rsyslog

The rocket-fast system for log processing

Changelog for 6.5.1 (v6-beta)

By adisconteamPosted on Posted in ChangelogTagged , , , , , , , , , , , , , ,

Version 6.5.1 [BETA] 2012-10-11

  • added tool “logctl” to handle lumberjack logs in MongoDB
  • imfile ported to new v6 config interface
  • imfile now supports config parameter for maximum number of submits
    which is a fine-tuning parameter in regard to input baching
  • added pure JSON output plugin parameter passing mode
  • ommongodb now supports templates
  • bugfix: imtcp could abort on exit due to invalid free()
  • bugfix: remove invalid socket option call from imuxsock
    Thanks to Cristian Ionescu-Idbohrn and Jonny Törnbom
  • bugfix: missing support for escape sequences in RainerScript
    only \’ was supported. Now the usual set is supported. Note that v5
    used \x as escape where x was any character (e.g. “\n” meant “n” and NOT
    LF). This also means there is some incompatibility to v5 for well-know
    sequences. Better break it now than later.
  • bugfix: small memory leaks in template() statements
    these were one-time memory leaks during startup, so they did NOT grow
    during runtime
  • bugfix: config validation run did not always return correct return state
  • bugfix: config errors did not always cause statement to fail
    This could lead to startup with invalid parameters.

rsyslog 6.5.1 (v6-beta) released

By adisconteamPosted on Posted in News, Release AnnouncementTagged , , , , , , , , , , , , ,

This is the new v6-beta, which includes the full v6-subset of the new config language as well as somewhat improved support for lumberjack/CEE. This version concludes development efforts for v6.

Note that it is recommended to use v7 if you do not have any special need for v6.

ChangeLog:

http://www.rsyslog.com/changelog-for-6-5-1-v6-beta/

Download:

http://www.rsyslog.com/rsyslog-6-5-1-beta/

As always, feedback is appreciated.

Best regards,
Tim Eifler

Main Advantages of rsyslog v7 vs. v5

By Adiscon SupportPosted on Posted in News, Top NewsTagged , , , , , , , , , ,

Why rsyslog V7:

  • greatly improved configuration language – the new language is much more intuitive than the legacy format. It will also prevent some typical mistakes simply by not permitting these invalid constructs. Note that legacy format is still fully supported (and you can of course do the same mistakes if you use legacy format).
  • greatly improved execution engine – with nested if/then/else constructs as well as the capability to modify variables during processing.
  • full support for structured logging and project lumberjack / CEE – this includes everything from being able to create, interpret and handle JSON-based structured log messages, including the ability to normalize legacy text log messages.
  • more plugins – like support for MongoDB, HDFS, and ElasticSearch as well as for the kernel’s new structured logging system.
  • higher performance – many optimizations all over the code, like 5 to 10 times faster execution time for script-based filters, enhanced multithreaded TCP input plugin, DNS cache and many more.

Of course, there are many more improvements. This list contains just the most important ones. For full details, check the file ChangeLog.

How to use rsyslog and MongoDB

By Adiscon SupportPosted on Posted in FAQTagged , ,

rsyslog is since version 6.1.3 capable of using a output module called “ommongodb” to write log messages to mongodb. To achieve this, several packages are needed:

mongodb
mongodb-server
php-pecl-mongo
libmongo-client
libglib2.0-dev

These and of course rsyslog are needed. The packages are easily installed via a package manager. And the installation steps for rsyslog are the usual ones. Except for the “Configure”. Please make sure to include “–enable-ommongodb“. And the other features you plan to use of course.

./configure --libdir=/usr/lib --sbindir=/usr/sbin --enable-ommongodb
make
make install

After this, you need to make some adjustments to the rsyslog.conf. You need to load the module of course and configure an action:

module (load="ommongodb")
*.* action(type="ommongodb" server="127.0.0.1")

In this case we send everything to the local MongoDB server. With the default settings, this should work directly. No username or password is needed if it isn’t configured in MongoDB. And the “db” and “collection” will automatically be created. The default database that rsyslog will use is “syslog” and the default name for the collection is “log“. These can be changed by various parameters.

To review what is written to the database, simply open a command line and enter “mongo“. This is to open the MongoDB Shell. You now need to change the database that is used with

use syslog

That way all further commands will be used on the database that rsyslog uses. Next we let the shell show us the entries:

db.log.find()

Please make sure to use the exact command. Of course there are a lot of other commands that you may find useful. Or information on how to secure the database. Please refer to the MongoDB documentation for that.

Changelog for 7.3.0 (v7-devel)

By adisconteamPosted on Posted in ChangelogTagged , , , ,

Version 7.3.0 [devel] 2012-10-09

  • omlibdbi improvements, added
    • support for config load phases & module() parameters
    • support for default templates
    • driverdirectory is now cleanly a global parameter, but can no longer be specified as an action paramter. Note that in previous versions this parameter was ignored in all but the first action definition
  • improved omfile zip writer to increase compression This was achieved by somewhat reducing the robustness of the zip archive. This is controlled by the new action parameter “VeryReliableZip”.
Scroll to top