rsyslog

RSyslog Windows Agent 7.0 Released

By friedlPosted on March 9, 2021Posted in Release AnnouncementTagged 7.0, eventlog monitor v2, filter engine, librelp, OpenSSL, release, RSyslog Windows AgentNo Comments

Release Date: 2021-03-09

Build-IDs: Service 7.0.0.213, Client 7.0.0.297

Features

Filter Engine: Add support to filter by IPv6 addresses.
Eventlog Monitor V2: Added support to for LogPoint SIEM JSON Format.
Eventlog Monitor V2: Added support for the following EventLog properties (if available):
Providerguid, processed, threaded, version, opcode, eventtype, nxseverityvalue (required for Severity Mapping in LogPoint SIEM JSON Format)
Action Caching: Added support for caching / queuing in RELP Action when Action processing fails.
Filter Engine: Added support to store filter results when using the global Status Variable type filters.
Queue Engine: Added Warning/Error events which are generated when the queue gets full.
Librelp: Updated librelp to v1.8.0.
Openssl: Updated to version 1.1.1g.

Bugfixes

Filter Engine: Fixed SaveIntoProperty handling when using the Status Type Filter.
Queue Engine: Fixed an issue that caused an internal exception
STATUS_STACK_BUFFER_OVERRUN when two TCP Syslog Sessions where closed at the same time.

You can download Free Trial Version of RSyslog Windows Agent.

RSyslog Windows Agent 6.2d Released

By friedlPosted on February 19, 2021Posted in NewsTagged 6.2d, Changelog, RSyslog Windows Agent, VersionNo Comments

Release Date: 2021-02-19

Build-IDs: Service 6.2.0.211, Client 6.2.0.284

Bugfixes

Syslog Action: When appending to syslog cache files with the exact size of 4294967295 bytes, the File Open failed due incorrect error handling in that special case.

You can download Free Trial Version of RSyslog Windows Agent.

RSyslog Windows Agent 6.2c Released

By friedlPosted on January 28, 2021Posted in NewsTagged 6.2c, release, RSyslog Windows Agent, Version

Release Date: 2021-01-28

Build-IDs: Service 6.2.0.210, Client 6.2.0.284

Bugfixes

Syslog Service: Fixed an parsing issue of the syslogtag (rfc5424 only) with malformed syslog headers.
Syslog Service: Fixed an issue where two nullbytes were appended to the rawsyslogmsg property.
EventLog Monitor V2: Fixed Unicode support when using JSON Output format.
IPv6: Fixed a conversion issue when a source was converted into a IPv6 address string.

You can download Free Trial Version of RSyslog Windows Agent.

RSyslog Windows Agent 6.2b Released

By friedlPosted on September 4, 2020Posted in NewsTagged 6.2b, Changelog, RSyslog Windows AgentNo Comments

Release Date: 2020-09-04

Build-IDs: Service 6.2.0.209, Client 6.2.0.284

Bugfixes

Start Program Action: Fixed loading the Sync Timeout setting in file configuration mode.
Queue Engine: Fix for STATUS_STACK_BUFFER_OVERRUN exception.
STATUS_STACK_BUFFER_OVERRUN doesn’t mean that there was a stack buffer overrun. It appears that due recent security updates in windows network code, a new exception type was introduced. This exception could be happening in very rare conditions when two Syslog Action would close their TCP Sessions at the very same millisecond.

You can download Free Trial Version of RSyslog Windows Agent.

RSyslog Windows Agent 6.2a Released

By friedlPosted on July 20, 2020Posted in Release AnnouncementTagged 6.2a, RSyslog Windows AgentNo Comments

Release Date: 2020-07-21

Build-IDs: Service 6.2.0.208, Client 6.2.0.284

Bugfixes

Fixed an issue that could cause the Service to abort while configuration reload was running.
Fixed an issue when the user stopped the Service while a configuration reload was running.

You can download Free Trial Version of RSyslog Windows Agent.

RSyslog Windows Agent 6.2 Released

By friedlPosted on June 16, 2020Posted in Release AnnouncementTagged 6.2, bugfix, RSyslog Windows AgentNo Comments

Release Date: 2020-06-16

Build-IDs: Service 6.2.0.207, Client 6.2.0.284

Bugfixes

EventLog Monitor V2: Fixed a problem during configuration load that could cause unexpected termination of the service.

You can download Free Trial Version of RSyslog Windows Agent.

Slightly Changed rsyslog Stable Release Cycle

By Rainer GerhardsPosted on May 4, 2020Posted in News, Top NewsNo Comments

For the past couple of years, rsyslog made scheduled releases every 6 weeks. We now changed this slightly to make version numbers easier to understand.

Remember, rsyslog versions are called 8.<yy><mm>.0, so the April 2020 release is 8.2004.0. When we release very six weeks, we get odd and even month numbers and, even more confusing, we sometimes seem to “skip” a month while at other times it looks like we craft a scheduled stable “every month”. To avoid this type of confusion, we have now decided to release every two month, and do that on even month.

We will usually try to release in the second half of the given month. However, we will no longer tell the exact target date. We need some flexibility here to avoid targeting “bad release periods”. As a concrete example, we will probably never do a December release during the holiday period. As such, December releases are more likely to happen in the first half of the month, which should give admins also some time to do all of their internal testing work ahead of the holidays.

We originally used the six week schedule to provide a balance between frequent bug fixes and not too frequent releases. With the appearance of daily stable releases a longer release cycle is no more a real concern. Everybody in need of a fix not yet present in the scheduled stable can just switch to the daily stable as needed. Remember that both are stable versions. The daily stable is often more stable as it contains the latest fixes.

RSyslog Windows Agent 6.1a Released

By friedlPosted on March 10, 2020Posted in Release AnnouncementTagged 6.1a, RSyslog Windows AgentNo Comments

Release Date: 2020-03-10

Build-IDs: Service 6.1.0.206, Client 6.1.0.280

Features

TLS Support: Updated to OpenSSL 1.0.2u.

You can download Free Trial Version of RSyslog Windows Agent.

RSyslog Windows Agent 6.1 Released

By friedlPosted on January 31, 2020Posted in Release AnnouncementTagged 6.1, bugfix, release, RSyslog Windows Agent, VersionNo Comments

Release Date: 2020-01-31

Build-IDs: Service 6.1.0.205, Client 6.1.0.280

Features

Property engine: Added new static property %localhostname% which contains the local computer name.
Syslog Action: Fixed Syslog Version in RFC5424 Header to 1.

Bugfixes

EventLog Monitor V2: Fixed an issue losing the first record LastRecord was resetted.
EventLog Monitor V2: Fixed minor issues in new caching code.
Queue Engine: Fixed an issue in the Action retry logic which caused the same information to be reprocessed again.
Property Engine: Fixed an issue initializing the socket subsystem if no network action/service was used related to the toipv4address/toipv6address options.
Engine: Fixed multiple memory leaks when a name was resolvedto an IP address.

You can download Free Trial Version of RSyslog Windows Agent.

Encasing of control structures

By friedlPosted on October 28, 2019Posted in FAQTagged faq, filter, if filter, if then, rsyslog

When using control structures to create some case filtering, there are some things to consider when formatting this.

In general, a control structure can be as simple as this:

if $msg contains "word" then 
    action()
else
    action()

While this is correct and will work as expected, it is generally better style to encase expressions and actions. That way, they are more clearly separated from the control structure itself for better overview and can be more easily expanded without error. When using multiple actions or expressions, encasing is needed anyway, so we think it’s good practice to always use it.

Example:

if ($msg contains "word") then {
    action() 
} else {
    action()
}

And a more complex example:

if ($msg contains "word" and $source == "123.123.123.123") then {
    action()
    action()
} else {
    action()
    action()
}

All three sample snippets above are correct in their own way. Added complexity makes encasing necessary though. So, you may as well use it for all your filters to have a consistent and all-case proof configuration.