rsyslog

rsyslog on AWS – Sync Configuration with S3

By Adiscon SupportPosted on June 24, 2024Posted in rsyslog on Amazon Web Services (AWS Marketplace App)

Ensuring the integrity and availability of your rsyslog configuration is crucial for maintaining a robust logging system. By syncing your rsyslog configuration to AWS S3, you create a reliable backup that can be easily restored when needed. This guide will walk you through the process of syncing your rsyslog configuration to S3 and restoring it when necessary.

Prerequisites

Before you begin, ensure you have the following:

rsyslog server from AWS Marketplace with at least Version S2: v13 rsyslog
S3Bucket (Is created by default since S2: v13 rsyslog or higher).

Syncing Configuration History to S3

This command synchronizes the current rsyslog configuration history to a specified S3 bucket. It ensures all configuration changes are backed up, providing a reliable recovery solution.

sudo rsyslogctl sync-config-history-to-s3

When executed, this command uploads your rsyslog configuration history to the S3 bucket configured in your settings. Regular execution of this command, especially after making significant changes, ensures your backups are always current.

Restoring Configuration from S3

This command downloads the rsyslog configuration history from an S3 bucket to the local machine, facilitating configuration restoration.

sudo rsyslogctl sync-s3-to-config-history

Executing this command retrieves the configuration history from S3 and applies it to your local rsyslog setup.

Back to aws rsyslog overview.

RSyslog Windows Agent 7.5a Released

By friedlPosted on May 29, 2024Posted in Release AnnouncementTagged 7.5a, release, RSyslog Windows Agent

Release Date: 2024-05-29

Build-IDs: Service 7.5.0.226, Client 7.4.0.315

Bugfixes

File Action: Fixed an issue with circular and segmented file logging when configured size was above 2GB.
Log Rotation: Fixed an issue with log rotation when Log rotation Size was above 2GB.
Log Rotation: Fixed unintended log rotation on configuration reload when Log rotation on Close was enabled.

You can download Free Trial Version of RSyslog Windows Agent.

Documentation Improvement and AI

By Rainer GerhardsPosted on January 19, 2024Posted in News, rsyslog documentation

For a long time, I struggled with the daunting task of enhancing the documentation for Rsyslog. My extensive knowledge of Rsyslog technology often made it challenging for me to create user-friendly documentation, especially for individuals with little to no syslog background. Additionally, as a non-native English speaker, I was aware that some of my sentences might be harder to understand than desired. But thanks to the breakthroughs in generative artificial intelligence (AI), the game has changed, and a new era of documentation improvement has begun.

With current state of technology, AI can not auto-generate complete documentations. It needs to form a team with a human instead. (Image: Rainer Gerhards via AI)

Elevating Syslog Security: RSyslog Introduces DTLS Plugins for UDP

By Rainer GerhardsPosted on January 10, 2024Posted in News

We at the RSyslog project are excited to share our recent advancements in syslog security. We have introduced initial plugins for Datagram Transport Layer Security (DTLS) syslog, namely imdtls (input module) and omdtls (output module). This development, which aligns with RFC 6012, represents a significant enhancement, albeit not a game-changer, in our continuous efforts to improve secure log transmission.

A symbolic graphic depicting syslog traffic. (Picture: Rainer Gerhards via AI)

Additional improvements to rsyslog doc and site…

By Rainer GerhardsPosted on January 9, 2024Posted in News

We’re excited to announce significant enhancements to the rsyslog website, designed to make your experience more efficient and enjoyable. Our primary focus has been on the documentation presentation, and we’ve implemented a range of upgrades across the site to reflect this.

rsyslog doc and site improvements continue (symbol picture: Rainer Gerhards via AI)

Improving the rsyslog documentation…

By Rainer GerhardsPosted on January 4, 2024Posted in News

The current state of rsyslog documentation and its representation on our official website has been a subject of concern within the professional community. We are initiating a comprehensive project aimed at systematically addressing these issues. Over the coming weeks, stakeholders can expect a series of methodical changes, some of which may be significantly transformative.

The rsyslog documentation – an important part of the system. (image: Rainer Gerhards/AI)

RSyslog Windows Agent 7.5 Released

By friedlPosted on October 18, 2023Posted in Release Announcement

Release Date: 2023-10-18

Build-IDs: Service 7.5.0.225, Client 7.4.0.315

Bugfixes

Relp Action: Updated to latest librelp version 1.11.0.
File Action: Fixed a race condition in Filename handling that could cause a problem under heavy load and stress conditions.
Filter Engine: Fixed incorrect greater / lower filter handling of IP Type Filter.
Network Core: Suppressed network error debug output during interrupts if connection is in shutdown state.

You can download Free Trial Version of RSyslog Windows Agent.

RSyslog Windows Agent 7.4 Released

By friedlPosted on June 21, 2023Posted in Release AnnouncementTagged 7.4, release, RSyslog Windows Agent

Release Date: 2023-06-21

Build-IDs: Service 7.4.0.223, Client 7.4.0.315

Bugfixes

Syslog Action: Fixed a very rare case where an Action could try to open **TCP connections** to the same target **multiple times simultaneously**. The handling has been hardened to avoid concurrent connection establishment retries for the same Action.
Syslog Action: Fixed error handling when **the** connection fails and Syslog Caching is enabled. If a syslog backup server is enabled, the action will now retry the primary server correctly again after syslog caching has been activated.
EventLog Monitor V2: Fixed an issue in XML-Stream Processing that could cause failure in processing an EventLog Message.
LogRotate: Corrected error reporting when the feature is not available **due to** licensing.
Network Core: **Enhanced stability** during closing connections.

You can download Free Trial Version of RSyslog Windows Agent.

rsyslog on AWS – Applying Configuration Changes

By Rainer GerhardsPosted on May 2, 2023Posted in rsyslog on Amazon Web Services (AWS Marketplace App)

Once you’ve updated the configuration of the AWS rsyslog application, it’s important to manually apply the new settings as rsyslog doesn’t do this automatically. This is to prevent partial changes from being loaded and potentially causing issues.

The AWS rsyslog AWS application provides a dedicated tool, rsyslogctl, which can be used to check and reload the configuration. During the reload process, rsyslogctl determines the most efficient way to apply the changes. For example, some changes like drop rules can be applied without interrupting message processing, while others require a full restart, causing a brief interruption.

rsyslog on AWS – S3 file structure

By Rainer GerhardsPosted on April 24, 2023Posted in rsyslog on Amazon Web Services (AWS Marketplace App)

The EBS disk included in the product is only used for day-to-day storage of logs. Persistent log storage is kept on an S3 store. This store also contains some other data items which should persist over upgrades of the rsyslog on AWS application.

The following prefixes/folders are used by rsyslog:

/rsyslog.logstore/ – the actual logstore
This is synced with data from the local EBS disk once a day for the past day (in default settings).
/rsyslog.config/ – config data items.
This contains the user-based config which can be restored from here during an upgrade or on misconfiguration.

The users should select proper S3 policies based on her or his needs. Most importantly, Versioning and Retention Period should be set accordingly.

The S3 store to use can be configured during the cloud formation process and manually via the meta config.

Back to aws rsyslog overview.