rsyslog 6.3.8 (v6-devel)
Download file name: rsyslog 6.3.8 (devel)
rsyslog 6.3.8 (devel)
md5sum: c4a38c6af19a8a902a2fc2806cf296e2
Author: Rainer Gerhards (rgerhards@adiscon.com)
Version: 6.3.8 File size: 2.518 MB
Changelog for 6.3.8 (v6-devel)
Version 6.3.8 [DEVEL] 2012-04-16
- added $PStatJSON directive to permit stats records in JSON format
- added “date-unixtimestamp” property replacer option to format as a unix timestamp (seconds since epoch)
- added “json” property replacer option to support JSON encoding on a per-property basis
- added omhiredis (contributed module)
- added mmjsonparse to support recognizing and parsing JSON enhanced syslog messages
- upgraded more plugins to support the new v6 config format:
– ommysql
– omlibdbi
– omsnmp - added configuration directives to customize queue light delay marks $MainMsgQueueLightDelayMark, $ActionQueueLightDelayMark; both specify number of messages starting at which a delay happens.
- added message property parsesuccess to indicate if the last run higher-level parser could successfully parse the message or not (see property replacer html doc for details)
- bugfix: abort during startup when rsyslog.conf v6+ format was used in a certain way
- bugfix: property $!all-json made rsyslog abort if no normalized data was available
- bugfix: memory leak in array passing output module mode
- added configuration directives to customize queue light delay marks permit size modifiers (k,m,g,…) in integer config parameters
Thanks to Jo Rhett for the suggestion. - bugfix: hostname was not requeried on HUP
Thanks to Per Jessen for reporting this bug and Marius Tomaschewski for his help in testing the fix. - bugfix: imklog invalidly computed facility and severity
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=313 - added configuration directive to disable octet-counted framing for imtcp, directive is $InputTCPServerSupportOctetCountedFraming for imptcp, directive is $InputPTCPServerSupportOctetCountedFraming
- added capability to use a local interface IP address as fromhost-ip for locally originating messages. New directive $LocalHostIPIF
rsyslog 5.9.6 (v5-beta) released
This is the first beta version of the 5.9 rsyslog branch. It primarily contains bug fixes and some enhancements over 5.9.5. Most important ones are support for inotify in imfile as well as additional statistics counters. Note that 5.9.5 was made available in January 2012 and did not receive many bug reports. So we plan to put 5.9.6 on an expedited beta track, which hopefully will lead soon to a new v5-stable. As such, testing and feedback is most appreciated.
ChangeLog:
http://www.rsyslog.com/changelog-for-5-9-6-v5-beta/
Download:
http://www.rsyslog.com/rsyslog-5-9-6-beta/
As always, feedback is appreciated.
Best regards,
Florian Riedl
rsyslog 5.9.6 (beta)
Download file name: rsyslog 5.9.6 (beta)
rsyslog 5.9.6 (beta)
md5sum: 9a42c5ecb0338564011713cbc42c0faf
Author: Rainer Gerhards (rgerhards@adiscon.com)
Version: 5.9.6 File size: 2.395 MB
Changelog for 5.9.6 (v5-beta)
Version 5.9.6 [V5-BETA], 2012-04-12
- added configuration directives to customize queue light delay marks
- permit size modifiers (k,m,g,…) in integer config parameters
Thanks to Jo Rhett for the suggestion. - bugfix: hostname was not requeried on HUP
Thanks to Per Jessen for reporting this bug and Marius Tomaschewski for his help in testing the fix. - bugfix: imklog invalidly computed facility and severity
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=313 - added configuration directive to disable octet-counted framing for imtcp, directive is $InputTCPServerSupportOctetCountedFraming for imptcp, directive is $InputPTCPServerSupportOctetCountedFraming
- added capability to use a local interface IP address as fromhost-ip for locally originating messages. New directive $LocalHostIPIF
rsyslog 5.8.10 (v5-stable) released
This is primarily a bugfixing release. There were some segfaults in conjunction with $ActionQueueFileName and when the disk-queue was started with a old queue file. Our thanks go to Tomas Heinrich for the Patches. In addition there was a memory leak that has also been fixed.
ChangeLog:
http://www.rsyslog.com/changelog-for-5-8-10-v5-stable/
Download:
http://www.rsyslog.com/rsyslog-5-8-10-v5-stable/
As always, feedback is appreciated.
Best regards,
Florian Riedl
Changelog for 5.8.10 (v5-stable)
Version 5.8.10 [V5-stable] 2012-04-05
- bugfix: segfault on startup if $actionqueuefilename was missing for disk queue config
Thanks to Tomas Heinrich for the patch. - bugfix: segfault if disk-queue was started up with old queue file
Thanks to Tomas Heinrich for the patch. - bugfix: memory leak in array passing output module mode
rsyslog 5.8.10 (v5-stable)
Download file name: rsyslog 5.8.10 (stable)
rsyslog 5.8.10 (stable)
md5sum: 485303281a71db1c8bf25234797ea171
Author: Rainer Gerhards (rgerhards@adiscon.com)
Version: 5.8.10 File size: 2.391 MB
How to bind a template
This little FAQ describe how to bind a template.
First with the new template format “list” and then with the old “legacy” format.
First off all you have to define a template for example for specify output.
Here is an example template in the list format:
template(name=”FileFormat” type=”list”) {
property(name=”timestamp” dateFormat=”rfc3339″)
constant(value=” “)
property(name=”hostname”)
constant(value=” “)
property(name=”syslogtag”)
constant(value=” “)
property(name=”msg” spifno1stsp=”on” )
property(name=”msg” droplastlf=”on” )
constant(value=”\n”)
}
Then you have to bind the template to an action. You do this via the “template” parameter.
action(… template=”name-of-template”)
Here is an example action with a example-template:
*.* action(type=”omfile” file=”/var/log/all-messages.log” template=”Name-of-your-template”)
In the configuration it should looks like this:
template(name=”FileFormat” type=”list”) {
property(name=”timestamp” dateFormat=”rfc3339″)
constant(value=” “)
property(name=”hostname”)
constant(value=” “)
property(name=”syslogtag”)
constant(value=” “)
property(name=”msg” spifno1stsp=”on” )
property(name=”msg” droplastlf=”on” )
constant(value=”\n”)
}
action(type=”omfile” file=”/var/log/all-msgs.log” template=”FileFormat”)
Here is an example for obsolete legacy format
Here is an example template in the legacy format:
$template ExampleFormat,”%timereported:::date-rfc3339% %HOSTNAME% %msg%”
Here is an example action with a example-template:
*.* /var/log/all-messages.log;Your-Template-Name
In the Configuration it looks like this:
$template ExampleFormat,”%timereported:::date-rfc3339% %HOSTNAME% %msg%”
*.* /var/log/all-messages.log;ExampleFormat
Note that it is advised NOT to use obsolete legacy format for anything complex. Assigning templates is at the border of being not recommended.
Action’s with directives
This snippet will show, how Action directives need to be applied to work properly. We will show it with the RELP output module. RELP should ensure a safe and loss-free transmission between two machines. But if not configured properly, messages may get lost anyway. This is mainly meant for any client side configuration.
First of all you have to enable the RELP module.
To load the module use this:
$ModLoad omrelp
To make sure, messages will not get dropped in the event the receiver is not available, we basically need the following directives. Additionaly, the queued messages should get saved to the harddrive if the client service needs to shut down. It is followed by a forwarding action via RELP to our remote server.
$ActionQueueType LinkedList # use asynchronous processing
$ActionQueueFileName srvrfwd # set file name, also enables disk mode
$ActionResumeRetryCount -1 # infinite retries on insert failure
$ActionQueueSaveOnShutdown on # save in-memory data if rsyslog shuts down
*.* :omrelp:192.168.152.2:20514
Attention: The directives are only valid for the next configured action! So you have to set the directives each time you use a new action.
Here is an example with two actions.
#first action
$ActionQueueType LinkedList # use asynchronous processing
$ActionQueueFileName srvrfwd # set file name, also enables disk mode
$ActionResumeRetryCount -1 # infinite retries on insert failure
$ActionQueueSaveOnShutdown on # save in-memory data if rsyslog shuts down
:syslogtag, isequal, “app1” :omrelp:192.168.152.2:20514#second action
$ActionQueueType LinkedList # use asynchronous processing
$ActionQueueFileName srvrfwd # set file name, also enables disk mode
$ActionResumeRetryCount -1 # infinite retries on insert failure
$ActionQueueSaveOnShutdown on # save in-memory data if rsyslog shuts down
:syslogtag, isequal, “app2” :omrelp:192.168.152.3:20514
As you can see, we have the whole block of directives mulitple times. But this time, we filter the message for the syslogtag and have the diffenrently tagged messages sent to different receivers. Now if the receiver is not available, sending the messages will be retried until it is back up again. If the local rsyslog needs to shut down, all queued messages get written to disk without being lost.