rsyslog

The rocket-fast system for log processing

ksi

rsyslog 8.31.0 (v8-stable) released

By Adiscon SupportPosted on Posted in News, Release AnnouncementTagged , , , , , , , , , , ,

Today, we release rsyslog 8.31. This is probably one of the biggest releases in the past couple of years. While it also offers great new functionality, what really important about it is the focus on further improved software quality. For a more detailed description, please read Rainer’s blog post. Detailed information about the huge list of changes is available in the changelog.

http://blog.gerhards.net/2017/11/rsyslog-831-important-release.html

The packages have received some notable changes as well. First off, we were able to implement the Redis output module as a separate package on Ubuntu 14.04 and newer. Also there was a dependency change for the ommongo module, thus it is now only available on Ubuntu 16.04 or newer, but not on CentOS/RHEL anymore. Platform restrictions are unavoidable right now due to dependency availability.

ChangeLog:

rsyslog 8.23.0 (v8-stable) released

By Adiscon SupportPosted on Posted in News, Release AnnouncementTagged , , , , , , , , ,

We have released rsyslog 8.23.0.

This release is packed with changes and enhancements. One of the most interesting might be the removal of the SHA2-224 hash algorithm for KSI signatures. This is considered insecure and is no longer supported by the KSI library. Also notable are the changes to imfile, omfile and omelasticsearch, among lots of others. Please take a look at the Changelog for a full overview.

Note: We delayed the next release by two weeks to the Jan 10, so we don’t have to deal with a release around the Christmas holidays. This also means that 8.23.0 is the final release for 2016.
ChangeLog:

rsyslog 8.16.0 (v8-stable) released

By Adiscon SupportPosted on Posted in News, Release AnnouncementTagged , , , , , , , ,

We have released rsyslog 8.16.0.

This release is mostly a bugfixing release with fixes for impstats, omelasticsearch, imfile, ommail and many more. The biggest change however is the addition of the extraction support in rsgtutil for ksi support (https://github.com/rsyslog/rsyslog/issues/561).

To get a full overview over the changes, please take a look at the Changelog.
ChangeLog:

http://www.rsyslog.com/changelog-for-8-16-0-v8-stable/

Download:

http://www.rsyslog.com/downloads/download-v8-stable/

As always, feedback is appreciated.

Best regards,
Florian Riedl

Changelog for 8.16.0 (v8-stable)

By Adiscon SupportPosted on Posted in ChangelogTagged , , , , , , , , ,

——————————————————————————
Version 8.16.0 [v8-stable] 2016-01-26

  • rsgtutil: Added extraction support including loglines and hash chains.
    More details on how to extract loglines can be found in the rsgtutil
    manpage. See also: https://github.com/rsyslog/rsyslog/issues/561
  • clean up doAction output module interface
    We started with char * pointers, but used different types of pointers
    over time. This lead to alignment warnings. In practice, I think this
    should never cause any problems (at least there have been no reports
    in the 7 or so years we do this), but it is not clean. The interface is
    now cleaned up. We do this in a way that does not require modifications
    to modules that just use string parameters. For those with message
    parameters, have a look at e.g. mmutf8fix to see how easy the
    required change is.
  • new system properties for $NOW properties based on UTC
    This permits to express current system time in UTC.
    See also https://github.com/rsyslog/rsyslog/issues/729
  • impstats: support broken ElasticSearch JSON implementation
    ES 2.0 no longer supports valid JSON and disallows dots inside names.
    This adds a new “json-elasticsearch” format option which replaces
    those dots by the bang (“!”) character. So “discarded.full” becomes
    “discarded!full”.
    This is a workaroud. A method that will provide more control over
    replacements will be implemented some time in the future. For
    details, see below-quoted issue tracker.
    closes https://github.com/rsyslog/rsyslog/issues/713
  • omelasticsearch: craft better URLs
    Elasticsearch is confused by url’s ending in a bare ‘?’ or ‘&’. While
    this is valid, those are no longer produced.
    Thanks to Benno Evers for the patch.
  • imfile: add experimental “reopenOnTruncate” parameter
    Thanks to Matthew Wang for the patch.
  • bugfix imfile: proper handling of inotify initialization failure
    Thanks to Zachary Zhao for the patch.
  • bugfix imfile: potential segfault due to improper handling of ev var
    This occurs in inotify mode, only.
    Thanks to Zachary Zhao and Peter Portante for the patch.
    closes https://github.com/rsyslog/rsyslog/issues/718
  • bugfix imfile: potential segfault under heavey load.
    This occurs in inotify mode when using wildcards, only.
    The root cause is dropped IN_IGNOPRED inotify events which be dropped
    in circumstance of high input pressure and frequent rotation, and
    according to wikipeida, they can also be dropped in other conditions.
    Thanks to Zachary Zhao for the patch.
    closes https://github.com/rsyslog/rsyslog/issues/723
  • bugfix ommail: invalid handling of server response
    if that response was split into different read calls. Could lead to
    error-termination of send operation. Problem is pretty unlikely to
    occur in standard setups (requires slow connection to SMTP server).
    Thank to github user haixingood for the patch.
  • bugfix omelasticsearch: custom serverport was ignored on some platforms
    Thanks to Benno Evers for the patch.
  • bugfix: tarball did not include some testbench files
    Thanks to Thomas D. (whissi) for the patch.
  • bugfix: memory misadressing during config parsing string template
    This occurred if an (invalid) template option larger than 63 characters
    was given.
    Thanks to git hub user c6226 for the patch.
  • bugfix imzmq: memory leak
    Thanks to Jeremy Liang for the patch.
  • bugfix imzmq: memory leak
    Thanks to github user xushengping for the patch.
  • bugfix omzmq: memory leak
    Thanks to Jack Lin for the patch.
  • some code improvement and cleanup

rsyslog 8.15.0 (v8-stable) released

By Adiscon SupportPosted on Posted in News, Release AnnouncementTagged , , , , , , , , , ,

We have released rsyslog 8.15.0.

This release sports a lot of changes. Among the changes are a lot of bugfixes, changes to the KSI support, pmciscoios, omkafka, 0mq modules, omelasticsearch and many more.

To get a full overview over the changes, please take a look at the Changelog.
ChangeLog:

http://www.rsyslog.com/changelog-for-8-15-0-v8-stable/

Download:

http://www.rsyslog.com/downloads/download-v8-stable/

As always, feedback is appreciated.

Best regards,
Florian Riedl

Changelog for 8.15.0 (v8-stable)

By Adiscon SupportPosted on Posted in ChangelogTagged , , , , , , , , , ,

——————————————————————————
Version 8.15.0 [v8-stable] 2015-12-15

  • KSI Lib: Updated code to run with libksi 3.4.0.5
    Also libksi 3.4.0.x is required to build rsyslog if ksi support
    is enabled. New libpackages have been build as well.
  • KSI utilities: Added option to ser publication url.
    Since libksi 3.4.0.x, there is no default publication url anymore.
    The publication url has to be set using the –publications-server
    Parameter, otherwise the ksi signature cannot be verified. UserID
    and UserKey can also be set by parameter now.
    Closes https://github.com/rsyslog/rsyslog/issues/581
  • KSI Lib: Fixed wrong TLV container for KSI signatures from 0905 to 0906.
    closes https://github.com/rsyslog/rsyslog/issues/587
  • KSI/GT Lib: Fixed multiple issues found using static analyzer
  • performance improvement for configs with heavy use of JSON variables
    Depending on the config, this can be a very big gain in performance.
  • added pmpanngfw: contributed module for translating Palo Alto Networks logs.
    see also: https://github.com/rsyslog/rsyslog/pull/573
    Thanks to Luigi Mori for the contribution.
  • testbench: Changed valgrind option for imtcp-tls-basic-vg.sh
    For details see: https://github.com/rsyslog/rsyslog/pull/569
  • pmciscoios: support for asterisk before timestamp added
    thanks to github user c0by for the patch
    see also: https://github.com/rsyslog/rsyslog/pull/583
  • solr external output plugin much enhanced
    see also: https://github.com/rsyslog/rsyslog/pull/529
    Thanks to Radu Gheorghe for the patch.
  • omrabbitmq: improvements
    thanks to Luigi Mori for the patch
    see also: https://github.com/rsyslog/rsyslog/pull/580
  • add support for libfastjson (as a replacement for json-c)
  • KSI utilities: somewhat improved error messages
    Thanks to Henri Lakk for the patch.
    see also: https://github.com/rsyslog/rsyslog/pull/588
  • pmciscoios: support for some format variations
    Thanks to github user c0by for the patch
  • support grok via new contributed module mmgrok
    Thanks to 饶琛琳 (github user chenryn) for the contribution.
  • omkafka: new statistics counter “maxoutqsize”
    Thanks to 饶琛琳 (github user chenryn) for the contribution.
  • improvments for 0mq modules:
    • omczmq – suspend / Retry handling – the output plugin can now recover
      from some error states due to issues with plugin startup or message sending
    • omczmq – refactored topic handling code for ZMQ_PUB output to be a little
      more efficient
    • omczmq – added ability to set a timeout for sends
    • omczmq – set topics can be in separate frame (default) or part of message
      frame (configurable)
    • omcmzq – code cleanup
    • imczmq – code cleanup
    • imczmq – fixed a couple of cases where vars could be used uninitialized
    • imczmq – ZMQ_ROUTER support
    • imczmq – Fix small memory leak from not freeing sockets  when done with them
    • allow creation of on demand ephemeral CurveZMQ certs for encryption.
      Clients may specify clientcertpath=”*” to indicate they want an on
      demand generated cert.

    Thanks to Brian Knox for the contributions.

  • cleanup on code to unset a variable
    under extreme cases (very, very unlikely), the old code could also lead
    to errornous processing
  • omelasticsearch: build on FreeBSD
    Thanks to github user c0by for the patch
  • pmciscoios: fix some small issues clang static analyzer detected
  • testbench: many improvements and some new tests
    note that there still is a number of tests which are somewhat racy
  • overall code improvements thanks to clang static analyzer
  • gnutls fix: Added possible fix for gnutls issue #575
    see also: https://github.com/rsyslog/rsyslog/issues/575
    Thanks to Charles Southerland for the patch
  • bugfix omkafka: restore ability to build on all platforms
    Undo commit aea09800643343ab8b6aa205b0f10a4be676643b
    because that lead to build failures on various important platforms.
    This means it currently is not possible to configure the location
    of librdkafka, but that will affect far fewer people.
    closes: https://github.com/rsyslog/rsyslog/issues/596
  • bugfix omkafka: fix potentially negative partition number
    Thanks to Tait Clarridge for providing a patch.
  • bugfix: solve potential race in creation of additional action workers
    Under extreme circumstances, this could lead to segfault. Note that we
    detected this problem thanks to ASAN address sanitzier in combination
    with a very exterme testbench test. We do not think that this issue
    was ever reported in practice.
  • bugfix: potential memory leak in config parsing
    Thanks to github user linmujia for the patch
  • bugfix: small memory leak in loading template config
    This happened when a plugin was used inside the template. Then, the
    memory for the template name was never freed.
    Thanks to github user xushengping for the fix.
  • bugfix: fix extra whitespace in property expansions
    Address off-by-one issues introduced in f3bd7a2 resulting in extra
    whitespace in property expansions
    Thanks to Matthew Gabeler-Lee for the patch.
  • bugfix: mmfields leaked memory if very large messages were processed
    detected by clang static analyzer
  • bugfix: mmfields could add garbagge data to field
    this happened when very large fields were to be processed.
    Thanks to Peter Portante for reporting this.
  • bugfix: omhttpfs now also compiles with older json-c lib
  • bugfix: memory leak in (contributed) module omhttpfs
    Thanks to git hub user c6226 for the patch.
  • bugfix: parameter mismatch in error message for wrap() function
  • bugfix: parameter mismatch in error message for random() function
  • bugfix: divide by zero if max() function was provided zero
  • bugfix: invalid mutex handling in omfile async write mode
    could lead to segfault, even though highly unlikely (caught by
    testbench on a single platform)
  • bugfix: fix inconsistent number processing
    Unfortunately, previous versions of the rule engine tried to
    support oct and hex, but that wasn’t really the case.
    Everything based on JSON was just dec-converted. As this was/is
    the norm, we fix that inconsistency by always using dec.
    Luckly, oct and hex support was never documented and could
    probably only have been activated by constant numbers.
  • bugfix: timezone() object: fix NULL pointer dereference
    This happened during startup when the offset or id parameter was not
    given. Could lead to a segfault at startup.
    Detected by clang static analyzer.
  • bugfix omfile: memory addressing error if very long outchannel name used
    Thanks to github user c6226 for the patch.

rsyslog 8.12.0 (v8-stable) released

By Adiscon SupportPosted on Posted in News, Release AnnouncementTagged , , , , , ,

We have released rsyslog 8.12.0.

This is primarily a bug-fixing release with a couple of improvements in omfile, imfile, GT/KSI, the testbench and many more. For more details, please take a look at the Changelog.
ChangeLog:

http://www.rsyslog.com/changelog-for-8-12-0-v8-stable/

Download:

http://www.rsyslog.com/downloads/download-v8-stable/

As always, feedback is appreciated.

Best regards,
Florian Riedl

Changelog for 8.12.0 (v8-stable)

By Adiscon SupportPosted on Posted in ChangelogTagged , , , , , , , ,

Version 8.12.0 [v8-stable] 2015-08-11

  • Harmonize resetConfigVariables values and defaults
    see also https://github.com/rsyslog/rsyslog/pull/413
    Thanks to Tomas Heinrich for the patch.
  • GT/KSI: fix some issues in signature file format and add conversion tool
    The file format is incompatible to previous format, but tools have been upgraded to handle both and also an option been added to convert from old to new format.
  • bugfix: ommysql did not work when gnutls was enabled
    As it turned out, this was due to a check for GnuTLS functions with the side-effect that AC_CHECK_LIB, by default, adds the lib to LIBS, if there is no explicit action, what was the case here. So everything was now linked against GnuTLS, which in turn made ommysql fail.
    Thanks to Thomas D. (whissi) for the analysis of the ommysql/gnutls problem and Thomas Heinrich for pointing out that AC_CHECK_LIB might be the culprit.
  • bugfix omfile: potential memory leak on file close
    see also: https://github.com/rsyslog/rsyslog/pull/423
    Thanks to Robert Schiele for the patch.
  • bugfix omfile: potential race in dynafile detection/creation
    This could lead to a segfault.
    Thanks to Tomas Heinrich for the patch.
  • bugfix omfile: Fix race-condition detection in path-creation code
    The affected code is used to detect a race condition in between testing for the existence of a directory and creating it if it didn’t exist.  The variable tracking the number of attempts wasn’t reset for subsequent elements in the path, thus limiting the number of reattempts to one per the whole path, instead of one per each path element.
    This solution was provided by Martin Poole.
  • bugfix parser subsystem: potential misadressing in SanitizeMsg() could lead to a segfault
    Thanks to Tomas Heinrich for the patch.
  • imfile: files moved outside of directory are now (properly) handled
  • bugfix: imfile: segfault when using startmsg.regex if first log line doesn’t match
    Thanks to Ciprian Hacman for the patch.
  • bugfix imfile: file table was corrupted when on file deletion
    This could happen when a file that was statically configured (not via an wildcard) was deleted.
  • bugfix ompgsql: transaction were improperly handled
    Now transaction support is solidly disabled until we have enough requests to implement it again. Module still works fine in single insert mode.
    closes https://github.com/rsyslog/rsyslog/issues/399
  • bugfix mmjsonparse: memory leak if non-cee-json message is processed
    see also https://github.com/rsyslog/rsyslog/pull/383
    Thanks to Anton Matveenko for the patch
  • testbench: remove raciness from UDP based tests
  • testbench: added bash into all scripts makign it mandatory
  • bugfix testbench: Fixed problem building syslog_caller util when liblogging-stdlog is not available.
    Thanks to Louis Bouchard for the patch
  • bugfix rscryutil.1: Added fix checking for generate_man_pages condition
    Thanks to Radovan Sroka for the patch
  • bugfix freebsd console: \n (NL) is prepended with \r (CR) in console output on freebsd only. For more details see here:
    https://github.com/rsyslog/rsyslog/issues/372
    Thanks to AlexandreFenyo for the patch

rsyslog 8.11.0 (v8-stable) released

By Adiscon SupportPosted on Posted in News, Release AnnouncementTagged , , , , , , ,

We have released rsyslog 8.11.0.

This release now provides a new signature provider for Keyless Signature Infrastructure (KSI) as well as quite a few fixes for imfile, omkafka, the build system and others.
ChangeLog:

http://www.rsyslog.com/changelog-for-8-11-0-v8-stable/

Download:

http://www.rsyslog.com/downloads/download-v8-stable/

As always, feedback is appreciated.

Best regards,
Florian Riedl

Scroll to top