property replacer Archives

RSyslog Windows Agent 4.2 Released

By Adiscon SupportPosted on July 24, 2017Posted in News, Release AnnouncementTagged 4.2, filter, property replacer, RSyslog Windows Agent, syslog

Adiscon is proud to announce the 4.2 release of MonitorWare Agent.

Besides some bugfixes (See Version History for details) a few new features have been added to this minor release. Most important is the ability to use regular expressions as compare operation when filtering properties. Properties can also be converted into IPv4 or IPv6 Addresses now, and the Syslog Priority/Facility can be overwritten in the Syslog Action.

Detailed information can be found in the version history below.

Build-IDs: Service 4.2.0.170, Client 4.2.0.250

Features

Syslog Action: Added support to overwrite Syslog Priority/Facility
Property Engine: Added two new property replacer options “toipv4address” and “toipv6address” to resolve a property into a valid IPv4 or IPv6 Address.
Filter Engine: Implemented a new regular expressions compare operation.
More details on how to use REGEX can be found in the new documentation.
Configuration Reload: Added new options to add a random delay between configuration checks. The delay is limited to 60 seconds as it will also delay the service control manager communication.

Bugfixes

Syslog Action: Fixed bug in Syslog Cache processing when saved messages were larger than 4096 bytes.
Filter Engine: Fixed Extended IP Filtering when using lower or greater compare operation.
File Configuration: Fixed reading Filter values containing backslashes.
They weren’t removed properly in filter values.

Version 4.2 is a free download. Customers with existing 3.x keys can contact our Sales department for upgrade prices. If you have a valid Upgrade Insurance ID, you can request a free new key by sending your Upgrade Insurance ID to sales@adiscon.com. Please note that the download enables the free 30-day trial version if used without a key – so you can right now go ahead and evaluate it.

What is the difference between timereported and timegenerated?

By Adiscon SupportPosted on December 5, 2012Posted in FAQTagged property replacer, timegenerated, timereported

Each message that is received by rsyslog is usually available with two timestamps. They can be accessed by using the properties “timereported” and “timegenerated”.

“timegenerated” is always the time when rsyslog generated the message object on the local machine. That actually means it is the time when the message was received (either via the oscall layer or on some inputs based on information the OS provides).

“timereported” is what the sending device reports as time. This is taken from the appropriate syslog header field. If and only if the syslog date header cannot properly be parsed, “timereported” is populated with the same value as “timegenerated”.

Assuming that all systems in a relay chain use valid syslog format, “timereported” will be the same on all relay machines, whereas “timegenerated” reflects the local time of message reception and thus is different on each relay machine.

Please keep in mind the mentioned difference between both properties. It is well known, that the property name for “timegenerated” might be a bit confusing. As such, “timereceived” would probably be a better name, but changing it is not possible without breaking existing deplyoments.