This time you included debug log from rsyslogd creating the merged
config, not the actual config itself.
Anyway, the PCAP is interesting.
Because it shows two separate TLS-based connections which are
negotiated, then there is some data pushed through the encrypted channel
but the connections are not finished.
I assume these are not the first connections because the pre-shared key
has already been established and the sessions are now established in a
"quick way" (without verifying certs again).
So it does seem as if the TLS connection as such was being established
indeed.
On 20.06.2022 18:08, Abhinav Bhatia via rsyslog wrote:
Sorry, below are the attached files, effective config from client side and
wireshark of the working scenario.
On Mon, Jun 20, 2022 at 11:41 AM Mariusz Kruk via rsyslog <
rsyslog@lists.adiscon.com> wrote:
OK. Now we're getting somewhere ;-)
So you're trying to do TLS-enabled forwarding between "client" rsyslogd
and "server" rsyslogd.
Unfortunately, you didn't post the whole config from the client - the
config relies on some included files which are not attached.
You can get the resulting config as rsyslog sees it by calling
rsyslogd -N1 -o /tmp/rsyslogd_effective.conf
It seems you forgot the wireshark snapshot as well.
On 20.06.2022 17:34, Abhinav Bhatia via rsyslog wrote:
Yes. But what functionality with TLS is or is not working? Input? Output?
*I have a client running rsyslogd , sending syslogs to server. I am using
syslog() to send syslogs.When I run version 8.2108 with TLS , I see the
messages sent from client on wireshark (snapshot attched). But If I
enable
debug I do not see anything on Wireshark going out from client side, *
What's your config?
*Attached are the configs from cleint and server.*
What are the symptoms of "not working"? Does your side terminate the TLS
connection with some error? Does the other side terminate it?
*I think the client does not start the connection. *
Does it work again if you downgrade the rsyslog back to 8.2108?
*Yes If I downgrade to 8.2108 , rsyslogd with TLS is working (NO Debug
enabled)*
On Mon, Jun 20, 2022 at 11:06 AM Mariusz Kruk via rsyslog <
rsyslog@lists.adiscon.com> wrote:
Yes. But what functionality with TLS is or is not working? Input?
Output?
What's your config?
What are the symptoms of "not working"? Does your side terminate the TLS
connection with some error? Does the other side terminate it?
Did you try tcpdumping the TLS connection?
Does it work again if you downgrade the rsyslog back to 8.2108?
On 20.06.2022 16:59, Abhinav Bhatia wrote:
Hi Mariusz,
Thank you for quick reply,
*Version*
*No TLS*
*TLS with Debug enabled*
*TLS with debug disabled*
8.2108.0
Working
Not Working
Working
8.2204.0
Working
Not Working
Not Working
Logs I shared with you were of version 8.2108.0 , TLS with Debug
enabled.
Thank you,
On Mon, Jun 20, 2022 at 10:38 AM Mariusz Kruk via rsyslog
<rsyslog@lists.adiscon.com> wrote:
OK. But _what_ is working or not working? Because quick glance
over the
the debug file you attached doesn't show anything TLS-related.
Or even any other input module other than imuxsock or imklog. So
maybe
it's that your omfwd action is supposed to be TLS-enabled. But we
don't
see any streamdriver config in this debug.
On 20.06.2022 16:27, Abhinav Bhatia via rsyslog wrote:
> Hi ,
>
> I was using rsyslogd (version 8.2108.0.master) with TLS which
was working
> fine. Then I upgraded to 8.2204.0.master and syslog with TLS
stopped
> working, over UDP works fine.
>
> Along with rsyslod I upgraded the curl 7.79.0-DEV to 7.83.1-DEV
, and
> Nettle from 3.1.1 to 3.7.1.
>
> To debug the issue I enabled the logs with version 8.2108.0 via
> rsyslog.conf. Issue is when I enable logs I do not see any TLS
data sent to
> the server (attached logs). however if I do not enable debug in
conf file
> it works fine.
>
> Below are the lines added for debugging is syslog.conf:
>
> $DebugFile /var/log/rsyslog.debug
> $DebugLevel 2
>
> Thank you !
>
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by
a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO
NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT
POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if
you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
