Hello Radu,
I've encountered the same situation.
The direct cause is that libRELP uses a function from GnuTLS (called
'gnutls_certificate_set_verify_function') which did not appear until version
GnuTLS 2.9.10,
but the "configure.ac" in libRELP just asks for gnutls>1.4.0 .
So if you have a too-old GnuTLS library, librelp will compile without an error,
but will fail to load.
Solution:
Install GnuTLS > 2.9.10 .
-gordon
On 03/07/2014 08:34 AM, Radu Gheorghe wrote:
Hi again,
I'm starting a new thread because my problem is slightly different
than the original. And it's getting complicated. In fact, I'm pretty
confused, and I'd really like some guidance. Thanks in advance :)
My goal is to set up rsyslog with both TCP+TLS and RELP (no TLS. yet.)
The problem seems to be that I can't make them both work at the same
time. imrelp.so requires a new version of GnuTLS, and lmnsd_gtls.so
(required by TCP+TLS) works with the old version but not the new one.
######details of the problem#####
I'm running:
- rsyslog 8.1.6
- OS: CentOS 6.5 (updated just now)
- GnuTLS (comes with the OS): 2.8.5_13 (the one with the infamous
security bug fixed!)
In this setup, I can't get RELP to work, like in the original thread:
rsyslogd: could not load module '/lib64/rsyslog/imrelp.so', dlopen:
/usr/lib64/librelp.so.0: undefined symbol:
gnutls_certificate_set_verify_function [try
http://www.rsyslog.com/e/2066 ]
OK, so I installed the latest stable (3.2.12), like you see below.
Still doesn't work, because rsyslog seems to be looking for the
library on the system (/usr/lib64/libgnutls.so.26). So I do a hack to
link the new library in there:
mv /usr/lib64/libgnutls.so.26 /usr/lib64/libgnutls.so.26_old
ln -s /usr/local/lib/libgnutls.so /usr/lib64/libgnutls.so.26 # note
that libgnutls.so points to libgnutls.so.28.30.2, so 28 instead of 26
At his point, RELP works. Yeey! But now lmnsd_gtls.so complains:
rsyslogd: could not load module '/lib64/rsyslog/lmnsd_gtls.so',
dlopen: /lib64/rsyslog/lmnsd_gtls.so: undefined symbol: gcry_control
[try http://www.rsyslog.com/e/2066 ]
If I take out RELP and switch back to the original GnuTLS, rsyslog
starts with no problem
####possible solutions####
I think there's a bunch of things that can be improved. I'm writing
this from the user's point of view, because I don't know the
implementation details and what's technically possible:
- imrelp.so shouldn't depend on GnuTLS. IMO people that don't need TLS
shouldn't have this problem. Incidentally, this will also be a
workaround for me, because it means I can live with the system's
GnuTLS for lmnsd_gtls.so and use plain RELP.
- ideally, TCP+TLS should work with the new GnuTLS version and imrelp
should work with the old version
- if the above is not possible, then I assume a certain version of
GnuTLS is required. So it should be included/added in the rsyslog
packages and installed in a separate location. I'm saying a separate
location is needed so it doesn't interfere with the system (maybe
there's some other software in the system that requires and older
version, and rsyslog's upgrade breaks it)
The above is what makes sense to me, and I don't claim to be any sort
of exper in these matters. Any thoughts will be appreciated.
Also, I'm available for acually contributing on solving this. I'm not
just asking :D
Best regards,
Radu
On Thu, Mar 6, 2014 at 5:55 PM, Radu Gheorghe
<radu.gheor...@sematext.com> wrote:
Hi Andre,
These are great news!
In case it helps, below are my notes after installing GnuTLS 3.2.12
today (latest stable) on CentOS 6.4. The point was trying to make
TCP+TLS work in 7.4.4, but it didn't help. I was still getting the
same GnuTLS error:
https://github.com/sematext/rsyslog/blob/master/runtime/nsdsel_gtls.c#L166
Upgrading to 8.1.6 solved the problem. I have no idea if the GnuTLS
upgrade was necessary, but the rsyslog upgrade definitely was. If
anyone has any idea about the source of the "unexpected GnuTLS error",
please-please share :) Although I assume a different thread is
required for any follow-ups.
-----------installing GnuTLS on CentOS 6.4-------------
# make sure manually compiled libs are loaded
# not 100% sure it's really needed, though
echo "/usr/local/lib" >/etc/ld.so.conf.d/local.conf
echo "/usr/local/lib64" >>/etc/ld.so.conf.d/local.conf
ldconfig
# install libgmp, which is required by nettle,
# which is required by GnuTLS:
# http://stackoverflow.com/questions/9508851/how-to-compile-gnutls
yum install gmp-devel
# make sure openssl is up to date,
# otherwise libnettle will cry like a baby,
# at least in CentOS 6.4
yum install openssl-devel
# install libnettle
wget http://ftp.gnu.org/gnu/nettle/nettle-2.7.1.tar.gz
tar zxf nettle-2.7.1.tar.gz
cd nettle-2.7.1
./configure
make && make install
# point pkg-config to the location where you installed libnettle
export PKG_CONFIG_PATH="/usr/local/lib64/pkgconfig"
# install gnutls itself
wget ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/gnutls-3.2.12.tar.xz
tar --xz -xvf gnutls-3.2.12.tar.xz
cd gnutls-3.2.12
./configure
make && make install
On Thu, Mar 6, 2014 at 1:10 PM, Andre Lorbach <alorb...@adiscon.com> wrote:
I am finally catching up with my email ;).
I am going to take a look if GnuTLS libraries have been updated.
If not I will take a look how hard it can be to rebuild RPM's with a newer
GnuTLS Version. We have done this for other packages on RHEL 5 multiple
times before.
Best regards,
Andre Lorbach
-----Original Message-----
From: rsyslog-boun...@lists.adiscon.com [mailto:rsyslog-
boun...@lists.adiscon.com] On Behalf Of Rainer Gerhards
Sent: Wednesday, March 05, 2014 5:45 PM
To: rsyslog-users
Subject: Re: [rsyslog] could not load module '/lib64/rsyslog/imrelp.so
(version 7.6.0)
As far as I remember, building a recent GnuTLS on that old platform is a
lot of
hassle. That, plus David's info on the vuln probably means we won't go
through the hassle.
@Andre: I still wonder if the dependency for the relp package is not
correct.
Should it specify the newer GnutTLS version? If it doesn't, relp won't
work in
any case, right? So if that's the case (and RH does not backport a newer
version), that probably means we should officially cease relp support
for that
old version (as far as rsyslog's own packages are concerned).
Comments?
Rainer
On Wed, Mar 5, 2014 at 1:05 PM, Radu Gheorghe
<radu.gheor...@sematext.com>wrote:
aaaah, now I see what the problem is. Your version of gnutls is too
old. I had the same problem:
http://www.gossamer-threads.com/lists/rsyslog/users/12685
And I feel very bad for not posting back the solution. I thought I did
that but I didn't. Definitely the first step is to get a newer gnutls
and compile it. And I guess the problem I had was that rsyslog was
still looking at the old gnutls library. And I vaguely remember
"fixing" it by manually moving and linking files in /lib64. Maybe this
helps you, too?
Either way, this reveals the problem with the packages. If they don't
work with CentOS 6.5 they won't work with RHEL 6.5 and any previous
version. I guess a newer gnutls package needs to be included in the
rsyslog repository as a solution? Or rsyslog can be made to work with
older gnutls versions?
On Wed, Mar 5, 2014 at 11:53 AM, Anwar El fatayri
<anwar.fata...@hotmail.co.uk> wrote:
This is what i don't understand. I have it installed on my system :
[root@srv ~]# find / -name "*relp*"/lib64/rsyslog/
omrelp.so/lib64/rsyslog/imrelp.so/var/log/tls-relp/var/lib/yum/yumdb/r
/bf49b26f76662f519a06e7e746a629f577f7a9ec-rsyslog-relp-7.6.0-1.el6-x86
_64/var/lib/yum/yumdb/l/ed6186745fe50d049726724969cfac1e31fa70a8-
libre
lp-1.2.2-1.el6-x86_64/elk/logstash-1.3.3/spec/inputs/relp.rb/elk/logst
ash-1.3.3/logstash/util/relp.rb/elk/logstash-1.3.3/logstash/inputs/rel
p.rb/usr/share/doc/librelp-1.2.2/usr/share/doc/librelp-1.2.2/relp.html
/usr/lib64/librelp.so.0.0.0/usr/lib64/librelp.so.0
==========================================================
==========================================================
=========================================
Package Arch
Version Repository
Size=======================================================
==========================================================
============================================Updating:
rsyslog x86_64
7.6.0-1.el6 rsyslog_v7
726 kUpdating for dependencies: librelp
x86_64 1.2.2-1.el6
rsyslog_v7 57 k rsyslog-gnutls
x86_64 7.6.0-1.el6
rsyslog_v7 28 k rsyslog-relp
x86_64 7.6.0-1.el6
rsyslog_v7 27 k
Transaction
Summary===================================================
============
==========================================================
============
========================
and i still get this error :s ----> could not load module
'/lib64/rsyslog/imrelp.so', dlopen: /usr/lib64/librelp.so.0: undefined
symbol: gnutls_certificate_set_verify_function [try
http://www.rsyslog.com/e/2066 ]
Date: Wed, 5 Mar 2014 11:36:59 +0200
From: radu.gheor...@sematext.com
To: rsyslog@lists.adiscon.com
Subject: Re: [rsyslog] could not load module
'/lib64/rsyslog/imrelp.so
(version 7.6.0)
So you've installed rsyslog-relp and you have no file *relp.so in
your system? This means that either something is wrong with the
package or the way you search for that file. Or something else :)
Not sure where to go from here, really. Can you check the package
(unpack it) and run a `find / -name *relp.so`?
On Wed, Mar 5, 2014 at 11:13 AM, Anwar El fatayri
<anwar.fata...@hotmail.co.uk> wrote:
I installed the following yum repository :
wget http://rpms.adiscon.com/v7-stable/rsyslog.repo -O
/etc/yum.repos.d/rsyslog.repo
and the i updated rsyslog :
yum update rsyslog
I'm using CentOS 6.3
From: anwar.fata...@hotmail.co.uk
To: rsyslog@lists.adiscon.com
Date: Wed, 5 Mar 2014 10:07:46 +0100
Subject: Re: [rsyslog] could not load module
'/lib64/rsyslog/imrelp.so (version 7.6.0)
yes i did :
Installed PackagesName : rsyslog-relpArch :
x86_64Version : 7.6.0Release : 1.el6Size : 38 kRepo
:
installedFrom repo : rsyslog_v7Summary : RELP protocol support
for
rsyslogURL : http://www.rsyslog.com/License : (GPLv3+ and
ASL
2.0)Description : The rsyslog-relp package contains the rsyslog
plugins
that provide : the ability to receive syslog messages via
the
reliable RELP : protocol.
Date: Tue, 4 Mar 2014 16:10:42 -0800
From: da...@lang.hm
To: rsyslog@lists.adiscon.com
Subject: Re: [rsyslog] could not load module
'/lib64/rsyslog/imrelp.so (version 7.6.0)
did you install the rsyslog-relp package from that repository?
David Lang
On Tue, 4 Mar 2014, Anwar El fatayri wrote:
Date: Tue, 4 Mar 2014 18:17:23 +0100
From: Anwar El fatayri <anwar.fata...@hotmail.co.uk>
Reply-To: rsyslog-users <rsyslog@lists.adiscon.com>
To: rsyslog-users <rsyslog@lists.adiscon.com>
Subject: Re: [rsyslog] could not load module
'/lib64/rsyslog/imrelp.so
(version 7.6.0)
I left the company. Rsyslog is tryling to load the imrelp
module
from /usr/lib64/rsyslog/imrelp.so. I'm sure that it doesn't exist
there but with the earlier version that i was using (v5) this wasn't
the path to load the module.
I added the adiscon repository to /etc/yum.repos.d/ and then
updated rsyslog to v7. After that, i recieved this error.
Date: Tue, 4 Mar 2014 18:31:08 +0200
From: radu.gheor...@sematext.com
To: rsyslog@lists.adiscon.com
Subject: Re: [rsyslog] could not load module
'/lib64/rsyslog/imrelp.so (version 7.6.0)
Do you have a file that matches *relp.so somewhere in your
system?
On Tue, Mar 4, 2014 at 5:51 PM, Anwar El fatayri
<anwar.fata...@hotmail.co.uk> wrote:
i installed the package from the adiscon repository.
Installed PackagesName : rsyslogArch :
x86_64Version : 7.6.0Release : 1.el6Size : 2.3 MRepo
: installedFrom repo : rsyslog_v7Summary : a rocket-fast system
for
log processingURL : http://www.rsyslog.com/License :
(GPLv3+
and ASL 2.0)Description : Rsyslog is an enhanced, multi-threaded
syslog
daemon. It supports MySQL, : syslog/TCP, RFC 3195,
permitted
sender lists, filtering on any message part, : and fine
grain
output format control. It is compatible with stock sysklogd
:
and can be used as a drop-in replacement. Rsyslog is simple to set up,
with
: advanced features suitable for enterprise-class,
encryption-protected syslog : relay chains.
[root@serv ~]# yum info rsyslog-relpLoaded plugins:
fastestmirror, prestoLoading mirror speeds from cached hostfile *
atomic:
mirrors.neusoft.edu.cn * base: fr2.rpmfind.net * extras:
centos.quelquesmots.fr * updates: fr2.rpmfind.netInstalled
PackagesName
: rsyslog-relpArch : x86_64Version : 7.6.0Release
:
1.el6Size : 38 kRepo : installedFrom repo :
rsyslog_v7Summary : RELP protocol support for rsyslogURL :
http://www.rsyslog.com/License : (GPLv3+ and ASL 2.0)Description :
The rsyslog-relp package contains the rsyslog plugins that provide
: the ability to receive syslog messages via the reliable RELP
: protocol.
El Fatayri Anwar
Student in telecommunication systems & computer
networksLinköping International University (LIU)Linköping - Sweden
+46 707 140 340
Date: Tue, 4 Mar 2014 17:43:17 +0200
From: radu.gheor...@sematext.com
To: rsyslog@lists.adiscon.com
Subject: Re: [rsyslog] could not load module
'/lib64/rsyslog/imrelp.so (version 7.6.0)
Hey Anwar,
Did you do --enable-relp when you compiled rsyslog? If you
installed
from some packages, there is a rsyslog-relp package or
something like
that.
On Tue, Mar 4, 2014 at 5:28 PM, Anwar El fatayri
<anwar.fata...@hotmail.co.uk> wrote:
Hey,
I installed rsyslog v7-stable in order to setup rsyslog
with a
RELP TLS secured connection. However, i'm getting this error when i
restart the rsyslog service :
could not load module '/lib64/rsyslog/imrelp.so', dlopen:
/usr/lib64/librelp.so.0: undefined symbol:
gnutls_certificate_set_verify_function [try
http://www.rsyslog.com/e/2066]
I have librelp 1.2.2 installed on my machine.
Thanks in advance
Anwar
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow
https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC
mailing list, posts are ARCHIVED
by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT
POST if you DON'T LIKE THAT.
--
Performance Monitoring * Log Analytics * Search Analytics
Solr & Elasticsearch Support * http://sematext.com/
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow
https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC
mailing list, posts are ARCHIVED by
a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT
POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED
by
a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT
POST if you DON'T LIKE THAT.
--
Performance Monitoring * Log Analytics * Search Analytics
Solr & Elasticsearch Support * http://sematext.com/
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED
by a
myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT
POST
if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED
by a
myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT
POST
if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by
a
myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT
POST
if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by
a
myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT
POST
if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE
WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT
POST
if you DON'T LIKE THAT.
--
Performance Monitoring * Log Analytics * Search Analytics Solr &
Elasticsearch Support * http://sematext.com/
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE
WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT
POST
if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE
WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.
--
Performance Monitoring * Log Analytics * Search Analytics Solr &
Elasticsearch Support * http://sematext.com/
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE
WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL:
This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites
beyond
our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
--
Performance Monitoring * Log Analytics * Search Analytics
Solr & Elasticsearch Support * http://sematext.com/
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
