rsyslog

The rocket-fast system for log processing

Author : friedl

RSyslog Windows Agent 6.1 Released

By friedlPosted on Posted in Release AnnouncementTagged , , , , No Comments on RSyslog Windows Agent 6.1 Released

Release Date: 2020-01-31

Build-IDs: Service 6.1.0.205, Client 6.1.0.280

Features

  • Property engine: Added new static property %localhostname% which contains the local computer name.
  • Syslog Action: Fixed Syslog Version in RFC5424 Header to 1.

Bugfixes

  • EventLog Monitor V2: Fixed an issue losing the first record LastRecord was resetted.
  • EventLog Monitor V2: Fixed minor issues in new caching code.
  • Queue Engine: Fixed an issue in the Action retry logic which caused the same information to be reprocessed again.
  • Property Engine: Fixed an issue initializing the socket subsystem if no network action/service was used related to the toipv4address/toipv6address options.
  • Engine: Fixed multiple memory leaks when a name was resolvedto an IP address.

You can download Free Trial Version of RSyslog Windows Agent.

Encasing of control structures

By friedlPosted on Posted in FAQTagged , , , ,

When using control structures to create some case filtering, there are some things to consider when formatting this.

In general, a control structure can be as simple as this:

if $msg contains "word" then 
    action()
else
    action()

While this is correct and will work as expected, it is generally better style to encase expressions and actions. That way, they are more clearly separated from the control structure itself for better overview and can be more easily expanded without error. When using multiple actions or expressions, encasing is needed anyway, so we think it’s good practice to always use it.

Example:

if ($msg contains "word") then {
    action() 
} else {
    action()
}

And a more complex example:

if ($msg contains "word" and $source == "123.123.123.123") then {
    action()
    action()
} else {
    action()
    action()
}

All three sample snippets above are correct in their own way. Added complexity makes encasing necessary though. So, you may as well use it for all your filters to have a consistent and all-case proof configuration.

RSyslog Windows Agent 6.0 Released

By friedlPosted on Posted in Release AnnouncementNo Comments on RSyslog Windows Agent 6.0 Released

Release Date: 2019-07-01

Build-IDs: Service 6.0.0.200, Client 6.0.0.277

Features

  • Configuration Client using latest .Net Framework now.
  • Windows 2019 Support.
  • Configuration reload: Added support to update configuration from https url.
  • Property engine: Added new options
    • date-rfc3164strict: Same as date-rfc3164 but with two spaces
      after month if day is below 10.
    • crlftovbar: Replaces all CRLF or LF to vertical bar character.
    • replacechar: Replaces a single character with another single
      character, sample: %msg:$x:$y:replacechar%. More information’s can be
      found in the manual.
    • removecc: Removes all control characters from 0x00 to 0x1F
  • EventLog Monitor V2: Added JSON Output format Option to MessageFormat
    selection.
  • EventLog Monitor V2: Refactored code for performance improvements.
    Implemented Event Caching options for Publisher handles, Levels, Tasks and
    Keywords.
  • TLS Support: Enhanced error reporting when OpenSSL errors are being
    processed internally.
  • HTTP Request Action: Added support for https urls.

Bugfixes

  • Fixed configuration reload freeze when debug logging was enabled.
  • Syslog Action: Added missing RealSource option when using RFC3164 syslog
    header.

You can download Free Trial Version of RSyslog Windows Agent.

RSyslog Windows Agent 5.2 Released

By friedlPosted on Posted in Release AnnouncementTagged , , No Comments on RSyslog Windows Agent 5.2 Released

Release Date: 2019-04-25

Build-IDs: Service 5.2.0.195, Client 5.2.0.274

Features

  • Hardened Code using new utilities like cppcheck and LLVM.

Bugfixes

  • Fixed processing issues with date property replacer options.
  • Fixed a bug with UTF8 encoding detection (String content before the encoded string (BOM) was dropped).

You can download Free Trial Version of RSyslog Windows Agent.

RSyslog Windows Agent 5.1 Released

By friedlPosted on Posted in Release AnnouncementTagged , , No Comments on RSyslog Windows Agent 5.1 Released

Release Date: 2018-08-23

Build-IDs: Service 5.1.0.193, Client 5.1.0.269

Features

  • Send RELP Action: Updated Librelp library to 1.2.17
  • Send RELP Action: Added TLS support (using OpenSSL library).
  • TLS Support: Added support for anonymous communication (Certless).
  • TLS Support: Added support to enable /disabled TLS communication methods.
  • TLS Support: Added support for setting advanced OpenSSL command parameters.
  • Property Engine: Added new option “cef” to convert a string into McAfee CEF Format.
  • OpenSSL: Added support to pass through OpenSSL diagnostic information into our own debugging system.
  • Lognorm Action: Added support to convert Array types into properties, printing converted properties into debug log now.

Bugfixes

  • File Monitor: Fixed issue with REGEX Message Separators when first char of message was matching.
  • Lognorm Action: Fixed issue that stopped Action from working when Output format was set to disabled.
  • Lognorm Action: Fixed issue when shutting down Service or doing a configuration reload when Lognorm Action is used.
  • TLS Support: Removed expired internal certificates.

You can download Free Trial Version of RSyslog Windows Agent.

RSyslog Windows Agent 5.0 Released

By friedlPosted on Posted in Release AnnouncementTagged , , , , ,

Release Date: 2018-04-11

Build-IDs: Service 5.0.0.185, Client 5.0.0.263

Features

  • File Monitor: Added new options “Process rest of file as one message” and Read  Filebuffer size for better regex message separator handling.
  • Syslog Action: Added support for multiple syslog servers (Load balancing)
  • Syslog Action: Backup Syslog Server is now tried on connect as well. Before, the backup server was only used when an existing connection to the primary server interrupted.
  • Core Engine: Enhanced debug output for network errors.
  • LogNorm Action: Updated Action to support liblognorm v2 rulebases.

Bugfixes

  • Property Engine: Fixed daylight handling when using RFC3339 string conversion. Daylight was incorrectly always applied.
  • Property Engine: Fixed dynamic properties conversion when using xml output. This bug caused some properties to be missing when sending them by SETP protocol or using Syslog Cache mode.
  • Configuration reload: Fixed missing SNMP Mibtree after configuration reload.

You can download Free Trial Version of RSyslog Windows Agent.

rsyslog 8.34.0 (v8-stable) released

By friedlPosted on Posted in News, Release Announcement, UncategorizedTagged , , , , ,

Today, we release rsyslog 8.34.0. Most notably is the large refactoring of the imfile module as well as the new module mmkubernetes (contributed). Additionaly, a lot of improvements and fixes have been added to the current release, too many to list them all. So please take a look at the changelog for all the details.

ChangeLog:

rsyslog 8.33.0 (v8-stable) released

By friedlPosted on Posted in News, Release AnnouncementTagged , , , ,

Today, we release rsyslog 8.33.0. This release has a number of changes, but most of these are under the hood. Some of the more obivous changes are the new include() script object and template json container. Also, rsyslog now has better support for running in a container environment. The full list of changes to rsyslog can be reviewed in the Changelog.

ChangeLog:
Scroll to top