>
> Rainer
>
> 2017-11-13 16:12 GMT+01:00 Rainer Gerhards :
>> will come this week
>>
>> 2017-11-13 15:56 GMT+01:00 Mike Schleif :
>>> Rainer,
>>>
>>> Please, advise status. Thank you.
>>>
>>> On Mon, Nov 6, 2017 at 8:57 AM, Rainer Gerhards 
>>> wrote:
>>>
 thanks for following up!

 2017-11-06 15:54 GMT+01:00 Mike Schleif :
 > Rainer,
 >
 > I see that you closed #1895 yesterday.
 >
 > Does this mean that there is something for us to test now?

 Yup. FYI: I closed because I think it is fixed and keeping the PR open
 any longer causes grief with CI integration. Too many changes going on
 in parallel. If it doesn't work out, we can fix anyway.
 >
 > Where is it?

 Not yet ready. There is a backlog from last week which we need to work
 on. I'll let you know when it is ready. I'd guess tomorrow or
 Wednesday, based on discussion this morning. Let's then see if it
 really solves the problem for you - I guess so but would like to have
 proof.

 Rainer
 >
 > Please, advise. Thank you.
 >
 > ~ Mike
 >
 >
 >
 > On Fri, Oct 27, 2017 at 10:48 AM, Rainer Gerhards <
 rgerha...@hq.adiscon.com>
 > wrote:
 >
 >> 2017-10-27 17:32 GMT+02:00 Mike Schleif :
 >> > Rainer,
 >> >
 >> > I'd much prefer if you can build the test RPM, like was done for
 >> 8.30.0.1.
 >> > This is a critical Production host, and it's not easy scheduling it
 for
 >> > multiple reboots. That, and I'm rather rusty at compiling right the
 first
 >> > time ...;-)
 >>
 >> No problem, but it'lk probably take a week or so (next week is a
 >> mega-public holiay week over here in Germany and we have thight
 >> ressources). I'd also like to fully complete the patch before going
 >> through a package build.
 >>
 >> Please also subscribe to the issue tracker if you have not yet done.
 >> When it is closed, you know it is merged - just in case I forget to
 >> notify via this mail.
 >>
 >> Thx,
 >> Rainer
 >> >
 >> > ~ Mike
 >> >
 >> >
 >> > On Fri, Oct 27, 2017 at 9:56 AM, Rainer Gerhards <
 >> rgerha...@hq.adiscon.com>
 >> > wrote:
 >> >
 >> >> I think we have a fix now. It's already mentioned in the GitHub issue
 >> >> tracker. Can you build from source and try it?
 >> >>
 >> >> Rainer
 >> >>
 >> >> Sent from phone, thus brief.
 >> >>
 >> >> Am 27.10.2017 16:46 schrieb "Mike Schleif" <
 >> mike+rsys...@mdsresource.net>:
 >> >>
 >> >> > Rainer,
 >> >> >
 >> >> > Please, advise status. Thank you.
 >> >> >
 >> >> > ~ Mike
 >> >> >
 >> >> >
 >> >> > On Tue, Oct 24, 2017 at 9:10 AM, Rainer Gerhards <
 >> >> rgerha...@hq.adiscon.com
 >> >> > >
 >> >> > wrote:
 >> >> >
 >> >> > > ok, thanks, we are getting closer:
 >> >> > >
 >> >> > > https://github.com/rsyslog/rsyslog/issues/1895
 >> >> > >
 >> >> > > While the question is why it get's an error in the first place,
 >> >> > > imjournal should definitely handle the situation more gracefully.
 >> Need
 >> >> > > to think/code and then need you to apply another test build.
 >> >> > >
 >> >> > > Rainer

>>>
>>>  
>>> ___
>>> rsyslog mailing list
>>> http://lists.adiscon.net/mailman/listinfo/rsyslog
>>> http://www.rsyslog.com/professional-services/
>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
>>> sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T 
>>> LIKE THAT.
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] Updates 8.29 -> 8.30 broke several logs

2017-11-17 Thread Rainer Gerhards

Mike,

Florian has created a new 8.30.0.2 package. It's not actually like I
would like to have it, but at least it contains what you need to check
the imjournal issue.

Rainer

2017-11-13 16:12 GMT+01:00 Rainer Gerhards :
> will come this week
>
> 2017-11-13 15:56 GMT+01:00 Mike Schleif :
>> Rainer,
>>
>> Please, advise status. Thank you.
>>
>> On Mon, Nov 6, 2017 at 8:57 AM, Rainer Gerhards 
>> wrote:
>>
>>> thanks for following up!
>>>
>>> 2017-11-06 15:54 GMT+01:00 Mike Schleif :
>>> > Rainer,
>>> >
>>> > I see that you closed #1895 yesterday.
>>> >
>>> > Does this mean that there is something for us to test now?
>>>
>>> Yup. FYI: I closed because I think it is fixed and keeping the PR open
>>> any longer causes grief with CI integration. Too many changes going on
>>> in parallel. If it doesn't work out, we can fix anyway.
>>> >
>>> > Where is it?
>>>
>>> Not yet ready. There is a backlog from last week which we need to work
>>> on. I'll let you know when it is ready. I'd guess tomorrow or
>>> Wednesday, based on discussion this morning. Let's then see if it
>>> really solves the problem for you - I guess so but would like to have
>>> proof.
>>>
>>> Rainer
>>> >
>>> > Please, advise. Thank you.
>>> >
>>> > ~ Mike
>>> >
>>> >
>>> >
>>> > On Fri, Oct 27, 2017 at 10:48 AM, Rainer Gerhards <
>>> rgerha...@hq.adiscon.com>
>>> > wrote:
>>> >
>>> >> 2017-10-27 17:32 GMT+02:00 Mike Schleif :
>>> >> > Rainer,
>>> >> >
>>> >> > I'd much prefer if you can build the test RPM, like was done for
>>> >> 8.30.0.1.
>>> >> > This is a critical Production host, and it's not easy scheduling it
>>> for
>>> >> > multiple reboots. That, and I'm rather rusty at compiling right the
>>> first
>>> >> > time ...;-)
>>> >>
>>> >> No problem, but it'lk probably take a week or so (next week is a
>>> >> mega-public holiay week over here in Germany and we have thight
>>> >> ressources). I'd also like to fully complete the patch before going
>>> >> through a package build.
>>> >>
>>> >> Please also subscribe to the issue tracker if you have not yet done.
>>> >> When it is closed, you know it is merged - just in case I forget to
>>> >> notify via this mail.
>>> >>
>>> >> Thx,
>>> >> Rainer
>>> >> >
>>> >> > ~ Mike
>>> >> >
>>> >> >
>>> >> > On Fri, Oct 27, 2017 at 9:56 AM, Rainer Gerhards <
>>> >> rgerha...@hq.adiscon.com>
>>> >> > wrote:
>>> >> >
>>> >> >> I think we have a fix now. It's already mentioned in the GitHub issue
>>> >> >> tracker. Can you build from source and try it?
>>> >> >>
>>> >> >> Rainer
>>> >> >>
>>> >> >> Sent from phone, thus brief.
>>> >> >>
>>> >> >> Am 27.10.2017 16:46 schrieb "Mike Schleif" <
>>> >> mike+rsys...@mdsresource.net>:
>>> >> >>
>>> >> >> > Rainer,
>>> >> >> >
>>> >> >> > Please, advise status. Thank you.
>>> >> >> >
>>> >> >> > ~ Mike
>>> >> >> >
>>> >> >> >
>>> >> >> > On Tue, Oct 24, 2017 at 9:10 AM, Rainer Gerhards <
>>> >> >> rgerha...@hq.adiscon.com
>>> >> >> > >
>>> >> >> > wrote:
>>> >> >> >
>>> >> >> > > ok, thanks, we are getting closer:
>>> >> >> > >
>>> >> >> > > https://github.com/rsyslog/rsyslog/issues/1895
>>> >> >> > >
>>> >> >> > > While the question is why it get's an error in the first place,
>>> >> >> > > imjournal should definitely handle the situation more gracefully.
>>> >> Need
>>> >> >> > > to think/code and then need you to apply another test build.
>>> >> >> > >
>>> >> >> > > Rainer
>>>
>>
>>  
>> ___
>> rsyslog mailing list
>> http://lists.adiscon.net/mailman/listinfo/rsyslog
>> http://www.rsyslog.com/professional-services/
>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
>> sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T 
>> LIKE THAT.
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] Updates 8.29 -> 8.30 broke several logs

2017-11-13 Thread Mike Schleif

Rainer,

Please, advise status. Thank you.

On Mon, Nov 6, 2017 at 8:57 AM, Rainer Gerhards 
wrote:

> thanks for following up!
>
> 2017-11-06 15:54 GMT+01:00 Mike Schleif :
> > Rainer,
> >
> > I see that you closed #1895 yesterday.
> >
> > Does this mean that there is something for us to test now?
>
> Yup. FYI: I closed because I think it is fixed and keeping the PR open
> any longer causes grief with CI integration. Too many changes going on
> in parallel. If it doesn't work out, we can fix anyway.
> >
> > Where is it?
>
> Not yet ready. There is a backlog from last week which we need to work
> on. I'll let you know when it is ready. I'd guess tomorrow or
> Wednesday, based on discussion this morning. Let's then see if it
> really solves the problem for you - I guess so but would like to have
> proof.
>
> Rainer
> >
> > Please, advise. Thank you.
> >
> > ~ Mike
> >
> >
> >
> > On Fri, Oct 27, 2017 at 10:48 AM, Rainer Gerhards <
> rgerha...@hq.adiscon.com>
> > wrote:
> >
> >> 2017-10-27 17:32 GMT+02:00 Mike Schleif :
> >> > Rainer,
> >> >
> >> > I'd much prefer if you can build the test RPM, like was done for
> >> 8.30.0.1.
> >> > This is a critical Production host, and it's not easy scheduling it
> for
> >> > multiple reboots. That, and I'm rather rusty at compiling right the
> first
> >> > time ...;-)
> >>
> >> No problem, but it'lk probably take a week or so (next week is a
> >> mega-public holiay week over here in Germany and we have thight
> >> ressources). I'd also like to fully complete the patch before going
> >> through a package build.
> >>
> >> Please also subscribe to the issue tracker if you have not yet done.
> >> When it is closed, you know it is merged - just in case I forget to
> >> notify via this mail.
> >>
> >> Thx,
> >> Rainer
> >> >
> >> > ~ Mike
> >> >
> >> >
> >> > On Fri, Oct 27, 2017 at 9:56 AM, Rainer Gerhards <
> >> rgerha...@hq.adiscon.com>
> >> > wrote:
> >> >
> >> >> I think we have a fix now. It's already mentioned in the GitHub issue
> >> >> tracker. Can you build from source and try it?
> >> >>
> >> >> Rainer
> >> >>
> >> >> Sent from phone, thus brief.
> >> >>
> >> >> Am 27.10.2017 16:46 schrieb "Mike Schleif" <
> >> mike+rsys...@mdsresource.net>:
> >> >>
> >> >> > Rainer,
> >> >> >
> >> >> > Please, advise status. Thank you.
> >> >> >
> >> >> > ~ Mike
> >> >> >
> >> >> >
> >> >> > On Tue, Oct 24, 2017 at 9:10 AM, Rainer Gerhards <
> >> >> rgerha...@hq.adiscon.com
> >> >> > >
> >> >> > wrote:
> >> >> >
> >> >> > > ok, thanks, we are getting closer:
> >> >> > >
> >> >> > > https://github.com/rsyslog/rsyslog/issues/1895
> >> >> > >
> >> >> > > While the question is why it get's an error in the first place,
> >> >> > > imjournal should definitely handle the situation more gracefully.
> >> Need
> >> >> > > to think/code and then need you to apply another test build.
> >> >> > >
> >> >> > > Rainer
>

 
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] Updates 8.29 -> 8.30 broke several logs

2017-11-06 Thread Rainer Gerhards

thanks for following up!

2017-11-06 15:54 GMT+01:00 Mike Schleif :
> Rainer,
>
> I see that you closed #1895 yesterday.
>
> Does this mean that there is something for us to test now?

Yup. FYI: I closed because I think it is fixed and keeping the PR open
any longer causes grief with CI integration. Too many changes going on
in parallel. If it doesn't work out, we can fix anyway.
>
> Where is it?

Not yet ready. There is a backlog from last week which we need to work
on. I'll let you know when it is ready. I'd guess tomorrow or
Wednesday, based on discussion this morning. Let's then see if it
really solves the problem for you - I guess so but would like to have
proof.

Rainer
>
> Please, advise. Thank you.
>
> ~ Mike
>
>
>
> On Fri, Oct 27, 2017 at 10:48 AM, Rainer Gerhards 
> wrote:
>
>> 2017-10-27 17:32 GMT+02:00 Mike Schleif :
>> > Rainer,
>> >
>> > I'd much prefer if you can build the test RPM, like was done for
>> 8.30.0.1.
>> > This is a critical Production host, and it's not easy scheduling it for
>> > multiple reboots. That, and I'm rather rusty at compiling right the first
>> > time ...;-)
>>
>> No problem, but it'lk probably take a week or so (next week is a
>> mega-public holiay week over here in Germany and we have thight
>> ressources). I'd also like to fully complete the patch before going
>> through a package build.
>>
>> Please also subscribe to the issue tracker if you have not yet done.
>> When it is closed, you know it is merged - just in case I forget to
>> notify via this mail.
>>
>> Thx,
>> Rainer
>> >
>> > ~ Mike
>> >
>> >
>> > On Fri, Oct 27, 2017 at 9:56 AM, Rainer Gerhards <
>> rgerha...@hq.adiscon.com>
>> > wrote:
>> >
>> >> I think we have a fix now. It's already mentioned in the GitHub issue
>> >> tracker. Can you build from source and try it?
>> >>
>> >> Rainer
>> >>
>> >> Sent from phone, thus brief.
>> >>
>> >> Am 27.10.2017 16:46 schrieb "Mike Schleif" <
>> mike+rsys...@mdsresource.net>:
>> >>
>> >> > Rainer,
>> >> >
>> >> > Please, advise status. Thank you.
>> >> >
>> >> > ~ Mike
>> >> >
>> >> >
>> >> > On Tue, Oct 24, 2017 at 9:10 AM, Rainer Gerhards <
>> >> rgerha...@hq.adiscon.com
>> >> > >
>> >> > wrote:
>> >> >
>> >> > > ok, thanks, we are getting closer:
>> >> > >
>> >> > > https://github.com/rsyslog/rsyslog/issues/1895
>> >> > >
>> >> > > While the question is why it get's an error in the first place,
>> >> > > imjournal should definitely handle the situation more gracefully.
>> Need
>> >> > > to think/code and then need you to apply another test build.
>> >> > >
>> >> > > Rainer
>> >> >
>> >> >
>> >> >
>>
>
> 
> ___
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
> sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T 
> LIKE THAT.
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] Updates 8.29 -> 8.30 broke several logs

2017-11-06 Thread Mike Schleif

Rainer,

I see that you closed #1895 yesterday.

Does this mean that there is something for us to test now?

Where is it?

Please, advise. Thank you.

~ Mike



On Fri, Oct 27, 2017 at 10:48 AM, Rainer Gerhards 
wrote:

> 2017-10-27 17:32 GMT+02:00 Mike Schleif :
> > Rainer,
> >
> > I'd much prefer if you can build the test RPM, like was done for
> 8.30.0.1.
> > This is a critical Production host, and it's not easy scheduling it for
> > multiple reboots. That, and I'm rather rusty at compiling right the first
> > time ...;-)
>
> No problem, but it'lk probably take a week or so (next week is a
> mega-public holiay week over here in Germany and we have thight
> ressources). I'd also like to fully complete the patch before going
> through a package build.
>
> Please also subscribe to the issue tracker if you have not yet done.
> When it is closed, you know it is merged - just in case I forget to
> notify via this mail.
>
> Thx,
> Rainer
> >
> > ~ Mike
> >
> >
> > On Fri, Oct 27, 2017 at 9:56 AM, Rainer Gerhards <
> rgerha...@hq.adiscon.com>
> > wrote:
> >
> >> I think we have a fix now. It's already mentioned in the GitHub issue
> >> tracker. Can you build from source and try it?
> >>
> >> Rainer
> >>
> >> Sent from phone, thus brief.
> >>
> >> Am 27.10.2017 16:46 schrieb "Mike Schleif" <
> mike+rsys...@mdsresource.net>:
> >>
> >> > Rainer,
> >> >
> >> > Please, advise status. Thank you.
> >> >
> >> > ~ Mike
> >> >
> >> >
> >> > On Tue, Oct 24, 2017 at 9:10 AM, Rainer Gerhards <
> >> rgerha...@hq.adiscon.com
> >> > >
> >> > wrote:
> >> >
> >> > > ok, thanks, we are getting closer:
> >> > >
> >> > > https://github.com/rsyslog/rsyslog/issues/1895
> >> > >
> >> > > While the question is why it get's an error in the first place,
> >> > > imjournal should definitely handle the situation more gracefully.
> Need
> >> > > to think/code and then need you to apply another test build.
> >> > >
> >> > > Rainer
> >> >
> >> >
> >> >
>


___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] Updates 8.29 -> 8.30 broke several logs

2017-10-27 Thread Rainer Gerhards

2017-10-27 17:32 GMT+02:00 Mike Schleif :
> Rainer,
>
> I'd much prefer if you can build the test RPM, like was done for 8.30.0.1.
> This is a critical Production host, and it's not easy scheduling it for
> multiple reboots. That, and I'm rather rusty at compiling right the first
> time ...;-)

No problem, but it'lk probably take a week or so (next week is a
mega-public holiay week over here in Germany and we have thight
ressources). I'd also like to fully complete the patch before going
through a package build.

Please also subscribe to the issue tracker if you have not yet done.
When it is closed, you know it is merged - just in case I forget to
notify via this mail.

Thx,
Rainer
>
> ~ Mike
>
>
> On Fri, Oct 27, 2017 at 9:56 AM, Rainer Gerhards 
> wrote:
>
>> I think we have a fix now. It's already mentioned in the GitHub issue
>> tracker. Can you build from source and try it?
>>
>> Rainer
>>
>> Sent from phone, thus brief.
>>
>> Am 27.10.2017 16:46 schrieb "Mike Schleif" :
>>
>> > Rainer,
>> >
>> > Please, advise status. Thank you.
>> >
>> > ~ Mike
>> >
>> >
>> > On Tue, Oct 24, 2017 at 9:10 AM, Rainer Gerhards <
>> rgerha...@hq.adiscon.com
>> > >
>> > wrote:
>> >
>> > > ok, thanks, we are getting closer:
>> > >
>> > > https://github.com/rsyslog/rsyslog/issues/1895
>> > >
>> > > While the question is why it get's an error in the first place,
>> > > imjournal should definitely handle the situation more gracefully. Need
>> > > to think/code and then need you to apply another test build.
>> > >
>> > > Rainer
>> >
>> >
>> >
>> > 
>> > >
>> > ___
>> > > rsyslog mailing list
>> > > http://lists.adiscon.net/mailman/listinfo/rsyslog
>> > > http://www.rsyslog.com/professional-services/
>> > > What's up with rsyslog? Follow https://twitter.com/rgerhards
>> > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
>> myriad
>> > > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
>> > > DON'T LIKE THAT.
>> > >
>> > ___
>> > rsyslog mailing list
>> > http://lists.adiscon.net/mailman/listinfo/rsyslog
>> > http://www.rsyslog.com/professional-services/
>> > What's up with rsyslog? Follow https://twitter.com/rgerhards
>> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
>> > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
>> > DON'T LIKE THAT.
>> >
>> ___
>> rsyslog mailing list
>> http://lists.adiscon.net/mailman/listinfo/rsyslog
>> http://www.rsyslog.com/professional-services/
>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
>> DON'T LIKE THAT.
>>
> ___
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
> sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T 
> LIKE THAT.
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] Updates 8.29 -> 8.30 broke several logs

2017-10-27 Thread Mike Schleif

Rainer,

I'd much prefer if you can build the test RPM, like was done for 8.30.0.1.
This is a critical Production host, and it's not easy scheduling it for
multiple reboots. That, and I'm rather rusty at compiling right the first
time ...;-)

~ Mike


On Fri, Oct 27, 2017 at 9:56 AM, Rainer Gerhards 
wrote:

> I think we have a fix now. It's already mentioned in the GitHub issue
> tracker. Can you build from source and try it?
>
> Rainer
>
> Sent from phone, thus brief.
>
> Am 27.10.2017 16:46 schrieb "Mike Schleif" :
>
> > Rainer,
> >
> > Please, advise status. Thank you.
> >
> > ~ Mike
> >
> >
> > On Tue, Oct 24, 2017 at 9:10 AM, Rainer Gerhards <
> rgerha...@hq.adiscon.com
> > >
> > wrote:
> >
> > > ok, thanks, we are getting closer:
> > >
> > > https://github.com/rsyslog/rsyslog/issues/1895
> > >
> > > While the question is why it get's an error in the first place,
> > > imjournal should definitely handle the situation more gracefully. Need
> > > to think/code and then need you to apply another test build.
> > >
> > > Rainer
> >
> >
> >
> > 
> > >
> > ___
> > > rsyslog mailing list
> > > http://lists.adiscon.net/mailman/listinfo/rsyslog
> > > http://www.rsyslog.com/professional-services/
> > > What's up with rsyslog? Follow https://twitter.com/rgerhards
> > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
> myriad
> > > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> > > DON'T LIKE THAT.
> > >
> > ___
> > rsyslog mailing list
> > http://lists.adiscon.net/mailman/listinfo/rsyslog
> > http://www.rsyslog.com/professional-services/
> > What's up with rsyslog? Follow https://twitter.com/rgerhards
> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
> > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> > DON'T LIKE THAT.
> >
> ___
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> DON'T LIKE THAT.
>
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] Updates 8.29 -> 8.30 broke several logs

2017-10-27 Thread Rainer Gerhards

I think we have a fix now. It's already mentioned in the GitHub issue
tracker. Can you build from source and try it?

Rainer

Sent from phone, thus brief.

Am 27.10.2017 16:46 schrieb "Mike Schleif" :

> Rainer,
>
> Please, advise status. Thank you.
>
> ~ Mike
>
>
> On Tue, Oct 24, 2017 at 9:10 AM, Rainer Gerhards  >
> wrote:
>
> > ok, thanks, we are getting closer:
> >
> > https://github.com/rsyslog/rsyslog/issues/1895
> >
> > While the question is why it get's an error in the first place,
> > imjournal should definitely handle the situation more gracefully. Need
> > to think/code and then need you to apply another test build.
> >
> > Rainer
>
>
>
> 
> >
> ___
> > rsyslog mailing list
> > http://lists.adiscon.net/mailman/listinfo/rsyslog
> > http://www.rsyslog.com/professional-services/
> > What's up with rsyslog? Follow https://twitter.com/rgerhards
> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
> > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> > DON'T LIKE THAT.
> >
> ___
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> DON'T LIKE THAT.
>
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] Updates 8.29 -> 8.30 broke several logs

2017-10-27 Thread Mike Schleif

Rainer,

Please, advise status. Thank you.

~ Mike


On Tue, Oct 24, 2017 at 9:10 AM, Rainer Gerhards 
wrote:

> ok, thanks, we are getting closer:
>
> https://github.com/rsyslog/rsyslog/issues/1895
>
> While the question is why it get's an error in the first place,
> imjournal should definitely handle the situation more gracefully. Need
> to think/code and then need you to apply another test build.
>
> Rainer




>
___
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> DON'T LIKE THAT.
>
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] Updates 8.29 -> 8.30 broke several logs

2017-10-24 Thread Rainer Gerhards

ok, thanks, we are getting closer:

https://github.com/rsyslog/rsyslog/issues/1895

While the question is why it get's an error in the first place,
imjournal should definitely handle the situation more gracefully. Need
to think/code and then need you to apply another test build.

Rainer

2017-10-24 15:52 GMT+02:00 Mike Schleif :
> Rainer,
>
> 8.30.0.1 debug attached.
>
> Again, mod conf -> yum update -> reboot -> run 5 minutes -> mod conf -> yum
> backout -> reboot
>
> 2277.071366788 - boot complete
> 2585.606457787 - yum backout process
>
> NO logs were written during that 5 minutes, except lastlog and wtmp.
>
> Does this work for you?
>
> ~ Mike
>
>
>
> On Fri, Oct 20, 2017 at 11:05 AM, Rainer Gerhards 
> wrote:
>
>> 2017-10-20 15:20 GMT+02:00 Mike Schleif :
>> > Rainer,
>> >
>> > Attached is the debug log for the working rsyslog (8.29), delimited by
>> > reboots on both ends.
>> >
>> > NOTE: 4419.335959863 - boot complete
>> > 4720.680124293 - immediately after reboot Enter
>>
>> OK, here we do not have the journal error. So I think that's the root
>> cause. We now need to find out what the journal error really is. To do
>> so, I asked Florian today to build a special package for you. You need
>> this repo:
>>
>> [rsyslog_testing]
>> name=Adiscon CentOS-$releasever - Only for Testing Packages
>> baseurl=http://rpms.adiscon.com/testing/epel-$releasever/$basearch
>> enabled=1
>> gpgcheck=1
>> gpgkey=http://rpms.adiscon.com/RPM-GPG-KEY-Adiscon
>> protect=1
>>
>> It contains rsyslog 8.30.0.1, which has a fix to make imjournal emit
>> the real error.
>>
>> Please start it up under debug logging. It should fail as before but
>> emit a better error message.
>>
>> >
>> > Regarding "error messages rsyslog emits" - I'm unclear about which
>> messages
>> > you reference. Are you referring to /var/log/messages lines, such as
>> > following?
>> > Oct 20 07:57:02 hermes rsyslogd[21862]: -- MARK --
>>
>> I guess you use OS default and the OS default is to throw them away :-(
>>
>> Anyhow, you should see the messages inside the journal as well.
>> Assuming that the rsyslog service file is "rsyslog.service", you can
>> use the following command to get the data from the journal:
>> $ journalctl -u rsyslog.service
>>
>> The status info also includes the last couple of messages:
>> $ systemctl status rsyslog.service
>>
>> Let me know if that works for you. Please also provide me the debug
>> log with the special version we crafted for you.
>>
>> Rainer
>> >
>> > ~ Mike
>> >
>> >
>> > On Fri, Oct 20, 2017 at 1:37 AM, Rainer Gerhards <
>> rgerha...@hq.adiscon.com>
>> > wrote:
>> >
>> >> Mike,
>> >>
>> >> question: do you look at the error messages rsyslog emits? Or do you
>> >> throw them away (many distros do that by default)? I am asking because
>> >> I went through the debug log with the new information you gave. I see
>> >> these errors emitted by rsyslog's imjournal:
>> >> ```
>> >> 'imjournal: couldn't seek to cursor
>> >> `s=dec6d981bf5647a2b6b7970597e4471d;i=455;b=
>> b05da23ccaf04159888a0615326154
>> >> 02;m=1337f528;t=55be6afe2d949;x=965813e66f54721f
>> >> sd_journal_next() failed: 'Success'
>> >> ```
>> >> The second one is strange and most probably the root cause of the
>> >> missing information.
>> >>
>> >> Will be very interested to see what the log with the older version
>> shows.
>> >>
>> >> In general, I strongly suggest to have a look at rsyslog error
>> >> messages, these can considerably ease your life ;-)
>> >>
>> >> Rainer
>> >>
>> >> 2017-10-19 21:23 GMT+02:00 Rainer Gerhards :
>> >> > It would be great to have it as similar as possible.
>> >> >
>> >> > Sent from phone, thus brief.
>> >> >
>> >> > Am 19.10.2017 20:57 schrieb "Mike Schleif" <
>> mike+rsys...@mdsresource.net
>> >> >:
>> >> >>
>> >> >> Rainer,
>> >> >>
>> >> >> Yes, I respect your time. Since it is running with 8.29, I can keep
>> this
>> >> >> running as-is for a week or so; but, I do need the update fixes asap.
>> >> >>
>> >> >> For debug log from working system, do you need any system reboot?
>> >> >>
>> >> >> If not, I can turn on debug in rsyslog.conf, then simple restart
>> >> rsyslogd.
>> >> >>
>> >> >> Please, advise. Thank you.
>> >> >>
>> >> >> ~ Mike
>> >> >>
>> >> >>
>> >> >>
>> >> >> On Thu, Oct 19, 2017 at 1:35 PM, Rainer Gerhards
>> >> >> 
>> >> >> wrote:
>> >> >>
>> >> >> > I think David can probably answer that better. You need to check
>> >> systemd
>> >> >> > and journal conf.
>> >> >> >
>> >> >> > But you said it works with an older version. Can you create a Debug
>> >> log
>> >> >> > with that one as well so that I can compare? That would probably be
>> >> >> > useful.
>> >> >> > Again (due to time zone differences) I can look at this at
>> earliest in
>> >> >> > roughly 12 hours - depending on what work has waiting for me in the
>> >> >> > morning. Having both logs by

Re: [rsyslog] Updates 8.29 -> 8.30 broke several logs

2017-10-20 Thread Rainer Gerhards

2017-10-20 15:20 GMT+02:00 Mike Schleif :
> Rainer,
>
> Attached is the debug log for the working rsyslog (8.29), delimited by
> reboots on both ends.
>
> NOTE: 4419.335959863 - boot complete
> 4720.680124293 - immediately after reboot Enter

OK, here we do not have the journal error. So I think that's the root
cause. We now need to find out what the journal error really is. To do
so, I asked Florian today to build a special package for you. You need
this repo:

[rsyslog_testing]
name=Adiscon CentOS-$releasever - Only for Testing Packages
baseurl=http://rpms.adiscon.com/testing/epel-$releasever/$basearch
enabled=1
gpgcheck=1
gpgkey=http://rpms.adiscon.com/RPM-GPG-KEY-Adiscon
protect=1

It contains rsyslog 8.30.0.1, which has a fix to make imjournal emit
the real error.

Please start it up under debug logging. It should fail as before but
emit a better error message.

>
> Regarding "error messages rsyslog emits" - I'm unclear about which messages
> you reference. Are you referring to /var/log/messages lines, such as
> following?
> Oct 20 07:57:02 hermes rsyslogd[21862]: -- MARK --

I guess you use OS default and the OS default is to throw them away :-(

Anyhow, you should see the messages inside the journal as well.
Assuming that the rsyslog service file is "rsyslog.service", you can
use the following command to get the data from the journal:
$ journalctl -u rsyslog.service

The status info also includes the last couple of messages:
$ systemctl status rsyslog.service

Let me know if that works for you. Please also provide me the debug
log with the special version we crafted for you.

Rainer
>
> ~ Mike
>
>
> On Fri, Oct 20, 2017 at 1:37 AM, Rainer Gerhards 
> wrote:
>
>> Mike,
>>
>> question: do you look at the error messages rsyslog emits? Or do you
>> throw them away (many distros do that by default)? I am asking because
>> I went through the debug log with the new information you gave. I see
>> these errors emitted by rsyslog's imjournal:
>> ```
>> 'imjournal: couldn't seek to cursor
>> `s=dec6d981bf5647a2b6b7970597e4471d;i=455;b=b05da23ccaf04159888a0615326154
>> 02;m=1337f528;t=55be6afe2d949;x=965813e66f54721f
>> sd_journal_next() failed: 'Success'
>> ```
>> The second one is strange and most probably the root cause of the
>> missing information.
>>
>> Will be very interested to see what the log with the older version shows.
>>
>> In general, I strongly suggest to have a look at rsyslog error
>> messages, these can considerably ease your life ;-)
>>
>> Rainer
>>
>> 2017-10-19 21:23 GMT+02:00 Rainer Gerhards :
>> > It would be great to have it as similar as possible.
>> >
>> > Sent from phone, thus brief.
>> >
>> > Am 19.10.2017 20:57 schrieb "Mike Schleif" > >:
>> >>
>> >> Rainer,
>> >>
>> >> Yes, I respect your time. Since it is running with 8.29, I can keep this
>> >> running as-is for a week or so; but, I do need the update fixes asap.
>> >>
>> >> For debug log from working system, do you need any system reboot?
>> >>
>> >> If not, I can turn on debug in rsyslog.conf, then simple restart
>> rsyslogd.
>> >>
>> >> Please, advise. Thank you.
>> >>
>> >> ~ Mike
>> >>
>> >>
>> >>
>> >> On Thu, Oct 19, 2017 at 1:35 PM, Rainer Gerhards
>> >> 
>> >> wrote:
>> >>
>> >> > I think David can probably answer that better. You need to check
>> systemd
>> >> > and journal conf.
>> >> >
>> >> > But you said it works with an older version. Can you create a Debug
>> log
>> >> > with that one as well so that I can compare? That would probably be
>> >> > useful.
>> >> > Again (due to time zone differences) I can look at this at earliest in
>> >> > roughly 12 hours - depending on what work has waiting for me in the
>> >> > morning. Having both logs by then would definitely be a plus.
>> >> >
>> >> > Rainer
>> >> >
>> >> > Sent from phone, thus brief.
>> >> >
>> >> > Am 19.10.2017 20:24 schrieb "Mike Schleif"
>> >> > :
>> >> >
>> >> > > Rainer,
>> >> > >
>> >> > > Apparently, I wasn't explicit enough when submitting the debug log.
>> >> > >
>> >> > > You asked: Did something (systemd) steal the log socket?
>> >> > >
>> >> > > I don't know. How could I know? How can I find out?
>> >> > >
>> >> > > Please, advise. Thank you.
>> >> > >
>> >> > > ~ Mike
>> >> > >
>> >> > >
>> >> > > On Thu, Oct 19, 2017 at 1:18 PM, Rainer Gerhards <
>> >> > rgerha...@hq.adiscon.com
>> >> > > >
>> >> > > wrote:
>> >> > >
>> >> > > > Well it would have helped to have this information before wading
>> >> > through
>> >> > > > the log ;-). Now it needs to wait till tomorrow or Monday.
>> >> > > >
>> >> > > > Did something (systemd) steal the log socket?
>> >> > > >
>> >> > > > Räuber
>> >> > > >
>> >> > > > Sent from phone, thus brief.
>> >> > > >
>> >> > > > Am 19.10.2017 19:53 schrieb "Mike Schleif" <
>> >> > mike+rsys...@mdsresource.net
>> >> > > >:
>> >> > > >
>> >>

Re: [rsyslog] Updates 8.29 -> 8.30 broke several logs

2017-10-20 Thread Mike Schleif

Earlier this year, I posted about our problem with this host, and delayed
writes to Mysql databases. I noted, at that time, this imjournal error, as
well as intermittent cached files in WorkDirectory for these ommysql queues.

After initial queries from the list, I answered, and received no answers.
We continues to struggle with fifteen (15) minute db write delays
periodically throughout the day.

Interestingly enough, yesterday and today, after boot up, the queue files
are there again:

# ls -alrt /var/lib/rsyslog/
total 840
drwxr-xr-x. 34 root root   4096 Oct  3 11:30 ..
-rw---   1 root root 406707 Oct 20 08:06 ZenossQueue.0001
-rw---   1 root root 442098 Oct 20 08:06 SIEMQueue.0001
-rw---   1 root root121 Oct 20 08:17 imjournal.state
drwx--.  2 root root 80 Oct 20 08:17 .

# /bin/systemctl restart rsyslog

# ls -alrt /var/lib/rsyslog/
total 8
drwxr-xr-x. 34 root root 4096 Oct  3 11:30 ..
-rw---   1 root root  121 Oct 20 08:17 imjournal.state
drwx--.  2 root root   28 Oct 20 08:17 .


Please, advise. Thank you.

~ Mike



On Fri, Oct 20, 2017 at 1:37 AM, Rainer Gerhards 
wrote:

> Mike,
>
> question: do you look at the error messages rsyslog emits? Or do you
> throw them away (many distros do that by default)? I am asking because
> I went through the debug log with the new information you gave. I see
> these errors emitted by rsyslog's imjournal:
> ```
> 'imjournal: couldn't seek to cursor
> `s=dec6d981bf5647a2b6b7970597e4471d;i=455;b=b05da23ccaf04159888a0615326154
> 02;m=1337f528;t=55be6afe2d949;x=965813e66f54721f
> sd_journal_next() failed: 'Success'
> ```
> The second one is strange and most probably the root cause of the
> missing information.
>
> Will be very interested to see what the log with the older version shows.
>
> In general, I strongly suggest to have a look at rsyslog error
> messages, these can considerably ease your life ;-)
>
> Rainer
>
> 2017-10-19 21:23 GMT+02:00 Rainer Gerhards :
> > It would be great to have it as similar as possible.
> >
> > Sent from phone, thus brief.
> >
> > Am 19.10.2017 20:57 schrieb "Mike Schleif"  >:
> >>
> >> Rainer,
> >>
> >> Yes, I respect your time. Since it is running with 8.29, I can keep this
> >> running as-is for a week or so; but, I do need the update fixes asap.
> >>
> >> For debug log from working system, do you need any system reboot?
> >>
> >> If not, I can turn on debug in rsyslog.conf, then simple restart
> rsyslogd.
> >>
> >> Please, advise. Thank you.
> >>
> >> ~ Mike
> >>
> >>
> >>
> >> On Thu, Oct 19, 2017 at 1:35 PM, Rainer Gerhards
> >> 
> >> wrote:
> >>
> >> > I think David can probably answer that better. You need to check
> systemd
> >> > and journal conf.
> >> >
> >> > But you said it works with an older version. Can you create a Debug
> log
> >> > with that one as well so that I can compare? That would probably be
> >> > useful.
> >> > Again (due to time zone differences) I can look at this at earliest in
> >> > roughly 12 hours - depending on what work has waiting for me in the
> >> > morning. Having both logs by then would definitely be a plus.
> >> >
> >> > Rainer
> >> >
> >> > Sent from phone, thus brief.
> >> >
> >> > Am 19.10.2017 20:24 schrieb "Mike Schleif"
> >> > :
> >> >
> >> > > Rainer,
> >> > >
> >> > > Apparently, I wasn't explicit enough when submitting the debug log.
> >> > >
> >> > > You asked: Did something (systemd) steal the log socket?
> >> > >
> >> > > I don't know. How could I know? How can I find out?
> >> > >
> >> > > Please, advise. Thank you.
> >> > >
> >> > > ~ Mike
> >> > >
> >> > >
> >> > > On Thu, Oct 19, 2017 at 1:18 PM, Rainer Gerhards <
> >> > rgerha...@hq.adiscon.com
> >> > > >
> >> > > wrote:
> >> > >
> >> > > > Well it would have helped to have this information before wading
> >> > through
> >> > > > the log ;-). Now it needs to wait till tomorrow or Monday.
> >> > > >
> >> > > > Did something (systemd) steal the log socket?
> >> > > >
> >> > > > Räuber
> >> > > >
> >> > > > Sent from phone, thus brief.
> >> > > >
> >> > > > Am 19.10.2017 19:53 schrieb "Mike Schleif" <
> >> > mike+rsys...@mdsresource.net
> >> > > >:
> >> > > >
> >> > > > > Look at line: 32697 - That is the LAST line of debug as the
> system
> >> > > booted
> >> > > > > up.
> >> > > > >
> >> > > > > Now, look at the next line: 32698 - That is the first line after
> >> > > > > the
> >> > > > > sysadmin pressed Enter after typing "reboot."
> >> > > > >
> >> > > > > I don't understand the time encoding prior to the first colon
> (:)
> >> > > > > of
> >> > > each
> >> > > > > line; but, this host was up for ten (10) minutes or more before
> >> > backing
> >> > > > out
> >> > > > > of the update patches and reboot.
> >> > > > >
> >> > > > > How can I provide missing messages, when they are missing?
> >> > > > >
> >> > > > > The only way to get to this host

Re: [rsyslog] Updates 8.29 -> 8.30 broke several logs

2017-10-20 Thread Rainer Gerhards

FYI: created https://github.com/rsyslog/rsyslog/issues/1867

2017-10-20 8:37 GMT+02:00 Rainer Gerhards :
> Mike,
>
> question: do you look at the error messages rsyslog emits? Or do you
> throw them away (many distros do that by default)? I am asking because
> I went through the debug log with the new information you gave. I see
> these errors emitted by rsyslog's imjournal:
> ```
> 'imjournal: couldn't seek to cursor
> `s=dec6d981bf5647a2b6b7970597e4471d;i=455;b=b05da23ccaf04159888a061532615402;m=1337f528;t=55be6afe2d949;x=965813e66f54721f
> sd_journal_next() failed: 'Success'
> ```
> The second one is strange and most probably the root cause of the
> missing information.
>
> Will be very interested to see what the log with the older version shows.
>
> In general, I strongly suggest to have a look at rsyslog error
> messages, these can considerably ease your life ;-)
>
> Rainer
>
> 2017-10-19 21:23 GMT+02:00 Rainer Gerhards :
>> It would be great to have it as similar as possible.
>>
>> Sent from phone, thus brief.
>>
>> Am 19.10.2017 20:57 schrieb "Mike Schleif" :
>>>
>>> Rainer,
>>>
>>> Yes, I respect your time. Since it is running with 8.29, I can keep this
>>> running as-is for a week or so; but, I do need the update fixes asap.
>>>
>>> For debug log from working system, do you need any system reboot?
>>>
>>> If not, I can turn on debug in rsyslog.conf, then simple restart rsyslogd.
>>>
>>> Please, advise. Thank you.
>>>
>>> ~ Mike
>>>
>>>
>>>
>>> On Thu, Oct 19, 2017 at 1:35 PM, Rainer Gerhards
>>> 
>>> wrote:
>>>
>>> > I think David can probably answer that better. You need to check systemd
>>> > and journal conf.
>>> >
>>> > But you said it works with an older version. Can you create a Debug log
>>> > with that one as well so that I can compare? That would probably be
>>> > useful.
>>> > Again (due to time zone differences) I can look at this at earliest in
>>> > roughly 12 hours - depending on what work has waiting for me in the
>>> > morning. Having both logs by then would definitely be a plus.
>>> >
>>> > Rainer
>>> >
>>> > Sent from phone, thus brief.
>>> >
>>> > Am 19.10.2017 20:24 schrieb "Mike Schleif"
>>> > :
>>> >
>>> > > Rainer,
>>> > >
>>> > > Apparently, I wasn't explicit enough when submitting the debug log.
>>> > >
>>> > > You asked: Did something (systemd) steal the log socket?
>>> > >
>>> > > I don't know. How could I know? How can I find out?
>>> > >
>>> > > Please, advise. Thank you.
>>> > >
>>> > > ~ Mike
>>> > >
>>> > >
>>> > > On Thu, Oct 19, 2017 at 1:18 PM, Rainer Gerhards <
>>> > rgerha...@hq.adiscon.com
>>> > > >
>>> > > wrote:
>>> > >
>>> > > > Well it would have helped to have this information before wading
>>> > through
>>> > > > the log ;-). Now it needs to wait till tomorrow or Monday.
>>> > > >
>>> > > > Did something (systemd) steal the log socket?
>>> > > >
>>> > > > Räuber
>>> > > >
>>> > > > Sent from phone, thus brief.
>>> > > >
>>> > > > Am 19.10.2017 19:53 schrieb "Mike Schleif" <
>>> > mike+rsys...@mdsresource.net
>>> > > >:
>>> > > >
>>> > > > > Look at line: 32697 - That is the LAST line of debug as the system
>>> > > booted
>>> > > > > up.
>>> > > > >
>>> > > > > Now, look at the next line: 32698 - That is the first line after
>>> > > > > the
>>> > > > > sysadmin pressed Enter after typing "reboot."
>>> > > > >
>>> > > > > I don't understand the time encoding prior to the first colon (:)
>>> > > > > of
>>> > > each
>>> > > > > line; but, this host was up for ten (10) minutes or more before
>>> > backing
>>> > > > out
>>> > > > > of the update patches and reboot.
>>> > > > >
>>> > > > > How can I provide missing messages, when they are missing?
>>> > > > >
>>> > > > > The only way to get to this host is via SSH. During the period of
>>> > > > > the
>>> > > > debug
>>> > > > > log, another sysadmin and I logged onto that host at least three
>>> > > > > (3)
>>> > > > times
>>> > > > > each - not one write to /var/log/secure !?!?
>>> > > > >
>>> > > > > Yes, there are /var/log/* writes up until the system fully booted
>>> > > > > -
>>> > > then
>>> > > > > nothing - until sysadmin pressed Enter, more than ten (10) minutes
>>> > > later.
>>> > > > > The ONLY /var/log/ files to get written to during that period were
>>> > > > > /var/log/lastlog and /var/log/wtmp - NOT one other log was written
>>> > > > > to
>>> > > in
>>> > > > > more than ten (10) minutes ...
>>> > > > >
>>> > > > > Please, advise. Thank you.
>>> > > > >
>>> > > > > ~ Mike
>>> > > > >
>>> > > > >
>>> > > > >
>>> > > > > On Thu, Oct 19, 2017 at 12:32 PM, Rainer Gerhards <
>>> > > > > rgerha...@hq.adiscon.com>
>>> > > > > wrote:
>>> > > > >
>>> > > > > > 2017-10-19 16:14 GMT+02:00 Mike Schleif <
>>> > > mike+rsys...@mdsresource.net>
>>> > > > :
>>> > > > > > > Rainer,
>>> > > > > > >
>>> > > > > > > Debug attached. Full reboot follows each update and roll

Re: [rsyslog] Updates 8.29 -> 8.30 broke several logs

2017-10-20 Thread Rainer Gerhards

Mike,

question: do you look at the error messages rsyslog emits? Or do you
throw them away (many distros do that by default)? I am asking because
I went through the debug log with the new information you gave. I see
these errors emitted by rsyslog's imjournal:
```
'imjournal: couldn't seek to cursor
`s=dec6d981bf5647a2b6b7970597e4471d;i=455;b=b05da23ccaf04159888a061532615402;m=1337f528;t=55be6afe2d949;x=965813e66f54721f
sd_journal_next() failed: 'Success'
```
The second one is strange and most probably the root cause of the
missing information.

Will be very interested to see what the log with the older version shows.

In general, I strongly suggest to have a look at rsyslog error
messages, these can considerably ease your life ;-)

Rainer

2017-10-19 21:23 GMT+02:00 Rainer Gerhards :
> It would be great to have it as similar as possible.
>
> Sent from phone, thus brief.
>
> Am 19.10.2017 20:57 schrieb "Mike Schleif" :
>>
>> Rainer,
>>
>> Yes, I respect your time. Since it is running with 8.29, I can keep this
>> running as-is for a week or so; but, I do need the update fixes asap.
>>
>> For debug log from working system, do you need any system reboot?
>>
>> If not, I can turn on debug in rsyslog.conf, then simple restart rsyslogd.
>>
>> Please, advise. Thank you.
>>
>> ~ Mike
>>
>>
>>
>> On Thu, Oct 19, 2017 at 1:35 PM, Rainer Gerhards
>> 
>> wrote:
>>
>> > I think David can probably answer that better. You need to check systemd
>> > and journal conf.
>> >
>> > But you said it works with an older version. Can you create a Debug log
>> > with that one as well so that I can compare? That would probably be
>> > useful.
>> > Again (due to time zone differences) I can look at this at earliest in
>> > roughly 12 hours - depending on what work has waiting for me in the
>> > morning. Having both logs by then would definitely be a plus.
>> >
>> > Rainer
>> >
>> > Sent from phone, thus brief.
>> >
>> > Am 19.10.2017 20:24 schrieb "Mike Schleif"
>> > :
>> >
>> > > Rainer,
>> > >
>> > > Apparently, I wasn't explicit enough when submitting the debug log.
>> > >
>> > > You asked: Did something (systemd) steal the log socket?
>> > >
>> > > I don't know. How could I know? How can I find out?
>> > >
>> > > Please, advise. Thank you.
>> > >
>> > > ~ Mike
>> > >
>> > >
>> > > On Thu, Oct 19, 2017 at 1:18 PM, Rainer Gerhards <
>> > rgerha...@hq.adiscon.com
>> > > >
>> > > wrote:
>> > >
>> > > > Well it would have helped to have this information before wading
>> > through
>> > > > the log ;-). Now it needs to wait till tomorrow or Monday.
>> > > >
>> > > > Did something (systemd) steal the log socket?
>> > > >
>> > > > Räuber
>> > > >
>> > > > Sent from phone, thus brief.
>> > > >
>> > > > Am 19.10.2017 19:53 schrieb "Mike Schleif" <
>> > mike+rsys...@mdsresource.net
>> > > >:
>> > > >
>> > > > > Look at line: 32697 - That is the LAST line of debug as the system
>> > > booted
>> > > > > up.
>> > > > >
>> > > > > Now, look at the next line: 32698 - That is the first line after
>> > > > > the
>> > > > > sysadmin pressed Enter after typing "reboot."
>> > > > >
>> > > > > I don't understand the time encoding prior to the first colon (:)
>> > > > > of
>> > > each
>> > > > > line; but, this host was up for ten (10) minutes or more before
>> > backing
>> > > > out
>> > > > > of the update patches and reboot.
>> > > > >
>> > > > > How can I provide missing messages, when they are missing?
>> > > > >
>> > > > > The only way to get to this host is via SSH. During the period of
>> > > > > the
>> > > > debug
>> > > > > log, another sysadmin and I logged onto that host at least three
>> > > > > (3)
>> > > > times
>> > > > > each - not one write to /var/log/secure !?!?
>> > > > >
>> > > > > Yes, there are /var/log/* writes up until the system fully booted
>> > > > > -
>> > > then
>> > > > > nothing - until sysadmin pressed Enter, more than ten (10) minutes
>> > > later.
>> > > > > The ONLY /var/log/ files to get written to during that period were
>> > > > > /var/log/lastlog and /var/log/wtmp - NOT one other log was written
>> > > > > to
>> > > in
>> > > > > more than ten (10) minutes ...
>> > > > >
>> > > > > Please, advise. Thank you.
>> > > > >
>> > > > > ~ Mike
>> > > > >
>> > > > >
>> > > > >
>> > > > > On Thu, Oct 19, 2017 at 12:32 PM, Rainer Gerhards <
>> > > > > rgerha...@hq.adiscon.com>
>> > > > > wrote:
>> > > > >
>> > > > > > 2017-10-19 16:14 GMT+02:00 Mike Schleif <
>> > > mike+rsys...@mdsresource.net>
>> > > > :
>> > > > > > > Rainer,
>> > > > > > >
>> > > > > > > Debug attached. Full reboot follows each update and roll back.
>> > > > > > >
>> > > > > > > It looks like nothing under /var/log/ gets written to after
>> > reboot
>> > > > > > > complete, except lastlog and wtmp.
>> > > > > >
>> > > > > > mmhhh... I see at least writes to
>> > > > > >
>> > > > > > /var/log/messages:
>> > > > > > Reg/w0  : strm

Re: [rsyslog] Updates 8.29 -> 8.30 broke several logs

2017-10-19 Thread Rainer Gerhards

It would be great to have it as similar as possible.

Sent from phone, thus brief.

Am 19.10.2017 20:57 schrieb "Mike Schleif" :

> Rainer,
>
> Yes, I respect your time. Since it is running with 8.29, I can keep this
> running as-is for a week or so; but, I do need the update fixes asap.
>
> For debug log from working system, do you need any system reboot?
>
> If not, I can turn on debug in rsyslog.conf, then simple restart rsyslogd.
>
> Please, advise. Thank you.
>
> ~ Mike
>
>
>
> On Thu, Oct 19, 2017 at 1:35 PM, Rainer Gerhards  >
> wrote:
>
> > I think David can probably answer that better. You need to check systemd
> > and journal conf.
> >
> > But you said it works with an older version. Can you create a Debug log
> > with that one as well so that I can compare? That would probably be
> useful.
> > Again (due to time zone differences) I can look at this at earliest in
> > roughly 12 hours - depending on what work has waiting for me in the
> > morning. Having both logs by then would definitely be a plus.
> >
> > Rainer
> >
> > Sent from phone, thus brief.
> >
> > Am 19.10.2017 20:24 schrieb "Mike Schleif"  >:
> >
> > > Rainer,
> > >
> > > Apparently, I wasn't explicit enough when submitting the debug log.
> > >
> > > You asked: Did something (systemd) steal the log socket?
> > >
> > > I don't know. How could I know? How can I find out?
> > >
> > > Please, advise. Thank you.
> > >
> > > ~ Mike
> > >
> > >
> > > On Thu, Oct 19, 2017 at 1:18 PM, Rainer Gerhards <
> > rgerha...@hq.adiscon.com
> > > >
> > > wrote:
> > >
> > > > Well it would have helped to have this information before wading
> > through
> > > > the log ;-). Now it needs to wait till tomorrow or Monday.
> > > >
> > > > Did something (systemd) steal the log socket?
> > > >
> > > > Räuber
> > > >
> > > > Sent from phone, thus brief.
> > > >
> > > > Am 19.10.2017 19:53 schrieb "Mike Schleif" <
> > mike+rsys...@mdsresource.net
> > > >:
> > > >
> > > > > Look at line: 32697 - That is the LAST line of debug as the system
> > > booted
> > > > > up.
> > > > >
> > > > > Now, look at the next line: 32698 - That is the first line after
> the
> > > > > sysadmin pressed Enter after typing "reboot."
> > > > >
> > > > > I don't understand the time encoding prior to the first colon (:)
> of
> > > each
> > > > > line; but, this host was up for ten (10) minutes or more before
> > backing
> > > > out
> > > > > of the update patches and reboot.
> > > > >
> > > > > How can I provide missing messages, when they are missing?
> > > > >
> > > > > The only way to get to this host is via SSH. During the period of
> the
> > > > debug
> > > > > log, another sysadmin and I logged onto that host at least three
> (3)
> > > > times
> > > > > each - not one write to /var/log/secure !?!?
> > > > >
> > > > > Yes, there are /var/log/* writes up until the system fully booted -
> > > then
> > > > > nothing - until sysadmin pressed Enter, more than ten (10) minutes
> > > later.
> > > > > The ONLY /var/log/ files to get written to during that period were
> > > > > /var/log/lastlog and /var/log/wtmp - NOT one other log was written
> to
> > > in
> > > > > more than ten (10) minutes ...
> > > > >
> > > > > Please, advise. Thank you.
> > > > >
> > > > > ~ Mike
> > > > >
> > > > >
> > > > >
> > > > > On Thu, Oct 19, 2017 at 12:32 PM, Rainer Gerhards <
> > > > > rgerha...@hq.adiscon.com>
> > > > > wrote:
> > > > >
> > > > > > 2017-10-19 16:14 GMT+02:00 Mike Schleif <
> > > mike+rsys...@mdsresource.net>
> > > > :
> > > > > > > Rainer,
> > > > > > >
> > > > > > > Debug attached. Full reboot follows each update and roll back.
> > > > > > >
> > > > > > > It looks like nothing under /var/log/ gets written to after
> > reboot
> > > > > > > complete, except lastlog and wtmp.
> > > > > >
> > > > > > mmhhh... I see at least writes to
> > > > > >
> > > > > > /var/log/messages:
> > > > > > Reg/w0  : strm 0x7f81fc005290: stream.c: opened file
> > > > > > '/var/log/messages' for WRITE as 12
> > > > > > Reg/w0  : strm 0x7f81fc005290: stream.c: file 12 write wrote 4041
> > > bytes
> > > > > >
> > > > > > from the embedded pstats, I see that no other action received
> > > > > > messages. So far, everything looks ok.
> > > > > >
> > > > > > Can you point me to a specific message that you think is
> missing? I
> > > > > > could then try to follow its flow inside the debug log.
> > > > > >
> > > > > > Rainer
> > > > > > >
> > > > > > > Event rsyslog-stats is not written to after boot complete.
> > > > > > >
> > > > > > > Please, advise. Thank you.
> > > > > > >
> > > > > > > ~ Mike
> > > > > > >
> > > > > > >
> > > > > > > On Wed, Oct 18, 2017 at 10:43 AM, Rainer Gerhards <
> > > > > > rgerha...@hq.adiscon.com>
> > > > > > > wrote:
> > > > > > >
> > > > > > >> Do you mean some logs were written to and some not?
> > > > > > >>
> > > > > > >> If so, I need a Debug log to diagnose what is going on.
> > > > > > >>
> > > >

Re: [rsyslog] Updates 8.29 -> 8.30 broke several logs

2017-10-19 Thread Mike Schleif

Rainer,

Yes, I respect your time. Since it is running with 8.29, I can keep this
running as-is for a week or so; but, I do need the update fixes asap.

For debug log from working system, do you need any system reboot?

If not, I can turn on debug in rsyslog.conf, then simple restart rsyslogd.

Please, advise. Thank you.

~ Mike



On Thu, Oct 19, 2017 at 1:35 PM, Rainer Gerhards 
wrote:

> I think David can probably answer that better. You need to check systemd
> and journal conf.
>
> But you said it works with an older version. Can you create a Debug log
> with that one as well so that I can compare? That would probably be useful.
> Again (due to time zone differences) I can look at this at earliest in
> roughly 12 hours - depending on what work has waiting for me in the
> morning. Having both logs by then would definitely be a plus.
>
> Rainer
>
> Sent from phone, thus brief.
>
> Am 19.10.2017 20:24 schrieb "Mike Schleif" :
>
> > Rainer,
> >
> > Apparently, I wasn't explicit enough when submitting the debug log.
> >
> > You asked: Did something (systemd) steal the log socket?
> >
> > I don't know. How could I know? How can I find out?
> >
> > Please, advise. Thank you.
> >
> > ~ Mike
> >
> >
> > On Thu, Oct 19, 2017 at 1:18 PM, Rainer Gerhards <
> rgerha...@hq.adiscon.com
> > >
> > wrote:
> >
> > > Well it would have helped to have this information before wading
> through
> > > the log ;-). Now it needs to wait till tomorrow or Monday.
> > >
> > > Did something (systemd) steal the log socket?
> > >
> > > Räuber
> > >
> > > Sent from phone, thus brief.
> > >
> > > Am 19.10.2017 19:53 schrieb "Mike Schleif" <
> mike+rsys...@mdsresource.net
> > >:
> > >
> > > > Look at line: 32697 - That is the LAST line of debug as the system
> > booted
> > > > up.
> > > >
> > > > Now, look at the next line: 32698 - That is the first line after the
> > > > sysadmin pressed Enter after typing "reboot."
> > > >
> > > > I don't understand the time encoding prior to the first colon (:) of
> > each
> > > > line; but, this host was up for ten (10) minutes or more before
> backing
> > > out
> > > > of the update patches and reboot.
> > > >
> > > > How can I provide missing messages, when they are missing?
> > > >
> > > > The only way to get to this host is via SSH. During the period of the
> > > debug
> > > > log, another sysadmin and I logged onto that host at least three (3)
> > > times
> > > > each - not one write to /var/log/secure !?!?
> > > >
> > > > Yes, there are /var/log/* writes up until the system fully booted -
> > then
> > > > nothing - until sysadmin pressed Enter, more than ten (10) minutes
> > later.
> > > > The ONLY /var/log/ files to get written to during that period were
> > > > /var/log/lastlog and /var/log/wtmp - NOT one other log was written to
> > in
> > > > more than ten (10) minutes ...
> > > >
> > > > Please, advise. Thank you.
> > > >
> > > > ~ Mike
> > > >
> > > >
> > > >
> > > > On Thu, Oct 19, 2017 at 12:32 PM, Rainer Gerhards <
> > > > rgerha...@hq.adiscon.com>
> > > > wrote:
> > > >
> > > > > 2017-10-19 16:14 GMT+02:00 Mike Schleif <
> > mike+rsys...@mdsresource.net>
> > > :
> > > > > > Rainer,
> > > > > >
> > > > > > Debug attached. Full reboot follows each update and roll back.
> > > > > >
> > > > > > It looks like nothing under /var/log/ gets written to after
> reboot
> > > > > > complete, except lastlog and wtmp.
> > > > >
> > > > > mmhhh... I see at least writes to
> > > > >
> > > > > /var/log/messages:
> > > > > Reg/w0  : strm 0x7f81fc005290: stream.c: opened file
> > > > > '/var/log/messages' for WRITE as 12
> > > > > Reg/w0  : strm 0x7f81fc005290: stream.c: file 12 write wrote 4041
> > bytes
> > > > >
> > > > > from the embedded pstats, I see that no other action received
> > > > > messages. So far, everything looks ok.
> > > > >
> > > > > Can you point me to a specific message that you think is missing? I
> > > > > could then try to follow its flow inside the debug log.
> > > > >
> > > > > Rainer
> > > > > >
> > > > > > Event rsyslog-stats is not written to after boot complete.
> > > > > >
> > > > > > Please, advise. Thank you.
> > > > > >
> > > > > > ~ Mike
> > > > > >
> > > > > >
> > > > > > On Wed, Oct 18, 2017 at 10:43 AM, Rainer Gerhards <
> > > > > rgerha...@hq.adiscon.com>
> > > > > > wrote:
> > > > > >
> > > > > >> Do you mean some logs were written to and some not?
> > > > > >>
> > > > > >> If so, I need a Debug log to diagnose what is going on.
> > > > > >>
> > > > > >> Rainer
> > > > > >>
> > > > > >> Sent from phone, thus brief.
> > > > > >>
> > > > > >> Am 18.10.2017 17:36 schrieb "Mike Schleif" <
> > > > > mike+rsys...@mdsresource.net>:
> > > > > >>
> > > > > >> > # cat /etc/centos-release
> > > > > >> > CentOS Linux release 7.4.1708 (Core)
> > > > > >> >
> > > > > >> >
> > > > > >> > After yum updates yesterday (see below,) several logs no
> longer
> > > > > logged,
> > > > > >> > including /var/log/secure
> > > > >

Re: [rsyslog] Updates 8.29 -> 8.30 broke several logs

2017-10-19 Thread Rainer Gerhards

I think David can probably answer that better. You need to check systemd
and journal conf.

But you said it works with an older version. Can you create a Debug log
with that one as well so that I can compare? That would probably be useful.
Again (due to time zone differences) I can look at this at earliest in
roughly 12 hours - depending on what work has waiting for me in the
morning. Having both logs by then would definitely be a plus.

Rainer

Sent from phone, thus brief.

Am 19.10.2017 20:24 schrieb "Mike Schleif" :

> Rainer,
>
> Apparently, I wasn't explicit enough when submitting the debug log.
>
> You asked: Did something (systemd) steal the log socket?
>
> I don't know. How could I know? How can I find out?
>
> Please, advise. Thank you.
>
> ~ Mike
>
>
> On Thu, Oct 19, 2017 at 1:18 PM, Rainer Gerhards  >
> wrote:
>
> > Well it would have helped to have this information before wading through
> > the log ;-). Now it needs to wait till tomorrow or Monday.
> >
> > Did something (systemd) steal the log socket?
> >
> > Räuber
> >
> > Sent from phone, thus brief.
> >
> > Am 19.10.2017 19:53 schrieb "Mike Schleif"  >:
> >
> > > Look at line: 32697 - That is the LAST line of debug as the system
> booted
> > > up.
> > >
> > > Now, look at the next line: 32698 - That is the first line after the
> > > sysadmin pressed Enter after typing "reboot."
> > >
> > > I don't understand the time encoding prior to the first colon (:) of
> each
> > > line; but, this host was up for ten (10) minutes or more before backing
> > out
> > > of the update patches and reboot.
> > >
> > > How can I provide missing messages, when they are missing?
> > >
> > > The only way to get to this host is via SSH. During the period of the
> > debug
> > > log, another sysadmin and I logged onto that host at least three (3)
> > times
> > > each - not one write to /var/log/secure !?!?
> > >
> > > Yes, there are /var/log/* writes up until the system fully booted -
> then
> > > nothing - until sysadmin pressed Enter, more than ten (10) minutes
> later.
> > > The ONLY /var/log/ files to get written to during that period were
> > > /var/log/lastlog and /var/log/wtmp - NOT one other log was written to
> in
> > > more than ten (10) minutes ...
> > >
> > > Please, advise. Thank you.
> > >
> > > ~ Mike
> > >
> > >
> > >
> > > On Thu, Oct 19, 2017 at 12:32 PM, Rainer Gerhards <
> > > rgerha...@hq.adiscon.com>
> > > wrote:
> > >
> > > > 2017-10-19 16:14 GMT+02:00 Mike Schleif <
> mike+rsys...@mdsresource.net>
> > :
> > > > > Rainer,
> > > > >
> > > > > Debug attached. Full reboot follows each update and roll back.
> > > > >
> > > > > It looks like nothing under /var/log/ gets written to after reboot
> > > > > complete, except lastlog and wtmp.
> > > >
> > > > mmhhh... I see at least writes to
> > > >
> > > > /var/log/messages:
> > > > Reg/w0  : strm 0x7f81fc005290: stream.c: opened file
> > > > '/var/log/messages' for WRITE as 12
> > > > Reg/w0  : strm 0x7f81fc005290: stream.c: file 12 write wrote 4041
> bytes
> > > >
> > > > from the embedded pstats, I see that no other action received
> > > > messages. So far, everything looks ok.
> > > >
> > > > Can you point me to a specific message that you think is missing? I
> > > > could then try to follow its flow inside the debug log.
> > > >
> > > > Rainer
> > > > >
> > > > > Event rsyslog-stats is not written to after boot complete.
> > > > >
> > > > > Please, advise. Thank you.
> > > > >
> > > > > ~ Mike
> > > > >
> > > > >
> > > > > On Wed, Oct 18, 2017 at 10:43 AM, Rainer Gerhards <
> > > > rgerha...@hq.adiscon.com>
> > > > > wrote:
> > > > >
> > > > >> Do you mean some logs were written to and some not?
> > > > >>
> > > > >> If so, I need a Debug log to diagnose what is going on.
> > > > >>
> > > > >> Rainer
> > > > >>
> > > > >> Sent from phone, thus brief.
> > > > >>
> > > > >> Am 18.10.2017 17:36 schrieb "Mike Schleif" <
> > > > mike+rsys...@mdsresource.net>:
> > > > >>
> > > > >> > # cat /etc/centos-release
> > > > >> > CentOS Linux release 7.4.1708 (Core)
> > > > >> >
> > > > >> >
> > > > >> > After yum updates yesterday (see below,) several logs no longer
> > > > logged,
> > > > >> > including /var/log/secure
> > > > >> >
> > > > >> > In the last hour, we rolled back that entire yum update, and
> > logging
> > > > >> > appears to be as expected
> > > > >> >
> > > > >> > Please, advise. Thank you.
> > > > >> >
> > > > >> > ~ Mike
> > > > >> >
> > > > >> >
> > > > >> > # yum history info 62
> > > > >> > Loaded plugins: fastestmirror
> > > > >> > Transaction ID : 62
> > > > >> > Begin time : Tue Oct 17 07:42:51 2017
> > > > >> > Begin rpmdb: 597:442a35918ca922c515d3f9bbc38cb3733341358a
> > > > >> > End time   :07:43:00 2017 (9 seconds)
> > > > >> > End rpmdb  : 597:f817c423ae76bafaafaab823cfca6d4030e069f0
> > > > >> > User   : Jeffrey Reed 
> > > > >> > Return-Code: Success
>

Re: [rsyslog] Updates 8.29 -> 8.30 broke several logs

2017-10-19 Thread Mike Schleif

Rainer,

Apparently, I wasn't explicit enough when submitting the debug log.

You asked: Did something (systemd) steal the log socket?

I don't know. How could I know? How can I find out?

Please, advise. Thank you.

~ Mike


On Thu, Oct 19, 2017 at 1:18 PM, Rainer Gerhards 
wrote:

> Well it would have helped to have this information before wading through
> the log ;-). Now it needs to wait till tomorrow or Monday.
>
> Did something (systemd) steal the log socket?
>
> Räuber
>
> Sent from phone, thus brief.
>
> Am 19.10.2017 19:53 schrieb "Mike Schleif" :
>
> > Look at line: 32697 - That is the LAST line of debug as the system booted
> > up.
> >
> > Now, look at the next line: 32698 - That is the first line after the
> > sysadmin pressed Enter after typing "reboot."
> >
> > I don't understand the time encoding prior to the first colon (:) of each
> > line; but, this host was up for ten (10) minutes or more before backing
> out
> > of the update patches and reboot.
> >
> > How can I provide missing messages, when they are missing?
> >
> > The only way to get to this host is via SSH. During the period of the
> debug
> > log, another sysadmin and I logged onto that host at least three (3)
> times
> > each - not one write to /var/log/secure !?!?
> >
> > Yes, there are /var/log/* writes up until the system fully booted - then
> > nothing - until sysadmin pressed Enter, more than ten (10) minutes later.
> > The ONLY /var/log/ files to get written to during that period were
> > /var/log/lastlog and /var/log/wtmp - NOT one other log was written to in
> > more than ten (10) minutes ...
> >
> > Please, advise. Thank you.
> >
> > ~ Mike
> >
> >
> >
> > On Thu, Oct 19, 2017 at 12:32 PM, Rainer Gerhards <
> > rgerha...@hq.adiscon.com>
> > wrote:
> >
> > > 2017-10-19 16:14 GMT+02:00 Mike Schleif 
> :
> > > > Rainer,
> > > >
> > > > Debug attached. Full reboot follows each update and roll back.
> > > >
> > > > It looks like nothing under /var/log/ gets written to after reboot
> > > > complete, except lastlog and wtmp.
> > >
> > > mmhhh... I see at least writes to
> > >
> > > /var/log/messages:
> > > Reg/w0  : strm 0x7f81fc005290: stream.c: opened file
> > > '/var/log/messages' for WRITE as 12
> > > Reg/w0  : strm 0x7f81fc005290: stream.c: file 12 write wrote 4041 bytes
> > >
> > > from the embedded pstats, I see that no other action received
> > > messages. So far, everything looks ok.
> > >
> > > Can you point me to a specific message that you think is missing? I
> > > could then try to follow its flow inside the debug log.
> > >
> > > Rainer
> > > >
> > > > Event rsyslog-stats is not written to after boot complete.
> > > >
> > > > Please, advise. Thank you.
> > > >
> > > > ~ Mike
> > > >
> > > >
> > > > On Wed, Oct 18, 2017 at 10:43 AM, Rainer Gerhards <
> > > rgerha...@hq.adiscon.com>
> > > > wrote:
> > > >
> > > >> Do you mean some logs were written to and some not?
> > > >>
> > > >> If so, I need a Debug log to diagnose what is going on.
> > > >>
> > > >> Rainer
> > > >>
> > > >> Sent from phone, thus brief.
> > > >>
> > > >> Am 18.10.2017 17:36 schrieb "Mike Schleif" <
> > > mike+rsys...@mdsresource.net>:
> > > >>
> > > >> > # cat /etc/centos-release
> > > >> > CentOS Linux release 7.4.1708 (Core)
> > > >> >
> > > >> >
> > > >> > After yum updates yesterday (see below,) several logs no longer
> > > logged,
> > > >> > including /var/log/secure
> > > >> >
> > > >> > In the last hour, we rolled back that entire yum update, and
> logging
> > > >> > appears to be as expected
> > > >> >
> > > >> > Please, advise. Thank you.
> > > >> >
> > > >> > ~ Mike
> > > >> >
> > > >> >
> > > >> > # yum history info 62
> > > >> > Loaded plugins: fastestmirror
> > > >> > Transaction ID : 62
> > > >> > Begin time : Tue Oct 17 07:42:51 2017
> > > >> > Begin rpmdb: 597:442a35918ca922c515d3f9bbc38cb3733341358a
> > > >> > End time   :07:43:00 2017 (9 seconds)
> > > >> > End rpmdb  : 597:f817c423ae76bafaafaab823cfca6d4030e069f0
> > > >> > User   : Jeffrey Reed 
> > > >> > Return-Code: Success
> > > >> > Command Line   : update
> > > >> > Transaction performed with:
> > > >> > Installed rpm-4.11.3-25.el7.x86_64
> > @base
> > > >> > Installed yum-3.4.3-154.el7.centos.noarch
> >  @base
> > > >> > Installed yum-plugin-fastestmirror-1.1.31-42.el7.noarch
> > @base
> > > >> > Packages Altered:
> > > >> > Updated epel-release-7-10.noarch   @epel
> > > >> > Update   7-11.noarch
>  @epel-testing
> > > >> > Updated libfastjson4-0.99.5-1.el7.x86_64
>  @rsyslog_v8
> > > >> > Update   0.99.7-1.el7.x86_64   @rsyslog_v8
> > > >> > Updated mysql-community-client-5.6.37-2.el7.x86_64
> > > >> @mysql56-community
> > > >> > Update 5.6.38-2.el7.x86_64
> > > @mysql56-community
> > > >> > Updated

Re: [rsyslog] Updates 8.29 -> 8.30 broke several logs

2017-10-19 Thread Rainer Gerhards

Well it would have helped to have this information before wading through
the log ;-). Now it needs to wait till tomorrow or Monday.

Did something (systemd) steal the log socket?

Räuber

Sent from phone, thus brief.

Am 19.10.2017 19:53 schrieb "Mike Schleif" :

> Look at line: 32697 - That is the LAST line of debug as the system booted
> up.
>
> Now, look at the next line: 32698 - That is the first line after the
> sysadmin pressed Enter after typing "reboot."
>
> I don't understand the time encoding prior to the first colon (:) of each
> line; but, this host was up for ten (10) minutes or more before backing out
> of the update patches and reboot.
>
> How can I provide missing messages, when they are missing?
>
> The only way to get to this host is via SSH. During the period of the debug
> log, another sysadmin and I logged onto that host at least three (3) times
> each - not one write to /var/log/secure !?!?
>
> Yes, there are /var/log/* writes up until the system fully booted - then
> nothing - until sysadmin pressed Enter, more than ten (10) minutes later.
> The ONLY /var/log/ files to get written to during that period were
> /var/log/lastlog and /var/log/wtmp - NOT one other log was written to in
> more than ten (10) minutes ...
>
> Please, advise. Thank you.
>
> ~ Mike
>
>
>
> On Thu, Oct 19, 2017 at 12:32 PM, Rainer Gerhards <
> rgerha...@hq.adiscon.com>
> wrote:
>
> > 2017-10-19 16:14 GMT+02:00 Mike Schleif :
> > > Rainer,
> > >
> > > Debug attached. Full reboot follows each update and roll back.
> > >
> > > It looks like nothing under /var/log/ gets written to after reboot
> > > complete, except lastlog and wtmp.
> >
> > mmhhh... I see at least writes to
> >
> > /var/log/messages:
> > Reg/w0  : strm 0x7f81fc005290: stream.c: opened file
> > '/var/log/messages' for WRITE as 12
> > Reg/w0  : strm 0x7f81fc005290: stream.c: file 12 write wrote 4041 bytes
> >
> > from the embedded pstats, I see that no other action received
> > messages. So far, everything looks ok.
> >
> > Can you point me to a specific message that you think is missing? I
> > could then try to follow its flow inside the debug log.
> >
> > Rainer
> > >
> > > Event rsyslog-stats is not written to after boot complete.
> > >
> > > Please, advise. Thank you.
> > >
> > > ~ Mike
> > >
> > >
> > > On Wed, Oct 18, 2017 at 10:43 AM, Rainer Gerhards <
> > rgerha...@hq.adiscon.com>
> > > wrote:
> > >
> > >> Do you mean some logs were written to and some not?
> > >>
> > >> If so, I need a Debug log to diagnose what is going on.
> > >>
> > >> Rainer
> > >>
> > >> Sent from phone, thus brief.
> > >>
> > >> Am 18.10.2017 17:36 schrieb "Mike Schleif" <
> > mike+rsys...@mdsresource.net>:
> > >>
> > >> > # cat /etc/centos-release
> > >> > CentOS Linux release 7.4.1708 (Core)
> > >> >
> > >> >
> > >> > After yum updates yesterday (see below,) several logs no longer
> > logged,
> > >> > including /var/log/secure
> > >> >
> > >> > In the last hour, we rolled back that entire yum update, and logging
> > >> > appears to be as expected
> > >> >
> > >> > Please, advise. Thank you.
> > >> >
> > >> > ~ Mike
> > >> >
> > >> >
> > >> > # yum history info 62
> > >> > Loaded plugins: fastestmirror
> > >> > Transaction ID : 62
> > >> > Begin time : Tue Oct 17 07:42:51 2017
> > >> > Begin rpmdb: 597:442a35918ca922c515d3f9bbc38cb3733341358a
> > >> > End time   :07:43:00 2017 (9 seconds)
> > >> > End rpmdb  : 597:f817c423ae76bafaafaab823cfca6d4030e069f0
> > >> > User   : Jeffrey Reed 
> > >> > Return-Code: Success
> > >> > Command Line   : update
> > >> > Transaction performed with:
> > >> > Installed rpm-4.11.3-25.el7.x86_64
> @base
> > >> > Installed yum-3.4.3-154.el7.centos.noarch
>  @base
> > >> > Installed yum-plugin-fastestmirror-1.1.31-42.el7.noarch
> @base
> > >> > Packages Altered:
> > >> > Updated epel-release-7-10.noarch   @epel
> > >> > Update   7-11.noarch   @epel-testing
> > >> > Updated libfastjson4-0.99.5-1.el7.x86_64   @rsyslog_v8
> > >> > Update   0.99.7-1.el7.x86_64   @rsyslog_v8
> > >> > Updated mysql-community-client-5.6.37-2.el7.x86_64
> > >> @mysql56-community
> > >> > Update 5.6.38-2.el7.x86_64
> > @mysql56-community
> > >> > Updated mysql-community-common-5.6.37-2.el7.x86_64
> > >> @mysql56-community
> > >> > Update 5.6.38-2.el7.x86_64
> > @mysql56-community
> > >> > Updated mysql-community-libs-5.6.37-2.el7.x86_64
> > >>  @mysql56-community
> > >> > Update   5.6.38-2.el7.x86_64
> >  @mysql56-community
> > >> > Updated rsyslog-8.29.0-2.el7.x86_64@rsyslog_v8
> > >> > Update  8.30.0-1.el7.x86_64@rsyslog_v8
> > >> > Updated rsyslog-mysql-8.29.0-2.el7.x86_64  @rsyslog_v8
> > >> >

Re: [rsyslog] Updates 8.29 -> 8.30 broke several logs

2017-10-19 Thread Mike Schleif

Look at line: 32697 - That is the LAST line of debug as the system booted
up.

Now, look at the next line: 32698 - That is the first line after the
sysadmin pressed Enter after typing "reboot."

I don't understand the time encoding prior to the first colon (:) of each
line; but, this host was up for ten (10) minutes or more before backing out
of the update patches and reboot.

How can I provide missing messages, when they are missing?

The only way to get to this host is via SSH. During the period of the debug
log, another sysadmin and I logged onto that host at least three (3) times
each - not one write to /var/log/secure !?!?

Yes, there are /var/log/* writes up until the system fully booted - then
nothing - until sysadmin pressed Enter, more than ten (10) minutes later.
The ONLY /var/log/ files to get written to during that period were
/var/log/lastlog and /var/log/wtmp - NOT one other log was written to in
more than ten (10) minutes ...

Please, advise. Thank you.

~ Mike



On Thu, Oct 19, 2017 at 12:32 PM, Rainer Gerhards 
wrote:

> 2017-10-19 16:14 GMT+02:00 Mike Schleif :
> > Rainer,
> >
> > Debug attached. Full reboot follows each update and roll back.
> >
> > It looks like nothing under /var/log/ gets written to after reboot
> > complete, except lastlog and wtmp.
>
> mmhhh... I see at least writes to
>
> /var/log/messages:
> Reg/w0  : strm 0x7f81fc005290: stream.c: opened file
> '/var/log/messages' for WRITE as 12
> Reg/w0  : strm 0x7f81fc005290: stream.c: file 12 write wrote 4041 bytes
>
> from the embedded pstats, I see that no other action received
> messages. So far, everything looks ok.
>
> Can you point me to a specific message that you think is missing? I
> could then try to follow its flow inside the debug log.
>
> Rainer
> >
> > Event rsyslog-stats is not written to after boot complete.
> >
> > Please, advise. Thank you.
> >
> > ~ Mike
> >
> >
> > On Wed, Oct 18, 2017 at 10:43 AM, Rainer Gerhards <
> rgerha...@hq.adiscon.com>
> > wrote:
> >
> >> Do you mean some logs were written to and some not?
> >>
> >> If so, I need a Debug log to diagnose what is going on.
> >>
> >> Rainer
> >>
> >> Sent from phone, thus brief.
> >>
> >> Am 18.10.2017 17:36 schrieb "Mike Schleif" <
> mike+rsys...@mdsresource.net>:
> >>
> >> > # cat /etc/centos-release
> >> > CentOS Linux release 7.4.1708 (Core)
> >> >
> >> >
> >> > After yum updates yesterday (see below,) several logs no longer
> logged,
> >> > including /var/log/secure
> >> >
> >> > In the last hour, we rolled back that entire yum update, and logging
> >> > appears to be as expected
> >> >
> >> > Please, advise. Thank you.
> >> >
> >> > ~ Mike
> >> >
> >> >
> >> > # yum history info 62
> >> > Loaded plugins: fastestmirror
> >> > Transaction ID : 62
> >> > Begin time : Tue Oct 17 07:42:51 2017
> >> > Begin rpmdb: 597:442a35918ca922c515d3f9bbc38cb3733341358a
> >> > End time   :07:43:00 2017 (9 seconds)
> >> > End rpmdb  : 597:f817c423ae76bafaafaab823cfca6d4030e069f0
> >> > User   : Jeffrey Reed 
> >> > Return-Code: Success
> >> > Command Line   : update
> >> > Transaction performed with:
> >> > Installed rpm-4.11.3-25.el7.x86_64  @base
> >> > Installed yum-3.4.3-154.el7.centos.noarch   @base
> >> > Installed yum-plugin-fastestmirror-1.1.31-42.el7.noarch @base
> >> > Packages Altered:
> >> > Updated epel-release-7-10.noarch   @epel
> >> > Update   7-11.noarch   @epel-testing
> >> > Updated libfastjson4-0.99.5-1.el7.x86_64   @rsyslog_v8
> >> > Update   0.99.7-1.el7.x86_64   @rsyslog_v8
> >> > Updated mysql-community-client-5.6.37-2.el7.x86_64
> >> @mysql56-community
> >> > Update 5.6.38-2.el7.x86_64
> @mysql56-community
> >> > Updated mysql-community-common-5.6.37-2.el7.x86_64
> >> @mysql56-community
> >> > Update 5.6.38-2.el7.x86_64
> @mysql56-community
> >> > Updated mysql-community-libs-5.6.37-2.el7.x86_64
> >>  @mysql56-community
> >> > Update   5.6.38-2.el7.x86_64
>  @mysql56-community
> >> > Updated rsyslog-8.29.0-2.el7.x86_64@rsyslog_v8
> >> > Update  8.30.0-1.el7.x86_64@rsyslog_v8
> >> > Updated rsyslog-mysql-8.29.0-2.el7.x86_64  @rsyslog_v8
> >> > Update8.30.0-1.el7.x86_64  @rsyslog_v8
> >> > history info
> >> > ___
> >> > rsyslog mailing list
> >> > http://lists.adiscon.net/mailman/listinfo/rsyslog
> >> > http://www.rsyslog.com/professional-services/
> >> > What's up with rsyslog? Follow https://twitter.com/rgerhards
> >> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
> myriad
> >> > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> >> > DON'T

Re: [rsyslog] Updates 8.29 -> 8.30 broke several logs

2017-10-19 Thread Rainer Gerhards

2017-10-19 16:14 GMT+02:00 Mike Schleif :
> Rainer,
>
> Debug attached. Full reboot follows each update and roll back.
>
> It looks like nothing under /var/log/ gets written to after reboot
> complete, except lastlog and wtmp.

mmhhh... I see at least writes to

/var/log/messages:
Reg/w0  : strm 0x7f81fc005290: stream.c: opened file
'/var/log/messages' for WRITE as 12
Reg/w0  : strm 0x7f81fc005290: stream.c: file 12 write wrote 4041 bytes

from the embedded pstats, I see that no other action received
messages. So far, everything looks ok.

Can you point me to a specific message that you think is missing? I
could then try to follow its flow inside the debug log.

Rainer
>
> Event rsyslog-stats is not written to after boot complete.
>
> Please, advise. Thank you.
>
> ~ Mike
>
>
> On Wed, Oct 18, 2017 at 10:43 AM, Rainer Gerhards 
> wrote:
>
>> Do you mean some logs were written to and some not?
>>
>> If so, I need a Debug log to diagnose what is going on.
>>
>> Rainer
>>
>> Sent from phone, thus brief.
>>
>> Am 18.10.2017 17:36 schrieb "Mike Schleif" :
>>
>> > # cat /etc/centos-release
>> > CentOS Linux release 7.4.1708 (Core)
>> >
>> >
>> > After yum updates yesterday (see below,) several logs no longer logged,
>> > including /var/log/secure
>> >
>> > In the last hour, we rolled back that entire yum update, and logging
>> > appears to be as expected
>> >
>> > Please, advise. Thank you.
>> >
>> > ~ Mike
>> >
>> >
>> > # yum history info 62
>> > Loaded plugins: fastestmirror
>> > Transaction ID : 62
>> > Begin time : Tue Oct 17 07:42:51 2017
>> > Begin rpmdb: 597:442a35918ca922c515d3f9bbc38cb3733341358a
>> > End time   :07:43:00 2017 (9 seconds)
>> > End rpmdb  : 597:f817c423ae76bafaafaab823cfca6d4030e069f0
>> > User   : Jeffrey Reed 
>> > Return-Code: Success
>> > Command Line   : update
>> > Transaction performed with:
>> > Installed rpm-4.11.3-25.el7.x86_64  @base
>> > Installed yum-3.4.3-154.el7.centos.noarch   @base
>> > Installed yum-plugin-fastestmirror-1.1.31-42.el7.noarch @base
>> > Packages Altered:
>> > Updated epel-release-7-10.noarch   @epel
>> > Update   7-11.noarch   @epel-testing
>> > Updated libfastjson4-0.99.5-1.el7.x86_64   @rsyslog_v8
>> > Update   0.99.7-1.el7.x86_64   @rsyslog_v8
>> > Updated mysql-community-client-5.6.37-2.el7.x86_64
>> @mysql56-community
>> > Update 5.6.38-2.el7.x86_64 @mysql56-community
>> > Updated mysql-community-common-5.6.37-2.el7.x86_64
>> @mysql56-community
>> > Update 5.6.38-2.el7.x86_64 @mysql56-community
>> > Updated mysql-community-libs-5.6.37-2.el7.x86_64
>>  @mysql56-community
>> > Update   5.6.38-2.el7.x86_64   @mysql56-community
>> > Updated rsyslog-8.29.0-2.el7.x86_64@rsyslog_v8
>> > Update  8.30.0-1.el7.x86_64@rsyslog_v8
>> > Updated rsyslog-mysql-8.29.0-2.el7.x86_64  @rsyslog_v8
>> > Update8.30.0-1.el7.x86_64  @rsyslog_v8
>> > history info
>> > ___
>> > rsyslog mailing list
>> > http://lists.adiscon.net/mailman/listinfo/rsyslog
>> > http://www.rsyslog.com/professional-services/
>> > What's up with rsyslog? Follow https://twitter.com/rgerhards
>> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
>> > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
>> > DON'T LIKE THAT.
>> >
>> ___
>> rsyslog mailing list
>> http://lists.adiscon.net/mailman/listinfo/rsyslog
>> http://www.rsyslog.com/professional-services/
>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
>> DON'T LIKE THAT.
>>
>
> ___
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
> sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T 
> LIKE THAT.
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] Updates 8.29 -> 8.30 broke several logs

2017-10-18 Thread Rainer Gerhards

Do you mean some logs were written to and some not?

If so, I need a Debug log to diagnose what is going on.

Rainer

Sent from phone, thus brief.

Am 18.10.2017 17:36 schrieb "Mike Schleif" :

> # cat /etc/centos-release
> CentOS Linux release 7.4.1708 (Core)
>
>
> After yum updates yesterday (see below,) several logs no longer logged,
> including /var/log/secure
>
> In the last hour, we rolled back that entire yum update, and logging
> appears to be as expected
>
> Please, advise. Thank you.
>
> ~ Mike
>
>
> # yum history info 62
> Loaded plugins: fastestmirror
> Transaction ID : 62
> Begin time : Tue Oct 17 07:42:51 2017
> Begin rpmdb: 597:442a35918ca922c515d3f9bbc38cb3733341358a
> End time   :07:43:00 2017 (9 seconds)
> End rpmdb  : 597:f817c423ae76bafaafaab823cfca6d4030e069f0
> User   : Jeffrey Reed 
> Return-Code: Success
> Command Line   : update
> Transaction performed with:
> Installed rpm-4.11.3-25.el7.x86_64  @base
> Installed yum-3.4.3-154.el7.centos.noarch   @base
> Installed yum-plugin-fastestmirror-1.1.31-42.el7.noarch @base
> Packages Altered:
> Updated epel-release-7-10.noarch   @epel
> Update   7-11.noarch   @epel-testing
> Updated libfastjson4-0.99.5-1.el7.x86_64   @rsyslog_v8
> Update   0.99.7-1.el7.x86_64   @rsyslog_v8
> Updated mysql-community-client-5.6.37-2.el7.x86_64 @mysql56-community
> Update 5.6.38-2.el7.x86_64 @mysql56-community
> Updated mysql-community-common-5.6.37-2.el7.x86_64 @mysql56-community
> Update 5.6.38-2.el7.x86_64 @mysql56-community
> Updated mysql-community-libs-5.6.37-2.el7.x86_64   @mysql56-community
> Update   5.6.38-2.el7.x86_64   @mysql56-community
> Updated rsyslog-8.29.0-2.el7.x86_64@rsyslog_v8
> Update  8.30.0-1.el7.x86_64@rsyslog_v8
> Updated rsyslog-mysql-8.29.0-2.el7.x86_64  @rsyslog_v8
> Update8.30.0-1.el7.x86_64  @rsyslog_v8
> history info
> ___
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> DON'T LIKE THAT.
>
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] Updates 8.29 -> 8.30 broke several logs

Re: [rsyslog] Updates 8.29 -> 8.30 broke several logs

Re: [rsyslog] Updates 8.29 -> 8.30 broke several logs

Re: [rsyslog] Updates 8.29 -> 8.30 broke several logs

Re: [rsyslog] Updates 8.29 -> 8.30 broke several logs

Re: [rsyslog] Updates 8.29 -> 8.30 broke several logs

Re: [rsyslog] Updates 8.29 -> 8.30 broke several logs

Re: [rsyslog] Updates 8.29 -> 8.30 broke several logs

Re: [rsyslog] Updates 8.29 -> 8.30 broke several logs

Re: [rsyslog] Updates 8.29 -> 8.30 broke several logs

Re: [rsyslog] Updates 8.29 -> 8.30 broke several logs

Re: [rsyslog] Updates 8.29 -> 8.30 broke several logs

Re: [rsyslog] Updates 8.29 -> 8.30 broke several logs

Re: [rsyslog] Updates 8.29 -> 8.30 broke several logs

Re: [rsyslog] Updates 8.29 -> 8.30 broke several logs

Re: [rsyslog] Updates 8.29 -> 8.30 broke several logs

Re: [rsyslog] Updates 8.29 -> 8.30 broke several logs

Re: [rsyslog] Updates 8.29 -> 8.30 broke several logs

Re: [rsyslog] Updates 8.29 -> 8.30 broke several logs

Re: [rsyslog] Updates 8.29 -> 8.30 broke several logs

Re: [rsyslog] Updates 8.29 -> 8.30 broke several logs

Re: [rsyslog] Updates 8.29 -> 8.30 broke several logs

Re: [rsyslog] Updates 8.29 -> 8.30 broke several logs

Re: [rsyslog] Updates 8.29 -> 8.30 broke several logs

Re: [rsyslog] Updates 8.29 -> 8.30 broke several logs

Re: [rsyslog] Updates 8.29 -> 8.30 broke several logs

Re: [rsyslog] Updates 8.29 -> 8.30 broke several logs

Re: [rsyslog] Updates 8.29 -> 8.30 broke several logs

28 matches

Site Navigation

Mail list logo

Footer information