Hi, I'm using rsyslog as packaged by Debian 12 (bookworm). I'm logging to central servers:
$DefaultNetstreamDriver gtls […] *.* @@server.example.com:10514 I'm using client TLS certificates that expire after 3 months. I have automation to put the updated certificate files in place, but if I do not restart rsyslog then it does not pick up the new certificates and eventually the client rsyslog is rejected and cannot re-connect. I can easily restart rsyslog when new certificate files are put in place, but then I get logs like this from every client host (many): 2023-12-30T02:32:01.521137+00:00 client1.example.com rsyslogd: omfwd: remote server at server.example.com:10514 seems to have closed connection. This often happens when the remote peer (or an interim system like a load balancer or firewall) shuts down or aborts a connection. Rsyslog will re-open the connection if configured to do so (we saw a generic IO Error, which usually goes along with that behaviour). [v8.2302.0 try https://www.rsyslog.com/e/2027 ] 2023-12-30T02:32:01.531001+00:00 client1.example.com rsyslogd: action 'action-19-builtin:omfwd' suspended (module 'builtin:omfwd'), retry 0. There should be messages before this one giving the reason for suspension. [v8.2302.0 try https://www.rsyslog.com/e/2007 ] 2023-12-30T02:32:02.327418+00:00 client1.example.com rsyslogd: action 'action-19-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.2302.0 try https://www.rsyslog.com/e/2359 ] So my simple question is, if I instead send a HUP signal to rsyslog, will it rel;oad its updated TLS certificate files? Or, is there another graceful way to do that? The above log lines seem harmless but they trip my monitoring and I would rather not programmatically ignore them as I may end up ignoring a real problem later on. Thanks, Andy _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
