LibLogging 1.0.8 released
liblogging 1.0.8 [download]
We have released liblogging 1.0.8.
This is a bugfixing release to make the build compatible with newer compilers again.
sha256sum: 6449b7bb75dc282ec6bf1b98a753c950746ea5b190ec9aee097881e4dc5c4bf1
rsyslog 8.2512.0: network namespaces, omhttp enhancements and much more
We have released rsyslog 8.2512.0, the December scheduled-stable version. Scheduled-stable releases are bi-monthly snapshots of the daily-stable branch, providing predictable update points with the same functional content as daily-stable at the time of the snapshot.
This release contains three major highlights:
- Completion of the foundational Network Namespace implementation, developed by Billie Alsup.
- A major omhttp refactoring and feature upgrade, contributed by Adrien GANDARIAS, with substantial integration work on the PR.
- The newest contribution: significant mmsnareparse enhancements by André Lorbach (Adiscon), expanding and refining modern SNARE and Windows event parsing capabilities.
Documentation improvements continue across the tree. As always, rsyslog.com/doc documents the current codebase.
Continue reading “rsyslog 8.2512.0: network namespaces, omhttp enhancements and much more”rsyslog 8.2510.0 (2025.10) released
We have today released the 8.25100 rsyslog scheduled stable release. This release delivers three main themes: better Windows Security event ingestion, more flexible JSON handling end to end, and pragmatic compatibility fixes across popular outputs and platforms. It also includes steady documentation improvements and CI hardening.
Continue reading “rsyslog 8.2510.0 (2025.10) released”Modern Snare-Format Parsing Arrives: Introducing the mmsnareparse Module
Last September, Rainer Gerhards revisited a long-standing challenge: normalizing legacy Windows Snare logs for use in modern observability pipelines.
In his article Revisiting old style Windows Log Schema Mapping, he explored heuristic and AI-assisted methods to better handle these still-prevalent formats.
That effort has now resulted in production-ready code: the new mmsnareparse module — already part of the daily stable build and scheduled for inclusion in the 8.2510.0 stable release.
We’re looking for testers right now.
If your systems still forward Windows Security logs in Snare format, please deploy mmsnareparse and let us know how it performs in your environment.
Real-world feedback will directly shape future development.
Improved rsyslog Assistant available
We’ve rolled out an update to the rsyslog Assistant, our AI-powered helper for configuration, troubleshooting, and general support. The new release uses an optimized base prompt and updated documentation, leading to better accuracy in first tests.
Continue reading “Improved rsyslog Assistant available”rsyslog 8.2508.0 (2025.08) – release announcement
Download: https://www.rsyslog.com/files/download/rsyslog/rsyslog-8.2508.0.tar.gz
Project-provided packages are building now and are expected later today. Ubuntu PPAs are already done.
We are excited to ship a large and meaningful rsyslog release. This cycle advances our responsible “AI First” strategy and moves decisively toward cloud native operations. It also delivers major quality, security, and documentation improvements.
Continue reading “rsyslog 8.2508.0 (2025.08) – release announcement”Backticks in RainerScript just got smarter: ${VAR} and adjacent text now work
TL;DR
Backticks with echo in RainerScript now support brace-style environment variables (${VAR}) and adjacent text (e.g., `echo sasl.password=${KAFKA_PASSWORD}`). This removes a common pitfall when assembling key=value pairs for modules like omkafka. It’s still a limited, intentional subset—not a full shell. The change was motivated by real-world confusion reported in issue #5827. (GitHub)
Rsyslog Documentation Enters a New Era with AI-First Strategy
TL;DR: We are rolling out a major documentation overhaul for rsyslog, powered by an AI-first strategy. This is the next step after our 2024 announcement on documentation and AI. At that time, AI tools were not yet ready for large-scale improvements, but with recent advances, we’ve accelerated our work. The result: a much more accessible, modern, and maintainable documentation set.
RSyslog Windows Agent 8.1 Released
Release Date: 2025-07-16
Build-IDs: Service 8.1.0.232, Client 8.1.0.321
What to do when an External Script does not work?
When a script runs fine interactively but fails in the rsyslog context (i.e., when executed by a background process or as part of a service) it typically indicates differences between the interactive environment and the service environment. Most importantly, it is not rsyslog itself you need to look at. Check the system config and debug your script so that you can obtain maximum information on why and when it fails.
If you know exactly that rsyslog cannot start the script, check that it has sufficient permissions and that all pathes are correct (use absolute pathes!).
Besides that general advice, here are some common reasons why the problem can happen and suggestions for debugging:
Continue reading “What to do when an External Script does not work?”