5
responses

Hi everybody!

I have a problem with collecting logs.

Сlient application logs:

2020-01-09 15:24:54 INFO connected to server OK
2020-01-09 15:25:22 INFO reconnecting in 1 seconds
2020-01-09 15:25:22 ERROR remote ssl socket was reset? (SSL_ERROR_SYSCALL with errno=9); End of file found

TCP dump at the moment error:

C: Client Hello
S: Server Hello, Certificate, Certificate Request, Server Hello Done
C: Certificate, Client Key Exchange, Certificat Verify, Change Cipher Spec, Encrypted Handshake Message
S: New Session Ticket, Change Cipher Spec, Encrypted Handshake Message
C: Application Data
S: Encrypted Alert

And part of the data segment is looped, the infinitely the same fragment of data is stored in the log file on the server side.

How I may to detect the cause of this problem? I hope you help me, please. May be, I need to correct deep parameters of network settings? Thank you!

AskedJanuary 9, 2020 - 3:39pm

Comments (5)

  • Misaziv's picture
    (NXLog)

    This error is stating that the remote side closed the connection. In the log there should be other lines close to it where whatever that connection was is reconnected.

  • hatula's picture

    Thank you, Misaziv!

    My problem looks as NXlog client send the same fragment of file log in infinity loop to the server. The output file grows hundreds of times, and in it there is only one fragment of the log from the client.

  • hatula's picture

    My config:

    define ROOT         C:\nxlog
    define NXLOGLOGFILE %ROOT%\data\nxlog.log
    define CERTDIR      %ROOT%\cert
    
    PersistLogqueue TRUE 
    SyncLogqueue TRUE 
    CacheFlushInterval 0 
    CacheSync TRUE
    
    <Input winapp>
        Module       im_msvistalog
        ReadFromLast TRUE
        <QueryXML>
           <QueryList>
             <Query Id='1'>
               <Select Path='Application'>*</Select>      
             </Query>
           </QueryList>
       </QueryXML>
       Exec $FileName = 'winapp.log';
       Exec $EventTime = $EventReceivedTime;   
    </Input>
    
    <Input winsys>
        Module       im_msvistalog
        ReadFromLast TRUE
        <QueryXML>
           <QueryList>
             <Query Id='1'>         
               <Select Path='System'>*</Select>
             </Query>
           </QueryList>
       </QueryXML>
       Exec $FileName = 'winsys.log';
       Exec $EventTime = $EventReceivedTime;
    </Input>
    
    <Output out>
        BufferSize  9500000
        Module      om_batchcompress
        Host        192.168.100.100
        Port        1514
        UseSSL      true 
        AllowUntrusted TRUE 
        CAFile      %CERTDIR%\cacert.pem 
        CertFile    %CERTDIR%\clientcert.pem 
        CertKeyFile %CERTDIR%\clientkey.pem 
    </Output>
    
    <Route client>
        Path   winapp, winsys => out
    </Route>
    

    NXlog client worked, but a few weeks ago the certificate expired. I created new certificate, and since then I see this case. The new certificate is valid, connection is accepted by nxlog server. I have tcpdump.

Answers (0)