MonitorWare Knowledge Base

Your first source for knowledge

Skip to content

Garbage in remote log w/gnutls

This is the place for you, if you got rsyslog up and running but wonder how to make it do what you want.

Moderator: rgerhards

Post a reply

Garbage in remote log w/gnutls

Postby drmikecrowe » Fri Jun 12, 2009 7:43 am

Hi folks,

The syslogtag in my remote log (phpLogCon) has ugly data like this: #026#003#002#000O#001#000#000K...

Other remote hosts are working fine. I've just compiled 4.1.7 with gnutls on a debian lenny system. I'm using the same cert process I've used before, but can't trip onto what I'm missing.

My config file is: rsyslog.conf:
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$DefaultNetstreamDriverCAFile /var/lib/puppet/ssl/certs/ca.pem
$ModLoad /usr/lib/rsyslog/lmnsd_gtls.so
$DefaultNetstreamDriver gtls # use gtls netstream driver
$ActionSendStreamDriverMode 1 # require TLS for the connection
$ActionSendStreamDriverAuthMode anon # server is NOT authenticated
*.* @@(o)MYHOST.COM:10514 # send (all) messages

On the host (MYHOST.COM), the log has:
2009-06-12T02:48:36.269942-04:00 200.106.144.90 #026#003#002#000O#001#000#000K#003#002J1�I#005#003R`'�,W�gM�xɼ�f�!�#027Fw�E��#000#000$#0003#000E#0009#000�#000#026#0002#000D#0008#000�#000#023#000f#000/#000A#0005#000�
2009-06-12T02:52:33.234462-04:00 200.106.144.90 #026#003#002#000O#001#000#000K#003#002J1�6&#000#033g#015���gÑ#016#027�G\_kt#014�K#001�#037��#000#000$#0003#000E#0009#000�#000#026#0002#000D#0008#000�#000#023#000f#000/#000A#0005#000�

Where can I look next?
drmikecrowe
New
 
Posts: 7
Joined: Fri Oct 17, 2008 1:52 pm
Top

Professional Services Information

  • Custom written rsyslog.conf?
  • Maintenance Contract?
  • Installation support?

Re: Garbage in remote log w/gnutls

Postby rgerhards » Fri Jun 12, 2009 7:45 am

pls post client and server conf
User avatar
rgerhards
Site Admin
 
Posts: 2778
Joined: Thu Feb 13, 2003 11:57 am
Top

Re: Garbage in remote log w/gnutls

Postby drmikecrowe » Fri Jun 12, 2009 8:03 am

Client:
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$DefaultNetstreamDriverCAFile /var/lib/puppet/ssl/certs/ca.pem
$ModLoad /usr/lib/rsyslog/lmnsd_gtls.so
$DefaultNetstreamDriver gtls # use gtls netstream driver
$ActionSendStreamDriverMode 1 # require TLS for the connection
$ActionSendStreamDriverAuthMode anon # server is NOT authenticated
*.* @@(o)MYHOST.COM:10514 # send (all) messages


Server:
rsyslog.conf:auth,authpriv.* /var/log/auth.log
rsyslog.conf:*.*;auth,authpriv.none -/var/log/syslog
rsyslog.conf:daemon.* -/var/log/daemon.log
rsyslog.conf:kern.* -/var/log/kern.log
rsyslog.conf:lpr.* -/var/log/lpr.log
rsyslog.conf:mail.* -/var/log/mail.log
rsyslog.conf:user.* -/var/log/user.log
rsyslog.conf:mail.info -/var/log/mail.info
rsyslog.conf:mail.warn -/var/log/mail.warn
rsyslog.conf:mail.err /var/log/mail.err
rsyslog.conf:news.crit /var/log/news/news.crit
rsyslog.conf:news.err /var/log/news/news.err
rsyslog.conf:news.notice -/var/log/news/news.notice
rsyslog.conf:*.=debug;\
rsyslog.conf: auth,authpriv.none;\
rsyslog.conf: news.none;mail.none -/var/log/debug
rsyslog.conf:*.=info;*.=notice;*.=warn;\
rsyslog.conf: auth,authpriv.none;\
rsyslog.conf: cron,daemon.none;\
rsyslog.conf: mail,news.none -/var/log/messages
rsyslog.conf:*.emerg *
rsyslog.conf:daemon.*;mail.*;\
rsyslog.conf: news.err;\
rsyslog.conf: *.=notice;*.=warn |/dev/xconsole
rsyslog.conf:$IncludeConfig /etc/rsyslog.d/

rsyslog.d/gnutls-server.conf:$ModLoad ommysql # load the output driver (use ompgsql for PostgreSQL)
rsyslog.d/gnutls-server.conf:$ModLoad imtcp # network reception
rsyslog.d/gnutls-server.conf:$InputTCPServerRun 10514 # start a tcp server at port 514
rsyslog.d/gnutls-server.conf:$ModLoad imuxsock # local message reception
rsyslog.d/gnutls-server.conf:$WorkDirectory /var/tmp # default location for work (spool) files
rsyslog.d/gnutls-server.conf:$ActionQueueType LinkedList # use asynchronous processing
rsyslog.d/gnutls-server.conf:$ActionQueueFileName dbq # set file name, also enables disk mode
rsyslog.d/gnutls-server.conf:$ActionResumeRetryCount -1 # infinite retries on insert failure
rsyslog.d/gnutls-server.conf:*.* >localhost,Syslog,USER,PASSWORD

rsyslog.d/others.conf:$RepeatedMsgReduction on
rsyslog.d/others.conf:$RepeatedMsgContainsOrigionalMsg on
Attachments
rsyslog.zip
rsyslogd -d output
(17.21 KiB) Downloaded 4 times
drmikecrowe
New
 
Posts: 7
Joined: Fri Oct 17, 2008 1:52 pm
Top

Re: Garbage in remote log w/gnutls

Postby rgerhards » Fri Jun 12, 2009 8:06 am

that's what I thought. The server is missing tls definitions ;)
User avatar
rgerhards
Site Admin
 
Posts: 2778
Joined: Thu Feb 13, 2003 11:57 am
Top

Google Ads

Post a reply

Return to Configuration

Who is online

Users browsing this forum: No registered users and 1 guest

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group

phpBB SEO
Time : 0.039s | 12 Queries | GZIP : On
cron