Myth-Buster: rsyslog is not “just a legacy syslogd”
The myth is persistent — partly because of the name. Yes, rsyslog started life as an enhanced syslog daemon for Linux. But over two decades, it has evolved into a high-performance ETL engine that powers data pipelines in thousands of production environments.
Adiscon joins connect.IT Heilbronn-Franken — why this matters to rsyslog
Adiscon, the main sponsor of rsyslog, has joined connect.IT Heilbronn-Franken, a regional non-profit network linking companies, startups, universities, and public institutions across AI, data, cloud, and cybersecurity. We highlight connect.IT because it is a strong regional hub, and we are here to learn.
rsyslog 8.2510.0 (2025.10) released
We have today released the 8.25100 rsyslog scheduled stable release. This release delivers three main themes: better Windows Security event ingestion, more flexible JSON handling end to end, and pragmatic compatibility fixes across popular outputs and platforms. It also includes steady documentation improvements and CI hardening.
Continue reading “rsyslog 8.2510.0 (2025.10) released”Modern Snare-Format Parsing Arrives: Introducing the mmsnareparse Module
Last September, Rainer Gerhards revisited a long-standing challenge: normalizing legacy Windows Snare logs for use in modern observability pipelines.
In his article Revisiting old style Windows Log Schema Mapping, he explored heuristic and AI-assisted methods to better handle these still-prevalent formats.
That effort has now resulted in production-ready code: the new mmsnareparse module — already part of the daily stable build and scheduled for inclusion in the 8.2510.0 stable release.
We’re looking for testers right now.
If your systems still forward Windows Security logs in Snare format, please deploy mmsnareparse and let us know how it performs in your environment.
Real-world feedback will directly shape future development.
DigitalOcean Renews Sponsorship – A Strong Foundation for rsyslog Innovation
We are pleased to announce that DigitalOcean has renewed its sponsorship of the rsyslog project. The partnership between rsyslog and DigitalOcean has been in place for many years and continues to be an essential part of our technical infrastructure.
Rsyslog project update: faster reviews, clearer process
Summary
We are tightening our contribution workflow to improve review speed and predictability. Expect reasonable turnaround times, not instant responses. This is rolling out now.
What changes now
- Initial PR look: Maintainer aims to glance at each new PR within 3 business days.
- AI review on PRs: Runs automatically on open. In our experience it is 90%+ correct and provides actionable items.
- Full review trigger: Deeper maintainer review typically follows when CI is green and AI items are fixed or clearly explained.
- Old issues policy: No mass closures. We are revisiting older items with AI assist and closing them for the right reasons, often by implementing what is needed.
- Labels and dashboards: We are formalizing labels (including good first issue) and lightweight dashboards to make navigation and triage easier. Details will follow in a separate post.
- Responsible AI First: We use AI to speed feedback, but only where it adds real value and the results make sense.
New Notification Channels for Rsyslog News
There are now two additional ways to get rsyslog news:
These channels are operated by maintainer Rainer Gerhards. They are meant for people who find it convenient to receive rsyslog updates via messenger platforms.
Continue reading “New Notification Channels for Rsyslog News”Backticks in RainerScript just got smarter: ${VAR} and adjacent text now work
TL;DR
Backticks with echo in RainerScript now support brace-style environment variables (${VAR}) and adjacent text (e.g., `echo sasl.password=${KAFKA_PASSWORD}`). This removes a common pitfall when assembling key=value pairs for modules like omkafka. It’s still a limited, intentional subset—not a full shell. The change was motivated by real-world confusion reported in issue #5827. (GitHub)
rsyslog Goes AI First — A New Chapter Begins
After 24 months of focused evaluation and careful experimentation, we’re excited to announce a major shift in the evolution of rsyslog: we’re going AI First.
For those who love more details, please the the more in-depth description of AI First.
This marks the beginning of a strategic transformation in how we design, develop, and support rsyslog and its ecosystem. While today’s post is just a short announcement, it lays the groundwork for a series of updates to follow — including deep dives into what we’re doing, why, and how it benefits you.
Revitalizing Rsyslog with Docker: A New Era of Log Management
We’re excited to announce a renewed focus on the rsyslog Docker project, bringing you robust, flexible, and easy-to-use containerized solutions for your logging needs. This isn’t just a refresh; it’s a reimagining of how rsyslog can integrate into modern, containerized environments.
