Commit graph

24 commits

Author SHA1 Message Date
fhajny
f89fac2577 sysutils/rsyslog: Update to 8.33.0.
Version 8.33.0 [v8-stable] 2018-02-20
- auto-detect if running inside a container (as pid 1)
- config: add include() script object
- template: add option to generate json "container"
- core/template: add format jsonf to constant template entries
- config: add ability to disable config parameter ("config.enable")
- script: permit to use environment variables during configuration
- new global config parameter "shutdown.enable.ctl-c"
- config optimizer: detect totally empty "if" statements and optimize
  them out
- template: constant entry can now also be formatted as json field
- omstdout: support for new-style configuration parameters added
- core: set TZ on startup if not already set
- imjournal bugfix: file handle leak during journal rotation
- lmsig_ksils12 bugfix: dirOwner and dirGroup config was not respected
- script bugfix: replace() function worked incorrectly in some cases
- build system bugfix: --disable-libcurl did not work
- fixed build issues on Alpine Linux
- core bugfix: misadressing in external command parser
- core bugfix: small memory leak in external command parser
- core bugfix: string not properly terminated when RFC5424 MSGID is used
- bugfix: strndup() compatibility layer func copies too much
2018-02-23 11:18:08 +00:00
fhajny
f2fb2d4343 Update sysutils/rsyslog* to 8.32.0.
- rsyslogd: add capability to specify that no pid file shall be
  written
- ompgsql: considerable enhancements
- build system: removed --enable-rtinst configure option
- pmrfc3164: support for headerless messages
- omhiredis: add option to use RPUSH instead of LPUSH
- mmexternal improvements
- omprog: refactored, code shared with mmexternal moved to common
  object
- logctl tool: refactor to support newer rsyslog standards
- imfile: added support for Solaris File Event notification (FEN)
- core/action: new parameter "action.errorfile"
- imfile: added new module parameter "sortFiles"
- imuxsock: improved status reporting: socket name received from
  systemd
- build system: added new testbench configure switches
- mmpstrucdata: new parameter "sd_name.lowercase"
- omfile: add module-global option "dynafile.donotsuspend"
- testbench: add a capability to turn off libfaketime tests via
  configure
- testbench: name valgrind tests consistently
- RainerScript: add function parse_json()
- RainerScript: add function substring()
- RainerScript: add function http_request()
- RainerScript: add function previous_is_suspended()
- Patches from BSD projects have been imported
- script bugfix: invalid function names were silently ignored
- rainerscript: add int2hex() function
- rainerscript: add is_time() function
- RainerScript: add function script_error() and error-reporting
  support
- testbench: fixed build problem of testbench tools under Alpine Linux
- added --enable-libsystemd configure option to enforce use of
  libsystemd
- core/glbl: remove long-unused option $optimizeforuniprocessor
- core/queue: emit better status messages at rsyslog shutdown
- fixed a couple of build issues with gcc-7 (in less frequently used
  modules)
- fixed a couple of build issues on the arm platform (actually
  raspbian)
- impstats: fix invalid counter definitions for getrusage() reporting
- imudp bugfix: potential segfault in ratelimiting
- imptcp bugfix: access to free'ed memory
- mmanon bugfix: fix wrong ipv6 embedded recognition
- imfile bugfix: not detecting files in directory when wildcards are
  used.
- script bugfix: improper string-to-number conversion for negative
  numbers
- core/action bugfix: 100% CPU utilization on suspension of output
  module
- core/variables bugfix: bare $! cannot be used in set statement
- core bugfix: auto commit of actions improperly handled
- core bugfix: filename length limitation of 199 bytes
- core bugfix: undefined behavior due to integer overflow
- core bugfix: race on LocalHostIP property during startup
- bugfix: potential segfault on startup
- omhiredis bugfix: rsyslog segfault on startup if no template is
  specified
- omprog bugfix: argv[0] not set when using binary without arguments
- core: refactoring of rsyslog's cstr "class"
- parent directory creation function refactored
- mmsnmptrapd bugfix: potential misadressing
- imkafka: fix potential small ressource leak
- imkafka bugfix: do not emit error message on regular state
- omkafka: expose operational status to user where useful
- omkafka bugfix: potential message duplication
- omkafka: fix multithreading
- omkafka bugfix: potential misadressing
- omkafka bugfix: build fails with older versions of librdkafka
- omgssapi bugfix: fix compiler warnings with gcc-7
- dnscache bugfix: entries were cached based on IP AND port number
- omkafka bugfix: fixed memory leak
- mmdblookup bugfix: replace thread-unsafe strtok() by thread-safe
  counterpart
- pmnormalize bugfix: remove unsave "strcat" implementation
- rainerscript bugfix: ltrim() and rtrim function misadressing
- imklog bugfix: local host IP was hardcoded to 127.0.0.1
- cleanup: remove obsolete pre-KSI GuardTime signature interface
- cleanup: obsolete defintion SOL_TCP replaced by newer IPPROTO_TCP
- lookup tables: fixed undefined behavior detected by UBSan
2018-01-15 11:01:16 +00:00
fhajny
3b525ae908 Update sysutils/rsyslog* to 8.31.0
- remove systemd embedded code, use libsystemd instead
- mmanon: add support for IPv6 adresses with embedded IPv4 address
- ommongodb: big refactoring, more or less a feature-enhanced rewrite
- rainerscript: add parse_time() function
- omelasticsearch: add pipeline support
- lmsig_ksi_ls12: support asynchronous mode of libksi
- omprog: added error handling and transaction support for external
  plugins
- imzmq3/omzmq3: marked as deprecated, modules will be remove in v8.41
- imzmq3/omzmq3: fixed build issues with gcc-7
- core: emit error message on abnormal input thread termination
- core: refactored locking for json variable access
- core: refactored creation of UDP sockets
- core/dnscache: refactor locking
- rainerscript: use crypto-grade random number generator for random()
  function
- imkafka: improve error reporting and cleanup refactoring
- imkafka bugfix: segfault if "broker" parameter is not specified
- omkafka: improve error reporting
- omkafka: slight speedup do to refactoring of LIST class
- TCP syslog: support SNI when connecting as a client
- msg variable bugfix: potential segfault on variable access
- ratelimiting bugfix: data race in Linux-like ratelimiter
- core/template bugfix: potential NULL pointer access at config load
- core/json var subsystem bugfix: segfault in MsgSetPropsViaJSON
- core/wrkr threads bugfix: race condition
- core/wtp: potential hang during shutdown
- omfwd bugfix: generate error message on connection failure
- imtcp bugfix: "streamdriver.mode" parameter could not be set to 0
- imjournal bugfix: module was defunctional
- imjournal: refactor error handling, fix error messages
 -mmdblookup bugfix: fix potential segfault due to threading issues
- omkafka bugfixes
- kafka bugfix: problem on invalid kafka configuration values
- [io]mgssapi: fix build problems (regression from 8.30.0)
- [io]czmq: fix build problems on some platforms (namely gcc 7, clang
  5)
- tcpsrv bugfix: potential hang during shutdown
- queue bugfix: potential hang during shutdown
- queue bugfix: NULL pointer dereference during config processing
- imczmq bugfix: segfault
- imfile: some small performance enhancements
- omfile: hande file open error via SUSPEND mode
- omfile bugfix: race during directory creation can lead to loop
- imudp: improve error reporting
- omrelp bugfix: incorrect error handling
- [io]mrelp bugfix: segfault on startup if configured cert not
  readable
- mmanon fix: make build under gcc 7
- mmpstrucdata bugfix: formatting error of ']' char
- mmexternalb bugfix: memory leak
- core/stats bugfix: memory leak if sender stats or tracking are
  enabled
- core bugfix: potential segfault during startup
- core bugfix: potential race in variable handling
- core bugfix: potential segfault when shutting down rsyslog
- core/action bugfix: potential misadressing when processing hard
  errors
- template object bugfix: NULL pointer access on invalid parameters
- omjournal bugfix: NULL pointer access on invalid parameters
- omelasticsearch bugfix: configured credentials not used during
  health check
- omelasticsearch bugfix: abort on unavailable ES server
- omelasticsearch: fix memory leak and potential misadressing
- omelasticsearch bugfix: output from libcurl to stdout
- iczmq bugfix: potential memory leak
- imptcp bugfix: potential misadressing
- imptcp: potential buffer overflow
- core/nsd_gtls: fix potential unitialized data access
- stats bugfix: potential program hang
- omfwd bugfix: memory leak if network namespaces are used
- core: potential misadressing when accessing JSON properties
- gcry crypto provider bugfixes: potential misadressing and memory
  leak
- core/file stream object bugfix: memory leak
- imdiag bugfix: double mutex unlock when working with stats
- fixed several minor and cosmetic issues found by Coverty scan
- build: make compile warning-free under gcc 7
2017-11-30 22:19:36 +00:00
fhajny
40e926602b Update sysutils/rsyslog* to 8.30.0.
- CHANGE OF BEHAVIOUR: all variables are now case-insensitive by
  default
- core: handle (JSON) variables in case-insensitive way
- imjournal: made switching to persistent journal in runtime possible
- mmanon: complete refactor and enhancements
  - add pseudonymization mode
  - add address randomization mode
  - add support for IPv6 (this also supports various replacement
    modes)
  - in IPv4 address recognition
  - in IPv4 simple mode to-be-anonymized bits can get wrong
- imfile: add "fileoffset" metadata
- RainerScript: add ltrim and rtrim functions
- core: report module name when suspending action
- core: add ability to limit number of error messages going to stderr
- tcpsrv subsystem: improvate clarity of some error messages
- imptcp: include module name in error msg
- imtcp: include module name in error msg
- tls improvement: better error message if certificate file cannot be
  read
- omfwd: slightly improved error messages during config parsing
- ommysql improvements
- ommysql bugfix: do not duplicate entries on failed transaction
- imtcp bugfix: parameter priorityString was ignored
- template/bugfix: invalid template option conflict detection
- core/actions: fix handling of data-induced errors
- core/action bugfix: no "action suspended" message during retry
  processing
- core/ratelimit bugfix: race can lead to segfault
- core bugfix: rsyslog aborts if errmsg is generated in early startup
- core bugfix: informational messages was logged with error severity
- core bugfix: --enable-debugless build was broken
- queue bugfix: file write error message was incorrect
- omrelp bugfix:  segfault when rebindinterval parameter is used
- omkafka bugfix: invalid load of failedmsg file on startup if
  disabled
- kafka bugfix: problem on invalid kafka configuration values
- imudp bugfix: UDP oversize message not properly handled
- core bugfix: memory corruption during configuration parsing
- core bugfix: race on worker thread termination during shutdown
- omelasticsearch: avoid ES5 warnings while sending json in bulkmode
- omelasticsearch bugfix: incompatibility with newer ElasticSearch
  version
- imptcp bugfix: invalid mutex addressing on some platforms
- imptcp bugfix: do not accept missing port in legacy listener
  definition
2017-10-18 11:01:05 +00:00
fhajny
efe7ccf9b6 Update sysutils/rsyslog* to 8.28.0
- omfwd: add parameter "tcp_frameDelimiter"
- omkafka: large refactor of kafka subsystem
- imfile: improved handling of atomically renamed file (w/ wildcards)
- imfile: add capability to truncate oversize messages or split into
  multiple
- mmdblookup
  * upgraded from "contrib" to "fully supported" state
  * refactored and simplified code
  * added ability to specify custom names for extracted fields
  * bugfix: fixed multiple memory leaks
- imptcp: add new parameter "flowControl"
- imrelp: add "maxDataSize" config parameter
- multiple modules: gtls: improve error if certificate file can't be
  opened
- omsnare: allow different tab escapes
- omelasticsearch: converted to use libfastjson instead of json-c
- imjournal: _PID fallback
- multiple modules: add better error messages when regcomp is failing
- omhiredis: fix build warnings
- imfile bugfix: files mv-ed in into directory were not handled
- omprog bugfix: execve() incorrectly called
- imfile bugfix: multiline timeout did not work if state file exists
- lmsig_ksi-ls12 bugfix: build problems on some platforms
- core bugfix: invalid object type assertion
- regression fix: local hostname was not always detected properly on
  early start (w/o network).
- bugfix: format security issues in zmq3 modules
- bugfix build system: add libksi only to those binaries that need it
- bugfix KSI ls12 components: invalid tree height calculation
- testbench/CI enhancements
2017-07-04 13:31:16 +00:00
joerg
c3863836f9 Include missing header. Deal with systems not using the LFS crap of
O_LARGEFILE.
2017-05-22 23:43:00 +00:00
fhajny
6aeaad64e2 Update sysutils/rsyslog to 8.27.0
Version 8.27.0 [v8-stable] 2017-05-16
- imkafka: add module
- imptcp enhancements:
  * optionally emit an error message if incoming messages are truncated
  * optionally emit connection tracking message (on connection create and
    close)
  * add "maxFrameSize" parameter to specify the maximum size permitted
    in octet-counted mode
  * add parameter "discardTruncatedMsg" to permit truncation of
    oversize messages
  * improve octect-counted mode detection: if the octet count is larger
    then the set frame size (or overly large in general), it is now
    assumed that octet-stuffing mode is used. This probably solves a
    number of issues seen in real deployments.
- imtcp enhancements:
  * add parameter "discardTruncatedMsg" to permit truncation of
    oversize messages
  * add "maxFrameSize" parameter to specify the maximum size permitted
    in octet-counted mode
- imfile bugfix: "file not found error" repeatedly being reported
  for configured non-existing file.
- imfile: in inotify mode, add error message if configured file cannot
  be found
- imfile: add parameter "fileNotFoundError" to optinally disable
  "file not found" error messages
- core: replaced gethostbyname() with getaddrinfo() call
- omkafka: add "origin" field to stats output
- imuxsock: rate-limiting also uses process name
  both for the actual limit procesing as well as warning messages emitted
- Added new module: KSI log signing ver. 1.2 (lmsig_ksi_ls12)
- rsylsog base functionality now builds on osx (Mac)
- build now works on solaris again
- imfile: fix cross-platform build issue
- bugfix core: segfault when no parser could parse message
- bugfix core: rate-limit internal messages when going to external log system
- bugfix core: when obtaining local hostname, a NULL pointer could be
  accessed.
- bugfix core: on shutdown, stderr was written to, even if alrady closed
- bugfix core: perform MainqObj destruction only when not NULL already
- bugfix core: memory leak when internal messages not processed internally
- bugfix imptcp: potential overflow in octet count computation
  when a very large octet count was specified, the counter could overflow
2017-05-18 13:27:44 +00:00
fhajny
cac2776011 Update sysutils/rsyslog to 8.24.0.
Changelog (abridged):

- rsyslog now builds on AIX
- mmdblookup: new maxminddb lookup message modify plugin
- mmrm1stspace: new module; removes first space in MSG if present
- KSI signature provider: file permissions can now be specified
- omzmq: new features
- change: when the hostname is empty, we now use "localhost-empty-hostname"
- omelasticsearch: remove "asyncrepl" config parameter
- omfwd: Add support for bind-to-device (see below on same for imudp)
- imudp: Add support for bind-to-device
- imudp: limit rcvbufsize parameter to max 1GiB
- rainerscript: implement new "call_indirect" statement
- bugfix imjournal: make state file handling more robust
- bugfix core: lookup table reload was not properly integrated
- bugfix core: potential dealock on shutdown
- bugfix ommongodb: did not work in v8 due to invalid indirection
- bugfix ommongodb: fix tryResume handling
- bugfix omfwd: retry processing was not done correctly, could stall
- bugfix imuxsock: segfault non shutdown when $OmitLocalLogging is on
2017-02-13 19:59:36 +00:00
joerg
7355471594 Don't depend on header pollution for stat macros. 2017-02-09 00:18:36 +00:00
fhajny
059779ca8b Update sysutils/rsyslog to 8.23.0.
Changes in 8.23.0 (abridged):
- KSI signatures: removed SHA2-224 hash algorithm
  This is considered insecure and no longer supported by the underlying
  KSI library. If still used within a configuration, a descriptive error
  message is emitted during config processing.
- imfile: new timeout feature for multi-line reads
- omfile: improve robustness against network file system failures
  in case of failure, a close and re-open is tried, which often solves the
  issue (and wasn't handle before this patch).
- pmaixforwardedfrom: support for AIX syslogd -s option
- omelasticsearch: add ability to specify max http request size
- omelasticsearch: high availability addressing of ElasticSearch cluster
  allow to specify an array of servers, which is tried until a working
  one is found (and given up only if none works).
- omelasticsearch: make compatible with ElasticSearch 2.x and 5.x
  fixes omelasticsearch logs response from ElasticSearch 5.0 _bulk
  endpoint as error
- omhiredis: add dynakey attribute.
- omtcl: new contributed module
- RainerScript: provide a capability to set environment variables
  via 'global(environment="var=val")' config statement.
- lookup tables: improved error checking
- queue subsystem: add configuration parameter "queue.samplinginterval"
- bugfix core: errmsg.LogError now switches to dfltErrLogger just before shutdown
- bugfix core: fixed un-freed memory in non-transactional action using string-passing
- rsgtutil: option to specify KSI publications file certificate constraints
- omprog: bugfixes and enhancements
- bugfix imfile: ReopenOnTruncate processing, file open processing
- bugfix omlibdbi: libdbi-driver-sqlite3/2 requires to provide a path to
  database split into two strings:
  * absolute path, where the database file sits
  * database filename itself.
- bugfix RainerScript: issue in prifilt() function
  Initialize func-data(and to-be-freed flag) correctly for prifilt
  function-node
- bugfix omrelp: invalid module name imrelp was used in some error messages
- bugfix core: abort when persisting object state
- bugfix: segfault if hostname is unset on system
- bugfix external module perl skeleton: did not work properly
- bugfix build system: Fix detection of pthread_setschedparam() on platforms
  such as FreeBSD
- bugfix omelasticsearch: modifies constant memory under some circumstances
- "bugfix": theoretical queue file corruption when more than MAX_INT files
- bug fix/KSI: LOGSIG11 missing in the beginning of KSI log signature file
- bugfix template processor: missing escaping of backslash in json mode
- testbench improvements
2016-12-05 10:36:46 +00:00
fhajny
8b1a84ff88 Update sysutils/rsyslog to 8.22.0.
Version 8.22.0 [v8-stable] 2016-10-04
- ompgsql: add template support
  Thanks to Radu Gheorghe for implementing this.
- generate somewhat better error message on config file syntax error
  a common case (object at invalid location) has received it's own error
  message; for the rest we still rely on the generic flex/bison handler
- bugfix:omhiredis reconnects after failure
  previously it could loose messages under such conditions.
  Thanks to Bob Gregory for the patch.
- general cleanup and code improvement
  mostly guided by compiler warnings induced by newer opensuse builbot
  environment
------------------------------------------------------------------------------
Version 8.21.0 [v8-stable] 2016-08-23
- CHANGE OF BEHAVIOUR:
  by default, internal messages are no longer logged via the internal
  bridge to rsyslog but via the syslog() API call [either directly or
  via liblogging). For the typical single-rsyslogd-instance installation this
  is mostly unnoticable (except for some additional latency). If multiple
  instances are run, only the "main" (the one processing system log messages)
  will see all messages. To return to the old behaviour, do either of those
  two:
  1) add in rsyslog.conf:
     global(processInternalMessages="on")
  2) export the environment variable RSYSLOG_DFLT_LOG_INTERNAL=1
     This will set a new default - the value can still be overwritten via
     rsyslog.conf (method 1). Note that the environment variable must be
     set in your **startup script**.
  For more information, please visit
  http://www.rsyslog.com/rsyslog-error-reporting-improved/
- slightly improved TLS syslog error messages
- queue subsystem: improved robustness
  The .qi file is now persisted whenever an existing queue file is fully
  written and a new file is begun. This helps with rsyslog aborts, including
  the common case where the OS issues kill -9 because of insufficiently
  configured termination timout (this is an OS config error, but a frequent
  one). Also, a situation where an orphaned empty file could be left in the
  queue work directory has been fixed. We expect that this change causes
  fewer permanent queue failures.
- bugfix: build failed on some platforms due to missing include files
2016-10-20 10:05:11 +00:00
fhajny
db7b2b4175 Update sysutils/rsyslog to 8.19.0.
Version 8.19.0 [v8-stable] 2016-05-31
- NEW BUILD REQUIREMENT: autoconf-archive
- omelasticsearch: add option to permit unsigned certs (experimentally)
  This adds plumbing as suggested by Joerg Heinemann and Radu Gheorghe,
  but is otherwise untested. Chances are good it works. If you use it,
  please let us know your experience and most importantly any bug
  reports you may have.
  closes https://github.com/rsyslog/rsyslog/issues/89
- imrelp: better error codes on unvailablity of TLS options
  Most importantly, we will tell the user in clear words if specific TLS
  options are not available due to too-old GnuTLS.
  closes https://github.com/rsyslog/rsyslog/issues/1019
- default stack size for inputs has been explicitely set to 4MiB
  for most platforms, this means a reduction from the default of 10MiB, hower
  it may mean an increas for micro-libc's (some may have as low as 80KiB by
  default).
- testbench: We are now using libfaketime instead of faketime command line
  tool. Make sure you have installed the library and not just the binary!
- refactor stringbuf
  * use only a single string buffer
    ... both for the internal representation as well as the C-String one.
    The module originally tried to support embedded NUL characters, which
    over time has prooven to be not necessary. Rsyslog always encodes
    NUL into escape sequences.
    Also, the dual buffers were used inconsistently, which could lead to
    subtle bugs. With the single buffer, this does no longer happen and
    we also get some improved performance (should be noticable)
    and reduced memory use (a bit).
    closes https://github.com/rsyslog/rsyslog/issues/1033
  * removed no longer used code
  * internal API changes to reflect new needs
  * performance improvements
  * miscellaneous minor cleanup
- fix: potential misadressing in template config processing
  This could cause segfault on startup. Happens when template name shorter
  than two chars and outname is not set. Once we are over startup, things
  work reliably.
- bugfix omfile: async output file writing does not respect flushing
  neither parameter flushInterval nor flushOnTXEnd="on" was respected.
  closes https://github.com/rsyslog/rsyslog/issues/1054
- bugfix imfile: corrupted multi-line message when state data was persisted
  see also https://github.com/rsyslog/rsyslog/issues/874
  Thanks to Magnus Hyllander for the analysis and a patch suggestion.
- bugfix imfile: missing newline after first line of multiline message
  see also https://github.com/rsyslog/rsyslog/issues/843
  Thanks to Magnus Hyllander for the patch.
- bugfix: dynstats unusedMetricTtl bug
  Thanks to Janmejay Singh for fixing this.
- bugfix build system: build was broken on SunOS
  Thanks to Filip Hajny for the patch.
- bugfix: afterRun entry point not correctly called
  The entry point was called at the wrong spot, only when the thread
  had not already terminated by itself. This could cause various
  cleanup to not be done. This affected e.g. imjournal.
  closes https://github.com/rsyslog/rsyslog/issues/882
- bugfix dynstats: do not leak file handles
  Thanks to Janmejay Singh for the patch.
- bugfix omelasticsearch: disable libCURL signal handling
  previously, this could lead to segfaults on connection timeout
  see also https://github.com/rsyslog/rsyslog/pull/1007
  Thanks to Sai Ke WANG for the patch.
- bugfix omelasticsearc: some regressions were fixed
  * error file was no longer written
  * fix for some potential misaddressings
- improved wording: gnutls error message points to potential cause
  What GnutTLS returns us is very unspecific and somehwat misleading, so
  we point to what it most probably is (broken connect).
  see also https://github.com/rsyslog/rsyslog/issues/846
- some general code improvements
  * "fixed" cosmetic memory leaks at shutdown
- build system bugfix: configure can't find gss_acquire_cred on Solaris
  Thanks to github user vlmarek for the patch.
- improvements to the CI environment
  * improvements on the non-raciness of some tests
  * imdiag: avoid races in detecting queue empty status
    This reslolves cases where the testbench terminated rsyslog too early,
    resulting in potential message loss and test failure.
  * omkafka has now dynamic tests
    Thanks to Janmejay Singh for implementing them.
  * try to merge PR to master and run tests; this guards against cross-PR
    regressions and wasn't caught previously. Note that we skip this test
    if we cannot successfully merge. So this is not a replacement for a
    daily full "all-project integration test run".
  * travis has finally enabled elasticsearch tests
    ES was unfortunately not being regularly tested for quite a while due to
    missing environment. This lead to some regressions becoming undetected.
    These were now discovered thanks to the new support on travis. Also, this
    guards against future regressions.
  * imfile has now additional tests and overall better coverage
  * omfile has now additional tests
2016-06-17 14:14:04 +00:00
jperkin
d0a35e49a9 Build fixes for Darwin. 2016-04-22 16:52:14 +00:00
fhajny
21f57f9b84 Update syslog/rsyslog* to 8.18.0.
Version 8.18.0 [v8-stable] 2016-04-19
- testbench: When running privdrop tests testbench tries to drop
  user to "rsyslog", "syslog" or "daemon" when running as root and
  you don't explict set RSYSLOG_TESTUSER environment variable.
  Make sure the unprivileged testuser can write into tests/ dir!
- templates: add option to convert timestamps to UTC
  closes https://github.com/rsyslog/rsyslog/issues/730
- omjournal: fix segfault (regression in 8.17.0)
- imptcp: added AF_UNIX support
  Thanks to Nathan Brown for implementing this feature.
- new template options
  * compressSpace
  * date-utc
- redis: support for authentication
  Thanks to Manohar Ht for the patch
- omkafka: makes kafka-producer on-HUP restart optional
  As of now, omkafka kills and re-creates kafka-producer on HUP.
  This is not always desirable. This change introduces an action param
  (reopenOnHup="on|off") which allows user to control re-cycling of
  kafka-producer.
  It defaults to on (for backward compatibility). Off allows user to
  ignore HUP as far as kafka-producer is concerned.
  Thanks to Janmejay Singh for implementing this feature
- imfile: new "FreshStartTail" input parameter
  Thanks to Curu Wong for implementing this.
- omjournal: fix libfastjson API issues
  This module accessed private data members of libfastjson
- ommongodb: fix json API issues
  This module accessed private data members of libfastjson
- testbench improvements (more tests and more thourough tests)
  among others:
  - tests for omjournal added
  - tests for KSI subsystem
  - tests for priviledge drop statements
  - basic test for RELP with TLS
  - some previously disabled tests have been re-enabled
- dynamic stats subsystem: a couple of smaller changes
  they also involve the format, which is slightly incompatible to
  previous version. As this was out only very recently (last version),
  we considered this as acceptable.
  Thanks to Janmejay Singh for developing this.
- foreach loop: now also iterates over objects (not just arrays)
  Thanks to Janmejay Singh for developing this.
- improvements to the CI environment
- enhancement: queue subsystem is more robst in regard to some
  corruptions
  It is now detected if a .qi file states that the queue contains more
  records than there are actually inside the queue files. Previously this
  resulted in an emergency switch to direct mode, now the problem is only
  reported but processing continues.
- enhancement: Allow rsyslog to bind UDP ports even w/out specific
  interface being up at the moment.
  Alternatively, rsyslog could be ordered after networking, however,
  that might have some negative side effects. Also IP_FREEBIND is
  recommended by systemd documentation.
  Thanks to Nirmoy Das and Marius Tomaschewski for the patch.
- cleanup: removed no longer needed json-c compatibility layer
  as we now always use libfastjson, we do not need to support old
  versions of json-c (libfastjson was based on the newest json-c
  version at the time of the fork, which is the newest in regard
  to the compatibility layer)
- new External plugin for sending metrics to SPM Monitoring SaaS
  Thanks to Radu Gheorghe for the patch.
- bugfix imfile: fix memory corruption bug when appending @cee
  Thanks to Brian Knox for the patch.
- bugfix: memory misallocation if position.from and position.to is used
  a negative amount of memory is tried to be allocated if position.from
  is smaller than the buffer size (at least with json variables). This
  usually leads to a segfault.
  closes https://github.com/rsyslog/rsyslog/issues/915
- bugfix: fix potential memleak in TCP allowed sender definition
  depending on circumstances, a very small leak could happen on each
  HUP. This was caused by an invalid macro definition which did not rule
  out side effects.
- bugfix: $PrivDropToGroupID actually did a name lookup
  ... instead of using the provided ID
- bugfix: small memory leak in imfile
  Thanks to Tomas Heinrich for the patch.
- bugfix: double free in jsonmesg template
  There has to be actual json data in the message (from mmjsonparse,
  mmnormalize, imjournal, ...) to trigger the crash.
  Thanks to Tomas Heinrich for the patch.
- bugfix: incorrect formatting of stats when CEE/Json format is used
  This lead to ill-formed json being generated
- bugfix omfwd: new-style keepalive action parameters did not work
  due to being inconsistently spelled inside the code. Note that legacy
  parameters $keepalive... always worked
  see also: https://github.com/rsyslog/rsyslog/issues/916
  Thanks to Devin Christensen for alerting us and an analysis of the
  root cause.
- bugfix: memory leaks in logctl utility
  Detected by clang static analyzer. Note that these leaks CAN happen in
  practice and may even be pretty large. This was probably never detected
  because the tool is not often used.
- bugfix omrelp: fix segfault if no port action parameter was given
  closes https://github.com/rsyslog/rsyslog/issues/911
- bugfix imtcp: Messages not terminated by a NL were discarded
  ... upon connection termination.
  Thanks to Tomas Heinrich for the patch.
2016-04-21 09:16:43 +00:00
tnn
c1deee8421 teach it about NetBSD's pthread_setname_np(3) prototype 2016-03-13 08:15:59 +00:00
fhajny
597c71d225 Update sysutils/rsyslog to 8.16.0.
Version 8.16.0 [v8-stable] 2016-01-26
- rsgtutil: Added extraction support including loglines and hash chains.
- clean up doAction output module interface
- new system properties for $NOW properties based on UTC
- impstats: support broken ElasticSearch JSON implementation
- omelasticsearch: craft better URLs
- imfile: add experimental "reopenOnTruncate" parameter
- bugfix imfile: proper handling of inotify initialization failure
- bugfix imfile: potential segfault due to improper handling of ev var
- bugfix imfile: potential segfault under heavey load.
- bugfix ommail: invalid handling of server response
- bugfix omelasticsearch: custom serverport was ignored on some platforms
- bugfix: tarball did not include some testbench files
- bugfix: memory misadressing during config parsing string template
- bugfix imzmq: memory leak
- bugfix imzmq: memory leak
- bugfix omzmq: memory leak
- some code improvement and cleanup
2016-01-26 15:20:33 +00:00
fhajny
03e6fb437c Update rsyslog to 8.15.0
Switch to libfastjson, which will become a requirement in the next release.

- KSI Lib: Updated code to run with libksi 3.4.0.5
- KSI utilities: Added option to ser publication url.
- KSI Lib: Fixed wrong TLV container for KSI signatures from 0905 to 0906.
- KSI/GT Lib: Fixed multiple issues found using static analyzer
- performance improvement for configs with heavy use of JSON variables
- added pmpanngfw: contributed module for translating Palo Alto Networks
  logs.
- testbench: Changed valgrind option for imtcp-tls-basic-vg.sh
- pmciscoios: support for asterisk before timestamp added
- solr external output plugin much enhanced
- omrabbitmq: improvements
- add support for libfastjson (as a replacement for json-c)
- KSI utilities: somewhat improved error messages
- pmciscoios: support for some format variations
- support grok via new contributed module mmgrok
- omkafka: new statistics counter "maxoutqsize"
- improvments for 0mq modules:
  - omczmq: suspend / Retry handling - the output plugin can now recover
    from some error states due to issues with plugin startup or message
    sending
  - omczmq: refactored topic handling code for ZMQ_PUB output to be
    a little more efficient
  - omczmq: added ability to set a timeout for sends
  - omczmq: set topics can be in separate frame (default) or part
    of message frame (configurable)
  - omcmzq: code cleanup
  - imczmq: code cleanup
  - imczmq: fixed a couple of cases where vars could be used uninitialized
  - imczmq: ZMQ_ROUTER support
  - imczmq: Fix small memory leak from not freeing sockets  when done
    with them
  - allow creation of on demand ephemeral CurveZMQ certs for encryption.
- cleanup on code to unset a variable
- omelasticsearch: build on FreeBSD
- pmciscoios: fix some small issues clang static analyzer detected
- testbench: many improvements and some new tests
- overall code improvements thanks to clang static analyzer
- gnutls fix: Added possible fix for gnutls issue #575
- bugfix omkafka: restore ability to build on all platforms
- bugfix omkafka: fix potentially negative partition number
- bugfix: solve potential race in creation of additional action workers
- bugfix: potential memory leak in config parsing
- bugfix: small memory leak in loading template config
- bugfix: fix extra whitespace in property expansions
- bugfix: mmfields leaked memory if very large messages were processed
- bugfix: mmfields could add garbagge data to field
- bugfix: omhttpfs now also compiles with older json-c lib
- bugfix: memory leak in (contributed) module omhttpfs
- bugfix: parameter mismatch in error message for wrap() function
- bugfix: parameter mismatch in error message for random() function
- bugfix: divide by zero if max() function was provided zero
- bugfix: invalid mutex handling in omfile async write mode
- bugfix: fix inconsistent number processing
- bugfix: timezone() object: fix NULL pointer dereference
- bugfix omfile: memory addressing error if very long outchannel name used
2016-01-01 15:34:24 +00:00
wiedi
b47d0944e4 Fix rsyslog-elasticsearch build on systems that don't have O_LARGEFILE.
ok joerg@
2015-09-21 11:15:34 +00:00
fhajny
c3a1eba8f7 Update sysutils/rsyslog to 8.12.0.
Version 8.12.0 [v8-stable] 2015-08-11
- Harmonize resetConfigVariables values and defaults
  see also https://github.com/rsyslog/rsyslog/pull/413
  Thanks to Tomas Heinrich for the patch.
- GT/KSI: fix some issues in signature file format and add conversion tool
  The file format is incompatible to previous format, but tools have been
  upgraded to handle both and also an option been added to convert from
  old to new format.
- bugfix: ommysql did not work when gnutls was enabled
  as it turned out, this was due to a check for GnuTLS functions
  with the side-effect that
  AC_CHECK_LIB, by default, adds the lib to LIBS, if there is no
  explicit action, what was the case here. So everything was now
  linked against GnuTLS, which in turn made ommysql fail.
  Thanks to Thomas D. (whissi) for the analysis of the ommysql/gnutls
  problem and Thomas Heinrich for pointing out that AC_CHECK_LIB might
  be the culprit.
- bugfix omfile: potential memory leak on file close
  see also: https://github.com/rsyslog/rsyslog/pull/423
  Thanks to Robert Schiele for the patch.
- bugfix omfile: potential race in dynafile detection/creation
  This could lead to a segfault.
  Thanks to Tomas Heinrich for the patch.
- bugfix omfile: Fix race-condition detection in path-creation code
  The affected code is used to detect a race condition in between
  testing for the existence of a directory and creating it if it didn't
  exist.  The variable tracking the number of attempts wasn't reset for
  subsequent elements in the path, thus limiting the number of
  reattempts to one per the whole path, instead of one per each path
  element.
  This solution was provided by Martin Poole.
- bugfix parser subsystem: potential misadressing in SanitizeMsg()
  could lead to a segfault
  Thanks to Tomas Heinrich for the patch.
- imfile: files moved outside of directory are now (properly) handled
- bugfix: imfile: segfault when using startmsg.regex if first log line
  doesn't match
  Thanks to Ciprian Hacman for the patch.
- bugfix imfile: file table was corrupted when on file deletion
  This could happen when a file that was statically configured (not via an
  wildcard) was deleted.
- bugfix ompgsql: transaction were improperly handled
  now transaction support is solidly disabled until we have enough requests
  to implement it again. Module still works fine in single insert mode.
  closes https://github.com/rsyslog/rsyslog/issues/399
- bugfix mmjsonparse: memory leak if non-cee-json message is processed
  see also https://github.com/rsyslog/rsyslog/pull/383
  Thanks to Anton Matveenko for the patch
- testbench: remove raciness from UDP based tests
- testbench: added bash into all scripts makign it mandatory
- bugfix testbench: Fixed problem building syslog_caller util when
  liblogging-stdlog is not available.
  Thanks to Louis Bouchard for the patch
- bugfix rscryutil.1: Added fix checking for generate_man_pages condition
  Thanks to Radovan Sroka for the patch
- bugfix freebsd console: \n (NL) is prepended with \r (CR) in console
  output on freebsd only. For more details see here:
  https://github.com/rsyslog/rsyslog/issues/372
  Thanks to AlexandreFenyo for the patch
------------------------------------------------------------------------------
Version 8.11.0 [v8-stable] 2015-06-30
- new signature provider for Keyless Signature Infrastructure (KSI) added
- build system: re-enable use of "make distcheck"
- add new signature provider for Kesless Signature Infrastructure (KSI)
  This has also been added to existing tooling; KSI is kind of v2 of
  the Guardtime functionality and has been added in the appropriate
  places.
- bugfix imfile: regex multiline mode ignored escapeLF option
  Thanks to Ciprian Hacman for reporting the problem
  closes https://github.com/rsyslog/rsyslog/issues/370
- bugfix omkafka: fixed several concurrency issues, most of them related
  to dynamic topics.
  Thanks to Janmejay Singh for the patch.
- bugfix: execonlywhenpreviousissuspended did not work correctly
  This especially caused problems when an action with this attribute was
  configured with an action queue.
- bugfix core engine: ensured global variable atomicity
  This could lead to problems in RainerScript, as well as probably in other
  areas where global variables are used inside rsyslog. I wouldn't outrule
  it could lead to segfaults.
  Thanks to Janmejay Singh for the patch.
- bugfix imfile: segfault when using startmsg.regex because of empty log line
  closes https://github.com/rsyslog/rsyslog/issues/357
  Thanks to Ciprian Hacman for the patch.
- bugfix: build problem on Solaris
  Thanks to Dagobert Michelsen for reporting this and getting us up to
  speed on the openCWS build farm.
- bugfix: build system strndup was used even if not present
  now added compatibility function. This came up on Solaris builds.
  Thanks to Dagobert Michelsen for reporting the problem.
  closes https://github.com/rsyslog/rsyslog/issues/347
- bugfix imjournal: do not pass empty messages to rsyslog core
  this causes a crash of the daemon
  see also https://github.com/rsyslog/rsyslog/pull/412
  Thanks to Tomas Heinrich for the patch.
- bugfix imjournal: cosmetic memory leak
  very small and an shutdown only, so did not affect operations
  see also https://github.com/rsyslog/rsyslog/pull/411
  Thanks to Tomas Heinrich for the patch.
2015-08-26 00:55:33 +00:00
fhajny
118a3d7534 Update sysutils/rsyslog to 8.10.0.
Version 8.10.0 [v8-stable] 2015-05-19
- imfile: add capability to process multi-line messages based on regex
  input parameter "endmsg.regex" was added for that purpose. The new
  mode provides much more power in processing different multiline-formats.
- pmrfc3164: add new parameters
  * "detect.yearAfterTimestamp"
    This supports timestamps as generated e.g. by some Aruba Networks
    equipment.
  * "permit.squareBracesInHostname"
    Permits to use "hostnames" in the form of "[127.0.0.1]"; also seen in
    Aruba Networks equipment, but we strongly assume this can also happen
    in other cases, especially with IPv6.
- supplementary groups are now set when dropping privileges
  closes https://github.com/rsyslog/rsyslog/issues/296
  Thanks to Zach Lisinski for the patch.
- imfile: added brace glob expansion to wildcard
  Thanks to Zach Lisinski for the patch.
- zmq: add the ability for zeromq input and outputs to advertise their
  presence on UDP via the zbeacon API.
  Thanks to Brian Knox for the contribution.
- added omhttpfs: contributed module for writing to HDFS via HTTP
  Thanks to sskaje for the contribution.
- Configure option "--disable-debug-symbols" added which is disabled per
  default. If you set the new option, configure won't set the appropriate
  compiler flag to generate debug symbols anymore.
- When building from git source we now require rst2man and yacc (or a
  replacement like bison).
  That isn't any new requirement, we only added missing configure checks.
- Configure option "--enable-generate-man-pages" is now disabled for non git
  source builds per default but enforced when building from git source.
- mmpstrucdata: some code cleanup
  removed lots of early development debug outputs
- bugfix imuxsock: fix a crash when setting a hostname
  Setting a hostname via the legacy directive would lead to a crash
  during shutdown caused by a double-free.
  Thanks to Tomas Heinrich for the patch.
- bugfix: memory leak in mmpstrucdata
  Thanks to Gregoire Seux for reporting this issue.
  closes https://github.com/rsyslog/rsyslog/issues/310
- bugfix (minor): default action name: assigned number was one off
  see also https://github.com/rsyslog/rsyslog/pull/340
  Thanks to Tomas Heinrich for the patch.
- bugfix: memory leak in imfile
  A small leak happened each time a new file was monitored based on
  a wildcard. Depending on the rate of file creation, this could result
  in a serious memory leak.
2015-06-09 15:00:33 +00:00
fhajny
026a8e7b65 Update rsyslog to 8.7.0.
- add message metadata "system" to msg object
  this permits to store metadata alongside the message
- imfile: add support for "filename" metadata
  this is useful in cases where wildcards are used
- imptcp: make stats counter names consistent with what imudp, imtcp uses
- added new module "omkafka" to support writing to Apache Kafka
- omfwd: add new "udp.senddelay" parameter
- mmnormalize enhancements
- RainerScript "foreach" iterator and array reading support
- now requires liblognorm >= 1.0.2
- add support for systemd >= 209 library names
- BSD "ntp" facility (value 12) is now also supported in filter
- bugfix: global(localHostName="xxx") was not respected in all modules
- bugfix: emit correct error message on config-file-not-found
- bugfix: impstats emitted invalid JSON format (if JSON was selected)
- bugfix: (small) memory leak in omfile's outchannel code
- bugfix: imuxsock did not deactivate some code not supported by platform
2015-01-16 16:58:28 +00:00
fhajny
7a33e8ae91 Update rsyslog to 8.6.0.
Version 8.6.0 [v8-stable] 2014-12-02
 - configuration-setting rsyslogd command line options deprecated
 - new and enhanced plugins for 0mq. These are currently experimantal.
 - empty rulesets have been permitted. They no longer raise a syntax error.
 - add parameter -N3 to enable config check of partial config file
 - rsyslogd -e option has finally been removed
 - testbench improvements
 - testbench is now by default disabled
 - add new RainerScript functions warp() and replace()
 - mmnormalize can now also work on a variable
 - new property date options for day ordinal and week number
 - remove --enable-zlib configure option, we always require it
 - slight source-tree restructuring: contributed modules are now in their
   own ./contrib directory
 - bugfix: imudp makes rsyslog hang on shutdown when more than 1 thread used
 - bugfix: not all files closed on auto-backgrounding startup
 - bugfix: typo in queue configuration parameter made parameter unusable
 - bugfix: unitialized buffer off-by-one error in hostname generation
 - bugfix imuxsock: possible segfault when SysSock.Use="off"
 - bugfix: RainerScript: invalid ruleset names were accepted during ruleset
   defintion, but could of course not be used when e.g. calling a ruleset.
 - bugfix: some module entry points were not called for all modules callbacks
   like endCnfLoad() were primarily being called for input modules. This has
   been corrected. Note that this bugfix has some regression potential.
 - bugfix omlibdbi: connection was taken down in wrong thread
 - imttcp was removed because it was an incompleted experimental module
 - pmrfc3164sd because it was a custom module nobody used
 - omoracle was removed because it was orphaned and did not build/work
   for quite some years and nobody was interested in fixing it

Version 8.5.0 [v8-stable] 2014-10-24
 - imfile greatly refactored and support for wildcards added
 - PRI-handling code refactored for more clarity and robustness
 - ommail: add support for RainerScript config system [action() object]
 - refactored the auto-backgrounding method
 - make gntls tcp syslog driver emit more error messages
 - bugfix: imfile did not complain if configured file did not exist
 - bugfix: build failure on systems which don't have json_tokener_errors
 - imgssapi: log remote peer address in some error messages
2014-12-12 12:47:46 +00:00
fhajny
d54c233aac Update rsyslog to 8.4.2.
Version 8.4.2 [v8-stable] 2014-10-02
- bugfix: the fix for CVE-2014-3634 did not handle all cases. This is
  corrected now. see also: CVE-2014-3683
- fixed a build problem on some platforms. Thanks to Olaf for the patch
- behaviour change: "msg" of messages with invalid PRI set to "rawmsg"
  When the PRI is invalid, the rest of the header cannot be valid. So
  we move all of it to MSG and do not try to parse it out. Note that
  this is not directly related to the security issue but rather done
  because it makes most sense.

Version 8.4.1 [v8-stable] 2014-09-30
- imudp: add for bracketing mode, which makes parsing stats easier
- permit at-sign in variable names
  closes: https://github.com/rsyslog/rsyslog/issues/110
- bugfix: fix syntax error in anon_cc_numbers.py script
  Thanks to github user anthcourtney for the patch.
  closes: https://github.com/rsyslog/rsyslog/issues/109
- bugfix: ompgsql: don't loose uncomitted data on retry
  Thanks to Jared Johnson and Axel Rau for the patch.
- bugfix: imfile: if a state file for a different file name was set,
  that different file (name) was monitored instead of the configured
  one. Now, the state file is deleted and the correct file monitored.
  closes: https://github.com/rsyslog/rsyslog/issues/103
- bugfix: omudpspoof: source port was invalid
  Thanks to Pavel Levshin for the patch
- bugfix: build failure on systems which don't have json_tokener_errors
  Older versions of json-c need to use a different API (which don't
  exists on newer versions, unfortunately...)
  Thanks to Thomas D. for reporting this problem.
- bugfix: omelasticsearch does not work with broken/changed ES 1.0+ API
  closes: https://github.com/rsyslog/rsyslog/issues/104
- bugfix: mmanon did not properly anonymize IP addresses starting with '9'
  Thanks to defa-at-so36.net for reporting this problem.
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=529
- bugfix: build problems on SuSe Linux
  Thanks Andreas Stieger for the patch
- bugfix: omelasticsearch error file did not work correctly on ES 1.0+
  due to a breaking change in the ElasticSearch API.
  see also: https://github.com/rsyslog/rsyslog/issues/104
- bugfix: potential abort when a message with PRI > 191 was processed
  if the "pri-text" property was used in active templates, this could be
  abused to a remote denial of service from permitted senders
  see also: CVE-2014-3634
2014-10-26 21:11:09 +00:00
fhajny
6ecf8e9bd8 Import rsyslog-8.4.0 as sysutils/rsyslog* (based on wip/rsyslog8).
Rsyslog is an enhanced syslogd supporting, among others, MySQL,
PostgreSQL, failover log destinations, syslog/tcp, fine grain
output format control, high precision timestamps, queued operations
and the ability to filter on any message part. It is quite
compatible to stock sysklogd and can be used as a drop-in
replacement.
2014-09-05 07:15:41 +00:00