Rsyslog 1.11.0 (development branch) has been released today. This version finally supports the RFC 3195 listener, bringing rsyslog even closer to its initial design goals. The listener supports full RAW and limited COOKED profiles (no relay operations). It is implemented as an optional stand-alone RFC3195-to-local-domain-socket forwarder (named rfc3195d). This allows it to be used with other syslogds, too.
The RFC 3195 listener is a major feature improvement for rsyslog. It is build on liblogging. It should be noted, however, that there still is much room for improvement in rfc3195d.
An implementation of the RFC 3195 sender is still due.
Rainer Gerhards
Posted by
rgerhards
on
Wednesday, October 12, 2005
3092
I have just released rsyslog 1.10.1. This release is slightly unscheduled. It orginally should have been released in a few days with some more enhancements. However, we have discovered a SQL injection vulnerability in rsyslog and decided to release a fix for the development branch as soon as possible (thankfully the code was at an interim milestone, so it was easy to do).
The most important feature of 1.10.1 obviously is the fix for the SQL injection vulnerability. Besides that, it offers a fix in handling broken MySQL connections. Feature-wise, it adds the ability to execute scripts (and other programs) on message reception. Together with the new filtering engine, this can, for example, be used to generate email alerts on important events.
I hope this release is useful. Please expect the originally scheduled feature set some time next week. Among others, it will bring additional comparison operations for the new filter engine.
Rainer
Posted by
rgerhards
on
Friday, September 23, 2005
3575
I am proud to announce release 1.10.0, the first development release after 1.0.0 stable. Release 1.10.0 contains major new features, most importantly the ability to filter on any syslog message property, not just facility and priority. For example, it can now be filtered based on the content of the message itself (e.g. log to a different file if it contains the string "error"). Other new features include the ability to conditionally discard messages, regular expression support inside templates, performance improvements, and more.
Rainer Gerhards
Posted by
rgerhards
on
Tuesday, September 20, 2005
2621
I have just released rsyslog 1.0.0, the first (official) stable version of rsyslog. Feature-wise it is no difference to 0.9.8, it just has some minor doc changes plus a very little bug fix in the usage note.
From the release point of view, however, this release is a very important achivement. It provides a solid basis for those interested in running a stable release. The 1.0.0 codebase has been run for several weeks now without any error reports. It has also been reviewed, and all issues been ironed out. 1.0.0 creates the stable branch.
Please note that the stable branch will primarily receive fixes. The unstable branch (to be created soon) will have all the new cool features.
If you run any version of rsyslog, I recommend moving to 1.0.0.
I hope this release is helpful.
Rainer Gerhards
Posted by
rgerhards
on
Monday, September 12, 2005
3298
I am glad to announce that I have just released rsyslog 0.9.6. This release is focussed on streamlining towards the first final 1.0 release. The documentation has been greatly enhanced and changed to html format. It now includes an installation howto. Also, samples of system startup scripts have been added, hopefully facilitating deployment.
Visit the rsyslog status page for download and link to the change log:
There is one important change for existing rsyslogd users: the syntax of the -r option has been changed. It now accepts the port that rsyslogd should listen to. That, however, breaks existing scripts. They must be changed to use "-r 0", which mimics the previous behaviour. I am sorry for this inconsistency, but I thought it is better to keep the command line options consistent - and at the current time changing that interface is hopefully not such a big issue. If we'd do it much later, it might have been impossible. The new syntax also provides ample opportunity for future enhancement, which then can be kept consistent with the -t tcp listener command line option.
The next steps for rsyslog will be to look at the packaging and eventually some further minor clean-ups. I would also appreciate any feedback from practical use, especially if you should run a high-volume system. I now traget the 1.0 release for early September.
There is no need to upgrade to 0.9.6 if you are happy with what you currently run.
I hope the new release is helpful.
Rainer Gerhards
Posted by
rgerhards
on
Tuesday, August 09, 2005
2772
I have written a new tutorial on how to store syslog messages in MySQL. The paper discusses the concepts, describes the actual steps necessary and talks about common pitfalls.
Rsyslog 0.9.5 supports multiple rsyslogd instances on a single machine. This can be useful for special, security-enhanced configurations. Release 0.9.5 also contains improved error message handling during startup and some bug fixes. If you are happy with version 0.9.4, there is no important reason to upgrade to this release.
Now, the tcp sender is implemented, allowing rsyslog to be used inside all parts of the relay chain. Please note that tcp/syslog allows to encrypt syslog traffic quite easily. Release 0.9.4 is a major step toward a stable 1.0 release of rsyslog. There are some other minor changes in rsyslog, mostly formatting changes in internally-generated messages.
Hi all,
I have just written a tutorial on encrypting syslog traffic. This is to be released as part of the 1.0 release of rsyslog. I would deeply appreciate if some of you could have a look at it and provide me some feedback.
My intention is to make encrypted syslog much more popular than it is nowadays. Besides a syslogd capable of doing it easy, good documentation is needed. The question is where I have arrrive - and what can be improved. I also intend to ship the configuration files as part of the rsyslogd package.
Please follow the link to the syslog encryption tutorial.
