Changelog for 7.4.6 (v7-stable)
Version 7.4.6 [v7.4-stable] 2013-10-31
- bugfix: potential abort during HUP
This could happen when one of imklog, imzmq3, imkmsg, impstats,
imjournal, or imuxsock were under heavy load during a HUP.
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=489
Thanks to Guy Rozendorn for reporting the problem and Peval Levhshin for
his analysis. - bugfix: imtcp flowControl parameter incorrectly defaulted to “off”
This could cause message loss on systems under heavy load and was
a change-of-behaviour to previous version. This is a regression
most probably introduced in 5.9.0 (but did not try hard to find the
exact point of its introduction). - now requires libestr 0.1.9 as earlier versions lead to problems with
number handling in RainerScript - bugfix: memory leak in strlen() RainerScript function
Thanks to Gregoire Seux for reportig this bug.
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=486
- bugfix: buffer overrun if re_extract function was called for submatch 50
Thanks to Pavel Levshin for reporting the problem and its location. - bugfix: memleak in re_extract() function
Thanks to Pavel Levshin for reporting this problem. - bugfix: potential abort in RainerScript optimizer
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=488
Thanks to Thomas Doll for reporting the problem and Pavel Levshin for
fixing it. - bugfix: memory leak in omhiredis
Thanks to Pavel Levshin for the fix - bugfix: segfault if variable was assigned to non-container subtree
Thanks to Pavel Levshin for the fix
Changelog for 7.5.6 (v7-devel)
Version 7.5.6 [devel] 2013-10-29
- improved performance of RainerScript variable access
by refactoring the whole body of variable handling code. This also
solves some of the anomalies experienced in some versions of rsyslog.
All variable types are now handled in unified code, including
access via templates. - RainerScript: make use of 64 bit for numbers where available
Thanks to Pavel Levshin for enhancement. - slight performance optimization if GCC is used
We give branch prediction hints for the frequent RETiRet macro which is
used for error handling. Some slight performance gain is to be expected
from that. - removed global variable support
The original idea was not well thought out and global variables, as
implemented, worked far different from what anybody would expect. As
such, we consider the current approach as an experiment that did not
work out and opt to removing it, clearing the way for a better future
solution. Note: global vars were introduced in 7.5.3 on Sept, 11th 2013. - new module mmsequence, primarily used for action load balancing
Thanks to Pavel Levshin for contributing this module. - bugfix: unset statement always worked on message var, even if local
var was given - bugfix: segfault if variable was assigned to non-container subtree
Thanks to Pavel Levshin for the fix - bugfix: imuxsock did not suport addtl sockets if syssock was disabled
Thanks to Pavel Levshin for the fix - bugfix: running imupd on multiple threads lead to segfault if recvmmsg
is available - bugfix: segfault if re_extract() function was used and no match found
- bugfix: omelasticsearch did not compile on platforms without atomic
instructions - bugfix: potential misadressing on startup if property-filter was used
This could happen if the property name was longer than 127 chars, a case
that would not happen in practice. - bugfix: invalid property filter was not properly disabled in ruleset
Note: the cosmetic memory leak introduced with that patch in 7.4.5 is
now also fixed.
Changelog for 7.4.5 (v7-stable)
Version 7.4.5 [v7.4-stable] 2013-10-22
- mmanon: removed the check for specific “terminator characters” after
last octet. As it turned out, this didn’t work in practice as there
was an enormous set of potential terminator chars — so removing
them was the best thing to do. Note that this may change behaviour of
existing installations. Yet, we still consider this an important
bugfix, that should be applied to the stable branch.
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=477
Thanks to Muri Cicanor for initiating the discussion - now requires libestr 0.1.8 as early versions had a nasty bug in
string comparisons - omelasticsearch: add failed.httprequests stats counter
- bugfix: invalid property filter was not properly disabled in ruleset
Note that this bugfix introduces a very slight memory leak, which is
cosmetic, as it just holds data until termination that is no longer
needed. It is just the part of the config that was invalid. We will
“fix” this “issue” in the devel version first, as the fix is a bit
too intrusive to do without hard need in the stable version. - bugfix: segfault if re_extract() function was used and no match found
- bugfix: potential misadressing on startup if property-filter was used
This could happen if the property name was longer than 127 chars, a case
that would not happen in practice. - bugfix: omelasticsearch: correct failed.http stats counter
- bugfix: omelasticsearch: did not correctly initialize stats counters
- bugfix: omelasticsearch: failed.es counter was only maintained in bulk mode
This usually did not lead to any problems, because they are in static
memory, which is initialized to zero by the OS when the plugin is
loaded. But it may cause problems especially on systems that do not
support atomic instructions – in this case the associated mutexes also
did not get properly initialized. - bugfix: mmanon did not detect all IP addresses in rewrite mode
The problem occured if two IPs were close to each other and the first one
was shrunk.
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=485
Thanks to micah-at-riseup.net for reporting this bug - bugfix: mmanon sometimes used invalid replacement char in simple mode
depending on configuration sequence, the replacement character was set
to ‘s’ instead of the correct value. Most importantly, it was set to
‘s’ if simple mode was selected and no replacement char set.
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=484
Thanks to micah-at-riseup.net for reporting this bug - bugfix: memory leak in mmnormalize
- bugfix: array-based ==/!= comparisions lead to invalid results
This was a regression introduced in 7.3.5 bei the PRI optimizer - bugfix: omprog blocked signals to executed programs
The made it impossible to send signals to programs executed via
omprog.
Thanks to Risto Vaarandi for the analysis and a patch. - bugfix: doc: imuxsock legacy param $SystemLogSocketParseTrusted was
misspelled
Thanks to David Lang for alerting us - bugfix: imfile “facility” input parameter improperly handled
caused facility not to be set, and severity to be overwritten with
the facility value.
Thanks to forum user dmunny for reporting this bug. - bugfix: small memory leak in imfile when $ResetConfigVariables was used
Thanks to Grégory Nuyttens for reporting this bug and providig a fix - bugfix: segfault on startup if TLS was used but no CA cert set
- bugfix: segfault on startup if TCP TLS was used but no cert or key set
- bugfix: some more build problems with newer json-c versions
Thanks to Michael Biebl for mentioning the problem. - bugfix: build system: libgcrypt.h needed even if libgrcypt was disabled
Thanks to Jonny Törnbom for reporting this problem
Changelog for 7.5.5 (v7-devel)
Version 7.5.5 [devel] 2013-10-16
- imfile: permit to monitor an unlimited number of files
- imptcp: add “defaultTZ” input parameter
- imudp: support for multiple receiver threads added
- imudp: add “dfltTZ” input config parameter
- bugfix: memory leak in mmnormalize
- bugfix: mmutf8fix did not properly handle invalid UTF-8 at END of message if the very last character sequence was too long, this was not detected
Thanks to Risto Vaarandi for reporting this problem. - mmanon: removed the check for specific “terminator characters” after last octet. As it turned out, this didn’t work in practice as there was an enormous set of potential terminator chars — so removing them was the best thing to do. Note that this may change behaviour of existing installations. Yet, we still consider this an important bugfix, that should be applied to the stable branch.
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=477
Thanks to Muri Cicanor for initiating the discussion - now requires libestr 0.1.7 as early versions had a nasty bug in string comparisons
- bugfix: mmanon did not detect all IP addresses in rewrite mode
The problem occured if two IPs were close to each other and the first one was shrunk.
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=485
Thanks to micah-at-riseup.net for reporting this bug - bugfix: mmanon sometimes used invalid replacement char in simple mode depending on configuration sequence, the replacement character was set to ‘s’ instead of the correct value. Most importantly, it was set to ‘s’ if simple mode was selected and no replacement char set.
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=484
Thanks to micah-at-riseup.net for reporting this bug - bugfix: memory leak in mmnormalize
- bugfix: array-based ==/!= comparisions lead to invalid results
This was a regression introduced in 7.3.5 bei the PRI optimizer
Changelog for 7.5.4 (v7-devel)
Version 7.5.4 [devel] 2013-10-07
- mmpstrucdata: new module to parse RFC5424 structured data into json message properties
- change main/ruleset queue defaults to be more enterprise-like
new defaults are queue.size 100,000 max workers 2, worker activation after 40,000 msgs are queued, batch size 256. These settings are much more useful for enterprises and will not hurt low-end systems that much. This is part of our re-focus on enterprise needs. - omfwd: new action parameter “maxErrorMessages” added
- omfile: new module parameters to set action defaults added
* dirCreateMode
* fileCreateMode - mmutf8fix: new module to fix invalid UTF-8 sequences
- imuxsock: handle unlimited number of additional listen sockets
- doc: improve usability by linking to relevant web ressources
The idea is to enable users to quickly find additional information, samples, HOWTOs and the like on the main site. At the same time, (very) slightly remove memory footprint when few listeners are monitored. - bugfix: omfwd parameter streamdrivermmode was not properly handled
It was always overwritten by whatever value was set via the legacy directive $ActionSendStreamDriverMode - imtcp: add streamdriver.name module parameter
permits overriding the system default stream driver (gtls, ptcp) - bugfix: build system: libgcrypt.h needed even if libgrcypt was disabled
Thanks to Jonny Törnbom for reporting this problem - imported bugfixes from 7.4.4
Changelog for 7.5.3 (v7-devel)
Version 7.5.3 [devel] 2013-09-11
- imfile: support for escaping LF characters added embedded LF in syslog messages cause a lot of trouble. imfile now has the capability to escape them to “#012″ (just like the regular control character escape option). This requires new-style input statements to be used. If legacy configuration statements are used, LF escaping is always turned off to preserve compatibility.
NOTE: if input() statements were already used, there is a CHANGE OF BEHAVIOUR: starting with this version, escaping is enabled by default. So if you do not want it, you need to add escapeLF=”off” to the input statement. Given the trouble LFs cause and the fact that the majority of installations still use legacy config, we considered this behaviour change acceptable and useful.
see also: http://blog.gerhards.net/2013/09/imfile-multi-line-messages. html - add support for global and local variables
- bugfix: queue file size was not correctly processed
this could lead to using one queue file per message for sizes >2GiB
Thanks to Tomas Heinrich for the patch. - add main_queue() configuration object to configure main message queue
- bugfix: stream compression in imptcp caused timestamp to be corrupted
- imudp: add ability to specify SO_RCVBUF size (rcvbufSize parameter)
- imudp: use inputname for statistics, if configured
- impstats: add process resource usage counters [via getrusage()]
- impstats: add paramter “resetCounters” to report delta values possible for most, but not all, counters. See doc for details.
- librelp 1.2.0 is now required
- make use of new librelp generic error reporting facility
This leads to more error messages being passed to the user and thus simplified troubleshooting. - bugfix: very small memory leak in imrelp
more or less cosmetic, a single memory block was not freed, but this only happens immediately before termination (when the OS automatically frees all memory). Still an annoyance e.g. in valgrind. - fix compile problem in debug build
- imported fixes from 7.4.4
Changelog for 7.4.4 (v7-stable)
Version 7.4.4 [v7.4-stable] 2013-09-03
- better error messages in GuardTime signature provider
Thanks to Ahto Truu for providing the patch. - make rsyslog use the new json-c pkgconfig file if available
Thanks to the Gentoo team for the patches. - bugfix: imfile parameter “persistStateInterval” was unusable
due to a case typo in imfile; work-around was to use legacy config
Thanks to Brandon Murphy for reporting this bug. - bugfix: TLV16 flag encoding error in signature files from GT provider
This fixes a problem where the TLV16 flag was improperly encoded. Unfortunately, existing files already have the bug and may not properly be processed. The fix uses constants from the GuardTime API lib to prevent such problems in the future.
Thanks to Ahto Truu for providing the patch. - bugfix: slightly malformed SMTP handling in ommail
- bugfix: segfault in omprog if no template was provided (now dflt is used)
- bugfix: segfault in ompipe if no template was provided (now dflt is used)
- bugfix: segfault in omsnmp if no template was provided (now dflt is used)
- bugfix: some omsnmp optional config params were flagged as mandatory
- bugfix: segfault in omelasticsearch when resuming queued messages after restarting Elasticsearch
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=464 - bugfix: imtcp addtlframedelimiter could not be set to zero
Thanks to Chris Norton for alerting us. - doc bugfix: remove no-longer existing omtemplate from developer doc was specifically mentioned as a sample for creating new plugins
Thanks to Yannick Brosseau for alerting us of this problem.
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=473
Changelog for 7.5.2 (v7-devel)
Version 7.5.2 [devel] 2013-07-04
- librelp 1.1.4 is now required
We use API extensions for better error reporting and higher performance. - omrelp: use transactional mode to make imrelp emit bulk sends
- omrelp: add “windowSize” parameter to set custom RELP window size
- bugfix: double-free in omelasticsearch
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=461
a security advisory for this bug is available at:
http://www.lsexperts.de/advisories/lse-2013-07-03.txt
Thanks to Markus Vervier and Marius Ionescu for providing a detailled bug report. Special thanks to Markus for coordinating his security advisory with us. - doc: fixed various typos
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=391
Thanks to Georgi Georgiev for the patch.
Changelog for 7.4.2 (v7-stable)
Version 7.4.2 [v7.4-stable] 2013-07-04
- bugfix: in RFC5425 TLS, multiple wildcards in auth could cause segfault
- bugfix: RainerScript object required parameters were not properly checked – this clould result to segfaults on startup if parameters were missing.
- bugfix: double-free in omelasticsearch closes: http://bugzilla.adiscon.com/
show_bug.cgi?id=461 a security advisory for this bug is available at: http://www.lsexperts.de/ advisories/lse-2013-07-03.txt PLEASE NOTE: This issue only existed if omelasticsearch was used in a non-default configuration, where the “errorfile” parameter was specified. Without that parameter set, the bug could not be triggered. Thanks to Markus Vervier and Marius Ionescu for providing a detailled bug report. Special thanks to Markus for coordinating his security advisory with us. - bugfix: omrelp potential segfault at startup on invalid config parameters
- bugfix: small memory leak when $uptime property was used
- bugfix: potential segfault on rsyslog termination in imudp closes: http://bugzilla.adiscon.com/
show_bug.cgi?id=456 - bugfix: lmsig_gt abort on invalid configuration parameters closes: http://bugzilla.adiscon.com/
show_bug.cgi?id=448 Thanks to Risto Laanoja for the patch. - imtcp: fix typo in “listner” parameter, which is “listener” Currently, both names are accepted.
- solved build problems on FreeBSD closes: http://bugzilla.adiscon.com/
show_bug.cgi?id=457 closes: http://bugzilla.adiscon.com/ show_bug.cgi?id=458 Thanks to Christiano for reproting and suggesting patches - solved build problems on CENTOS5
Changelog for 7.5.1 (v7-devel)
Version 7.5.1 [devel] 2013-06-26
- librelp 1.1.3 is required – older versions can lead to a segfault
- add mmfields, which among others supports easy parsing of CEF messages
- omrelp:
* new parameter “compression.prioritystring” to control encryption parameters used by GnuTLS - imrelp:
* new parameter “compression.dhbits” to control the number of bits being used for Diffie-Hellman key generation
* new parameter “compression.prioritystring” to control encryption parameters used by GnuTLS
* support for impstats added
* support for setting permitted peers (client authentication) added
* bugfix: potential segfault at startup on invalid config parameters - imjournal: imported patches from 7.4.1
- omprog: add support for command line parameters
- added experimental TCP stream compression (imptcp only, currently)
- added BSD-specific syslog facilities
* “console”
* “bsd_security” – this is called “security” under BSD, but that name was unfortunately already taken by some standard facility. So I did the (hopefully) second-best thing and renamed it a little. - imported fixes from 7.4.2 (especially build problems on FreeBSD)
- bugfix: imptcp did not properly initialize compression status variable could lead to segfault if stream:always compression mode was selected