Why: Test assertions should prove the observable behavior operators rely
on, not just that rsyslogd wrote a message to its process streams.
Impact: Clarifies test-authoring and babysitting guidance for rsyslog
diagnostics.
Before/After: Tests could use stdout/stderr oracles without a clear
exception; guidance now prefers configured rsyslog output destinations
after synchronized shutdown.
Technical Overview: Add the authoritative rule to tests/AGENTS.md.
Point rsyslog_test at that rule when explaining test oracle
documentation. Add a review-time reminder to rsyslog_pr_babysitting so
PR feedback catches weak stdout/stderr diagnostic oracles. Exceptions
remain allowed when the tested behavior is process output or
configuration is not usable yet, but they must be documented in the test
header.
With the help of AI-Agents: OpenAI Codex
Why:
Test changes need comments that survive review and future maintenance.
The existing guidance required intent comments, but did not explicitly require
agents to cross-check the comment against the final test body.
Impact:
Documentation-only change for agent workflows.
Before/After:
Before, agents could add a broad intent comment without validating it against
the edited setup and oracle; after, the rule requires that consistency check.
Technical Overview:
Strengthen the top-level agent guide, the testbench agent guide, and the
rsyslog test skill with the same rule.
The rule now requires changed tests to verify that the head comment still
matches the actual setup, stimulus, oracle, and pass/fail conditions after the
edit.
This keeps test comments focused on semantics while avoiding stale or vague
headers during deflake work.
With the help of AI-Agents: Codex
Why: Testbench configurations must be able to run with legacy hBcdirectives disabled while keeping existing imdiag behavior available.
Impact: imdiag testbench setup now uses module parameters in both RainerScript and YAML-only configurations.
Before/After: Previously imdiag startup depended on * or an input helper; now module(load=...) can express the full setup.
Technical Overview:
- Add modern module parameters matching the existing * directives.
- Store module values in modConfData_t while config loading is active.
- Start the diagnostic listener from endCnfLoad after module values are known.
- Preserve legacy handlers and the old input surface for compatibility.
- Generate testbench imdiag setup as module-scoped instrumentation.
- Add a legacy-disabled validation test and update docs accordingly.
With the help of AI-Agents: Codex
Why:
Regular PR CI should keep useful coverage without spending every run on
very slow QEMU lanes, and the tests touched here should have deterministic
oracles under the broader PR check load.
Impact:
PR CI now runs regular checks at `-j10`, keeps native arm64 ASan and adds
i386 coverage, while slow armhf and s390x QEMU coverage moves out of the
regular PR gate.
Before/After:
Before, the PR workflow mixed native arm64 with slow armhf and s390x QEMU
jobs and several tests depended on host timing, queue volume, or fixture
ordering. After, the PR workflow uses native arm64 plus Debian 13 i386 and
the touched tests assert their intended behavior more directly.
Technical Overview:
Update `run_checks.yml` so regular PR check jobs use `-j10` instead of the
older lower per-job check parallelism.
Replace the PR cross-architecture matrix with a dedicated native arm64
ASan job and a Debian 13 `linux/386` job.
Remove the unconditional cross-arch test-log artifact collection while
keeping failure-only log output in the Actions UI.
Fix imdiag response formatting so truncated `vsnprintf()` output cannot
make `send()` read past the response buffer.
Make DA and diskqueue truncated-segment tests count persisted queue
segments and accept phase-1 setup only when it has enough corruptable tail
for the later corruption oracle.
Add DA recovery progress diagnostics without weakening the quarantine and
clean-live-queue oracle.
Pace omfwd one-target retry injection and use the sequence oracle instead
of relying on a post-injection sleep.
Write imfile wildcard payloads through non-matching temporary names and
atomic rename so imfile does not first observe empty matching files.
Extend the MySQL async enqueue timeout while preserving the queue-size
invariant used by the backpressure test.
Make the RELP OpenSSL auth-failure CPU sampler interval-aware and document
its busy-loop regression oracle.
Wait for the final truncate batch in `imfile-truncate-multiple.sh`, matching
the earlier batch checks.
Document that new or changed tests should state their intent and any timing,
retry, or sampling oracle inline.
With the help of AI-Agents: Codex
Why
Rsyslog's test suite and documentation used a mix of the bash-specific
"source" command and the portable POSIX "." command. This inconsistency
caused issues with repo-policy checks and potential portability
concerns.
Impact
Testing and documentation. All test wrappers in tests/ and guidance
in READMEs and skills now consistently use the POSIX standard.
Before/After
Before: 200+ files used "source", others used ".".
After: "source" is replaced by "." for script inclusion across the
repository. Repo-policy checks are tightened to enforce this.
Closes: https://github.com/rsyslog/rsyslog/issues/6635
- imdiag: add 5 module-scope config params to control key queue timeouts
(mainmsgqueuetimeoutshutdown, mainmsgqueuetimeoutenqueue,
inputshutdowntimeout, defaultactionqueuetimeoutshutdown,
defaultactionqueuetimeoutenqueue); these replace per-test legacy
$MainMsg* directives and eliminate races on slow machines (Solaris)
- imdiag: add assert(0) for unhandled params in setModCnf/newInpInst
- imdiag: modExit sets abortTimeout=-1 after joining timeoutGuard thread
to prevent double-cancel if resetConfigVariables runs afterwards
- diag.sh: generate_conf --yaml-only flag for YAML-only test mode
- diag.sh: yaml preamble uses new imdiag module params
- diag.sh: add RSTB_MAIN_Q_TO_ENQUEUE separate from action queue var
- diag.sh: restore .started with instance-ID suffix for content_check
- diag.sh: wait_startup() uses imdiag port file for startup detection
- tests: add yaml-basic-yamlonly.sh smoke test
- doc: 6 new reference pages for new imdiag params (with meta blocks)
- doc: imdiag.rst updated with new module-scope params table
- doc: dev_testbench.rst corrected .started vs port-file description
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Why:
Tests that exercise the YAML configuration loader need to run without
any RainerScript preamble. The existing generate_conf function always
writes a .conf file using legacy and RainerScript directives, making it
impossible to test pure-YAML startup paths.
Technical Overview:
- imdiag: replace EMPTY_STRUCT with real modConfData_s fields; add
BEGINsetModCnf (listenportfilename, aborttimeout), BEGINendCnfLoad,
BEGINnewInpInst (port), and the three STD_CONF2 queryEtryPt macros.
Legacy $IMDiag* directives are preserved unchanged. Fix a NULL
deref in addTCPListener when pszLstnPortFileName is not set.
- diag.sh: generate_conf gains a --yaml-only flag that writes a pure
YAML preamble (version/global/mainqueue/modules/inputs) instead of a
.conf file. net.ipprotocol is resolved before the preamble is written
to avoid a duplicate global: key. add_yaml_conf() mirrors add_conf()
for the yaml path. startup_common selects .yaml when
RSYSLOG_YAML_ONLY=1. wait_startup comment documents that .started is
absent in yaml-only mode and that the OR logic handles it.
- tests/yaml-basic-yamlonly.sh: new test exercising the yaml-only path
end-to-end (imtcp, 100 messages, seq_check).
- tests/Makefile.am: register yaml-basic-yamlonly.sh under TESTS_LIBYAML.
- tests/AGENTS.md: document the yaml-only mode, its limitations, and
the expected naming/registration conventions.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Introduce a dedicated rsyslog_config agent skill that captures the
dual-frontend config architecture (RainerScript grammar + yamlconf.c)
and the parity rules that must be observed whenever the config layer
is extended.
Key additions:
- .agent/skills/rsyslog_config/SKILL.md: full skill covering the shared
backend model, a parity table for each change type, key file index,
YAML test conventions, and documentation requirements.
- AGENTS.md: register rsyslog_config in the skills table.
- runtime/AGENTS.md: add yamlconf.c/h to key components with an
explicit cross-reference to the parity rule.
- tests/AGENTS.md: add config format coverage rule and YAML test
naming/registration conventions.
- plugins/AGENTS.md: extend the parameter documentation rule to include
YAML examples, and note that new statement/block types require
yamlconf.c changes.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Non-technical: centralize and reuse rate-limit definitions so admins
can apply consistent policies across listeners. This is part of an
ongoing series to improve rate limiting and its manageability.
Before: inputs set per-listener interval/burst ad hoc.
After: inputs can reference a named ratelimit() policy shared across
listeners; per-listener values remain as fallback.
Impact: New ratelimit() object and RateLimit.Name param for imtcp/imptcp.
If a policy file is configured but libyaml is unavailable, config fails.
Technical details:
- Add top-level ratelimit() Rainerscript object. Parsed in rsconf and
stored in a central registry (hashtable + rwlock) on rsconf.
- New runtime API: ratelimitAddConfig(), ratelimitNewFromConfig(), plus
cfgs init/destruct on rsconf lifecycle.
- imtcp/imptcp accept RateLimit.Name; when set, tcpsrv/imptcp build the
ratelimiter from the named policy; otherwise legacy interval/burst is
used. Thread-safety retained via ratelimitSetThreadSafe().
- tcpsrv gains ownership helpers for listener params and frees them on
errors; imtcp explicitly transfers ownership and nulls the pointer.
- Optional libyaml: detected at configure; runtime parser loads simple
key/value policy files (interval, burst, severity).
- Docs: new ratelimit object page; imtcp/imptcp parameter references and
module docs updated; design-decisions note added for libyaml.
- Tests: add ratelimit_name.sh (guarded for imtcp+imptcp) to validate
named policy application and observable throttling.
Refs: https://github.com/rsyslog/rsyslog/issues/6201
With the help of AI-Agents: Antigravity
imudp: add ratelimit.name support
This commit adds the `ratelimit.name` parameter to imudp, allowing listeners
to utilize the global rate limit registry (shared state).
Features:
- New `ratelimit.name` string parameter.
- Integration with `ratelimitNewFromConfig`.
- Strict mutual exclusivity: specifying `ratelimit.name` prohibits the use
of legacy per-listener parameters (`ratelimit.burst`, `ratelimit.interval`).
If a conflict occurs, an error is logged and the named rate limit takes precedence.
- Updated documentation.
- New regression test `tests/imudp_ratelimit_name.sh`.
With the help of AI Agent: Google Antigravity
Update AGENTS.md and subordinate guides to recommend incremental
builds via 'make check TESTS=""'. This avoids redundant autogen and
configure steps during iterative development.
With the help of AI-Agents: Google Jules
... for trailing extra-data removal.
Add configurable mechanism to detect and remove trailing extra-data sections
from messages before parsing. This addresses cases where third-party enrichers
append non-standard data (e.g., "enrichment_section: fromhost-ip=...") that
can interfere with Snare event parsing.
The ignoreTrailingPattern parameter can be set at both module and action
levels, with action-level values overriding module defaults. When configured,
the parser searches for the pattern in trailing positions (after the last
tab-separated token). If found, the message is truncated at the start of the
last token, removing the entire trailing section including any preceding
content in that token (e.g., dynamic numeric prefixes).
The truncated extra-data section is optionally exposed as a !extradata_section
message property, allowing downstream processing to access the removed content
if needed (e.g., for extracting sender IP addresses).
Implementation details:
- Pattern matching is literal string-based (not regex)
- Truncation only occurs when pattern appears in valid trailing positions
- Conservative detection for non-tab messages (last 20% or 200 chars)
- Proper memory management for pattern strings and extra-data sections
- No changes to existing behavior when parameter is not set
Added test case mmsnareparse-trailing-extradata.sh with anonymized sample
data validating Event ID 13 parsing with trailing enrichment section.
Updated documentation in doc/source/configuration/modules/mmsnareparse.rst
with parameter description and usage notes.
docs: enhance AGENTS.md with WSL build/test instructions
Added complete dependency installation, module-specific configure examples,
test execution patterns, and debugging workflow based
on actual development sessions.
Co-authored-by: alorbach <alorbach@adiscon.com>
* AI: align AGENTS.md and README; expand harness tips
This refines testbench docs for both AI agents and human operators.
Goal: clearer authoring guidance and a smoother quickstart so agents
produce higher-quality tests and contributors run them reliably.
Before/After: scattered guidance across files -> cross-linked docs with
explicit helper usage, Valgrind wrapper patterns, and quickstart.
Non-technical rationale:
This improves maintainability and AI readiness by giving agents concrete
patterns and reducing duplicate boilerplate. It also aligns operator docs
with the harness so CI and local runs behave consistently.
With the help of AI Agents: ChatGPT, gemini
