Myth-Buster: rsyslog is not “just a legacy syslogd”
The myth is persistent — partly because of the name. Yes, rsyslog started life as an enhanced syslog daemon for Linux. But over two decades, it has evolved into a high-performance ETL engine that powers data pipelines in thousands of production environments.
Adiscon joins connect.IT Heilbronn-Franken — why this matters to rsyslog
Adiscon, the main sponsor of rsyslog, has joined connect.IT Heilbronn-Franken, a regional non-profit network linking companies, startups, universities, and public institutions across AI, data, cloud, and cybersecurity. We highlight connect.IT because it is a strong regional hub, and we are here to learn.
rsyslog 8.2510.0 (2025.10) released
We have today released the 8.25100 rsyslog scheduled stable release. This release delivers three main themes: better Windows Security event ingestion, more flexible JSON handling end to end, and pragmatic compatibility fixes across popular outputs and platforms. It also includes steady documentation improvements and CI hardening.
Continue reading “rsyslog 8.2510.0 (2025.10) released”Modern Snare-Format Parsing Arrives: Introducing the mmsnareparse Module
Last September, Rainer Gerhards revisited a long-standing challenge: normalizing legacy Windows Snare logs for use in modern observability pipelines.
In his article Revisiting old style Windows Log Schema Mapping, he explored heuristic and AI-assisted methods to better handle these still-prevalent formats.
That effort has now resulted in production-ready code: the new mmsnareparse module — already part of the daily stable build and scheduled for inclusion in the 8.2510.0 stable release.
We’re looking for testers right now.
If your systems still forward Windows Security logs in Snare format, please deploy mmsnareparse and let us know how it performs in your environment.
Real-world feedback will directly shape future development.
DigitalOcean Renews Sponsorship – A Strong Foundation for rsyslog Innovation
We are pleased to announce that DigitalOcean has renewed its sponsorship of the rsyslog project. The partnership between rsyslog and DigitalOcean has been in place for many years and continues to be an essential part of our technical infrastructure.
Rsyslog project update: faster reviews, clearer process
Summary
We are tightening our contribution workflow to improve review speed and predictability. Expect reasonable turnaround times, not instant responses. This is rolling out now.
What changes now
- Initial PR look: Maintainer aims to glance at each new PR within 3 business days.
- AI review on PRs: Runs automatically on open. In our experience it is 90%+ correct and provides actionable items.
- Full review trigger: Deeper maintainer review typically follows when CI is green and AI items are fixed or clearly explained.
- Old issues policy: No mass closures. We are revisiting older items with AI assist and closing them for the right reasons, often by implementing what is needed.
- Labels and dashboards: We are formalizing labels (including good first issue) and lightweight dashboards to make navigation and triage easier. Details will follow in a separate post.
- Responsible AI First: We use AI to speed feedback, but only where it adds real value and the results make sense.
rsyslog 8.2508.0 (2025.08) – release announcement
Download: https://www.rsyslog.com/files/download/rsyslog/rsyslog-8.2508.0.tar.gz
Project-provided packages are building now and are expected later today. Ubuntu PPAs are already done.
We are excited to ship a large and meaningful rsyslog release. This cycle advances our responsible “AI First” strategy and moves decisively toward cloud native operations. It also delivers major quality, security, and documentation improvements.
Continue reading “rsyslog 8.2508.0 (2025.08) – release announcement”New Notification Channels for Rsyslog News
There are now two additional ways to get rsyslog news:
These channels are operated by maintainer Rainer Gerhards. They are meant for people who find it convenient to receive rsyslog updates via messenger platforms.
Continue reading “New Notification Channels for Rsyslog News”Backticks in RainerScript just got smarter: ${VAR} and adjacent text now work
TL;DR
Backticks with echo in RainerScript now support brace-style environment variables (${VAR}) and adjacent text (e.g., `echo sasl.password=${KAFKA_PASSWORD}`). This removes a common pitfall when assembling key=value pairs for modules like omkafka. It’s still a limited, intentional subset—not a full shell. The change was motivated by real-world confusion reported in issue #5827. (GitHub)
RSyslog Windows Agent 8.1 Released
Adiscon is pleased to announce the release of Rsyslog Windows Agent 8.1.
This release brings significant improvements to the platform’s reliability and functionality. The Mail Action has been modernized with improved SMTP logic and better error handling for email delivery.
Key security and stability improvements include fixes for memory leaks in the REGEX Filter and file compression systems, as well as enhanced timestamp processing to prevent conversion errors. Event Log monitoring now supports microseconds precision for improved compliance with RFC standards.
Detailed information can be found in the version history.