Author : Adiscon Support

RSyslog Windows Agent 4.3c Released

Adiscon is proud to announce the 4.3c release of Rsyslog Windows Agent.

This release contains some a minor bugfix.

Detailed information can be found in the version history below.

Build-IDs: Service 4.3.0.178, Client 4.3.0.255

Version 4.3c is a free download. Customers with existing 3.x keys can contact our Sales department for upgrade prices. If you have a valid Upgrade Insurance ID, you can request a free new key by sending your Upgrade Insurance ID to sales@adiscon.com. Please note that the download enables the free 30-day trial version if used without a key – so you can right now go ahead and evaluate it.

Bugfixes

  • Property Engine: Fixed a bug that caused the first dynamic property to be missing when using XML report format. This bug also affected the Syslog TCP File-Caching feature (%rawsyslogmsg% missing).

RSyslog Windows Agent 4.3b Released

Adiscon is proud to announce the 4.3b release of Rsyslog Windows Agent.

This release contains some a minor bugfix.

Detailed information can be found in the version history below.

Build-IDs: Service 4.3.0.177, Client 4.3.0.255

Features

Bugfixes

  • Property Engine: Fixed a bug related to the compressspace property replacer option that surfaced after recent stability changes. The bug stopped the option from working properly.

Version 4.3b is a free download. Customers with existing 3.x keys can contact our Sales department for upgrade prices. If you have a valid Upgrade Insurance ID, you can request a free new key by sending your Upgrade Insurance ID to sales@adiscon.com. Please note that the download enables the free 30-day trial version if used without a key – so you can right now go ahead and evaluate it.

rsyslog 8.32.0 (v8-stable) released

Today, we release rsyslog 8.32.0. This realease, again, sports a vast number of changes. E.g. there are a number of new or updated build requirements, namely: libfastjson 0.99.8, libczmq >= 3.0.2 and libcurl. Otherwise most notably is the major update that ompgsql has received through contribution. Other changes include modules like pmrfc3164, omhiredis, mmexternal, omprog, imfile, omfile, mmpstrucdata. The full list of changes to rsyslog can be reviewed in the Changelog.

We have also made some major changes to the RHEL/CentOS packages for rsyslog. We are now using a modified spec file from the CentOS base repository for building the EL7 release RPM. We decided to go this way out of several reasons. The major reason was a huge issue with the startup scripts that we used, which did not really work well on EL7 systems. More details are available here: http://www.rsyslog.com/major-centos7-rpm-changes/ and here: https://github.com/rsyslog/rsyslog/issues/2134#issuecomment-355483536

Another reason is, that we wanted to make our own RPMs more similar to those in the base repository to avoid major conflicts in the future. That also means, that some additional module packages are not available anymore, because they are now included in the base rsyslog package (mmanon, mmutf8fix, ommail and pmaixforwardedfrom). All other additional sub-packages are still available.

Because the Launchpad build environment [1] is currently unavailable, we cannot produce packages for Ubuntu at the moment. They will be published once the systems are available again.

ChangeLog:

[1] https://lists.ubuntu.com/archives/launchpad-announce/2018-January/000103.html

Major CentOS7 RPM changes

We made some major changes to the way the RPMs for CentOS7/RHEL7 are built. We have adapted the spec file definitions of the base repo to build our own RPMs after we detected some trouble with the last released version. That means, that some things will also change, so our RPMs are more like the official ones.

Stock CentOS 7 8.24.0 package to 8.32.0-1 package upgrade

The upgrade completes and the same functionality present before is present here. Because the syntax was obsolete legacy format before and the format is obsolete legacy format now the /etc/rsyslog.d/listen.conf file passes validation checks (rsyslogd -N6) without issue.

That said, the /etc/rsyslog.d/listen.conf file doesn’t really do anything because the /etc/rsyslog.conffile disables local logging and the /usr/lib/systemd/system/rsyslog.repo unit file doesn’t enable socket activation (basically the symlink from /etc/systemd/system/syslog.service to /usr/lib/systemd/system/rsyslog.service wasn’t created and systemd doesn’t create the /run/systemd/journal/syslog socket for rsyslog to read from).

Not a problem here because the conf file was stock before and is still stock (now upstream Adiscon copy), so imjournal is used to pull log messages (API?) instead of via a socket.

Adiscon repo 8.31.0-4 stable package (with unmodified Adiscon RPM config) to 8.32.0-1 package upgrade

After installing the 8.31.0-4 package (the last one), systemctl disable rsyslog; systemctl enable rsyslog and that workaround seemed to allow that version to function as expected (restart, start, stop). A now performed upgrade to the new package and rebooted. Prior to that, attempting to run systemctl status rsyslogwarned me that I should run systemctl daemon-reload (or restart) to sort things out.

After a restart, all stock settings appeared to function normally. The upgrade (yum install rsyslog) pulled in the needed libfastjson package version without my explicitly specifying to install that package. The /etc/rsyslog.conf file included in the previous stable version was replaced, but this was to be expected because I did not modify the previous conf file (thus the checksums match).

Adiscon repo 8.31.0-4 with custom config to 8.32.0-1 package upgrade

In short, the symlink from /etc/systemd/system/syslog.service to /usr/lib/systemd/system/rsyslog.service wasn’t created and systemd doesn’t create the /run/systemd/journal/syslog socket for rsyslog to read from. In a setup where imuxsock is used, not imjournal this means that rsyslog was not able to read from the socket. To restore this functionality, you have to create a drop-in to restore the socket activation.

Once you did that and either rebooted or ran systemctl daemon-reload, the /run/systemd/journal/syslogsocket was restored.

Addendum

Unmodified configurations should continue to work as before, so there is that.

Users of rsyslog who are using the Adiscon RPMs for a while now, may notice a change in the available module packages because the modules are now incorporated in the basic rsyslog package as in the RPM from the base repo. The affected module packages are (now no longer needed):

rsyslog-mmanon
rsyslog-mmutf8fix
rsyslog-mail
rsyslog-pmaixforwardedfrom

libfastjson 0.99.8 released

This is a new fork of the json-c library, which is optimized for liblognorm processing.

This release provides several fixes to libfastjson. Most notably is the bugfix for proper handling of constant key names. For more details, please refer to the changelog below.

Changelog:

0.99.8 2017-12-18
– make build under gcc7 with strict settings (warning==error)
– bugfix: constant key names not properly handled
if fjson_object_object_add_ex() is used with option
FJSON_OBJECT_KEY_IS_CONSTANT, fjson_object_object_del() will still
try to delete the key name. Depending on use, this can lead to
double-free, use-after-free or no problem.
see also https://github.com/rsyslog/rsyslog/issues/1839
closes https://github.com/rsyslog/libfastjson/issues/148
– fix potentially invalid return value of fjson_object_iter_begin
this could lead to callers doing improper opreations and thus
could lead to a segfault in callers
detected by Coverity scan, CID 198891
– fix small potential memory leak in json_tokener (unlinkely to occur)
detected by Coverity Scan, CID 198890

Download:

http://download.rsyslog.com/libfastjson/libfastjson-0.99.8.tar.gz

sha256sum: 3544c757668b4a257825b3cbc26f800f59ef3c1ff2a260f40f96b48ab1d59e07

As always, feedback is appreciated.

Best regards,
Florian Riedl

rsyslog 8.31.0 (v8-stable) released

Today, we release rsyslog 8.31. This is probably one of the biggest releases in the past couple of years. While it also offers great new functionality, what really important about it is the focus on further improved software quality. For a more detailed description, please read Rainer’s blog post. Detailed information about the huge list of changes is available in the changelog.

http://blog.gerhards.net/2017/11/rsyslog-831-important-release.html

The packages have received some notable changes as well. First off, we were able to implement the Redis output module as a separate package on Ubuntu 14.04 and newer. Also there was a dependency change for the ommongo module, thus it is now only available on Ubuntu 16.04 or newer, but not on CentOS/RHEL anymore. Platform restrictions are unavoidable right now due to dependency availability.

ChangeLog:

rsyslog 8.30.0 (v8-stable) released

We have released rsyslog 8.30.0.

This release features a large number of changes. First we should mention the new build requirements for libfastjson 0.99.7 and the build recommendation for imjournal being libsystemd-journal >= 234.

Notable changes are that (JSON) variables are now handled case-insensitive by default, imjournal being able to switch to persistent journal in runtime and the complete refactoring of mmanon. Also, a lot of improvements have been added to the error reporting as well as many bugfixes.

For a complete list of changes, fixes and enhancements, please visit the ChangeLog.

The packages will follow when they are finished.

ChangeLog:

libfastjson 0.99.7 released

This is a new fork of the json-c library, which is optimized for liblognorm processing.

This release adds the option for case-insensitive comparisons and removes userdata and custom-serialization functions. For more details, please refer to the changelog below.

Changelog:

0.99.7 2017-10-17
– added option for case-insensitive comparisons
This permits to search for json keys in a case-sensitive way. The default is “off”, as this is against the JSON spec. However, rsyslog needs this capability to increase usability inside the variable system.
We add a new API call to switch between case-sensitive and case-insensitive comparison, with case-sensitive being the default.
closes https://github.com/rsyslog/libfastjson/issues/142
– Removed userdata and custom-serialization functions
Reasoning (from pull request):
The library uses the concept of “userdata” and “custom serialization functions” that can be set from user space. However, to effectively make use of this feature, a user must have a deep understanding of the internal data representation of the library, which makes this feature not very useful.
But what is worse: internally, the library itself also sometimes assigns data to this userdata member (especially when working with doubles), and it also sometimes assigns alternative serialization functions. This makes the feature even more unusable, because as a user you never can know when the userdata pointer is save to use for your own settings, and when you must leave it alone because it is used by the library.
Long story short. In this pull request I got rid of the userdata pointer completely. The case where the library was using the “userdata” (for storing the original string representation of a parsed double) has been moved into the union that is already used for storing values.
see also: https://github.com/rsyslog/libfastjson/pull/141
Thanks to Emiel Bruijntjes for the patch.

Download:

http://download.rsyslog.com/libfastjson/libfastjson-0.99.7.tar.gz

sha256sum: 373cca41cad90fd288998696cd56cc72df75fb094db82b4e95d78fa61910f690

As always, feedback is appreciated.

Best regards,
Florian Riedl

RSyslog Windows Agent 4.3 Released

Adiscon is proud to announce the 4.3 release of MonitorWare Agent.

This release contains some minor but useful features. Most important the debug output format has been enhanced. The new configuration client contains a DebugLog Viewer which lets you load and analyze the debug log in real-time. It is even possible to filter debug output by Service or Action which makes troubleshooting configuration issues much easier. For more details on all changes see the Version History.

Detailed information can be found in the version history below.

Build-IDs: Service 4.3.0.175, Client 4.3.0.255

Features

  • Configuration Client: Added DebugLog Viewer utility which can be used to analyze and filter the service debug log.
  • Configuration Reload: The random delay can now set up to 24 hours and does not affect the service control manager communication anymore.
  • Send to Communication Port Action: Comport are now kept open and the connection will be reused each time the action is called.
  • Debug Output: The format has been extended to include additional data and reformatted in many cases.
  • Engine: Added automatic crash generation and report function. If crashes can be caught internally, a dumpfile will be generated and send to Adiscon if allowed in Debug options.

Bugfixes

  • Syslog Action: Fixed an issue parsing IPv6 Address. When an IPv6 Address
    was used, the last digit pair was incorrectly removed to be set as port.

Version 4.3 is a free download. Customers with existing 3.x keys can contact our Sales department for upgrade prices. If you have a valid Upgrade Insurance ID, you can request a free new key by sending your Upgrade Insurance ID to sales@adiscon.com. Please note that the download enables the free 30-day trial version if used without a key – so you can right now go ahead and evaluate it.

rsyslog 8.29.0 (v8-stable) released

We have released rsyslog 8.29.0.

This release features a number of changes. E.g. imptcp now has an experimental parameter for multiline messages, and new statistics counters.

Most notably though, is the improved error reporting in the rsyslog core and in several modules like imtcp, imptcp, omfwd and the core modules. There is also an article available about the improved/enhanced error reporting:

https://www.linkedin.com/pulse/improving-rsyslog-debug-output-jan-gerhards

If you have questions or feedback in relation to the article and/or debug output, please let us know or leave a comment below the article.

Other than that, the new version provides quite a number of bugfixes.

For a complete list of changes, fixes and enhancements, please visit the ChangeLog.

The packages will follow when they are finished.

ChangeLog:
Scroll to top