Hi there, I've recently been seeing issues with TLS encrypted remote logging in rsyslog. This exact setup (same configs and certs) used to work fine in the 7.x version that I used to use (I don't recall the exact version), but since I upgraded recently I've been seeing problems. My logs are filled with the following errors:
Sep 18 16:49:12 myserver rsyslogd-2089: netstream session 0x7fbe38017380 will be closed due to error [try http://www.rsyslog.com/e/2089 ] The debug logs show that server appears to be reporting GnuTLS error -54, and the client is reporting error -28. According to http://gnutls.org/manual/html_node/Error-codes.html the errors mean the following: CODE: SELECT ALL -28 GNUTLS_E_AGAIN Resource temporarily unavailable, try again. -54 GNUTLS_E_PULL_ERROR Error in the pull function. I'm really not sure what to do with these errors, though. Anyone have any clues as to what might be wrong? I've included the relevant portions of the server/client configs and debug logs. Please let me know if I can provide any more information to help debug. Thanks. PS - I've posted to the boards if it's more convenient to reply there: http://kb.monitorware.com/tls-issues-t12433.html Here's the server side configuration: ----snip---- $ModLoad imtcp $DefaultNetstreamDriver gtls $DefaultNetstreamDriverCAFile /etc/ssl/certs/ca- certificates.crt $DefaultNetstreamDriverCertFile /etc/ssl/certs/mycert.crt $DefaultNetstreamDriverKeyFile /etc/ssl/private/mycert.key $InputTCPServerStreamDriverMode 1 $InputTCPServerStreamDriverAuthMode anon $InputTCPServerRun 514 ----snip---- And the client side configuration: ----snip---- $DefaultNetstreamDriver gtls $DefaultNetstreamDriverCAFile /etc/ssl/certs/ca-certificates.crt $ActionSendStreamDriverMode 1 $ActionSendStreamDriverAuthMode anon *.* @@myserver:514 ----snip---- Here's the debug log from the server: ----snip---- CODE: SELECT ALL 6425.814033306:imtcp.c : New connect on NSD 0x22960d0. 6425.814050711:imtcp.c : dnscache: entry (nil) found 6425.819281124:imtcp.c : GnuTLS handshake does not complete immediately - setting to retry (this is OK and normal) 6425.819336017:imtcp.c : New session created with NSD 0x7fbe38006060. 6425.819349710:imtcp.c : hasRcvInBuffer on nsd 0x2274ec0: pszRcvBuf (nil), lenRcvBuf 0 6425.819365513:imtcp.c : hasRcvInBuffer on nsd 0x22961a0: pszRcvBuf (nil), lenRcvBuf 0 6425.819371127:imtcp.c : hasRcvInBuffer on nsd 0x7fbe380027d0: pszRcvBuf (nil), lenRcvBuf 0 6425.819377270:imtcp.c : --------<NSDSEL_PTCP> calling select, active fds (max 19): 10 11 19 6425.869702367:imtcp.c : hasRcvInBuffer on nsd 0x2274ec0: pszRcvBuf (nil), lenRcvBuf 0 6425.869739092:imtcp.c : hasRcvInBuffer on nsd 0x22961a0: pszRcvBuf (nil), lenRcvBuf 0 6425.869745980:imtcp.c : hasRcvInBuffer on nsd 0x7fbe380027d0: pszRcvBuf (nil), lenRcvBuf 0 6425.869751482:imtcp.c : GnuTLS requested retry of 1 operation - executing 6425.869771778:imtcp.c : unexpected GnuTLS error -54 in nsdsel_gtls.c:166: Error in the pull function. 6425.869778668:imtcp.c : XXXXXX: doRetry: iRet -2078, pNsd->bAbortConn 1 6425.869784278:imtcp.c : tcpsrv: ready to process 1 event entries 6425.869789568:imtcp.c : tcpsrv: processing item 0, pUsr 0x7fbe38006060, bAbortConn 6425.869794885:imtcp.c : netstream 0x7fbe38005f90 with new data 6425.869800728:imtcp.c : gtlsRcv return. nsd 0x7fbe380027d0, iRet -2089, lenRcvBuf 0, ptrRcvBuf 0 6425.869806958:imtcp.c : Called LogMsg, msg: netstream session 0x7fbe38005f90 will be closed due to error ----snip---- And the debug log from the client: ----snip---- CODE: SELECT ALL 6425.563661890:main Q:Reg/w0 : TCPSendInit CREATE 6425.563672293:main Q:Reg/w0 : caller requested object 'nsd_gtls', not found (iRet -3003) 6425.563680500:main Q:Reg/w0 : Requested to load module 'lmnsd_gtls' 6425.563688698:main Q:Reg/w0 : loading module '/usr/lib/rsyslog/lmnsd_gtls.so' 6425.564301093:imuxsock.c : Message from UNIX socket: #3 6425.564345762:imuxsock.c : main Q: qqueueAdd: entry added, size now log 1, phys 2 entries 6425.564356808:imuxsock.c : main Q: EnqueueMsg advised worker start 6425.564364103:imuxsock.c : --------imuxsock calling select, active file descriptors (max 5): 3 5 6425.568209729:main Q:Reg/w0 : source file nsd_gtls.c requested reference for module 'lmnet', reference count now 5 6425.568232497:main Q:Reg/w0 : caller requested object 'nsd_ptcp', not found (iRet -3003) 6425.568244289:main Q:Reg/w0 : Requested to load module 'lmnsd_ptcp' 6425.568255709:main Q:Reg/w0 : loading module '/usr/lib/rsyslog/lmnsd_ptcp.so' 6425.568380354:main Q:Reg/w0 : source file nsd_ptcp.c requested reference for module 'lmnetstrms', reference count now 3 6425.568397304:main Q:Reg/w0 : module lmnsd_ptcp of type 2 being loaded (keepType=0). 6425.568402146:main Q:Reg/w0 : entry point 'isCompatibleWithFeature' not present in module 6425.568406151:main Q:Reg/w0 : entry point 'setModCnf' not present in module 6425.568410168:main Q:Reg/w0 : entry point 'getModCnfName' not present in module 6425.568414042:main Q:Reg/w0 : entry point 'beginCnfLoad' not present in module 6425.568446534:main Q:Reg/w0 : source file nsd_gtls.c requested reference for module 'lmnsd_ptcp', reference count now 1 6425.568464875:main Q:Reg/w0 : GTLS CA file: '/etc/ssl/certs/ca-certificates.crt' 6425.585275110:main Q:Reg/w0 : source file nsdsel_gtls.c requested reference for module 'lmnsd_ptcp', reference count now 2 6425.585325229:main Q:Reg/w0 : module lmnsd_gtls of type 2 being loaded (keepType=1). 6425.585335401:main Q:Reg/w0 : entry point 'isCompatibleWithFeature' not present in module 6425.585343301:main Q:Reg/w0 : entry point 'setModCnf' not present in module 6425.585350931:main Q:Reg/w0 : entry point 'getModCnfName' not present in module 6425.585358359:main Q:Reg/w0 : entry point 'beginCnfLoad' not present in module 6425.585370506:main Q:Reg/w0 : source file netstrms.c requested reference for module 'lmnsd_gtls', reference count now 1 6425.692298351:main Q:Reg/w0 : our certificate is not set, file name values are cert: '(null)', key: '(null)' 6425.756724126:main Q:Reg/w0 : unexpected GnuTLS error -28 in nsd_gtls.c:1651: Resource temporarily unavailable, try again. 6425.756805221:main Q:Reg/w0 : TCPSendInit FAILED with -2078. ----snip---- _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
