[rsyslog] rsyslog crash with tls

Rainer Gerhards rgerhards at hq.adiscon.com
Thu Dec 3 07:29:49 CET 2009 

Hi, 

> -----Original Message-----
> From: rsyslog-bounces at lists.adiscon.com 
> [mailto:rsyslog-bounces at lists.adiscon.com] On Behalf Of Rory Toma
> Sent: Wednesday, December 02, 2009 10:12 PM
> To: rsyslog-users
> Subject: [rsyslog] rsyslog crash with tls
> 
> rsyslog is crashing on me at some point. I'm getting ready to run it 
> under gdb to see where, but I thought I'd report this here first. It 
> just stop s running, and, afaik, doesn't drop a core. 
> Basically, I just 
> need a front-end rsyslog server to decrypt the incoming data 
> and pass it 
> on. If I do unencrypted, I don't believe it crashes. I've seen some 
> "overflow" messages shortly before crashing, so perhaps we're 
> overflowing somewhere. 

Can you post some example of these? Do you mean they are too long?

> I'll probably also do a valgrind pass 
> on it.

I would appreciate if you could do that. A major pain is to reproduce these
kind of things, so if you have the environment and the know how to do that,
it is a great help :)

> I'll 
> let you know what I find, or, if someone sees something wrong with my 
> conf file that would cause a problem, please let me know.
> 
> I'm also simply invoking rsyslog as
> 
> rsyslogd -c4
> 
> thx
> 
> 
> I've tried:
> 
> 5.3.5
> 5.2.0
> 4.4.2
> 4.5.7

I suggest that you also give 5.5.1 a try, there was a TLS-patch that, I
think, is not yet included in any versions you mention.

> 
> with the following conf file:
> 
> $DefaultNetStreamDriver gtls
> 
> $DefaultNetStreamDriverCAFile /export/rsyslog/certs/ca.pem
> $DefaultNetStreamDriverCertFile /export/rsyslog/certs/cert.pem
> $DefaultNetStreamDriverKeyFile /export/rsyslog/certs/key.pem
> 
> $WorkDirectory /export/rsyslog/spool
> 
> $ActionQueueType LinkedList
> $ActionQueueFileName rsyslog-fwd
> $ActionResumeRetryCount -1
> $ActionQueueSaveOnShutdown on
> 
> $ModLoad imtcp
> $ModLoad imuxsock
> $ModLoad lmnsd_gtls
> 
> $InputTCPServerStreamDriverMode 1
> $InputTCPServerStreamDriverAuthMode anon
> $InputTCPServerRun 80
> 
> *.* @syslog.ooma.com:514

This - unfortunately ;) - looks good to me. But I will try to run a similar
config a bit later today in my lab and see if it gives me problems. However,
being pretty basic, it resembles what I myself usually use during testing (I
guess it is even similar to one of the automatted tests...).

Rainer
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com
>

More information about the rsyslog mailing list