rsyslog

The rocket-fast system for log processing pipelines

rsyslog

Changelog for 5.6.1 (v5-stable)

By Adiscon SupportPosted on Posted in ChangelogTagged , , , ,

Version 5.6.1  [V5-STABLE] (rgerhards), 2010-11-24

  • bugfix(important): problem in TLS handling could cause rsyslog to loop in a tight loop, effectively disabling functionality and bearing the risk of unresponsiveness of the whole system.
    Bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=194
  • permitted imptcp to work on systems which support epoll(), but not epoll_create().
    Bug: http://bugzilla.adiscon.com/show_bug.cgi?id=204
    Thanks to Nicholas Brink for reporting this problem.
  • bugfix: testbench failed if imptcp was not enabled
  • bugfix: segfault when an *empty* template was used
  • Bug: http://bugzilla.adiscon.com/show_bug.cgi?id=206
    Thanks to David Hill for alerting us.
  • bugfix: compile failed with –enable-unlimited-select
    Thanks varmojfekoj for the patch.

Changelog for 4.6.5 (v4-stable)

By Adiscon SupportPosted on Posted in ChangelogTagged , , , ,

Version 4.6.5  [v4-stable] (rgerhards), 2010-11-24

  • bugfix(important): problem in TLS handling could cause rsyslog to loop in a tight loop, effectively disabling functionality and bearing the risk of unresponsiveness of the whole system.
    Bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=194
  • bugfix: a couple of problems that imfile had on some platforms, namely Ubuntu (not their fault, but occured there)
  • bugfix: imfile utilizes 32 bit to track offset. Most importantly, this problem can not experienced on Fedora 64 bit OS (which has 64 bit long’s!)

Install locations for rsyslog

By Adiscon SupportPosted on Posted in FAQTagged , , , , , , , , , , , , ,

Not everyone uses the same linux distributions. If Linux at all. And some distributions store files different than others. When building a test environment, we stumbled upon the problem, that if we tried the usual know method

./configure --libdir=/lib --sbindir=/sbin

rsyslog won’t work. Even if there is already rsyslog installed, but we want to use a different version, we will be helpless. Therefore we want to collect a list of different distributions and the different installation paths.

All paths are for 32-Bit operating systems!

Fedora

libdir=/lib
sbindir=/sbin

Ubuntu

libdir=/lib
sbindir=/usr/sbin

CentOS

libdir=/lib
sbindir=/sbin

Debian

libdir=/lib
sbindir=/usr/sbin

If you know of other distributions and the install directories, please send us a notification via the mailing list, so we can add it here.

How to use tcpflood for rsyslog testing?

By adisconteamPosted on Posted in FAQTagged , , , ,

First of all tcpflood is a testing tool of the rsyslog testbench which is able to send a lot of messages via tcp.

This tool is included in the local rsyslog folder in ‘tests’. Before you can use tcpflood you have to build it first. Just switch in the mentioned folder and type

make tcpflood

Now you can use tcpflood by using the following command

./tcpflood -"options"

as example, just insert -m10000 as “options” to send 10000 messages.

./tcpflood -m10000

Please note that tcpflood uses port 13514 by default, so you have to adjust your tcp listener in your rsyslog config (or the port of tcpflood using the option -p).

tcpflood and the testbench

Following up, we assume that tcpflood is present in the current directory but not the system search path. The tool has many command line options. Many of them have defaults, but these defaults are mostly suitable for use inside rsyslog’s testbench. For performance testing, a proper set of options must be selected. It is suggested that tcpflood, together with its option set, is kept inside a script file for easy test reproduction at later times.

The table below lists tcpflood command line options present at time of this writing. Note that tcpflood is still not a tool meant for average user consumption and thus under heavy development based solely on the needs of the rsyslog developers. We suggest that you open the tcpflood.c source code. Right at the top, there is a comment block describing the actual options available with the version you obtained.

-ttarget address (default 127.0.0.1)
-ptarget port (default 13514)
-nnumber of target ports (targets are in range -p..(-p+-n-1) Note -c must also be set to at LEAST the number of -n!
-cnumber of connections (default 1)
-mnumber of messages to send (connection is random)
-iinitial message number (optional)
-PPRI to be used for generated messages (default is 167). Specify the plain number without leading zeros
-damount of extra data to add to message. If present, the number itself will be added as third field, and the data bytes as forth. Add -r to randomize the amount of extra data included in the range 1..(value of -d).
-rrandomize amount of extra data added (-d must be > 0)
-s(silent) do not show progress indicator (never done on non-tty)
-fsupport for testing dynafiles. If given, include a dynafile ID in the range 0..(f-1) as the SECOND field, shifting all field values one field to the right. Zero (default) disables this functionality.
-Mthe message to be sent. Disables all message format options, as only that exact same message is sent.
-Iread specified input file, do NOT generate own test data. The test completes when eof is reached.
-BThe specified file (-I) is binary. No data processing is done by tcpflood. If multiple connections are specified, data is read in chunks and spread across the connections without taking any record delemiters into account.
-Cwhen input from a file is read, this file is transmitted -C times (C like cycle, running out of meaningful option switches ;))
-Drandomly drop and re-establish connections. Useful for stress-testing the TCP receiver.
-FUSASCII value for frame delimiter (in octet-stuffing mode), default LF
-Rnumber of times the test shall be run (very useful for gathering performance data and other repetitive things). Default: 1
-Snumber of seconds to sleep between different runs (-R) Default: 30
-Xgenerate sTats data records. Default: off
-eencode output in CSV (not yet everywhere supported) for performance data: each inidividual line has the runtime of one test the last line has 0 in field 1, followed by numberRuns,TotalRuntime, Average,min,max
-Ttransport to use. Currently supported: “udp”, “tcp” (default) Note: UDP supports a single target port, only
-Wwait time between sending batches of messages, in microseconds (Default: 0)
-bnumber of messages within a batch (default: 100 million)
-Yuse multiple threads, one per connection (which means 1 if one only connection is configured!)
-zprivate key file for TLS mode
-Zcert (public key) file for TLS mode
-Lloglevel to use for GnuTLS troubleshooting (0-off to 10-all, 0 default)

Installing RSyslog 5 on RHEL 4 / 5

By Adiscon SupportPosted on Posted in FAQTagged , , ,

To have rsyslog working correctly on RHEL 4 or 5, some conditions have to be met. The method described has been tested with rsyslog 5.7.1.

First of all compile and install the dependencies.

  • gnutls-2.8.6.tar.bz2
  • libgcrypt-1.4.6.tar.gz
  • libgpg-error-1.9.tar.gz
  • libtasn1-2.2.tar.gz

After that, you can install rsyslog using the following commands:

./configure PKG_CONFIG_PATH=/usr/local/lib/pkgconfig --enable-gnutls
make
make install

It could happen, that the install might complain about gnutls.pc. Simply comment out the URL found near the start of the file /usr/local/lib/pkgconfig/gnutls.pc.

Credit for this find goes to Forum member Johann Reinhard (johannreinhard).

Scroll to top