[rsyslog] Rsyslog 4.4.2: server out-of-memory with gnutls

[Mr. Demeanour]

Rainer Gerhards wrote:
> Can you send me your rsyslog.conf, so that I can run it under the memory
> debugger in my lab. I'll also take this as a motivation to finally add
> multi-daemon tests to the testbench (what may take me a little while...).

This is the server config (some of the remarks are misleading).

#  /etc/rsyslog.conf    Configuration file for rsyslog v3.
#
#                       For more information see
#                       /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html

# $DebugPrintTemplateList on
# $ActionFileDefaultTemplate mysql-template
#################
#### MODULES ####
#################

$ModLoad imuxsock # provides support for local system logging

# $ModLoad ommysql.so

# provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
$ModLoad imklog   # provides kernel logging support (previously done by 
rklogd)

# provides TCP syslog reception
$ModLoad imtcp

# make gtls driver the default
# $DefaultNetstreamDriver gtls
$DefaultNetstreamDriver ptcp

# certificate files
$DefaultNetstreamDriverCAFile /etc/rsyslog.d/.ssl/gnu-ca-cert.pem
$DefaultNetstreamDriverCertFile /etc/rsyslog.d/.ssl/saraha-rsyslog-cert.pem
$DefaultNetstreamDriverKeyFile /etc/rsyslog.d/.ssl/saraha-rsyslog-key.pem

# $InputTCPServerStreamDriverMode 1 # run driver in TLS-only mode
# $InputTCPServerStreamDriverAuthMode anon # client is NOT authenticated
$InputTCPServerRun 10514 # start up listener at port 10514

$ModLoad MySQL

###########################
###########################
#### GLOBAL DIRECTIVES ####
###########################

#
# Use default timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

#
# Set the default permissions for all log files.
#
$FileOwner root
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$WorkDirectory /var/log/rsyslog

$template mysql-template, "insert into logs(host, facility, priority, 
level, tag, datetime, msg) values ('%source%', '%syslogfacility-text%', 
'%syslogpriority-text%', '%syslogseverity-text%', '%programname%', 
'%timereported:::date-mysql%', '%msg%')", sql, mysql

# $template DEBUG,"Debug line with all properties:\nFROMHOST: 
'%FROMHOST%', HOSTNAME: '%HOSTNAME%', PRI: %PRI%,\nsyslogtag 
'%syslogtag%', programname: '%programname%', APP-NAME: '%APP-NAME%', 
PROCID: '%PROCID%', MSGID: '%MSGID%',\nTIMESTAMP: '%TIMESTAMP%', 
STRUCTURED-DATA: '%STRUCTURED-DATA%',\nmsg: '%msg%'\nrawmsg: '%rawmsg%'\n\n"

###############
#### RULES ####
###############
#Discard some dross messages
# authpriv.info                   ~
:HOSTNAME, isequal, "last"      ~

#Discard router access messages for the script on Prajna that collects 
the router logs.
if $msg contains 'User logged in on TELNET (192.168.1.2)' then ~
if $msg contains 'User logged out on TELNET (192.168.1.2)' then ~

# Log everything else to mysql.
$ActionQueueType LinkedList
# Number of elements...
$ActionQueueSize 100
# $ActionQueueFileName mysql
# $ActionQueueMaxDiskSpace 1M
# $ActionQueueHighWaterMark 40
# $ActionQueueLowWaterMark 5


*.* 
 >127.0.0.1,syslog,syslog,syslog;mysql-template

$ActionExecOnlyWhenPreviousIsSuspended on
&                               ~
$ActionExecOnlyWhenPreviousIsSuspended off

#Log local stuff ONLY to /var/log/syslog
:HOSTNAME, isequal, "prajna"    -/var/log/syslog


-- 
Jack.