What to do when an External Script does not work?

When a script runs fine interactively but fails in the rsyslog context (i.e., when executed by a background process or as part of a service) it typically indicates differences between the interactive environment and the service environment. Most importantly, it is not rsyslog itself you need to look at. Check the system config and debug your script so that you can obtain maximum information on why and when it fails.

Checking for issues with external scripts or plugins. (Symbol picture: Rainer Gerhards via AI)

If you know exactly that rsyslog cannot start the script, check that it has sufficient permissions and that all pathes are correct (use absolute pathes!).

Besides that general advice, here are some common reasons why the problem can happen and suggestions for debugging:

Continue reading “What to do when an External Script does not work?”

rsyslog on AWS – Update an existing CloudFormation stack

Welcome to this guide on updating an existing CloudFormation stack for the rsyslog server on AWS. In this tutorial, we will walk you through the steps necessary to ensure your rsyslog server is running the latest version with all the benefits of updated features and performance improvements. We will provide detailed instructions and screenshots to make the update process straightforward, ensuring minimal disruption to your logging setup. Whether you’re a seasoned AWS user or new to CloudFormation, this guide will help you achieve a smooth and efficient update.

Prerequisites

If changes were made to the rsyslog configuration, use the guide in this article to back up and restore configuration: AWS rsyslog Sync Configuration with S3.

Step 1: Select the CloudFormation Stack

To begin the update process for your rsyslog server on AWS, first, navigate to the AWS Management Console and go to the CloudFormation section. Here, locate the stack you wish to update.

  1. Visit AWS CloudFormation: Log in to your AWS Management Console and go to the CloudFormation service.
  2. Select Your Stack: Identify and select the CloudFormation stack for your rsyslog server. In this example, the stack is named “rsyslogtest”.
  3. Initiate Update: Click on the Update button, as highlighted in the screenshot above.

This will start the process to update your existing CloudFormation stack.
Click Update to proceed.

Step 2: Prepare the Template

After selecting the stack to update, the next step involves preparing the template for the update. Follow these instructions:

  1. Choose Template Option: In the “Prepare template” section, select the Replace existing template option.
  2. Specify Template Source: Under “Template source”, choose Amazon S3 URL.
  3. Enter S3 URL: Enter the following URL in the provided field:
   https://rsyslogpublic.s3.amazonaws.com/office_rsyslog_server.yaml

Alternatively, you can use the template URL provided on the AWS Marketplace product page for the rsyslog server.

This will prepare the new template to be applied to your existing stack.
Click Next to proceed.

Step 3: Specify Stack Details

After preparing the template, proceed to specify the stack details:

  1. Review Parameters: Ensure all parameters are correct. Adjust as necessary.
  2. Instance Settings:
  • Identifier Name: Change if necessary.
  • EC2 Instance Type: Change if necessary, as a new instance will be deployed.

Review all options carefully in case new features have been added.
Once all configurations are reviewed and adjusted, click Next to proceed.

Step 4: Configure Stack Options and Review

Review the stack options and make any necessary adjustments.

  1. Review Changes: Carefully review the list of changes in the “Change set preview”. Ensure all modifications align with your expectations.
  2. Submit: Once everything is reviewed and confirmed, click the Submit button to start the update process.

After clicking Submit, AWS will begin updating your CloudFormation stack. Monitor the progress to ensure the update completes successfully. If any issues arise, refer to the stack events for troubleshooting.

Step 5: Monitor the Update Process

  1. Monitor Progress: Check the events tab to monitor the progress of the update. The status should show “UPDATE_IN_PROGRESS” and various components being modified.
  2. Confirm Completion: When the update completes, ensure the status changes to “UPDATE_COMPLETE”.

Once the process is complete, verify that the CloudFormation stack was updated successfully by checking the final status and confirming that all intended changes were applied correctly.

Confirm EC2 Instance Running rsyslog Server

  1. Access the EC2 Instance: Use SSH to log in to your EC2 instance running the rsyslog server.
  2. Verify rsyslog: Once logged in, confirm that the rsyslog server is running properly. You should see the rsyslog welcome message, indicating that the application is installed and operational.

Check the rsyslog meta configuration located in /opt/rsyslog/config to ensure all settings are correct and the service is functioning as expected. This final verification confirms the successful update of your CloudFormation stack and the deployment of the new rsyslog server instance.

Back to aws rsyslog overview.

rsyslog on AWS – Version changelog

S2: v13 rsyslog

We are excited to announce the second public release of Rsyslog Server on AWS Marketplace. This version includes efficient logging, noise event filtering, and a streamlined web interface for system management. New features: Cloudwatch LogGroups, logfile compression, S3 log/config storage, enhanced CloudFormation support, and improved AWS region handling. Experience enhanced logging capabilities and simplified management with Rsyslog Server.

Key Features:

  • Cloudwatch LogGroups Integration: Now you can leverage AWS Cloudwatch LogGroups for better log management and analysis directly through our CloudFormation templates.
  • Logfile Compression: Enabled logfile compression to optimize storage and improve performance.
  • S3 Bucket Support: Added S3 support for both log storage and configuration backup, ensuring your data is safely stored and easily accessible.
  • Improved AWS Region Handling: Fixed issues with AWS_REGION in rsyslogctl to automatically use the correct region configuration.
  • Configuration Sync to S3: Fixed the sync_config_history_to_s3 feature, ensuring your configuration history is consistently backed up.
  • Enhanced CloudFormation Features: Added new features, including S3 support, access policies, and additional InstanceTypes, to our CloudFormation file for easier and more flexible deployments.
  • EFS Resource Management: Added Delete and Retain policies to EFS resources to ensure they survive a Stack Update.

S2: v12 rsyslog

We are excited to announce the inaugural public release of the official Rsyslog Server product on AWS Marketplace. This release introduces an efficient logging solution right out of the box. Additionally, it empowers users with seamless configuration options to filter out noise events and includes a streamlined web interface for system operation management. Get ready for enhanced logging capabilities and simplified management with the Rsyslog Server.

Back to aws rsyslog overview.

rsyslog on AWS – Sync Configuration with S3

Ensuring the integrity and availability of your rsyslog configuration is crucial for maintaining a robust logging system. By syncing your rsyslog configuration to AWS S3, you create a reliable backup that can be easily restored when needed. This guide will walk you through the process of syncing your rsyslog configuration to S3 and restoring it when necessary.

Prerequisites

Before you begin, ensure you have the following:

Syncing Configuration History to S3

This command synchronizes the current rsyslog configuration history to a specified S3 bucket. It ensures all configuration changes are backed up, providing a reliable recovery solution.

sudo rsyslogctl sync-config-history-to-s3

When executed, this command uploads your rsyslog configuration history to the S3 bucket configured in your settings. Regular execution of this command, especially after making significant changes, ensures your backups are always current.

Restoring Configuration from S3

This command downloads the rsyslog configuration history from an S3 bucket to the local machine, facilitating configuration restoration.

sudo rsyslogctl sync-s3-to-config-history

Executing this command retrieves the configuration history from S3 and applies it to your local rsyslog setup.

Back to aws rsyslog overview.

RSyslog Windows Agent 7.5a Released

Release Date: 2024-05-29

Build-IDs: Service 7.5.0.226, Client 7.4.0.315

Bugfixes

  • File Action: Fixed an issue with circular and segmented file logging when configured size was above 2GB.
  • Log Rotation: Fixed an issue with log rotation when Log rotation Size was above 2GB.
  • Log Rotation: Fixed unintended log rotation on configuration reload when Log rotation on Close was enabled.

You can download Free Trial Version of RSyslog Windows Agent.

Documentation Improvement and AI

For a long time, I struggled with the daunting task of enhancing the documentation for Rsyslog. My extensive knowledge of Rsyslog technology often made it challenging for me to create user-friendly documentation, especially for individuals with little to no syslog background. Additionally, as a non-native English speaker, I was aware that some of my sentences might be harder to understand than desired. But thanks to the breakthroughs in generative artificial intelligence (AI), the game has changed, and a new era of documentation improvement has begun.

With current state of technology, AI can not auto-generate complete documentations. It needs to form a team with a human instead. (Image: Rainer Gerhards via AI)
Continue reading “Documentation Improvement and AI”

Elevating Syslog Security: RSyslog Introduces DTLS Plugins for UDP

We at the RSyslog project are excited to share our recent advancements in syslog security. We have introduced initial plugins for Datagram Transport Layer Security (DTLS) syslog, namely imdtls (input module) and omdtls (output module). This development, which aligns with RFC 6012, represents a significant enhancement, albeit not a game-changer, in our continuous efforts to improve secure log transmission.

A symbolic graphic depicting syslog traffic.
A symbolic graphic depicting syslog traffic. (Picture: Rainer Gerhards via AI)
Continue reading “Elevating Syslog Security: RSyslog Introduces DTLS Plugins for UDP”

Additional improvements to rsyslog doc and site…

We’re excited to announce significant enhancements to the rsyslog website, designed to make your experience more efficient and enjoyable. Our primary focus has been on the documentation presentation, and we’ve implemented a range of upgrades across the site to reflect this.

rsyslog doc and site improvements continue (symbol picture: Rainer Gerhards via AI)
Continue reading “Additional improvements to rsyslog doc and site…”

Improving the rsyslog documentation…

The current state of rsyslog documentation and its representation on our official website has been a subject of concern within the professional community. We are initiating a comprehensive project aimed at systematically addressing these issues. Over the coming weeks, stakeholders can expect a series of methodical changes, some of which may be significantly transformative.

The rsyslog documentation – an important part of the system. (image: Rainer Gerhards/AI)
Continue reading “Improving the rsyslog documentation…”
Scroll to top