rsyslog

The rocket-fast system for log processing

rsyslog 8.2508.0 (2025.08) – release announcement

By Rainer GerhardsPosted on Posted in announcement

Download: https://www.rsyslog.com/files/download/rsyslog/rsyslog-8.2508.0.tar.gz
Project-provided packages are building now and are expected later today. Ubuntu PPAs are already done.

We are excited to ship a large and meaningful rsyslog release. This cycle advances our responsible “AI First” strategy and moves decisively toward cloud native operations. It also delivers major quality, security, and documentation improvements.

Highlights at a glance

  • Cloud native progress: native Prometheus metrics, health checks, Docker artifacts merged into the monorepo, and hardened HTTP output.
  • Robust networking: a deep refactor of the TCP server and several race condition fixes in imtcp and related code paths.
  • Safer defaults and clearer errors: permission fixes, better TLS diagnostics, improved auth handling for omelasticsearch.
  • Language and pipeline power-ups: new RainerScript features headerless detection in pmrfc3164, a new PCRE match module, and an AI tagging PoC.
  • Developer experience: formatting normalization, type safe callbacks, Doxygen docs, and clarified internal interfaces.
  • Packaging change: documentation is now in the main repo under doc/ and there is no separate doc tarball.

Cloud native and observability

  • impstats can now output in Prometheus text format. This enables direct scraping without external translation.
  • imhttp adds a simple HTTP health check endpoint. A basic Prometheus scrape entry point is included for health status.
  • The rsyslog-docker repository has been merged into the main monorepo under packaging/docker/. CI and contributor workflows are simpler, and image work lives with the code.
  • omhttp is migrated to the modern OMODTX interface. Batching and replay behavior are aligned with current core contracts. This is a step toward project supported status for HTTP forwarding.

Networking, I/O, and performance

  • tcpsrv refactor: clearer ownership and locking, explicit state machine in doReceive, rearm epoll before unlock, and poll based helpers for non epoll paths. Cleanup and error paths are more consistent and easier to reason about.
  • imtcp hardening:
    • prevent double enqueue with an inQueue flag.
    • fix a session close race by guarding with an atomic being_closed flag.
  • Connection timing is corrected for microsecond rollover. This fixes edge cases in timing diagnostics.

Security, safety, and correctness

  • imjournal state file creation now uses a safe default mode (0644) for legacy configs.
  • omelasticsearch now treats HTTP 401 and 403 as errors. It logs a clear auth failure and suspends to prevent silent loss.
  • TLS and crypto improvements:
    • OpenSSL driver gains PrioritizeSAN to align with GnuTLS behavior.
    • TLS handshake errors now include the remote port.
    • GnuTLS missing cert or key warnings are logged only once.
    • net_ossl fingerprint verification leak fixed.
  • Portability and UB fixes:
    • remove unsafe function pointer casts that caused BUS errors on macOS ARM64.
    • make EAGAIN and EWOULDBLOCK checks portable.
    • fix a theoretical off by one overflow in the fork handshake.
    • avoid OpenSSL engine headers when engines are disabled.

Language, parsing, and pipeline features

  • RainerScript:
    • backticks support for ${VAR} and correct termination of $VAR in adjacent text (e.g. foo${ENV}bar and $VAR!).
    • new endswith operator for property filters.
  • pmrfc3164:
    • optional headerless detection and handling, with routing, drop, and error file options. Safe HUP handling for log rotation.
  • New modules:
    • fmpcre: PCRE based match function module.
    • mmaitag (PoC): AI based message classification with a Gemini provider and a mock provider. Tags are stored in a message variable (default $.aitag).

Outputs and inputs

  • omhttp: modernized to OMODTX, preserves batching thresholds and behavior while aligning with supported core APIs. Retry tests are updated for current replay semantics.
  • omsendertrack: PoC matured toward completion.
    • parameter rename: template -> senderid. Use senderid=”name”.
    • a statefile is now required; writes are atomic via a temp file.
    • built in default senderid template covers %fromhost-ip%.
    • docs and tests updated. Action required where this module is used.
  • omazureventhubs: replace unsafe sprintf with snprintf.
  • imfile: new deleteStateOnFileMove option to avoid stale state.

Developer experience, maintainability, and docs

  • Formatting normalization with clang format and a small fixup script. Four space indentation. An ignore list reduces blame noise. EditorConfig and a project local Vim config are included.
  • Macro modernization:
    • statement like forms with explicit trailing semicolons.
    • queryEtryPt chains simplified. The small evaluation cost is irrelevant since this runs on module load only.
  • Callback calls are migrated to type safe signatures. Opaque variadic use is reduced. Adapters bridge existing sites.
  • Documentation:
    • rsyslog doc repository was merged into the main repo under doc/. Builds and discovery are simpler. No separate doc tarball.
    • broad restructuring and many content updates.
    • Doxygen comments added for key subsystems like statsobj.
    • new FAQ on common configuration pitfalls (for example “& stop”).
    • improved developer docs on locking, actions, and queues.
  • AI support infrastructure:
    • ai/ directory added for external AI and ML tools that work alongside rsyslog, not inside the daemon.
    • support files for GitHub Copilot to improve patch quality.
    • mmaitag and several code changes were created with AI agents, then reviewed via the same rigorous process used for human changes. Defects found were used to improve AI guidance in rsyslog codebase.

User facing behavior and diagnostics

  • imjournal double close on cancellation fixed.
  • nsd_ptcp log messages corrected to avoid confusion with imptcp.
  • TLS handshake logs now include the remote port, which helps identify failing peers more quickly.

Breaking or actionable changes

  • Packaging: documentation lives in the main repo under doc/. There is no separate doc tarball. Packaging scripts may need updates.
  • omsendertrack: use senderid= instead of template=. A statefile is required. Configs must be adjusted where this module is used.
  • New features are opt in by default:
    • pmrfc3164 headerless detection is off unless configured.
    • impstats Prometheus format is off unless selected.

Responsible AI First

  • AI generated or AI assisted changes are reviewed and tested with the same rigor as all other code. Maintainers make the final decision on acceptance.
  • We reject low quality AI output. We tuned prompts, added guard rails, simplified code patterns where helpful, and expanded docs to make intent clear for both humans and tools.
  • mmaitag is an early PoC for practical AI in the pipeline. The focus is on safe, incremental value.

Toward cloud native

  • Prometheus metrics and health checks are now first class.
  • HTTP forwarding is being hardened for production use.
  • Docker artifacts are part of the monorepo and CI.
  • Type safe interfaces, clarified contracts, and consistent
    formatting reduce churn and enable better automation.

Credits

We thank all contributors. Special thanks to Attila Lakatos (cropi), Corey Siltala, Maks Maltsev, and xietangxin, and everyone who reported issues or tested early builds. Some work used AI agents like Codex and Gemini. Final changes were reviewed and approved with the same rigor.

Availability

Version 8.2508.0 (2025.08) is scheduled for 2025-08-26.
Download the source: https://www.rsyslog.com/files/download/rsyslog/rsyslog-8.2508.0.tar.gz
Project-provided packages are building now and are expected later today.

As always, please report issues and share feedback. We will continuously refine our path forward based on what you see in production.

Scroll to top