Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. RSyslog>
  3. users
Syslog configuration issues
rsyslog at lists
Jan 3, 2024, 12:06 PM
Post #1 of 5 (142 views)
Permalink
Hello There,

Happy New year!

I am trying to setup rsyslog to receive messages from a client but they keep on seeing the below error message on there side:

TCPSendInit FAILED with -2078.

I double-checked everything but could not find any specific issue.
This is the message I get when I verify the certificate:

[root@vlawsappianprep certs]# openssl verify -CAfile DigiCertIntermedCA_rootCA.crt vlawsappianprep_mfsadmin_com.crt vlawsappianprep_mfsadmin_com.crt: OK

Please see below the version I am using:

root@vlawsappianprep bin]# rsyslogd -v
rsyslogd 8.24.0-57.amzn2.2.0.2

I am attaching the rsyslog configuration to this email and can confirm that the certificate files are in the place where I have specified in the configuration.

Also, just wanted to show this message I am getting when I verify the syslog configuration:

[root@vlawsappianprep openssl]# rsyslogd -N 1
rsyslogd: version 8.24.0-57.amzn2.2.0.2, config validation run (level 1), master config /etc/rsyslog.conf
rsyslogd: error: ca certificate is not set, cannot continue [v8.24.0-57.amzn2.2.0.2 try http://www.rsyslog.com/e/2329 ]
rsyslogd: could not load module '/usr/lib64/rsyslog/lmnsd_gtls.so', rsyslog error -2329 [v8.24.0-57.amzn2.2.0.2 try http://www.rsyslog.com/e/2068 ]
[root@vlawsappianprep openssl]#


I am not sure about the reason I am getting this ca file not found error because the file is indeed there at the location I specified and other folder permissions also look ok:

?

?

Any sort of guidance will be highly appreciated as I am stuck on this for a long time now.

Thanks in advance!

Regards,
Karan Parmar
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: Syslog configuration issues [ In reply to ]
rsyslog at lists
Jan 3, 2024, 12:27 PM
Post #2 of 5 (142 views)
Permalink
This looks to me like it's a problem with the library, not with the ca cert

also, rsyslog 8.24 is very old, and there have been a lot of improvements since,
especially related to TLS connections.

based on the package name, I would guess this is an amazon AWS image, and you
should look to update to a more current one to update not only rsyslog, but a
lot of other things on the system.

David Lang

On Wed, 3 Jan 2024, Karan Parmar via rsyslog wrote:

> Date: Wed, 3 Jan 2024 15:06:24 -0500
> From: Karan Parmar via rsyslog <rsyslog@lists.adiscon.com>
> To: rsyslog@lists.adiscon.com
> Cc: Karan Parmar <karanparmar2299@gmail.com>,
> Karan Parmar <kparmar@mfsadmin.com>
> Subject: [rsyslog] Syslog configuration issues
>
> Hello There,
>
> Happy New year!
>
> I am trying to setup rsyslog to receive messages from a client but they keep on seeing the below error message on there side:
>
> TCPSendInit FAILED with -2078.
>
> I double-checked everything but could not find any specific issue.
> This is the message I get when I verify the certificate:
>
> [root@vlawsappianprep certs]# openssl verify -CAfile DigiCertIntermedCA_rootCA.crt vlawsappianprep_mfsadmin_com.crt vlawsappianprep_mfsadmin_com.crt: OK
>
> Please see below the version I am using:
>
> root@vlawsappianprep bin]# rsyslogd -v
> rsyslogd 8.24.0-57.amzn2.2.0.2
>
> I am attaching the rsyslog configuration to this email and can confirm that the certificate files are in the place where I have specified in the configuration.
>
> Also, just wanted to show this message I am getting when I verify the syslog configuration:
>
> [root@vlawsappianprep openssl]# rsyslogd -N 1
> rsyslogd: version 8.24.0-57.amzn2.2.0.2, config validation run (level 1), master config /etc/rsyslog.conf
> rsyslogd: error: ca certificate is not set, cannot continue [v8.24.0-57.amzn2.2.0.2 try http://www.rsyslog.com/e/2329 ]
> rsyslogd: could not load module '/usr/lib64/rsyslog/lmnsd_gtls.so', rsyslog error -2329 [v8.24.0-57.amzn2.2.0.2 try http://www.rsyslog.com/e/2068 ]
> [root@vlawsappianprep openssl]#
>
>
> I am not sure about the reason I am getting this ca file not found error because the file is indeed there at the location I specified and other folder permissions also look ok:
>
> ?
>
> ?
>
> Any sort of guidance will be highly appreciated as I am stuck on this for a long time now.
>
> Thanks in advance!
>
> Regards,
> Karan Parmar
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: Syslog configuration issues [ In reply to ]
rsyslog at lists
Jan 3, 2024, 12:36 PM
Post #3 of 5 (142 views)
Permalink
Hello David,

Thanks a lot for your response.

On the rsyslog website, I see that this is the latest version:

?

Could you please elaborate what you are talking about?
I would really appreciate it.

Regards,
Karan Parmar

> On Jan 3, 2024, at 3:27?PM, David Lang <david@lang.hm> wrote:
>
> This looks to me like it's a problem with the library, not with the ca cert
>
> also, rsyslog 8.24 is very old, and there have been a lot of improvements since, especially related to TLS connections.
>
> based on the package name, I would guess this is an amazon AWS image, and you should look to update to a more current one to update not only rsyslog, but a lot of other things on the system.
>
> David Lang
>
> On Wed, 3 Jan 2024, Karan Parmar via rsyslog wrote:
>
>> Date: Wed, 3 Jan 2024 15:06:24 -0500
>> From: Karan Parmar via rsyslog <rsyslog@lists.adiscon.com>
>> To: rsyslog@lists.adiscon.com
>> Cc: Karan Parmar <karanparmar2299@gmail.com>,
>> Karan Parmar <kparmar@mfsadmin.com>
>> Subject: [rsyslog] Syslog configuration issues
>> Hello There,
>>
>> Happy New year!
>>
>> I am trying to setup rsyslog to receive messages from a client but they keep on seeing the below error message on there side:
>>
>> TCPSendInit FAILED with -2078.
>>
>> I double-checked everything but could not find any specific issue.
>> This is the message I get when I verify the certificate:
>>
>> [root@vlawsappianprep certs]# openssl verify -CAfile DigiCertIntermedCA_rootCA.crt vlawsappianprep_mfsadmin_com.crt vlawsappianprep_mfsadmin_com.crt: OK
>>
>> Please see below the version I am using:
>>
>> root@vlawsappianprep bin]# rsyslogd -v
>> rsyslogd 8.24.0-57.amzn2.2.0.2
>>
>> I am attaching the rsyslog configuration to this email and can confirm that the certificate files are in the place where I have specified in the configuration.
>>
>> Also, just wanted to show this message I am getting when I verify the syslog configuration:
>>
>> [root@vlawsappianprep openssl]# rsyslogd -N 1
>> rsyslogd: version 8.24.0-57.amzn2.2.0.2, config validation run (level 1), master config /etc/rsyslog.conf
>> rsyslogd: error: ca certificate is not set, cannot continue [v8.24.0-57.amzn2.2.0.2 try http://www.rsyslog.com/e/2329 ]
>> rsyslogd: could not load module '/usr/lib64/rsyslog/lmnsd_gtls.so', rsyslog error -2329 [v8.24.0-57.amzn2.2.0.2 try http://www.rsyslog.com/e/2068 ]
>> [root@vlawsappianprep openssl]#
>>
>>
>> I am not sure about the reason I am getting this ca file not found error because the file is indeed there at the location I specified and other folder permissions also look ok:
>>
>> ?
>>
>> ?
>>
>> Any sort of guidance will be highly appreciated as I am stuck on this for a long time now.
>>
>> Thanks in advance!
>>
>> Regards,
>> Karan Parmar
>> _______________________________________________
>> rsyslog mailing list
>> https://lists.adiscon.net/mailman/listinfo/rsyslog
>> http://www.rsyslog.com/professional-services/
>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.

_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: Syslog configuration issues [ In reply to ]
rsyslog at lists
Jan 3, 2024, 12:45 PM
Post #4 of 5 (142 views)
Permalink
the error messages you are posting say you are running an amazon-modified
version of 8.24

rsyslogd: version 8.24.0-57.amzn2.2.0.2, config validation run (level 1), master config /etc/rsyslog.conf

RedHat (which amazon linux is a fork of) used 8.24 on redhat 7 (released in June
2014), RedHat (and possibly Amazon) backport some fixes from later versions, but
the encryption changes are far more drastic than the type of thing they normally
backport

RedHat is currently on version 9 (released may 2022) and version 7 is hitting
their official 'extended support' (aka 'you really should be off of it by now')
in a few months.

So updating the ami that you are using from amazon linux 7 to amazon linux 9
will update a LOT of things, not just rsyslog.

If you thought you were running rsyslog 8.2312 (akd 2023 december release) than
the update to that version did not happen as you expected

rsyslog versions were 8.n up until about 8.36 and then moved to the date based
number scheme.

David Lang


On Wed, 3 Jan 2024, Karan Parmar wrote:

> Date: Wed, 3 Jan 2024 20:33:06 +0000
> From: Karan Parmar <kparmar@mfsadmin.com>
> To: David Lang <david@lang.hm>,
> Karan Parmar via rsyslog <rsyslog@lists.adiscon.com>
> Cc: Karan Parmar <karanparmar2299@gmail.com>
> Subject: Re: [rsyslog] Syslog configuration issues
>
> Hello David,
>
> Thanks a lot for your response.
>
> On the rsyslog website, I see that this is the latest version:
>
> [cid:image001.png@01DA3E5A.20FE5AD0]
>
> Could you please elaborate what you are talking about?
> I would really appreciate it.
>
> Regards,
> Karan Parmar
>
> From: David Lang <david@lang.hm>
> Date: Wednesday, January 3, 2024 at 3:27?PM
> To: Karan Parmar via rsyslog <rsyslog@lists.adiscon.com>
> Cc: Karan Parmar <karanparmar2299@gmail.com>, Karan Parmar <kparmar@mfsadmin.com>
> Subject: Re: [rsyslog] Syslog configuration issues
> [EXTERNAL EMAIL] Think before clicking links, opening attachments or responding. If perceived suspicious, please use the “Report Phishing” button in Outlook if available, or email to phishing@mfsadmin.com
>
>
> This looks to me like it's a problem with the library, not with the ca cert
>
> also, rsyslog 8.24 is very old, and there have been a lot of improvements since,
> especially related to TLS connections.
>
> based on the package name, I would guess this is an amazon AWS image, and you
> should look to update to a more current one to update not only rsyslog, but a
> lot of other things on the system.
>
> David Lang
>
> On Wed, 3 Jan 2024, Karan Parmar via rsyslog wrote:
>
>> Date: Wed, 3 Jan 2024 15:06:24 -0500
>> From: Karan Parmar via rsyslog <rsyslog@lists.adiscon.com>
>> To: rsyslog@lists.adiscon.com
>> Cc: Karan Parmar <karanparmar2299@gmail.com>,
>> Karan Parmar <kparmar@mfsadmin.com>
>> Subject: [rsyslog] Syslog configuration issues
>>
>> Hello There,
>>
>> Happy New year!
>>
>> I am trying to setup rsyslog to receive messages from a client but they keep on seeing the below error message on there side:
>>
>> TCPSendInit FAILED with -2078.
>>
>> I double-checked everything but could not find any specific issue.
>> This is the message I get when I verify the certificate:
>>
>> [root@vlawsappianprep certs]# openssl verify -CAfile DigiCertIntermedCA_rootCA.crt vlawsappianprep_mfsadmin_com.crt vlawsappianprep_mfsadmin_com.crt: OK
>>
>> Please see below the version I am using:
>>
>> root@vlawsappianprep bin]# rsyslogd -v
>> rsyslogd 8.24.0-57.amzn2.2.0.2
>>
>> I am attaching the rsyslog configuration to this email and can confirm that the certificate files are in the place where I have specified in the configuration.
>>
>> Also, just wanted to show this message I am getting when I verify the syslog configuration:
>>
>> [root@vlawsappianprep openssl]# rsyslogd -N 1
>> rsyslogd: version 8.24.0-57.amzn2.2.0.2, config validation run (level 1), master config /etc/rsyslog.conf
>> rsyslogd: error: ca certificate is not set, cannot continue [v8.24.0-57.amzn2.2.0.2 try https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__http%3A%2F%2Fwww.rsyslog.com%2Fe%2F2329__%3B!!OupbvzaNvV_73aRO0Q!4Zz5ST1_dvEHwTN8LiWUwL5lhIEQXdtWYSpJIR7-WxgvpybKV_7p_mHxbAXkmz9bNjpfh_PXLXfOgw%24&data=05%7C02%7Ckparmar%40mfsadmin.com%7Cc75c8a4465e244d2cd5308dc0c9a65c5%7C6efe6367572d4f03aa491a8d840442fb%7C0%7C0%7C638399104516229817%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=OD8S3fnlx2TYo%2Bv0TKMR8a02f1t7A4EPdfhOMuo0210%3D&reserved=0<https://urldefense.com/v3/__http://www.rsyslog.com/e/2329__;!!OupbvzaNvV_73aRO0Q!4Zz5ST1_dvEHwTN8LiWUwL5lhIEQXdtWYSpJIR7-WxgvpybKV_7p_mHxbAXkmz9bNjpfh_PXLXfOgw$> ]
>> rsyslogd: could not load module '/usr/lib64/rsyslog/lmnsd_gtls.so', rsyslog error -2329 [v8.24.0-57.amzn2.2.0.2 try https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__http%3A%2F%2Fwww.rsyslog.com%2Fe%2F2068__%3B!!OupbvzaNvV_73aRO0Q!4Zz5ST1_dvEHwTN8LiWUwL5lhIEQXdtWYSpJIR7-WxgvpybKV_7p_mHxbAXkmz9bNjpfh_OS71F1iA%24&data=05%7C02%7Ckparmar%40mfsadmin.com%7Cc75c8a4465e244d2cd5308dc0c9a65c5%7C6efe6367572d4f03aa491a8d840442fb%7C0%7C0%7C638399104516229817%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=gO1vIxzolJrPFFrshnl6C1CHvQKZrCwDlzw5ktAhubg%3D&reserved=0<https://urldefense.com/v3/__http://www.rsyslog.com/e/2068__;!!OupbvzaNvV_73aRO0Q!4Zz5ST1_dvEHwTN8LiWUwL5lhIEQXdtWYSpJIR7-WxgvpybKV_7p_mHxbAXkmz9bNjpfh_OS71F1iA$> ]
>> [root@vlawsappianprep openssl]#
>>
>>
>> I am not sure about the reason I am getting this ca file not found error because the file is indeed there at the location I specified and other folder permissions also look ok:
>>
>> ?
>>
>> ?
>>
>> Any sort of guidance will be highly appreciated as I am stuck on this for a long time now.
>>
>> Thanks in advance!
>>
>> Regards,
>> Karan Parmar
>> _______________________________________________
>> rsyslog mailing list
>> https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Flists.adiscon.net%2Fmailman%2Flistinfo%2Frsyslog__%3B!!OupbvzaNvV_73aRO0Q!4Zz5ST1_dvEHwTN8LiWUwL5lhIEQXdtWYSpJIR7-WxgvpybKV_7p_mHxbAXkmz9bNjpfh_NNI_Z5nQ%24&data=05%7C02%7Ckparmar%40mfsadmin.com%7Cc75c8a4465e244d2cd5308dc0c9a65c5%7C6efe6367572d4f03aa491a8d840442fb%7C0%7C0%7C638399104516229817%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=eCufhUXdXhQ09Jt0XM%2BHlbrrS16aZmliUvOEVaDmEVQ%3D&reserved=0<https://urldefense.com/v3/__https://lists.adiscon.net/mailman/listinfo/rsyslog__;!!OupbvzaNvV_73aRO0Q!4Zz5ST1_dvEHwTN8LiWUwL5lhIEQXdtWYSpJIR7-WxgvpybKV_7p_mHxbAXkmz9bNjpfh_NNI_Z5nQ$>
>> https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__http%3A%2F%2Fwww.rsyslog.com%2Fprofessional-services%2F__%3B!!OupbvzaNvV_73aRO0Q!4Zz5ST1_dvEHwTN8LiWUwL5lhIEQXdtWYSpJIR7-WxgvpybKV_7p_mHxbAXkmz9bNjpfh_NVr75G-A%24&data=05%7C02%7Ckparmar%40mfsadmin.com%7Cc75c8a4465e244d2cd5308dc0c9a65c5%7C6efe6367572d4f03aa491a8d840442fb%7C0%7C0%7C638399104516229817%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=5uT865jjxDToh%2FHjtVEB8cfPoDToCTM752v9c3PReT4%3D&reserved=0<https://urldefense.com/v3/__http://www.rsyslog.com/professional-services/__;!!OupbvzaNvV_73aRO0Q!4Zz5ST1_dvEHwTN8LiWUwL5lhIEQXdtWYSpJIR7-WxgvpybKV_7p_mHxbAXkmz9bNjpfh_NVr75G-A$>
>> What's up with rsyslog? Follow https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Ftwitter.com%2Frgerhards__%3B!!OupbvzaNvV_73aRO0Q!4Zz5ST1_dvEHwTN8LiWUwL5lhIEQXdtWYSpJIR7-WxgvpybKV_7p_mHxbAXkmz9bNjpfh_OqkWVe4w%24&data=05%7C02%7Ckparmar%40mfsadmin.com%7Cc75c8a4465e244d2cd5308dc0c9a65c5%7C6efe6367572d4f03aa491a8d840442fb%7C0%7C0%7C638399104516229817%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=PRTTASvxazpnx%2B%2BJE9aSgCZgMGIOVLVRa%2FowV0m6AbA%3D&reserved=0<https://urldefense.com/v3/__https://twitter.com/rgerhards__;!!OupbvzaNvV_73aRO0Q!4Zz5ST1_dvEHwTN8LiWUwL5lhIEQXdtWYSpJIR7-WxgvpybKV_7p_mHxbAXkmz9bNjpfh_OqkWVe4w$>
>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
>
>
>
> The information contained in this e-mail message and any attachments hereto is confidential and may be legally privileged. It is intended solely for the person to whom it is addressed and review by anyone else is unauthorized. Any use, disclosure, reproduction, modification or distribution of the contents of this e-mail, or any part thereof, other than by the intended recipient, is strictly prohibited. Any unauthorized use or dissemination of this message in whole or in part is strictly prohibited. If you are not the intended recipient or have received this message in error, please notify the sender of this e-mail immediately by either return e-mail and destroy the message and all copies in your possession.
>
> WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.
>
> www.mfsadmin.com
>
> PLEASE NOTE: The MUFG logo and name is a service mark of Mitsubishi UFJ Financial Group, Inc. (“MUFG”) and may be used by it or other Group companies for marketing purposes, including MUFG Americas Holdings Corporation affiliates and subsidiaries. Lending, deposit, securities, investment banking, and other banking services are provided by banking and/or broker-dealer affiliates of MUFG, including, The Bank of Tokyo-Mitsubishi UFJ, Ltd. (“BTMU”), MUFG Union Bank, N.A. (“MUB”), MUFG Securities Americas Inc. (“MUSA”), and MUFG Securities (Canada), Ltd. (“MUS(CAN)”). MUB is an FDIC-insured bank. MUSA is a member of FINRA and SIPC. MUS(CAN) is a member of FINRA and IIROC.
>
> This message is intended for the named addressee(s) only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mis-transmission. If you receive this message in error, please delete it and all copies from your system, destroy any hard copies and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print or copy any part of this message if you are not the intended recipient. MUFG, its affiliates and subsidiaries reserve the right to monitor all electronic communications through their respective networks. Any views expressed in this message are those of the individual sender and do not constitute investment advice or recommendation, except where the message expressly states otherwise and the sender is authorized to furnish the same. MUFG (and its subsidiaries) shall (will) not be liable for the message if modified.
>
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: Syslog configuration issues [ In reply to ]
rsyslog at lists
Jan 3, 2024, 7:08 PM
Post #5 of 5 (142 views)
Permalink
Hello David,

Thanks, I will check this and will reach out again in case I am still stuck.

Regards,
Karan Parmar

> On Jan 3, 2024, at 3:45?PM, David Lang <david@lang.hm> wrote:
>
> the error messages you are posting say you are running an amazon-modified version of 8.24
>
> rsyslogd: version 8.24.0-57.amzn2.2.0.2, config validation run (level 1), master config /etc/rsyslog.conf
>
> RedHat (which amazon linux is a fork of) used 8.24 on redhat 7 (released in June 2014), RedHat (and possibly Amazon) backport some fixes from later versions, but the encryption changes are far more drastic than the type of thing they normally backport
>
> RedHat is currently on version 9 (released may 2022) and version 7 is hitting their official 'extended support' (aka 'you really should be off of it by now') in a few months.
>
> So updating the ami that you are using from amazon linux 7 to amazon linux 9 will update a LOT of things, not just rsyslog.
>
> If you thought you were running rsyslog 8.2312 (akd 2023 december release) than the update to that version did not happen as you expected
>
> rsyslog versions were 8.n up until about 8.36 and then moved to the date based number scheme.
>
> David Lang
>
>
> On Wed, 3 Jan 2024, Karan Parmar wrote:
>
>> Date: Wed, 3 Jan 2024 20:33:06 +0000
>> From: Karan Parmar <kparmar@mfsadmin.com <mailto:kparmar@mfsadmin.com>>
>> To: David Lang <david@lang.hm <mailto:david@lang.hm>>,
>> Karan Parmar via rsyslog <rsyslog@lists.adiscon.com <mailto:rsyslog@lists.adiscon.com>>
>> Cc: Karan Parmar <karanparmar2299@gmail.com <mailto:karanparmar2299@gmail.com>>
>> Subject: Re: [rsyslog] Syslog configuration issues
>> Hello David,
>>
>> Thanks a lot for your response.
>>
>> On the rsyslog website, I see that this is the latest version:
>>
>> [cid:image001.png@01DA3E5A.20FE5AD0]
>>
>> Could you please elaborate what you are talking about?
>> I would really appreciate it.
>>
>> Regards,
>> Karan Parmar
>>
>> From: David Lang <david@lang.hm>
>> Date: Wednesday, January 3, 2024 at 3:27?PM
>> To: Karan Parmar via rsyslog <rsyslog@lists.adiscon.com>
>> Cc: Karan Parmar <karanparmar2299@gmail.com>, Karan Parmar <kparmar@mfsadmin.com>
>> Subject: Re: [rsyslog] Syslog configuration issues
>> [EXTERNAL EMAIL] Think before clicking links, opening attachments or responding. If perceived suspicious, please use the “Report Phishing” button in Outlook if available, or email to phishing@mfsadmin.com
>>
>>
>> This looks to me like it's a problem with the library, not with the ca cert
>>
>> also, rsyslog 8.24 is very old, and there have been a lot of improvements since,
>> especially related to TLS connections.
>>
>> based on the package name, I would guess this is an amazon AWS image, and you
>> should look to update to a more current one to update not only rsyslog, but a
>> lot of other things on the system.
>>
>> David Lang
>>
>> On Wed, 3 Jan 2024, Karan Parmar via rsyslog wrote:
>>
>>> Date: Wed, 3 Jan 2024 15:06:24 -0500
>>> From: Karan Parmar via rsyslog <rsyslog@lists.adiscon.com>
>>> To: rsyslog@lists.adiscon.com
>>> Cc: Karan Parmar <karanparmar2299@gmail.com>,
>>> Karan Parmar <kparmar@mfsadmin.com>
>>> Subject: [rsyslog] Syslog configuration issues
>>>
>>> Hello There,
>>>
>>> Happy New year!
>>>
>>> I am trying to setup rsyslog to receive messages from a client but they keep on seeing the below error message on there side:
>>>
>>> TCPSendInit FAILED with -2078.
>>>
>>> I double-checked everything but could not find any specific issue.
>>> This is the message I get when I verify the certificate:
>>>
>>> [root@vlawsappianprep certs]# openssl verify -CAfile DigiCertIntermedCA_rootCA.crt vlawsappianprep_mfsadmin_com.crt vlawsappianprep_mfsadmin_com.crt: OK
>>>
>>> Please see below the version I am using:
>>>
>>> root@vlawsappianprep bin]# rsyslogd -v
>>> rsyslogd 8.24.0-57.amzn2.2.0.2
>>>
>>> I am attaching the rsyslog configuration to this email and can confirm that the certificate files are in the place where I have specified in the configuration.
>>>
>>> Also, just wanted to show this message I am getting when I verify the syslog configuration:
>>>
>>> [root@vlawsappianprep openssl]# rsyslogd -N 1
>>> rsyslogd: version 8.24.0-57.amzn2.2.0.2, config validation run (level 1), master config /etc/rsyslog.conf
>>> rsyslogd: error: ca certificate is not set, cannot continue [v8.24.0-57.amzn2.2.0.2 try https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__http%3A%2F%2Fwww.rsyslog.com%2Fe%2F2329__%3B!!OupbvzaNvV_73aRO0Q!4Zz5ST1_dvEHwTN8LiWUwL5lhIEQXdtWYSpJIR7-WxgvpybKV_7p_mHxbAXkmz9bNjpfh_PXLXfOgw%24&data=05%7C02%7Ckparmar%40mfsadmin.com%7Cc75c8a4465e244d2cd5308dc0c9a65c5%7C6efe6367572d4f03aa491a8d840442fb%7C0%7C0%7C638399104516229817%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=OD8S3fnlx2TYo%2Bv0TKMR8a02f1t7A4EPdfhOMuo0210%3D&reserved=0<https://urldefense.com/v3/__http://www.rsyslog.com/e/2329__;!!OupbvzaNvV_73aRO0Q!4Zz5ST1_dvEHwTN8LiWUwL5lhIEQXdtWYSpJIR7-WxgvpybKV_7p_mHxbAXkmz9bNjpfh_PXLXfOgw$> <https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__http%3A%2F%2Fwww.rsyslog.com%2Fe%2F2329__%3B!!OupbvzaNvV_73aRO0Q!4Zz5ST1_dvEHwTN8LiWUwL5lhIEQXdtWYSpJIR7-WxgvpybKV_7p_mHxbAXkmz9bNjpfh_PXLXfOgw%24&data=05%7C02%7Ckparmar%40mfsadmin.com%7Cc75c8a4465e244d2cd5308dc0c9a65c5%7C6efe6367572d4f03aa491a8d840442fb%7C0%7C0%7C638399104516229817%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=OD8S3fnlx2TYo%2Bv0TKMR8a02f1t7A4EPdfhOMuo0210%3D&reserved=0%3Chttps://urldefense.com/v3/__http://www.rsyslog.com/e/2329__;!!OupbvzaNvV_73aRO0Q!4Zz5ST1_dvEHwTN8LiWUwL5lhIEQXdtWYSpJIR7-WxgvpybKV_7p_mHxbAXkmz9bNjpfh_PXLXfOgw$%3E> ]
>>> rsyslogd: could not load module '/usr/lib64/rsyslog/lmnsd_gtls.so <http://lmnsd_gtls.so/>', rsyslog error -2329 [v8.24.0-57.amzn2.2.0.2 try https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__http%3A%2F%2Fwww.rsyslog.com%2Fe%2F2068__%3B!!OupbvzaNvV_73aRO0Q!4Zz5ST1_dvEHwTN8LiWUwL5lhIEQXdtWYSpJIR7-WxgvpybKV_7p_mHxbAXkmz9bNjpfh_OS71F1iA%24&data=05%7C02%7Ckparmar%40mfsadmin.com%7Cc75c8a4465e244d2cd5308dc0c9a65c5%7C6efe6367572d4f03aa491a8d840442fb%7C0%7C0%7C638399104516229817%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=gO1vIxzolJrPFFrshnl6C1CHvQKZrCwDlzw5ktAhubg%3D&reserved=0<https://urldefense.com/v3/__http://www.rsyslog.com/e/2068__;!!OupbvzaNvV_73aRO0Q!4Zz5ST1_dvEHwTN8LiWUwL5lhIEQXdtWYSpJIR7-WxgvpybKV_7p_mHxbAXkmz9bNjpfh_OS71F1iA$> <https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__http%3A%2F%2Fwww.rsyslog.com%2Fe%2F2068__%3B!!OupbvzaNvV_73aRO0Q!4Zz5ST1_dvEHwTN8LiWUwL5lhIEQXdtWYSpJIR7-WxgvpybKV_7p_mHxbAXkmz9bNjpfh_OS71F1iA%24&data=05%7C02%7Ckparmar%40mfsadmin.com%7Cc75c8a4465e244d2cd5308dc0c9a65c5%7C6efe6367572d4f03aa491a8d840442fb%7C0%7C0%7C638399104516229817%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=gO1vIxzolJrPFFrshnl6C1CHvQKZrCwDlzw5ktAhubg%3D&reserved=0%3Chttps://urldefense.com/v3/__http://www.rsyslog.com/e/2068__;!!OupbvzaNvV_73aRO0Q!4Zz5ST1_dvEHwTN8LiWUwL5lhIEQXdtWYSpJIR7-WxgvpybKV_7p_mHxbAXkmz9bNjpfh_OS71F1iA$%3E> ]
>>> [root@vlawsappianprep openssl]#
>>>
>>>
>>> I am not sure about the reason I am getting this ca file not found error because the file is indeed there at the location I specified and other folder permissions also look ok:
>>>
>>> ?
>>>
>>> ?
>>>
>>> Any sort of guidance will be highly appreciated as I am stuck on this for a long time now.
>>>
>>> Thanks in advance!
>>>
>>> Regards,
>>> Karan Parmar
>>> _______________________________________________
>>> rsyslog mailing list
>>> https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Flists.adiscon.net%2Fmailman%2Flistinfo%2Frsyslog__%3B!!OupbvzaNvV_73aRO0Q!4Zz5ST1_dvEHwTN8LiWUwL5lhIEQXdtWYSpJIR7-WxgvpybKV_7p_mHxbAXkmz9bNjpfh_NNI_Z5nQ%24&data=05%7C02%7Ckparmar%40mfsadmin.com%7Cc75c8a4465e244d2cd5308dc0c9a65c5%7C6efe6367572d4f03aa491a8d840442fb%7C0%7C0%7C638399104516229817%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=eCufhUXdXhQ09Jt0XM%2BHlbrrS16aZmliUvOEVaDmEVQ%3D&reserved=0<https://urldefense.com/v3/__https://lists.adiscon.net/mailman/listinfo/rsyslog__;!!OupbvzaNvV_73aRO0Q!4Zz5ST1_dvEHwTN8LiWUwL5lhIEQXdtWYSpJIR7-WxgvpybKV_7p_mHxbAXkmz9bNjpfh_NNI_Z5nQ$> <https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Flists.adiscon.net%2Fmailman%2Flistinfo%2Frsyslog__%3B!!OupbvzaNvV_73aRO0Q!4Zz5ST1_dvEHwTN8LiWUwL5lhIEQXdtWYSpJIR7-WxgvpybKV_7p_mHxbAXkmz9bNjpfh_NNI_Z5nQ%24&data=05%7C02%7Ckparmar%40mfsadmin.com%7Cc75c8a4465e244d2cd5308dc0c9a65c5%7C6efe6367572d4f03aa491a8d840442fb%7C0%7C0%7C638399104516229817%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=eCufhUXdXhQ09Jt0XM%2BHlbrrS16aZmliUvOEVaDmEVQ%3D&reserved=0%3Chttps://urldefense.com/v3/__https://lists.adiscon.net/mailman/listinfo/rsyslog__;!!OupbvzaNvV_73aRO0Q!4Zz5ST1_dvEHwTN8LiWUwL5lhIEQXdtWYSpJIR7-WxgvpybKV_7p_mHxbAXkmz9bNjpfh_NNI_Z5nQ$%3E>
>>> https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__http%3A%2F%2Fwww.rsyslog.com%2Fprofessional-services%2F__%3B!!OupbvzaNvV_73aRO0Q!4Zz5ST1_dvEHwTN8LiWUwL5lhIEQXdtWYSpJIR7-WxgvpybKV_7p_mHxbAXkmz9bNjpfh_NVr75G-A%24&data=05%7C02%7Ckparmar%40mfsadmin.com%7Cc75c8a4465e244d2cd5308dc0c9a65c5%7C6efe6367572d4f03aa491a8d840442fb%7C0%7C0%7C638399104516229817%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=5uT865jjxDToh%2FHjtVEB8cfPoDToCTM752v9c3PReT4%3D&reserved=0<https://urldefense.com/v3/__http://www.rsyslog.com/professional-services/__;!!OupbvzaNvV_73aRO0Q!4Zz5ST1_dvEHwTN8LiWUwL5lhIEQXdtWYSpJIR7-WxgvpybKV_7p_mHxbAXkmz9bNjpfh_NVr75G-A$> <https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__http%3A%2F%2Fwww.rsyslog.com%2Fprofessional-services%2F__%3B!!OupbvzaNvV_73aRO0Q!4Zz5ST1_dvEHwTN8LiWUwL5lhIEQXdtWYSpJIR7-WxgvpybKV_7p_mHxbAXkmz9bNjpfh_NVr75G-A%24&data=05%7C02%7Ckparmar%40mfsadmin.com%7Cc75c8a4465e244d2cd5308dc0c9a65c5%7C6efe6367572d4f03aa491a8d840442fb%7C0%7C0%7C638399104516229817%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=5uT865jjxDToh%2FHjtVEB8cfPoDToCTM752v9c3PReT4%3D&reserved=0%3Chttps://urldefense.com/v3/__http://www.rsyslog.com/professional-services/__;!!OupbvzaNvV_73aRO0Q!4Zz5ST1_dvEHwTN8LiWUwL5lhIEQXdtWYSpJIR7-WxgvpybKV_7p_mHxbAXkmz9bNjpfh_NVr75G-A$%3E>
>>> What's up with rsyslog? Follow https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Ftwitter.com%2Frgerhards__%3B!!OupbvzaNvV_73aRO0Q!4Zz5ST1_dvEHwTN8LiWUwL5lhIEQXdtWYSpJIR7-WxgvpybKV_7p_mHxbAXkmz9bNjpfh_OqkWVe4w%24&data=05%7C02%7Ckparmar%40mfsadmin.com%7Cc75c8a4465e244d2cd5308dc0c9a65c5%7C6efe6367572d4f03aa491a8d840442fb%7C0%7C0%7C638399104516229817%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=PRTTASvxazpnx%2B%2BJE9aSgCZgMGIOVLVRa%2FowV0m6AbA%3D&reserved=0<https://urldefense.com/v3/__https://twitter.com/rgerhards__;!!OupbvzaNvV_73aRO0Q!4Zz5ST1_dvEHwTN8LiWUwL5lhIEQXdtWYSpJIR7-WxgvpybKV_7p_mHxbAXkmz9bNjpfh_OqkWVe4w$> <https://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Ftwitter.com%2Frgerhards__%3B!!OupbvzaNvV_73aRO0Q!4Zz5ST1_dvEHwTN8LiWUwL5lhIEQXdtWYSpJIR7-WxgvpybKV_7p_mHxbAXkmz9bNjpfh_OqkWVe4w%24&data=05%7C02%7Ckparmar%40mfsadmin.com%7Cc75c8a4465e244d2cd5308dc0c9a65c5%7C6efe6367572d4f03aa491a8d840442fb%7C0%7C0%7C638399104516229817%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=PRTTASvxazpnx%2B%2BJE9aSgCZgMGIOVLVRa%2FowV0m6AbA%3D&reserved=0%3Chttps://urldefense.com/v3/__https://twitter.com/rgerhards__;!!OupbvzaNvV_73aRO0Q!4Zz5ST1_dvEHwTN8LiWUwL5lhIEQXdtWYSpJIR7-WxgvpybKV_7p_mHxbAXkmz9bNjpfh_OqkWVe4w$%3E>
>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
>>
>>
>>
>> The information contained in this e-mail message and any attachments hereto is confidential and may be legally privileged. It is intended solely for the person to whom it is addressed and review by anyone else is unauthorized. Any use, disclosure, reproduction, modification or distribution of the contents of this e-mail, or any part thereof, other than by the intended recipient, is strictly prohibited. Any unauthorized use or dissemination of this message in whole or in part is strictly prohibited. If you are not the intended recipient or have received this message in error, please notify the sender of this e-mail immediately by either return e-mail and destroy the message and all copies in your possession.
>>
>> WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.
>>
>> www.mfsadmin.com
>>
>> PLEASE NOTE: The MUFG logo and name is a service mark of Mitsubishi UFJ Financial Group, Inc. (“MUFG”) and may be used by it or other Group companies for marketing purposes, including MUFG Americas Holdings Corporation affiliates and subsidiaries. Lending, deposit, securities, investment banking, and other banking services are provided by banking and/or broker-dealer affiliates of MUFG, including, The Bank of Tokyo-Mitsubishi UFJ, Ltd. (“BTMU”), MUFG Union Bank, N.A. (“MUB”), MUFG Securities Americas Inc. (“MUSA”), and MUFG Securities (Canada), Ltd. (“MUS(CAN)”). MUB is an FDIC-insured bank. MUSA is a member of FINRA and SIPC. MUS(CAN) is a member of FINRA and IIROC.
>>
>> This message is intended for the named addressee(s) only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mis-transmission. If you receive this message in error, please delete it and all copies from your system, destroy any hard copies and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print or copy any part of this message if you are not the intended recipient. MUFG, its affiliates and subsidiaries reserve the right to monitor all electronic communications through their respective networks. Any views expressed in this message are those of the individual sender and do not constitute investment advice or recommendation, except where the message expressly states otherwise and the sender is authorized to furnish the same. MUFG (and its subsidiaries) shall (will) not be liable for the message if modified.

_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal