librelp 1.2.2
librelp 1.2.2 [download]
New Feature release, but new feature does not affect stability of existing features.
Version 1.2.2 – 2014-01-07
– add capability to enable tcp KEEPALIVE
– introduced new API relpSrvSetKeepAlive() to support KEEPALIVE
sha256sum: f02778d9661c4746be9c16338991e99a482e4a0018f2220e7d9da18791265f48
Error message when verifying signed logs
rsyslog provides the ability to sign logs through GuardTime. You can verify the logs with a provided tool called rsgtutil. We have identified two reasons why the signing process could fail and thus verifying the log signature is not possible.
Note on legacy API: The old API libgt would create files with the endings .gtsig and .gtstate. These are different from the current and recommended API libksi.
When signing logs with rsyslog and GuardTime, three files will be created.
logfile # holds the log messages logfile.ksisig # holds the hash chain data logfile.ksistate # holds GuardTime signature hash
When verifying the logs through rsgtutil, the .ksistate file is needed because it holds the signature hash from GuardTime. Without this file, verification is not possible. Now there are two reasons why this file might not be present and thus a verification fails with:
# ./rsgtutil --verify --show-verified /var/log/logfile error 1 (i/o error) processing file /var/log/logfile
1. rsyslog is still running
The .ksistate file is created when shutting down rsyslog. At shutdown, a signature request will be sent to GuardTime and will then be returned with the signature hash, which will be stored into this file. If rsyslog is still running, the file will not be created, resulting in an unsuccesful verification.
Even if the .ksistate file is present, it might not be current. So please make sure to stop rsyslog before trying to verify the logs.
2. Timeout on shutdown
On Ubuntu we had the problem, that upstart automatically kills the process after 5 seconds if the SIGTERM signal wasn’t fully executed until then. We now realized, that requesting the signature through GuardTime can take some time, depending on the system, thus exceeding the 5 second timeout and rsyslog getting killed before writing the .ksistate file. Again this resulted in unverifyable logs. This is also a problem for other parts of rsyslog (e.g. DA queues not being completely written to disk).
Upon changing the timeout value in the upstart script for rsyslog, we could circumvent the default timeout and rsyslog could fully complete the signature request and write the .ksistate file. This is at least valid for Ubuntu and may also be valid for other distributions.
To change the timeout go to this file:
/etc/init/rsyslog.conf
Now add
kill timeout 30
right after
expect fork
This should result in the following:
description “system logging daemon”
start on filesystem
stop on runlevel [06]expect fork
kill timeout 30
respawnpre-start script
/lib/init/apparmor-profile-load usr.sbin.rsyslogd
end scriptscript
. /etc/default/rsyslog
exec rsyslogd $RSYSLOGD_OPTIONS
end script
With the upstart script changed like this, rsyslog should not suffer from a too strict shutdown timeout and thus being able to complete the shutdown successfully. This change will also go in the startup and upstart scripts of the upcoming RPMs and Repo’s.
Side note
In the current versions, rsgtutil gives out a inappropriate error message. It currently states it is an I/O error. In reality it is an EOF error. In the upcoming versions (7.4.8, 7.5.8 and 8.1.4) this will be fixed.
How to Contribute to rsyslog?
Rsyslog is a real open source project and open to contributions. By contributing, you help improve the state of logging as well as improve your own professional profile. Contributing is easy, and there are options for everyone – you don’t need to be developer.
These are many ways to contribute to the project:
- become a rsyslog ambassador and let other people know about rsyslog and how to utilize it for best results. Help rsyslog getting backlinks, be present on Internet news sites or at meetings you attend.
- help others by offering support on
- help with the documentation; you can either contribute
- to the rsyslog doc inside the project git
- to the rsyslog project web site — just ask us for account creation
- on the rsyslog wiki
- become a bug-hunter and help with testing rsyslog development releases
- help driving the rsyslog infrastructure with its web sites, wiki’s and the like
- help creating packages
- or, obviously, help with rsyslog code development
This list is not conclusive. There for sure are many more ways to contribute and if you find one, just let us know. We are very open to new suggestions and like to try out new things.
We have also some more in-depth information on specific contribution topics available and more is upcoming. Right now, dig down into
Again, your contribution is highly appreciated, and very rewarding. Participate in the open source movement!
Contribution Policy
Rsyslog is very open to contributions and they are highly appreciated. Basically, we accept any contribution that can potentially be of use for the rsyslog community. Documentation and code contributions are especially welcome. A successful contribution should
- come under the Apache Software License (ASL) 2.0; much of rsyslog’s code already has been converted to this license, but not everything yet. So please make sure you feel OK with ASL 2.0. We generally do not like GPL contributions any longer, as this causes trouble with the long-term goal of changing to ASL.
- provide a bugfix or feature that is -at least potentially- of general interest. If it’s really just for you and so specific that nobody else will ever want it, chances are a bit lower we’ll merge (except, of course, if it is an interesting PoC).
- a bit of documentation for new features or modules would be immensely useful. While we usually merge even without that, this actually means nobody will ever know about that particular new feature (we are way behind with doing our own doc, don’t expect us to document any other work ;)).
- do not break upward compatibility; if you really need to, discuss this on the rsyslog mailing list first
- do not unnecessarily duplicate a module; while we tend to accept such contributions, the process can take much longer as we will try to merge the functionality into the alread existing module
- if you contribute a new module with some non-standard tools, do not expect that we actually try the module out. We’ll usually merge it, but will flag it as non-project-supported and name the original author as contact points. Omoracle is one example. Don’t be put off contributing such a module — they can be immensly useful to the community, we just can’t work on all of them. If things become popular, we may involve ourselfs into it (ommongodb is an example for that).
- doc contributions should not be primarily promotional for some third party. If you contribute something you have originally written for another party, it’s usualy fine to include a “orignaly appeared on” backlink, but that should be sufficient.
As usual, these are just some general rules, and most of them common knowledge in any case. In simple words it’s very hard to find a reason NOT to merge a serious contribtion.
Where to find the rsyslog source code
Rsyslog’s source is kept in git repositories. Git is a system designed to support flexible de-centralized collaboration. The rsyslog project currently provides two official repositories. These are equal peers, pick the one that you prefer to work with.
By popular request, rsyslog is available on github. We do not provide further instructions as github users already know how to work with that site (and if you don’t, be told that they have great tutorials).
We also keep a repository on Adiscon’s git server. This may also contain some arcane branches not of popular interest (like custom builds and such). You can clone this repository either via http or git protocol (with the later being much faster). URLS are:
- git://git.adiscon.com/git/rsyslog.git
- http://git.adiscon.com/git/rsyslog.git
There is also a browsable version (gitweb) available at http://git.adiscon.com/?p=rsyslog.git;a=summary. This version also offers snapshots of each commit for easy download. You can use these if you do not have git present on your system.
rsyslog 7.4.7 (v7-stable) released
We have just released 7.4.7 of the v7-stable branch. This is a bug-fixing release. Most importantly it fixes a bug that can lead to Continue reading “rsyslog 7.4.7 (v7-stable) released”
Changelog for 7.4.7 (v7-stable)
Version 7.4.7 [v7.4-stable] 2013-12-10
- bugfix: limiting queue disk space did not work properly
- queue.maxdiskspace actually initializes queue.maxfilesize
- total size of queue files was not checked against queue.maxdiskspace for disk assisted queues.
Thanks to Karol Jurak for the patch.
- bugfix: linux kernel-like ratelimiter did not work properly with all inputs (for example, it did not work with imdup). The reason was that the PRI value was used, but that needed parsing of the message, which was done too late.
- bugfix: disk queues created files in wrong working directory if the $WorkDirectory was changed multiple times, all queues only used the last value set.
- bugfix: legacy directive $ActionQueueWorkerThreads was not honored
- bugfix: segfault on startup when certain script constructs are used
e.g. “if not $msg …” - bugfix: imuxsock: UseSysTimeStamp config parameter did not work correctly
Thanks to Tomas Heinrich for alerting us and provinding a solution suggestion. - bugfix: $SystemLogUseSysTimeStamp/$
SystemLogUsePIDFromSystem did not work
Thanks to Tomas Heinrich for the patch. - improved checking of queue config parameters on startup
- bugfix: call to ruleset with async queue did not use the queue
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=443 - bugfix: if imtcp is loaded and no listeners are configured (which is uncommon), rsyslog crashes during shutdown.
RSyslog Windows Agent 2.1 Released
Adiscon is proud to announce the 2.1 release of RSyslog Windows Agent.
This new minor release contains some new features Continue reading “RSyslog Windows Agent 2.1 Released”
rsyslog 8.1.3 (v8-devel) released
We have just released 8.1.3 of the v8-devel branch.
Note that this release can be considered a “normal” devel version, with moderate risk associated to it. Experience in the past weeks suggest so. Special thanks to Pavel Levshin for all his work and tests. Still note that there is a considerably higher risk running the devel version than the stable one.
ChangeLog:
http://www.rsyslog.com/changelog-for-8-1-3-v8-devel/
Download:
http://www.rsyslog.com/rsyslog-8-1-3-v8-devel/
Feedback is *very much* appreciated.
Best regards,
Florian Riedl
Changelog for 8.1.3 (v8-devel)
Version 8.1.3 [devel] 2013-12-06
THIS VERSION CAN BE CONSIDERED A “NORMAL” DEVEL RELEASE. It’s no longer
highly experimental. This assertion is based on real-world feedback.
- changes to the strgen module interface
- new output module interface for transactional modules
- performance improvements
- reduced number of malloc/frees due to further changes to the output module interface
- reduced number of malloc/frees during string template processing
We now re-use once allocated string template memory for as long as the worker thread exists. This saves us from doing new memory allocs (and their free counterpart) when the next message is processed. The drawback is that the cache always is the size of the so-far largest message processed. This is not considered a problem, as in any case a single messages’ memory footprint should be far lower than that of a whole set of messages (especially on busy servers). - used variable qualifiers (const, __restrict__) to hopefully help the compiler generate somewhat faster code
- failed action detection more precisely for a number of actions
If an action uses string parameter passing but is non-transactional it can be executed immediately, giving a quicker indicatio of action failure. - bugfix: limiting queue disk space did not work properly
- queue.maxdiskspace actually initializes queue.maxfilesize
- total size of queue files was not checked against queue.maxdiskspace for disk assisted queues.
Thanks to Karol Jurak for the patch.