mmrfc5424addhmac

rsyslog 8.2.2 (v8-stable) released

We have just released 8.2.2 of the v8-stable branch.

This release allows to build the missing (contributed) modules under v8. Please note, that most of these modules did not yet receive real testing as we don’t have the necessary environments. We depend on users submitting error reports and helping out to iron out any issues that may arise.

Additionaly, the separated documentation is available as a tarball download on the download page.

ChangeLog:

http://www.rsyslog.com/changelog-for-8-2-2-v8-stable/

Download:

http://www.rsyslog.com/downloads/download-v8-stable/

As always, feedback is appreciated.

Best regards,
Florian Riedl

Changelog for 8.2.2 (v8-stable)

Version 8.2.2 [v8-stable] 2014-06-02

  • made the missing (contributed) modules build under v8
    Note that we could do this to the stable, because there is NO regression chance at all: only the modules themselves were changed, and they did NOT work at all previously. Please also note that most of these modules did not yet receive real testing. As we don’t have the necessary environments (easily enough available), we depend on users submitting error reports and helping to iron out any issues that may arise.
    Modules:

    • mmrfc5424addhmac
    • omrabbitmq
    • omgssapi
    • omhdfs
    • omzmq3

How to add a HMAC to RFC5424 structured data messages

rsyslog features a new message modification module, that will check for the SD ID in RFC5424 messages and append a HMAC hash to the structured data part of the message. Please note, that even if the module works on all messages, only RFC5424 messages will be processed.

Before starting, you need a private Enterprise Number from IANA so you can use the module to add the HMAC hash to the message.

For the functionality you need the module “mmrfc5424addhmac”. This is currently available only in the git master branch and will be first released in the next devel release 7.5.4 and for stable in 7.6.0.

When doing the configure, please do not forget to enable this module:

./configure --prefix=/usr --enable-imtcp --enable-mmrfc5424addhmac

Now for the configuration:

module(load="imtcp")
module(load="mmrfc5424addhmac")
input(type="imtcp" port="514")
action(type="mmrfc5424addhmac" key="yourenterprisekey" hashFunction="sha256" sd_id="id@32473")
template(name="addhmac" type="string" string="<%PRI%>1 %TIMESTAMP:::date-rfc3339% %HOSTNAME% 
%APP-NAME% %PROCID% %MSGID% %STRUCTURED-DATA% %msg%\n")
action(type="omfile" file="/var/log/logfile" template="addhmac")

This is a relatively simple configuration. We load the modules imtcp and mmrfc5424addhmac. We will receive all RFC5424 messages through our tcp input. The really interesting part are the actions. Since we need to modify the messages, we need an action with the message modification module. As parameters for the action we define a key that will be used to create the hash, choose a hash function (basically all hash functions from openssl work) and define our SD ID which consists of a name, “@” and the ID received from IANA.

The message will be parsed for the ID, if it exists, a hash will be generated and appended to the structured data of the message.

Now we need to do something with these messages. The template above is a RFC5424 representation and gives out accordingly formatted messages. As follow-up action we will write all messages into a file. Alternatively, you could also forward them to another host or write them into a database.

Scroll to top