rsyslog

High-performance log ingestion and ETL engine

rsyslog

High-performance log ingestion and ETL engine

Changelog for 7.5.1 (v7-devel)

Adiscon SupportChangelog, , , , , , , , , ,

Version 7.5.1 [devel] 2013-06-26

  • librelp 1.1.3 is required – older versions can lead to a segfault
  • add mmfields, which among others supports easy parsing of CEF messages
  • omrelp:
    * new parameter “compression.prioritystring” to control encryption parameters used by GnuTLS
  • imrelp:
    * new parameter “compression.dhbits” to control the number of bits being used for Diffie-Hellman key generation
    * new parameter “compression.prioritystring” to control encryption parameters used by GnuTLS
    * support for impstats added
    * support for setting permitted peers (client authentication) added
    * bugfix: potential segfault at startup on invalid config parameters
  • imjournal: imported patches from 7.4.1
  • omprog: add support for command line parameters
  • added experimental TCP stream compression (imptcp only, currently)
  • added BSD-specific syslog facilities
    * “console”
    * “bsd_security” – this is called “security” under BSD, but that name was unfortunately already taken by some standard facility. So I did the (hopefully) second-best thing and renamed it a little.
  • imported fixes from 7.4.2 (especially build problems on FreeBSD)
  • bugfix: imptcp did not properly initialize compression status variable could lead to segfault if stream:always compression mode was selected

librelp 1.1.2

Rainer Gerhardsannouncement, ,

librelp 1.1.2 [download]

This release most importantly includes certificate-based mutual peer authentication in TLS mode. It also provides finer-grained control over the GnuTLS settings by permitting to directly specify the so-called “priority string”. With this string, important details like ciphers to be supported can be specified. To implement these features, a number of API extensions was done.

Version 1.1.2 – 2013-06-24
– add capability to specify the GnuTLS priority string
This gives callers complete control over crypto parameters, like
ciphers to use.
– add certificate-based authentication
– add capability to specify number of Diffie-Hellman bits to use
– API extension: relpSrvSetDHBits, relpSrvSetGnuTLSPriString,
relpSrvSetGnuTLSPriString, relpCltSetGnuTLSPriString
relpEngineSetOnAuthErr, relpCltSetUsrPtr,
relpSrvSetAuthMode, relpCltSetAuthMode
sha256: ed8701a0ed07c8c65d3375fd4356f9caa92e937433f2562a4eee94226f381618

rsyslog 7.4.1 (v7-stable) released

Adiscon SupportNews, Release Announcement, , , , ,

This is a maintenance release, consisting primarily of bug fixes. Note that imjournal was extended to support rate-limiting, as this is needed as a safeguard for problems in systemd journal which in turn caused grief to rsyslog. See Rainer’s blog posting for more details:

http://blog.gerhards.net/2013/06/systemd-journal-causes-loop-in-imjournal.html

ChangeLog:

http://www.rsyslog.com/changelog-for-7-4-1-v7-stable/

Download:

http://www.rsyslog.com/rsyslog-7-4-1-v7-stable/

As always, feedback is appreciated.

Best regards,
Florian Riedl

Changelog for 7.4.1 (v7-stable)

Adiscon SupportChangelog, , , , , ,

Version 7.4.1  [v7.4-stable] 2013-06-17

  • imjournal: add ratelimiting capability
    The original imjournal code did not support ratelimiting at all. We now have our own ratelimiter. This can mitigate against journal database corruption, when the journal re-sends old data. This is a current bug in systemd journal, but we won’t outrule this to happen in the future again. So it is better to have a safeguard in place. By default, we permit 20,000 messages witin 10 minutes. This may be a bit restrictive, but given the risk potential it seems reasonable.
    Users requiring larger traffic flows can always adjust the value.
  • bugfix: potential loop in rate limiting
    if the message that tells about rate-limiting gets rate-limited itself, it will potentially create and endless loop
  • bugfix: potential segfault in imjournal if journal DB is corrupted
  • bugfix: prevent a segfault in imjournal if state file is not defined
  • bugfix imzmq3: potential segfault on startup
    if no problem happend at startup, everything went fine
    Thanks to Hongfei Cheng and Brian Knox for the patch

recent librelp development

Rainer Gerhardsbackground,

I thought I share some news on what I have been busy with and intend to be in the future. In the past days, I have added more config options to librelp, which now supports GnuTLS compression methods as well as provides the ability to set the Diffie-Hellman key strength (number of bits) and – for experts – to set the GnuTLS priorities, which select the cipher methods and other important aspects of TLS handling.

This is done now and I also added rsyslog facilities to use these new features. Some of this stuff is not yet released, but will soon be.

The next big step is preventing man-in-the-middle attacks. I will most probably use SSH-type fingerprint authentication, so that no full PKI is necessary to make this work. I guess implementing this feature set will probably take a couple of days and will keep you posted on how things progress.

(cross-posted from Rainer’s blog)

rsyslog 7.5.0 (v7-devel) released

Adiscon SupportNews, Release Announcement, , , , , , , ,

This release opens the new 7.5 development branch. Most importantly, this version provides TLS protection for RELP (note that librelp 1.1.1 is required).

More information can be found in this blogpost: http://blog.gerhards.net/2013/06/new-rsyslog-devel-branch-75.html

ChangeLog:

http://www.rsyslog.com/changelog-for-7-5-0-v7-devel/

Download:

http://www.rsyslog.com/rsyslog-7-5-0-v7-devel/

As always, feedback is appreciated.

Best regards,
Florian Riedl

Scroll to top