New 8.4 stable is ready
A new rsyslog v8-stable has been released. It is not just the next iteration of 8.2, instead it will be a new feature release based on the latest 8.3 devel. So please welcome 8.4.
Frequent followers may wonder why 8.4 is ready. Originally, we planned to release it after the summer break. The reason is simple: its ready to come up, albeit with a little less functionality than originally anticipated. Since we were primarily doing maintenance and bug fixing on v8-devel the past couple of weeks, just as it normally happens before a new stable branch comes up. So the code has matured and we decided it was ready to be released as stable. We released 8.4.0 a week ago, and it inherits all the enhancements and fixes of rsyslog 8.3. We hope rsyslog 8.4 fulfils your expectations and provides a flawless logging experience.
Introducing the rsyslog config builder tool
Wouldn’t it be great if we had an interactive tool that permitted it novices to build complex rsyslog configurations interactively? Without any need to understand the inner workings or even terminology? Indeed, that would not only be great, but in our opinion also remove a lot of pressure that we have on rsyslog’s documentation part.
In the light of this, we started to work on a tool called the “rsyslog configuration builder“. An initial preview goes life right now today and we invite everyone to play with it. The initial version is hopefully already useful for many cases. However, the primary intent is to gather community feedback, reactions and further suggestions.
The initial version has a restricted set of supported inputs and outputs, as well as other constructs. It works with rsyslog v7.6 and above. The tool can be used anonymously and configurations are kept during the session, with the session timeout being a couple of hours. So that should be a fair amount of time to build your config. For the future, we plan to permit saving the config when logged in into the site. That way, you can work multiple days on a single configuration.
We have many more enhancements on our mind, but first of all we would like to get your feedback. You can provide feedback any way you like, but we would be extremely happy if you post either to the rsyslog mailing list or create an issue in the rsyslog website’s github project.
rsyslog 8.2.0 (v8-stable) released
http://www.rsyslog.com/changelog-for-8-2-0-v8-stable/
Download:
http://www.rsyslog.com/downloads/download-v8-stable/
As always, feedback is appreciated.
Best regards,
Florian Riedl
Writing RSysLog Plugins in 2 Minutes
Need to connect RSysLog to some destination for which no plugin yet exists? Do you know a little bit of scripting or programming? Than this presentation is for you. It’s fast-path to writing rsyslog plugins very, very quickly.
7.4.0 – the new stable
new rsyslog 7.4.0 stable released
We just released rsyslog 7.4.0, a new stable release which replaces the 7.2 branch. After nine month of hard work, there are many exciting enhancements compared to 7.2, and I thought I give you a quick rundown of the more important new features. Note that while I list some “minor features” at the end of this posting, the list is not complete. I left out those things that are primarily of interest for smaller groups of users. So if you look for a specific feature not mentioned here, it may pay to look at the ChangeLog or post a question to the rsyslog mailing list.
With this release, the rsyslog project officially supports the 7.4 and 7.2 branches. If support for older versions is required, utilizing Adiscon’s professional services for rsyslog is recommended.
Note that I only list main headlines for each of the features. Follow links (where provided) to gain more in-depth information.
Security Package
- introduction of Linux-like rate-limiting for all inputs
- “Last message repeated n times” now done on a per-input basis; makes it much more useful AND increases processing speed.
- omjournal writes messages to the journal
- imjournal obtains messages including journal-specific meta data items from the journal
Performance Improvements
- Disk Queue Performance greatly improved
- DNS chache greatly improved and optimized
- omfile now supports fully async writing
- script optimizer now changes frequently-used long-running filters into equivalent quick ones when possible (this even affects some distros default configs and is a great performance saver)
Minor Features
- various plugins now support the new RainerScript based config language
- omlibdbi improvements, among them support for transactions
- ommysql now supports transactions
- improved omfile zip writing speed
- performance optimizations
- omelasticsearch improvements (bulk processing mode, local error file)
- omudpspoof now supports packets larger than 1472 by using fragmentation
- omrelp now supports session timeout
- contributed module (not project-supported) omrabbitmq was added
Main Advantages of rsyslog v7 vs. v5
Why rsyslog V7:
- greatly improved configuration language – the new language is much more intuitive than the legacy format. It will also prevent some typical mistakes simply by not permitting these invalid constructs. Note that legacy format is still fully supported (and you can of course do the same mistakes if you use legacy format).
- greatly improved execution engine – with nested if/then/else constructs as well as the capability to modify variables during processing.
- full support for structured logging and project lumberjack / CEE – this includes everything from being able to create, interpret and handle JSON-based structured log messages, including the ability to normalize legacy text log messages.
- more plugins – like support for MongoDB, HDFS, and ElasticSearch as well as for the kernel’s new structured logging system.
- higher performance – many optimizations all over the code, like 5 to 10 times faster execution time for script-based filters, enhanced multithreaded TCP input plugin, DNS cache and many more.
Of course, there are many more improvements. This list contains just the most important ones. For full details, check the file ChangeLog.
Rsyslog Windows Agent Released
The rsyslog Windows agent enables customers to integrate Windows Event Logs into their central rsyslog-based logging system. Even more, it supports acting as a syslog relay as well. This enables small branch offices only runnig Windows to provide local syslog sources to the central server as well.
We have released the first full-featured version of this product today. It is based on Adiscon’s mature suite of Windows-to-syslog tools. Most importantly, it provides the ability to fully extract Windows Event Log data, including local resolution of user IDs, SIDs, GUIDs and similiar objects. It not only supports the current Windows Event Log format but also the legacy (pre Windows-2008/Vista) event log system. The technology behind this tool is already in use at thousands of customer sites for many years (in the form of, for example, EventReporter and other Adiscon products).
The rsyslog Agent for Windows has been highly optimized for use with rsyslog at the back end. For example, it supports mutually-authenticated, TLS encrypted syslog as well as the RELP protocol for reliable delivery. Also, it provides an initial implementation of cee-enhanced syslog, and is the world’s first-ever solution to do so (details can be found in the configuration guide for cee-enhanced syslog).
By purchasing rsyslog Agent for Windows customers not only get first class event log integration, they also help fund further improving the rsyslog solution as whole. The package even contains limited rsyslog professional services.
A trial version can be downloaded from the rsyslog Windows agent page.