Mailing List Archive

RELP does not work since updated to 8.2202 version
Hello,

Yesterday my servers were updated from 8.2112 to 8.2202 version. Since then, RELP connection between my servers and the syslog concentrator is not working.

I've been looking for any error running syslog but I have found nothing. I can't see neither any traffic on port 20514 (the port I use for relp), not even a TCP SYNC packet.

This is part of my config related with this:

if $syslogseverity <= 'info' then {
call send_json_to_pitufo3x
}

ruleset (name="send_json_to_pitufo3x"
) {
...

action(type="omrelp"
name="forward_json_to_pitufo31"
queue.spoolDirectory="/var/spool/rsyslog"
queue.type="LinkedList"
queue.saveonshutdown="on"
queue.maxdiskspace="200M"
queue.size="200000"
queue.discardmark="160000"
queue.discardseverity="5"
action.resumeRetryCount="-1"
target="pitufo31.um.es"
port="20514"
template="JsonPitufo3xFormat"
queue.filename="logspitufo31_fwd"
)

...
}

Any idea?

Thanks
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: RELP does not work since updated to 8.2202 version [ In reply to ]
can you provide a debug log?

Rainer

El jue, 17 feb 2022 a las 10:58, Ángel L. Mateo Martínez via rsyslog
(<rsyslog@lists.adiscon.com>) escribió:
>
> Hello,
>
> Yesterday my servers were updated from 8.2112 to 8.2202 version. Since then, RELP connection between my servers and the syslog concentrator is not working.
>
> I've been looking for any error running syslog but I have found nothing. I can't see neither any traffic on port 20514 (the port I use for relp), not even a TCP SYNC packet.
>
> This is part of my config related with this:
>
> if $syslogseverity <= 'info' then {
> call send_json_to_pitufo3x
> }
>
> ruleset (name="send_json_to_pitufo3x"
> ) {
> ...
>
> action(type="omrelp"
> name="forward_json_to_pitufo31"
> queue.spoolDirectory="/var/spool/rsyslog"
> queue.type="LinkedList"
> queue.saveonshutdown="on"
> queue.maxdiskspace="200M"
> queue.size="200000"
> queue.discardmark="160000"
> queue.discardseverity="5"
> action.resumeRetryCount="-1"
> target="pitufo31.um.es"
> port="20514"
> template="JsonPitufo3xFormat"
> queue.filename="logspitufo31_fwd"
> )
>
> ...
> }
>
> Any idea?
>
> Thanks
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: RELP does not work since updated to 8.2202 version [ In reply to ]
Yes, sure. Here it is.

I have also try to downgrade one server from 8.2202 to 8.2001.0-1ubuntu1.1 (the version provided with Ubuntu 20.04). After this, relp is working again (without any change in configuration).

________________________________________
De: Rainer Gerhards <rgerhards@hq.adiscon.com>
Enviado: jueves, 17 de febrero de 2022 10:58
Para: rsyslog-users
Cc: ?ngel L. Mateo Mart?nez
Asunto: Re: [rsyslog] RELP does not work since updated to 8.2202 version

can you provide a debug log?

Rainer

El jue, 17 feb 2022 a las 10:58, ?ngel L. Mateo Mart?nez via rsyslog
(<rsyslog@lists.adiscon.com>) escribi?:
>
> Hello,
>
> Yesterday my servers were updated from 8.2112 to 8.2202 version. Since then, RELP connection between my servers and the syslog concentrator is not working.
>
> I've been looking for any error running syslog but I have found nothing. I can't see neither any traffic on port 20514 (the port I use for relp), not even a TCP SYNC packet.
>
> This is part of my config related with this:
>
> if $syslogseverity <= 'info' then {
> call send_json_to_pitufo3x
> }
>
> ruleset (name="send_json_to_pitufo3x"
> ) {
> ...
>
> action(type="omrelp"
> name="forward_json_to_pitufo31"
> queue.spoolDirectory="/var/spool/rsyslog"
> queue.type="LinkedList"
> queue.saveonshutdown="on"
> queue.maxdiskspace="200M"
> queue.size="200000"
> queue.discardmark="160000"
> queue.discardseverity="5"
> action.resumeRetryCount="-1"
> target="pitufo31.um.es"
> port="20514"
> template="JsonPitufo3xFormat"
> queue.filename="logspitufo31_fwd"
> )
>
> ...
> }
>
> Any idea?
>
> Thanks
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: RELP does not work since updated to 8.2202 version [ In reply to ]
This is the culprit:

if $syslogseverity <= 'info' then {

You compare a numerical entity ($syslogseverity) to a string.
Previously there was a bug with some comparison types. I assume that
with the bug, this always evaluated to true, the fixed version
evaluates to false. Please compare against the numerical severity.
This should fix it.

Rainer

El jue, 17 feb 2022 a las 11:13, Ángel L. Mateo Martínez
(<amateo@um.es>) escribió:
>
> Yes, sure. Here it is.
>
> I have also try to downgrade one server from 8.2202 to 8.2001.0-1ubuntu1.1 (the version provided with Ubuntu 20.04). After this, relp is working again (without any change in configuration).
>
> ________________________________________
> De: Rainer Gerhards <rgerhards@hq.adiscon.com>
> Enviado: jueves, 17 de febrero de 2022 10:58
> Para: rsyslog-users
> Cc: Ángel L. Mateo Martínez
> Asunto: Re: [rsyslog] RELP does not work since updated to 8.2202 version
>
> can you provide a debug log?
>
> Rainer
>
> El jue, 17 feb 2022 a las 10:58, Ángel L. Mateo Martínez via rsyslog
> (<rsyslog@lists.adiscon.com>) escribió:
> >
> > Hello,
> >
> > Yesterday my servers were updated from 8.2112 to 8.2202 version. Since then, RELP connection between my servers and the syslog concentrator is not working.
> >
> > I've been looking for any error running syslog but I have found nothing. I can't see neither any traffic on port 20514 (the port I use for relp), not even a TCP SYNC packet.
> >
> > This is part of my config related with this:
> >
> > if $syslogseverity <= 'info' then {
> > call send_json_to_pitufo3x
> > }
> >
> > ruleset (name="send_json_to_pitufo3x"
> > ) {
> > ...
> >
> > action(type="omrelp"
> > name="forward_json_to_pitufo31"
> > queue.spoolDirectory="/var/spool/rsyslog"
> > queue.type="LinkedList"
> > queue.saveonshutdown="on"
> > queue.maxdiskspace="200M"
> > queue.size="200000"
> > queue.discardmark="160000"
> > queue.discardseverity="5"
> > action.resumeRetryCount="-1"
> > target="pitufo31.um.es"
> > port="20514"
> > template="JsonPitufo3xFormat"
> > queue.filename="logspitufo31_fwd"
> > )
> >
> > ...
> > }
> >
> > Any idea?
> >
> > Thanks
> > _______________________________________________
> > rsyslog mailing list
> > https://lists.adiscon.net/mailman/listinfo/rsyslog
> > http://www.rsyslog.com/professional-services/
> > What's up with rsyslog? Follow https://twitter.com/rgerhards
> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: RELP does not work since updated to 8.2202 version [ In reply to ]
Yes, I have changed the condition to the numeric value and it works again. Thank you Rainer.

________________________________________
De: Rainer Gerhards <rgerhards@hq.adiscon.com>
Enviado: jueves, 17 de febrero de 2022 11:22
Para: ?ngel L. Mateo Mart?nez
Cc: rsyslog-users
Asunto: Re: [rsyslog] RELP does not work since updated to 8.2202 version

This is the culprit:

if $syslogseverity <= 'info' then {

You compare a numerical entity ($syslogseverity) to a string.
Previously there was a bug with some comparison types. I assume that
with the bug, this always evaluated to true, the fixed version
evaluates to false. Please compare against the numerical severity.
This should fix it.

Rainer

El jue, 17 feb 2022 a las 11:13, ?ngel L. Mateo Mart?nez
(<amateo@um.es>) escribi?:
>
> Yes, sure. Here it is.
>
> I have also try to downgrade one server from 8.2202 to 8.2001.0-1ubuntu1.1 (the version provided with Ubuntu 20.04). After this, relp is working again (without any change in configuration).
>
> ________________________________________
> De: Rainer Gerhards <rgerhards@hq.adiscon.com>
> Enviado: jueves, 17 de febrero de 2022 10:58
> Para: rsyslog-users
> Cc: ?ngel L. Mateo Mart?nez
> Asunto: Re: [rsyslog] RELP does not work since updated to 8.2202 version
>
> can you provide a debug log?
>
> Rainer
>
> El jue, 17 feb 2022 a las 10:58, ?ngel L. Mateo Mart?nez via rsyslog
> (<rsyslog@lists.adiscon.com>) escribi?:
> >
> > Hello,
> >
> > Yesterday my servers were updated from 8.2112 to 8.2202 version. Since then, RELP connection between my servers and the syslog concentrator is not working.
> >
> > I've been looking for any error running syslog but I have found nothing. I can't see neither any traffic on port 20514 (the port I use for relp), not even a TCP SYNC packet.
> >
> > This is part of my config related with this:
> >
> > if $syslogseverity <= 'info' then {
> > call send_json_to_pitufo3x
> > }
> >
> > ruleset (name="send_json_to_pitufo3x"
> > ) {
> > ...
> >
> > action(type="omrelp"
> > name="forward_json_to_pitufo31"
> > queue.spoolDirectory="/var/spool/rsyslog"
> > queue.type="LinkedList"
> > queue.saveonshutdown="on"
> > queue.maxdiskspace="200M"
> > queue.size="200000"
> > queue.discardmark="160000"
> > queue.discardseverity="5"
> > action.resumeRetryCount="-1"
> > target="pitufo31.um.es"
> > port="20514"
> > template="JsonPitufo3xFormat"
> > queue.filename="logspitufo31_fwd"
> > )
> >
> > ...
> > }
> >
> > Any idea?
> >
> > Thanks
> > _______________________________________________
> > rsyslog mailing list
> > https://lists.adiscon.net/mailman/listinfo/rsyslog
> > http://www.rsyslog.com/professional-services/
> > What's up with rsyslog? Follow https://twitter.com/rgerhards
> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: RELP does not work since updated to 8.2202 version [ In reply to ]
great, thx for letting me know.

Just for others who find this thread. The previous handling was also
invalid, as it always evaluated to true. So this was a config error
which was not detected due to the bug that got corrected in 8.2202.
It's not a regression.

Rainer

El jue, 17 feb 2022 a las 11:40, Ángel L. Mateo Martínez
(<amateo@um.es>) escribió:
>
> Yes, I have changed the condition to the numeric value and it works again. Thank you Rainer.
>
> ________________________________________
> De: Rainer Gerhards <rgerhards@hq.adiscon.com>
> Enviado: jueves, 17 de febrero de 2022 11:22
> Para: Ángel L. Mateo Martínez
> Cc: rsyslog-users
> Asunto: Re: [rsyslog] RELP does not work since updated to 8.2202 version
>
> This is the culprit:
>
> if $syslogseverity <= 'info' then {
>
> You compare a numerical entity ($syslogseverity) to a string.
> Previously there was a bug with some comparison types. I assume that
> with the bug, this always evaluated to true, the fixed version
> evaluates to false. Please compare against the numerical severity.
> This should fix it.
>
> Rainer
>
> El jue, 17 feb 2022 a las 11:13, Ángel L. Mateo Martínez
> (<amateo@um.es>) escribió:
> >
> > Yes, sure. Here it is.
> >
> > I have also try to downgrade one server from 8.2202 to 8.2001.0-1ubuntu1.1 (the version provided with Ubuntu 20.04). After this, relp is working again (without any change in configuration).
> >
> > ________________________________________
> > De: Rainer Gerhards <rgerhards@hq.adiscon.com>
> > Enviado: jueves, 17 de febrero de 2022 10:58
> > Para: rsyslog-users
> > Cc: Ángel L. Mateo Martínez
> > Asunto: Re: [rsyslog] RELP does not work since updated to 8.2202 version
> >
> > can you provide a debug log?
> >
> > Rainer
> >
> > El jue, 17 feb 2022 a las 10:58, Ángel L. Mateo Martínez via rsyslog
> > (<rsyslog@lists.adiscon.com>) escribió:
> > >
> > > Hello,
> > >
> > > Yesterday my servers were updated from 8.2112 to 8.2202 version. Since then, RELP connection between my servers and the syslog concentrator is not working.
> > >
> > > I've been looking for any error running syslog but I have found nothing. I can't see neither any traffic on port 20514 (the port I use for relp), not even a TCP SYNC packet.
> > >
> > > This is part of my config related with this:
> > >
> > > if $syslogseverity <= 'info' then {
> > > call send_json_to_pitufo3x
> > > }
> > >
> > > ruleset (name="send_json_to_pitufo3x"
> > > ) {
> > > ...
> > >
> > > action(type="omrelp"
> > > name="forward_json_to_pitufo31"
> > > queue.spoolDirectory="/var/spool/rsyslog"
> > > queue.type="LinkedList"
> > > queue.saveonshutdown="on"
> > > queue.maxdiskspace="200M"
> > > queue.size="200000"
> > > queue.discardmark="160000"
> > > queue.discardseverity="5"
> > > action.resumeRetryCount="-1"
> > > target="pitufo31.um.es"
> > > port="20514"
> > > template="JsonPitufo3xFormat"
> > > queue.filename="logspitufo31_fwd"
> > > )
> > >
> > > ...
> > > }
> > >
> > > Any idea?
> > >
> > > Thanks
> > > _______________________________________________
> > > rsyslog mailing list
> > > https://lists.adiscon.net/mailman/listinfo/rsyslog
> > > http://www.rsyslog.com/professional-services/
> > > What's up with rsyslog? Follow https://twitter.com/rgerhards
> > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: RELP does not work since updated to 8.2202 version [ In reply to ]
I dug a bit more into it. No matter that the config was incorrect,
some handling also seems to be incorrect, so we seem to have ALSO a
bit of a regression in number-to.-string comparisons.

Rainer

El jue, 17 feb 2022 a las 11:42, Rainer Gerhards
(<rgerhards@hq.adiscon.com>) escribió:
>
> great, thx for letting me know.
>
> Just for others who find this thread. The previous handling was also
> invalid, as it always evaluated to true. So this was a config error
> which was not detected due to the bug that got corrected in 8.2202.
> It's not a regression.
>
> Rainer
>
> El jue, 17 feb 2022 a las 11:40, Ángel L. Mateo Martínez
> (<amateo@um.es>) escribió:
> >
> > Yes, I have changed the condition to the numeric value and it works again. Thank you Rainer.
> >
> > ________________________________________
> > De: Rainer Gerhards <rgerhards@hq.adiscon.com>
> > Enviado: jueves, 17 de febrero de 2022 11:22
> > Para: Ángel L. Mateo Martínez
> > Cc: rsyslog-users
> > Asunto: Re: [rsyslog] RELP does not work since updated to 8.2202 version
> >
> > This is the culprit:
> >
> > if $syslogseverity <= 'info' then {
> >
> > You compare a numerical entity ($syslogseverity) to a string.
> > Previously there was a bug with some comparison types. I assume that
> > with the bug, this always evaluated to true, the fixed version
> > evaluates to false. Please compare against the numerical severity.
> > This should fix it.
> >
> > Rainer
> >
> > El jue, 17 feb 2022 a las 11:13, Ángel L. Mateo Martínez
> > (<amateo@um.es>) escribió:
> > >
> > > Yes, sure. Here it is.
> > >
> > > I have also try to downgrade one server from 8.2202 to 8.2001.0-1ubuntu1.1 (the version provided with Ubuntu 20.04). After this, relp is working again (without any change in configuration).
> > >
> > > ________________________________________
> > > De: Rainer Gerhards <rgerhards@hq.adiscon.com>
> > > Enviado: jueves, 17 de febrero de 2022 10:58
> > > Para: rsyslog-users
> > > Cc: Ángel L. Mateo Martínez
> > > Asunto: Re: [rsyslog] RELP does not work since updated to 8.2202 version
> > >
> > > can you provide a debug log?
> > >
> > > Rainer
> > >
> > > El jue, 17 feb 2022 a las 10:58, Ángel L. Mateo Martínez via rsyslog
> > > (<rsyslog@lists.adiscon.com>) escribió:
> > > >
> > > > Hello,
> > > >
> > > > Yesterday my servers were updated from 8.2112 to 8.2202 version. Since then, RELP connection between my servers and the syslog concentrator is not working.
> > > >
> > > > I've been looking for any error running syslog but I have found nothing. I can't see neither any traffic on port 20514 (the port I use for relp), not even a TCP SYNC packet.
> > > >
> > > > This is part of my config related with this:
> > > >
> > > > if $syslogseverity <= 'info' then {
> > > > call send_json_to_pitufo3x
> > > > }
> > > >
> > > > ruleset (name="send_json_to_pitufo3x"
> > > > ) {
> > > > ...
> > > >
> > > > action(type="omrelp"
> > > > name="forward_json_to_pitufo31"
> > > > queue.spoolDirectory="/var/spool/rsyslog"
> > > > queue.type="LinkedList"
> > > > queue.saveonshutdown="on"
> > > > queue.maxdiskspace="200M"
> > > > queue.size="200000"
> > > > queue.discardmark="160000"
> > > > queue.discardseverity="5"
> > > > action.resumeRetryCount="-1"
> > > > target="pitufo31.um.es"
> > > > port="20514"
> > > > template="JsonPitufo3xFormat"
> > > > queue.filename="logspitufo31_fwd"
> > > > )
> > > >
> > > > ...
> > > > }
> > > >
> > > > Any idea?
> > > >
> > > > Thanks
> > > > _______________________________________________
> > > > rsyslog mailing list
> > > > https://lists.adiscon.net/mailman/listinfo/rsyslog
> > > > http://www.rsyslog.com/professional-services/
> > > > What's up with rsyslog? Follow https://twitter.com/rgerhards
> > > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.