rsyslog

The rocket-fast system for log processing

Author : friedl

RSyslog Windows Agent 6.2c Released

By friedlPosted on Posted in NewsTagged , , ,

Release Date: 2021-01-28

Build-IDs: Service 6.2.0.210, Client 6.2.0.284

Bugfixes

  • Syslog Service: Fixed an parsing issue of the syslogtag (rfc5424 only) with malformed syslog headers.
  • Syslog Service: Fixed an issue where two nullbytes were appended to the rawsyslogmsg property.
  • EventLog Monitor V2: Fixed Unicode support when using JSON Output format.
  • IPv6: Fixed a conversion issue when a source was converted into a IPv6 address string.

You can download Free Trial Version of RSyslog Windows Agent.

RSyslog Windows Agent 6.2b Released

By friedlPosted on Posted in NewsTagged , , No Comments on RSyslog Windows Agent 6.2b Released

Release Date: 2020-09-04

Build-IDs: Service 6.2.0.209, Client 6.2.0.284

Bugfixes

  • Start Program Action: Fixed loading the Sync Timeout setting in file configuration mode.
  • Queue Engine: Fix for STATUS_STACK_BUFFER_OVERRUN exception.
    STATUS_STACK_BUFFER_OVERRUN doesn’t mean that there was a stack buffer overrun. It appears that due recent security updates in windows network code, a new exception type was introduced. This exception could be happening in very rare conditions when two Syslog Action would close their TCP Sessions at the very same millisecond.

You can download Free Trial Version of RSyslog Windows Agent.

RSyslog Windows Agent 6.2a Released

By friedlPosted on Posted in Release AnnouncementTagged , No Comments on RSyslog Windows Agent 6.2a Released

Release Date: 2020-07-21

Build-IDs: Service 6.2.0.208, Client 6.2.0.284

Bugfixes

  • Fixed an issue that could cause the Service to abort while configuration reload was running.
  • Fixed an issue when the user stopped the Service while a configuration reload was running.

You can download Free Trial Version of RSyslog Windows Agent.

RSyslog Windows Agent 6.1 Released

By friedlPosted on Posted in Release AnnouncementTagged , , , , No Comments on RSyslog Windows Agent 6.1 Released

Release Date: 2020-01-31

Build-IDs: Service 6.1.0.205, Client 6.1.0.280

Features

  • Property engine: Added new static property %localhostname% which contains the local computer name.
  • Syslog Action: Fixed Syslog Version in RFC5424 Header to 1.

Bugfixes

  • EventLog Monitor V2: Fixed an issue losing the first record LastRecord was resetted.
  • EventLog Monitor V2: Fixed minor issues in new caching code.
  • Queue Engine: Fixed an issue in the Action retry logic which caused the same information to be reprocessed again.
  • Property Engine: Fixed an issue initializing the socket subsystem if no network action/service was used related to the toipv4address/toipv6address options.
  • Engine: Fixed multiple memory leaks when a name was resolvedto an IP address.

You can download Free Trial Version of RSyslog Windows Agent.

Encasing of control structures

By friedlPosted on Posted in FAQTagged , , , ,

When using control structures to create some case filtering, there are some things to consider when formatting this.

In general, a control structure can be as simple as this:

if $msg contains "word" then 
    action()
else
    action()

While this is correct and will work as expected, it is generally better style to encase expressions and actions. That way, they are more clearly separated from the control structure itself for better overview and can be more easily expanded without error. When using multiple actions or expressions, encasing is needed anyway, so we think it’s good practice to always use it.

Example:

if ($msg contains "word") then {
    action() 
} else {
    action()
}

And a more complex example:

if ($msg contains "word" and $source == "123.123.123.123") then {
    action()
    action()
} else {
    action()
    action()
}

All three sample snippets above are correct in their own way. Added complexity makes encasing necessary though. So, you may as well use it for all your filters to have a consistent and all-case proof configuration.

RSyslog Windows Agent 6.0 Released

By friedlPosted on Posted in Release AnnouncementNo Comments on RSyslog Windows Agent 6.0 Released

Release Date: 2019-07-01

Build-IDs: Service 6.0.0.200, Client 6.0.0.277

Features

  • Configuration Client using latest .Net Framework now.
  • Windows 2019 Support.
  • Configuration reload: Added support to update configuration from https url.
  • Property engine: Added new options
    • date-rfc3164strict: Same as date-rfc3164 but with two spaces
      after month if day is below 10.
    • crlftovbar: Replaces all CRLF or LF to vertical bar character.
    • replacechar: Replaces a single character with another single
      character, sample: %msg:$x:$y:replacechar%. More information’s can be
      found in the manual.
    • removecc: Removes all control characters from 0x00 to 0x1F
  • EventLog Monitor V2: Added JSON Output format Option to MessageFormat
    selection.
  • EventLog Monitor V2: Refactored code for performance improvements.
    Implemented Event Caching options for Publisher handles, Levels, Tasks and
    Keywords.
  • TLS Support: Enhanced error reporting when OpenSSL errors are being
    processed internally.
  • HTTP Request Action: Added support for https urls.

Bugfixes

  • Fixed configuration reload freeze when debug logging was enabled.
  • Syslog Action: Added missing RealSource option when using RFC3164 syslog
    header.

You can download Free Trial Version of RSyslog Windows Agent.

RSyslog Windows Agent 5.2 Released

By friedlPosted on Posted in Release AnnouncementTagged , , No Comments on RSyslog Windows Agent 5.2 Released

Release Date: 2019-04-25

Build-IDs: Service 5.2.0.195, Client 5.2.0.274

Features

  • Hardened Code using new utilities like cppcheck and LLVM.

Bugfixes

  • Fixed processing issues with date property replacer options.
  • Fixed a bug with UTF8 encoding detection (String content before the encoded string (BOM) was dropped).

You can download Free Trial Version of RSyslog Windows Agent.

RSyslog Windows Agent 5.1 Released

By friedlPosted on Posted in Release AnnouncementTagged , , No Comments on RSyslog Windows Agent 5.1 Released

Release Date: 2018-08-23

Build-IDs: Service 5.1.0.193, Client 5.1.0.269

Features

  • Send RELP Action: Updated Librelp library to 1.2.17
  • Send RELP Action: Added TLS support (using OpenSSL library).
  • TLS Support: Added support for anonymous communication (Certless).
  • TLS Support: Added support to enable /disabled TLS communication methods.
  • TLS Support: Added support for setting advanced OpenSSL command parameters.
  • Property Engine: Added new option “cef” to convert a string into McAfee CEF Format.
  • OpenSSL: Added support to pass through OpenSSL diagnostic information into our own debugging system.
  • Lognorm Action: Added support to convert Array types into properties, printing converted properties into debug log now.

Bugfixes

  • File Monitor: Fixed issue with REGEX Message Separators when first char of message was matching.
  • Lognorm Action: Fixed issue that stopped Action from working when Output format was set to disabled.
  • Lognorm Action: Fixed issue when shutting down Service or doing a configuration reload when Lognorm Action is used.
  • TLS Support: Removed expired internal certificates.

You can download Free Trial Version of RSyslog Windows Agent.

Scroll to top