Sorry, below are the attached files, effective config from client side and wireshark of the working scenario.
On Mon, Jun 20, 2022 at 11:41 AM Mariusz Kruk via rsyslog < rsyslog@lists.adiscon.com> wrote: > OK. Now we're getting somewhere ;-) > > So you're trying to do TLS-enabled forwarding between "client" rsyslogd > and "server" rsyslogd. > > Unfortunately, you didn't post the whole config from the client - the > config relies on some included files which are not attached. > > You can get the resulting config as rsyslog sees it by calling > > rsyslogd -N1 -o /tmp/rsyslogd_effective.conf > > It seems you forgot the wireshark snapshot as well. > > On 20.06.2022 17:34, Abhinav Bhatia via rsyslog wrote: > > Yes. But what functionality with TLS is or is not working? Input? Output? > > > > > > *I have a client running rsyslogd , sending syslogs to server. I am using > > syslog() to send syslogs.When I run version 8.2108 with TLS , I see the > > messages sent from client on wireshark (snapshot attched). But If I > enable > > debug I do not see anything on Wireshark going out from client side, * > > > > What's your config? > > *Attached are the configs from cleint and server.* > > > > What are the symptoms of "not working"? Does your side terminate the TLS > > connection with some error? Does the other side terminate it? > > *I think the client does not start the connection. * > > > > Does it work again if you downgrade the rsyslog back to 8.2108? > > *Yes If I downgrade to 8.2108 , rsyslogd with TLS is working (NO Debug > > enabled)* > > > > On Mon, Jun 20, 2022 at 11:06 AM Mariusz Kruk via rsyslog < > > rsyslog@lists.adiscon.com> wrote: > > > >> Yes. But what functionality with TLS is or is not working? Input? > Output? > >> > >> What's your config? > >> > >> What are the symptoms of "not working"? Does your side terminate the TLS > >> connection with some error? Does the other side terminate it? > >> > >> Did you try tcpdumping the TLS connection? > >> > >> Does it work again if you downgrade the rsyslog back to 8.2108? > >> > >> On 20.06.2022 16:59, Abhinav Bhatia wrote: > >>> Hi Mariusz, > >>> > >>> Thank you for quick reply, > >>> > >>> *Version* > >>> > >>> > >>> > >>> *No TLS* > >>> > >>> > >>> > >>> *TLS with Debug enabled* > >>> > >>> > >>> > >>> *TLS with debug disabled* > >>> > >>> 8.2108.0 > >>> > >>> > >>> > >>> Working > >>> > >>> > >>> > >>> Not Working > >>> > >>> > >>> > >>> Working > >>> > >>> 8.2204.0 > >>> > >>> > >>> > >>> Working > >>> > >>> > >>> > >>> Not Working > >>> > >>> > >>> > >>> Not Working > >>> > >>> Logs I shared with you were of version 8.2108.0 , TLS with Debug > enabled. > >>> > >>> > >>> Thank you, > >>> > >>> > >>> On Mon, Jun 20, 2022 at 10:38 AM Mariusz Kruk via rsyslog > >>> <rsyslog@lists.adiscon.com> wrote: > >>> > >>> OK. But _what_ is working or not working? Because quick glance > >>> over the > >>> the debug file you attached doesn't show anything TLS-related. > >>> > >>> Or even any other input module other than imuxsock or imklog. So > >>> maybe > >>> it's that your omfwd action is supposed to be TLS-enabled. But we > >>> don't > >>> see any streamdriver config in this debug. > >>> > >>> On 20.06.2022 16:27, Abhinav Bhatia via rsyslog wrote: > >>> > Hi , > >>> > > >>> > I was using rsyslogd (version 8.2108.0.master) with TLS which > >>> was working > >>> > fine. Then I upgraded to 8.2204.0.master and syslog with TLS > >> stopped > >>> > working, over UDP works fine. > >>> > > >>> > Along with rsyslod I upgraded the curl 7.79.0-DEV to 7.83.1-DEV > >>> , and > >>> > Nettle from 3.1.1 to 3.7.1. > >>> > > >>> > To debug the issue I enabled the logs with version 8.2108.0 via > >>> > rsyslog.conf. Issue is when I enable logs I do not see any TLS > >>> data sent to > >>> > the server (attached logs). however if I do not enable debug in > >>> conf file > >>> > it works fine. > >>> > > >>> > Below are the lines added for debugging is syslog.conf: > >>> > > >>> > $DebugFile /var/log/rsyslog.debug > >>> > $DebugLevel 2 > >>> > > >>> > Thank you ! > >>> > > >>> > _______________________________________________ > >>> > rsyslog mailing list > >>> > https://lists.adiscon.net/mailman/listinfo/rsyslog > >>> > http://www.rsyslog.com/professional-services/ > >>> > What's up with rsyslog? Follow https://twitter.com/rgerhards > >>> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by > >>> a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO > >>> NOT POST if you DON'T LIKE THAT. > >>> _______________________________________________ > >>> rsyslog mailing list > >>> https://lists.adiscon.net/mailman/listinfo/rsyslog > >>> http://www.rsyslog.com/professional-services/ > >>> What's up with rsyslog? Follow https://twitter.com/rgerhards > >>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a > >>> myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT > >>> POST if you DON'T LIKE THAT. > >>> > >> _______________________________________________ > >> rsyslog mailing list > >> https://lists.adiscon.net/mailman/listinfo/rsyslog > >> http://www.rsyslog.com/professional-services/ > >> What's up with rsyslog? Follow https://twitter.com/rgerhards > >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > >> DON'T LIKE THAT. > >> > >> _______________________________________________ > >> rsyslog mailing list > >> https://lists.adiscon.net/mailman/listinfo/rsyslog > >> http://www.rsyslog.com/professional-services/ > >> What's up with rsyslog? Follow https://twitter.com/rgerhards > >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a > myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if > you DON'T LIKE THAT. > _______________________________________________ > rsyslog mailing list > https://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. >
client_effective_config.conf
Description: Binary data
V8.2108-WO-DEBUG-Working.pcapng
Description: Binary data
_______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
