Mailing List Archive

Issue with rsyslogd with TLS version 8.2204.0.master
Hi ,

I was using rsyslogd (version 8.2108.0.master) with TLS which was working
fine. Then I upgraded to 8.2204.0.master and syslog with TLS stopped
working, over UDP works fine.

Along with rsyslod I upgraded the curl 7.79.0-DEV to 7.83.1-DEV , and
Nettle from 3.1.1 to 3.7.1.

To debug the issue I enabled the logs with version 8.2108.0 via
rsyslog.conf. Issue is when I enable logs I do not see any TLS data sent to
the server (attached logs). however if I do not enable debug in conf file
it works fine.

Below are the lines added for debugging is syslog.conf:

$DebugFile /var/log/rsyslog.debug
$DebugLevel 2

Thank you !
Re: Issue with rsyslogd with TLS version 8.2204.0.master [ In reply to ]
OK. But _what_ is working or not working? Because quick glance over the
the debug file you attached doesn't show anything TLS-related.

Or even any other input module other than imuxsock or imklog. So maybe
it's that your omfwd action is supposed to be TLS-enabled. But we don't
see any streamdriver config in this debug.

On 20.06.2022 16:27, Abhinav Bhatia via rsyslog wrote:
> Hi ,
>
> I was using rsyslogd (version 8.2108.0.master) with TLS which was working
> fine. Then I upgraded to 8.2204.0.master and syslog with TLS stopped
> working, over UDP works fine.
>
> Along with rsyslod I upgraded the curl 7.79.0-DEV to 7.83.1-DEV , and
> Nettle from 3.1.1 to 3.7.1.
>
> To debug the issue I enabled the logs with version 8.2108.0 via
> rsyslog.conf. Issue is when I enable logs I do not see any TLS data sent to
> the server (attached logs). however if I do not enable debug in conf file
> it works fine.
>
> Below are the lines added for debugging is syslog.conf:
>
> $DebugFile /var/log/rsyslog.debug
> $DebugLevel 2
>
> Thank you !
>
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: Issue with rsyslogd with TLS version 8.2204.0.master [ In reply to ]
Hi Mariusz,

Thank you for quick reply,

*Version*

*No TLS*

*TLS with Debug enabled*

*TLS with debug disabled*

8.2108.0

Working

Not Working

Working

8.2204.0

Working

Not Working

Not Working



Logs I shared with you were of version 8.2108.0 , TLS with Debug enabled.


Thank you,

On Mon, Jun 20, 2022 at 10:38 AM Mariusz Kruk via rsyslog <
rsyslog@lists.adiscon.com> wrote:

> OK. But _what_ is working or not working? Because quick glance over the
> the debug file you attached doesn't show anything TLS-related.
>
> Or even any other input module other than imuxsock or imklog. So maybe
> it's that your omfwd action is supposed to be TLS-enabled. But we don't
> see any streamdriver config in this debug.
>
> On 20.06.2022 16:27, Abhinav Bhatia via rsyslog wrote:
> > Hi ,
> >
> > I was using rsyslogd (version 8.2108.0.master) with TLS which was working
> > fine. Then I upgraded to 8.2204.0.master and syslog with TLS stopped
> > working, over UDP works fine.
> >
> > Along with rsyslod I upgraded the curl 7.79.0-DEV to 7.83.1-DEV , and
> > Nettle from 3.1.1 to 3.7.1.
> >
> > To debug the issue I enabled the logs with version 8.2108.0 via
> > rsyslog.conf. Issue is when I enable logs I do not see any TLS data sent
> to
> > the server (attached logs). however if I do not enable debug in conf file
> > it works fine.
> >
> > Below are the lines added for debugging is syslog.conf:
> >
> > $DebugFile /var/log/rsyslog.debug
> > $DebugLevel 2
> >
> > Thank you !
> >
> > _______________________________________________
> > rsyslog mailing list
> > https://lists.adiscon.net/mailman/listinfo/rsyslog
> > http://www.rsyslog.com/professional-services/
> > What's up with rsyslog? Follow https://twitter.com/rgerhards
> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> DON'T LIKE THAT.
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> DON'T LIKE THAT.
>
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: Issue with rsyslogd with TLS version 8.2204.0.master [ In reply to ]
Yes. But what functionality with TLS is or is not working? Input? Output?

What's your config?

What are the symptoms of "not working"? Does your side terminate the TLS
connection with some error? Does the other side terminate it?

Did you try tcpdumping the TLS connection?

Does it work again if you downgrade the rsyslog back to 8.2108?

On 20.06.2022 16:59, Abhinav Bhatia wrote:
> Hi Mariusz,
>
> Thank you for quick reply,
>
> *Version*
>
>
>
> *No TLS*
>
>
>
> *TLS with Debug enabled*
>
>
>
> *TLS with debug disabled*
>
> 8.2108.0
>
>
>
> Working
>
>
>
> Not Working
>
>
>
> Working
>
> 8.2204.0
>
>
>
> Working
>
>
>
> Not Working
>
>
>
> Not Working
>
> Logs I shared with you were of version 8.2108.0 , TLS with Debug enabled.
>
>
> Thank you,
>
>
> On Mon, Jun 20, 2022 at 10:38 AM Mariusz Kruk via rsyslog
> <rsyslog@lists.adiscon.com> wrote:
>
> OK. But _what_ is working or not working? Because quick glance
> over the
> the debug file you attached doesn't show anything TLS-related.
>
> Or even any other input module other than imuxsock or imklog. So
> maybe
> it's that your omfwd action is supposed to be TLS-enabled. But we
> don't
> see any streamdriver config in this debug.
>
> On 20.06.2022 16:27, Abhinav Bhatia via rsyslog wrote:
> > Hi ,
> >
> > I was using rsyslogd (version 8.2108.0.master) with TLS which
> was working
> > fine. Then I upgraded to 8.2204.0.master and syslog with TLS stopped
> > working, over UDP works fine.
> >
> > Along with rsyslod I upgraded the curl 7.79.0-DEV to 7.83.1-DEV
> , and
> > Nettle from 3.1.1 to 3.7.1.
> >
> > To debug the issue I enabled the logs  with version 8.2108.0 via
> > rsyslog.conf. Issue is when I enable logs I do not see any TLS
> data sent to
> > the server (attached logs). however if I do not enable debug in
> conf file
> > it works fine.
> >
> > Below are the lines added for debugging is syslog.conf:
> >
> > $DebugFile /var/log/rsyslog.debug
> > $DebugLevel 2
> >
> > Thank you !
> >
> > _______________________________________________
> > rsyslog mailing list
> > https://lists.adiscon.net/mailman/listinfo/rsyslog
> > http://www.rsyslog.com/professional-services/
> > What's up with rsyslog? Follow https://twitter.com/rgerhards
> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by
> a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO
> NOT POST if you DON'T LIKE THAT.
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
> myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT
> POST if you DON'T LIKE THAT.
>
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: Issue with rsyslogd with TLS version 8.2204.0.master [ In reply to ]
Yes. But what functionality with TLS is or is not working? Input? Output?


*I have a client running rsyslogd , sending syslogs to server. I am using
syslog() to send syslogs.When I run version 8.2108 with TLS , I see the
messages sent from client on wireshark (snapshot attched). But If I enable
debug I do not see anything on Wireshark going out from client side, *

What's your config?
*Attached are the configs from cleint and server.*

What are the symptoms of "not working"? Does your side terminate the TLS
connection with some error? Does the other side terminate it?
*I think the client does not start the connection. *

Does it work again if you downgrade the rsyslog back to 8.2108?
*Yes If I downgrade to 8.2108 , rsyslogd with TLS is working (NO Debug
enabled)*

On Mon, Jun 20, 2022 at 11:06 AM Mariusz Kruk via rsyslog <
rsyslog@lists.adiscon.com> wrote:

> Yes. But what functionality with TLS is or is not working? Input? Output?
>
> What's your config?
>
> What are the symptoms of "not working"? Does your side terminate the TLS
> connection with some error? Does the other side terminate it?
>
> Did you try tcpdumping the TLS connection?
>
> Does it work again if you downgrade the rsyslog back to 8.2108?
>
> On 20.06.2022 16:59, Abhinav Bhatia wrote:
> > Hi Mariusz,
> >
> > Thank you for quick reply,
> >
> > *Version*
> >
> >
> >
> > *No TLS*
> >
> >
> >
> > *TLS with Debug enabled*
> >
> >
> >
> > *TLS with debug disabled*
> >
> > 8.2108.0
> >
> >
> >
> > Working
> >
> >
> >
> > Not Working
> >
> >
> >
> > Working
> >
> > 8.2204.0
> >
> >
> >
> > Working
> >
> >
> >
> > Not Working
> >
> >
> >
> > Not Working
> >
> > Logs I shared with you were of version 8.2108.0 , TLS with Debug enabled.
> >
> >
> > Thank you,
> >
> >
> > On Mon, Jun 20, 2022 at 10:38 AM Mariusz Kruk via rsyslog
> > <rsyslog@lists.adiscon.com> wrote:
> >
> > OK. But _what_ is working or not working? Because quick glance
> > over the
> > the debug file you attached doesn't show anything TLS-related.
> >
> > Or even any other input module other than imuxsock or imklog. So
> > maybe
> > it's that your omfwd action is supposed to be TLS-enabled. But we
> > don't
> > see any streamdriver config in this debug.
> >
> > On 20.06.2022 16:27, Abhinav Bhatia via rsyslog wrote:
> > > Hi ,
> > >
> > > I was using rsyslogd (version 8.2108.0.master) with TLS which
> > was working
> > > fine. Then I upgraded to 8.2204.0.master and syslog with TLS
> stopped
> > > working, over UDP works fine.
> > >
> > > Along with rsyslod I upgraded the curl 7.79.0-DEV to 7.83.1-DEV
> > , and
> > > Nettle from 3.1.1 to 3.7.1.
> > >
> > > To debug the issue I enabled the logs with version 8.2108.0 via
> > > rsyslog.conf. Issue is when I enable logs I do not see any TLS
> > data sent to
> > > the server (attached logs). however if I do not enable debug in
> > conf file
> > > it works fine.
> > >
> > > Below are the lines added for debugging is syslog.conf:
> > >
> > > $DebugFile /var/log/rsyslog.debug
> > > $DebugLevel 2
> > >
> > > Thank you !
> > >
> > > _______________________________________________
> > > rsyslog mailing list
> > > https://lists.adiscon.net/mailman/listinfo/rsyslog
> > > http://www.rsyslog.com/professional-services/
> > > What's up with rsyslog? Follow https://twitter.com/rgerhards
> > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by
> > a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO
> > NOT POST if you DON'T LIKE THAT.
> > _______________________________________________
> > rsyslog mailing list
> > https://lists.adiscon.net/mailman/listinfo/rsyslog
> > http://www.rsyslog.com/professional-services/
> > What's up with rsyslog? Follow https://twitter.com/rgerhards
> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
> > myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT
> > POST if you DON'T LIKE THAT.
> >
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> DON'T LIKE THAT.
Re: Issue with rsyslogd with TLS version 8.2204.0.master [ In reply to ]
OK. Now we're getting somewhere ;-)

So you're trying to do TLS-enabled forwarding between "client" rsyslogd
and "server" rsyslogd.

Unfortunately, you didn't post the whole config from the client - the
config relies on some included files which are not attached.

You can get the resulting config as rsyslog sees it by calling

rsyslogd -N1 -o /tmp/rsyslogd_effective.conf

It seems you forgot the wireshark snapshot as well.

On 20.06.2022 17:34, Abhinav Bhatia via rsyslog wrote:
> Yes. But what functionality with TLS is or is not working? Input? Output?
>
>
> *I have a client running rsyslogd , sending syslogs to server. I am using
> syslog() to send syslogs.When I run version 8.2108 with TLS , I see the
> messages sent from client on wireshark (snapshot attched). But If I enable
> debug I do not see anything on Wireshark going out from client side, *
>
> What's your config?
> *Attached are the configs from cleint and server.*
>
> What are the symptoms of "not working"? Does your side terminate the TLS
> connection with some error? Does the other side terminate it?
> *I think the client does not start the connection. *
>
> Does it work again if you downgrade the rsyslog back to 8.2108?
> *Yes If I downgrade to 8.2108 , rsyslogd with TLS is working (NO Debug
> enabled)*
>
> On Mon, Jun 20, 2022 at 11:06 AM Mariusz Kruk via rsyslog <
> rsyslog@lists.adiscon.com> wrote:
>
>> Yes. But what functionality with TLS is or is not working? Input? Output?
>>
>> What's your config?
>>
>> What are the symptoms of "not working"? Does your side terminate the TLS
>> connection with some error? Does the other side terminate it?
>>
>> Did you try tcpdumping the TLS connection?
>>
>> Does it work again if you downgrade the rsyslog back to 8.2108?
>>
>> On 20.06.2022 16:59, Abhinav Bhatia wrote:
>>> Hi Mariusz,
>>>
>>> Thank you for quick reply,
>>>
>>> *Version*
>>>
>>>
>>>
>>> *No TLS*
>>>
>>>
>>>
>>> *TLS with Debug enabled*
>>>
>>>
>>>
>>> *TLS with debug disabled*
>>>
>>> 8.2108.0
>>>
>>>
>>>
>>> Working
>>>
>>>
>>>
>>> Not Working
>>>
>>>
>>>
>>> Working
>>>
>>> 8.2204.0
>>>
>>>
>>>
>>> Working
>>>
>>>
>>>
>>> Not Working
>>>
>>>
>>>
>>> Not Working
>>>
>>> Logs I shared with you were of version 8.2108.0 , TLS with Debug enabled.
>>>
>>>
>>> Thank you,
>>>
>>>
>>> On Mon, Jun 20, 2022 at 10:38 AM Mariusz Kruk via rsyslog
>>> <rsyslog@lists.adiscon.com> wrote:
>>>
>>> OK. But _what_ is working or not working? Because quick glance
>>> over the
>>> the debug file you attached doesn't show anything TLS-related.
>>>
>>> Or even any other input module other than imuxsock or imklog. So
>>> maybe
>>> it's that your omfwd action is supposed to be TLS-enabled. But we
>>> don't
>>> see any streamdriver config in this debug.
>>>
>>> On 20.06.2022 16:27, Abhinav Bhatia via rsyslog wrote:
>>> > Hi ,
>>> >
>>> > I was using rsyslogd (version 8.2108.0.master) with TLS which
>>> was working
>>> > fine. Then I upgraded to 8.2204.0.master and syslog with TLS
>> stopped
>>> > working, over UDP works fine.
>>> >
>>> > Along with rsyslod I upgraded the curl 7.79.0-DEV to 7.83.1-DEV
>>> , and
>>> > Nettle from 3.1.1 to 3.7.1.
>>> >
>>> > To debug the issue I enabled the logs with version 8.2108.0 via
>>> > rsyslog.conf. Issue is when I enable logs I do not see any TLS
>>> data sent to
>>> > the server (attached logs). however if I do not enable debug in
>>> conf file
>>> > it works fine.
>>> >
>>> > Below are the lines added for debugging is syslog.conf:
>>> >
>>> > $DebugFile /var/log/rsyslog.debug
>>> > $DebugLevel 2
>>> >
>>> > Thank you !
>>> >
>>> > _______________________________________________
>>> > rsyslog mailing list
>>> > https://lists.adiscon.net/mailman/listinfo/rsyslog
>>> > http://www.rsyslog.com/professional-services/
>>> > What's up with rsyslog? Follow https://twitter.com/rgerhards
>>> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by
>>> a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO
>>> NOT POST if you DON'T LIKE THAT.
>>> _______________________________________________
>>> rsyslog mailing list
>>> https://lists.adiscon.net/mailman/listinfo/rsyslog
>>> http://www.rsyslog.com/professional-services/
>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
>>> myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT
>>> POST if you DON'T LIKE THAT.
>>>
>> _______________________________________________
>> rsyslog mailing list
>> https://lists.adiscon.net/mailman/listinfo/rsyslog
>> http://www.rsyslog.com/professional-services/
>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
>> DON'T LIKE THAT.
>>
>> _______________________________________________
>> rsyslog mailing list
>> https://lists.adiscon.net/mailman/listinfo/rsyslog
>> http://www.rsyslog.com/professional-services/
>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: Issue with rsyslogd with TLS version 8.2204.0.master [ In reply to ]
Sorry, below are the attached files, effective config from client side and
wireshark of the working scenario.

On Mon, Jun 20, 2022 at 11:41 AM Mariusz Kruk via rsyslog <
rsyslog@lists.adiscon.com> wrote:

> OK. Now we're getting somewhere ;-)
>
> So you're trying to do TLS-enabled forwarding between "client" rsyslogd
> and "server" rsyslogd.
>
> Unfortunately, you didn't post the whole config from the client - the
> config relies on some included files which are not attached.
>
> You can get the resulting config as rsyslog sees it by calling
>
> rsyslogd -N1 -o /tmp/rsyslogd_effective.conf
>
> It seems you forgot the wireshark snapshot as well.
>
> On 20.06.2022 17:34, Abhinav Bhatia via rsyslog wrote:
> > Yes. But what functionality with TLS is or is not working? Input? Output?
> >
> >
> > *I have a client running rsyslogd , sending syslogs to server. I am using
> > syslog() to send syslogs.When I run version 8.2108 with TLS , I see the
> > messages sent from client on wireshark (snapshot attched). But If I
> enable
> > debug I do not see anything on Wireshark going out from client side, *
> >
> > What's your config?
> > *Attached are the configs from cleint and server.*
> >
> > What are the symptoms of "not working"? Does your side terminate the TLS
> > connection with some error? Does the other side terminate it?
> > *I think the client does not start the connection. *
> >
> > Does it work again if you downgrade the rsyslog back to 8.2108?
> > *Yes If I downgrade to 8.2108 , rsyslogd with TLS is working (NO Debug
> > enabled)*
> >
> > On Mon, Jun 20, 2022 at 11:06 AM Mariusz Kruk via rsyslog <
> > rsyslog@lists.adiscon.com> wrote:
> >
> >> Yes. But what functionality with TLS is or is not working? Input?
> Output?
> >>
> >> What's your config?
> >>
> >> What are the symptoms of "not working"? Does your side terminate the TLS
> >> connection with some error? Does the other side terminate it?
> >>
> >> Did you try tcpdumping the TLS connection?
> >>
> >> Does it work again if you downgrade the rsyslog back to 8.2108?
> >>
> >> On 20.06.2022 16:59, Abhinav Bhatia wrote:
> >>> Hi Mariusz,
> >>>
> >>> Thank you for quick reply,
> >>>
> >>> *Version*
> >>>
> >>>
> >>>
> >>> *No TLS*
> >>>
> >>>
> >>>
> >>> *TLS with Debug enabled*
> >>>
> >>>
> >>>
> >>> *TLS with debug disabled*
> >>>
> >>> 8.2108.0
> >>>
> >>>
> >>>
> >>> Working
> >>>
> >>>
> >>>
> >>> Not Working
> >>>
> >>>
> >>>
> >>> Working
> >>>
> >>> 8.2204.0
> >>>
> >>>
> >>>
> >>> Working
> >>>
> >>>
> >>>
> >>> Not Working
> >>>
> >>>
> >>>
> >>> Not Working
> >>>
> >>> Logs I shared with you were of version 8.2108.0 , TLS with Debug
> enabled.
> >>>
> >>>
> >>> Thank you,
> >>>
> >>>
> >>> On Mon, Jun 20, 2022 at 10:38 AM Mariusz Kruk via rsyslog
> >>> <rsyslog@lists.adiscon.com> wrote:
> >>>
> >>> OK. But _what_ is working or not working? Because quick glance
> >>> over the
> >>> the debug file you attached doesn't show anything TLS-related.
> >>>
> >>> Or even any other input module other than imuxsock or imklog. So
> >>> maybe
> >>> it's that your omfwd action is supposed to be TLS-enabled. But we
> >>> don't
> >>> see any streamdriver config in this debug.
> >>>
> >>> On 20.06.2022 16:27, Abhinav Bhatia via rsyslog wrote:
> >>> > Hi ,
> >>> >
> >>> > I was using rsyslogd (version 8.2108.0.master) with TLS which
> >>> was working
> >>> > fine. Then I upgraded to 8.2204.0.master and syslog with TLS
> >> stopped
> >>> > working, over UDP works fine.
> >>> >
> >>> > Along with rsyslod I upgraded the curl 7.79.0-DEV to 7.83.1-DEV
> >>> , and
> >>> > Nettle from 3.1.1 to 3.7.1.
> >>> >
> >>> > To debug the issue I enabled the logs with version 8.2108.0 via
> >>> > rsyslog.conf. Issue is when I enable logs I do not see any TLS
> >>> data sent to
> >>> > the server (attached logs). however if I do not enable debug in
> >>> conf file
> >>> > it works fine.
> >>> >
> >>> > Below are the lines added for debugging is syslog.conf:
> >>> >
> >>> > $DebugFile /var/log/rsyslog.debug
> >>> > $DebugLevel 2
> >>> >
> >>> > Thank you !
> >>> >
> >>> > _______________________________________________
> >>> > rsyslog mailing list
> >>> > https://lists.adiscon.net/mailman/listinfo/rsyslog
> >>> > http://www.rsyslog.com/professional-services/
> >>> > What's up with rsyslog? Follow https://twitter.com/rgerhards
> >>> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by
> >>> a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO
> >>> NOT POST if you DON'T LIKE THAT.
> >>> _______________________________________________
> >>> rsyslog mailing list
> >>> https://lists.adiscon.net/mailman/listinfo/rsyslog
> >>> http://www.rsyslog.com/professional-services/
> >>> What's up with rsyslog? Follow https://twitter.com/rgerhards
> >>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
> >>> myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT
> >>> POST if you DON'T LIKE THAT.
> >>>
> >> _______________________________________________
> >> rsyslog mailing list
> >> https://lists.adiscon.net/mailman/listinfo/rsyslog
> >> http://www.rsyslog.com/professional-services/
> >> What's up with rsyslog? Follow https://twitter.com/rgerhards
> >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
> >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> >> DON'T LIKE THAT.
> >>
> >> _______________________________________________
> >> rsyslog mailing list
> >> https://lists.adiscon.net/mailman/listinfo/rsyslog
> >> http://www.rsyslog.com/professional-services/
> >> What's up with rsyslog? Follow https://twitter.com/rgerhards
> >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
> myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if
> you DON'T LIKE THAT.
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> DON'T LIKE THAT.
>
Re: Issue with rsyslogd with TLS version 8.2204.0.master [ In reply to ]
This time you included debug log from rsyslogd creating the merged
config, not the actual config itself.

Anyway, the PCAP is interesting.

Because it shows two separate TLS-based connections which are
negotiated, then there is some data pushed through the encrypted channel
but the connections are not finished.

I assume these are not the first connections because the pre-shared key
has already been established and the sessions are now established in a
"quick way" (without verifying certs again).

So it does seem as if the TLS connection as such was being established
indeed.

On 20.06.2022 18:08, Abhinav Bhatia via rsyslog wrote:
> Sorry, below are the attached files, effective config from client side and
> wireshark of the working scenario.
>
> On Mon, Jun 20, 2022 at 11:41 AM Mariusz Kruk via rsyslog <
> rsyslog@lists.adiscon.com> wrote:
>
>> OK. Now we're getting somewhere ;-)
>>
>> So you're trying to do TLS-enabled forwarding between "client" rsyslogd
>> and "server" rsyslogd.
>>
>> Unfortunately, you didn't post the whole config from the client - the
>> config relies on some included files which are not attached.
>>
>> You can get the resulting config as rsyslog sees it by calling
>>
>> rsyslogd -N1 -o /tmp/rsyslogd_effective.conf
>>
>> It seems you forgot the wireshark snapshot as well.
>>
>> On 20.06.2022 17:34, Abhinav Bhatia via rsyslog wrote:
>>> Yes. But what functionality with TLS is or is not working? Input? Output?
>>>
>>>
>>> *I have a client running rsyslogd , sending syslogs to server. I am using
>>> syslog() to send syslogs.When I run version 8.2108 with TLS , I see the
>>> messages sent from client on wireshark (snapshot attched). But If I
>> enable
>>> debug I do not see anything on Wireshark going out from client side, *
>>>
>>> What's your config?
>>> *Attached are the configs from cleint and server.*
>>>
>>> What are the symptoms of "not working"? Does your side terminate the TLS
>>> connection with some error? Does the other side terminate it?
>>> *I think the client does not start the connection. *
>>>
>>> Does it work again if you downgrade the rsyslog back to 8.2108?
>>> *Yes If I downgrade to 8.2108 , rsyslogd with TLS is working (NO Debug
>>> enabled)*
>>>
>>> On Mon, Jun 20, 2022 at 11:06 AM Mariusz Kruk via rsyslog <
>>> rsyslog@lists.adiscon.com> wrote:
>>>
>>>> Yes. But what functionality with TLS is or is not working? Input?
>> Output?
>>>> What's your config?
>>>>
>>>> What are the symptoms of "not working"? Does your side terminate the TLS
>>>> connection with some error? Does the other side terminate it?
>>>>
>>>> Did you try tcpdumping the TLS connection?
>>>>
>>>> Does it work again if you downgrade the rsyslog back to 8.2108?
>>>>
>>>> On 20.06.2022 16:59, Abhinav Bhatia wrote:
>>>>> Hi Mariusz,
>>>>>
>>>>> Thank you for quick reply,
>>>>>
>>>>> *Version*
>>>>>
>>>>>
>>>>>
>>>>> *No TLS*
>>>>>
>>>>>
>>>>>
>>>>> *TLS with Debug enabled*
>>>>>
>>>>>
>>>>>
>>>>> *TLS with debug disabled*
>>>>>
>>>>> 8.2108.0
>>>>>
>>>>>
>>>>>
>>>>> Working
>>>>>
>>>>>
>>>>>
>>>>> Not Working
>>>>>
>>>>>
>>>>>
>>>>> Working
>>>>>
>>>>> 8.2204.0
>>>>>
>>>>>
>>>>>
>>>>> Working
>>>>>
>>>>>
>>>>>
>>>>> Not Working
>>>>>
>>>>>
>>>>>
>>>>> Not Working
>>>>>
>>>>> Logs I shared with you were of version 8.2108.0 , TLS with Debug
>> enabled.
>>>>>
>>>>> Thank you,
>>>>>
>>>>>
>>>>> On Mon, Jun 20, 2022 at 10:38 AM Mariusz Kruk via rsyslog
>>>>> <rsyslog@lists.adiscon.com> wrote:
>>>>>
>>>>> OK. But _what_ is working or not working? Because quick glance
>>>>> over the
>>>>> the debug file you attached doesn't show anything TLS-related.
>>>>>
>>>>> Or even any other input module other than imuxsock or imklog. So
>>>>> maybe
>>>>> it's that your omfwd action is supposed to be TLS-enabled. But we
>>>>> don't
>>>>> see any streamdriver config in this debug.
>>>>>
>>>>> On 20.06.2022 16:27, Abhinav Bhatia via rsyslog wrote:
>>>>> > Hi ,
>>>>> >
>>>>> > I was using rsyslogd (version 8.2108.0.master) with TLS which
>>>>> was working
>>>>> > fine. Then I upgraded to 8.2204.0.master and syslog with TLS
>>>> stopped
>>>>> > working, over UDP works fine.
>>>>> >
>>>>> > Along with rsyslod I upgraded the curl 7.79.0-DEV to 7.83.1-DEV
>>>>> , and
>>>>> > Nettle from 3.1.1 to 3.7.1.
>>>>> >
>>>>> > To debug the issue I enabled the logs with version 8.2108.0 via
>>>>> > rsyslog.conf. Issue is when I enable logs I do not see any TLS
>>>>> data sent to
>>>>> > the server (attached logs). however if I do not enable debug in
>>>>> conf file
>>>>> > it works fine.
>>>>> >
>>>>> > Below are the lines added for debugging is syslog.conf:
>>>>> >
>>>>> > $DebugFile /var/log/rsyslog.debug
>>>>> > $DebugLevel 2
>>>>> >
>>>>> > Thank you !
>>>>> >
>>>>> > _______________________________________________
>>>>> > rsyslog mailing list
>>>>> > https://lists.adiscon.net/mailman/listinfo/rsyslog
>>>>> > http://www.rsyslog.com/professional-services/
>>>>> > What's up with rsyslog? Follow https://twitter.com/rgerhards
>>>>> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by
>>>>> a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO
>>>>> NOT POST if you DON'T LIKE THAT.
>>>>> _______________________________________________
>>>>> rsyslog mailing list
>>>>> https://lists.adiscon.net/mailman/listinfo/rsyslog
>>>>> http://www.rsyslog.com/professional-services/
>>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>>>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
>>>>> myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT
>>>>> POST if you DON'T LIKE THAT.
>>>>>
>>>> _______________________________________________
>>>> rsyslog mailing list
>>>> https://lists.adiscon.net/mailman/listinfo/rsyslog
>>>> http://www.rsyslog.com/professional-services/
>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
>>>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
>>>> DON'T LIKE THAT.
>>>>
>>>> _______________________________________________
>>>> rsyslog mailing list
>>>> https://lists.adiscon.net/mailman/listinfo/rsyslog
>>>> http://www.rsyslog.com/professional-services/
>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
>> myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if
>> you DON'T LIKE THAT.
>> _______________________________________________
>> rsyslog mailing list
>> https://lists.adiscon.net/mailman/listinfo/rsyslog
>> http://www.rsyslog.com/professional-services/
>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
>> DON'T LIKE THAT.
>>
>>
>> _______________________________________________
>> rsyslog mailing list
>> https://lists.adiscon.net/mailman/listinfo/rsyslog
>> http://www.rsyslog.com/professional-services/
>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: Issue with rsyslogd with TLS version 8.2204.0.master [ In reply to ]
Yes, the TLS session gets established but , if we add the debug to the
config , shared earlier, it does not even start the TCP handshake .

On Mon, Jun 20, 2022 at 1:22 PM Mariusz Kruk via rsyslog <
rsyslog@lists.adiscon.com> wrote:

> This time you included debug log from rsyslogd creating the merged
> config, not the actual config itself.
>
> Anyway, the PCAP is interesting.
>
> Because it shows two separate TLS-based connections which are
> negotiated, then there is some data pushed through the encrypted channel
> but the connections are not finished.
>
> I assume these are not the first connections because the pre-shared key
> has already been established and the sessions are now established in a
> "quick way" (without verifying certs again).
>
> So it does seem as if the TLS connection as such was being established
> indeed.
>
> On 20.06.2022 18:08, Abhinav Bhatia via rsyslog wrote:
> > Sorry, below are the attached files, effective config from client side
> and
> > wireshark of the working scenario.
> >
> > On Mon, Jun 20, 2022 at 11:41 AM Mariusz Kruk via rsyslog <
> > rsyslog@lists.adiscon.com> wrote:
> >
> >> OK. Now we're getting somewhere ;-)
> >>
> >> So you're trying to do TLS-enabled forwarding between "client" rsyslogd
> >> and "server" rsyslogd.
> >>
> >> Unfortunately, you didn't post the whole config from the client - the
> >> config relies on some included files which are not attached.
> >>
> >> You can get the resulting config as rsyslog sees it by calling
> >>
> >> rsyslogd -N1 -o /tmp/rsyslogd_effective.conf
> >>
> >> It seems you forgot the wireshark snapshot as well.
> >>
> >> On 20.06.2022 17:34, Abhinav Bhatia via rsyslog wrote:
> >>> Yes. But what functionality with TLS is or is not working? Input?
> Output?
> >>>
> >>>
> >>> *I have a client running rsyslogd , sending syslogs to server. I am
> using
> >>> syslog() to send syslogs.When I run version 8.2108 with TLS , I see the
> >>> messages sent from client on wireshark (snapshot attched). But If I
> >> enable
> >>> debug I do not see anything on Wireshark going out from client side, *
> >>>
> >>> What's your config?
> >>> *Attached are the configs from cleint and server.*
> >>>
> >>> What are the symptoms of "not working"? Does your side terminate the
> TLS
> >>> connection with some error? Does the other side terminate it?
> >>> *I think the client does not start the connection. *
> >>>
> >>> Does it work again if you downgrade the rsyslog back to 8.2108?
> >>> *Yes If I downgrade to 8.2108 , rsyslogd with TLS is working (NO Debug
> >>> enabled)*
> >>>
> >>> On Mon, Jun 20, 2022 at 11:06 AM Mariusz Kruk via rsyslog <
> >>> rsyslog@lists.adiscon.com> wrote:
> >>>
> >>>> Yes. But what functionality with TLS is or is not working? Input?
> >> Output?
> >>>> What's your config?
> >>>>
> >>>> What are the symptoms of "not working"? Does your side terminate the
> TLS
> >>>> connection with some error? Does the other side terminate it?
> >>>>
> >>>> Did you try tcpdumping the TLS connection?
> >>>>
> >>>> Does it work again if you downgrade the rsyslog back to 8.2108?
> >>>>
> >>>> On 20.06.2022 16:59, Abhinav Bhatia wrote:
> >>>>> Hi Mariusz,
> >>>>>
> >>>>> Thank you for quick reply,
> >>>>>
> >>>>> *Version*
> >>>>>
> >>>>>
> >>>>>
> >>>>> *No TLS*
> >>>>>
> >>>>>
> >>>>>
> >>>>> *TLS with Debug enabled*
> >>>>>
> >>>>>
> >>>>>
> >>>>> *TLS with debug disabled*
> >>>>>
> >>>>> 8.2108.0
> >>>>>
> >>>>>
> >>>>>
> >>>>> Working
> >>>>>
> >>>>>
> >>>>>
> >>>>> Not Working
> >>>>>
> >>>>>
> >>>>>
> >>>>> Working
> >>>>>
> >>>>> 8.2204.0
> >>>>>
> >>>>>
> >>>>>
> >>>>> Working
> >>>>>
> >>>>>
> >>>>>
> >>>>> Not Working
> >>>>>
> >>>>>
> >>>>>
> >>>>> Not Working
> >>>>>
> >>>>> Logs I shared with you were of version 8.2108.0 , TLS with Debug
> >> enabled.
> >>>>>
> >>>>> Thank you,
> >>>>>
> >>>>>
> >>>>> On Mon, Jun 20, 2022 at 10:38 AM Mariusz Kruk via rsyslog
> >>>>> <rsyslog@lists.adiscon.com> wrote:
> >>>>>
> >>>>> OK. But _what_ is working or not working? Because quick glance
> >>>>> over the
> >>>>> the debug file you attached doesn't show anything TLS-related.
> >>>>>
> >>>>> Or even any other input module other than imuxsock or imklog.
> So
> >>>>> maybe
> >>>>> it's that your omfwd action is supposed to be TLS-enabled. But
> we
> >>>>> don't
> >>>>> see any streamdriver config in this debug.
> >>>>>
> >>>>> On 20.06.2022 16:27, Abhinav Bhatia via rsyslog wrote:
> >>>>> > Hi ,
> >>>>> >
> >>>>> > I was using rsyslogd (version 8.2108.0.master) with TLS which
> >>>>> was working
> >>>>> > fine. Then I upgraded to 8.2204.0.master and syslog with TLS
> >>>> stopped
> >>>>> > working, over UDP works fine.
> >>>>> >
> >>>>> > Along with rsyslod I upgraded the curl 7.79.0-DEV to
> 7.83.1-DEV
> >>>>> , and
> >>>>> > Nettle from 3.1.1 to 3.7.1.
> >>>>> >
> >>>>> > To debug the issue I enabled the logs with version 8.2108.0
> via
> >>>>> > rsyslog.conf. Issue is when I enable logs I do not see any
> TLS
> >>>>> data sent to
> >>>>> > the server (attached logs). however if I do not enable debug
> in
> >>>>> conf file
> >>>>> > it works fine.
> >>>>> >
> >>>>> > Below are the lines added for debugging is syslog.conf:
> >>>>> >
> >>>>> > $DebugFile /var/log/rsyslog.debug
> >>>>> > $DebugLevel 2
> >>>>> >
> >>>>> > Thank you !
> >>>>> >
> >>>>> > _______________________________________________
> >>>>> > rsyslog mailing list
> >>>>> > https://lists.adiscon.net/mailman/listinfo/rsyslog
> >>>>> > http://www.rsyslog.com/professional-services/
> >>>>> > What's up with rsyslog? Follow https://twitter.com/rgerhards
> >>>>> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED
> by
> >>>>> a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO
> >>>>> NOT POST if you DON'T LIKE THAT.
> >>>>> _______________________________________________
> >>>>> rsyslog mailing list
> >>>>> https://lists.adiscon.net/mailman/listinfo/rsyslog
> >>>>> http://www.rsyslog.com/professional-services/
> >>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
> >>>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED
> by a
> >>>>> myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO
> NOT
> >>>>> POST if you DON'T LIKE THAT.
> >>>>>
> >>>> _______________________________________________
> >>>> rsyslog mailing list
> >>>> https://lists.adiscon.net/mailman/listinfo/rsyslog
> >>>> http://www.rsyslog.com/professional-services/
> >>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
> >>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
> myriad
> >>>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> >>>> DON'T LIKE THAT.
> >>>>
> >>>> _______________________________________________
> >>>> rsyslog mailing list
> >>>> https://lists.adiscon.net/mailman/listinfo/rsyslog
> >>>> http://www.rsyslog.com/professional-services/
> >>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
> >>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
> >> myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST
> if
> >> you DON'T LIKE THAT.
> >> _______________________________________________
> >> rsyslog mailing list
> >> https://lists.adiscon.net/mailman/listinfo/rsyslog
> >> http://www.rsyslog.com/professional-services/
> >> What's up with rsyslog? Follow https://twitter.com/rgerhards
> >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
> >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> >> DON'T LIKE THAT.
> >>
> >>
> >> _______________________________________________
> >> rsyslog mailing list
> >> https://lists.adiscon.net/mailman/listinfo/rsyslog
> >> http://www.rsyslog.com/professional-services/
> >> What's up with rsyslog? Follow https://twitter.com/rgerhards
> >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
> myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if
> you DON'T LIKE THAT.
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> DON'T LIKE THAT.
>
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: Issue with rsyslogd with TLS version 8.2204.0.master [ In reply to ]
Hi,

Perhaps you can create a debug log with filters applied to remove not
interesting content:
global(
debug.whitelist="on"
debug.files=["nsd_ossl.c", "tcpsrv.c", "nsdsel_ossl.c",
"nsdpoll_ptcp.c", " nsd_gtls.c.c", " nsdsel_gtls.c.c"]
)

We need to see actual debug output from the tls code to tell more about
the problem.

Best regards,
Andre Lorbach

> -----Ursprüngliche Nachricht-----
> Von: rsyslog <rsyslog-bounces@lists.adiscon.com> Im Auftrag von Abhinav
> Bhatia via rsyslog
> Gesendet: Montag, 20. Juni 2022 19:59
> An: rsyslog-users <rsyslog@lists.adiscon.com>
> Cc: Abhinav Bhatia <nitks.abhinav@gmail.com>
> Betreff: Re: [rsyslog] Issue with rsyslogd with TLS version
8.2204.0.master
>
> Yes, the TLS session gets established but , if we add the debug to the
config ,
> shared earlier, it does not even start the TCP handshake .
>
> On Mon, Jun 20, 2022 at 1:22 PM Mariusz Kruk via rsyslog <
> rsyslog@lists.adiscon.com> wrote:
>
> > This time you included debug log from rsyslogd creating the merged
> > config, not the actual config itself.
> >
> > Anyway, the PCAP is interesting.
> >
> > Because it shows two separate TLS-based connections which are
> > negotiated, then there is some data pushed through the encrypted
> > channel but the connections are not finished.
> >
> > I assume these are not the first connections because the pre-shared
> > key has already been established and the sessions are now established
> > in a "quick way" (without verifying certs again).
> >
> > So it does seem as if the TLS connection as such was being established
> > indeed.
> >
> > On 20.06.2022 18:08, Abhinav Bhatia via rsyslog wrote:
> > > Sorry, below are the attached files, effective config from client
> > > side
> > and
> > > wireshark of the working scenario.
> > >
> > > On Mon, Jun 20, 2022 at 11:41 AM Mariusz Kruk via rsyslog <
> > > rsyslog@lists.adiscon.com> wrote:
> > >
> > >> OK. Now we're getting somewhere ;-)
> > >>
> > >> So you're trying to do TLS-enabled forwarding between "client"
> > >> rsyslogd and "server" rsyslogd.
> > >>
> > >> Unfortunately, you didn't post the whole config from the client -
> > >> the config relies on some included files which are not attached.
> > >>
> > >> You can get the resulting config as rsyslog sees it by calling
> > >>
> > >> rsyslogd -N1 -o /tmp/rsyslogd_effective.conf
> > >>
> > >> It seems you forgot the wireshark snapshot as well.
> > >>
> > >> On 20.06.2022 17:34, Abhinav Bhatia via rsyslog wrote:
> > >>> Yes. But what functionality with TLS is or is not working? Input?
> > Output?
> > >>>
> > >>>
> > >>> *I have a client running rsyslogd , sending syslogs to server. I
> > >>> am
> > using
> > >>> syslog() to send syslogs.When I run version 8.2108 with TLS , I
> > >>> see the messages sent from client on wireshark (snapshot attched).
> > >>> But If I
> > >> enable
> > >>> debug I do not see anything on Wireshark going out from client
> > >>> side, *
> > >>>
> > >>> What's your config?
> > >>> *Attached are the configs from cleint and server.*
> > >>>
> > >>> What are the symptoms of "not working"? Does your side terminate
> > >>> the
> > TLS
> > >>> connection with some error? Does the other side terminate it?
> > >>> *I think the client does not start the connection. *
> > >>>
> > >>> Does it work again if you downgrade the rsyslog back to 8.2108?
> > >>> *Yes If I downgrade to 8.2108 , rsyslogd with TLS is working (NO
> > >>> Debug
> > >>> enabled)*
> > >>>
> > >>> On Mon, Jun 20, 2022 at 11:06 AM Mariusz Kruk via rsyslog <
> > >>> rsyslog@lists.adiscon.com> wrote:
> > >>>
> > >>>> Yes. But what functionality with TLS is or is not working? Input?
> > >> Output?
> > >>>> What's your config?
> > >>>>
> > >>>> What are the symptoms of "not working"? Does your side terminate
> > >>>> the
> > TLS
> > >>>> connection with some error? Does the other side terminate it?
> > >>>>
> > >>>> Did you try tcpdumping the TLS connection?
> > >>>>
> > >>>> Does it work again if you downgrade the rsyslog back to 8.2108?
> > >>>>
> > >>>> On 20.06.2022 16:59, Abhinav Bhatia wrote:
> > >>>>> Hi Mariusz,
> > >>>>>
> > >>>>> Thank you for quick reply,
> > >>>>>
> > >>>>> *Version*
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>> *No TLS*
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>> *TLS with Debug enabled*
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>> *TLS with debug disabled*
> > >>>>>
> > >>>>> 8.2108.0
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>> Working
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>> Not Working
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>> Working
> > >>>>>
> > >>>>> 8.2204.0
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>> Working
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>> Not Working
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>> Not Working
> > >>>>>
> > >>>>> Logs I shared with you were of version 8.2108.0 , TLS with Debug
> > >> enabled.
> > >>>>>
> > >>>>> Thank you,
> > >>>>>
> > >>>>>
> > >>>>> On Mon, Jun 20, 2022 at 10:38 AM Mariusz Kruk via rsyslog
> > >>>>> <rsyslog@lists.adiscon.com> wrote:
> > >>>>>
> > >>>>> OK. But _what_ is working or not working? Because quick
glance
> > >>>>> over the
> > >>>>> the debug file you attached doesn't show anything
TLS-related.
> > >>>>>
> > >>>>> Or even any other input module other than imuxsock or
imklog.
> > So
> > >>>>> maybe
> > >>>>> it's that your omfwd action is supposed to be TLS-enabled.
> > >>>>> But
> > we
> > >>>>> don't
> > >>>>> see any streamdriver config in this debug.
> > >>>>>
> > >>>>> On 20.06.2022 16:27, Abhinav Bhatia via rsyslog wrote:
> > >>>>> > Hi ,
> > >>>>> >
> > >>>>> > I was using rsyslogd (version 8.2108.0.master) with TLS
which
> > >>>>> was working
> > >>>>> > fine. Then I upgraded to 8.2204.0.master and syslog with
> > >>>>> TLS
> > >>>> stopped
> > >>>>> > working, over UDP works fine.
> > >>>>> >
> > >>>>> > Along with rsyslod I upgraded the curl 7.79.0-DEV to
> > 7.83.1-DEV
> > >>>>> , and
> > >>>>> > Nettle from 3.1.1 to 3.7.1.
> > >>>>> >
> > >>>>> > To debug the issue I enabled the logs with version
> > >>>>> 8.2108.0
> > via
> > >>>>> > rsyslog.conf. Issue is when I enable logs I do not see
> > >>>>> any
> > TLS
> > >>>>> data sent to
> > >>>>> > the server (attached logs). however if I do not enable
> > >>>>> debug
> > in
> > >>>>> conf file
> > >>>>> > it works fine.
> > >>>>> >
> > >>>>> > Below are the lines added for debugging is syslog.conf:
> > >>>>> >
> > >>>>> > $DebugFile /var/log/rsyslog.debug
> > >>>>> > $DebugLevel 2
> > >>>>> >
> > >>>>> > Thank you !
> > >>>>> >
> > >>>>> > _______________________________________________
> > >>>>> > rsyslog mailing list
> > >>>>> > https://lists.adiscon.net/mailman/listinfo/rsyslog
> > >>>>> > http://www.rsyslog.com/professional-services/
> > >>>>> > What's up with rsyslog? Follow
https://twitter.com/rgerhards
> > >>>>> > NOTE WELL: This is a PUBLIC mailing list, posts are
> > >>>>> ARCHIVED
> > by
> > >>>>> a myriad of sites beyond our control. PLEASE UNSUBSCRIBE
and
> DO
> > >>>>> NOT POST if you DON'T LIKE THAT.
> > >>>>> _______________________________________________
> > >>>>> rsyslog mailing list
> > >>>>> https://lists.adiscon.net/mailman/listinfo/rsyslog
> > >>>>> http://www.rsyslog.com/professional-services/
> > >>>>> What's up with rsyslog? Follow
https://twitter.com/rgerhards
> > >>>>> NOTE WELL: This is a PUBLIC mailing list, posts are
> > >>>>> ARCHIVED
> > by a
> > >>>>> myriad of sites beyond our control. PLEASE UNSUBSCRIBE and
> > >>>>> DO
> > NOT
> > >>>>> POST if you DON'T LIKE THAT.
> > >>>>>
> > >>>> _______________________________________________
> > >>>> rsyslog mailing list
> > >>>> https://lists.adiscon.net/mailman/listinfo/rsyslog
> > >>>> http://www.rsyslog.com/professional-services/
> > >>>> What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE
> > >>>> WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
> > myriad
> > >>>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST
> > >>>> if you DON'T LIKE THAT.
> > >>>>
> > >>>> _______________________________________________
> > >>>> rsyslog mailing list
> > >>>> https://lists.adiscon.net/mailman/listinfo/rsyslog
> > >>>> http://www.rsyslog.com/professional-services/
> > >>>> What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE
> > >>>> WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
> > >> myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT
> > >> POST
> > if
> > >> you DON'T LIKE THAT.
> > >> _______________________________________________
> > >> rsyslog mailing list
> > >> https://lists.adiscon.net/mailman/listinfo/rsyslog
> > >> http://www.rsyslog.com/professional-services/
> > >> What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE
> > >> WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
> > >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if
> > >> you DON'T LIKE THAT.
> > >>
> > >>
> > >> _______________________________________________
> > >> rsyslog mailing list
> > >> https://lists.adiscon.net/mailman/listinfo/rsyslog
> > >> http://www.rsyslog.com/professional-services/
> > >> What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE
> > >> WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
> > myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT
> POST
> > if you DON'T LIKE THAT.
> > _______________________________________________
> > rsyslog mailing list
> > https://lists.adiscon.net/mailman/listinfo/rsyslog
> > http://www.rsyslog.com/professional-services/
> > What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE
> > WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
> > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> > DON'T LIKE THAT.
> >
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL:
> This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites
beyond
> our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.