7.6.0

rsyslog 7.6.0 (v7-stable) released

This is the first release of rsyslog 7.6 in the v7-stable branch. Since 7.4 a lot of new functions have found their way into rsyslog. With 7.6 being the successor of the 7.5 development branch, everything that has been added there has now found its way into the stable version. The major additions consist of

  • imrelp/omrelp now support TLS & (zip) compression
  • impstats is now emitting resource usage counters, can directly emit delta values and can now be bound to a ruleset
  • mmpstrucdata is a new module to parse RFC5424 structured data into JSON message properties
  • mmutf8fix is a new module to fix invalid UTF-8 sequences
  • mmsequence is a new module that helps with action load balancing
  • new defaults for main/ruleset queues to be more enterprise-like

Also the new stable version has undergone a lot of bug fixes, performance improvements and optimizations that make rsyslog 7.6 a lot more reliable and performing than before. Also, requirements have changed a little. For rsyslog 7.6 you now require librelp 1.1.4 and libestr 0.1.7 due to major fixes.

More detailed information is available in the ChangeLog.

ChangeLog: http://www.rsyslog.com/changelog-for-7-6-0-v7-stable/

Download: http://www.rsyslog.com/rsyslog-7-6-0-v7-stable/

As always, feedback is appreciated.

Best regards,

Florian Riedl

Changelog for 7.6.0 (v7-stable)

Version 7.6.0 [v7.6-stable] 2014-01-??
This starts a new stable branch based on 7.5.8 plus the following changes:

  • bugfix: imuxsock input parameters were not accepted due to copy&paste error.
    Thanks to Andy Goldstein for the fix.
  • added ProcessInternalMessages global system parameter
    This permits to inject rsyslog status messages into *another* main syslogd or the journal.
  • new dependency: liblogging-stdlog (for submitting to external logger)
  • bugfix: json templates are improperly created
    Strings miss the terminating NUL character, which obviously can lead to all sorts of problems.
    See also: https://github.com/rsyslog/rsyslog/issues/27
    Thanks to Alain for the analysis and the patch.
  • ompgsql bugfix: improper handling of auto-backgrounding mode
    If rsyslog was set to auto-background itself (default code behaviour, but many distros now turn it off for good reason), ompgsql could not properly connect. This could even lead to a segfault. The core reason was that a PG session handle was kept open over a fork, something that is explicitely forbidden in the PG API.
    Thanks to Alain for the analysis and the patch.

How to use set variable and exec_template

As of version 7.5.8, 8.1.4 and the soon to be released 7.6.0, there is a new function available. You can now fill variables with dynamic data through a template. The new function is called exec_template.

Basically, you will set a variable with either a static value or from a given property as described before. But there are cases, where this is not appropriate. For example, if you want to filter for some specific data from $msg, but cannot use the filter on the whole property because of possible multiple occurences. Please note, that the following is just a basic example and exec_template can be used for a large variety of other cases as well.

First, we need to define a template. In our case, we want to extract a specific field from the $msg property.

template(name="extract" type="string" string="%msg:F:5%")

If this template was used to write to a file, the output would resemble the fifth field from a TAB delimited log message. This could also be more specific to extract only specific characters from a field, delimited by other characters than TAB. Or you could even use complex regex functions in the template to extract the data you want.

Now we need to fill a custom variable. This is where exec_template will be used.

set $!xyz = exec_template("extract");

Instead of a already known value or property name, we call the function and give it the template that should be executed. This will result in the variable being filled with the content of the fifth field from %msg property. Now you can use this variable for filters or even other templates. Here are some examples:

if $!xyz contains 'abc' then {action()}
template(name="DynaFile" type="string" string="/var/log/%$!xyz%-data/%timereported%-%$!xyz%.log")

As you can see there are many useful possibilities and using exec_template is rather easy.

If you have additional ideas for use-cases that should be described, please let us know.

Scroll to top