rsyslog

The rocket-fast system for log processing

Author : Adiscon Support

RSyslog Windows Agent 4.2 Released

By Adiscon SupportPosted on Posted in News, Release AnnouncementTagged , , , ,

Adiscon is proud to announce the 4.2 release of MonitorWare Agent.

Besides some bugfixes (See Version History for details) a few new features have been added to this minor release. Most important is the ability to use regular expressions as compare operation when filtering properties. Properties can also be converted into IPv4 or IPv6 Addresses now, and the Syslog Priority/Facility can be overwritten in the Syslog Action.

Detailed information can be found in the version history below.

Build-IDs: Service 4.2.0.170, Client 4.2.0.250

Features

  • Syslog Action: Added support to overwrite Syslog Priority/Facility
  • Property Engine: Added two new property replacer options “toipv4address” and “toipv6address” to resolve a property into a valid IPv4 or IPv6 Address.
  • Filter Engine: Implemented a new regular expressions compare operation.
    More details on how to use REGEX can be found in the new documentation.
  • Configuration Reload: Added new options to add a random delay between configuration checks. The delay is limited to 60 seconds as it will also delay the service control manager communication.

Bugfixes

  • Syslog Action: Fixed bug in Syslog Cache processing when saved messages were larger than 4096 bytes.
  • Filter Engine: Fixed Extended IP Filtering when using lower or greater compare operation.
  • File Configuration: Fixed reading Filter values containing backslashes.
    They weren’t removed properly in filter values.

Version 4.2 is a free download. Customers with existing 3.x keys can contact our Sales department for upgrade prices. If you have a valid Upgrade Insurance ID, you can request a free new key by sending your Upgrade Insurance ID to sales@adiscon.com. Please note that the download enables the free 30-day trial version if used without a key – so you can right now go ahead and evaluate it.

rsyslog 8.28.0 (v8-stable) released

By Adiscon SupportPosted on Posted in News, Release AnnouncementTagged , , , , , , , , , ,

We have released rsyslog 8.28.0.

This release features a lot of changes. Again, the most notable change is a way more robust, yet still experimental, support for Kafka output and input. In addition to this, there is a new build requirement for librelp 1.2.14 du to API requirements in imrelp and many changes/fixes for omfwd, imfile, mmdblookup, imtcp and many more.

Please note that Kafka Support requires the librdkafka library as dependency, which itself has some new dependencies.

For a complete list of changes, fixes and enhancements, please visit the ChangeLog.

The packages will follow when they are finished.

ChangeLog:

rsyslog 8.27.0 (v8-stable) released

By Adiscon SupportPosted on Posted in News, Release AnnouncementTagged , , , , , , , , ,

We have released rsyslog 8.27.0.

This release provides, apart from a lot of fixes, many useful feature enhancements. Most notably is the imkafka module, which allows the use of kafka as an input. In addition to this, imptcp and imtcp received quite a number of enhancements and the overall error reporting got improved quite a bit.

For a complete list of changes, fixes and enhancements, please visit the ChangeLog.

ChangeLog:

libfastjson 0.99.6 released

By Adiscon SupportPosted on Posted in News, Release AnnouncementTagged ,

This is a new fork of the json-c library, which is optimized for liblognorm processing.

This release fixes a build issue under Solaris.

Changelog:

0.99.6 2017-05-12
– fix a build issue under Solaris

Download:

http://download.rsyslog.com/libfastjson/libfastjson-0.99.6.tar.gz

sha256sum: 95e3d371c82b5d85c7294d46c923b3fee0384e1541a1556f0ca185170eb27270

As always, feedback is appreciated.

Best regards,
Florian Riedl

libfastjson 0.99.5 released

By Adiscon SupportPosted on Posted in News, Release AnnouncementTagged ,

This is a new fork of the json-c library, which is optimized for liblognorm processing.

This release brings a lot of fixes and changes. Most notably, libfastjson now builds under AIX and under Solaris again.

Changelog:

0.99.5 2017-05-03
– fix tautology comparison in tautology in `fjson_object_iter_equal`
– made build under Solaris again
– made to build under AIX
Thanks to github user purnimam1 for the patch
– fix floating point representation when fractional part is missing
see also https://github.com/rsyslog/libfastjson/issues/126
Thanks to Jan Gerhards for the patch.
– m4: fix detection of atomics
In cross-compilation, it is impossible to run code at configure time to
detect the target specifics.
As such, AC_TRY_RUN fails miserably to detect reliably that atomic
intrisics are present in a toolchain, and decides they are not just
because this is cross-compilation.
Instead of AC_TRY_RUN, use AC_LINK_IFELSE that does not need to actually
run code, since all we’re interested in is whether the intrisics are
present (or not). Fix both the 32- and 64-bit variants, even if the
latter is not used currently.
Fixes build failures detected by the Buildroot autobuilders, like:
http://autobuild.buildroot.org/results/23a/23ac0e742ed3a70ae4d038f8c9eadc23e708f671/build-end.log
http://autobuild.buildroot.org/results/192/1923d0b570adba494f83747a9610ea6ec35f5223/build-end.log
and many other cases, espcially on architectures where such intrsics are
present, but where the toolchain does not have threads (and anyway, it
is much more efficient to use the intrisics rather than use mutexes).
Thanks to Yann E. MORIN for the patch.
– add fjson_object_dump() and fjson_object_write() functions
… that make it possible to dump the json tree without having to
dynamically allocate a string, and to write the tree to a FILE*.
NOTE: right now, most of the code is simply copied from the functions
that use the “printbuf” for writing the data. I have not touched the old
printbuf-implementation, because some other code may still rely on it.
However, in my opinion these printbuf-based functions (if it is desirable
to keep them in the first place) can now be re-implemented to use the more
flexible fjson_object_dump() function.
MAINTAINER NOTE: we need to performance-test any new implementation and will
do so. The results will ultimately decide which parts of the code remain in
the codebase.
Thanks to Emiel Bruijntjes for the patch.

Download:

http://download.rsyslog.com/libfastjson/libfastjson-0.99.5.tar.gz

sha256sum: 8aecdc111da2beebc09e99e2b51e13b70f219c5a095c38db953a75fde51779e9

As always, feedback is appreciated.

Best regards,
Florian Riedl

rsyslog 8.26.0 (v8-stable) released

By Adiscon SupportPosted on Posted in News, Release AnnouncementTagged , , , , , , , , ,

We have released rsyslog 8.26.0.

This release has liblognorm 2.0.3 as a build requirement. Also, there were quite some changes like internal error messages are enabled at all times and many more fixes and additions to modules like imrelp, imptcp, omfwd and many many more.

For a complete list of changes, fixes and enhancements, please visit the ChangeLog.

ChangeLog:

How to create debug information with strace

By Adiscon SupportPosted on Posted in FAQTagged , ,

Strace is a tool to monitor system calls of an application. The output may be useful to trace what rsyslog is actually doing on the system level, if debug output information is not sufficient.

A quick example to provide useful output would be:

strace -T -ttt -f -o /path/filename rsyslogd

There are a lot of parameters that can be set. For example we can also only monitor system calls related to the network components:

strace -T -ttt -e trace=network -f -o /path/filename rsyslogd

For more details, please visit the man page of strace.

RSyslog Windows Agent 4.1 Released

By Adiscon SupportPosted on Posted in News, Release AnnouncementTagged , , , , ,

Adiscon is proud to announce the 4.1 release of MonitorWare Agent.

Rsyslog Windows Agent is now able to reload it’s configuration automatically if enabled (Which is done by the configuration client
automatically on first start). It is not necessary to restart the service manually anymore.

Performance enhancing options have been added into EventLog Monitor V1 and V2 and in File Monitor to delay writing the last record/fileposition back to disk. This can incease performance on machines with a very high eventlog or file load.

Detailed information can be found in the version history below.

Build-IDs: Service 4.1.0.166, Client 4.1.0.246

Features

  • Updated to OpenSSL 1.0.2k.
  • Configuration Reload: This is a big new core feature allowing the
    service to reload itself automatically after a configuration changed has
    been detected. The feature can be turned off in General-General Options if
    this new behavior is not wanted. By default auto reload will be enabled.
    The latest Configuration Client is required for the feature to fully work.
  • EventLog Monitor V2: Added new options to delay LastRecord save.
    Enabling this option will improve processing performance of machines with
    a high event volume.
  • EventLog Monitor V1: Added new option to delay LastRecord save. Enabling
    this option will improve processing performance of machines with a high
    event volume.
  • File Monitor: Added new option to delay LastFilePosition save. Enabling
    this option will improve processing performance when processing large
    growing files.
  • FileConfig: Changed datafile saving method, more reliable when the
    service is stopped unintentionally while updating data state files.
  • Send Syslog Action: Added new option to enable/disable UTF8 BOM. Default
    is enabled like before, but it can be disabled now by configuration so the
    message won’t contain the UTF8 BOM.

Bugfixes

  • Property Engine: Fixed SystemID and CustomerID properties.v
  • FileConfig: Due a missing property (FilterVersion), some of the global
    conditions in rule filters could not be used. This automatically fixes
    itself next time the configuration is saved with the Client.
  • Debug Logging: Completely rewritten debug output for Rule Engine
    (Filters) for better readability and analysis.
  • Fixed an compatibility issue on Windows 2003/XP (failed to start because
    WSAPoll API is missing).
  • FileConfig: Fixed an issue with invalid linefeeds when using includefile
    directive.
  • FileConfig: Fixed EnumRegkey emulation causing EventLog Monitor Services
    to load invalid eventlog channels.
  • Debug Logging: Moved RELP Debugging from minimal to internal
  • FileMonitor: Fixed issue rewriting filepointer updates each time when
    wildcards support was enabled.

Version 4.1 is a free download. Customers with existing 3.x keys can contact our Sales department for upgrade prices. If you have a valid Upgrade Insurance ID, you can request a free new key by sending your Upgrade Insurance ID to sales@adiscon.com. Please note that the download enables the free 30-day trial version if used without a key – so you can right now go ahead and evaluate it.

rsyslog 8.25.0 (v8-stable) released

By Adiscon SupportPosted on Posted in News, Release AnnouncementTagged , , , , ,

We have released rsyslog 8.25.0.

This release brings quite a number of changes and fixes. The most notable is that imfile now supports wildcards in directory names, which permits to monitor newly created directories without making changes to the configuration.

For a complete list of changes, fixes and enhancements, please visit the ChangeLog.

ChangeLog:
Scroll to top