rsyslog

The rocket-fast system for log processing

News

RSyslog Windows Agent 6.0 Released

By friedlPosted on Posted in Release AnnouncementNo Comments on RSyslog Windows Agent 6.0 Released

Release Date: 2019-07-01

Build-IDs: Service 6.0.0.200, Client 6.0.0.277

Features

  • Configuration Client using latest .Net Framework now.
  • Windows 2019 Support.
  • Configuration reload: Added support to update configuration from https url.
  • Property engine: Added new options
    • date-rfc3164strict: Same as date-rfc3164 but with two spaces
      after month if day is below 10.
    • crlftovbar: Replaces all CRLF or LF to vertical bar character.
    • replacechar: Replaces a single character with another single
      character, sample: %msg:$x:$y:replacechar%. More information’s can be
      found in the manual.
    • removecc: Removes all control characters from 0x00 to 0x1F
  • EventLog Monitor V2: Added JSON Output format Option to MessageFormat
    selection.
  • EventLog Monitor V2: Refactored code for performance improvements.
    Implemented Event Caching options for Publisher handles, Levels, Tasks and
    Keywords.
  • TLS Support: Enhanced error reporting when OpenSSL errors are being
    processed internally.
  • HTTP Request Action: Added support for https urls.

Bugfixes

  • Fixed configuration reload freeze when debug logging was enabled.
  • Syslog Action: Added missing RealSource option when using RFC3164 syslog
    header.

You can download Free Trial Version of RSyslog Windows Agent.

RSyslog Windows Agent 5.2 Released

By friedlPosted on Posted in Release AnnouncementTagged , , No Comments on RSyslog Windows Agent 5.2 Released

Release Date: 2019-04-25

Build-IDs: Service 5.2.0.195, Client 5.2.0.274

Features

  • Hardened Code using new utilities like cppcheck and LLVM.

Bugfixes

  • Fixed processing issues with date property replacer options.
  • Fixed a bug with UTF8 encoding detection (String content before the encoded string (BOM) was dropped).

You can download Free Trial Version of RSyslog Windows Agent.

rsyslog version numbering change

By Rainer GerhardsPosted on Posted in News, Top NewsNo Comments on rsyslog version numbering change

Rsyslog used a version number scheme of

8.<real-version>.0

where we incremented <real-version> every 6 weeks with each release. The 8 and 0 are constant (well, the 0 could change to 1 with a very important patch, but in practice we have only done this once).

While this scheme has worked pretty well since we introduced it, we often see people not understanding that there is really a big difference between 8.24 and e.g. 8.40. Followind recent trends in software versioning, we  will make more clear how old a version really is. Begining with today’s release, we change the version number slightly  to

8.yymm.0

where yy is the two-digit year and mm the two-digit month of the release date. We release every 6 weeks, so we will never have two releases within the same month.

So while you expected 8.41.0, you will now get 8.1901.0. To make things even more clear, rsyslog visible version output will be even more up to the point: rsyslog -v will now report “8.1901.0 (aka 2019.01)“.

Rainer Gerhards’ blog has more details on why we did this change and how we came to the new system.

RSyslog Windows Agent 5.1 Released

By friedlPosted on Posted in Release AnnouncementTagged , , No Comments on RSyslog Windows Agent 5.1 Released

Release Date: 2018-08-23

Build-IDs: Service 5.1.0.193, Client 5.1.0.269

Features

  • Send RELP Action: Updated Librelp library to 1.2.17
  • Send RELP Action: Added TLS support (using OpenSSL library).
  • TLS Support: Added support for anonymous communication (Certless).
  • TLS Support: Added support to enable /disabled TLS communication methods.
  • TLS Support: Added support for setting advanced OpenSSL command parameters.
  • Property Engine: Added new option “cef” to convert a string into McAfee CEF Format.
  • OpenSSL: Added support to pass through OpenSSL diagnostic information into our own debugging system.
  • Lognorm Action: Added support to convert Array types into properties, printing converted properties into debug log now.

Bugfixes

  • File Monitor: Fixed issue with REGEX Message Separators when first char of message was matching.
  • Lognorm Action: Fixed issue that stopped Action from working when Output format was set to disabled.
  • Lognorm Action: Fixed issue when shutting down Service or doing a configuration reload when Lognorm Action is used.
  • TLS Support: Removed expired internal certificates.

You can download Free Trial Version of RSyslog Windows Agent.

RSyslog Windows Agent 5.0 Released

By friedlPosted on Posted in Release AnnouncementTagged , , , , ,

Release Date: 2018-04-11

Build-IDs: Service 5.0.0.185, Client 5.0.0.263

Features

  • File Monitor: Added new options “Process rest of file as one message” and Read  Filebuffer size for better regex message separator handling.
  • Syslog Action: Added support for multiple syslog servers (Load balancing)
  • Syslog Action: Backup Syslog Server is now tried on connect as well. Before, the backup server was only used when an existing connection to the primary server interrupted.
  • Core Engine: Enhanced debug output for network errors.
  • LogNorm Action: Updated Action to support liblognorm v2 rulebases.

Bugfixes

  • Property Engine: Fixed daylight handling when using RFC3339 string conversion. Daylight was incorrectly always applied.
  • Property Engine: Fixed dynamic properties conversion when using xml output. This bug caused some properties to be missing when sending them by SETP protocol or using Syslog Cache mode.
  • Configuration reload: Fixed missing SNMP Mibtree after configuration reload.

You can download Free Trial Version of RSyslog Windows Agent.

rsyslog 8.34.0 (v8-stable) released

By friedlPosted on Posted in News, Release Announcement, UncategorizedTagged , , , , ,

Today, we release rsyslog 8.34.0. Most notably is the large refactoring of the imfile module as well as the new module mmkubernetes (contributed). Additionaly, a lot of improvements and fixes have been added to the current release, too many to list them all. So please take a look at the changelog for all the details.

ChangeLog:

rsyslog 8.33.0 (v8-stable) released

By friedlPosted on Posted in News, Release AnnouncementTagged , , , ,

Today, we release rsyslog 8.33.0. This release has a number of changes, but most of these are under the hood. Some of the more obivous changes are the new include() script object and template json container. Also, rsyslog now has better support for running in a container environment. The full list of changes to rsyslog can be reviewed in the Changelog.

ChangeLog:

New Logo Selected

By Rainer GerhardsPosted on Posted in Top News

The rsyslog community selected a new logo! The winner is logo 1, also shown here to the right. That logo won with an overwhelming majority, and lead the polls on the mailing list, our original logo selection post as well as a dedicated poll we created for easier and anonymous voting.

The logo was originally contributed in 2014 by “robert s”, whom unfortunately I am no longer able to contact. While before we never officially adopted it, it went into widespread use and is already often used to represent rsyslog. So in a sense the now-official selection let’s us keep consistent.

We are glad to have the community decision. I am right now implementing the new logo all over rsyslog web spaces. It will also be available via the rsyslog website github project (PR just created).

Many thanks to all who voted. It was a pleasant experience for us. This may have also set stage for future polls on different topics.

What are your thoughts regarding current and potential rsyslog support channels?

By deorenPosted on Posted in News, Top NewsTagged , , , , , ,

Overview

Traditionally the rsyslog community has sought and provided support through three main channels:

  • mailing list
  • forums
  • ticketing system (at one time Bugzilla, now GitHub)

Over the years, the community support options have shifted to the point that we are considering retiring the forums in order to best direct users that post there to other, more current options that better fit their needs. It would appear that aside from specific cases, the time of the web forum has passed.

That said, we would like to get your feedback to best determine the way to move forward. What follows are some initial ideas to get the conversation started. Please feel free to respond here, via Twitter, the mailing list or on GitHub. Thank you for your time.

Potential Support options

The following items are all “whiteboard” topics, listed in no real order in an effort to start discussion. Neither the order or presence in the list indicates that a decision has already been made by the team to pursue the support option. Please feel free to suggest your own entries.

Keep the forums, send notifications of new posts made on the forums to the mailing list

  • Note: Attempts to respond to those notifications would not result in the replies being posted to the original topic on the forums.
  • Would this truly result in any additional responses to those forum posts than are currently being provided now?

Set forums to read-only, direct visitors to GitHub for support

  • Could GitHub serve as a replacement for the forums? If so, what do you think about mixing general questions with bug reports in the main project (rsyslog/rsyslog)?
  • Would a dedicated “project” (e.g., rsyslog/rsyslog-support) be useful?

    • Set forums to read-only, direct visitors to StackOverflow

    It would appear there is already solid participation there for questions tagged with rsyslog:

    https://stackoverflow.com/questions/tagged/rsyslog

    Official Twitter presence

    followers are encouraged to retweet rsyslog related questions, guides, etc to their followers.

    This is actually a “trick” entry of sorts! We already have a Twitter account that you can follow and interact with: @rsyslog

    • Do you already follow that account?
    • Would you retweet content from others?
    • Would you respond to help requests that are retweeted
    • If links to active GitHub issues are posted, will you take the time to go view them?

    Official Facebook presence

    Would you participate in discussions and support requests made there?

    IRC, XMPP, Slack, …

    • Would you participate?
    • Do you feel this could replace the forums?
    • Would this be more useful to you than the mailing list?
    Scroll to top