- CHANGE OF BEHAVIOUR: all variables are now case-insensitive by
default
- core: handle (JSON) variables in case-insensitive way
- imjournal: made switching to persistent journal in runtime possible
- mmanon: complete refactor and enhancements
- add pseudonymization mode
- add address randomization mode
- add support for IPv6 (this also supports various replacement
modes)
- in IPv4 address recognition
- in IPv4 simple mode to-be-anonymized bits can get wrong
- imfile: add "fileoffset" metadata
- RainerScript: add ltrim and rtrim functions
- core: report module name when suspending action
- core: add ability to limit number of error messages going to stderr
- tcpsrv subsystem: improvate clarity of some error messages
- imptcp: include module name in error msg
- imtcp: include module name in error msg
- tls improvement: better error message if certificate file cannot be
read
- omfwd: slightly improved error messages during config parsing
- ommysql improvements
- ommysql bugfix: do not duplicate entries on failed transaction
- imtcp bugfix: parameter priorityString was ignored
- template/bugfix: invalid template option conflict detection
- core/actions: fix handling of data-induced errors
- core/action bugfix: no "action suspended" message during retry
processing
- core/ratelimit bugfix: race can lead to segfault
- core bugfix: rsyslog aborts if errmsg is generated in early startup
- core bugfix: informational messages was logged with error severity
- core bugfix: --enable-debugless build was broken
- queue bugfix: file write error message was incorrect
- omrelp bugfix: segfault when rebindinterval parameter is used
- omkafka bugfix: invalid load of failedmsg file on startup if
disabled
- kafka bugfix: problem on invalid kafka configuration values
- imudp bugfix: UDP oversize message not properly handled
- core bugfix: memory corruption during configuration parsing
- core bugfix: race on worker thread termination during shutdown
- omelasticsearch: avoid ES5 warnings while sending json in bulkmode
- omelasticsearch bugfix: incompatibility with newer ElasticSearch
version
- imptcp bugfix: invalid mutex addressing on some platforms
- imptcp bugfix: do not accept missing port in legacy listener
definition
- omfwd: add parameter "tcp_frameDelimiter"
- omkafka: large refactor of kafka subsystem
- imfile: improved handling of atomically renamed file (w/ wildcards)
- imfile: add capability to truncate oversize messages or split into
multiple
- mmdblookup
* upgraded from "contrib" to "fully supported" state
* refactored and simplified code
* added ability to specify custom names for extracted fields
* bugfix: fixed multiple memory leaks
- imptcp: add new parameter "flowControl"
- imrelp: add "maxDataSize" config parameter
- multiple modules: gtls: improve error if certificate file can't be
opened
- omsnare: allow different tab escapes
- omelasticsearch: converted to use libfastjson instead of json-c
- imjournal: _PID fallback
- multiple modules: add better error messages when regcomp is failing
- omhiredis: fix build warnings
- imfile bugfix: files mv-ed in into directory were not handled
- omprog bugfix: execve() incorrectly called
- imfile bugfix: multiline timeout did not work if state file exists
- lmsig_ksi-ls12 bugfix: build problems on some platforms
- core bugfix: invalid object type assertion
- regression fix: local hostname was not always detected properly on
early start (w/o network).
- bugfix: format security issues in zmq3 modules
- bugfix build system: add libksi only to those binaries that need it
- bugfix KSI ls12 components: invalid tree height calculation
- testbench/CI enhancements
Version 8.27.0 [v8-stable] 2017-05-16
- imkafka: add module
- imptcp enhancements:
* optionally emit an error message if incoming messages are truncated
* optionally emit connection tracking message (on connection create and
close)
* add "maxFrameSize" parameter to specify the maximum size permitted
in octet-counted mode
* add parameter "discardTruncatedMsg" to permit truncation of
oversize messages
* improve octect-counted mode detection: if the octet count is larger
then the set frame size (or overly large in general), it is now
assumed that octet-stuffing mode is used. This probably solves a
number of issues seen in real deployments.
- imtcp enhancements:
* add parameter "discardTruncatedMsg" to permit truncation of
oversize messages
* add "maxFrameSize" parameter to specify the maximum size permitted
in octet-counted mode
- imfile bugfix: "file not found error" repeatedly being reported
for configured non-existing file.
- imfile: in inotify mode, add error message if configured file cannot
be found
- imfile: add parameter "fileNotFoundError" to optinally disable
"file not found" error messages
- core: replaced gethostbyname() with getaddrinfo() call
- omkafka: add "origin" field to stats output
- imuxsock: rate-limiting also uses process name
both for the actual limit procesing as well as warning messages emitted
- Added new module: KSI log signing ver. 1.2 (lmsig_ksi_ls12)
- rsylsog base functionality now builds on osx (Mac)
- build now works on solaris again
- imfile: fix cross-platform build issue
- bugfix core: segfault when no parser could parse message
- bugfix core: rate-limit internal messages when going to external log system
- bugfix core: when obtaining local hostname, a NULL pointer could be
accessed.
- bugfix core: on shutdown, stderr was written to, even if alrady closed
- bugfix core: perform MainqObj destruction only when not NULL already
- bugfix core: memory leak when internal messages not processed internally
- bugfix imptcp: potential overflow in octet count computation
when a very large octet count was specified, the counter could overflow
- enable internal error messages at all times
- core: added logging name of source of rate-limited messages
- omfwd: omfwd: add support for network namespaces
- imrelp: honor input name if provided when submitting to impstats
- imptcp: add ability to set owner/group/access perms for uds
- mmnormalize: add ability to load a rulebase from action() parameter
- pmrfc3164 improvements
- permit to ignore leading space in MSG
- permit to use at-sign in host names
- permit to require tag to end in colon
- add new global parameter "umask"
- core: make use of -T command line option more secure
- omfile: add error if both file and dynafile are set
- bugfix: build problem on MacOS (not a supported platform)
- regression fix: in 8.25, str2num() returned error on empty string
- bugfix omsnmp: improper handling of new-style configuration
parameters
- bugfix: rsyslog identifies itself as "liblogging-stdlog" in internal
messages
- bugfix imfile: wrong files were monitored when using multiple imfile
inputs
- bugfix: setting net.aclResolveHostname/net.acladdhostnameonfail
segfaults
- bugfix: immark emitted error messages with text "imuxsock"
- bugfix tcpflood: build failed if RELP was disabled
- fix gcc6 compiler warnings
- the output module array passing interface has been removed
Changes:
- imfile: add support for wildcards in directory names
- add new global option "parser.PermitSlashInProgramname"
- mmdblookup: fix build issues, code cleanup
- improved debug output for queue corruption cases
- an error message is now displayed when a directory owner cannot be set
- rainerscript: add new functions ipv42num and num2ipv4
- bugfix: ratelimiter does not work correctly is time is set back
- core: fix potential message loss in old-style transactional interface
- bugfix queue subsystem: queue corrupted if certain msg props are used
- bugfix imjournal: fixed situation when time goes backwards
- bugfix: bFlushOnTxEnd == 0 not honored when writing w/o async writer
- bugfix core: str2num mishandling empty strings
- bugfix rainerscript: set/unset statement do not check variable name validity
- bugfix mmrm1stspace: last character of rawmsg property was doubled
- bugfix: rsyslog loops on freebsd when trying to write /dev/console
- bugfix imtcp: fix very small (cosmetic) memory leak
- fix build issues on some platforms (detected on newer Fedora)
For full changelog see:
https://github.com/rsyslog/rsyslog/blob/v8.25.0/ChangeLog
Changelog (abridged):
- rsyslog now builds on AIX
- mmdblookup: new maxminddb lookup message modify plugin
- mmrm1stspace: new module; removes first space in MSG if present
- KSI signature provider: file permissions can now be specified
- omzmq: new features
- change: when the hostname is empty, we now use "localhost-empty-hostname"
- omelasticsearch: remove "asyncrepl" config parameter
- omfwd: Add support for bind-to-device (see below on same for imudp)
- imudp: Add support for bind-to-device
- imudp: limit rcvbufsize parameter to max 1GiB
- rainerscript: implement new "call_indirect" statement
- bugfix imjournal: make state file handling more robust
- bugfix core: lookup table reload was not properly integrated
- bugfix core: potential dealock on shutdown
- bugfix ommongodb: did not work in v8 due to invalid indirection
- bugfix ommongodb: fix tryResume handling
- bugfix omfwd: retry processing was not done correctly, could stall
- bugfix imuxsock: segfault non shutdown when $OmitLocalLogging is on
Changes in 8.23.0 (abridged):
- KSI signatures: removed SHA2-224 hash algorithm
This is considered insecure and no longer supported by the underlying
KSI library. If still used within a configuration, a descriptive error
message is emitted during config processing.
- imfile: new timeout feature for multi-line reads
- omfile: improve robustness against network file system failures
in case of failure, a close and re-open is tried, which often solves the
issue (and wasn't handle before this patch).
- pmaixforwardedfrom: support for AIX syslogd -s option
- omelasticsearch: add ability to specify max http request size
- omelasticsearch: high availability addressing of ElasticSearch cluster
allow to specify an array of servers, which is tried until a working
one is found (and given up only if none works).
- omelasticsearch: make compatible with ElasticSearch 2.x and 5.x
fixes omelasticsearch logs response from ElasticSearch 5.0 _bulk
endpoint as error
- omhiredis: add dynakey attribute.
- omtcl: new contributed module
- RainerScript: provide a capability to set environment variables
via 'global(environment="var=val")' config statement.
- lookup tables: improved error checking
- queue subsystem: add configuration parameter "queue.samplinginterval"
- bugfix core: errmsg.LogError now switches to dfltErrLogger just before shutdown
- bugfix core: fixed un-freed memory in non-transactional action using string-passing
- rsgtutil: option to specify KSI publications file certificate constraints
- omprog: bugfixes and enhancements
- bugfix imfile: ReopenOnTruncate processing, file open processing
- bugfix omlibdbi: libdbi-driver-sqlite3/2 requires to provide a path to
database split into two strings:
* absolute path, where the database file sits
* database filename itself.
- bugfix RainerScript: issue in prifilt() function
Initialize func-data(and to-be-freed flag) correctly for prifilt
function-node
- bugfix omrelp: invalid module name imrelp was used in some error messages
- bugfix core: abort when persisting object state
- bugfix: segfault if hostname is unset on system
- bugfix external module perl skeleton: did not work properly
- bugfix build system: Fix detection of pthread_setschedparam() on platforms
such as FreeBSD
- bugfix omelasticsearch: modifies constant memory under some circumstances
- "bugfix": theoretical queue file corruption when more than MAX_INT files
- bug fix/KSI: LOGSIG11 missing in the beginning of KSI log signature file
- bugfix template processor: missing escaping of backslash in json mode
- testbench improvements
Version 8.22.0 [v8-stable] 2016-10-04
- ompgsql: add template support
Thanks to Radu Gheorghe for implementing this.
- generate somewhat better error message on config file syntax error
a common case (object at invalid location) has received it's own error
message; for the rest we still rely on the generic flex/bison handler
- bugfix:omhiredis reconnects after failure
previously it could loose messages under such conditions.
Thanks to Bob Gregory for the patch.
- general cleanup and code improvement
mostly guided by compiler warnings induced by newer opensuse builbot
environment
------------------------------------------------------------------------------
Version 8.21.0 [v8-stable] 2016-08-23
- CHANGE OF BEHAVIOUR:
by default, internal messages are no longer logged via the internal
bridge to rsyslog but via the syslog() API call [either directly or
via liblogging). For the typical single-rsyslogd-instance installation this
is mostly unnoticable (except for some additional latency). If multiple
instances are run, only the "main" (the one processing system log messages)
will see all messages. To return to the old behaviour, do either of those
two:
1) add in rsyslog.conf:
global(processInternalMessages="on")
2) export the environment variable RSYSLOG_DFLT_LOG_INTERNAL=1
This will set a new default - the value can still be overwritten via
rsyslog.conf (method 1). Note that the environment variable must be
set in your **startup script**.
For more information, please visit
http://www.rsyslog.com/rsyslog-error-reporting-improved/
- slightly improved TLS syslog error messages
- queue subsystem: improved robustness
The .qi file is now persisted whenever an existing queue file is fully
written and a new file is begun. This helps with rsyslog aborts, including
the common case where the OS issues kill -9 because of insufficiently
configured termination timout (this is an OS config error, but a frequent
one). Also, a situation where an orphaned empty file could be left in the
queue work directory has been fixed. We expect that this change causes
fewer permanent queue failures.
- bugfix: build failed on some platforms due to missing include files
Version 8.20.0 [v8-stable] 2016-07-12
- NEW BUILD REQUIREMENT: librelp, was 1.2.5, now is 1.2.12
This is only needed if --enable-relp is used. The new version is
needed to support the new timeout parameter in omrelp.
- NEW BUILD SUGGESTION: libfastjson 0.99.3
- omrelp: add configurable connection timeout
- pmrfc3164: add support for slashes in hostname
- bugfix omfile: handle chown() failure correctly
- omfile now better conveys status of unwritable files back to
core
- config files recursively including themselfes are now detected
and an error message is emitted in that case
- refactored code to not emit compiler warnings in "strict mode"
- bugfix: fix some issues with action CommitTransaction() handling
- bugfix omqmqp1: connecting to the message bus fails on
nonstandard port
- testbench/CI enhancements
- new tests for RELP components
- new tests for core action processing and retry
- travis tests now also run against all unstable versions of
supporting libraries. This helps to track interdependency
problems early.
- new tests for hostname parsing
- new tests for RainerScript comparisons
Version 8.19.0 [v8-stable] 2016-05-31
- NEW BUILD REQUIREMENT: autoconf-archive
- omelasticsearch: add option to permit unsigned certs (experimentally)
This adds plumbing as suggested by Joerg Heinemann and Radu Gheorghe,
but is otherwise untested. Chances are good it works. If you use it,
please let us know your experience and most importantly any bug
reports you may have.
closes https://github.com/rsyslog/rsyslog/issues/89
- imrelp: better error codes on unvailablity of TLS options
Most importantly, we will tell the user in clear words if specific TLS
options are not available due to too-old GnuTLS.
closes https://github.com/rsyslog/rsyslog/issues/1019
- default stack size for inputs has been explicitely set to 4MiB
for most platforms, this means a reduction from the default of 10MiB, hower
it may mean an increas for micro-libc's (some may have as low as 80KiB by
default).
- testbench: We are now using libfaketime instead of faketime command line
tool. Make sure you have installed the library and not just the binary!
- refactor stringbuf
* use only a single string buffer
... both for the internal representation as well as the C-String one.
The module originally tried to support embedded NUL characters, which
over time has prooven to be not necessary. Rsyslog always encodes
NUL into escape sequences.
Also, the dual buffers were used inconsistently, which could lead to
subtle bugs. With the single buffer, this does no longer happen and
we also get some improved performance (should be noticable)
and reduced memory use (a bit).
closes https://github.com/rsyslog/rsyslog/issues/1033
* removed no longer used code
* internal API changes to reflect new needs
* performance improvements
* miscellaneous minor cleanup
- fix: potential misadressing in template config processing
This could cause segfault on startup. Happens when template name shorter
than two chars and outname is not set. Once we are over startup, things
work reliably.
- bugfix omfile: async output file writing does not respect flushing
neither parameter flushInterval nor flushOnTXEnd="on" was respected.
closes https://github.com/rsyslog/rsyslog/issues/1054
- bugfix imfile: corrupted multi-line message when state data was persisted
see also https://github.com/rsyslog/rsyslog/issues/874
Thanks to Magnus Hyllander for the analysis and a patch suggestion.
- bugfix imfile: missing newline after first line of multiline message
see also https://github.com/rsyslog/rsyslog/issues/843
Thanks to Magnus Hyllander for the patch.
- bugfix: dynstats unusedMetricTtl bug
Thanks to Janmejay Singh for fixing this.
- bugfix build system: build was broken on SunOS
Thanks to Filip Hajny for the patch.
- bugfix: afterRun entry point not correctly called
The entry point was called at the wrong spot, only when the thread
had not already terminated by itself. This could cause various
cleanup to not be done. This affected e.g. imjournal.
closes https://github.com/rsyslog/rsyslog/issues/882
- bugfix dynstats: do not leak file handles
Thanks to Janmejay Singh for the patch.
- bugfix omelasticsearch: disable libCURL signal handling
previously, this could lead to segfaults on connection timeout
see also https://github.com/rsyslog/rsyslog/pull/1007
Thanks to Sai Ke WANG for the patch.
- bugfix omelasticsearc: some regressions were fixed
* error file was no longer written
* fix for some potential misaddressings
- improved wording: gnutls error message points to potential cause
What GnutTLS returns us is very unspecific and somehwat misleading, so
we point to what it most probably is (broken connect).
see also https://github.com/rsyslog/rsyslog/issues/846
- some general code improvements
* "fixed" cosmetic memory leaks at shutdown
- build system bugfix: configure can't find gss_acquire_cred on Solaris
Thanks to github user vlmarek for the patch.
- improvements to the CI environment
* improvements on the non-raciness of some tests
* imdiag: avoid races in detecting queue empty status
This reslolves cases where the testbench terminated rsyslog too early,
resulting in potential message loss and test failure.
* omkafka has now dynamic tests
Thanks to Janmejay Singh for implementing them.
* try to merge PR to master and run tests; this guards against cross-PR
regressions and wasn't caught previously. Note that we skip this test
if we cannot successfully merge. So this is not a replacement for a
daily full "all-project integration test run".
* travis has finally enabled elasticsearch tests
ES was unfortunately not being regularly tested for quite a while due to
missing environment. This lead to some regressions becoming undetected.
These were now discovered thanks to the new support on travis. Also, this
guards against future regressions.
* imfile has now additional tests and overall better coverage
* omfile has now additional tests
Version 8.18.0 [v8-stable] 2016-04-19
- testbench: When running privdrop tests testbench tries to drop
user to "rsyslog", "syslog" or "daemon" when running as root and
you don't explict set RSYSLOG_TESTUSER environment variable.
Make sure the unprivileged testuser can write into tests/ dir!
- templates: add option to convert timestamps to UTC
closes https://github.com/rsyslog/rsyslog/issues/730
- omjournal: fix segfault (regression in 8.17.0)
- imptcp: added AF_UNIX support
Thanks to Nathan Brown for implementing this feature.
- new template options
* compressSpace
* date-utc
- redis: support for authentication
Thanks to Manohar Ht for the patch
- omkafka: makes kafka-producer on-HUP restart optional
As of now, omkafka kills and re-creates kafka-producer on HUP.
This is not always desirable. This change introduces an action param
(reopenOnHup="on|off") which allows user to control re-cycling of
kafka-producer.
It defaults to on (for backward compatibility). Off allows user to
ignore HUP as far as kafka-producer is concerned.
Thanks to Janmejay Singh for implementing this feature
- imfile: new "FreshStartTail" input parameter
Thanks to Curu Wong for implementing this.
- omjournal: fix libfastjson API issues
This module accessed private data members of libfastjson
- ommongodb: fix json API issues
This module accessed private data members of libfastjson
- testbench improvements (more tests and more thourough tests)
among others:
- tests for omjournal added
- tests for KSI subsystem
- tests for priviledge drop statements
- basic test for RELP with TLS
- some previously disabled tests have been re-enabled
- dynamic stats subsystem: a couple of smaller changes
they also involve the format, which is slightly incompatible to
previous version. As this was out only very recently (last version),
we considered this as acceptable.
Thanks to Janmejay Singh for developing this.
- foreach loop: now also iterates over objects (not just arrays)
Thanks to Janmejay Singh for developing this.
- improvements to the CI environment
- enhancement: queue subsystem is more robst in regard to some
corruptions
It is now detected if a .qi file states that the queue contains more
records than there are actually inside the queue files. Previously this
resulted in an emergency switch to direct mode, now the problem is only
reported but processing continues.
- enhancement: Allow rsyslog to bind UDP ports even w/out specific
interface being up at the moment.
Alternatively, rsyslog could be ordered after networking, however,
that might have some negative side effects. Also IP_FREEBIND is
recommended by systemd documentation.
Thanks to Nirmoy Das and Marius Tomaschewski for the patch.
- cleanup: removed no longer needed json-c compatibility layer
as we now always use libfastjson, we do not need to support old
versions of json-c (libfastjson was based on the newest json-c
version at the time of the fork, which is the newest in regard
to the compatibility layer)
- new External plugin for sending metrics to SPM Monitoring SaaS
Thanks to Radu Gheorghe for the patch.
- bugfix imfile: fix memory corruption bug when appending @cee
Thanks to Brian Knox for the patch.
- bugfix: memory misallocation if position.from and position.to is used
a negative amount of memory is tried to be allocated if position.from
is smaller than the buffer size (at least with json variables). This
usually leads to a segfault.
closes https://github.com/rsyslog/rsyslog/issues/915
- bugfix: fix potential memleak in TCP allowed sender definition
depending on circumstances, a very small leak could happen on each
HUP. This was caused by an invalid macro definition which did not rule
out side effects.
- bugfix: $PrivDropToGroupID actually did a name lookup
... instead of using the provided ID
- bugfix: small memory leak in imfile
Thanks to Tomas Heinrich for the patch.
- bugfix: double free in jsonmesg template
There has to be actual json data in the message (from mmjsonparse,
mmnormalize, imjournal, ...) to trigger the crash.
Thanks to Tomas Heinrich for the patch.
- bugfix: incorrect formatting of stats when CEE/Json format is used
This lead to ill-formed json being generated
- bugfix omfwd: new-style keepalive action parameters did not work
due to being inconsistently spelled inside the code. Note that legacy
parameters $keepalive... always worked
see also: https://github.com/rsyslog/rsyslog/issues/916
Thanks to Devin Christensen for alerting us and an analysis of the
root cause.
- bugfix: memory leaks in logctl utility
Detected by clang static analyzer. Note that these leaks CAN happen in
practice and may even be pretty large. This was probably never detected
because the tool is not often used.
- bugfix omrelp: fix segfault if no port action parameter was given
closes https://github.com/rsyslog/rsyslog/issues/911
- bugfix imtcp: Messages not terminated by a NL were discarded
... upon connection termination.
Thanks to Tomas Heinrich for the patch.
- NEW REQUIREMENT: libfastjson
- new testbench requirement: faketime command line tool
- improve json variable performance
- new experimental feature: lookup table suport
- new feature: dynamic statistics counters
- new contributed plugin: omampq1 for AMQP 1.0-compliant brokers
- new set of UTC-based $now family of variables ($now-utc, $year-utc, ...)
- simplified locking when accessing message and local variables
- new global parameter "debug.unloadModules"
- timestamp handling: guard against invalid dates
- imfile: add "trimlineoverbytes" input paramter
- ommongodb: add support for extended json format for dates
- omjournal: add support for templates
- imuxsock: add "ruleset" input parameter
- testbench: framework improvement: configs can be included in test file
- imptcp: performance improvements
- made build compile (almost) without warnings
- solaris build: MAXHOSTNAMELEN properly detected
- build system improvement: ability to detect old hiredis libs
- rsgtutil: dump mode improvements
- build system: fix build issues with clang
- bugfix: unixtimestamp date format was incorrectly computed
- bugfix: date-ordinal date format was incorrectly computed
- bugfix: some race when shutting down input module threads
- bugfix tcpflood: did not handle connection drops correct in TLS case
- bugfix: abort if global parameter value was wrong
- bugfix omkafka: fix potential NULL pointer addressing
- bugfix impstats: @cee cookie was prefixed to wrong fromat (json vs. cee)
- bugfix imfile: fix race during startup that could lead to some duplication
- bugfix: potential loss of single message at queue shutdown
- bugfix: potential deadlock with heavy variable access
- bugfix ommysql: on some platforms, serverport parameter had no effect
- bugfix omelasticsearch: invalid pointer dereference
- bugfix omhiredis: serverport config parameter did not reliably work
- bugfix rsgtutil: -h command line option did not work
- bugfix lexer: hex numbers were not properly represented
- bugfix TLS syslog: intermittent errors while sending data
- bugfix imfile: abort on startup if no slash was present in file name param
- bugfix rsgtutil: fixed abort when using short command line options
- bugfix rsgtutil: invalid computation of log record extraction file
- bugfix build system: KSI components could only be build if in default path
Version 8.16.0 [v8-stable] 2016-01-26
- rsgtutil: Added extraction support including loglines and hash chains.
- clean up doAction output module interface
- new system properties for $NOW properties based on UTC
- impstats: support broken ElasticSearch JSON implementation
- omelasticsearch: craft better URLs
- imfile: add experimental "reopenOnTruncate" parameter
- bugfix imfile: proper handling of inotify initialization failure
- bugfix imfile: potential segfault due to improper handling of ev var
- bugfix imfile: potential segfault under heavey load.
- bugfix ommail: invalid handling of server response
- bugfix omelasticsearch: custom serverport was ignored on some platforms
- bugfix: tarball did not include some testbench files
- bugfix: memory misadressing during config parsing string template
- bugfix imzmq: memory leak
- bugfix imzmq: memory leak
- bugfix omzmq: memory leak
- some code improvement and cleanup
Switch to libfastjson, which will become a requirement in the next release.
- KSI Lib: Updated code to run with libksi 3.4.0.5
- KSI utilities: Added option to ser publication url.
- KSI Lib: Fixed wrong TLV container for KSI signatures from 0905 to 0906.
- KSI/GT Lib: Fixed multiple issues found using static analyzer
- performance improvement for configs with heavy use of JSON variables
- added pmpanngfw: contributed module for translating Palo Alto Networks
logs.
- testbench: Changed valgrind option for imtcp-tls-basic-vg.sh
- pmciscoios: support for asterisk before timestamp added
- solr external output plugin much enhanced
- omrabbitmq: improvements
- add support for libfastjson (as a replacement for json-c)
- KSI utilities: somewhat improved error messages
- pmciscoios: support for some format variations
- support grok via new contributed module mmgrok
- omkafka: new statistics counter "maxoutqsize"
- improvments for 0mq modules:
- omczmq: suspend / Retry handling - the output plugin can now recover
from some error states due to issues with plugin startup or message
sending
- omczmq: refactored topic handling code for ZMQ_PUB output to be
a little more efficient
- omczmq: added ability to set a timeout for sends
- omczmq: set topics can be in separate frame (default) or part
of message frame (configurable)
- omcmzq: code cleanup
- imczmq: code cleanup
- imczmq: fixed a couple of cases where vars could be used uninitialized
- imczmq: ZMQ_ROUTER support
- imczmq: Fix small memory leak from not freeing sockets when done
with them
- allow creation of on demand ephemeral CurveZMQ certs for encryption.
- cleanup on code to unset a variable
- omelasticsearch: build on FreeBSD
- pmciscoios: fix some small issues clang static analyzer detected
- testbench: many improvements and some new tests
- overall code improvements thanks to clang static analyzer
- gnutls fix: Added possible fix for gnutls issue #575
- bugfix omkafka: restore ability to build on all platforms
- bugfix omkafka: fix potentially negative partition number
- bugfix: solve potential race in creation of additional action workers
- bugfix: potential memory leak in config parsing
- bugfix: small memory leak in loading template config
- bugfix: fix extra whitespace in property expansions
- bugfix: mmfields leaked memory if very large messages were processed
- bugfix: mmfields could add garbagge data to field
- bugfix: omhttpfs now also compiles with older json-c lib
- bugfix: memory leak in (contributed) module omhttpfs
- bugfix: parameter mismatch in error message for wrap() function
- bugfix: parameter mismatch in error message for random() function
- bugfix: divide by zero if max() function was provided zero
- bugfix: invalid mutex handling in omfile async write mode
- bugfix: fix inconsistent number processing
- bugfix: timezone() object: fix NULL pointer dereference
- bugfix omfile: memory addressing error if very long outchannel name used
Version 8.14.0 [v8-stable] 2015-11-03
- add property "rawmsg-after-pri"
- bugfix: potential misadresseing in imfile
Could happen when wildcards were used.
- bugfix: re_extract RainerScript function did not work
Problems found with existing digests:
Package memconf distfile memconf-2.16/memconf.gz
b6f4b736cac388dddc5070670351cf7262aba048 [recorded]
95748686a5ad8144232f4d4abc9bf052721a196f [calculated]
Problems found locating distfiles:
Package dc-tools: missing distfile dc-tools/abs0-dc-burn-netbsd-1.5-0-gae55ec9
Package ipw-firmware: missing distfile ipw2100-fw-1.2.tgz
Package iwi-firmware: missing distfile ipw2200-fw-2.3.tgz
Package nvnet: missing distfile nvnet-netbsd-src-20050620.tgz
Package syslog-ng: missing distfile syslog-ng-3.7.2.tar.gz
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
Version 8.13.0 [v8-stable] 2015-09-22
- ZeroMQ enhancements:
- Added the ability to set a static publishing topic per action as an
alternative to constructing topics with templates
- ZMQ_PUB socket now defaults to bind and ZMQ_SUB socket now defaults to
connect
- Redis enhancements:
- Can now LPUSH to a Redis list in "queue" mode
- Can now PUBLISH to a Redis channel in "publish" mode
- build requirement for rsyslog/mmnormalize is now liblognorm 1.1.2 or above
- mmnormalize: liblognorm error messages are now emitted via regular
rsyslog error reporting mechanism (aka "are now logged")
- add support for TCP client side keep-alives
- bugfix: imtcp/TLS hangs on dropped packets
- bugfix testbench: some tests using imptcp are run if module is disabled
- bugfix omkafka: Fixes a bug not accepting new messages anymore.
- bugfix: Parallel build issue "cannot find ../runtime/.libs/librsyslog.a:
No such file or directory" (#479) fixed.
- bugfix: Added missing mmpstructdata testfiles into makefile.
- bugfix: Reverted FIX for issue #392 as it had unexpected side effects.
- The new fix duplicates the Listener object for static files (like
done for dynamic files already), resolving issue #392 and #490.
- bugfix: issues in queue subsystem if syncqueuefiles was enabled
- Error 14 was generated on the .qi file directory handle.
As the .qi filestream does not have a directory set, fsync
was called on an empty directory causing a error 14 in debug log.
- When queue files existed on startup, the bSyncQueueFiles
strm property was not set to 1. This is now done in the
qqueueLoadPersStrmInfoFixup function.
- bugfix/testbench: tcpflood tool could abort when random data was added
- rscryutil: Added support to decrypt a not closed log file.
Version 8.12.0 [v8-stable] 2015-08-11
- Harmonize resetConfigVariables values and defaults
see also https://github.com/rsyslog/rsyslog/pull/413
Thanks to Tomas Heinrich for the patch.
- GT/KSI: fix some issues in signature file format and add conversion tool
The file format is incompatible to previous format, but tools have been
upgraded to handle both and also an option been added to convert from
old to new format.
- bugfix: ommysql did not work when gnutls was enabled
as it turned out, this was due to a check for GnuTLS functions
with the side-effect that
AC_CHECK_LIB, by default, adds the lib to LIBS, if there is no
explicit action, what was the case here. So everything was now
linked against GnuTLS, which in turn made ommysql fail.
Thanks to Thomas D. (whissi) for the analysis of the ommysql/gnutls
problem and Thomas Heinrich for pointing out that AC_CHECK_LIB might
be the culprit.
- bugfix omfile: potential memory leak on file close
see also: https://github.com/rsyslog/rsyslog/pull/423
Thanks to Robert Schiele for the patch.
- bugfix omfile: potential race in dynafile detection/creation
This could lead to a segfault.
Thanks to Tomas Heinrich for the patch.
- bugfix omfile: Fix race-condition detection in path-creation code
The affected code is used to detect a race condition in between
testing for the existence of a directory and creating it if it didn't
exist. The variable tracking the number of attempts wasn't reset for
subsequent elements in the path, thus limiting the number of
reattempts to one per the whole path, instead of one per each path
element.
This solution was provided by Martin Poole.
- bugfix parser subsystem: potential misadressing in SanitizeMsg()
could lead to a segfault
Thanks to Tomas Heinrich for the patch.
- imfile: files moved outside of directory are now (properly) handled
- bugfix: imfile: segfault when using startmsg.regex if first log line
doesn't match
Thanks to Ciprian Hacman for the patch.
- bugfix imfile: file table was corrupted when on file deletion
This could happen when a file that was statically configured (not via an
wildcard) was deleted.
- bugfix ompgsql: transaction were improperly handled
now transaction support is solidly disabled until we have enough requests
to implement it again. Module still works fine in single insert mode.
closes https://github.com/rsyslog/rsyslog/issues/399
- bugfix mmjsonparse: memory leak if non-cee-json message is processed
see also https://github.com/rsyslog/rsyslog/pull/383
Thanks to Anton Matveenko for the patch
- testbench: remove raciness from UDP based tests
- testbench: added bash into all scripts makign it mandatory
- bugfix testbench: Fixed problem building syslog_caller util when
liblogging-stdlog is not available.
Thanks to Louis Bouchard for the patch
- bugfix rscryutil.1: Added fix checking for generate_man_pages condition
Thanks to Radovan Sroka for the patch
- bugfix freebsd console: \n (NL) is prepended with \r (CR) in console
output on freebsd only. For more details see here:
https://github.com/rsyslog/rsyslog/issues/372
Thanks to AlexandreFenyo for the patch
------------------------------------------------------------------------------
Version 8.11.0 [v8-stable] 2015-06-30
- new signature provider for Keyless Signature Infrastructure (KSI) added
- build system: re-enable use of "make distcheck"
- add new signature provider for Kesless Signature Infrastructure (KSI)
This has also been added to existing tooling; KSI is kind of v2 of
the Guardtime functionality and has been added in the appropriate
places.
- bugfix imfile: regex multiline mode ignored escapeLF option
Thanks to Ciprian Hacman for reporting the problem
closes https://github.com/rsyslog/rsyslog/issues/370
- bugfix omkafka: fixed several concurrency issues, most of them related
to dynamic topics.
Thanks to Janmejay Singh for the patch.
- bugfix: execonlywhenpreviousissuspended did not work correctly
This especially caused problems when an action with this attribute was
configured with an action queue.
- bugfix core engine: ensured global variable atomicity
This could lead to problems in RainerScript, as well as probably in other
areas where global variables are used inside rsyslog. I wouldn't outrule
it could lead to segfaults.
Thanks to Janmejay Singh for the patch.
- bugfix imfile: segfault when using startmsg.regex because of empty log line
closes https://github.com/rsyslog/rsyslog/issues/357
Thanks to Ciprian Hacman for the patch.
- bugfix: build problem on Solaris
Thanks to Dagobert Michelsen for reporting this and getting us up to
speed on the openCWS build farm.
- bugfix: build system strndup was used even if not present
now added compatibility function. This came up on Solaris builds.
Thanks to Dagobert Michelsen for reporting the problem.
closes https://github.com/rsyslog/rsyslog/issues/347
- bugfix imjournal: do not pass empty messages to rsyslog core
this causes a crash of the daemon
see also https://github.com/rsyslog/rsyslog/pull/412
Thanks to Tomas Heinrich for the patch.
- bugfix imjournal: cosmetic memory leak
very small and an shutdown only, so did not affect operations
see also https://github.com/rsyslog/rsyslog/pull/411
Thanks to Tomas Heinrich for the patch.
Version 8.10.0 [v8-stable] 2015-05-19
- imfile: add capability to process multi-line messages based on regex
input parameter "endmsg.regex" was added for that purpose. The new
mode provides much more power in processing different multiline-formats.
- pmrfc3164: add new parameters
* "detect.yearAfterTimestamp"
This supports timestamps as generated e.g. by some Aruba Networks
equipment.
* "permit.squareBracesInHostname"
Permits to use "hostnames" in the form of "[127.0.0.1]"; also seen in
Aruba Networks equipment, but we strongly assume this can also happen
in other cases, especially with IPv6.
- supplementary groups are now set when dropping privileges
closes https://github.com/rsyslog/rsyslog/issues/296
Thanks to Zach Lisinski for the patch.
- imfile: added brace glob expansion to wildcard
Thanks to Zach Lisinski for the patch.
- zmq: add the ability for zeromq input and outputs to advertise their
presence on UDP via the zbeacon API.
Thanks to Brian Knox for the contribution.
- added omhttpfs: contributed module for writing to HDFS via HTTP
Thanks to sskaje for the contribution.
- Configure option "--disable-debug-symbols" added which is disabled per
default. If you set the new option, configure won't set the appropriate
compiler flag to generate debug symbols anymore.
- When building from git source we now require rst2man and yacc (or a
replacement like bison).
That isn't any new requirement, we only added missing configure checks.
- Configure option "--enable-generate-man-pages" is now disabled for non git
source builds per default but enforced when building from git source.
- mmpstrucdata: some code cleanup
removed lots of early development debug outputs
- bugfix imuxsock: fix a crash when setting a hostname
Setting a hostname via the legacy directive would lead to a crash
during shutdown caused by a double-free.
Thanks to Tomas Heinrich for the patch.
- bugfix: memory leak in mmpstrucdata
Thanks to Gregoire Seux for reporting this issue.
closes https://github.com/rsyslog/rsyslog/issues/310
- bugfix (minor): default action name: assigned number was one off
see also https://github.com/rsyslog/rsyslog/pull/340
Thanks to Tomas Heinrich for the patch.
- bugfix: memory leak in imfile
A small leak happened each time a new file was monitored based on
a wildcard. Depending on the rate of file creation, this could result
in a serious memory leak.
Version 8.9.0 [v8-stable] 2015-04-07
- omprog: add option "hup.forward" to forwards HUP to external plugins
- imuxsock: added capability to use regular parser chain
- 0mq: improvements in input and output modules
- imtcp: add support for ip based bind for imtcp -> param "address"
- bugfix: MsgDeserialize out of sync with MsgSerialize for StrucData
- bugfix imfile: partial data loss, especially in readMode != 0
- bugfix: potential large memory consumption with failed actions
- bugfix: omudpspoof: invalid default send template in RainerScript format
- bugfix: size-based legacy config statements did not work properly
- build system: added option --without-valgrind-testbench
- rsyslogd: fix misleading typos in error messages
Version 8.8.0 [v8-stable] 2015-02-24
- omkafka: add support for dynamic topics and auto partitioning
- imtcp/imptcp: support for broken Cisco ASA TCP syslog framing
- omfwd: more detailled error messages in case of UDP send error
- TLS syslog: enable capability to turn on GnuTLS debug logging
- bugfix: $AbortOnUncleanConfig did not work
- improve rsyslogd -v output and error message with meta information
version number is now contained in error message and build platform in
version output
- bugfix imtcp: octet-counted framing cannot be turned off
- bugfix: build problems on Illuminos
- bugfix: invalid data size for iMaxLine global property
- bugfix: negative values for maxMessageSize global parameter were permitted
- add message metadata "system" to msg object
this permits to store metadata alongside the message
- imfile: add support for "filename" metadata
this is useful in cases where wildcards are used
- imptcp: make stats counter names consistent with what imudp, imtcp uses
- added new module "omkafka" to support writing to Apache Kafka
- omfwd: add new "udp.senddelay" parameter
- mmnormalize enhancements
- RainerScript "foreach" iterator and array reading support
- now requires liblognorm >= 1.0.2
- add support for systemd >= 209 library names
- BSD "ntp" facility (value 12) is now also supported in filter
- bugfix: global(localHostName="xxx") was not respected in all modules
- bugfix: emit correct error message on config-file-not-found
- bugfix: impstats emitted invalid JSON format (if JSON was selected)
- bugfix: (small) memory leak in omfile's outchannel code
- bugfix: imuxsock did not deactivate some code not supported by platform
Version 8.6.0 [v8-stable] 2014-12-02
- configuration-setting rsyslogd command line options deprecated
- new and enhanced plugins for 0mq. These are currently experimantal.
- empty rulesets have been permitted. They no longer raise a syntax error.
- add parameter -N3 to enable config check of partial config file
- rsyslogd -e option has finally been removed
- testbench improvements
- testbench is now by default disabled
- add new RainerScript functions warp() and replace()
- mmnormalize can now also work on a variable
- new property date options for day ordinal and week number
- remove --enable-zlib configure option, we always require it
- slight source-tree restructuring: contributed modules are now in their
own ./contrib directory
- bugfix: imudp makes rsyslog hang on shutdown when more than 1 thread used
- bugfix: not all files closed on auto-backgrounding startup
- bugfix: typo in queue configuration parameter made parameter unusable
- bugfix: unitialized buffer off-by-one error in hostname generation
- bugfix imuxsock: possible segfault when SysSock.Use="off"
- bugfix: RainerScript: invalid ruleset names were accepted during ruleset
defintion, but could of course not be used when e.g. calling a ruleset.
- bugfix: some module entry points were not called for all modules callbacks
like endCnfLoad() were primarily being called for input modules. This has
been corrected. Note that this bugfix has some regression potential.
- bugfix omlibdbi: connection was taken down in wrong thread
- imttcp was removed because it was an incompleted experimental module
- pmrfc3164sd because it was a custom module nobody used
- omoracle was removed because it was orphaned and did not build/work
for quite some years and nobody was interested in fixing it
Version 8.5.0 [v8-stable] 2014-10-24
- imfile greatly refactored and support for wildcards added
- PRI-handling code refactored for more clarity and robustness
- ommail: add support for RainerScript config system [action() object]
- refactored the auto-backgrounding method
- make gntls tcp syslog driver emit more error messages
- bugfix: imfile did not complain if configured file did not exist
- bugfix: build failure on systems which don't have json_tokener_errors
- imgssapi: log remote peer address in some error messages
Version 8.4.2 [v8-stable] 2014-10-02
- bugfix: the fix for CVE-2014-3634 did not handle all cases. This is
corrected now. see also: CVE-2014-3683
- fixed a build problem on some platforms. Thanks to Olaf for the patch
- behaviour change: "msg" of messages with invalid PRI set to "rawmsg"
When the PRI is invalid, the rest of the header cannot be valid. So
we move all of it to MSG and do not try to parse it out. Note that
this is not directly related to the security issue but rather done
because it makes most sense.
Version 8.4.1 [v8-stable] 2014-09-30
- imudp: add for bracketing mode, which makes parsing stats easier
- permit at-sign in variable names
closes: https://github.com/rsyslog/rsyslog/issues/110
- bugfix: fix syntax error in anon_cc_numbers.py script
Thanks to github user anthcourtney for the patch.
closes: https://github.com/rsyslog/rsyslog/issues/109
- bugfix: ompgsql: don't loose uncomitted data on retry
Thanks to Jared Johnson and Axel Rau for the patch.
- bugfix: imfile: if a state file for a different file name was set,
that different file (name) was monitored instead of the configured
one. Now, the state file is deleted and the correct file monitored.
closes: https://github.com/rsyslog/rsyslog/issues/103
- bugfix: omudpspoof: source port was invalid
Thanks to Pavel Levshin for the patch
- bugfix: build failure on systems which don't have json_tokener_errors
Older versions of json-c need to use a different API (which don't
exists on newer versions, unfortunately...)
Thanks to Thomas D. for reporting this problem.
- bugfix: omelasticsearch does not work with broken/changed ES 1.0+ API
closes: https://github.com/rsyslog/rsyslog/issues/104
- bugfix: mmanon did not properly anonymize IP addresses starting with '9'
Thanks to defa-at-so36.net for reporting this problem.
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=529
- bugfix: build problems on SuSe Linux
Thanks Andreas Stieger for the patch
- bugfix: omelasticsearch error file did not work correctly on ES 1.0+
due to a breaking change in the ElasticSearch API.
see also: https://github.com/rsyslog/rsyslog/issues/104
- bugfix: potential abort when a message with PRI > 191 was processed
if the "pri-text" property was used in active templates, this could be
abused to a remote denial of service from permitted senders
see also: CVE-2014-3634
Rsyslog is an enhanced syslogd supporting, among others, MySQL,
PostgreSQL, failover log destinations, syslog/tcp, fine grain
output format control, high precision timestamps, queued operations
and the ability to filter on any message part. It is quite
compatible to stock sysklogd and can be used as a drop-in
replacement.