I have just released 3.14.2, an update to v3-stable. It is a purely bug-fixing release. Most importantly, it fixes a problem that caused imklog not to pull module symbols correctly from recent kernels. Also, a segfault caused by using expression-based filters is fixed. There are also some other fixes, see ChangeLog for details. This is a recommended update for all v3-stable branch users.
rsyslog 3.15.1 has been released. This is a refresh of the beta branch, providing new bug fixes. The beta branch currently features the RELP protocol and will be the next v3-stable once it has sufficiently matured.
rsyslog 3.17.0 has just been released. It is part of the development branch. The primary new feature is the ability to send email alerts based on syslog or file data. The action engine now has the ability to carry out an action only once within a configured interval and/or only during specific time frames. Option processing has been improved and a number of stability updates have been included. This is a recommended update for all users of the development version.
More information on the major new feature can be found here:
The following is a sample code snippet that alerts the operator when disk problems are detected:
$ModLoad ommail
$ActionMailSMTPServer mail.example.net
$ActionMailFrom rsyslog@example.net
$ActionMailTo operator@example.net
$template mailSubject,"disk problem on %hostname%"
$template mailBody,"RSYSLOG Alert\r\nmsg='%msg%'"
$ActionMailSubject mailSubject
# make sure we receive a mail only once in six
# hours (21,600 seconds ;))
$ActionExecOnlyOnceEveryInterval 21600
# the if ... then ... mailBody mus be on one line!
if $msg contains 'hard disk fatal failure' then :ommail:;mailBody
Note that we now have the ability to limit an action to be executed only once inside a specific period. In the above sample, the email alert happens only if there was no other such alert within the past 6 hours - this is absolutely vital to prevent an accidental DoS on your mailbox ;) ... but it may also be handy with other actions (e.g. SNMP trap notification etc etc). It's implemented at the action engine level, so it will work with any action, even file or database writes.
I would be most interested in feedback on the new email feature, including clever use cases. I am sure it can be quite useful (especially if you think about imfile...), but would really appreciate to hear from you (and prove this in practice)!
I am glad to finally announce rsyslog 3.14.1, the first version of the v3 stable branch.
This version offers almost all features of the current development version to those in need of a stable branch. Among others, this includes support for multiple database backends, queued and offline operations, SNMP and text file support. It is a big step compared to the v2 stable branch. Users are advised to check the compatibility notes before the update. It's not strictly necessary, but will enable to use rsyslog in the most efficient and problem-free way.
Please note that development continues inside the v3 branch. The v3 stable branch will see future feature enhancements after they have sufficiently matured. The v2 stable branch is still supported. It is quite featureless (compared to v3) but extremely solid. So if you are (or need to be) ultra-conservative, you can still take the v2 route. Feature-wise v2 is a dead end and only bug fixes will be provided.
The general recommendation is that the v3 stable branch be used for regular production machines. The Fedora project will feature rsyslog v3 stable in its upcoming release 9.
Please note that I made a mistake two days ago: I accidently released 3.14.0 to the web, without it being actually ready. For this reason, I have renamed the release to 3.14.1. There will never be an official 3.14.0 release. If you happen to have it downloaded and installed, please accept my apologies. You should get 3.14.1 whenever you are ready.
yes, I know it's April, 1st. But this release is not related to it ;)
I have just released rsyslog 3.15.0, the release that finally provides initial RELP support. RELP provides superior reliability over plain tcp syslog, ensuring that no messages are lost. With plain TCP, this can happen if the remote server goes down. RELP protects from this by utilizing a full-duplex protocol where each message is acknowledged. RELP should also be safe to use with stunnel, where plain tcp syslog sometimes gets into trouble.
The core RELP protocol support is NOT part of rsyslog. It comes in the form of librelp, available at http://www.librelp.com . You need to install librelp before you try to compile rsyslog with RELP support. That should be fairly simple.
If you run into any troubles, please let me know - I am more than happy to help. I plan to do some more in-depth doc on the use cases soon.
I have just release rsyslog 3.13.0-dev0, which will hopefully become the next stable release by mid-week.
It fixes two bugs, one is a potential segfault in the syslog/plain tcp receiver. The other one is removal of some debug instrumentation that accidently made it into 3.12.5. There is also a new ./configure option (--enable/disable-rsyslogd) which permits to build just specific plugins without the main binary. This has been added to support source-based packaging systems (like in FreeBSD). This is also a test for one potential new versioning scheme.
3.13.0-dev0 is recommended for all v3 branch users. Feedback on it is highly appreciated.
rsyslog 3.12.5 has just been released. It is mostly a bug-fixing and cleanup release. Some changed defaults make it easier to use advanced features. For example, high-precision timestamps are now enabled by default when writing log files and "last message repeated n times" processing, a typical trouble spot, is turned off by default. The documentation has been improved and the v2-backward compatibility layer has been completed. This version is a candidate to become the next stable release.
rsyslog 2.0.4, a stable release version, has been released today. It contains some bug fixes, the most important one is that FROMHOST was not properly set on internal messages. There are also two new properties ($HHOUR and $QHOUR) which can be used in dynamic log file generation. Rsyslog 2.0.4 is a recommended update for all users of the stable v2 branch.
rsyslog 3.12.4 has been released today. Thanks to a changed default, it now offers much faster log file writing. Also, advanced flow control has now been added to all inputs, giving an even more reliable system. There are some other small enhancements (see change log). There are also a number of bug fixes, the most important one being a fix for a massive memory leak in imklog. It lost several hundred kilobytes on each hup. Rsyslog 3.12.4 is a recommended update for all v3 branch users.
rsyslog 3.12.3 has been released today. It is primarily a bug-fixing release, but offers new, advanced flow control options. So far, only imfile utilizes these, but other modules will do so soon. The release contains important bug fixes, for example for a segfault on hup, improper framing for syslog/tcp communication and processing empty lines in the log file reader. Rsyslog 3.12.3 is a recommended update to all v3 branch users and users of 3.12.2 are urged to apply the update (some bugs where introduced in that release).
