The rocket-fast system for log processing

ChangeLog for 4.0.1 (devel)

Version 4.1.0 [DEVEL] (rgerhards), 2008-11-18

********************************* WARNING *********************************
This version has a slightly different on-disk format for message entries.
As a consequence, old queue files being read by this version may have
an invalid output timestamp, which could result to some malfunction inside
the output driver. It is recommended to drain queues with the previous
version before switching to this one.
********************************* WARNING *********************************
  • greatly enhanced performance when compared to v3.
  • added configuration directive "HUPisRestart" which enables to configure
    HUP to be either a full restart or "just" a leightweight way to
    close open files.

  • enhanced legacy syslog parser to detect year if part of the timestamp
    the format is based on what Cisco devices seem to emit.

  • added a setting "$OptimizeForUniprocessor" to enable users to turn off
    pthread_yield calls which are counter-productive on multiprocessor
    machines (but have been shown to be useful on uniprocessors)

  • reordered imudp processing. Message parsing is now done as part of main
    message queue worker processing (was part of the input thread)
    This should also improve performance, as potentially more work is
    done in parallel.

  • bugfix: compressed syslog messages could be slightly mis-uncompressed
    if the last byte of the compressed record was a NUL

  • added $UDPServerTimeRequery option which enables to work with
    less acurate timestamps in favor of performance. This enables querying
    of the time only every n-th time if imudp is running in the tight
    receive loop (aka receiving messsages at a high rate)

  • doc bugfix: queue doc had wrong parameter name for setting controlling
    worker thread shutdown period

  • restructured rsyslog.conf documentation
  • bugfix: memory leak in ompgsql
    Thanks to Ken for providing the patch