First Impression of Journald
We got a couple of questions on the planned new logging system that shall come with systemd. Rainer Gerhards, rsyslog’s development lead, has taken a quick look at journald and posted about his first impression. Have a look at his blog post journal and rsyslog if you are interested in how we think rsyslog is affected. In the mean time, there is also a description of why we think journald’s log chaining is simply broken and conveys a false sense of security.
rsyslog client for Windows
As it currently looks, Adiscon will most probably create a specialised Windows client for rsyslog. This will be based on Adiscon’s MonitorWare technology and provide excellent and high speed integration of Windows clients into a rsyslog infrastructure. While the idea has somewhat matured, we are currently thinking about the details. Expect more information as discussions progress!
In the mean time, you may want to have a look at Adiscon’s EventReporter, which provides excellent Windows-to-rsyslog event log forwarding.
rsyslog 5.8.6 (v5-stable)
Download file name: rsyslog 5.8.6 (stable)
rsyslog 5.8.6 (stable)
md5sum: c46db0496066b82faf735bd4222208d7
Author: Rainer Gerhards (rgerhards@adiscon.com)
Version: 5.8.6 File size: 2.373 MB
rsyslog 5.8.6 (v5-stable) released
This is a maintenance release offering bug fixes. For example for a small bug in property-based filter and a fix for $ActionExecOnlyOnce and more .For more detailed information, please read the changelog.
ChangeLog:
http://www.rsyslog.com/changelog-for-5-8-6-v5-stable/
Download:
http://www.rsyslog.com/rsyslog-5-8-6-v5-stable/
As always, feedback is appreciated.
Best regards,
Tim Eifler
Sending messages with tags larger than 32 characters
The relevant syslog RFCs 3164 and 5424 limit the syslog tag to 32 characters max. Messages with larger tag length are malformed and may be discarded by receivers. Anyhow, some folks sometimes need to send tags longer than permitted.
To do so, a new template must be created and used when sending. The simplest way is to start with the standard forwarding template. The standard templates are hardcoded inside rsyslog. Thus they do not show up in your configuration file (but you can obtain them from the source, of course). In 5.8.6, the forwarding template is defined as follows:
template (name="ForwardFormat" type="string" string="<%PRI%>%TIMESTAMP:::date-rfc3339% %HOSTNAME%
%syslogtag:1:32%%msg:::sp-if-no-1st-sp%%msg%")NOTE: all templates are on one line in rsyslog.conf. They are broken here for readability.
This template is RFC-compliant. Now look at the part in red. It specifies the tag. Note that, via the property replacer, it is restricted to 32 characters (from position 1 to position 32 inclusive). This is what you need to change. To remove the limit … just remove it ;-) This leads to a template like this:
template (name="LongTagForwardFormat" type="string" string="<%PRI%>%TIMESTAMP:::date-rfc3339% %HOSTNAME% %syslogtag%%msg:::sp-if-no-1st-sp%%msg%")
Note that I have renamed the template in order to avoid conflicts with build-in templates. As it is a custom template, it is not hardcoded, so you need to actually configure it in your rsyslog.conf. Then, you need to use that template if you want to send messages to a remote host. This can be done via the usual way. Let’s assume you use legacy plain TCP syslog. Then the line looks as follows:
action(type="omfwd"
Target="server.example.net"
Port="10514"
Protocol="tcp"
Template="LongTagForwardFormat"
)This will bind the forwarding action to the newly defined template. Now tags of any size will be forwarded. Please keep in mind that receivers may have problems with large tags and may truncate them or drop the whole message. So check twice that the receiver handles long tags well.
Rsyslog supports tags to a build-defined maximum. The current (5.8.6) default is 511 characters, but this may be different if you install from a package, use a newer version of rsyslog or use sources obtained from someone else. So double-check.
rsyslog 6.3.6 (v6-devel) released
We have just released a new development version of rsyslog v6. This is primarily a maintenance release fixing a really annoying problem with reading the config file.
ChangeLog:
http://www.rsyslog.com/changelog-for-6-3-6-v6-devel/
Download:
http://www.rsyslog.com/rsyslog-6-3-6-v6-devel/
As always, feedback is appreciated.
Best regards,
Florian Riedl
rsyslog 6.3.6 (v6-devel)
Download file name: rsyslog 6.3.6 (devel)
rsyslog 6.3.6 (devel)
md5sum: 758bb56b6f7d46cef49dd70fddf825dc
Author: Rainer Gerhards (rgerhards@adiscon.com)
Version: 6.3.6 File size: 2.47 MB
Changelog for 6.3.6 (v6-devel)
Version 6.3.6 [DEVEL] 2011-09-19
- added $InputRELPServerBindRuleset directive to specify rulesets for RELP
- bugfix: config parser did not support properties with dashes in them inside property-based filters. Thanks to Gerrit Seré for reporting this.
rsyslog 4.8.0 (v4-stable) released
There are no changes compared to 4.7.5, just a re-release with the new version number as new v4-stable. The most important new feature (for the v4-stable branch!) is Solaris support.
Note: major new development to v4 is concluded and will only be done for custom projects.
ChangeLog:
http://www.rsyslog.com/changelog-for-4-8-0-v4-stable/
Download:
http://www.rsyslog.com/rsyslog-4-8-0-v4-stable/
As always, feedback is appreciated.
Best regards,
Tim Eifler
rsyslog 4.8.0 (v4-stable)
Download file name: rsyslog 4.8.0 (stable)
rsyslog 4.8.0 (stable)
md5sum: 4c7f1ffec2157f106c5c12e5ffd6c594
Author: Rainer Gerhards (rgerhards@adiscon.com)
Version: 4.8.0 File size: 2.14 MB