the error messages you are posting say you are running an amazon-modified
version of 8.24
rsyslogd: version 8.24.0-57.amzn2.2.0.2, config validation run (level 1),
master config /etc/rsyslog.conf
RedHat (which amazon linux is a fork of) used 8.24 on redhat 7 (released in June
2014), RedHat (and possibly Amazon) backport some fixes from later versions, but
the encryption changes are far more drastic than the type of thing they normally
backport
RedHat is currently on version 9 (released may 2022) and version 7 is hitting
their official 'extended support' (aka 'you really should be off of it by now')
in a few months.
So updating the ami that you are using from amazon linux 7 to amazon linux 9
will update a LOT of things, not just rsyslog.
If you thought you were running rsyslog 8.2312 (akd 2023 december release) than
the update to that version did not happen as you expected
rsyslog versions were 8.n up until about 8.36 and then moved to the date based
number scheme.
David Lang
On Wed, 3 Jan 2024, Karan Parmar wrote:
Date: Wed, 3 Jan 2024 20:33:06 +0000
From: Karan Parmar <[email protected]>
To: David Lang <[email protected]>,
Karan Parmar via rsyslog <[email protected]>
Cc: Karan Parmar <[email protected]>
Subject: Re: [rsyslog] Syslog configuration issues
Hello David,
Thanks a lot for your response.
On the rsyslog website, I see that this is the latest version:
[cid:[email protected]]
Could you please elaborate what you are talking about?
I would really appreciate it.
Regards,
Karan Parmar
From: David Lang <[email protected]>
Date: Wednesday, January 3, 2024 at 3:27 PM
To: Karan Parmar via rsyslog <[email protected]>
Cc: Karan Parmar <[email protected]>, Karan Parmar
<[email protected]>
Subject: Re: [rsyslog] Syslog configuration issues
[EXTERNAL EMAIL] Think before clicking links, opening attachments or
responding. If perceived suspicious, please use the “Report Phishing” button in
Outlook if available, or email to [email protected]
This looks to me like it's a problem with the library, not with the ca cert
also, rsyslog 8.24 is very old, and there have been a lot of improvements since,
especially related to TLS connections.
based on the package name, I would guess this is an amazon AWS image, and you
should look to update to a more current one to update not only rsyslog, but a
lot of other things on the system.
David Lang
On Wed, 3 Jan 2024, Karan Parmar via rsyslog wrote:
Date: Wed, 3 Jan 2024 15:06:24 -0500
From: Karan Parmar via rsyslog <[email protected]>
To: [email protected]
Cc: Karan Parmar <[email protected]>,
Karan Parmar <[email protected]>
Subject: [rsyslog] Syslog configuration issues
Hello There,
Happy New year!
I am trying to setup rsyslog to receive messages from a client but they keep on
seeing the below error message on there side:
TCPSendInit FAILED with -2078.
I double-checked everything but could not find any specific issue.
This is the message I get when I verify the certificate:
[root@vlawsappianprep certs]# openssl verify -CAfile
DigiCertIntermedCA_rootCA.crt vlawsappianprep_mfsadmin_com.crt
vlawsappianprep_mfsadmin_com.crt: OK
Please see below the version I am using:
root@vlawsappianprep bin]# rsyslogd -v
rsyslogd 8.24.0-57.amzn2.2.0.2
I am attaching the rsyslog configuration to this email and can confirm that the
certificate files are in the place where I have specified in the configuration.
Also, just wanted to show this message I am getting when I verify the syslog
configuration:
[root@vlawsappianprep openssl]# rsyslogd -N 1
rsyslogd: version 8.24.0-57.amzn2.2.0.2, config validation run (level 1),
master config /etc/rsyslog.conf
rsyslogd: error: ca certificate is not set, cannot continue [v8.24.0-57.amzn2.2.0.2 try
https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__http%3A%2F%2Fwww.rsyslog.com%2Fe%2F2329__%3B!!OupbvzaNvV_73aRO0Q!4Zz5ST1_dvEHwTN8LiWUwL5lhIEQXdtWYSpJIR7-WxgvpybKV_7p_mHxbAXkmz9bNjpfh_PXLXfOgw%24&data=05%7C02%7Ckparmar%40mfsadmin.com%7Cc75c8a4465e244d2cd5308dc0c9a65c5%7C6efe6367572d4f03aa491a8d840442fb%7C0%7C0%7C638399104516229817%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=OD8S3fnlx2TYo%2Bv0TKMR8a02f1t7A4EPdfhOMuo0210%3D&reserved=0<https://urldefense.com/v3/__http://www.rsyslog.com/e/2329__;!!OupbvzaNvV_73aRO0Q!4Zz5ST1_dvEHwTN8LiWUwL5lhIEQXdtWYSpJIR7-WxgvpybKV_7p_mHxbAXkmz9bNjpfh_PXLXfOgw$>
]
rsyslogd: could not load module '/usr/lib64/rsyslog/lmnsd_gtls.so', rsyslog error -2329
[v8.24.0-57.amzn2.2.0.2 try
https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__http%3A%2F%2Fwww.rsyslog.com%2Fe%2F2068__%3B!!OupbvzaNvV_73aRO0Q!4Zz5ST1_dvEHwTN8LiWUwL5lhIEQXdtWYSpJIR7-WxgvpybKV_7p_mHxbAXkmz9bNjpfh_OS71F1iA%24&data=05%7C02%7Ckparmar%40mfsadmin.com%7Cc75c8a4465e244d2cd5308dc0c9a65c5%7C6efe6367572d4f03aa491a8d840442fb%7C0%7C0%7C638399104516229817%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=gO1vIxzolJrPFFrshnl6C1CHvQKZrCwDlzw5ktAhubg%3D&reserved=0<https://urldefense.com/v3/__http://www.rsyslog.com/e/2068__;!!OupbvzaNvV_73aRO0Q!4Zz5ST1_dvEHwTN8LiWUwL5lhIEQXdtWYSpJIR7-WxgvpybKV_7p_mHxbAXkmz9bNjpfh_OS71F1iA$>
]
[root@vlawsappianprep openssl]#
I am not sure about the reason I am getting this ca file not found error
because the file is indeed there at the location I specified and other folder
permissions also look ok:


Any sort of guidance will be highly appreciated as I am stuck on this for a
long time now.
Thanks in advance!
Regards,
Karan Parmar
_______________________________________________
rsyslog mailing list
https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Flists.adiscon.net%2Fmailman%2Flistinfo%2Frsyslog__%3B!!OupbvzaNvV_73aRO0Q!4Zz5ST1_dvEHwTN8LiWUwL5lhIEQXdtWYSpJIR7-WxgvpybKV_7p_mHxbAXkmz9bNjpfh_NNI_Z5nQ%24&data=05%7C02%7Ckparmar%40mfsadmin.com%7Cc75c8a4465e244d2cd5308dc0c9a65c5%7C6efe6367572d4f03aa491a8d840442fb%7C0%7C0%7C638399104516229817%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=eCufhUXdXhQ09Jt0XM%2BHlbrrS16aZmliUvOEVaDmEVQ%3D&reserved=0<https://urldefense.com/v3/__https://lists.adiscon.net/mailman/listinfo/rsyslog__;!!OupbvzaNvV_73aRO0Q!4Zz5ST1_dvEHwTN8LiWUwL5lhIEQXdtWYSpJIR7-WxgvpybKV_7p_mHxbAXkmz9bNjpfh_NNI_Z5nQ$>
https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__http%3A%2F%2Fwww.rsyslog.com%2Fprofessional-services%2F__%3B!!OupbvzaNvV_73aRO0Q!4Zz5ST1_dvEHwTN8LiWUwL5lhIEQXdtWYSpJIR7-WxgvpybKV_7p_mHxbAXkmz9bNjpfh_NVr75G-A%24&data=05%7C02%7Ckparmar%40mfsadmin.com%7Cc75c8a4465e244d2cd5308dc0c9a65c5%7C6efe6367572d4f03aa491a8d840442fb%7C0%7C0%7C638399104516229817%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=5uT865jjxDToh%2FHjtVEB8cfPoDToCTM752v9c3PReT4%3D&reserved=0<https://urldefense.com/v3/__http://www.rsyslog.com/professional-services/__;!!OupbvzaNvV_73aRO0Q!4Zz5ST1_dvEHwTN8LiWUwL5lhIEQXdtWYSpJIR7-WxgvpybKV_7p_mHxbAXkmz9bNjpfh_NVr75G-A$>
What's up with rsyslog? Follow
https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Ftwitter.com%2Frgerhards__%3B!!OupbvzaNvV_73aRO0Q!4Zz5ST1_dvEHwTN8LiWUwL5lhIEQXdtWYSpJIR7-WxgvpybKV_7p_mHxbAXkmz9bNjpfh_OqkWVe4w%24&data=05%7C02%7Ckparmar%40mfsadmin.com%7Cc75c8a4465e244d2cd5308dc0c9a65c5%7C6efe6367572d4f03aa491a8d840442fb%7C0%7C0%7C638399104516229817%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=PRTTASvxazpnx%2B%2BJE9aSgCZgMGIOVLVRa%2FowV0m6AbA%3D&reserved=0<https://urldefense.com/v3/__https://twitter.com/rgerhards__;!!OupbvzaNvV_73aRO0Q!4Zz5ST1_dvEHwTN8LiWUwL5lhIEQXdtWYSpJIR7-WxgvpybKV_7p_mHxbAXkmz9bNjpfh_OqkWVe4w$>
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
The information contained in this e-mail message and any attachments hereto is
confidential and may be legally privileged. It is intended solely for the
person to whom it is addressed and review by anyone else is unauthorized. Any
use, disclosure, reproduction, modification or distribution of the contents of
this e-mail, or any part thereof, other than by the intended recipient, is
strictly prohibited. Any unauthorized use or dissemination of this message in
whole or in part is strictly prohibited. If you are not the intended recipient
or have received this message in error, please notify the sender of this e-mail
immediately by either return e-mail and destroy the message and all copies in
your possession.
WARNING: Computer viruses can be transmitted via email. The recipient should
check this email and any attachments for the presence of viruses. The company
accepts no liability for any damage caused by any virus transmitted by this
email.
www.mfsadmin.com
PLEASE NOTE: The MUFG logo and name is a service mark of Mitsubishi UFJ
Financial Group, Inc. (“MUFG”) and may be used by it or other Group companies
for marketing purposes, including MUFG Americas Holdings Corporation affiliates
and subsidiaries. Lending, deposit, securities, investment banking, and other
banking services are provided by banking and/or broker-dealer affiliates of
MUFG, including, The Bank of Tokyo-Mitsubishi UFJ, Ltd. (“BTMU”), MUFG Union
Bank, N.A. (“MUB”), MUFG Securities Americas Inc. (“MUSA”), and MUFG Securities
(Canada), Ltd. (“MUS(CAN)”). MUB is an FDIC-insured bank. MUSA is a member of
FINRA and SIPC. MUS(CAN) is a member of FINRA and IIROC.
This message is intended for the named addressee(s) only. It may contain
confidential, proprietary or legally privileged information. No confidentiality
or privilege is waived or lost by any mis-transmission. If you receive this
message in error, please delete it and all copies from your system, destroy any
hard copies and notify the sender. You must not, directly or indirectly, use,
disclose, distribute, print or copy any part of this message if you are not the
intended recipient. MUFG, its affiliates and subsidiaries reserve the right to
monitor all electronic communications through their respective networks. Any
views expressed in this message are those of the individual sender and do not
constitute investment advice or recommendation, except where the message
expressly states otherwise and the sender is authorized to furnish the same.
MUFG (and its subsidiaries) shall (will) not be liable for the message if
modified.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
