From mboxrd@z Thu Jan 1 00:00:00 1970 From: ummeegge To: development@lists.ipfire.org Subject: Re: Testing Core Update 118 Date: Sat, 03 Feb 2018 20:42:10 +0100 Message-ID: <7BE31498-3CE8-4C13-98A7-DADE40004037@ipfire.org> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2406542332651805367==" List-Id: --===============2406542332651805367== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi all, first version for Rsyslogd has been pushed and can be found in here --> https= ://git.ipfire.org/?p=3Dpeople/ummeegge/ipfire-2.x.git;a=3Dcommit;h=3D9adcfd74= 5418bcb6e2acc5d1f99743f25282d2f8 . There is currently no make.sh diff cause on this machine are lot=C2=B4s of ot= her developments too but this should be no problem to supplement or to extend= this by your own. Have added so far: - GSSAPI (Kerberos) support which might also be interesting for encryption. - OpenSSL should be used, libgcyrpt too. - The usertools which includes also 'rscryutil' --> https://www.mankier.com/1= /rscryutil has been added . - Needed to set the CFLAG line in LFS cause Zlib has not been found while com= piling, this can be made may nicer. Rsyslog can also be linked against LZ4 (n= ew compression lib which should be available with Core 118 i think). - There are possibly a lot more modules available in the ROOTFILE then neede= d but for testing purposes possibly nice ? Can be reduced to the really neede= d after testings ... - A new directory to extend the configuration has been added and is findable = under /etc/rsyslog.d . - Rsyslogd process drops privileges now to user/group 'syslogd' cause user/gr= oup already exists and it might be nice to not operate as root i thought. --> There was the need for a usermod and to add the user 'syslogd' to the= group 'tty' . Initscript do this if not already done <-- A think about this = might also be nice . - 'RepeatedMsgReduction' is in config file but commented. - A work directory for spool and state files are under /var/spool/rsyslogd (w= ill be created via init script if not already there) but needs also some test= ings (queueing may?). - Bootlog block from sysklogd has been integrated into start) sequence in the= rsyslogd init script. - logrotate.conf needed to be adapted but the rotation has not been tested un= til now.=20 The init script do not start if sysklod is still active. A fast idea to integ= rate rsyslog into the run levels without creating the symlinks is to simply r= ename 'rsyslogd' to 'sysklogd' findable under /etc/rc.d/init.d . I think there is no need for json-c and libfastjson (libfastjson might be a b= etter solution) but this needs to be check either. Have surely forgot a lot but for the first something from here (happy testing= ). Greetings, Erik Am 02.02.2018 um 20:49 schrieb ummeegge: > Hi all, > did some tests now with Rsyslog which needed some entries in rsyslog.conf m= ore then before but the old sysklogd format can nevertheless be used and the = logging results are the same then sysklogd=C2=B4s . > Have build Rsyslog also in openssl-11 environment which looks good for the = building process, a test on a machine without OpenSSL-1.1.0g looked like this: >=20 > -> /etc/init.d/rsyslog start > Starting system logger...=20 > /usr/sbin/rsyslogd: error while loading shared libraries: libssl.so.1.1: ca= nnot open shared object file: No such file or directory [ OK ] >=20 > which looks good. Started with a configuration file and an initscript where= by both are functional but this is a fast shot and there should be more possi= ble. >=20 > Am 01.02.2018 um 16:16 schrieb Michael Tremer: >=20 >> Hi, >>=20 >> On Thu, 2018-02-01 at 15:43 +0100, ummeegge wrote: >>> Hello, >>>=20 >>> Am 01.02.2018 um 12:37 schrieb Michael Tremer: >>>=20 >>>> Hi, >>>>=20 >>>> nothing of that sounds too bad - except that it sounds a bit extortionat= e for >>>> just some syslogging. >>>>=20 >>>> Maybe it is worth trying it if can be built without json at least. >>>=20 >>> Have tried yesterday for fast checkout if it builds but the compilation q= uits causing a non existing libfastjson. Also the Rsyslog documentation point= s json-c as a requirement --> http://www.rsyslog.com/doc/master/installation/= install_from_source.html#build-requirements out, not sure if can get around i= t . Some of the other listed libs at the bottom might not be a requirement bu= t possibly a nice one to have even the logs should be send to a remote log se= rver. >>> Rsyslog do provides really a lot of extensions which might be worth for a= look over... >>=20 >> I am not sure if we need any of the extensions since we are basically >> using the bare minimum at the moment - sysklogd cannot do much more. >> And so far nobody has really complained about this. >=20 > I think we need in a minimum 'imuxsock.so' and 'imklog.so' to get the same = logging results then sysklod provides it. But there is more and it might be n= ice if someone jump into this here and complains more about possible extensio= ns. > It might also be possible to make a rsyslog-mysql or rsyslog-elasticsearch = packet available via Pakfire ? But this only as an idea from here... >=20 >>=20 >> json-c is fine. Some other packages need this too and I am sure that I >> have built this before somewhere. >=20 > Yes i do remember that too ??=20 >=20 >>=20 >> The rest: I think the rsyslogd people are doing this a bit wrong. It is >> quite an excessive amount of libraries and I do not get why some basic >> functionality like a syslog daemon needs that. But I guess we don't >> have any other choice here than packaging all of them. >=20 > Think so, lot=C2=B4s of new packages event they aren=C2=B4t that heavy weig= hts but as mentioned some of them can possibly also be dropped but may they a= re also nice ones to have ? > Possibly Peter can also take a look into that. >=20 >>=20 >>>> However, since we are on the topic of logging reliably, it might be inte= resting >>>> to have support for SSL in there. >>>=20 >>> This should be no problem i think. Rsyslog can be linked against libgcryp= t, GnuTLS and OpenSSL. A build is currently running on a openssl-11 basis whe= reby i think OpenSSL should be preferred ? >>=20 >> OpenSSL should be preferred. >=20 > Yes. >=20 >>=20 >>>>=20 >>>> Have you tried if the old configuration file works or does it come with = a new >>>> configuration file format? >>>=20 >>> The new version 8.32 is in building process will check this if it is read= y. On my first tries with Rsyslog which is no also 1+ year ago, i needed to m= ake two changes on syslog.conf --> https://forum.ipfire.org/viewtopic.php?t= =3D16669#p98481 and after that i renamed it to rsyslog.conf and everything wo= rked just fine. >>=20 >> That sounds good. They have their own configuration file format for >> some modules stuff but since we don't intend to use any of that, we >> should be fine here. >=20 > Think so. >=20 >>=20 >> Would you update those packages and rebase the branch on next since you >> have already been working on this? Please send this over to Peter for >> review then and let him test the TCP logging capabilities since he was >> the one who required this in the first place. >=20 > No problem but i think it might be a little more then a review only since s= ome more stuff needs to be checked especially for the config but also the ini= tscript. > Build it currently as packages (easier to install) 32bit are ready and a li= ttle tested am currently on a 64 bit build. >=20 >>=20 >> But let's only start working on this when the current OpenVPN stuff is >> done. >=20 > For an OK is it too late now :D but i won=C2=B4t do much more on this since= it works and i think this might be a good state to work further on it. Will = push it to Git then ? >=20 > Greetings, >=20 > Erik >=20 >=20 --===============2406542332651805367==--