rsyslog

The rocket-fast system for log processing

devel

Changelog for 6.1.5 (v6 devel)

By adisconteamPosted on Posted in ChangelogTagged , , ,

Version 6.1.5 [DEVEL] (rgerhards), 2011-03-04

  • improved testbench
  • enhanced imtcp to use a pool of worker threads to process incoming
    messages. This enables higher processing rates, especially in the TLS
    case (where more CPU is needed for the crypto functions)
  • added support for TLS (in anon mode) to tcpflood
  • improved TLS error reporting
  • improved TLS startup (Diffie-Hellman bits do not need to be generated,
    as we do not support full anon key exchange — we always need certs)
  • bugfix: fixed a memory leak and potential abort condition
    this could happen if multiple rulesets were used and some output batches
    contained messages belonging to more than one ruleset.
    fixes: http://bugzilla.adiscon.com/show_bug.cgi?id=226
    fixes: http://bugzilla.adiscon.com/show_bug.cgi?id=218
  • bugfix: memory leak when $RepeatedMsgReduction on was used
    bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=225
  • bugfix: potential abort condition when $RepeatedMsgReduction set to on
    as well as potentially in a number of other places where MsgDup() was
    used. This only happened when the imudp input module was used and it
    depended on name resolution not yet had taken place. In other words,
    this was a strange problem that could lead to hard to diagnose
    instability. So if you experience instability, chances are good that
    this fix will help.

Changelog for 6.1.4 (devel)

By adisconteamPosted on Posted in ChangelogTagged , , ,

Version 6.1.4 [DEVEL] (rgerhards), 2011-02-18

  • bugfix/omhdfs: directive $OMHDFSFileName rendered unusable
    due to a search and replace-induced bug ;)
  • bugfix: minor race condition in action.c – considered cosmetic
    This is considered cosmetic as multiple threads tried to write exactly
    the same value into the same memory location without sync. The method
    has been changed so this can no longer happen.
  • added pmsnare parser module (written by David Lang)
  • enhanced imfile to support non-cancel input termination
  • improved systemd socket activation thanks to Marius Tomaschweski
  • improved error reporting for $WorkDirectory
    non-existance and other detectable problems are now reported,
    and the work directory is NOT set in this case
  • bugfix: pmsnare causded abort under some conditions
  • bugfix: abort if imfile reads file line of more than 64KiB
    Thanks to Peter Eisentraut for reporting and analysing this problem.
    bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=221
  • bugfix: queue engine did not properly slow down inputs in FULL_DELAY mode
    when in disk-assisted mode. This especially affected imfile, which
    created unnecessarily queue files if a large set of input file data was
    to process.
  • bugfix: very long running actions could prevent shutdown under some
    circumstances. This has now been solved, at least for common
    situations.
  • bugfix: fixed compile problem due to empty structs
    this occured only on some platforms/compilers. thanks to Dražen Kačar
    for the fix

Changelog for 6.1.3 (v6-devel)

By adisconteamPosted on Posted in ChangelogTagged , , ,

Version 6.1.3 [DEVEL] (rgerhards), 2011-02-01

  • experimental support for monogodb added
  • added $IMUDPSchedulingPolicy and $IMUDPSchedulingPriority config settings
  • added $LocalHostName config directive
  • improved tcpsrv performance by enabling multiple-entry epoll
    so far, we always pulled a single event from the epoll interface.
    Now 128, what should result in performance improvement (less API
    calls) on busy systems. Most importantly affects imtcp.

  • imptcp now supports non-cancel termination mode, a plus in stability
  • imptcp speedup: multiple worker threads can now be used to read data
  • new directive $InputIMPTcpHelperThreads added
  • bugfix: fixed build problems on some platforms
    namely those that have 32bit atomic operations but not 64 bit ones

  • bugfix: local hostname was pulled too-early, so that some config
    directives (namely FQDN settings) did not have any effect

  • enhanced tcpflood to support multiple sender threads
    this is required for some high-throughput scenarios (and necessary to
    run some performance tests, because otherwise the sender is too slow).

  • added some new custom parsers (snare, aix, some Cisco “specialities”)
    thanks to David Lang

Changelog for 6.1.2 (devel)

By Adiscon SupportPosted on Posted in ChangelogTagged , , , ,

Version 6.1.2  [DEVEL] (rgerhards), 2010-12-16

  • added experimental support for log normalizaton (via liblognorm) support for normalizing log messages has been added in the form of mmnormalize. The core engine (property replacer, filter engine) has been enhanced to support properties from normalized events.

Note: this is EXPERIMENTAL code. It is currently known that there are issues if the functionality is used with

  • disk-based queues
  • asynchronous action queues

You can not use the new functionality together with these features.

This limitation will be removed in later releases. However, we preferred to release early, so that one can experiment with the new feature set and accepted the price that this means the full set of functionality is not yet available. If not used together with these features, log normalizing should be pretty stable.

  • enhanced testing tool tcpflood now supports sending via UDP and the capability to run multiple iterations and generate statistics data records
  • bugfix: potential abort when output modules with different parameter passing modes were used in configured output modules
Scroll to top