I?m running into some issues with RELP and I just want to make sure if the following messages that I seeing in the logs are critical or not. The messages below occur in batches on the syslog server. This last batch had well over 50 of messages below all within the same second.
2024-02-15T16:53:02.362118+00:00 mdtnj01log-col rsyslogd: imrelp[2809]: error 'error sending relp: Broken pipe', object 'lstn 2809: conn to clt 10.10.10.149/10.10.10.149' - input may not work as intended [v8.2312.0 try https://www.rsyslog.com/e/2353 ]
2024-02-15T16:53:02.362140+00:00 mdtnj01log-col rsyslogd: imrelp[2809]: error 'io error, session broken', object 'lstn 2809: conn to clt 10.10.10.149/10.10.10.149' - input may not work as intended [v8.2312.0 try https://www.rsyslog.com/e/2353 ]
2024-02-15T16:53:02.362173+00:00 mdtnj01log-col rsyslogd: imrelp[2809]: error 'error sending relp: Broken pipe', object 'lstn 2809: conn to clt 10.10.10.149/10.10.10.149' - input may not work as intended [v8.2312.0 try https://www.rsyslog.com/e/2353 ]
2024-02-15T16:53:02.362193+00:00 mdtnj01log-col rsyslogd: imrelp[2809]: error 'io error, session broken', object 'lstn 2809: conn to clt 10.10.10.149/10.10.10.149' - input may not work as intended [v8.2312.0 try https://www.rsyslog.com/e/2353 ]
On my client side (sender) which is on RHEL 7.9 and running rsyslog-8.24.0-57.el7_9.3.x86_64. Using the following omrelp configuration.
action(type="omrelp" name="fwd-ldap" target="mdtnj01log-col" port="2809" template="Tmpl-ReWrite-ForwardFormat"
Timeout="120" #; Close the connection if there is no activity. We need to set this high
Conn.Timeout="5" #; Amount of time to wait in seconds to establish a connection
action.writeAllMarkMessages="off" #; Send all MARK messages
action.repeatedmsgcontainsoriginalmsg="off" #; Disable duplicate message reporting
action.reportSuspension="on" #; Generate a message if this connection is suspended
action.reportSuspensionContinuation="on" #; Generate a message when the connection resumes
queue.Type="LinkedList" #; Queue type. LinkList is best of both worlds memory and disk
queue.spoolDirectory="/var/lib/rsyslog" #; Directory where the queue files are stored
queue.filename="q-ldap-fwd" #; Queue file name
queue.size="50000" #: Number of messages that can be queued in memory
queue.highWatermark="40000" #; When this number of messages reaches this value memory queued messages are written to disk
queue.lowWatermark="20000" #; When this number is reached new messages stop being written to disk
queue.dequeueBatchSize="2048" #; Send the specified number of messages to remote system when dequeuing messages
queue.workerThreads="2" #; Number of worker threads to be used
queue.maxFileSize="1g" #; Max size for a queue file can be before a new queue file is created
queue.saveOnShutdown="on") #; Save all the messages if rsyslog is stop
On my server side which is on RHEL 9.2 running rsyslog-8.2312.0-1.el9.x86_64. Using the following configuration.
input(type="imrelp" address="mdtnj01log-col " port="2809" name="input-ldap-relp-acc-v4" ruleset="rule-ldap-acc-v4")
ruleset(name="rule-ldap-acc-v4") {
#; Local file storage for logs. Single file created for everything on this stream.
#: These logs should only be maintained for 7 to 14 days. These are used for troubleshooting
action(type="omfile" name="output-ldap-acc-v4" template="Tmpl-ReWrite-IP-FileFormat"
dynafile="Tmpl-DynaFile-LDAP-Acc" #; Dynamic file naming template to be used (daily files)
dynafilecachesize="14" #; Number of dynamic file names to keep in cache
closetimeout="5" #; Close the file after so many minutes with no activity
flushinterval="5" #; Flush the buffers every so many seconds
asyncwriting="on" #; Enable asynchronous writes
iobuffersize="256k" #; Chunk the writes to disk
dirowner="root" #; Owner for the directory where the log file is stored
dirgroup="apache" #; Group for the directory where the log file is stored
dircreatemode="0750" #; Permissions for the directory where the log file is stored
fileowner="root" #; Owner for the log file
filegroup="apache" #; Group for the log file
filecreatemode="0640" #; Permissions for log file
failonchownfailure="off") #; Continue on if we cannot not set the file ownerships
}
I have looked the 2353 error code, and I am not using or have enable TLS.
Any help would be great!
Thanks
Bob Kong
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
2024-02-15T16:53:02.362118+00:00 mdtnj01log-col rsyslogd: imrelp[2809]: error 'error sending relp: Broken pipe', object 'lstn 2809: conn to clt 10.10.10.149/10.10.10.149' - input may not work as intended [v8.2312.0 try https://www.rsyslog.com/e/2353 ]
2024-02-15T16:53:02.362140+00:00 mdtnj01log-col rsyslogd: imrelp[2809]: error 'io error, session broken', object 'lstn 2809: conn to clt 10.10.10.149/10.10.10.149' - input may not work as intended [v8.2312.0 try https://www.rsyslog.com/e/2353 ]
2024-02-15T16:53:02.362173+00:00 mdtnj01log-col rsyslogd: imrelp[2809]: error 'error sending relp: Broken pipe', object 'lstn 2809: conn to clt 10.10.10.149/10.10.10.149' - input may not work as intended [v8.2312.0 try https://www.rsyslog.com/e/2353 ]
2024-02-15T16:53:02.362193+00:00 mdtnj01log-col rsyslogd: imrelp[2809]: error 'io error, session broken', object 'lstn 2809: conn to clt 10.10.10.149/10.10.10.149' - input may not work as intended [v8.2312.0 try https://www.rsyslog.com/e/2353 ]
On my client side (sender) which is on RHEL 7.9 and running rsyslog-8.24.0-57.el7_9.3.x86_64. Using the following omrelp configuration.
action(type="omrelp" name="fwd-ldap" target="mdtnj01log-col" port="2809" template="Tmpl-ReWrite-ForwardFormat"
Timeout="120" #; Close the connection if there is no activity. We need to set this high
Conn.Timeout="5" #; Amount of time to wait in seconds to establish a connection
action.writeAllMarkMessages="off" #; Send all MARK messages
action.repeatedmsgcontainsoriginalmsg="off" #; Disable duplicate message reporting
action.reportSuspension="on" #; Generate a message if this connection is suspended
action.reportSuspensionContinuation="on" #; Generate a message when the connection resumes
queue.Type="LinkedList" #; Queue type. LinkList is best of both worlds memory and disk
queue.spoolDirectory="/var/lib/rsyslog" #; Directory where the queue files are stored
queue.filename="q-ldap-fwd" #; Queue file name
queue.size="50000" #: Number of messages that can be queued in memory
queue.highWatermark="40000" #; When this number of messages reaches this value memory queued messages are written to disk
queue.lowWatermark="20000" #; When this number is reached new messages stop being written to disk
queue.dequeueBatchSize="2048" #; Send the specified number of messages to remote system when dequeuing messages
queue.workerThreads="2" #; Number of worker threads to be used
queue.maxFileSize="1g" #; Max size for a queue file can be before a new queue file is created
queue.saveOnShutdown="on") #; Save all the messages if rsyslog is stop
On my server side which is on RHEL 9.2 running rsyslog-8.2312.0-1.el9.x86_64. Using the following configuration.
input(type="imrelp" address="mdtnj01log-col " port="2809" name="input-ldap-relp-acc-v4" ruleset="rule-ldap-acc-v4")
ruleset(name="rule-ldap-acc-v4") {
#; Local file storage for logs. Single file created for everything on this stream.
#: These logs should only be maintained for 7 to 14 days. These are used for troubleshooting
action(type="omfile" name="output-ldap-acc-v4" template="Tmpl-ReWrite-IP-FileFormat"
dynafile="Tmpl-DynaFile-LDAP-Acc" #; Dynamic file naming template to be used (daily files)
dynafilecachesize="14" #; Number of dynamic file names to keep in cache
closetimeout="5" #; Close the file after so many minutes with no activity
flushinterval="5" #; Flush the buffers every so many seconds
asyncwriting="on" #; Enable asynchronous writes
iobuffersize="256k" #; Chunk the writes to disk
dirowner="root" #; Owner for the directory where the log file is stored
dirgroup="apache" #; Group for the directory where the log file is stored
dircreatemode="0750" #; Permissions for the directory where the log file is stored
fileowner="root" #; Owner for the log file
filegroup="apache" #; Group for the log file
filecreatemode="0640" #; Permissions for log file
failonchownfailure="off") #; Continue on if we cannot not set the file ownerships
}
I have looked the 2353 error code, and I am not using or have enable TLS.
Any help would be great!
Thanks
Bob Kong
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.