rsyslog

The rocket-fast system for log processing pipelines

BSD-Style blocks will go away in rsyslog v7

By Rainer GerhardsPosted on Posted in FAQTagged , , ,

Rsyslog supports BSD-style blocks since ages. They were a pretty handy tool to group actions together that should act only on remote hosts or log messages from specific programs. However, the v7 config system with its full nesting capabilities provides a much better – and easy to use – way to specify this. If both systems are mixed, the problem is that BSD-style blocks can be used to violate the nesting structure (examples below). Also, support for them adds a lot to rule engine code complexity. And finally, they are also very seldom used, few users even know they exist.

As a result, I have decided to drop support for BSD-style blocks in rsyslog v7 and above. A poll on the mailing list a week ago did not make anybody speak up against that change. So I assume none is hurt. This is especially the case as the conversion of BSD-style blocks to nested config is a very easy one.

Let’s look at this example:

!prog1
 *.* /var/log/prog1.log
 *.* /var/log/prog1again.log
 !prog2
 *.* /var/log/prog2.log
 *.* /var/log/prog2again.log
This code can very simply be replaced by:
 if $programname == 'prog1' then {
   /var/log/prog1.log
   /var/log/prog1again.log
}
if $programname == 'prog2' then {
   /var/log/prog2.log
   /var/log/prog2again.log
}

And if you prefer the more powerful action statments (probably not so much benefit for this use case…), you can write:

if $programname == 'prog1' then {
   action(type="omfile" file="/var/log/prog1.log")
   action(type="omfile" file="/var/log/prog1again.log")
}
if $programname == 'prog2' then {
   action(type="omfile" file="/var/log/prog2.log")
   action(type="omfile" file="/var/log/prog2again.log")
}

I expect that usually these easy cases happen. HOWEVER, if I had kept support for BSD-style blocks, one could configure things like this:

!prog1
if $msg contains 'test' then  {
                action(type="omfile" file="/var/log/somefile")
                !prog2
                mail.* :mmjsonparse:
                               & action(type="omfile" file="/var/log/somefile2")
                !prog3
                               & ~
                !prog4
                if $msg contains 'test2' then
                               /var/log/logfile
                else
                               /var/log/logfile2
}

Can you make out the actual nesting structure of this config? When, for example, programname needs to be “prog3” and what happens then? IMHO this combination can cause considerable user confusion and frustration. As such, I made a sharp cut and removed it.

My apologies for those that need to do the manual conversion. I am sure the time is well-invested in the long term.

rsyslog 7.1.0 (v7-devel) released

By Adiscon SupportPosted on Posted in News, Release AnnouncementTagged , , , , , , , ,

This release kicks off rsyslog v7. Version 7.1.0 is very similar to v6-devel, except that it contains the important capability to work with hierarchical properties. Note that this version does not yet contain the new ruleengine work – this will be part of the next v7 release. This release is primarily intended for those interested in working with the hierarchical properties. Note that the code obviously is currently in a somewhat experimental state.

ChangeLog:

http://www.rsyslog.com/changelog-for-7-1-0-v7-devel/

Download:

http://www.rsyslog.com/rsyslog-7-1-0-v7-devel/

As always, feedback is appreciated.

Best regards,
Florian Riedl

rsyslog 6.4.1 (v6-stable) released

By Adiscon SupportPosted on Posted in News, Release AnnouncementTagged , , , , ,

We have just released 6.4.1 of the v6-stable branch. This is primarily a maintenance release. It includes several bugfixes for using JSON, if you are using multiple main queues and many more. More details can be found in the ChangeLog.

ChangeLog:

http://www.rsyslog.com/changelog-for-6-4-1-v6-stable/

Download:

http://www.rsyslog.com/rsyslog-6-4-1-v6-stable/

As always, feedback is appreciated.

Best regards,
Florian Riedl

Rsyslog Windows Agent 1.1 Released

By Adiscon SupportPosted on Posted in News, Release AnnouncementTagged , , ,

Adiscon is proud to announce the 1.1 release of RSyslog Windows Agent. This is a minor release. This release contains new feature as well as a bugfix for the SNMP Trap Receiver. For more details read the Changelog. Build-IDs: Service 1.1.105, Client 1.1.119

Features

  • Write File Action: Added new Option “Clear logfile instead of deleting (File will be reused)” used along with circular logging. When this option is enabled, Files are truncated instead of being deleted and recreated.

Bugfixes

  • SNMP Trap Receiver: Fixed missing source property for received SNMPv1 traps. This Bug was introduced in 8.0 due the IPv6 changes.

Version 1.1 is a free download. Customers with existing 1.x keys can contact our Sales department for upgrade prices. If you have a valid Upgrade Insurance ID, you can request a free new key by sending your Upgrade Insurance ID to sales@adiscon.com. Please note that the download enables the free 30-day trial version if used without a key – so you can right now go ahead and evaluate it.

rsyslog 6.5.0 (v6-devel) released

By Adiscon SupportPosted on Posted in News, Release AnnouncementTagged , , , , , ,

This is an important new release of the rsyslog v6 devel branch. This release contains bugfixes, as well as new features. The most important one might be the possibility to use the config format for templates.. Please note that part of the feature set is still experimental and might be unstable. ;)

ChangeLog:

http://www.rsyslog.com/changelog-for-6-5-0-v6-devel/

Download:

http://www.rsyslog.com/rsyslog-6-5-0-v6-devel/

As always, feedback is appreciated.

Best regards,
Florian Riedl

Changelog for 6.5.0 (v6-devel)

By Adiscon SupportPosted on Posted in ChangelogTagged , , , , , , , ,

Version 6.5.0  [devel] 2012-08-28

  • imrelp now supports non-cancel thread termination
    (but now requires at least librelp 1.0.1)
  • implemented freeCnf() module interface
    This was actually not present in older versions, even though some modules already used it. The implementation was now done, and not in 6.3/6.4 because the resulting memory leak was ultra-slim and the new interface handling has some potential to seriously break things. Not the kind of thing you want to add in late beta state, if avoidable.
  • added –enable-debugless configure option for very high demanding envs
    This actually at compile time disables a lot of debug code, resulting in some speedup (but serious loss of debugging capabilities)
  • added new 0mq plugins (via czmq lib)
    Thanks to David Kelly for contributing these modules
  • bugfix: omhdfs did no longer compile
  • bugfix: SystemLogSocketAnnotate did not work correctly
    Thanks to Miloslav Trmač for the patch
  • $SystemLogParseTrusted config file option
    Thanks to Milan Bartos for the patch
  • added template config directive
  • added new uuid message property
    Thanks to Jérôme Renard for the idea and patches.
    Note: patches were released under ASL 2.0, see
    http://bugzilla.adiscon.com/show_bug.cgi?id=353

RPM’s available for RHEL/Centos

By alorbachPosted on Posted in News, Release Announcement

We are proud to announce our own RSyslog RPM section for RSyslog. These RPM’s are based on the latest SPEC files from Fedora 17 (initial created by Peter Vrabec).  For the first time, there are RPM Packages for RSyslog 6 as well. Please keep in mind that these packages are labeled as experimential.

Go to the RPM Download Section

We would appriciate your feedback, thanks!

best regards,
Andre Lorbach

Scroll to top