[rsyslog-notify] Forum Thread: Guardtime log signature doesn't verify/dumps errors - (Mode 'post')

[noreply at adiscon.com]

User: mkrutz 
Forumlink: http://kb.monitorware.com/viewtopic.php?p=24408#p24408

Message: 
----------
I've installed rsyslog version 7.6.0 and built with the options to get both
guardtime and the user tools configured and installed. My /etc/rsyslog.conf
entry looks like this:local2.info [code:5x1697cb]action(type="omfile"
file="/var/log/local2.log" sig.provider="gt"
        sig.keepTreeHashes="on"
        sig.keepRecordHashes="on")[/code:5x1697cb]

I'm successfully generating log messages clearly visible in
/var/log/local2.log. I also see a local2.gtsig and local2.gtstate file,
right where I'd expect them (/var/log). To make sure the gtsig file is
complete, I do a 'killall -HUP rsyslogd' to make sure it closes the file it
has been writing to for the signature.

For my particular test, local2.log is no longer being written to when I do
the HUP signal, and it's not being written to while I verify. However, when
I run: 'rsgtutil -t /var/log/local2.log', I get the following errors:

/var/log/local2.log.gtsig[1:1989:1989]: error[17]: RFC3161 timestamp
invalid
	Block Start Record.: 'Mar 19 14:11:57 localhost.localdomain
[akka.actor.default-dispatcher-6] Logger started'
	Record in Question.: 'Mar 19 14:12:37 localhost.localdomain [Thread-5]
testapp 2014-03-19 14:12:37: MODIFIED:
/home/guest/DEMO/javadoc/resources/inherit.gif.gtsig'
	Publication Server.: <!-- m --><a class="postlink"
href="http://verify.guardtime.com/gt-controlpublications.bin">http://verify.guardtime.com/gt-controlpublications.bin</a><!--
m -->
	GT Verify Timestamp: [517]Invalid signature
error 17 (RFC3161 timestamp invalid) 4 processing file /var/log/local2.log

I am unsure why this signature is not verifying correctly. This is about as
basic a test for signing logs as I could come up with. Any suggestions
would be appreciated.