rsyslog

The rocket-fast system for log processing

OpenSSL

RSyslog Windows Agent 7.0 Released

By friedlPosted on Posted in Release AnnouncementTagged , , , , , , No Comments on RSyslog Windows Agent 7.0 Released

Release Date: 2021-03-09

Build-IDs: Service 7.0.0.213, Client 7.0.0.297

Features

  • Filter Engine: Add support to filter by IPv6 addresses.
  • Eventlog Monitor V2: Added support to for LogPoint SIEM JSON Format.
  • Eventlog Monitor V2: Added support for the following EventLog properties (if available):
    Providerguid, processed, threaded, version, opcode, eventtype, nxseverityvalue (required for Severity Mapping in LogPoint SIEM JSON Format)
  • Action Caching: Added support for caching / queuing in RELP Action when Action processing fails.
  • Filter Engine: Added support to store filter results when using the global Status Variable type filters.
  • Queue Engine: Added Warning/Error events which are generated when the queue gets full.
  • Librelp: Updated librelp to v1.8.0.
  • Openssl: Updated to version 1.1.1g.

Bugfixes

  • Filter Engine: Fixed SaveIntoProperty handling when using the Status Type Filter.
  • Queue Engine: Fixed an issue that caused an internal exception
    STATUS_STACK_BUFFER_OVERRUN when two TCP Syslog Sessions where closed at the same time.

You can download Free Trial Version of RSyslog Windows Agent.

RSyslog Windows Agent 3.3 Released

By Adiscon SupportPosted on Posted in News, Release AnnouncementTagged , , , , , , ,

Adiscon is proud to announce the 3.3 release of RSyslog Windows Agent.

This is a bugfixing release with minor feature update.

Most importantly, the Adiscon SNMP MIB now supports messages sizes up to 64k (previous limit was 255 characters). The OpenSSL Library has been updated to 1.0.2h. Bugs were fixed primarily in RELP and syslog forwarding processing. For details please see the change log.

Detailed information can be found in the version history below.

Build-IDs: Service 3.3.152, Client 3.3.235

Features

  • Components:
    • OpenSSL library updated to 1.0.2h.
  • Adiscon SNMP Mib:
    • Changed DisplayString limit from 255 characters to 65536. Now, strings above 255 characters can be send using the adiscon mibs.

Bugfixes

  • Send Syslog Action:
    • Fixed an issue with the “Disable processing, forward as it is” Option. RawSyslogMsg property is used instead of msg property.
  • Send Relp Action:
    • Fixed an issue in the Session Close shutdown procedure which could lead to leaking sessions on Relp Servers.
    • Send Relp Action: Fixed an issue setting a proper status on failure.
    • Fixed a problem handling socket failures.
  • Event Monitor V2:
    • Dynamic properties could break XML format if they contained spaces in their name. Spaces and control characters are now properly replaced with underscores.
  • Relp Listener:
    • Fixed Socketsystem startup if only one Relp Listener Service was configured without any other network related services.
  • Syslog Server:
    • Fixed an issue relaying the priority / facility properties on Syslog Forward. The prifac property was not properly recreated if the message source was Syslog.
    • Fixed an issue with RFC5424 header parsing which partially parsed invalid formatted syslog messages. This broke the original message.
    • Fixed a parsing issue (TCP Protocol only) when the syslog header was missing. When the first characters were a number, TCP Syslog tried to detect octet framing. This failed but the beginning characters of the message were lost. Also octet framing was not disabled resulting in unexpected endings of the message.
    • Fixed an issue with RFC 3164 Syslog Header parsing when “take syslog source from msg” is enabled.
  • Property Replacer:
    • Date related options are now evaluated before and after the property is truncated. But only if a match before the string truncation was not successful.

Version 3.3 is a free download. Customers with existing 2.x keys can contact our Sales department for upgrade prices. If you have a valid Upgrade Insurance ID, you can request a free new key by sending your Upgrade Insurance ID to sales@adiscon.com. Please note that the download enables the free 30-day trial version if used without a key – so you can right now go ahead and evaluate it.

RSyslog Windows Agent 3.2 Released

By Adiscon SupportPosted on Posted in News, Release AnnouncementTagged , , , , , , ,

Adiscon is proud to announce the 3.2 release of RSyslog Windows Agent.

This is a maintenenance release for RSyslog Windows Agent, which includes Features and bugfixes.

There is a huge list of changes, but the most important is the enhanced support for file based configurations.

Also inbuild components like OpenSSL and NetSNMP have been updated to the latest versions.

Detailed information can be found in the version history below.

Build-IDs: Service 3.2.143, Client 3.2.0.230

Features

  • Components:
    • Updated OpenSSL 1.0.2e.
  • Engine:
    • When using TLS Mode x509/Name, permitted peers will also checked against the certificate Subject Alternative Name (SAN) now.
  • EventLog Monitor V2:
    • Added new Option “Wait time after action failure” which specifies the wait time after an action error occurred. Without the wait time, the subscription would immediately hit again. It is most likely that the action failure was caused by network problems, so a wait time of (default value) 15 seconds is a reasonable default.
  • File Monitor:
    • Added regular expressions support for Message Separators. Also added Options to prepend or append message separators to the message. When using regex message separators, it might be necessary to include the message separator into the message.
  • Syslog Action:
    • Added wait time doubling option for the Diskqueue feature. When enabled, the configured wait time will be doubled until the doubling limit is reached.
    • Added random wait time delay option for the Diskqueue feature. When enabled, a random wait time (up to the configured maximum) will be added to the configured wait time.
    • Added Overrun prevention delay option for the Diskqueue feature. When enabled, the action will sleep for the configured delay between each syslog message.
  • Services TestMode:
    • Added a testmode for Services, currently EventLog Monitor V1 & V2 and File Monitor are supported. When enabling the testmode for a certain service, it will process it’s Events/Files over and over again. So only use this setting for testing purpose.
  • File Based Configuration:
    • Added support for file includes. The feature can be enabled by setting one or both options in the Client Options called “Create individual configuration files for Services” and “Create individual configuration files for RuleSets”. When enabled, the configuration client will split Services and/or Rulesets into separated files. The main configuration file will include these files by a pattern. The Service itself is able to read includes within includes up to a depth level to 10. When using custom (hand written) configuration with includes, the configuration client will only be able to read them. However the client will not be able to maintain (Save) the custom configuration structure.
  • Command line:
    • Added handler for CTRL+C when running the Service in console mode

Bugfixes

  • Syslog Server:
    • Fixed a problem receiving RFC3195RAW messages.
    • Fixed message timeout handling when no message separator was enabled in Syslog TCP mode.
  • Syslog Action:
    • Fixed an issue when diskqueue files were corrupt. Now corrupted entries are skipped properly.
    • In some cases when the Action was in diskqueue mode, it could happen that the internal retry failed. Cached syslog messages wouldn’t be sent until the service restart.
  • SSL/TLS:
    • Actions with support for SSL/TLS (like Send Syslog Action) could fail to send messages if the recipient closed the connection during meantime. The handling of closed connections has been hardened now when TLS/SSL is enabled.
  • Command line:
    • Fixed handling when using more than one command line option
  • File Based Configuration:
    • Fixed a bug reading general options from File configuration.
    • Fixed an issue reading and writing into correct data directories when using custom locations.
    • Fixed an issue detecting if data state files need to be reloaded.
    • Better error handling when configfile is missing or not accessible.
  • Configuration client:
    • When deleting an item in a datagrid, the Confirm/reset Button become clickable now to save or reset the changes.
    • Fixed timestamp for “EventLog Legacy Format” INSERT
    • Fixed invisible encryption checkbox for password fields (Like ODBC Action)
    • Fixed an issue of unwanted LastRecord saving when changing eventlog channels settings.
    • The little “Save” Button has been changed to a “Confirm” which is more precisely.
    • Corrected Min/Max values for General->Queue Limit Setting.
    • Removed invisible click areas for all checkboxes and radio buttons.
    • Fixed loading of “Processed Files” in File Monitor when running in file config format.
    • Changed error handling when exporting configuration in file format.
    • Fixed incorrect trimming of spaces at the end of text variables (problem only affected file based configurations)

Version 3.2 is a free download. Customers with existing 2.x keys can contact our Sales department for upgrade prices. If you have a valid Upgrade Insurance ID, you can request a free new key by sending your Upgrade Insurance ID to sales@adiscon.com. Please note that the download enables the free 30-day trial version if used without a key – so you can right now go ahead and evaluate it.

RSyslog Windows Agent 2.4 Released

By Adiscon SupportPosted on Posted in News, Release AnnouncementTagged , , ,

Adiscon is proud to announce the 2.4 release of RSyslog Windows Agent.

This is the maintenance release and contains mainly bugfixes.

Most notably, this version includes OpenSSL library 1.0.1j. This fixes all security issues from the OpenSSL Security Advisory (2014-10-15).

Detailed information can be found in the version history below.

Build-IDs: Service 2.4.120, Client 2.4.151

Features

  • Updated embedded OpenSSL library to 1.0.1j

Bugfixes

  • Fixed minor problem filtering in non-existent properties.
  • Fixed minor shutdown isssues in EventLog Monitor V2

 

Version 2.4 is a free download. Customers with existing 1.x keys can contact our Sales department for upgrade prices. If you have a valid Upgrade Insurance ID, you can request a free new key by sending your Upgrade Insurance ID to sales@adiscon.com. Please note that the download enables the free 30-day trial version if used without a key – so you can right now go ahead and evaluate it.

RSyslog Windows Agent 2.3 Released

By Adiscon SupportPosted on Posted in News, Release AnnouncementTagged , , , , ,

Adiscon is proud to announce the 2.3 release of RSyslog Windows Agent.

This is the maintenance release and contains mainly bugfixes.

Most notably, this version includes OpenSSL library 1.0.1h. This fixes all security issues from the OpenSSL Security Advisory (2014-06-05).

Detailed information can be found in the version history below.

Build-IDs: Service 2.3.119, Client 2.3.145

Features

  • Updated embedded OpenSSL library to 1.0.1h

Bugfixes

  • SETP Protocoll: Fixed a bug in zlib decompression.
  • RELP Action: The RELP Action failed when no other network related Actions/services was configured.
  • Configuration Client: Fixed minor bugs in the configuration client.

 

Version 2.3 is a free download. Customers with existing 1.x keys can contact our Sales department for upgrade prices. If you have a valid Upgrade Insurance ID, you can request a free new key by sending your Upgrade Insurance ID to sales@adiscon.com. Please note that the download enables the free 30-day trial version if used without a key – so you can right now go ahead and evaluate it.

RSyslog Windows Agent 2.2 Released

By Adiscon SupportPosted on Posted in News, Release AnnouncementTagged , , , , ,

Adiscon is proud to announce the 2.2 release of RSyslog Windows Agent.

This is the maintenance release and contains mainly bugfixes.

Most notably, this version includes OpenSSL library 1.0.1g. This fixes the latest openssl security issues known as heartbleed.

Remote Eventlog Monitoring in Eventlog Monitor V2 has been improved.

Detailed information can be found in the version history below.

Build-IDs: Service 2.2.117, Client 2.2.0.141

Features

  • Updated embedded OpenSSL library to 1.0.1g

Bugfixes

  • EventLog Monitor V2: Fixed a problem reading the “Process unknown/unconfigured Eventlog Channgels” option which was added in the last minor update.
  • EventLog Monitor V2: Fixed a problem when using “Remote EventLog Monitoring”. Now logsources are read from the remote machine properly.
  • Engine: Fixed startup issues reading windows registry. This problem only applied if you configured the service to run with an user account that has insufficient write rights into the windows registry.

 

Version 2.2 is a free download. Customers with existing 1.x keys can contact our Sales department for upgrade prices. If you have a valid Upgrade Insurance ID, you can request a free new key by sending your Upgrade Insurance ID to sales@adiscon.com. Please note that the download enables the free 30-day trial version if used without a key – so you can right now go ahead and evaluate it.

Scroll to top