rsyslog 8.31.0 (v8-stable) released
Today, we release rsyslog 8.31. This is probably one of the biggest releases in the past couple of years. While it also offers great new functionality, what really important about it is the focus on further improved software quality. For a more detailed description, please read Rainer’s blog post. Detailed information about the huge list of changes is available in the changelog.
http://blog.gerhards.net/2017/11/rsyslog-831-important-release.html
The packages have received some notable changes as well. First off, we were able to implement the Redis output module as a separate package on Ubuntu 14.04 and newer. Also there was a dependency change for the ommongo module, thus it is now only available on Ubuntu 16.04 or newer, but not on CentOS/RHEL anymore. Platform restrictions are unavoidable right now due to dependency availability.
https://github.com/rsyslog/rsyslog/blob/v8-stable/ChangeLog
Download:
http://www.rsyslog.com/downloads/download-v8-stable/
As always, feedback is appreciated.
Best regards,
Florian Riedl
How to sign log records with Guardtime KSI blockchain
Since version 8.27 the instructions for signing log records with Guardtime KSI blockchain are available in the description of ksi-ls12 signing provider module.
The previous signing provider modules gt
and ksi
have been deprecated and are no longer supported.
rsyslog 8.23.0 (v8-stable) released
We have released rsyslog 8.23.0.
This release is packed with changes and enhancements. One of the most interesting might be the removal of the SHA2-224 hash algorithm for KSI signatures. This is considered insecure and is no longer supported by the KSI library. Also notable are the changes to imfile, omfile and omelasticsearch, among lots of others. Please take a look at the Changelog for a full overview.
https://github.com/rsyslog/rsyslog/blob/v8-stable/ChangeLog
Download:
http://www.rsyslog.com/downloads/download-v8-stable/
As always, feedback is appreciated.
Best regards,
Florian Riedl
rsyslog 8.16.0 (v8-stable) released
We have released rsyslog 8.16.0.
This release is mostly a bugfixing release with fixes for impstats, omelasticsearch, imfile, ommail and many more. The biggest change however is the addition of the extraction support in rsgtutil for ksi support (https://github.com/rsyslog/rsyslog/issues/561).
http://www.rsyslog.com/changelog-for-8-16-0-v8-stable/
Download:
http://www.rsyslog.com/downloads/download-v8-stable/
As always, feedback is appreciated.
Best regards,
Florian Riedl
Changelog for 8.16.0 (v8-stable)
——————————————————————————
Version 8.16.0 [v8-stable] 2016-01-26
- rsgtutil: Added extraction support including loglines and hash chains.
More details on how to extract loglines can be found in the rsgtutil
manpage. See also: https://github.com/rsyslog/rsyslog/issues/561 - clean up doAction output module interface
We started with char * pointers, but used different types of pointers
over time. This lead to alignment warnings. In practice, I think this
should never cause any problems (at least there have been no reports
in the 7 or so years we do this), but it is not clean. The interface is
now cleaned up. We do this in a way that does not require modifications
to modules that just use string parameters. For those with message
parameters, have a look at e.g. mmutf8fix to see how easy the
required change is. - new system properties for $NOW properties based on UTC
This permits to express current system time in UTC.
See also https://github.com/rsyslog/rsyslog/issues/729 - impstats: support broken ElasticSearch JSON implementation
ES 2.0 no longer supports valid JSON and disallows dots inside names.
This adds a new “json-elasticsearch” format option which replaces
those dots by the bang (“!”) character. So “discarded.full” becomes
“discarded!full”.
This is a workaroud. A method that will provide more control over
replacements will be implemented some time in the future. For
details, see below-quoted issue tracker.
closes https://github.com/rsyslog/rsyslog/issues/713 - omelasticsearch: craft better URLs
Elasticsearch is confused by url’s ending in a bare ‘?’ or ‘&’. While
this is valid, those are no longer produced.
Thanks to Benno Evers for the patch. - imfile: add experimental “reopenOnTruncate” parameter
Thanks to Matthew Wang for the patch. - bugfix imfile: proper handling of inotify initialization failure
Thanks to Zachary Zhao for the patch. - bugfix imfile: potential segfault due to improper handling of ev var
This occurs in inotify mode, only.
Thanks to Zachary Zhao and Peter Portante for the patch.
closes https://github.com/rsyslog/rsyslog/issues/718 - bugfix imfile: potential segfault under heavey load.
This occurs in inotify mode when using wildcards, only.
The root cause is dropped IN_IGNOPRED inotify events which be dropped
in circumstance of high input pressure and frequent rotation, and
according to wikipeida, they can also be dropped in other conditions.
Thanks to Zachary Zhao for the patch.
closes https://github.com/rsyslog/rsyslog/issues/723 - bugfix ommail: invalid handling of server response
if that response was split into different read calls. Could lead to
error-termination of send operation. Problem is pretty unlikely to
occur in standard setups (requires slow connection to SMTP server).
Thank to github user haixingood for the patch. - bugfix omelasticsearch: custom serverport was ignored on some platforms
Thanks to Benno Evers for the patch. - bugfix: tarball did not include some testbench files
Thanks to Thomas D. (whissi) for the patch. - bugfix: memory misadressing during config parsing string template
This occurred if an (invalid) template option larger than 63 characters
was given.
Thanks to git hub user c6226 for the patch. - bugfix imzmq: memory leak
Thanks to Jeremy Liang for the patch. - bugfix imzmq: memory leak
Thanks to github user xushengping for the patch. - bugfix omzmq: memory leak
Thanks to Jack Lin for the patch. - some code improvement and cleanup
rsyslog 8.15.0 (v8-stable) released
We have released rsyslog 8.15.0.
This release sports a lot of changes. Among the changes are a lot of bugfixes, changes to the KSI support, pmciscoios, omkafka, 0mq modules, omelasticsearch and many more.
http://www.rsyslog.com/changelog-for-8-15-0-v8-stable/
Download:
http://www.rsyslog.com/downloads/download-v8-stable/
As always, feedback is appreciated.
Best regards,
Florian Riedl
Changelog for 8.15.0 (v8-stable)
——————————————————————————
Version 8.15.0 [v8-stable] 2015-12-15
- KSI Lib: Updated code to run with libksi 3.4.0.5
Also libksi 3.4.0.x is required to build rsyslog if ksi support
is enabled. New libpackages have been build as well. - KSI utilities: Added option to ser publication url.
Since libksi 3.4.0.x, there is no default publication url anymore.
The publication url has to be set using the –publications-server
Parameter, otherwise the ksi signature cannot be verified. UserID
and UserKey can also be set by parameter now.
Closes https://github.com/rsyslog/rsyslog/issues/581 - KSI Lib: Fixed wrong TLV container for KSI signatures from 0905 to 0906.
closes https://github.com/rsyslog/rsyslog/issues/587 - KSI/GT Lib: Fixed multiple issues found using static analyzer
- performance improvement for configs with heavy use of JSON variables
Depending on the config, this can be a very big gain in performance. - added pmpanngfw: contributed module for translating Palo Alto Networks logs.
see also: https://github.com/rsyslog/rsyslog/pull/573
Thanks to Luigi Mori for the contribution. - testbench: Changed valgrind option for imtcp-tls-basic-vg.sh
For details see: https://github.com/rsyslog/rsyslog/pull/569 - pmciscoios: support for asterisk before timestamp added
thanks to github user c0by for the patch
see also: https://github.com/rsyslog/rsyslog/pull/583 - solr external output plugin much enhanced
see also: https://github.com/rsyslog/rsyslog/pull/529
Thanks to Radu Gheorghe for the patch. - omrabbitmq: improvements
thanks to Luigi Mori for the patch
see also: https://github.com/rsyslog/rsyslog/pull/580 - add support for libfastjson (as a replacement for json-c)
- KSI utilities: somewhat improved error messages
Thanks to Henri Lakk for the patch.
see also: https://github.com/rsyslog/rsyslog/pull/588 - pmciscoios: support for some format variations
Thanks to github user c0by for the patch - support grok via new contributed module mmgrok
Thanks to 饶琛琳 (github user chenryn) for the contribution. - omkafka: new statistics counter “maxoutqsize”
Thanks to 饶琛琳 (github user chenryn) for the contribution. - improvments for 0mq modules:
- omczmq – suspend / Retry handling – the output plugin can now recover
from some error states due to issues with plugin startup or message sending - omczmq – refactored topic handling code for ZMQ_PUB output to be a little
more efficient - omczmq – added ability to set a timeout for sends
- omczmq – set topics can be in separate frame (default) or part of message
frame (configurable) - omcmzq – code cleanup
- imczmq – code cleanup
- imczmq – fixed a couple of cases where vars could be used uninitialized
- imczmq – ZMQ_ROUTER support
- imczmq – Fix small memory leak from not freeing sockets when done with them
- allow creation of on demand ephemeral CurveZMQ certs for encryption.
Clients may specify clientcertpath=”*” to indicate they want an on
demand generated cert.
Thanks to Brian Knox for the contributions.
- omczmq – suspend / Retry handling – the output plugin can now recover
- cleanup on code to unset a variable
under extreme cases (very, very unlikely), the old code could also lead
to errornous processing - omelasticsearch: build on FreeBSD
Thanks to github user c0by for the patch - pmciscoios: fix some small issues clang static analyzer detected
- testbench: many improvements and some new tests
note that there still is a number of tests which are somewhat racy - overall code improvements thanks to clang static analyzer
- gnutls fix: Added possible fix for gnutls issue #575
see also: https://github.com/rsyslog/rsyslog/issues/575
Thanks to Charles Southerland for the patch - bugfix omkafka: restore ability to build on all platforms
Undo commit aea09800643343ab8b6aa205b0f10a4be676643b
because that lead to build failures on various important platforms.
This means it currently is not possible to configure the location
of librdkafka, but that will affect far fewer people.
closes: https://github.com/rsyslog/rsyslog/issues/596 - bugfix omkafka: fix potentially negative partition number
Thanks to Tait Clarridge for providing a patch. - bugfix: solve potential race in creation of additional action workers
Under extreme circumstances, this could lead to segfault. Note that we
detected this problem thanks to ASAN address sanitzier in combination
with a very exterme testbench test. We do not think that this issue
was ever reported in practice. - bugfix: potential memory leak in config parsing
Thanks to github user linmujia for the patch - bugfix: small memory leak in loading template config
This happened when a plugin was used inside the template. Then, the
memory for the template name was never freed.
Thanks to github user xushengping for the fix. - bugfix: fix extra whitespace in property expansions
Address off-by-one issues introduced in f3bd7a2 resulting in extra
whitespace in property expansions
Thanks to Matthew Gabeler-Lee for the patch. - bugfix: mmfields leaked memory if very large messages were processed
detected by clang static analyzer - bugfix: mmfields could add garbagge data to field
this happened when very large fields were to be processed.
Thanks to Peter Portante for reporting this. - bugfix: omhttpfs now also compiles with older json-c lib
- bugfix: memory leak in (contributed) module omhttpfs
Thanks to git hub user c6226 for the patch. - bugfix: parameter mismatch in error message for wrap() function
- bugfix: parameter mismatch in error message for random() function
- bugfix: divide by zero if max() function was provided zero
- bugfix: invalid mutex handling in omfile async write mode
could lead to segfault, even though highly unlikely (caught by
testbench on a single platform) - bugfix: fix inconsistent number processing
Unfortunately, previous versions of the rule engine tried to
support oct and hex, but that wasn’t really the case.
Everything based on JSON was just dec-converted. As this was/is
the norm, we fix that inconsistency by always using dec.
Luckly, oct and hex support was never documented and could
probably only have been activated by constant numbers. - bugfix: timezone() object: fix NULL pointer dereference
This happened during startup when the offset or id parameter was not
given. Could lead to a segfault at startup.
Detected by clang static analyzer. - bugfix omfile: memory addressing error if very long outchannel name used
Thanks to github user c6226 for the patch.
rsyslog 8.12.0 (v8-stable) released
We have released rsyslog 8.12.0.
http://www.rsyslog.com/changelog-for-8-12-0-v8-stable/
Download:
http://www.rsyslog.com/downloads/download-v8-stable/
As always, feedback is appreciated.
Best regards,
Florian Riedl
Changelog for 8.12.0 (v8-stable)
Version 8.12.0 [v8-stable] 2015-08-11
- Harmonize resetConfigVariables values and defaults
see also https://github.com/rsyslog/rsyslog/pull/413
Thanks to Tomas Heinrich for the patch. - GT/KSI: fix some issues in signature file format and add conversion tool
The file format is incompatible to previous format, but tools have been upgraded to handle both and also an option been added to convert from old to new format. - bugfix: ommysql did not work when gnutls was enabled
As it turned out, this was due to a check for GnuTLS functions with the side-effect that AC_CHECK_LIB, by default, adds the lib to LIBS, if there is no explicit action, what was the case here. So everything was now linked against GnuTLS, which in turn made ommysql fail.
Thanks to Thomas D. (whissi) for the analysis of the ommysql/gnutls problem and Thomas Heinrich for pointing out that AC_CHECK_LIB might be the culprit. - bugfix omfile: potential memory leak on file close
see also: https://github.com/rsyslog/rsyslog/pull/423
Thanks to Robert Schiele for the patch. - bugfix omfile: potential race in dynafile detection/creation
This could lead to a segfault.
Thanks to Tomas Heinrich for the patch. - bugfix omfile: Fix race-condition detection in path-creation code
The affected code is used to detect a race condition in between testing for the existence of a directory and creating it if it didn’t exist. The variable tracking the number of attempts wasn’t reset for subsequent elements in the path, thus limiting the number of reattempts to one per the whole path, instead of one per each path element.
This solution was provided by Martin Poole. - bugfix parser subsystem: potential misadressing in SanitizeMsg() could lead to a segfault
Thanks to Tomas Heinrich for the patch. - imfile: files moved outside of directory are now (properly) handled
- bugfix: imfile: segfault when using startmsg.regex if first log line doesn’t match
Thanks to Ciprian Hacman for the patch. - bugfix imfile: file table was corrupted when on file deletion
This could happen when a file that was statically configured (not via an wildcard) was deleted. - bugfix ompgsql: transaction were improperly handled
Now transaction support is solidly disabled until we have enough requests to implement it again. Module still works fine in single insert mode.
closes https://github.com/rsyslog/rsyslog/issues/399 - bugfix mmjsonparse: memory leak if non-cee-json message is processed
see also https://github.com/rsyslog/rsyslog/pull/383
Thanks to Anton Matveenko for the patch - testbench: remove raciness from UDP based tests
- testbench: added bash into all scripts makign it mandatory
- bugfix testbench: Fixed problem building syslog_caller util when liblogging-stdlog is not available.
Thanks to Louis Bouchard for the patch - bugfix rscryutil.1: Added fix checking for generate_man_pages condition
Thanks to Radovan Sroka for the patch - bugfix freebsd console: \n (NL) is prepended with \r (CR) in console output on freebsd only. For more details see here:
https://github.com/rsyslog/rsyslog/issues/372
Thanks to AlexandreFenyo for the patch
rsyslog 8.11.0 (v8-stable) released
We have released rsyslog 8.11.0.
http://www.rsyslog.com/changelog-for-8-11-0-v8-stable/
Download:
http://www.rsyslog.com/downloads/download-v8-stable/
As always, feedback is appreciated.
Best regards,
Florian Riedl