The rocket-fast system for log processing

rsyslog 5.7.1 (v5-devel) released

Hi all,

We have just released rsyslog 5.7.0, the new v5-devel. This is a feature-enhancement release.

Rsyslog 5.7.1 offers two exciting areas of enhancement: For imuxsock, we introduced a couple of new features, including the ability to rate-limit the number of log messages a process can generate.The user can specify how many messages in which interval (e.g. 200 messages in 5 seconds) are considered acceptable. If this is exceeded, additional messages are dropped. Rate-limiting does not apply to high priority messages, where it is configurable what "high priority" is. Along the same lines, imuxsock can now obtain the process id from the kernel (via SCM_CREDENTIALS) and be reliably added/replaced in the syslog TAG. This makes sure each TAG contains the process id and contains the CORRECT process id (a malicious process can NOT fake it as it is rewritten by imuxsock). Special thanks to Lennart Poettering for suggesting these enhancements.

The second area of enhancement is support for Hadoop’s HDFS. There is a new module omhdfs which can be used to write data to the HDFS file system. This module was written from scratch and some of its concept’s may be introduced into omfile at a later stage (it contains a better file cache). Building omhdfs is a bit complicated due to Hadoop being written in Java. See omhdfs’ documentation for more details. Feedback and experiences from users is more than welcome! More information about Hadoop’s HDFS is available here.

Other than that, there are also some minor things and a bug fix which affects systems using systemd.



As always, feedback is appreciated.

Best regards,
Florian Riedl

One thought on “rsyslog 5.7.1 (v5-devel) released

Comments are closed.