You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Machine A forwards over TCP on port 518 using SSL with the omfwd module and the ossl stream driver. Machine B is listening on port 518 using imtcp with the ossl stream driver, and both machines have proper certificates. Expected behavior is that when both rsyslog instances have started up, logs will flow just fine.
Actual behavior
On Machine B, the receiver, netstat reveals that rsyslog is not even listening on port 518 until after rsyslog has been restarted one time.
Before restarting rsyslog on the receiver, I get this error message on the sender:
After restarting the rsyslog service on the receiver, logs flow just fine—I see the output of the sender's logs in /var/log/syslog on the receiver. What's especially strange is that this only happens if I use SSL. If I comment out the SSL block of both the sender and receiver and reboot / re-provision the receiver, it listens and receives on initial boot on expected.
Steps to reproduce the behavior
Provision new machine using configs described below and run tail -F /var/log/syslog. On initial boot of the receiver, sender starts logging the above message. After restarting rsyslog on the receiver, sender's logs can be seen in /var/log/syslog.
In case it's relevant, I included my systemd config. I thought this might be related to it rsyslog waiting on the network, so I tried adding the following with no effect:
# ...# Enables log receiver module
module(
load="imtcp"MaxSessions="500"StreamDriver.Name="ossl"StreamDriver.Mode="1"StreamDriver.AuthMode="x509/certvalid"
)
# listen on port and log to file
input(
type="imtcp"port="518"ruleset="imtcp_518"
)
ruleset(
name="imtcp_518"queue.type="LinkedList"
){
action(
type="omfile"file="/var/log/syslog"
)
}
# ...
Systemd Service Config:
[Unit]
Description=System Logging Service for Rsyslog
Requires=syslog.socket
Documentation=man:rsyslogd(8)
Documentation=https://www.rsyslog.com/doc/
# After=network-online.target # tried this and the line below, did not help
# Wants=network-online.target # tried this and the line above, did not help
[Service]
Type=notify
EnvironmentFile=-/etc/default/rsyslog
ExecStart=/usr/sbin/rsyslogd -n -i/var/run/rsyslogd-518-local.pid -f /etc/rsyslog-.conf $RSYSLOGD_OPTIONS
ExecReload=/sbin/start-stop-daemon --stop --signal HUP --quiet --pidfile /var/run/rsyslogd-518-local.pid --name rsyslogd
UMask=0066
StandardOutput=null
Restart=on-failure
# Increase the default a bit in order to allow many simultaneous
# files to be monitored, we might need a lot of fds.
LimitNOFILE=16384
[Install]
WantedBy=multi-user.target
Alias=syslog-518-local.service
The text was updated successfully, but these errors were encountered:
Expected behavior
Machine A forwards over TCP on port 518 using SSL with the
omfwd
module and theossl
stream driver. Machine B is listening on port 518 usingimtcp
with theossl
stream driver, and both machines have proper certificates. Expected behavior is that when both rsyslog instances have started up, logs will flow just fine.Actual behavior
On Machine B, the receiver,
netstat
reveals that rsyslog is not even listening on port 518 until after rsyslog has been restarted one time.Before restarting rsyslog on the receiver, I get this error message on the sender:
After restarting the rsyslog service on the receiver, logs flow just fine—I see the output of the sender's logs in
/var/log/syslog
on the receiver. What's especially strange is that this only happens if I use SSL. If I comment out the SSL block of both the sender and receiver and reboot / re-provision the receiver, it listens and receives on initial boot on expected.Steps to reproduce the behavior
Provision new machine using configs described below and run
tail -F /var/log/syslog
. On initial boot of the receiver, sender starts logging the above message. After restarting rsyslog on the receiver, sender's logs can be seen in/var/log/syslog
.In case it's relevant, I included my systemd config. I thought this might be related to it rsyslog waiting on the network, so I tried adding the following with no effect:
NOTE: If you comment out the TLS config parts below, it works just fine on initial boot:
Environment
Sender:
Receiver:
Systemd Service Config:
The text was updated successfully, but these errors were encountered: