[rsyslog] Rsyslog 4.4.2: server out-of-memory with gnutls

Rainer Gerhards rgerhards at hq.adiscon.com
Thu Nov 5 17:45:07 CET 2009 

Thanks, but I wasn't specific enough. For TLS, I also need to client config,
because I need two machines to reproduce any issues (these two instances are
also the challenge for the current testbench, what requires hopefully fewer
than I expect changes ;)).

Rainer 

> -----Original Message-----
> From: rsyslog-bounces at lists.adiscon.com [mailto:rsyslog-
> bounces at lists.adiscon.com] On Behalf Of Mr. Demeanour
> Sent: Thursday, November 05, 2009 5:41 PM
> To: rsyslog-users
> Subject: Re: [rsyslog] Rsyslog 4.4.2: server out-of-memory with gnutls
> 
> Rainer Gerhards wrote:
> > Can you send me your rsyslog.conf, so that I can run it under the
> memory
> > debugger in my lab. I'll also take this as a motivation to finally
> add
> > multi-daemon tests to the testbench (what may take me a little
> while...).
> 
> This is the server config (some of the remarks are misleading).
> 
> #  /etc/rsyslog.conf    Configuration file for rsyslog v3.
> #
> #                       For more information see
> #                       /usr/share/doc/rsyslog-
> doc/html/rsyslog_conf.html
> 
> # $DebugPrintTemplateList on
> # $ActionFileDefaultTemplate mysql-template
> #################
> #### MODULES ####
> #################
> 
> $ModLoad imuxsock # provides support for local system logging
> 
> # $ModLoad ommysql.so
> 
> # provides UDP syslog reception
> $ModLoad imudp
> $UDPServerRun 514
> $ModLoad imklog   # provides kernel logging support (previously done by
> rklogd)
> 
> # provides TCP syslog reception
> $ModLoad imtcp
> 
> # make gtls driver the default
> # $DefaultNetstreamDriver gtls
> $DefaultNetstreamDriver ptcp
> 
> # certificate files
> $DefaultNetstreamDriverCAFile /etc/rsyslog.d/.ssl/gnu-ca-cert.pem
> $DefaultNetstreamDriverCertFile /etc/rsyslog.d/.ssl/saraha-rsyslog-
> cert.pem
> $DefaultNetstreamDriverKeyFile /etc/rsyslog.d/.ssl/saraha-rsyslog-
> key.pem
> 
> # $InputTCPServerStreamDriverMode 1 # run driver in TLS-only mode
> # $InputTCPServerStreamDriverAuthMode anon # client is NOT
> authenticated
> $InputTCPServerRun 10514 # start up listener at port 10514
> 
> $ModLoad MySQL
> 
> ###########################
> ###########################
> #### GLOBAL DIRECTIVES ####
> ###########################
> 
> #
> # Use default timestamp format.
> # To enable high precision timestamps, comment out the following line.
> #
> $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
> 
> #
> # Set the default permissions for all log files.
> #
> $FileOwner root
> $FileGroup adm
> $FileCreateMode 0640
> $DirCreateMode 0755
> $WorkDirectory /var/log/rsyslog
> 
> $template mysql-template, "insert into logs(host, facility, priority,
> level, tag, datetime, msg) values ('%source%', '%syslogfacility-text%',
> '%syslogpriority-text%', '%syslogseverity-text%', '%programname%',
> '%timereported:::date-mysql%', '%msg%')", sql, mysql
> 
> # $template DEBUG,"Debug line with all properties:\nFROMHOST:
> '%FROMHOST%', HOSTNAME: '%HOSTNAME%', PRI: %PRI%,\nsyslogtag
> '%syslogtag%', programname: '%programname%', APP-NAME: '%APP-NAME%',
> PROCID: '%PROCID%', MSGID: '%MSGID%',\nTIMESTAMP: '%TIMESTAMP%',
> STRUCTURED-DATA: '%STRUCTURED-DATA%',\nmsg: '%msg%'\nrawmsg:
> '%rawmsg%'\n\n"
> 
> ###############
> #### RULES ####
> ###############
> #Discard some dross messages
> # authpriv.info                   ~
> :HOSTNAME, isequal, "last"      ~
> 
> #Discard router access messages for the script on Prajna that collects
> the router logs.
> if $msg contains 'User logged in on TELNET (192.168.1.2)' then ~
> if $msg contains 'User logged out on TELNET (192.168.1.2)' then ~
> 
> # Log everything else to mysql.
> $ActionQueueType LinkedList
> # Number of elements...
> $ActionQueueSize 100
> # $ActionQueueFileName mysql
> # $ActionQueueMaxDiskSpace 1M
> # $ActionQueueHighWaterMark 40
> # $ActionQueueLowWaterMark 5
> 
> 
> *.*
>  >127.0.0.1,syslog,syslog,syslog;mysql-template
> 
> $ActionExecOnlyWhenPreviousIsSuspended on
> &                               ~
> $ActionExecOnlyWhenPreviousIsSuspended off
> 
> #Log local stuff ONLY to /var/log/syslog
> :HOSTNAME, isequal, "prajna"    -/var/log/syslog
> 
> 
> --
> Jack.
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com

More information about the rsyslog mailing list