Author : friedl

RSyslog Windows Agent 7.1 Released

Release Date: 2021-07-14

Build-IDs: Service 7.1.0.214, Client 7.1.0.300

Features

  • EventLog Monitor V2: Add support to monitor Analytic and Debug Channels. These channels will only work in polling mode and detection of the last record is limited due the nature of analytic / debug channels.
  • EventLog Monitor V2: Added new “Copy Messageformat into property” option to copy a second output format into a custom property.
  • File Monitor: Added support for batched processing which is a huge improvement regarding processing speed.

Bugfixes

  • EventLog Monitor v2: Removed unnecessary spaces within LOGSIEM JSON format.
  • File Monitor: Fixed a race condition saving the correct file position on action failure.
  • Status Actions: Fixed an issue calculating wrong values when multiple compute status actions were executed at the same time.

You can download Free Trial Version of RSyslog Windows Agent.

RSyslog Windows Agent 7.0 Released

Release Date: 2021-03-09

Build-IDs: Service 7.0.0.213, Client 7.0.0.297

Features

  • Filter Engine: Add support to filter by IPv6 addresses.
  • Eventlog Monitor V2: Added support to for LogPoint SIEM JSON Format.
  • Eventlog Monitor V2: Added support for the following EventLog properties (if available):
    Providerguid, processed, threaded, version, opcode, eventtype, nxseverityvalue (required for Severity Mapping in LogPoint SIEM JSON Format)
  • Action Caching: Added support for caching / queuing in RELP Action when Action processing fails.
  • Filter Engine: Added support to store filter results when using the global Status Variable type filters.
  • Queue Engine: Added Warning/Error events which are generated when the queue gets full.
  • Librelp: Updated librelp to v1.8.0.
  • Openssl: Updated to version 1.1.1g.

Bugfixes

  • Filter Engine: Fixed SaveIntoProperty handling when using the Status Type Filter.
  • Queue Engine: Fixed an issue that caused an internal exception
    STATUS_STACK_BUFFER_OVERRUN when two TCP Syslog Sessions where closed at the same time.

You can download Free Trial Version of RSyslog Windows Agent.

RSyslog Windows Agent 6.2c Released

Release Date: 2021-01-28

Build-IDs: Service 6.2.0.210, Client 6.2.0.284

Bugfixes

  • Syslog Service: Fixed an parsing issue of the syslogtag (rfc5424 only) with malformed syslog headers.
  • Syslog Service: Fixed an issue where two nullbytes were appended to the rawsyslogmsg property.
  • EventLog Monitor V2: Fixed Unicode support when using JSON Output format.
  • IPv6: Fixed a conversion issue when a source was converted into a IPv6 address string.

You can download Free Trial Version of RSyslog Windows Agent.

RSyslog Windows Agent 6.2b Released

Release Date: 2020-09-04

Build-IDs: Service 6.2.0.209, Client 6.2.0.284

Bugfixes

  • Start Program Action: Fixed loading the Sync Timeout setting in file configuration mode.
  • Queue Engine: Fix for STATUS_STACK_BUFFER_OVERRUN exception.
    STATUS_STACK_BUFFER_OVERRUN doesn’t mean that there was a stack buffer overrun. It appears that due recent security updates in windows network code, a new exception type was introduced. This exception could be happening in very rare conditions when two Syslog Action would close their TCP Sessions at the very same millisecond.

You can download Free Trial Version of RSyslog Windows Agent.

RSyslog Windows Agent 6.2a Released

Release Date: 2020-07-21

Build-IDs: Service 6.2.0.208, Client 6.2.0.284

Bugfixes

  • Fixed an issue that could cause the Service to abort while configuration reload was running.
  • Fixed an issue when the user stopped the Service while a configuration reload was running.

You can download Free Trial Version of RSyslog Windows Agent.

RSyslog Windows Agent 6.1 Released

Release Date: 2020-01-31

Build-IDs: Service 6.1.0.205, Client 6.1.0.280

Features

  • Property engine: Added new static property %localhostname% which contains the local computer name.
  • Syslog Action: Fixed Syslog Version in RFC5424 Header to 1.

Bugfixes

  • EventLog Monitor V2: Fixed an issue losing the first record LastRecord was resetted.
  • EventLog Monitor V2: Fixed minor issues in new caching code.
  • Queue Engine: Fixed an issue in the Action retry logic which caused the same information to be reprocessed again.
  • Property Engine: Fixed an issue initializing the socket subsystem if no network action/service was used related to the toipv4address/toipv6address options.
  • Engine: Fixed multiple memory leaks when a name was resolvedto an IP address.

You can download Free Trial Version of RSyslog Windows Agent.

Encasing of control structures

When using control structures to create some case filtering, there are some things to consider when formatting this.

In general, a control structure can be as simple as this:

if $msg contains "word" then 
    action()
else
    action()

While this is correct and will work as expected, it is generally better style to encase expressions and actions. That way, they are more clearly separated from the control structure itself for better overview and can be more easily expanded without error. When using multiple actions or expressions, encasing is needed anyway, so we think it’s good practice to always use it.

Example:

if ($msg contains "word") then {
    action() 
} else {
    action()
}

And a more complex example:

if ($msg contains "word" and $source == "123.123.123.123") then {
    action()
    action()
} else {
    action()
    action()
}

All three sample snippets above are correct in their own way. Added complexity makes encasing necessary though. So, you may as well use it for all your filters to have a consistent and all-case proof configuration.

Scroll to top