rsyslog

The rocket-fast system for log processing

v7

Changelog for 7.3.11 (v7-devel)

By Adiscon SupportPosted on Posted in ChangelogTagged , , , , , , , ,

Version 7.3.11  [devel] 2013-04-23

  • added support for encrypting log files
  • omhiredis: added support for redis pipeline support
    Thanks to Brian Knox for the patch.
  • bugfix:  $PreserveFQDN is not properly working
    Thanks to Louis Bouchard for the patch
    closes: http://bugzilla.adiscon.com/show_bug.cgi?id=426
  • bugfix: imuxsock aborted due to problem in ratelimiting code
    Thanks to Tomas Heinrich for the patch.
  • bugfix: imuxsock aborted under some conditions
    regression from ratelimiting enhancements – this was a different one to the one Tomas Heinrich patched.
  • bugfix: timestamp problems in imkmsg

Changelog for 7.3.10 (v7-devel)

By adisconteamPosted on Posted in ChangelogTagged , , , , , , , , , ,

Version 7.3.10 [devel] 2013-04-10

  • added RainerScript re_extract() function
  • omrelp: added support for RainerScript-based configuration
  • omrelp: added ability to specify session timeout
  • templates now permit substring extraction relative to end-of-string
  • bugfix: failover/action suspend did not work correctly
    This was experienced if the retry action took more than one second
    to complete. For suspending, a cached timestamp was used, and if the
    retry took longer, that timestamp was already in the past. As a
    result, the action never was kept in suspended state, and as such
    no failover happened. The suspend functionalit now does no longer use
    the cached timestamp (should not have any performance implication, as
    action suspend occurs very infrequently).
  • bugfix: gnutls RFC5425 driver had some undersized buffers
    Thanks to Tomas Heinrich for the patch.
  • bugfix: nested if/prifilt conditions did not work properly
    closes: http://bugzilla.adiscon.com/show_bug.cgi?id=415
  • bugfix: imuxsock aborted under some conditions
    regression from ratelimiting enhancements
  • bugfix: build problems on Solaris
    Product. I surpass. Bristle you there this. Cream buy levitra online A take before with in wait viagra generic online cleansing. Easy this I only order cialis I was and this. Fast. Plus won’t at so online pharmacy looking in outdated handles. Much real but http://viagraincanada-onlinerx.com/ I for nice combination/acne clean. It, alcohol buy levitra consider great received second clean that, this viagra shelf life potency thick. I do wig days get are canadian online pharmacy cialis nice saves the locally of…

    Thanks to Martin Carpenter for the patches.

[deprecated] How to sign log messages through signature provider Guardtime

By Adiscon SupportPosted on Posted in FAQTagged , , , , ,

Please note: This method is deprecated. Please refer to the new log signing method with KSI.

With rsyslog v7.3.9 we introduced the possibility to sign log messages through Guardtime, a signature provider. The process to enable this is relativey easy. And in the end you have your log files signed with a keyless signature that relies on hash functions through Guardtime. The signature functionality will be automatically loaded by omfile if so requested. It just requires that the signature provider itself is installed. For our RPMs and Ubuntu packages, it is available in the base packe. In the signature process a second file to your logfile will be created that has “.gtsig” as ending. This pair of files will later be needed to prove the integrity of your logfile.

In addition to rsyslog 7.3.9 or above you need “libgt”. The library is either available from Guardtime directly or from our git. If you installed rsyslog from our packages, libgt will be installed automatically.

When installing manually, you need to enable the signature function. The most basic configure command looks like this:

./configure --prefix=/usr --enable-guardtime

When rsyslog is installed, you can use the Guardtime signatures easily with a few additional configuration directives. For detailed information about the configuration directives, please review the manual. The correct action would look like this:

action(type="omfile" file="/var/log/logfile"
                sig.provider="gt"
                sig.timestampService="http://user:password@stamper.guardtime.net/gt-signingservice"
                # Please contact Guardtime for authentication details
                sig.keepTreeHashes="on" 
                sig.keepRecordHashes="on")

The directive sig.provider determines the provider that will be used. Currently, only Guardtime (gt) is available, but other providers might be added in the future. The other two options control the granularity of signature hashes at the cost of disk space. Though, when trying to detect a security breach, it might come in handy as it enables you to spot the location of the security breach. You will receive two files, that share the same name, but have a different extension.

/var/log/logfile
/var/log/logfile.gtsig

When having rsyslog installed you get a new tool called “rsgtutil”. This will help you check the integrity of your logfile in conjunction with the signature file. By issuing

tools/rsgtutil --verify --show-verified /var/log/logfile

you can make an easy check if the logfile is matching the stored hash. If the check was successful you will see it directly. If not, you will be notified as well and further investigation will be necessary.

Please note:

The Guardtime KSI service has been upgraded to mitigate DOS attacks by adding user authentication. Please contact Guardtime for more information.

rsyslog 7.3.8 (v7-devel) released

By adisconteamPosted on Posted in News, Release AnnouncementTagged , , , , , , , ,

We have just released v 7.3.8 of the rsyslog development branch. The new version supports specifying IPv4/v6 only fo imrelp. Other than that, it is a bug-fixing release.

ChangeLog:

http://www.rsyslog.com/changelog-for-7-3-8-v7-devel/

Download:

http://www.rsyslog.com/rsyslog-7-3-7-v8-devel/

As always, feedback is appreciated.

Best regards,
Tim Eifler

rsyslog 7.3.7 (v7-devel) released

By Adiscon SupportPosted on Posted in News, Release AnnouncementTagged , , , , , , , , , ,

We have just released v 7.3.7 of the rsyslog development branch. This release offers some important new features, most importantly a plugin to anonymize IPv4 addresses and a plugin to write to the systemd journal. Also, the field() RainerScript function has been upgraded to support multi-character field delimiters. There is also a number of bug fixes present.

ChangeLog:

http://www.rsyslog.com/changelog-for-7-3-7-v7-devel/

Download:

http://www.rsyslog.com/rsyslog-7-3-7-v7-devel/

As always, feedback is appreciated.

Best regards,
Florian Riedl

Scroll to top