rsyslog 8.2510.0 (2025.10) released
We have today released the 8.25100 rsyslog scheduled stable release. This release delivers three main themes: better Windows Security event ingestion, more flexible JSON handling end to end, and pragmatic compatibility fixes across popular outputs and platforms. It also includes steady documentation improvements and CI hardening.
Continue reading “rsyslog 8.2510.0 (2025.10) released”Modern Snare-Format Parsing Arrives: Introducing the mmsnareparse Module
Last September, Rainer Gerhards revisited a long-standing challenge: normalizing legacy Windows Snare logs for use in modern observability pipelines.
In his article Revisiting old style Windows Log Schema Mapping, he explored heuristic and AI-assisted methods to better handle these still-prevalent formats.
That effort has now resulted in production-ready code: the new mmsnareparse module — already part of the daily stable build and scheduled for inclusion in the 8.2510.0 stable release.
We’re looking for testers right now.
If your systems still forward Windows Security logs in Snare format, please deploy mmsnareparse and let us know how it performs in your environment.
Real-world feedback will directly shape future development.
Improved rsyslog Assistant available
We’ve rolled out an update to the rsyslog Assistant, our AI-powered helper for configuration, troubleshooting, and general support. The new release uses an optimized base prompt and updated documentation, leading to better accuracy in first tests.
Continue reading “Improved rsyslog Assistant available”rsyslog 8.2508.0 (2025.08) – release announcement
Download: https://www.rsyslog.com/files/download/rsyslog/rsyslog-8.2508.0.tar.gz
Project-provided packages are building now and are expected later today. Ubuntu PPAs are already done.
We are excited to ship a large and meaningful rsyslog release. This cycle advances our responsible “AI First” strategy and moves decisively toward cloud native operations. It also delivers major quality, security, and documentation improvements.
Continue reading “rsyslog 8.2508.0 (2025.08) – release announcement”Backticks in RainerScript just got smarter: ${VAR} and adjacent text now work
TL;DR
Backticks with echo in RainerScript now support brace-style environment variables (${VAR}) and adjacent text (e.g., `echo sasl.password=${KAFKA_PASSWORD}`). This removes a common pitfall when assembling key=value pairs for modules like omkafka. It’s still a limited, intentional subset—not a full shell. The change was motivated by real-world confusion reported in issue #5827. (GitHub)
Rsyslog Documentation Enters a New Era with AI-First Strategy
TL;DR: We are rolling out a major documentation overhaul for rsyslog, powered by an AI-first strategy. This is the next step after our 2024 announcement on documentation and AI. At that time, AI tools were not yet ready for large-scale improvements, but with recent advances, we’ve accelerated our work. The result: a much more accessible, modern, and maintainable documentation set.
RSyslog Windows Agent 8.1 Released
Release Date: 2025-07-16
Build-IDs: Service 8.1.0.232, Client 8.1.0.321
What to do when an External Script does not work?
When a script runs fine interactively but fails in the rsyslog context (i.e., when executed by a background process or as part of a service) it typically indicates differences between the interactive environment and the service environment. Most importantly, it is not rsyslog itself you need to look at. Check the system config and debug your script so that you can obtain maximum information on why and when it fails.
If you know exactly that rsyslog cannot start the script, check that it has sufficient permissions and that all pathes are correct (use absolute pathes!).
Besides that general advice, here are some common reasons why the problem can happen and suggestions for debugging:
Continue reading “What to do when an External Script does not work?”Documentation Improvement and AI
For a long time, I struggled with the daunting task of enhancing the documentation for Rsyslog. My extensive knowledge of Rsyslog technology often made it challenging for me to create user-friendly documentation, especially for individuals with little to no syslog background. Additionally, as a non-native English speaker, I was aware that some of my sentences might be harder to understand than desired. But thanks to the breakthroughs in generative artificial intelligence (AI), the game has changed, and a new era of documentation improvement has begun.
RSyslog Windows Agent 7.5 Released
Release Date: 2023-10-18
Build-IDs: Service 7.5.0.225, Client 7.4.0.315
Bugfixes |
|
You can download Free Trial Version of RSyslog Windows Agent.