rsyslog 7.4.9 (v7-stable) released
We have just released 7.4.9 of the v7-stable branch.
While we initially did not intend to do another v7.4 release, we got some important fixes which we wanted to be available for 7.4, so we decided to do one more release. Note that also a new feature is included. The “processInternalMessages” global parameter now permits to tell rsyslog to send it’s own error messages to another system logger. This is most beneficial for systemd-based systems, where this permits rsyslog messages to show up in the service status command (but note that this requires configuration).
More detailed information is available in the ChangeLog.
ChangeLog:
http://www.rsyslog.com/changelog-for-7-4-9-v7-stable/
Download:
http://www.rsyslog.com/rsyslog-7-4-9-v7-stable/
As always, feedback is appreciated.
Best regards,
Florian Riedl
rsyslog 7.4.9 (v7-stable)
Download file name: rsyslog 7.4.9 (stable)
rsyslog 7.4.9 (stable)
sha256 hash: 344c76d955c32045901b06fbf841cd
Author: Rainer Gerhards (rgerhards@adiscon.com)
Version: 7.4.9 File size: 2.92 MB
Changelog for 7.4.9 (v7-stable)
Version 7.4.9 [v7.4-stable] 2014-01-22
- added ProcessInternalMessages global system parameter
This permits to inject rsyslog status messages into *another* main syslogd or the journal. - bugfix: imuxsock input parameters were not accepted due to copy&paste error. Thanks to Andy Goldstein for the fix.
- bugfix: potential double-free in RainerScript equal comparison happens if the left-hand operand is JSON object and the right-hand operand is a non-string that does not convert to a number (for example, it can be another JSON object, probably the only case that could happen in practice). This is very unlikely to be triggered.
- bugfix: some RainerScript Json(Variable)/string comparisons were wrong
rsyslog 7.5.8 (v7-devel) released
Users are suggested to try out this versions and report errors. If we don’t learn of serious problems, we will most probably release 7.6.0 next week based on this code here.
More detailed information is available in the changelog.
ChangeLog:
http://www.rsyslog.com/changelog-for-7-5-8-v7-devel/
Download:
http://www.rsyslog.com/rsyslog-7-5-8-v7-devel/
As always, feedback is appreciated.
Best regards,
Florian Riedl
rsyslog 7.5.8 (v7-devel)
Download file name: rsyslog 7.5.8 (devel)
rsyslog 7.5.8 (devel)
sha256 hash: 38a8b5be53feaae9225e46f2c93d7c
Author: Rainer Gerhards (rgerhards@adiscon.com)
Version: 7.5.8 File
size: 2.595 MB
Changelog for 7.5.8 (v7-devel)
Version 7.5.8 [v7-release candidate] 2014-01-09
- add exec_template() RainerScript function
- add debug.onShutdown and debug.logFile global paramters
These enebale the new “debug on shutdown” mode, which can be used to track hard to find problems that occur during system shutdown. - Add directives for numerically specifying GIDs/UIDs
The already present directives (FileOwner, FileGroup, DirOwner, DirGroup) translate names to numerical IDs, which depends on the user information being available during rsyslog’s startup. This can fail if the information is obtained over a network or from a service such as SSSD. The new directives provide a way to specify the numerical IDs directly and bypass the lookup.
Thanks to Tomas Heinrich for the patch. - actions now report if they suspend and resume themselves
this is by default on and controllable by the action.reportSuspension global parameter - bugfix: omelasticsearch fail.es stats counter was improperly maintained
- bugfix: mmrfc5424addhmac: “key” parameter was not properly processed
- add new impstats action counters:
- * suspended
- * suspended.duration
- * resumed
rsyslog 7.4.8 (v7-stable) released
We have just released 7.4.8 of the v7-stable branch. This is a pure bug-fixing release.
More detailed information is available in the ChangeLog.
rsyslog 7.4.8 (v7-stable)
Download file name: rsyslog 7.4.8 (stable)
rsyslog 7.4.8 (stable)
sha256 hash: 0d140baad95fa5e4e7d76a9e955751
Author: Rainer Gerhards (rgerhards@adiscon.com)
Version: 7.4.8 File size: 2.92 MB
Changelog for 7.4.8 (v7-stable)
Version 7.4.8 [v7.4-stable] 2014-01-08
- rsgtutil provides better error messages on unfinished signature blocks
- bugfix: guard against control characters in internal (error) messages
Thanks to Ahto Truu for alerting us. - bugfix: immark did emit messages under kern.=info instead of syslog.=info
Note that his can potentially break exisiting configurations that rely on immark sending as kern.=info. Unfortunately, we cannot leave this unfixed as we never should emit messages under the kern facilit
Error message when verifying signed logs
rsyslog provides the ability to sign logs through GuardTime. You can verify the logs with a provided tool called rsgtutil. We have identified two reasons why the signing process could fail and thus verifying the log signature is not possible.
Note on legacy API: The old API libgt would create files with the endings .gtsig and .gtstate. These are different from the current and recommended API libksi.
When signing logs with rsyslog and GuardTime, three files will be created.
logfile # holds the log messages logfile.ksisig # holds the hash chain data logfile.ksistate # holds GuardTime signature hash
When verifying the logs through rsgtutil, the .ksistate file is needed because it holds the signature hash from GuardTime. Without this file, verification is not possible. Now there are two reasons why this file might not be present and thus a verification fails with:
# ./rsgtutil --verify --show-verified /var/log/logfile error 1 (i/o error) processing file /var/log/logfile
1. rsyslog is still running
The .ksistate file is created when shutting down rsyslog. At shutdown, a signature request will be sent to GuardTime and will then be returned with the signature hash, which will be stored into this file. If rsyslog is still running, the file will not be created, resulting in an unsuccesful verification.
Even if the .ksistate file is present, it might not be current. So please make sure to stop rsyslog before trying to verify the logs.
2. Timeout on shutdown
On Ubuntu we had the problem, that upstart automatically kills the process after 5 seconds if the SIGTERM signal wasn’t fully executed until then. We now realized, that requesting the signature through GuardTime can take some time, depending on the system, thus exceeding the 5 second timeout and rsyslog getting killed before writing the .ksistate file. Again this resulted in unverifyable logs. This is also a problem for other parts of rsyslog (e.g. DA queues not being completely written to disk).
Upon changing the timeout value in the upstart script for rsyslog, we could circumvent the default timeout and rsyslog could fully complete the signature request and write the .ksistate file. This is at least valid for Ubuntu and may also be valid for other distributions.
To change the timeout go to this file:
/etc/init/rsyslog.conf
Now add
kill timeout 30
right after
expect fork
This should result in the following:
description “system logging daemon”
start on filesystem
stop on runlevel [06]expect fork
kill timeout 30
respawnpre-start script
/lib/init/apparmor-profile-load usr.sbin.rsyslogd
end scriptscript
. /etc/default/rsyslog
exec rsyslogd $RSYSLOGD_OPTIONS
end script
With the upstart script changed like this, rsyslog should not suffer from a too strict shutdown timeout and thus being able to complete the shutdown successfully. This change will also go in the startup and upstart scripts of the upcoming RPMs and Repo’s.
Side note
In the current versions, rsgtutil gives out a inappropriate error message. It currently states it is an I/O error. In reality it is an EOF error. In the upcoming versions (7.4.8, 7.5.8 and 8.1.4) this will be fixed.