OMFile Write to Stream Issue?

General discussions here

Moderator: rgerhards

Google Ads


OMFile Write to Stream Issue?

Postby CycnuS » Tue Oct 25, 2016 7:17 pm

Hey guys,

Novice with Rsyslog.

What I am doing:
Running a Raspberry Pi, I have installed the Kali ARM distro, Snort, and am sending Snort alerts through Rsyslog to a logging server.

Issue I am having:
At random (i believe) points throughout the day, Rsyslog will just stop sending any data to the logging server until it is restarted. I have confirmed that during this time Snort is still alerting and writing these alerts to the local log.

Process for pre and post issue confirmation:
1) Confirm Rsyslog is running
2) Confirm Snort is running
3) wget testmyids.com from any device on my network
4) cd to /var/log/snort on the Snort sensor and confirm that the snort.log file has been updated with that alert. This is the device that sends via rsyslog to the logging server.
5) cd /var/log/devices/snortIP of the logging server and confirm that the .log file has been updated
6) Log into the GUI of the logging server and confirm that I can see the alert that was generated

This works for roughly 3-4 hours before failing. When it fails I still see the snort.log file updated with the appropriate alert, but I see nothing on the logging device. The only way to correct this behavior is to restart rsyslog.

I have attached the debug.log from rsyslog. I've gone through it and did not notice any issues, however this was my first time ever reviewing a rsyslog debug log. I have attached the log for your review, any help is much appreciated.
Attachments
debug.log.zip
(348.09 KiB) Downloaded 41 times
CycnuS
New
 
Posts: 1
Joined: Tue Oct 25, 2016 7:03 pm

Urgent Question?

  • Pulling out your Hair?
  • Wasting Time and Money?
  • Deadline Approaching?

Google Ads


Return to General

Who is online

Users browsing this forum: No registered users and 0 guests

cron