rsyslog

The rocket-fast system for log processing

Author : Adiscon Support

Changelog for 7.5.3 (v7-devel)

By Adiscon SupportPosted on Posted in ChangelogTagged , , , , , , , ,

Version 7.5.3 [devel] 2013-09-11

  • imfile: support for escaping LF characters added embedded LF in syslog messages cause a lot of trouble. imfile now has the capability to escape them to “#012″ (just like the regular control character escape option). This requires new-style input statements to be used. If legacy configuration statements are used, LF escaping is always turned off to preserve compatibility.
    NOTE: if input() statements were already used, there is a CHANGE OF BEHAVIOUR: starting with this version, escaping is enabled by default. So if you do not want it, you need to add escapeLF=”off” to the input statement. Given the trouble LFs cause and the fact that the majority of installations still use legacy config, we considered this behaviour change acceptable and useful.
    see also: http://blog.gerhards.net/2013/09/imfile-multi-line-messages.html
  • add support for global and local variables
  • bugfix: queue file size was not correctly processed
    this could lead to using one queue file per message for sizes >2GiB
    Thanks to Tomas Heinrich for the patch.
  • add main_queue() configuration object to configure main message queue
  • bugfix: stream compression in imptcp caused timestamp to be corrupted
  • imudp: add ability to specify SO_RCVBUF size (rcvbufSize parameter)
  • imudp: use inputname for statistics, if configured
  • impstats: add process resource usage counters [via getrusage()]
  • impstats: add paramter “resetCounters” to report delta values possible for most, but not all, counters. See doc for details.
  • librelp 1.2.0 is now required
  • make use of new librelp generic error reporting facility
    This leads to more error messages being passed to the user and thus simplified troubleshooting.
  • bugfix: very small memory leak in imrelp
    more or less cosmetic, a single memory block was not freed, but this only happens immediately before termination (when the OS automatically frees all memory). Still an annoyance e.g. in valgrind.
  • fix compile problem in debug build
  • imported fixes from 7.4.4

Changelog for 7.4.4 (v7-stable)

By Adiscon SupportPosted on Posted in ChangelogTagged , , , , ,

Version 7.4.4  [v7.4-stable] 2013-09-03

  • better error messages in GuardTime signature provider
    Thanks to Ahto Truu for providing the patch.
  • make rsyslog use the new json-c pkgconfig file if available
    Thanks to the Gentoo team for the patches.
  • bugfix: imfile parameter “persistStateInterval” was unusable
    due to a case typo in imfile; work-around was to use legacy config
    Thanks to Brandon Murphy for reporting this bug.
  • bugfix: TLV16 flag encoding error in signature files from GT provider
    This fixes a problem where the TLV16 flag was improperly encoded. Unfortunately, existing files already have the bug and may not properly be processed. The fix uses constants from the GuardTime API lib to prevent such problems in the future.
    Thanks to Ahto Truu for providing the patch.
  • bugfix: slightly malformed SMTP handling in ommail
  • bugfix: segfault in omprog if no template was provided (now dflt is used)
  • bugfix: segfault in ompipe if no template was provided (now dflt is used)
  • bugfix: segfault in omsnmp if no template was provided (now dflt is used)
  • bugfix: some omsnmp optional config params were flagged as mandatory
  • bugfix: segfault in omelasticsearch when resuming queued messages after restarting Elasticsearch
    closes: http://bugzilla.adiscon.com/show_bug.cgi?id=464
  • bugfix: imtcp addtlframedelimiter could not be set to zero
    Thanks to Chris Norton for alerting us.
  • doc bugfix: remove no-longer existing omtemplate from developer doc was specifically mentioned as a sample for creating new plugins
    Thanks to Yannick Brosseau for alerting us of this problem.
    closes: http://bugzilla.adiscon.com/show_bug.cgi?id=473

HIPAA compliance through rsyslog

By Adiscon SupportPosted on Posted in FAQTagged , , ,

HIPAA, the Health Insurance Portability and Accountability Act, is defining the standard for protecting sensitive patient data. This concerns every company that has to deal with protected health information and must ensure that all data must be secure in a physical way, on the network and in the process of data usage. Affected by this act is anyone who provides treatment, payment and operations in healthcare, as well as business associates who provide this as well.

The goal of HIPAA is to have the patient data protected. A security breach and thus a leak of patient data can cause extensive damage. Not only is it inflicting the trust of the patient into the organization, but also there are significant fines that come with a HIPAA violation.

The American Medical Association broke down the cost for several scenarios:

HIPAA ViolationMinimum PenaltyMaximum Penalty
Individual did not know (and by exercising reasonable diligence would not have known) that he/she violated HIPAA$100 per violation, with an annual maximum of $25,000 for repeat violations (Note: maximum that can be imposed by State Attorneys General regardless of the type of violation)$50,000 per violation, with an annual maximum of $1.5 million
HIPAA violation due to reasonable cause and not due to willful neglect$1,000 per violation, with an annual maximum of $100,000 for repeat violations$50,000 per violation, with an annual maximum of $1.5 million
HIPAA violation due to willful neglect but violation is corrected within the required time period$10,000 per violation, with an annual maximum of $250,000 for repeat violations$50,000 per violation, with an annual maximum of $1.5 million
HIPAA violation is due to willful neglect and is not corrected$50,000 per violation, with an annual maximum of $1.5 million$50,000 per violation, with an annual maximum of $1.5 million

And though, the annual maximum for violations lies at $1.5 million, the actual cost might be higher than such a basic cost. Patients may take legal action after their data is comprised and organizations are required to notify their patients if they are affected. Thus, the overall cost for non-compliance may quickly escalate. And even without being HIPAA compliant, significant cost can occur withough an incident even happening, just because an audit failed, fines will incur and remediation steps need to be taken.

rsyslog and it’s strong logging structure can help you minimizing the risks for such violations. One of the main requirements to become HIPAA compliant is to ensure, that patient data is handled with the right confidentialiy, ensure its integrity and its availability. Also one needs to identify common threats and implement solutions. On IT systems, some more or less basic tools give additional help to achieve these goals. Syslog servers like rsyslog receive and consolidate a lot of data that an auditor needs to review, identify problems and act accordingly.

Thus rsyslog can be escpecially valuable to achieve HIPAA compliance because it can ease the job for administrators and auditors by autonomously receiving, filtering and archiving log data, so review of the data becomes a lot easier if stored properly.

 

Changelog for 7.5.2 (v7-devel)

By Adiscon SupportPosted on Posted in ChangelogTagged , , , , , , , ,

Version 7.5.2 [devel] 2013-07-04

rsyslog 7.5.2 (v7-devel) released

By Adiscon SupportPosted on Posted in News, Release AnnouncementTagged , , , , , , ,

This version provides performance enhancements for the RELP modules. It also provides a fix for a potential security issue in omelasticsearch. Please note that the security issue only exists in non-default configuration if the “errorfile” parameter was specified.

As always, feedback is appreciated.

Best regards, Florian Riedl

Scroll to top