Yes. But what functionality with TLS is or is not working? Input? Output?
*I have a client running rsyslogd , sending syslogs to server. I am using
syslog() to send syslogs.When I run version 8.2108 with TLS , I see the
messages sent from client on wireshark (snapshot attched). But If I enable
debug I do not see anything on Wireshark going out from client side, *
What's your config?
*Attached are the configs from cleint and server.*
What are the symptoms of "not working"? Does your side terminate the TLS
connection with some error? Does the other side terminate it?
*I think the client does not start the connection. *
Does it work again if you downgrade the rsyslog back to 8.2108?
*Yes If I downgrade to 8.2108 , rsyslogd with TLS is working (NO Debug
enabled)*
On Mon, Jun 20, 2022 at 11:06 AM Mariusz Kruk via rsyslog <
rsyslog@lists.adiscon.com> wrote:
> Yes. But what functionality with TLS is or is not working? Input? Output?
>
> What's your config?
>
> What are the symptoms of "not working"? Does your side terminate the TLS
> connection with some error? Does the other side terminate it?
>
> Did you try tcpdumping the TLS connection?
>
> Does it work again if you downgrade the rsyslog back to 8.2108?
>
> On 20.06.2022 16:59, Abhinav Bhatia wrote:
> > Hi Mariusz,
> >
> > Thank you for quick reply,
> >
> > *Version*
> >
> >
> >
> > *No TLS*
> >
> >
> >
> > *TLS with Debug enabled*
> >
> >
> >
> > *TLS with debug disabled*
> >
> > 8.2108.0
> >
> >
> >
> > Working
> >
> >
> >
> > Not Working
> >
> >
> >
> > Working
> >
> > 8.2204.0
> >
> >
> >
> > Working
> >
> >
> >
> > Not Working
> >
> >
> >
> > Not Working
> >
> > Logs I shared with you were of version 8.2108.0 , TLS with Debug enabled.
> >
> >
> > Thank you,
> >
> >
> > On Mon, Jun 20, 2022 at 10:38 AM Mariusz Kruk via rsyslog
> > <rsyslog@lists.adiscon.com> wrote:
> >
> > OK. But _what_ is working or not working? Because quick glance
> > over the
> > the debug file you attached doesn't show anything TLS-related.
> >
> > Or even any other input module other than imuxsock or imklog. So
> > maybe
> > it's that your omfwd action is supposed to be TLS-enabled. But we
> > don't
> > see any streamdriver config in this debug.
> >
> > On 20.06.2022 16:27, Abhinav Bhatia via rsyslog wrote:
> > > Hi ,
> > >
> > > I was using rsyslogd (version 8.2108.0.master) with TLS which
> > was working
> > > fine. Then I upgraded to 8.2204.0.master and syslog with TLS
> stopped
> > > working, over UDP works fine.
> > >
> > > Along with rsyslod I upgraded the curl 7.79.0-DEV to 7.83.1-DEV
> > , and
> > > Nettle from 3.1.1 to 3.7.1.
> > >
> > > To debug the issue I enabled the logs with version 8.2108.0 via
> > > rsyslog.conf. Issue is when I enable logs I do not see any TLS
> > data sent to
> > > the server (attached logs). however if I do not enable debug in
> > conf file
> > > it works fine.
> > >
> > > Below are the lines added for debugging is syslog.conf:
> > >
> > > $DebugFile /var/log/rsyslog.debug
> > > $DebugLevel 2
> > >
> > > Thank you !
> > >
> > > _______________________________________________
> > > rsyslog mailing list
> > > https://lists.adiscon.net/mailman/listinfo/rsyslog
> > > http://www.rsyslog.com/professional-services/
> > > What's up with rsyslog? Follow https://twitter.com/rgerhards
> > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by
> > a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO
> > NOT POST if you DON'T LIKE THAT.
> > _______________________________________________
> > rsyslog mailing list
> > https://lists.adiscon.net/mailman/listinfo/rsyslog
> > http://www.rsyslog.com/professional-services/
> > What's up with rsyslog? Follow https://twitter.com/rgerhards
> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
> > myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT
> > POST if you DON'T LIKE THAT.
> >
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> DON'T LIKE THAT.