Happy new years! Add another action parameter `conninfo` that allows specifying
a postgres connection string. This enables us to use any of the postgres connection
parameters, particularly `sslmode` and `sslrootcert`.
Per the postgres docs, this connection string can be a URI or several key-value
pairs. https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING
Here's an example:
```
module(load="ompgsql")
action(
type="ompgsql"
conninfo="postgresql://postgres:password@localhost/Syslog?sslmode=require"
)
```
This addresses https://github.com/rsyslog/rsyslog/issues/4741 by allowing the
user to specify ssl options as part of the connection string. `libpq` will take
care of the rest.
This also addresses https://github.com/rsyslog/rsyslog/issues/4698 because
`libpq` is not constrained by MAXHOSTNAMELEN. Long hostnames will work.
`conninfo` can be specified in lieu of the other parameters. `ompgsql` will
prioritize using `conninfo` to connect over the other parameters.
Signed-off-by: Ameer Ghani <inahga@gmail.com>
The ruleset was incorrectly and unusably named. This was a regeression
from 4a63f8e9629c3c9481a8b6f9d7787e3b3304320b.
Many thanks to github user digirati82 for alerting us.
closes https://github.com/rsyslog/rsyslog/issues/4730
The permittedPeers settig was actually forgotten during the refactoring
of TLS input() level settings. This functionality is now added.
closes: https://github.com/rsyslog/rsyslog/issues/4706
- Added precompiler check to remove depreceated openssl API
SSL_CTX_set_ecdh_auto
- Should fix problems related to the TSAN check in PR4708
see also: https://github.com/rsyslog/rsyslog/pull/4708
The call rscript statement is able to call a rule set either synchronously or
asynchronously. We did this, because practice showed that both modes
are needed. For various reasons we decided to make async
calls if the ruleset has a queue assigned and sync if not.
To know if a "queue is assigned" we just checked if queue parameters were
given. It was overlookeded the case of someone explicitly specifying a
"direct queue", aka "no queue". As such, queue="direct" triggered async
calls. That in turn meant that when a write operation to a variable was
made inside that rule set, other rulesets could or could not see the
write. While if was often not seen, this was a data race where the
change could also be seen by the outside.
This is now fixed. No matter if queue.type="direct" is specified or
left out, the call will always by synchronous. Any values written to
variables will also be seen by the "outside world" in later processing
stages.
Note that this has some potential to BREAK EXISTING CONFIGURATIONS.
We deem this acceptable because:
1. this was racy at all, so unexpected behaviour could alwas occur
2. it is actually unlikely that someone used the triggering conditions
in practice. But we can not outrule this, especially when the
configuration was auto-generated.
Potential compatibility issues can be solved by defining a small
array-memory queue on the ruleset in question instead of specifying
direct type.
Again, we expect that almost all users will never experience any
problems. If you do, however, please let us know: we may add an
option to re-enable the bug.
tcpsrv.c:992:1: error: label at end of compound statement
finalize_it:
^~~~~~~~~~~
Quoting from pthread.h:
pthread_cleanup_push and pthread_cleanup_pop are macros and must always
be used in matching pairs at the same nesting level of braces.
Amends commit bcdd220142ec9eb106550195ba331fd114adb0bd.
While we handled missing PATH_MAX, we did not handle missing MAXPATHLEN.
This happens under GNU/Hurd, because there is no official limit. However,
extremely long pathes are extremely uncommon, so we do not want to
use slow dynamic alloc each time we need to build pathes. So we
impose a limit of 4KiB, which should be fairly enough. Note that
this obviously increases stack requirements in GNU/Hurd.
As suggested by Michael Biebl, we have now implemented a generic
approach to handle this via autoconf.
- Only apply default anon ciphers if gnutlsPriorityString is NULL and
Authentication Mode is set to anon. Otherwise we do not set them
as they overwrite custom Ciphers.
- Added two tests for custom cipher configuration (anon/certvalid mode).
- Add call for applyGnutlsPriorityString if gnutlsPriorityString changes.
- Merged openssl init code from Connect into osslInitSession
closes: https://github.com/rsyslog/rsyslog/issues/4686
Add NULL value handling for pDeqRoot. This caused seqfaults if
messages were discarded during dequeue.
Also fix iOverallQueueSize calculation (discarded items) in imdiag.
While building a testcase for issue #4437 , I discovered an issue with the
iOverallQueueSize counter not being substracting discarded messages. This caused
the testcase to fail with testcase timeout at the count of "discardMark" queue
setting.
closes: https://github.com/rsyslog/rsyslog/issues/4437
When $wday is used inside a template, all template parts after it
are ignored. For exmaple:
template(name="json_filename" type="string" string="/var/log/%$wday%.log")
would generate something like "/var/log/0" - the ".log" part would be
missing. For the same reason, $wday can not reliably checked in script
filters.
Thannks to Alain Thivillon for reporting the bug and providing an
excellent analysis, which essentiellay was exactly this fix here.
closes https://github.com/rsyslog/rsyslog/issues/4670
Rate limiting may not have worked if the considered message had already
been parsed (not having NEEDS_PARSING in msgFlags).
This affects also imuxsock in its default configuration
(useSpecialParser="true" and ratelimit.severity="1")
A test for imuxsock is included which requires
./configure --enable-liblogging-stdlog
If imfile is ingesting log files with readMode set to 2 or 1, the resulting
messages all have a '#' character at the end. This patch corrects the behaviour.
Note: if some external script "supported" the bug of extra hash character at
the end of line, it may be necessary to update them.
closes https://github.com/rsyslog/rsyslog/issues/4491
Test should have been added to commit 3d23c7ac8aea but was forgotten.
This test also showed an issue on Solaris, where NULL values cannot
be used in printf functions. This has also been addressed.
see also: https://github.com/rsyslog/rsyslog/pull/4627
Fixes a static, non-growing memory leak which existed when parameter
"GnutTLSPriorityString" was used. This was primarily a cosmetic issue,
but caused some grief during development in regard to memory leak
detectors.
Note: yes, this is for openssl -- the parameter name is history ;-)
Modules (like imtcp and imdiag) which use tcpsrv could abort or
otherwise malfunction if no listener for a specific input could
be started.
Found during implementing a new feature, no report from practice.
But could very well happen.
Brief overview:
TO configure tracking percentile metrics in rainerscript:
User would need to define:
- which percentile to track, such as [p50, p99, etc.]
- window size - note, this correlates directly with memory usage to
track the percentiles.
To track a value, user would call built-in function `percentile_observe()` in their configurations to
record an integer value, and percentile metrics would be emitted every
impstats interval.
