New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add a parameter to enable in-depth GnuTLS debug output #219

Closed
rgerhards opened this Issue Jan 25, 2015 · 4 comments

Comments

Projects
None yet
3 participants
@rgerhards
Member

rgerhards commented Jan 25, 2015

GnuTLS is often very picky about certificates, and the error codes are sometimes quite generic. Inside rsyslog's ./runtime/nsd_gtls.c there is a code to enable very in-depth logging of GnuTLS actions, but it is commented out via "#if 0". This was based on the assumption that it is only useful for rsyslog developers.

As it turned out, it's useful for users as well, at least in otherwise hard to solve cases. So we should add a (probably global) option to enable GnuTLS debugging.

While this is not available, users can get the same benefits by building rsyslog from source and changing the "#if 0" to "#if 1" in all cases.

@rgerhards

This comment has been minimized.

Member

rgerhards commented Jan 25, 2015

related to: #184

jgerhards added a commit to jgerhards/rsyslog that referenced this issue Jan 26, 2015

add global parameter "debug.gnutls"
enables GnuTLS indepth debugging
closes rsyslog#219
@binarymist

This comment has been minimized.

binarymist commented Jan 29, 2015

Thanks. I'm guessing this will be a few months at minimum away from going into Debian testing?

@rgerhards

This comment has been minimized.

Member

rgerhards commented Jan 29, 2015

I don't know their schedule, but you are probably right. I suggest to build from source. A tarball is already available at http://www.rsyslog.com/downloads/download-daily-build/

@virtualjmills

This comment has been minimized.

virtualjmills commented Jun 30, 2018

Old, but important. The GnuTLS debug directive (late rsyslog 8.x code) now uses a quoted-integer from zero (0) to ten (10), with most useful output emitted at level "3" or higher. The old "on" value (such as referenced in #184) simply throws a configuration file parser error. :-)

Example rsyslog.conf line:
global(debug.gnutls="3")

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment