Changelog for 3.2.2 (v3-stable)
Version 3.22.2 [v3-stable] (rgerhards), 2010-08-05
- bugfix: comment char (‘#’) in literal terminated script parsing and thus could not be used.
but tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=119 - enhance: imrelp now also provides remote peer’s IP address[if librelp != 1.0.0 is used]
- bugfix: sending syslog messages with zip compression did not work
- bugfix: potential hang condition on queue shutdown
- bugfix: segfault on startup when -q or -Q option was given
bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=157
Thanks to Jonas Nogueira for reporting this bug. - clarified use of $ActionsSendStreamDriver[AuthMode/PermittedPeers]in doc set (require TLS drivers)
- bugfix: $CreateDirs variable not properly initialized, default thuswas random (but most often “on”)
- bugfix: potential segfault when -p command line option was usedthanks to varmojfekoj for pointing me at this bug
- bugfix: programname filter in ! configuration can not be resetThanks to Kiss Gabor for the patch.
rsyslog 5.5.5 (devel) released
Hi all,
We have just released rsyslog 5.5.5, a member of the devel branch. This is a bug-fixing release which contains a single fix that solves a potential hang condition on system shutdown when infinite action retries are configured for an asynchronous action using a queue in disk-assisted mode and the action was suspended. This is probably not a very common case, but a configuration recommended by our doc samples. If you do not use such a configuration, there is no need to update at this time. See Changelog for more details.
ChangeLog:
http://www.rsyslog.com/article461/
Download:
http://www.rsyslog.com/Downloads-req-viewdownloaddetails-lid-204.phtml
As always, feedback is appreciated.
Best regards,
Tom Bergfeld
Changelog for 4.7.0 (v4-devel)
Version 4.7.0 [v4-devel] (rgerhards), 2010-04-14
- new: support for Solaris added (but not yet the Solaris door API)
- added function getenv() to RainerScript
- added new config option $InputUnixListenSocketCreatePath to permit the auto-creation of pathes to additional log sockets. This turns out to be useful if they reside on temporary file systems and rsyslogd starts up before the daemons that create these sockets (rsyslogd always creates the socket itself if it does not exist).
- added $LogRSyslogStatusMessages configuration directive permitting to turn off rsyslog start/stop/HUP messages.
See Debian ticket http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463793 - added new config directive $omfileForceChown to (try to) fix some broken system configs.
See ticket for details: http://bugzilla.adiscon.com/show_bug.cgi?id=150 - added $EscapeControlCharacterTab config directive
Thanks to Jonathan Bond-Caron for the patch. - added option to use unlimited-size select() calls
Thanks to varmjofekoj for the patch - debugondemand mode caused backgrounding to fail – close to a bug, but I’d consider the ability to background in this mode a new feature…
- bugfix (kind of): check if TCP connection is still alive if using TLS
Thanks to Jonathan Bond-Caron for the patch. - imported changes from 4.5.7 and below
- bugfix: potential segfault when -p command line option was used
Thanks for varmojfekoj for pointing me at this bug. - bugfix: potential segfaults during queue shutdown (bugs require certain non-standard settings to appear)
Thanks to varmojfekoj for the patch [imported from 4.5.8]
Sending Messages to a Remote Syslog Server
In this recipe, we forward messages from one system to another one. Typical use cases are:
- the local system does not store any messages (e.g. has not sufficient space to do so)
- there is a (e.g. legal) requirement to consolidate all logs on a single system
- the server may run some advanced alerting rules, and needs to have a full picture or network activity to work well
- you want to get the logs to a different system in a different security domain (to prevent attackers from hiding their tracks)
- and many more …
In our case, we forward all messages to the remote system. Note that by applying different filters, you may only forward select entries to the remote system. Also note that you can include as many forwarding actions as you like. For example, if you need to have a backup central server, you can simply forward to both of them, using two different forwarding actions.
To learn how to configure the remote server, see recipe Receiving Messages from a Remote System.
Config Statements
# this is the simplest forwarding action:
*.* action(type="omfwd" target="192.0.2.1" port="10514" protocol="tcp")
# it is equivalent to the following obsolete legacy format line:
*.* @@192.0.2.1:10514 # do NOT use this any longer!
# Note: if the remote system is unreachable, processing will
# block here and discard messages after a while
# so a better use is
*.* action(type="omfwd" target="192.0.2.2" port="10514" protocol="tcp"
action.resumeRetryCount="100"
queue.type="linkedList" queue.size="10000")
# this will de-couple the sending from the other logging actions,
# and prevent delays when the remote system is not reachable. Also,
# it will try to connect 100 times before it discards messages as
# undeliverable.
# the rest below is more or less a plain vanilla rsyslog.conf as
# many distros ship it - it's more for your reference...
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* /var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg :omusrmsg:*
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.logThings to think about
You need to select the protocol best suitable for your use case. If in doubt, TCP is a decent choice. This recipe uses TCP for that reason.
TCP forwarding is a build-in capability and always present. As such, no plugin needs to be loaded. The target can be specified by DNS name or IP address. Use IP addresses for most robust operations. If you use a DNS name and name resolution fails, forwarding may be disabled for some time. DNS resolution typically fails on the DNS server itself during system startup.
In this example, we forward to port 10514. We could as well remove the port=”…” parameter from the configuration, which would result in the default port being used. However, you need to specify the port address on the server in any case. So it is strongly advised to use an explicit port number to make sure that client and server configuration match each other (if they used different ports, the message transfer would not work.
ChangeLog for 4.5.8 (v4-beta)
Version 4.5.8 [v4-beta] (rgerhards), 2010-02-10
- enhanced doc for using PostgreSQL
Thanks to Marc Schiffbauer for the new/updated doc - bugfix: property replacer returned invalid parameters under some (unusual) conditions. In extreme cases, this could lead to garbled logs and/or a system failure.
- bugfix: invalid length returned (often) when using regular expressions inside the property replacer
- bugfix: submatch regex in property replacer did not honor “return 0 on no match” config case
- bugfix: imuxsock incorrectly stated inputname “imudp”
Thanks to Ryan Lynch for reporting this. - (slightly) enhanced support for FreeBSD by setting _PATH_MODDIR to the correct value on FreeBSD.
Thanks to Cristiano for the patch. - bugfix: -d did not enable display of debug messages regression from introduction of “debug on demand” mode
Thanks to Michael Biebl for reporting this bug - bugfix: blanks inside file names did not terminate file name parsing.
This could reslult in the whole rest of a line (including comments) to be treated as file name in “write to file” actions.
Thanks to Jack for reporting this issue. - bugfix: rsyslog hang when writing to a named pipe which nobody was reading. Thanks to Michael Biebl for reporting this bug.
- bugfix: memory leak when sending messages in zip-compressed format
Thanks to Naoya Nakazawa for analyzing this issue and providing a patch. - bugfix: potential segfaults during queue shutdown (bugs require certain non-standard settings to appear)
Thanks to varmojfekoj for the patch
ChangeLog for 5.5.2 (devel)
Version 5.5.2 [DEVEL] (rgerhards), 2010-02-05
- applied patches that make rsyslog compile under Apple OS X.
Thanks to trey for providing these. - replaced data type “bool” by “sbool” because this created some portability issues.
- added $Escape8BitCharactersOnReceive directive
Thanks to David Lang for suggesting it. - worked around an issue where omfile failed to compile on32 bit platforms under some circumstances (this smells like a gcc problem, but a simple solution was available). Thanks to Kenneth Marshall for some advice.
- extended testbench
- bugfix: queues in direct mode could case a segfault, especially if an action failed for action queues. The issue was an invalid increment of a stack-based pointer which lead to destruction of the stack frame and thus a segfault on function return.
Thanks to Michael Biebl for alerting us on this problem. - bugfix: hostname accidently set to IP address for some message sources, for example imudp. Thanks to Anton for reporting this bug. [imported v4]
- bugfix: ompgsql had problems with transaction support, what actually rendered it unsuable. Thanks to forum user “horhe” for alerting me on this bug and helping to debug/fix it! [imported from 5.3.6]
- bugfix: $CreateDirs variable not properly initialized, default thus was random (but most often “on”) [imported from v3]
ChangeLog for 5.3.7 (v5-beta)
Version 5.3.7 [BETA] (rgerhards), 2010-01-27
- bugfix: queues in direct mode could case a segfault, especially if an action failed for action queues. The issue was an invalid increment of a stack-based pointer which lead to destruction of the stack frame and thus a segfault on function return.
Thanks to Michael Biebl for alerting us on this problem. [backport from 5.5.2] - bugfix: wrong memory assignment for a config variable (probably without causing any harm) [backport from 5.2.2]
- bugfix: rsyslog hangs when writing to a named pipe which nobody was reading. Thanks to Michael Biebl for reporting this bug.
Bugzilla entry: http://bugzilla.adiscon.com/show_bug.cgi?id=169 [imported from 4.5.8]
ChangeLog for 4.5.6 (v4-beta)
Version 4.5.6 [v4-beta] (rgerhards), 2009-11-05
- bugfix: named pipes did no longer work (they always got an open error) this was a regression from the omfile rewrite in 4.5.0
- bugfix(minor): diag function returned wrong queue memeber count for the main queue if an active DA queue existed. This had no relevance to real deployments (assuming they are not running the debug/diagnostic module…), but sometimes caused grief and false alerts in the testbench.
- included some important fixes from v4-stable:
- bugfix: invalid handling of zero-sized messages
- bugfix: zero-sized UDP messages are no longer processed
- bugfix: random data could be appended to message
- bugfix: reverse lookup reduction logic in imudp do DNS queries too often
- bugfix(testbench): testcase did not properly wait for rsyslod shutdown thus some unpredictable behavior and a false negative test result could occur. [BACKPORTED from v5]
- bugfix(testbench): sequence check was not always performed correctly, that could result in tests reporting success when they actually failed
ChangeLog for 5.3.4 (devel)
Version 5.3.4 [DEVEL] (rgerhards), 2009-11-04
- added the ability to create custom message parsers
- added $RulesetParser config directive that permits to bind specific parsers to specific rulesets
- added omruleset output module, which provides great flexibility in action processing. THIS IS A VERY IMPORTANT ADDITION, see its doc for why.
- added the capability to have ruleset-specific main message queues
This offers considerable additional flexibility AND superior performance (in cases where multiple inputs now can avoid lock contention) - bugfix: correct default for escape (‘#’) character restored
This was accidently changed to ‘\\’, thanks to David Lang for reporting - bugfix(testbench): testcase did not properly wait for rsyslogd shutdown thus some unpredictable behavior and a false negative test result could occur.
ChangeLog for 5.3.3 (devel)
Version 5.3.3 [DEVEL] (rgerhards), 2009-10-27
- simplified and thus speeded up the queue engine, also fixed some potential race conditions (in very unusual shutdown conditions) along the way. The threading model has seriously changes, so there may be some regressions.
- enhanced test environment (inlcuding testbench): support for enhancing probability of memory addressing failure by using non-NULL default value for malloced memory (optional, only if requested by configure option). This helps to track down some otherwise undetected issues within the testbench.
- bugfix: potential abort if inputname property was not set primarily a problem of imdiag
- bugfix: message processing states were not set correctly in all cases however, this had no negative effect, as the message processing state was not evaluated when a batch was deleted, and that was the only case where the state could be wrong.