Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Using wrong configuration for rsyslog #25

Open
skuppa opened this issue Dec 5, 2016 · 0 comments
Open

Using wrong configuration for rsyslog #25

skuppa opened this issue Dec 5, 2016 · 0 comments

Comments

@skuppa
Copy link

skuppa commented Dec 5, 2016

I was getting error while sending server log using loggly container. The error is

unexpected GnuTLS error -53 in nsd_gtls.c:1618: Error in the push function. [v8.9.0 try http://www.rsyslog.com/e/2078 ]

I logged into the container and found out that it is not using the updated configuration for rsyslog as mentioned in the documentation, https://www.loggly.com/docs/rsyslog-tls-configuration/

Linux release information

/ # cat /etc/*-release
3.3.1
NAME="Alpine Linux"
ID=alpine
VERSION_ID=3.3.1
PRETTY_NAME="Alpine Linux v3.3"
HOME_URL="http://alpinelinux.org"
BUG_REPORT_URL="http://bugs.alpinelinux.org"

Rsyslog version

/ # rsyslogd -v
rsyslogd 8.9.0, compiled with:
	PLATFORM:				x86_64-alpine-linux-musl
	PLATFORM (lsb_release -d):
	FEATURE_REGEXP:				Yes
	GSSAPI Kerberos 5 support:		No
	FEATURE_DEBUG (debug build, slow code):	No
	32bit Atomic operations supported:	Yes
	64bit Atomic operations supported:	Yes
	memory allocator:			system default
	Runtime Instrumentation (slow code):	No
	uuid support:				Yes
	Number of Bits in RainerScript integers: 64

See http://www.rsyslog.com for more information.

Rsyslog configuration

/ # cat /etc/rsyslog.conf
# Input modules
$ModLoad immark.so     # provide --MARK-- message capability
$ModLoad imuxsock.so   # provide local system logging (e.g. via logger command)
$ModLoad imudp         # provides UDP syslog reception
$ModLoad imtcp         # provides TCP syslog reception

# Output modules
$ModLoad omstdout.so       # provide messages to stdout

# Loggly template format
$template LogglyFormat,"<%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msgid% [token-removed-for-posting@41058 tag=\"ript-api-server\"] %msg%\n"

# Setup disk assisted queues. An on-disk queue is created for this action.
# If the remote host is down, messages are spooled to disk and sent when
# it is up again.
$WorkDirectory /var/spool/rsyslog # where to place spool files
$ActionQueueFileName fwdRule1     # unique name prefix for spool files
$ActionQueueMaxDiskSpace 1g       # 1gb space limit (use as much as possible)
$ActionQueueSaveOnShutdown on     # save messages to disk on shutdown
$ActionQueueType LinkedList       # run asynchronously
$ActionResumeRetryCount -1        # infinite retries if host is down

#RsyslogGnuTLS
$DefaultNetstreamDriverCAFile /etc/rsyslog.d/keys/ca.d/loggly.crt
$ActionSendStreamDriver gtls
$ActionSendStreamDriverMode 1
$ActionSendStreamDriverAuthMode x509/name
$ActionSendStreamDriverPermittedPeer *.loggly.com

# Send everything to Loggly over TLS
*.* @@logs-01.loggly.com:6514;LogglyFormat

# TCP Syslog Server
$InputTCPServerRun 514 # start a TCP syslog server at standard port 514

# UDP Syslog Server
$UDPServerRun 514      # start a UDP syslog server at standard port 514

It will be helpful to update the configuration and release the updated container.

Thanks.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@skuppa