[rsyslog-notify] Forum Thread: guardtime rsyslog /var/log/messages verification error - (Mode 'post')

[noreply at adiscon.com]

User: mkrutz 
Forumlink: http://kb.monitorware.com/viewtopic.php?p=24411#p24411

Message: 
----------
This is my setup in /etc/rsyslog.conf for the system log:
[code:pds02s2c]*.info action(type="omfile" file="/var/log/messages"
sig.provider="gt"
       
sig.timestampService="http://192.168.12.35/gt-signingservice"
# This is the address of my internal GT Gateway 
        sig.block.sizeLimit="1000"   # increase in production
        sig.keepTreeHashes="on"
        sig.keepRecordHashes="off")[/code:pds02s2c]
/var/log/messages is recording system events as per usual. I execute a
[code:pds02s2c]killall -HUP rsyslogd [/code:pds02s2c]to force the
processing of everything in the buffer. Next I am doing:
[code:pds02s2c]rsgtutil -t /var/log/messages[/code:pds02s2c]. This is the
output from the attempted signature verification:

[code:pds02s2c]/var/log/messages.gtsig[2:1:2]:
error[13]: tree hash mismatch
	Block Start Record.: 'Mar 20 07:41:26 localhost
rsyslogd: [origin software="rsyslogd" swVersion="7.6.0"
x-pid="3489" x-info="http://www.rsyslog.com"] start'
	Record in Question.: 'Mar 20 07:41:26 localhost
rsyslogd: [origin software="rsyslogd" swVersion="7.6.0"
x-pid="3489" x-info="http://www.rsyslog.com"] start'
	Computed Hash......:
12ff1b[...]78c46e
	Signature File Hash: 5cbdcc[...]c09593
	Tree Level.........: 0
	Tree Left Hash.....:
d3bbd3[...]28a501
	Tree Right Hash....:
5c33d9[...]dbeff2
error 13 (tree hash mismatch) 4 processing file
/var/log/messages[/code:pds02s2c]
It should be noted that the "Record in Question" would be the first two
lines of the file (according to the output above). I am simply trying to
verify the signature of the "running system log". Am I doing something
incorrect with sending the HUP? This particular piece is critical to the
use of KSI in system logging. Any suggestions?