rsyslog

The rocket-fast system for log processing

rsyslog

rsyslog 5.8.4 (v5-stable) released

By Adiscon SupportPosted on Posted in News, Release AnnouncementTagged , , , , ,

This release contains several bugfixes for potential misadressing in the property replacer, memcpy overflow in allowed sender checking and more. For more detailed information, please read the changelog.

ChangeLog:

http://www.rsyslog.com/changelog-for-5-8-4-v5-stable/

Download:

http://www.rsyslog.com/rsyslog-5-8-4-v5-stable/

As always, feedback is appreciated.

Best regards,
Florian Riedl

rsyslog 6.3.4 (devel) released

By Adiscon SupportPosted on Posted in News, Release AnnouncementTagged , , , , ,

This release brings bugfixes and further improvements to the rule engine. Most importantly, the (scoped, RainerScript-based) action object is now available. This enables users to get some early experience with the new system’s advanced features. Note that output plugins must support the new system. With this release, omfile and omusrmsg have been upgraded to support it. The next minor releases will bring more output module support for scoped actions.

Documentation for the new capabilities is upcoming at http://www.rsyslog.com/doc/node1.html

ChangeLog:

http://www.rsyslog.com/changelog-for-6-3-4-v6-devel/

Download:

http://www.rsyslog.com/rsyslog-6-3-4-devel/

As always, feedback is appreciated.

Best regards,

Florian Riedl

rsyslog 6.3.3 config format improvements

By adisconteamPosted on Posted in NewsTagged , , , ,

In rsyslog 6.3.3, the config processor has finally changed. The old legacy processor (and with it the early RainerScript implementation) is thrown out and has been replaced by the so-called RainerScript processor (why that crazy name?). This is an extremely important step for rsyslog, as it now has the foundation for a much better and intuitive rsyslog.conf format. However, most of that can not be seen in 6.3.3, as it requires more work, especially in the plugin arena. Still, there are a couple of smaller improvements available.

Most importantly, the performance of script based filters has been considerably enhanced. Preliminary testing shows a three times speedup (we’ll do more benchmarking at a later stage; there is also still lots of room for optimization ;-)).

The ugliness of continuation lines has been removed. They may still be used, and this may make a lot of sense with some actions, but you are usually no longer forced to use continuation lines. Take this config snippet from a leading distro:


if ( \
     /* kernel up to warning except of firewall  */ \
     ($syslogfacility-text == 'kern')      and      \
     ($syslogseverity <= 4 /* warning */ ) and not  \
     ($msg contains 'IN=' and $msg contains 'OUT=') \
 ) or ( \
     /* up to errors except of facility authpriv */ \
     ($syslogseverity <= 3 /* errors  */ ) and not  \
     ($syslogfacility-text == 'authpriv')           \
 ) \
then /dev/tty10
& |/dev/xconsole

This can now be written as follows:


if (
     /* kernel up to warning except of firewall  */
     ($syslogfacility-text == 'kern')      and
     ($syslogseverity <= 4 /* warning */ ) and not
     ($msg contains 'IN=' and $msg contains 'OUT=')
 ) or (
     /* up to errors except of facility authpriv */
     ($syslogseverity <= 3 /* errors  */ ) and not
     ($syslogfacility-text == 'authpriv')
 )
then /dev/tty10

& |/dev/xconsole

Continue reading “rsyslog 6.3.3 config format improvements”

rsyslog 4.6.6 (v4-stable) released

By adisconteamPosted on Posted in News, Release AnnouncementTagged , , , , ,

We have just released rsyslog 4.6.6, the new v4-stable.

This is a maintenance release for the current v4-stable branch. It contains some important bug fixes. It is highly recommended to upgrade to this version.

Please see the ChangeLog for more details.

ChangeLog:

http://www.rsyslog.com/changelog-for-4-6-6-v4-stable/

Download:

http://www.rsyslog.com/rsyslog-4-6-6-v4-stable/

As always, feedback is appreciated.

Best regards,
Tom Bergfeld

Changelog for 4.6.6 (v4-stable)

By adisconteamPosted on Posted in ChangelogTagged , , , ,

Version 4.6.6 [v4-stable] (rgerhards), 2011-06-24

  • bugfix: memory leak in imtcp & subsystems under some circumstances
    This leak is tied to error conditions which lead to incorrect cleanup
    of some data structures. [backport from v6, limited testing under v4]
  • bugfix: invalid processing in QUEUE_FULL condition
    If the the multi-submit interface was used and a QUEUE_FULL condition
    occured, the failed message was properly destructed. However, the
    rest of the input batch, if it existed, was not processed. So this
    lead to potential loss of messages and a memory leak. The potential
    loss of messages was IMHO minor, because they would have been dropped
    in most cases due to the queue remaining full, but very few lucky ones
    from the batch may have made it. Anyhow, this has now been changed so
    that the rest of the batch is properly tried to be enqueued and, if
    not possible, destructed.
  • bugfix: invalid storage type for config variables
  • bugfix: stream driver mode was not correctly set on tcp ouput on big
    endian systems.
    thanks varmojfekoj for the patch
  • bugfix: IPv6-address could not be specified in omrelp
    this was due to improper parsing of “:”
    closes: http://bugzilla.adiscon.com/show_bug.cgi?id=250
  • bugfix: memory and file descriptor leak in stream processing
    Leaks could occur under some circumstances if the file stream handler
    errored out during the open call. Among others, this could cause very
    big memory leaks if there were a problem with unreadable disk queue
    files. In regard to the memory leak, this
    closes: http://bugzilla.adiscon.com/show_bug.cgi?id=256
  • bugfix: imfile potentially duplicates lines
    This can happen when 0 bytes are read from the input file, and some
    writer appends data to the file BEFORE we check if a rollover happens.
    The check for rollover uses the inode and size as a criterion. So far,
    we checked for equality of sizes, which is not given in this scenario,
    but that does not indicate a rollover. From the source code comments:
    Note that when we check the size, we MUST NOT check for equality.
    The reason is that the file may have been written right after we
    did try to read (so the file size has increased). That is NOT in
    indicator of a rollover (this is an actual bug scenario we
    experienced). So we need to check if the new size is smaller than
    what we already have seen!
    Also, under some circumstances an invalid truncation was detected. This
    code has now been removed, a file change (and thus resent) is only
    detected if the inode number changes.
  • bugfix: a couple of problems that imfile had on some platforms, namely
    Ubuntu (not their fault, but occured there)
  • bugfix: imfile utilizes 32 bit to track offset. Most importantly,
    this problem can not experienced on Fedora 64 bit OS (which has
    64 bit long’s!)
  • bugfix: abort if imfile reads file line of more than 64KiB
    Thanks to Peter Eisentraut for reporting and analysing this problem.
    bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=221
  • bugfix: omlibdbi did not use password from rsyslog.con
    closes: http://bugzilla.adiscon.com/show_bug.cgi?id=271
  • some improvements thanks to clang’s static code analyzer
    • overall cleanup (mostly unnecessary writes and otherwise unused stuff)
    • bugfix: fixed a very remote problem in msg.c which could occur when
      running under extremely low memory conditions

rsyslog 6.1.10 (v6-beta) released

By adisconteamPosted on Posted in News, Release AnnouncementTagged , , , ,

This is a stability update that imports the recent set of patches developed for version 5 and above. Note that users are strongly advised to upgrade to this version due to a potentially fatal failure caused by one bug.

ChangeLog:

http://www.rsyslog.com/changelog-for-6-1-10-beta/

Download:

http://www.rsyslog.com/rsyslog-6-1-10-beta/

As always, feedback is appreciated.

Best regards,
Tom Bergfeld

Scroll to top