rsyslog

rsyslog 7.6.0 (v7-stable) released

By Adiscon SupportPosted on February 12, 2014Posted in News, Release AnnouncementTagged 7.6.0, impstats, imrelp, mmpstrucdata, mmsequence, mmutf8fix, omrelp, release, rsyslog, stable, v7

This is the first release of rsyslog 7.6 in the v7-stable branch. Since 7.4 a lot of new functions have found their way into rsyslog. With 7.6 being the successor of the 7.5 development branch, everything that has been added there has now found its way into the stable version. The major additions consist of

imrelp/omrelp now support TLS & (zip) compression
impstats is now emitting resource usage counters, can directly emit delta values and can now be bound to a ruleset
mmpstrucdata is a new module to parse RFC5424 structured data into JSON message properties
mmutf8fix is a new module to fix invalid UTF-8 sequences
mmsequence is a new module that helps with action load balancing
new defaults for main/ruleset queues to be more enterprise-like

Also the new stable version has undergone a lot of bug fixes, performance improvements and optimizations that make rsyslog 7.6 a lot more reliable and performing than before. Also, requirements have changed a little. For rsyslog 7.6 you now require librelp 1.1.4 and libestr 0.1.7 due to major fixes.

More detailed information is available in the ChangeLog.

ChangeLog: http://www.rsyslog.com/changelog-for-7-6-0-v7-stable/

Download: http://www.rsyslog.com/rsyslog-7-6-0-v7-stable/

As always, feedback is appreciated.

Best regards,

Florian Riedl

rsyslog 7.6.0 (v7-stable)

By Adiscon SupportPosted on February 12, 2014Posted in Download, stableTagged 7.6.0, Download, rsyslog, stable, v7

Download file name: rsyslog 7.6.0 (stable)

rsyslog 7.6.0 (stable)
sha256 hash: c40da756369dbb560b26f5baab5bdbdf25f728c74c32e9ae28a1888f376020a0

Author: Rainer Gerhards (rgerhards@adiscon.com)
Version: 7.6.0 File size: 2.60 MB

Download this file now!

Changelog for 7.6.0 (v7-stable)

By Adiscon SupportPosted on February 12, 2014Posted in ChangelogTagged 7.6.0, bugfix, Changelog, liblogging, liblogging-stdlog, ompgsql, rsyslog, stable, v7

Version 7.6.0 [v7.6-stable] 2014-01-??
This starts a new stable branch based on 7.5.8 plus the following changes:

bugfix: imuxsock input parameters were not accepted due to copy&paste error.
Thanks to Andy Goldstein for the fix.
added ProcessInternalMessages global system parameter
This permits to inject rsyslog status messages into *another* main syslogd or the journal.
new dependency: liblogging-stdlog (for submitting to external logger)
bugfix: json templates are improperly created
Strings miss the terminating NUL character, which obviously can lead to all sorts of problems.
See also: https://github.com/rsyslog/rsyslog/issues/27
Thanks to Alain for the analysis and the patch.
ompgsql bugfix: improper handling of auto-backgrounding mode
If rsyslog was set to auto-background itself (default code behaviour, but many distros now turn it off for good reason), ompgsql could not properly connect. This could even lead to a segfault. The core reason was that a PG session handle was kept open over a fork, something that is explicitely forbidden in the PG API.
Thanks to Alain for the analysis and the patch.

rsyslog 7.4.10 (v7-stable) released

By Adiscon SupportPosted on February 12, 2014Posted in NewsTagged 7.4.10, bugfix, release, rsyslog, stable, v7

We have just released 7.4.10 of the v7-stable branch. This is the final bug-fixing release for rsyslog 7.4. The new version will be 7.6. More detailed information is available in the ChangeLog.

ChangeLog:
Download: http://www.rsyslog.com/rsyslog-7-4-10-v7-stable/

As always, feedback is appreciated.

Best regards,

Florian Riedl

rsyslog 7.4.10 (v7-stable)

By Adiscon SupportPosted on February 12, 2014Posted in Download, stableTagged 7.4.10, Download, rsyslog, stable, v7

Download file name: rsyslog 7.4.10 (stable)

rsyslog 7.4.10 (stable)
sha256 hash: ab1d26da2bfd38db34dd991a9c5d93034ef1373d01f9d5a0923bb0d4802b9fbe

Author: Rainer Gerhards (rgerhards@adiscon.com)
Version: 7.4.10 File size: 2.92 MB

Download this file now!

Changelog for 7.4.10 (v7-stable)

By Adiscon SupportPosted on February 12, 2014Posted in ChangelogTagged 7.4.10, bugfix, Changelog, ompgsql, rsyslog, stable, v7

Version 7.4.10 [v7.4-stable] 2014-02-12

bugfix: json templates are improperly created
Strings miss the terminating NUL character, which obviously can lead to all sorts of problems.
See also: https://github.com/rsyslog/rsyslog/issues/27
Thanks to Alain for the analysis and the patch.
ompgsql bugfix: improper handling of auto-backgrounding mode
If rsyslog was set to auto-background itself (default code behaviour, but many distros now turn it off for good reason), ompgsql could not properly connect. This could even lead to a segfault. The core reason was that a PG session handle was kept open over a fork, something that is explicitely forbidden in the PG API.
Thanks to Alain for the analysis and the patch.

LibLogging 1.0.1 released

By Rainer GerhardsPosted on February 10, 2014Posted in 1.0.1Tagged liblogging

liblogging 1.0.1 [download]

This version primarily clarifies the licensing and fixes some packaging issues. Otherwise, it is identical to 1.0.0.

Changelog:
v1.0.1 2014-02-10
– rfc3195 component now 2-clause BSD licensed
This means the complete liblogging is now under 2-clause BSD
– new component names:
* liblogging-stdlog
* liblogging-rfc3195
made some necessary name adjustments
See also: https://github.com/rsyslog/liblogging/issues/2

sha256sum: 99d09101cc3c22e2388fe2a817bb1c6f5fe2275623aadb94a49d1c2259102bfa

imagemap-test

By Adiscon SupportPosted on February 5, 2014Posted in Uncategorized

How to use a parser module

By Adiscon SupportPosted on January 31, 2014Posted in FAQTagged parser, pmaixforwardedfrom

A recent occurence initiated this small article. The question was about how to use a specific parser module.

First off, most parser modules, except those that are built-in, are only available in the git repository and the tarball releases. They cannot be used with RPMs and packages.

The specific parser module I want to use now is pmaixforwardedfrom and was contributed by David Lang. The module parses a message from AIX and strips the string “Message forwarded from ” from the message, because else the message cannot be parsed properly. So the original message that looks like this

Jan 25 23:09:48 Message forwarded from hostname: syslog: /usr/sbin/ifconfig -a

looks like this afterwards

Jan 25 23:09:48 hostname syslog: /usr/sbin/ifconfig -a

The problem is, that AIX adds this string by default, but ultimately this corrupts the hostname from the default format. A configuration to tackle the problem will look like this:

module(load=" imuxsock")
module(load="imtcp")
$modload pmaixforwardedfrom

$ruleset stripaix
$rulesetcreatemainqueue on
$rulesetparser rsyslog.aixforwardedfrom
$rulesetparser rsyslog.rfc5424
$rulesetparser rsyslog.rfc3164
*.* /var/log/aixlog

$ruleset RSYSLOG_DefaultRuleset

input(type="imtcp"
        port="514"
        ruleset="stripaix"
)

Please note, that we need to mix up config styles in this case. The new RainerScript config style cannot be applied for the entire configuration here.

Basically, we need a ruleset and bind a listener to the ruleset. The listener can be configured with RainerScript. The ruleset needs legacy parameters. In this ruleset, we first configure the additional parser, followed by the default parsers. As a final step, we write everything to a file.

It is strongly suggested to have a specific listener and ruleset for AIX log mesages.

More information about parser modules can be found here:
Doc – Rulesetparser
Doc – Messageparser

Writing RSysLog Plugins in 2 Minutes

By Adiscon SupportPosted on January 31, 2014Posted in News, Top NewsTagged plugins, rsyslog

Need to connect RSysLog to some destination for which no plugin yet exists? Do you know a little bit of scripting or programming? Than this presentation is for you. It’s fast-path to writing rsyslog plugins very, very quickly.

Writing rsyslog Plugins in 2 Minutes from Rainer Gerhards