rsyslog/rsyslog
1
0
Fork 0
mirror of https://github.com/rsyslog/rsyslog.git synced 2025-12-13 08:20:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
rsyslog/ChangeLog
Rainer Gerhards 17bbdb4612
maintain ChangeLog
2025-10-15 18:47:55 +02:00

17861 lines
1011 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

----------------------------------------------------------------------------------------
Scheduled Release 8.2512.0 (aka 2025.10) 2025-12-0?
- overall improved documentation via a large set of topic updates.
- 2025-10-15: ossl bugfix: ensure peer cert is freed in osslChkPeerAuth
Ensure osslChkPeerAuth starts with a null peer-certificate pointer and
frees any retrieved X509 certificate so OpenSSL allocations from
SSL_get_peer_certificate do not leak after TLS handshakes.
Thanks to Attila Lakatos for the patch.
- 2025-10-13: Add MbedTLS netstream driver.
Thanks to Stephane Adenot for the patch and the great cooperation on this PR.
- 2025-10-07: imptcp: fix null pointer dereference in error logging
Prevents potential crashes when logging connection failures where peer
name or IP information is unavailable.
The compiler detected a potential null pointer dereference in the
addSess() error cleanup path. When NULL_CHECK() macros fail and jump to
finalize_it, the peerName and peerIP parameters could be NULL but were
passed directly to propGetSzStr() in LogError().
Original error: ../../runtime/prop.h:66:18: error: potential null
pointer dereference [-Werror=null-dereference] 66 | return
(pThis->len < CONF_PROP_BUFSIZE) ? pThis->szVal.sz : pThis->szVal.psz; |
Thanks to Attila Lakatos for the patch.
- 2025-10-06: CI: fix imtcp-tls-gibberish being executed in non-TLS builds
This tool requires rsyslog to build with TLS support. If not present,
the test will always fail. This is solved by executing it only if gnutls
is enabled. As this is a fequently tested environment, this does not
reduce test coverage. It is easier to do then checking for both gnutls
and openssl.
Many thanks to Michael Biebl for bringing this to our attention.
closes https://github.com/rsyslog/rsyslog/issues/6224
----------------------------------------------------------------------------------------
Scheduled Release 8.2510.0 (aka 2025.10) 2025-10-14
- overall improved documentation via a large set of topic updates.
- overall improvments in build systems and CI testing
- overall refectoring to make code better understandable (e.g.
more doxygen Comments)
- 2025-10-05: mmjsonparse: add find-json mode for embedded JSON
Plain JSON embedded in text is common in production logs. This change
lets users parse such logs without cookies, improving ease of use and
lowering onboarding friction while keeping legacy behavior intact.
Before/After: cookie-only JSON -> find-json parses first top-level {}.
Impact: Default behavior unchanged. New mode and counters are opt-in.
- 2025-10-03: mmjsontransform: add experimental JSON dotted-key (un)flatten
Real-world need: unflatten dotted JSON into nested objects, and optionally
flatten back for downstream tools. This introduces a general transformer
with a dedicated output tree. Interface is intentionally unstable.
Impact: New module behind --enable-mmjsontransform; no default behavior
changes. New tests and docs added. Parameters and behavior may change.
Add mmjsontransform, a message modification module that rewrites dotted
JSON keys. By default it "unflattens" an input object to nested containers
and stores the result in a configured output property. A mode parameter
also supports "flatten" to collapse nested trees into dotted keys. The
action refuses to overwrite an existing destination, validates that input
is a JSON object, and reports conflicts with precise key paths. Per-action
config is immutable; workers hold pointers only, so no extra locking. Docs
(Sphinx + parameter refs) and doxygen coverage included, plus a regression
test exercising nested arrays/objects. Build system and CI scripts gain
--enable-mmjsontransform and a basic test hook. An experimental companion
mmjsonrewrite module is wired similarly for dotted-key expansion.
Before/After: Previously no built-in JSON un/flatten; now an action can
unflatten (default) or flatten JSON into a separate message property.
- 2025-10-01: mmsnareparse: comprehensive Windows Security Event Log parser
Implement complete NXLog Snare-formatted Windows Security event parser
with multi-format support (RFC5424/RFC3164), 100+ field patterns, and
advanced features including GUID/IP/timestamp type detection, runtime
configuration, enhanced validation modes, and comprehensive test suite.
Features:
- Parse major Windows security event types (4624, 4625, 4634, etc.)
- Extract structured data into configurable JSON containers (!win default)
- Handle modern Windows telemetry (LAPS, TLS, WDAC, WUFB, Kerberos)
- Type-aware parsing with validation and fallback handling
- Runtime configuration support for custom field patterns
- Thread-safe design with no shared mutable state
- 9 comprehensive test scripts covering all functionality
Impact: Enables structured analysis of Windows Security events for
SIEM integration, threat detection, and compliance reporting while
preserving original payloads for forensic investigation.
- 2025-10-01: omkafka: restore producev fallback for older librdkafka
Reason: keep omkafka building across librdkafka versions, including
newer distro toolchains and legacy environments, to reduce friction
for users and CI/container images.
Before: builds failed or used unsupported code paths with some
librdkafka versions; header config could silently miscompile.
After: feature-detect produceva/headers, fall back to legacy produce,
and reject header config when not supported.
Impact: possible configuration-time error if kafka headers are set
but the installed librdkafka lacks header support.
This change introduces compile-time feature detection. When
produceva is available, we use the vector API; otherwise we fall back
to the classic produce path and adjust error handling accordingly.
Header support is compiled only when the library provides it; the
instance struct and cleanup are guarded to match. A missing
RD_KAFKA_VERSION is defined to avoid preprocessor failures. No queue
or OMODTX semantics are changed; HUP and stats remain unaffected. No
public API/ABI is exposed from omkafka, so impact is limited to build
and configuration behavior.
- 2025-09-29: omelasticserach: detect server version and adjust config
On startup, omelasticsearch now detects server version and platform
(ES/openSearch) and adjust config parameters accordingly. This is
also a change that we can use as a base for further auto-tuning.
- 2025-09-29: add source port to imtcp user-targeting messages
All error, warning etc messages that specify the remote peer via
hostname or IP now also give the source port to provide a unified
logging experience.
- 2025-09-28: ci: add openEuler 24.03 LTS container and CI job
Add an openEuler 24.03 LTS development container and wire it into CI to
validate builds on that platform.
Why: expand RPM-based coverage and catch distro-specific build issues
early.
Impact: CI-only. No runtime or API changes.
Before: no openEuler container or CI job; build breakage went unnoticed.
After: dedicated container and matrix entry compile and run unit tests
on openEuler.
Notes: module and test coverage may differ on openEuler; track gaps in
follow-up issues.
- 2025-09-25: omelasticsearch: omit _type by default; use typeless endpoint
Newer Elasticsearch versions reject typed APIs. This adapts the module
so shipping works out of the box with modern clusters and keeps the
codebase aligned with typeless ES conventions.
Impact: bulk metadata no longer includes _type unless explicitly set.
Old setups that relied on a default "events" type (ES < 8) may need
explicit configuration.
Technically, the default searchType is now NULL
(OMES_SEARCHTYPE_DEFAULT). setPostURL continues to route requests to
the typeless /_doc endpoint, but bulk metadata is generated without a
_type field when searchType is unset. The legacy default "events" for
ES < 8 is removed. Tests are updated to stop passing searchType, and
the searchType-empty test is dropped to reflect the new default. No
OMODTX or action-queue semantics change.
Closes: https://github.com/rsyslog/rsyslog/issues/5060
- 2025-09-25: template: add jsonftree option for nested jsonf output
We want easy nested JSON to match common schemas (e.g., Elastic ECS)
without external processors. This introduces an opt-in mode so existing
jsonf users keep exact behavior while enabling structured output when
requested.
Impact: No change unless option.jsonftree is enabled. With jsonftree,
dotted outnames render as nested objects; empty containers are skipped.
On name collisions (object vs value), we fall back to flat rendering.
Before: jsonf always emitted flat name/value pairs, even for dotted
outnames. After: jsonf remains flat by default; enabling jsonftree makes
"host.hostname" and "host.ip" render as {"host":{"hostname":...,"ip":...}}.
Technically, we add option.jsonftree to templates. When set, we lazily
build a per-template JSON tree (tplJsonNode) from dotted segments and
render it in one pass, reusing existing jsonf formatting for leaves.
The tree state is tracked on the template and freed on template delete.
Config parsing enforces mutual exclusivity among sql, stdsql, json,
jsonf, and jsonftree. Constants record bJSONf to reuse serialized
fragments. Tests cover nested output and pure-json cases using
option.jsonftree.
- 2025-09-23: musrmsg bugfix: potential null pointer dereference causes segfault
If there is no user in the data base with user ID uid, getpwuid() returns a null
pointer value. Therefore, it is necessary to check the return value of the function
to prevent segfault caused by dereference of null pointer.
In addition:
[1] Free the memory allocated for the current session identifier sessions_list[j]
to prevent a memory leak.
[2] Use LogError instead of dbgprintf to display error reports to the user.
Many thanks to Qiumiao Zhang for the patch.
- 2025-09-22: mmleefparse: new message modification module for LEEF format
This parses the LEEF message (if it is) and creates a JSON subtree.
The current implementation is PoC and will be provided to gather
early review.
Changes, including breaking changes, may happen in future versions of
this module.
- 2025-09-21: tests/omelasticsearch: align suite with ES 7.14, reduce flakiness
Non-technical: test flakiness makes it hard to validate unrelated changes.
This aligns omelasticsearch tests with ES 7.14 defaults to get the
testbench back to a deterministic state and pave the way for further
modernization.
Impact: test behavior changes; one test skipped; CI coverage slightly reduced.
Before: tests mixed ES 6-era types and ad-hoc tarball picks; deprecation
checks intermittently failed and retries were brittle. After: tests use the
7.14.1 tarball via diag.sh default, typeless mappings, and `_doc` type in
omelasticsearch actions; known-flaky bulk-retry test is skipped for now.
- 2025-09-17: imtcp: warn on TLS handshakes received on plain listeners
Admins often report "gibberish" when a TLS-enabled sender connects to a
plain imtcp port. Making the mismatch explicit reduces operator confusion
and support churn, and points directly to remediation.
Impact: logs one explicit error per mismatched connection; no change to
parsing or transport on plain listeners.
Before/After: before, ClientHello bytes were ingested as binary with no
hint; after, imtcp detects a TLS ClientHello on ptcp and logs a clear
message with a troubleshooting URL.
Technically, we add a small per-session probe in tcps_sess_t and sample
the first 5 bytes of new sessions. If the record header matches a TLS
handshake (type 0x16, version 0x03.000x04, length 4016384) and the
listener is plain TCP (streamDriver.mode=0), we emit a single error and
disable further probing for that session. The probe is called from
DataRcvd() and returns RS_RET_SERVER_NO_TLS when triggered; the session
is otherwise left untouched.
Runtime: introduce RS_RET_SERVER_NO_TLS (-2465) to tag the condition.
Docs: add imtcp troubleshooting section and a dedicated FAQ page.
Tests/tools: add test imtcp-tls-gibberish.sh and extend tcpflood with
-H to send only a ClientHello (OpenSSL and GnuTLS paths tolerate early
termination and non-blocking I/O for this mode).
- 2025-09-17: build: fix err on systems with pkg-config but not libgcrypt-config
Build did not succeed on some platforms due to invalid confgure check.
This has been resolved.
The AC_CHECK_PROG macro requires a value-if-found parameter
and an optional value-if-not-found parameter
Fix by adding the value-if-found parameter
Also handle the situation where there's no libgcrypt.pc
file for libgcrypt versions before 1.8.4
Thanks to Zhang Wen for analysis and patch.
- 2025-09-16: core: add fromhost-port message property
Some deployments need to disambiguate multiple senders sharing an IP,
for example autossh or similar tunnel setups. Exposing the source port
improves observability and lets pipelines key on a stable tuple.
Impact: new property/JSON field; tcps_sess IF v4; out-of-tree modules
must rebuild.
Before: messages exposed fromhost and fromhost-ip only.
After: messages also expose fromhost-port and jsonmesg includes it.
Introduce PROP_FROMHOST_PORT and wire it through msg.{h,c}. For TCP,
capture the remote port on accept, store it in tcps_sess, and attach it
to the msg on submit. For other inputs, resolveDNS derives the port from
the sockaddr when available; local inputs return an empty string. Add a
getter, duplication and destructor handling, and name<->ID mapping. Add
the field to jsonmesg output. Update docs, lexer keywords, and the
external plugin interface doc (property is modifiable). Bump
tcps_sessCURR_IF_VERSION to 4 and add SetHostPort() to the interface.
Include a focused test (fromhost-port.sh) that verifies the property.
Non-technical rationale: allow identification by (fromhost-ip,
fromhost-port) where IP alone is shared across systems (e.g., autossh).
- 2025-09-15: tls: process TLS 1.3 KeyUpdate during send (ossl/gtls)
Handle post-handshake KeyUpdate by driving a minimal non-blocking read when the
TLS library requests READ during Send(). This prevents stalls when servers send
TLS 1.3 KeyUpdate and aligns behavior with RFC 8446 §4.6.3.
- nsd_ossl.c: SSL_ERROR_WANT_READ => small SSL_read(), then retry write
- nsd_gtls.c: E_AGAIN/E_INTERRUPTED with READ direction => small gnutls_record_recv(), then retry write
Backward-compatible and only active when the TLS stack signals a need to read.
Implemented with help for Cursor tool by Andre Lorbach.
closes: https://github.com/rsyslog/rsyslog/issues/5627
- 2025-09-12: docker: fix collector, udp and tcp could not be enabled individually
If either one was disabled, so was the other one as well.
- 2025-09-11: ommongodb: add support for mongo-c-driver v2
Update pkg-config check for v2 of mongo-c-driver
The name of the pkg-config file has changed from libmongoc-1.0.pc to
mongoc2.pc. First try the new version and keep the old version as
fallback.
In version 1.13.0, the headers were re-organized and the preferred way
of including the headers are <mongoc/mongo.h> and <bson/bson.h>.
Forwarding headers to keep backwards compatibility were introduced that
have been removed in v2.
To support building on CentOS 7 and Ubuntu 18, which ship versions older
than 1.13.0, keep using the old include names for v1 and use the new
include names for v2.
Once the minimum version of mongo-c-driver is bumped to >= 1.13.0, this
fallback can be dropped.
Thanks: Michael Biebl for the patch and his help on the issue in general.
- 2025-09-10: config script: add b64_decode function
This PR provides a new Rainerscript function: b64_decode.
This function is based on RFC4648.
Thanks to Kevin Guillemot for the patch.
- 2025-09-09: imdocker: Add image name to metadata fields
Exposes the image name and tag of the source container (what the Docker API simply
calls Image) as an additional metadata value alongside the existing ones.
Why?
While the ImageID is available today, a SHA hash is not a particularly user-friendly
way to identify what is actually generating the logs.
The image name provides a simple, easy-to-read identifier for the common scenario
where an unmodified application image is used.
Thanks to Will Robertson for the patch.
- 2025-09-09: ci: improve Codecov uploads; deflake kafka topics
Motivation: code coverage reports were incomplete. This lays a better
base for consistent reporting via GitHub Actions, with room for follow-ups.
It also removes a test flake source in Kafka jobs.
Impact: CI/tests only; no runtime behavior or ABI changes expected.
Before: Coverage uploads were inconsistent; Kafka tests could hang while
reading from /dev/urandom to generate topic names.
After: Coverage is collected with lcov and uploaded via a dedicated GH
Action; Kafka topics use fast $RANDOM-based hex, avoiding early-boot
entropy stalls.
- 2025-09-06: rainerscript: add toupper() function
Add a RainerScript function to convert strings to uppercase. The
implementation mirrors tolower() but operates per-byte using
toupper(). Tests demonstrate the new function, documentation and
ChangeLog entries added.
closes: https://github.com/rsyslog/rsyslog/issues/3666
- 2025-09-06: devtools: Specify usage of clang-format-18 to pin v18
Thanks to Will Robertson for the patch.
- 2025-09-05: CI: re-enabled CodeCov integration
There may still be some quirks, but basically it works again.
- 2025-09-05: doc: restore missing doc files in configure.ac
The docs build has been failing because doc/source/conf_helpers.py was
removed, but Sphinx imports it from conf.py. This reintroduces the
helper module so the documentation can be built again.
Regression introduced by:
https://github.com/rsyslog/rsyslog/commit/ba762b653331f3c97ba2da91cf6a0ab602e6243c
Impact: restores local and CI doc builds; no runtime behavior change.
Before: sphinx-build failed with ImportError for conf_helpers.
After: sphinx-build completes successfully.
- 2025-09-04: build: use pkg_config for libgcrypt
This fixes failing builds in newer platforms.
Old method had been depricated and finally is no longer available. We fall
back to old method if pkg_config for libgcrypt is not available on the build
system.
Thanks to github user schrotthaufen for the patch.
- 2025-09-03: omrelp: keep-alive support added
- 2025-09-03: build: some cross-platform enhancents, especially for
MacOS/Darwin
- 2025-09-03: tests: add -w port file option to tcpflood
Adds -w option to tcpflood to write its local port to a file.
This permits to craft tests which need the source port number from the
connecting client.
- 2025-09-03: imhttp: optional auth + Content-Length for metrics/health
Harden default endpoints for cloud-native use: make health/metrics
scrapes proxy-friendly and allow locking them down with Basic Auth.
This aligns imhttp with common Kubernetes/Prometheus patterns and
supports metrics-only deployments.
Impact: /metrics now exports full rsyslog stats with Content-Length;
health and metrics can be gated via htpasswd; unified 500 on failures.
Technical details:
- Add module params: healthCheckBasicAuthFile and metricsBasicAuthFile.
When set, attach a Basic Auth handler that reads an htpasswd file;
reuse the same handler for per-input endpoints by passing the file via
cbdata.
- Rework Prometheus handler to collect data through statsobj in
Prometheus format. Accumulate lines into a growable buffer with
overflow checks, append an imhttp_up gauge, then reply with an
explicit Content-Length and close the connection.
- Fix metrics buffer termination to use a single NUL byte; prevent a
leak when buffer growth fails; consolidate error paths so the buffer is
freed and a single HTTP 500 is emitted.
- Docs: describe new auth options, clarify default paths, document that
metrics responses carry Content-Length, and add examples (including
metrics-only setups).
Before/After: metrics previously exposed a minimal body without auth;
now they export full rsyslog stats with optional Basic Auth and a
Content-Length header.
- 2025-09-02: imrelp: fix potential segfault on termination
A segfault could occur during module termination within the rsyslog shutdown
process. That in turn could lead to e.g. damage state files or disk queue
files.
Thanks to Sourav Sharma for analyzing and fixing this issue.
- 2025-08-28: core/queue: some refactoring for better code clarity
The enhanced clarity not only helps with understanding but also is the bases
for better manual and automatted analysis, thus maintenance.
- 2025-08-28: CI: ensure static analyzer script only runs when actually needed
Also
- auto-abort on re-push
- some minor tweaks
- 2025-08-28: ci: add spellcheck workflow
Add a GitHub Actions job using codespell to check Sphinx docs in doc/source.
This helps catch spelling errors early and improves documentation quality.
With help from AI-Agent: ChatGPT
- 2025-08-28: CI: add github action security analysis
Thanks to Kevin Backhouse for the patch.
- 2025-08-28: doc: systematic typo fixes for documentation files, add checker
After we received single typo fixes, we carried out a systematic approach
for the rest of the documentation. It should now be typo-free.
As a safeguard, we added a new CI action for doc spellchecking.
- 2025-08-28: doc: fix typos
Thanks to Madhushree and Naisthecreator for the patch.
- 2025-08-28: doc: add rsyslog issue assistant build files
----------------------------------------------------------------------------------------
Scheduled Release 8.2508.0 (aka 2025.08) 2025-08-26
IMPORTANT NOTE TO Package Builders / Distros:
The documentation has been integrated back into the main repository, in the
doc/ subdirectory. As such, there is no second doc tarball available and
package build most probably needs adjustments.
This release had the overall theme of improving code quality, including the
initial introduction of doxygen comments, improving the user experience by
documentation updates, and implementing the rsyslog responsible "AI First"
strategy. Note that while AI generated code is part of the release, all
contributions, AI or human, follow the same rigourus review and CI procedures
with the final acceptance is by a maintainer.
AI slop is not accepted and this release addresses AI slop by better parametrizing
agents in regard to code generation and streamlining code so that AIs better
understand it. This is an ongoing effort.
- 2025-08-25: tcpsrv: refactor IO loop; rearm-before-unlock; poll path
Improve maintainability and robustness of the TCP server by clarifying
locking/ownership, tightening invariants, and simplifying queueing.
Also fix a long-standing pragma macro typo across the tree.
Impact: Internal behavior only. EPOLL re-arm now occurs while holding
pSess->mut; starvation cap counts only successful reads.
Before/After:
Before: EPOLL re-arm happened after leaving the critical section; read
starvation cap counted loop iterations; closeSess() sometimes unlocked;
select_* helpers used on non-epoll path; enqueueWork() returned status.
After: EPOLLONESHOT is re-armed before unlocking; starvation cap counts
only RS_RET_OK reads; closeSess() never unlocks; poll_* helpers replace
select_*; enqueueWork() is void (best-effort).
Technical details:
- Replace notifyReArm() with rearmIoEvent() (EPOLL_CTL_MOD with
EPOLLONESHOT|EPOLLET; asserts efd/sock; logs on failure).
- doReceive(): explicit state machine; would-block path re-arms before
unlock; close path unlocks then calls closeSess(); starvation handoff
enqueues without re-arming.
- Initialize ioDirection for listener and session descriptors; add
assert(sock >= 0) and widespread ATTR_NONNULL annotations.
- startWrkrPool(): single finalize rollback (cancel/join partial
threads; destroy cond/mutex); stopWrkrPool(): destroy cond/mutex.
- enqueueWork(): FIFO append under lock and cond signal; returns void.
- Cleanup hardening on construct failure: free ppLstn, ppLstnPort,
ppioDescrPtr; free fromHostIP on SessAccept() error.
- Non-epoll: rename select_Add/Poll/IsReady -> poll_*; RunPoll() uses
poll_* and sets sane ioDirection defaults.
- Typo fix: standardize PRAGMA_IGNORE_Wswitch_enum in header and all
users (action.c, rainerscript.c, template.c, tcpsrv.c).
- 2025-08-25: omsendertrack: stop towards full completion of module.
Work towards full completion of the modules interface as it exits PoC.
The new name senderid (formerly: template) matches intent (identify a
sender, not an output format) and avoids confusion. Also make state
persistence safer via atomic writes.
Merged a bit pre-completion in order to get a static analyzer fix
into the main code base. Some additional cleanup PR will follow.
State is much cleaner now than in PoC.
Impact: Configs must use senderid=; statefile is now required. Tests
and docs updated.
Before/After: action(... template="name") -> action(... senderid="name").
Technical details:
- Replace the config parameter and instance field; drop legacy template
parsing in parseSelectorAct. The module now reads only senderid=.
- Enforce required statefile (descriptor + runtime) and cache a temp
path "<statefile>.tmp" to ensure rename() is atomic. Provide a
one-time fallback build if the cache is missing (e.g., reload flow).
- Add built-in template "StdOmSenderTrack-senderid" yielding
"%fromhost-ip%" and use it as the default senderid template.
- Improve memory ownership (free cached temp path/default template) and
keep existing locking/queue semantics unchanged.
- Update tests to use senderid= and prune PoC doc note accordingly.
see also: https://github.com/rsyslog/rsyslog/issues/5599
- 2025-08-20: AI: add support files for github copilot
helps craft better patches via copilot
- 2025-08-18: imjournal: fix double sd_journal_close() during thread cancellation
When the main thread cancel imjournal thread, the thread exits without
setting sd_journal to NULL because sd_journal_close() contain cancel point.
This leads to a double free scenario where:
1. The thread cancel occurs during sd_journal_close()
2. The main thread then calls imjournal's afterrun function
3. sd_journal_close() is called again on the already-freed sd_journal
Thanks for the patch toxietangxin
- 2025-08-18: omhttp: migrate to OMODTX; prep for project-supported status
Why: Modernize omhttp so HTTP forwarding is viable and maintainable in
current deployments (incl. Docker). Align the module with core-supported
interfaces, reduce maintenance risk, and pave the way to promote it from
contrib to an officially supported module.
Technical overview (conceptual):
- Switch plugin API from legacy TXIF (doAction) to OMODTX
(commitTransaction). Update query entry points accordingly.
- Keep beginTransaction for batch init; fold the final flush from
endTransaction into commitTransaction per OMODTX.
- Preserve external behavior: batching thresholds (maxBatchSize and
maxBatchBytes), dynRestPath handling, statistics, and HUP behavior.
- In commitTransaction, process all records in one pass and submit
batches when thresholds are crossed; non-batch mode posts per record.
- Retry test adjusted to tolerate duplicates during migration
(omhttp-retry.sh), reflecting current OMODTX replay characteristics.
Addresses from #5957:
- Core modernization of omhttp to the projects current module
interface, suitable for containerized use cases.
- First step toward “project-supported” status by aligning with the
supported core API and updating tests.
Planned follow-ups (separate commits):
- Fix dynRestPath after a batch flush (set new path right after
initializeBatch).
- Revisit commit/replay semantics to minimize duplicates under retry, or
document dup-tolerant behavior and test both modes.
- Verify and free batch.restPath and headerBuf; add focused tests (path
change mid-batch, maxBatchBytes edges, TLS/gzip, HUP reinit).
- Documentation and packaging steps required for “project-supported”
status (module docs, release notes, CI/packaging policy).
- Evaluate if a compatibility query hook is needed for older cores.
see also: https://github.com/rsyslog/rsyslog/issues/5957
- 2025-08-15: rainerscript: enhanced backticks support ${VAR}
This implements brace-style env vars inside backticks with `echo` and
fixes termination of unbraced `$VAR`. Most importantly, variables can
now be adjacent to static text (e.g., `foo${ENV}bar`), which previously
did not work and caused confusion. This aligns behavior with common
bash expectations.
Why
- Users expect `${VAR}` and `$VAR!` to expand while keeping punctuation.
- Concatenations like `foo${ENV}bar` are common and should be valid.
What
- Add support for braced variables `${VAR}` with proper `}` handling.
- For unbraced `$VAR`, stop the name at the first non `[A-Za-z0-9_]`
char and emit that char (e.g., `!`, `.`) as literal output.
- Improve error handling for overlong env var names.
- Keep other shell features (e.g., `$(pwd)`) unsupported by design.
Docs
- Update `constant_strings.rst` to document `${VAR}`, the new
termination rules, and examples including `foo${ENV}bar` and `$VAR!`.
Tests
- Add `rscript_backticks_braces_envvar.sh` for `${VAR}` support.
- Add `rscript_backticks_static_text.sh` for `$VAR!` and adjacency.
- Convert `rscript_backticks_empty_envvar-vg.sh` to non-VG variant and
adjust `tests/Makefile.am`.
Compatibility
- Backward compatible. Changes affect only previously broken edge cases.
- 2025-08-13: improved developer documentation
- internal locking needs / action interface
- control flow for actions / queues
- removes any doubts that might have existed due to missing docs
- improves onboarding new developers
- 2025-08-01: core: migrate callback invocations to type-safe signatures
Replace opaque/variadic callback usage with explicit, type-safe function
signatures to reduce undefined behavior and clarify intent.
Adapter helpers bridge the existing APIs without raw variadic casts, enabling
the transition incrementally. Callback setup sites are standardized for
consistent readability. This tightens the contract on callbacks, eases future
refactoring, and makes their roles more self-documenting.
Inspired by https://github.com/rsyslog/rsyslog/pull/5882
With AI support: Codex, Gemini
- 2025-08-01: Fix: Remove unsafe function pointer casting in cfsysline.c
- Replaced function pointer casting with direct handler calls for type safety
- Fixes crashes (BUS errors) on ARM64 macOS 14+ due to strict calling conventions
- Root cause identified by ThreadSanitizer
- Eliminates undefined behavior, improves code safety
On MacOS, this fixes a potential segfault condition.
- 2025-08-01: ossl: Add PrioritizeSAN option to OpenSSL network stream driver
Add OpenSSL equivalent of existing GnuTLS PrioritizeSAN functionality
implemented in commit 937e278fdf51c3e21ebd3acf05f9d1b8649ce2c5
https://docs.openssl.org/1.1.1/man3/X509_check_host
> The X509_CHECK_FLAG_NEVER_CHECK_SUBJECT flag causes the function to
> never consider the subject DN even if the certificate contains no
> subject alternative names of the right type (DNS name or email address
> as appropriate); the default is to use the subject DN when no
> corresponding subject alternative names are present.
0x10100004L corresponds to OpenSSL 1.1.0-pre4 in which
X509_CHECK_FLAG_NEVER_CHECK_SUBJECT first appeared.
Thanks to Corey Siltala for the patch.
- 2025-08-01: core: fix race condition in imtcp when closing sessions
This commit fixes a race condition that could occur when two threads tried to close
the same TCP session simultaneously. This could lead to an "epoll_ctl failed:
Bad file descriptor" error message.
The fix introduces an atomic flag `being_closed` to the `tcps_sess_t` struct.
This flag is used to ensure that the session-closing logic is executed only once
per session. This commit also corrects the logic of the atomic check to prevent
the race condition correctly.
This was created with the help of Google Jules AI coding agent.
- 2025-07-31: pmrfc3164: add headerless message detection and handling
This patch adds a robust, optional mechanism for handling "headerless" input—
log messages that do not conform to traditional syslog formatting.
- **Headerless detection (opt-in)**
- Controlled by the new `detect.headerless` boolean (default: off)
- Detects messages with **no PRI** and **no valid timestamp**
- Excludes structured inputs (e.g. JSON starting with `{` or `[`) as
before
- Injects default `hostname` and `tag` values
- Flags message internally as `HEADERLESS_MSG` for further processing
- **Fallback processing options**
- `headerless.ruleset`: route headerless messages to a dedicated ruleset
- `headerless.errorfile`: optionally store raw input to a file
- `headerless.drop`: discard headerless messages early if desired
- **Thread-safe HUP signal handling**
- New `doHUPParser` entry point allows safe log rotation for error file
- Follows standard reopen-on-write pattern post-HUP
- **Testing & Maintenance**
- Adds two test cases: `pmrfc3164-headerless.sh` and `pmrfc3164-drop.sh`
- Extends documentation for all new parameters
- Cleans up code formatting, includes, and bumps copyright
Some environments produce mixed or malformed input streams. This patch enables
early, lightweight detection of non-syslog input, with customizable recovery
and routing strategies. It avoids unnecessary parsing work and gives operators
better tools to isolate or discard garbage input—without breaking legacy behavior.
- 2025-07-31: imjournal: fix vulnerability in state file creation
Initialize cs.fCreateMode to 0644 instead of -1 to prevent state files
from being created with all permission bits set when legacy configuration
is used. The setModCnf function is only called with modern configuration,
leaving cs.fCreateMode at -1 for legacy configs, which results in wrong
open() calls.
Thanks to Attila Lakatos for the patch.
- 2025-07-31: doc fix: remove doc for debug options that no longer exist
Some debug options were removed several years ago but unfortunately
not removed from the doc. This is now done.
closes: https://github.com/rsyslog/rsyslog/issues/4817
- 2025-07-29: gtls fix: log missing certificate/key only once
When no TLS certificate or key is configured for forwarding actions,
repeated connection attempts produced the same warning messages over and
over. gtlsInitCred() and gtlsAddOurCert() now log these warnings only
during the initial setup
Thanks to Attila Lakatos for the patch.
- 2025-07-22: greatly restructured and improved documentation
It is in far better shape now, but there are still improvements
planned and needed.
- 2025-07-19: Correct connection timing computation
Handle microsecond rollover when measuring connection attempts.
Calculate seconds and microseconds directly, adjusting when the
microsecond field underflows.
Fixes https://github.com/rsyslog/rsyslog/issues/5831.
- 2025-07-17: omelasticsearch fix: Handle HTTP 401/403 auth errors
The omelasticsearch module previously failed to correctly handle HTTP
error status codes returned by the server. The logic checked for
libcurl transport errors but explicitly ignored
'CURLE_HTTP_RETURNED_ERROR', causing server-side errors to be
treated as successful submissions.
This led to silent failures in critical scenarios, especially
authentication (401 Unauthorized) and authorization (403
Forbidden) errors. The plugin would not suspend or report an
error, and data could be lost without any clear error indication.
This commit resolves the issue by:
- Retrieving the HTTP status code after each request using
'curl_easy_getinfo'.
- Adding an explicit check for 401 and 403 status codes.
- Logging a specific "authentication failed" error and suspending
the plugin if these errors are detected.
This ensures that users receive immediate and clear feedback on
authentication problems, preventing silent data loss and aiding in
faster troubleshooting.
With AI support: Codex, Gemini
- 2025-07-16: style: normalize C source formatting via clang-format (PoC)
Changed to the new canonical formatting style using `clang-format` with
custom settings (notably 4-space indentation), as part of our shift toward
automated formatting normalization. No functional changes are included -
only whitespace and layout modifications as produced by `clang-format`.
This change is part of the formatting modernization strategy discussed in:
https://github.com/rsyslog/rsyslog/issues/5747
Key context:
- Formatting is now treated as a disposable view, normalized via tooling.
- The `.clang-format` file defines the canonical style.
- A fixup script (`devtools/format-code.sh`) handles remaining edge cases.
- Formatting commits are added to `.git-blame-ignore-revs` to reduce noise.
- Developers remain free to format code however they prefer locally.
In support of this strategy also did:
- add .editorconfig for indent, whitespace, and file-type rules
- add project-local .vimrc to enforce Vim settings via exrc
- add .clang-format for C/C++ style presets and list formatting
- add devtools/format-code.sh to run clang-format and fixups
- adjust clang-format config for stable, idempotent output
- update AGENTS.md with new formatting strategy
- add .git-blame-ignore-revs entry for format change commit
- 2025-07-15: feat: introduce mmaitag PoC with Gemini AI provider (#5754)
This commit adds the initial implementation of the `mmaitag` module,
a pluggable AI-based message classification processor.
The module supports two providers:
- `gemini`: uses the Gemini API via libcurl and JSON-C
- `gemini_mock`: a deterministic in-memory mock used for testing
Each log message is classified individually and tagged with a label
stored in a configurable message variable (default: `$.aitag`).
Included:
- Provider abstraction layer (`ai_provider.h`)
- Gemini provider with API key support (inline or via file)
- Prompt customization and input property selection
- Two regression tests: basic and invalid-key scenarios
- Sphinx documentation under `doc/configuration/modules`
Note: mmaitag is in its infancy and primarily a PoC. Future work
will improve batching, performance, and add more providers.
Refs:
- https://github.com/rsyslog/rsyslog/issues/5747 (AI-first strategy)
With the help of AI Agents: Codex, Gemini
- 2025-07-15: doc: add FAQ with commonly misunderstood config sequences
"& stop" is right on top of the misunderstandings
- 2025-07-15: code fix: Prevent redefinition warnings for syslog macros
Undefine common syslog severity and facility macros before
redefining them in rsyslog.h. As rsyslog, we need consistent
definitions. This resolves "redefined" warnings when other
system headers are included. Improves build cleanliness.
- 2025-07-15: imhttp: add simple http health check functionality
This also includes a basic Prometheus scrape entry point, which
currently can only be used for health checking.
We plan futher enhancement in this direction.
Also some "fixes" in regard to rsyslog code style and portability
methods.
- 2025-07-15: impstats: add support for Prometheus metrics output format
This commit extends the impstats input module to support a new
"prometheus" format for exporting statistics. The output is
generated via statsobj.c, which already provides Prometheus-
compatible formatting.
To enable this, a new "format" config option value ("prometheus")
was added and recognized by impstats.c. When selected, impstats
invokes the appropriate statsobj function to generate output in
Prometheus exposition format.
The default behavior remains unchanged. Existing formats such as
"json" and "legacy" are not modified.
A new test has been added under tests/ to validate correct
Prometheus output generation. The test verifies that the format
header and at least one representative metric line conform to the
Prometheus text format specification.
This enhancement enables rsyslog to integrate more easily with
Prometheus-based monitoring stacks and paves the way for native
metrics scraping without external translation layers.
- 2025-07-15: fmpcre: new function module to do pcre-based regex matches
- 2025-07-15: build: adjust version tag used for daily stable build process
Change version tag from ".master" to ".daily" to better reflect its
use in the automated daily stable build process. This also aligns with
the ongoing effort to eliminate use of the "master" name throughout the
repository.
see also: https://github.com/rsyslog/rsyslog/issues/5786
- 2025-07-15: imfile: add new module/input parameter deleteStateOnFileMove
When enabled, state files are deleted when the watched file is moved or
rotated away. This prevents accumulation of stale state files from
rotated logs. By default the state file is kept. Does not change
default behavior for existing inputs. The config option is available as
per-input and per-module parameter.
Thanks to Attila Lakatos for the patch.
- 2025-07-15: refactor: modernize macro definitions to support formatting and clarity
This commit performs a broad modernization of widely used rsyslog
macros to align with modern C practices and support automated
formatting tools like clang-format. The changes focus on improving
syntactic regularity, readability, and tooling compatibility — without
altering behavior.
Macros refactored in this commit now follow a consistent,
statement-like form with explicit trailing semicolons. Where
applicable, macro blocks that define module interfaces (`queryEtryPt`)
have been updated to use simple `if` statements instead of `else if`
chains. While this slightly increases evaluation time, the affected
functions are only called once per module during load time to register
supported interfaces — making the performance cost irrelevant in
practice.
These improvements serve multiple purposes:
- Enable reliable clang-format usage without mangling macro logic
- Simplify reasoning about macro-expanded code for human readers
- Reduce style drift and merge conflicts
- Facilitate development for contributors using assistive tools
- Support future formatting pipelines using:
1. `clang-format`
2. a post-fixup normalization script
This general modernization reduces macro misuse, improves DX, and
lays the foundation for a robust, automated style normalization
system.
See also: https://github.com/rsyslog/rsyslog/issues/5747
- 2025-07-12: Document statsobj architecture and formats
Adds Doxygen headers to runtime/statsobj.c and runtime/statsobj.h.
The comments describe how statistics objects store counters and how
GetAllStatsLines emits data. Supported output formats such as
legacy, JSON, CEE, JSON_ES and Prometheus are listed. This clarifies
the stats subsystem for future maintainers.
AI-Agent: Codex, Gemini
- 2025-07-12: Improve TLS handshake error logging (#5762)
Log remote port on TLS handshake errors, this has been implemented
at the netstream driver layer and is now easy to support by all drivers.
- 2025-07-12: merge: import rsyslog-docker into packaging/docker/
This commit integrates the full history of the
rsyslog/rsyslog-docker GitHub repository into the main rsyslog
monorepo under packaging/docker/.
The merge was performed on 2025-07-12 using 'git subtree add' to
preserve all commit history in a clean and non-interleaved form.
No changes were made to the imported content during this commit.
Rationale:
- Unify Docker artifacts with the core rsyslog development
- Reduce repository fragmentation
- Improve discoverability and cross-component development
- Simplify CI integration and contributor workflow
The original rsyslog-docker repository will be archived in
read-only mode. All future work on Docker images and related
tooling will continue under packaging/docker/ in this repository.
This merge is part of a broader effort to consolidate related
rsyslog projects into a complete, maintainable monorepo.
- 2025-07-11: scripting: add endswith operator to property filters and RainerScript
This Implements suffix comparison similar to startswith. Note that we
do intentionally not use libestr functions in order to speed up adaption.
It would otherwise probably take years for distros to upgrade libestr.
With some help of the Codex and Gemini AI Agents.
closes https://github.com/rsyslog/rsyslog/issues/1255
- 2025-07-11: nsd_ptcp fix: misleading error messages (regression from ad1fd21)
We received reports of log messages incorrectly referring to "imptcp" even
though the imptcp module was not loaded on the system. This caused confusion
during troubleshooting.
One such message was:
rsyslogd: imptcp cannot set keepalive intvl - ignored: Bad file descriptor
This message originated from the nsd_ptcp module, but the LogError() calls
in EnableKeepAlive() still used "imptcp" as the source name.
This is a regression introduced in commit ad1fd21, which restructured
TCP input handling and moved responsibility for keepalive setup to nsd_ptcp,
but did not update the associated log messages.
This patch corrects the affected log strings to use "nsd_ptcp", accurately
reflecting the code path that emits them.
There is no functional change; the patch improves clarity of log output and
prevents misleading diagnostics.
The actual error shown could be related to a different issue,
see also https://github.com/rsyslog/rsyslog/pull/5749
- 2025-07-11: omazureventhubs bugfix: unsafe sprintf use in module
we now use snprintf for url encoding; this was under very exotic conditions
- 2025-07-09: imtcp: prevent double-enqueue of descriptors via inQueue flag
This patch adds an inQueue flag with its own mutex to each
tcpsrv_io_descr_t structure. The flag prevents multiple worker threads
from processing the same descriptor at the same time.
The change was motivated by segmentation faults reported in production
systems after commit ad1fd21, which introduced a worker thread pool to
imtcp. We could not reproduce the faults ourselves, but code analysis
suggests several race conditions may exist.
In particular:
- epoll_wait may return the same descriptor multiple times. This is not
expected, as we use EPOLLONESHOT. However, if a thread does not clear
or re-arm the event quickly enough, or in edge cases involving race
conditions and rapid I/O activity, duplicate delivery may still occur.
- If a descriptor is enqueued more than once, multiple threads may
process and free it in parallel, causing use-after-free errors.
- closeSess releases the session mutex before destroying the session and
descriptor. A second thread might still be waiting to acquire the
mutex and access the now-freed memory.
- shutdown is unordered: stopWrkrPool waits for threads to join, but the
work queue may still contain descriptors that will be processed after
their memory has been freed.
- pending epoll events for a socket may still be processed after
epoll_ctl(..., DEL) was called, leading to access to invalid memory.
The patch:
- Adds an inQueue flag to each descriptor and a mutex to protect it.
- Prevents enqueueWork from queuing a descriptor already in queue.
- Clears the flag when dequeueing the descriptor.
- Initializes and destroys the new mutex at listener startup/cleanup.
While unverified, we believe this patch is a safe and helpful change.
It may fix the reported crashes and in general improves correctness.
The analysis and draft of this patch were created with help from a
Codex-based AI agent. Final review and edits were done by a human.
- 2025-07-09: imkmsg fix: Handle EAGAIN/EWOULDBLOCK check portably
On some systems, EAGAIN and EWOULDBLOCK are defined to the same
value, causing a `-Wlogical-op` warning for the redundant logical
'or' in the errno check.
While portable code must check for both cases, this warning is
unwanted.
This change uses a preprocessor directive to conditionally compile
the check for `errno == EWOULDBLOCK` only on platforms where its value
differs from EAGAIN. This silences the warning without affecting
portability.
- 2025-07-09: AI tools: Add directory for future AI/ML tooling (#5758)
Establish a new top-level directory, `ai/`, to serve as a consistent
location for future Artificial Intelligence and Machine Learning tools
that will work alongside rsyslog.
These tools are intended to run as separate processes, external to the
rsyslog daemon, to ensure the core remains stable and performant.
This commit contains only the empty directory and a README.md file
describing the vision and purpose.
- 2025-06-21: fix off-by-one buffer "overflow" when forking rsyslog
parent and child communicate over a very basic protocol during the fork process.
In theroy, there could be a buffer overrun during that period. In practice, this
is not possible due to the protocol. It would only be possible if the rsyslog
binary would be compromised itself on disk- or in-memory. Nevertheless, this
possibility should be closed, as slim as it may be.
Thanks to Maks Maltsev for the patch.
- 2025-06-19: added doc for omsendertrack
- 2025-06-18: net_ossl: Fix memleak in net_ossl_peerfingerprint
Fix memory leak where pstrFingerprintSha256 was not being freed
in the finalize_it section. This could cause memory accumulation
during TLS certificate fingerprint verification when the function
exits.
Thanks to Attila Lakatos for the patch.
- 2025-06-18: Support for AI Agents has been added
This is an ongoing effort which aligns with the projects "AI-first" approach.
The date this was added is just the date of "initial maturity". As AI field
is quickly evolving, we need to update this support in any case.
- 2025-06-15: doc: Documentation repository moved into main rsyslog repo
The rsyslog-doc repository content has been integrated into the
main rsyslog repository under the 'doc/' directory. This change
simplifies maintenance, improves discoverability, and resolves
issues with external tools locating documentation. It also
streamlines build pipelines and reduces external dependencies.
The commit history of rsyslog-doc has been preserved via a Git
subtree merge.
- 2025-06-12: build: Removed the redundant *_la_LDFLAGS
Whilst this did not cause issues when building the project, it produced
warnings.
Thanks to Attila Lakatos for the patch.
- 2025-06-12: ossl netstream driver: do not import engines if not available
Avoid including openssl/engine.h when OPENSSL_NO_ENGINE is set. Adjust dependent
modules and test accordingly.
Thanks to Attila Lakatos for the patch.
- 2025-06-12: tcpsrv bugfix: fix potential data race issue
When re-arming epoll descriptors, we used a non-thread safe way to do this. However,
it is hard to envison this could have caused any real issue because of the way the
logic accesses the data elements. But at least in theory on a system with very many
tcpsrv threads, many cores and very high load re-arm could probably done incorrectly
what could have lead to stalling of that connection.
This was detected during CI runs by LLVM thread analyzer. We never receive any report
of this from practice.
----------------------------------------------------------------------------------------
Scheduled Release 8.2506.0 (aka 2025.06) 2025-06-10
- 2025-06-10: core fix: hastable object did not init memory properly on extend
When a hash table was expanded, the newly allocated memory segment was not
cleared correctly. This was caused by providing an incorrect destination
address and byte-count to the memory-clearing function.
This could lead to instability or incorrect behavior when the hash table
grew. The new memory is now properly zero-initialized, ensuring stable
operation.
- 2025-06-10: queue fix: spammy queue size message do to incorrect commit
Reverted commit 525a6f1bbf that tried to provide better diagnostics for
queues being potentially misconfigured that was invalid and created queue warning
messages on startup. The functionality will be re-implemented properly later.
JThis is no loss of
functionality.
- 2025-06-10: CI: new python-based codestyle checker
Easier to maintain than the off-project C source. The checks
are pretty trivial.
closes https://github.com/rsyslog/rsyslog/issues/5631
- 2025-06-09: omfwd regression fix: avoid false active target change log message
Commit ffaf6dc added proper variable sync, but dropped the check
if active count had actually changed. As such, the output was always
generated, which could pollute the log heavily.
- 2025-06-09: imuxsock: Add statistics counter for discarded messages
This patch introduces a counter to track the number of discarded messages.
Additionally, it fixes a bug where the submitted message count was incremented
even when the message was discarded due to exceeding the allowed message rate
within a given interval.
Thanks to Attila Lakatos for the patch.
- 2025-06-08: lookup tables: add new table type for regex-matches
While we do not like rexeg-matches for performance reasons, they are
well known and appreciated by users. With the new table type, we
add a lookup capability for partial matches, but at the price
of much higher ressource use. It still is useful, e.g. to classify
events as "noise" events in a simple manner.
- 2025-06-08: docs: restructure contributor docs for clarity and AI agent readiness
This updated all contributor-facing documentation:
- **README.md**: Modernized structure; clarified installation/build.
Removed obsolete local doc references, linked to rsyslog-doc.
- **CONTRIBUTING.md**: Refactored for clarity; added AI code guidance
(e.g., commit prefix `AI:`). Formalized draft PRs for experiments.
Removed outdated "testing new releases" advice. Added rationale
for `master` branch due to ecosystem dependencies.
- **AGENTS.md** (new): Introduces clear guidelines for AI agents
contributing to rsyslog. Includes commit formatting, PR branch
expectations, testing environment, and behavioral rules.
**Why now?**
Over two years, we've evaluated evolving AI dev agent capabilities.
We now consider them mature enough for rsyslog dev workflow—under
careful human review. This update provides the foundation to onboard
agents in a controlled, auditable, high-quality manner.
All changes prioritize traceability and developer clarity—both human
and AI.
closes: https://github.com/rsyslog/rsyslog/issues/5657
- 2025-06-08: improved CI workflow
- 2025-06-08: omazureeventhubs bugfix: wrong content-type used
This was detected during a code review. No report from practice is known. There was
a type in the content type definition when encoding the message. This can potentially
lead to malfunction.
- 2025-06-06: omusrmsg: fixed a potentially unsafe string builder
While not expected to be problematic in practice, there still was some security
issue potential AND it prevented clean build in some environments.
- 2025-06-05: impstats: add prometheus format to set of supported output formats
This can be used eg. to use node_exporter file scraping capability
- 2025-06-04: omsendertrack: new module
The omsendertrack module is designed to track and report statistics for
message senders across all inputs in Rsyslog. It periodically outputs a
JSON file containing information about each sender.
Note: This commit provides minimalistic basic functionality as a PoC.
We will check it's usefulness in practice and expect follow-up PRs
to enhance functionality and include feedback from early testing.
However, this module is solid, just feature limited.
see also: https://github.com/rsyslog/rsyslog/issues/5599
- 2025-05-29: omjournal: Fix priority value
Thanks to Bougrine Anis for the patch.
- 2025-05-14: tls subsystem: generate better error message on accept failure
Right now, the remote peer is not reported, even in cases where
this would be possible. This patch provides a method to emit a
second message with remote peer information in cases where it
is possible. This is the case when the remote peer connects via
plain tcp but TLS cannot be negotiated, especially because the
connection breaks immediately. Most probably this behaviour can
be created by load balancer and other tools healt checks.
This patch improves debugging network issues. So it is useful.
----------------------------------------------------------------------------------------
Scheduled Release 8.2504.0 (aka 2025.04) 2025-04-29
- 2025-04-25: ossl tls driver: better error reporting
Replace some generic error codes with more specific counterparts.
There is still some more work to do, but this covers important
spots.
- 2025-04-25: gnutls netstrm drvr fix: handle write retry correctly in recv call
When receiving, gnutls internally may need to write (e.g. for session key
changes), so we need to support that. This is a long-standing issue
that can have caused invalid error message and session closure.
The erorr message was:
GnuTLS receive error <nbr> has wrong read direction(wants write) -
this could be caused by a broken connection. GnuTLS reports: <text>
- 2025-04-25: tcpsrv bugfix: do not busy wait on io events
Depending on circumstances, tcpsrv worker threads did effectively
busy-wait on io events to handle. Not always, but often. This was
caused be improperly re-arming the inotify subsystem.
This effected overall system performance, but not general rsyslog
stability. The bug was introduced on March 1st 2025 into the
daily stable build.
closes: https://github.com/rsyslog/rsyslog/issues/5623
- 2025-04-23: tcpsrv: add experimental stats
This is a stats for worker awaking via event notification. Could be useful
under some cirumstances. it's called "emptyReads".
It needs to be decided if this is a useful setting or not.
- 2025-04-16: tcpsrv bugfix: input name was not properly propagated
As a result, it did not show up in pstats. Alos, we now use the input name
in worker thread to easily identify where they belong to. As thread names
have very limited length, the thread naming now is
"w<worker-number>/<input-name>".
Note: this bug was introduced 2025-03-01 (daily stable build)
- 2025-03-06: rsyslog core fix: buffer overflow when the argument to replace() is empty
This fixes the following situation:
We have these expressions in rsyslogd.conf:
set $!rsyslog_FileFormat = exec_template("RSYSLOG_FileFormat")
set $!localheader = re_extract($!rsyslog_FileFormat, "[^ ]+.* +port[0-9]", 0, 0, "");
set $!localpattern = re_extract($!rsyslog_FileFormat, " [^ ]+ +[^ ]+ +port[0-9]", 0, 0, "");
set $!localheader = replace($!localheader, $!localpattern, " ");
We have a message like this arriving.
<30>Feb 24 22:08:21 hostname port03 'label' RXDATA: \n
It was observed that when 2 of these messages arrive in a row, rsyslogd
crashes. This is clearly due to memory corruption, as the crash comes
from within calloc.
Thanks to Lincoln Ramsay for the patch.
- 2025-03-05: several small to cosmetic leak fixes based on Coverity Scan
- 2025-03-04: perctile_stats: do not use uninitialized values on error
Thanks to Attila Lakatos for the patch.
- 2025-03-04: omfwd bufgix: potential segfault in UDP forwarding
A segfault could occur if the configured port could not be bound to the interface.
Thanks to Markel Azpeitia Loiti for the patch.
- 2025-03-01: imtcp: major multithreading and performance improvements
This commit significantly enhances imtcp by introducing a fully
functional worker thread pool, enabling true multi-threaded
processing for better scalability under high loads. This is
particularly beneficial when using TLS connections.
Notable changes:
- Implemented a complete worker pool for imtcp.
- Introduced the `workerthreads` config parameter for tuning
concurrency.
- Improved epoll efficiency by enabling edge-triggered mode.
- Added starvation handling via `starvationProtection.maxReads`.
- Refactored session accept logic and optimized network object
handling.
- Removed an obsolete network driver layer for event notification.
- Fixed multiple issues related to message timing, EPOLLERR
handling, and tests.
- Improved performance in poll() mode by reducing redundant
allocations.
- Introduced new CI tests for imtcp without epoll.
- Allowed disabling imtcp tests via a new configure switch.
- Added new impstats counters for worker thread pool statistics.
Details:
- The worker pool replaces an outdated experimental
implementation.
- If `workerthreads=1`, no worker pool is created to minimize
context switches.
- Moves worker pool variables inside `tcpsrv` instance to
prevent conflicts.
- Extracts session `accept()` logic into a dedicated function
for clarity.
- Fixes message ordering inconsistencies in multi-threaded
scenarios.
- Properly handles `EPOLLERR` notifications to improve error
resilience.
- Optimizes poll() mode by avoiding unnecessary reallocation
of file descriptors.
- Replaces the old network driver layer for event notification
with a streamlined solution.
- Now uses **conditional compilation** to select the best
method (epoll or poll) at build time.
- This significantly reduces code complexity, improves
maintainability, and boosts performance.
- The previous "thread pool" was a rough experiment that did
not perform significantly better than single-threaded mode.
- The **new implementation** allows multiple worker threads
on platforms with `epoll`.
- On non-epoll systems, an optimized **poll() based
single-threaded approach** is used, which is expected to
perform better than the old "thread pool."
- Adds `pthread_setname_np` only when available to improve
portability.
- Fixes test cases that assumed strict message timing, which
was unreliable.
- Reduces test parallelism for TSAN CI runs to prevent
resource exhaustion.
- Moves a test case to `imdiag` to ensure stable execution.
- Provides a new CI environment to verify `imtcp` behavior
without epoll.
- Introduces `--enable-imtcp-tests` configure switch for test
flexibility.
- Improves debug logging and adds better error handling for
worker pool startup.
New configuration parameters:
- `workerthreads`: Defines the number of worker threads for
imtcp. If set to 1, no worker pool is created.
- `starvationProtection.maxReads`: Defines the maximum number
of consecutive reads a worker can perform before being
interrupted to allow other sessions to be processed.
New impstats counters (emitted only when `workerthreads > 1`):
- `runs`: Number of times the worker thread has been invoked.
- `read`: Number of read calls performed by the worker.
For TLS, this includes read/write calls.
- `accept`: Number of `accept()` calls handled by the worker.
- `starvation_protect`: Number of times a socket was sent
back to the queue due to reaching the maximum number of
consecutive requests, ensuring fair scheduling of sessions.
These changes significantly enhance rsyslogs TCP handling
performance and stability, particularly in high-volume
environments.
Closes #5529, #5532, #5578, #5580.
- 2025-03-01: "fixed" clang static analyzer false positives
- 2025-03-01: fixed clang static analyzer detected very unlikely but possible bugs
----------------------------------------------------------------------------------------
Scheduled Release 8.2502.0 (aka 2025.02) 2025-02-18
- 2025-02-16: gnutls bugfix: Avoid blocking sockets during TLS handshake
When forwarding logs to a TLS server, using a blocking socket
can lead to indefinite waiting during the gnutls_handshake()
call if the server does not respond as expected.
This commit modifies the behavior to use non-blocking sockets,
ensuring that the rsyslog client does not hang indefinitely
waiting for a response.
Thanks to Attila Lakatos for the patch.
- 2025-02-13: CI: add compile check with atomic operations disabled
The platforms that do not have support for atomic operations become
more and more exoctic. Even more so, only Solaris builders now test
that inside the rsyslog CI. To "harden" the CI system against a
potential (temporary) unavailability of Solaris, we now also do
a build where we intentionally disable atomics. This will trigger
build issues on all platforms. This method also permits us to detect
problems quicker, as the solaris builders are slow.
- 2025-02-13: omfwd bugfix: variable was not properly synced across threads
While this could lead to some inefficiency, it should not have caused
any real harm. But with data races it is never sure if more severe
issues occur. However, here only very strange use cases can be
envisioned where this might be the case.
In any case, the issue is now solved.
This also fixes some TSAN CI "flakes".
- 2025-02-12: testbench: prevent flake by better sync of snmp test tool startup
In order to prevent flakes on some environments, we have enhanced the SNMP trap
receiver testing tool so that it indicates successful startup via a pid file, which
now can be used to hold rsyslog start until the test tool is fully up and running.
- 2025-02-12: CI: add Testruns under Ubuntu 24.04
Note: we temporarily disable omamqp1 testing while we search for
the missing dependency.
We also add a special setting that permits us to control if
known-(very)-flaky test shall be run.
closes https://github.com/rsyslog/rsyslog/issues/5546
- 2025-02-11: testbench: Add new version of snmptrapreceiver.py for python 3.11+
The system packages on Ubuntu 24 appear to be broken for python3-pysnmp4.
And when we update the package using
pip install pyasn1 pysnmp --break-system-packages --upgrade
We need adapt the code, so a new version snmptrapreceiverv2.py
has been added which will automatically been chosen if Python is >3.10
closes: https://github.com/rsyslog/rsyslog/issues/5554
- 2025-02-10: ossl netstream driver: allow ephemeral Diffie-Hellman key exchange
Use well known DH parameters that have built-in support in OpenSSL.
From the man page: If "auto" DH parameters are switched on then
the parameters will be selected to be consistent with the size of
the key associated with the server's certificate. If there is no
certificate (e.g. for PSK ciphersuites), then it it will be
consistent with the size of the negotiated symmetric cipher key.
Thanks to Attila Lakatos for the patch.
- 2025-01-28: testbench: reduce flakiness for omhttp-batch-retry-metadata.sh test
The test results were not deterministic. Sometimes it passed, sometimes
it failed. The omhttp-validate-response.py script tried to parse the
json input line by line, but sometimes the message and response fields
are on separate lines, thus it failed to parse. This is the case
for both files used to control the checking.
This patch updates the check program so that it reads in complete
lines when parsing fails, thus removing this condition for flakiness.
HOWEVER, after doing so the test still sometimes fails. This may
point into a problem with the contributed omhttp module. Unfortunately,
I do not have enough insight into that module (nor time) to try to
address the root cause.
closes https://github.com/rsyslog/rsyslog/issues/5439
- 2025-01-27: testbench fix: OpenSSL 3.x depreceated warnings in tcpflood
- 2025-01-27: omfwd: align some parameters with imtcp names
Parameter names have historically evolved and are sometimes
inconsistent between modules (while still having the same
semantics and similiar name).
This commit creates three aliases in omfwd to keep stream
driver parameter names consistent with the names used in
imtcp. Note that we do not create an alias for
"streamdriverpermittedpeers" because the name differ more
considerably and we would also need to create an alias
in imtcp as well. We will do this only on request.
Note: aliases help, but are not a great solution. They may
cause confusion if both names are used together in a single
config. So care must be taken when using an alias.
- 2025-01-27: testbench: remove ElasticSearch 6.0 based tests
EleasticSearch 6 is heavily outdated. Testing against that
platform is no longer needed.
- 2025-01-27: omsnmp: replaced inet_aton with inet_pton for IPv4 address conversion
inet_pton is part of POSIX, whilst inet_aton is not. Moreover the
function is marked as forbidden according to rpmlint:
Forbidden function symbols found: inet_aton
Thanks to Attila Lakatos for the patch.
- 2025-01-27: tcpflood test tool: enable multi threaded connection open
Connections were originally opened sequentially. This commit adds the
capability to open them via multiple threads in parallel.
This is needed at least for cases where we need to test multiple
pending connection requests, which can be accepted with an
"accept() loop".
It can also be useful for speeding up parts of the testbench.
However, the additional concurrency makes it potentially harder
to debug if bugs are detected. So tests may use multiple threads
for connect during regular operations but should also offer the
option (by editing) to revert to a single thread for easier
debugging.
closes https://github.com/rsyslog/rsyslog/issues/5535
- 2025-01-23: imtcp: add "socketBacklog" parameter to configure TCP backlog size
A new "socketBacklog" parameter has been added to the imtcp module, allowing
users to override the default TCP SYN backlog size. Previously, the backlog
was set to roughly 10% of the configured max sessions, which remains the
default if the parameter is not specified. This enhancement enables better
configuration for high-performance servers. The parameter name aligns with
the "socketBacklog" parameter in imptcp for consistency.
The "socketBacklog" parameter should be set based on the anticipated connection
rate and the server's ability to handle incoming connections. For high-performance
environments with heavy traffic, a larger value may be needed to avoid dropped
connections during bursts. If unsure, leave the parameter unset to use the default
(10% of max sessions), which is suitable for typical workloads.
- 2025-01-23: testbench: add new and adapt imtcp tests for large connection counts
Updated the imtcp test suite to set the "SocketBacklog" parameter to a higher
value to accommodate tests with a large number of concurrent connections.
This change addresses potential CI flakes caused by SYN queue overflows during
test runs and significantly reduces test runtime by avoiding delays during
session setup.
The adjusted SocketBacklog parameter ensures smoother handling of high
connection counts, improving test reliability and performance.
- 2025-01-23: imptcp: Increase default SYN backlog for imptcp server to 64
Increased the default TCP SYN backlog for the imptcp server from 5 to 64 to
address potential connection instability and performance issues under high
connection load scenarios. The previous default of 5 was too low for many
workloads, particularly in scenarios involving a rapid influx of client
connections. This could lead to SYN queue overflow, delayed connection
establishment, and eventual RSTs or retransmissions during subsequent phases
of the connection lifecycle.
The new default of 64 provides better handling of typical workloads while
allowing further customization via the "SocketBacklog" configuration option.
Note: The "SocketBacklog" configuration option can be adjusted to handle
specific workloads such as high rates of concurrent connection openings, burst
traffic, or other resource-intensive scenarios.
- 2025-01-23: testbench: adapt imptcp tests for large connection counts
Updated the imptcp test suite to set the "SocketBacklog" parameter to a higher
value to accommodate tests with a large number of concurrent connections.
This change addresses potential CI flakes caused by SYN queue overflows during
test runs and significantly reduces test runtime by avoiding delays during
session setup.
The adjusted SocketBacklog parameter ensures smoother handling of high
connection counts, improving test reliability and performance.
- 2025-01-16: netstrm TLS driver: move TLS retry handling to main driver
This simplifies the driver interface. It is also kind of prep-work
for implementing real multi-threading support for imtcp (to be done
in a separate set of commits).
see also https://github.com/rsyslog/rsyslog/issues/5532
- 2024-12-31: build: support for compile with -std=gnu23 gcc option
Note: The upcoming gnu23 C standard is overdoing it with type-safety. Inside
rsyslog, we historically have method tables for generic calls, which
keeps the code small and easy to understand. This would not decently be
possible with the new type-safety requirements.
So this commit works around these warning in a way that pretends to
provide more type safety. We have done this in the least intrusive
way to reduce the risk for regressions in code that works well in
since decades. Also note that the code already does parameter
validation.
There would have been more elaborate ways to make gnu23 compile happy,
e.g. by using a union of structs to provide the data element. Some folks
consider this type safe. In reality, it is not a bit better than
traditional C without types at all. Because the caller still needs to
ensure it picks the right struct from the union. As this approach
would also have larger regeression potential, we have not used it.
Right now, we have suppressed some of the new warnings, as working
around them would have required an even larger time budget and
potentially larger regression potential. In the long term we may
want to look into enabling them, as they would potentially be
beneficial for new code not involving method tables.
Some nits, however, were detected and have been fixed.
- 2024-12-04: omazureeventhubs bugfix: URL escaping
Some characters were not properly escaped, leading to malfunction on submission.
----------------------------------------------------------------------------------------
Scheduled Release 8.2412.0 (aka 2024.12) 2024-12-03
- 2024-12-02: rainerscript bugfix: do not try to call a function if it does not exist
This could previously cause a segfault when the function was called.
Thanks to Attila Lakatos for the patch.
- 2024-12-02: Fix legacy $ActionQueueDiscardMark parameter
If the $ActionQueueSize legacy parameter was configured
with a much value higher than the default, the queueDiscardMark
option was not automatically adjusted to represent 98% of
the actual queue size. This caused a misalignment issue,
which does not occur when using the RainerScript syntax.
Thanks to Attila Lakatos for the patch.
Note: We usually do NOT change legacy parameters, but in this case it makes
sense to adjust to recent developments.
- 2024-11-25: improvements in CI system
added some support for Ubuntu 24.04 - stil more work to do
- 2024-11-25: small nitfixes
mostly to address nits detected by newer compilers due to CI-system modernization
- 2024-11-19: core bugfix: potential stability issue with corrupt queue file resolved
Thanks to Flos Lonicerae for the patch.
- 2024-11-19: core bugfix: prevent segfault on use of $ControlCharacterEscapePrefix
When this obsolete legacy directive was used, rsyslog most probably segfaulted during
startup. This did not affect it's modern counterpart.
Thanks to Flos Lonicerae for the patch.
- 2024-11-14: core bugfix: rsyslog could segfault if immediately stopped during startup
systemd restart rsyslog in the early start of OS will let rsyslog segmentation
fault. This cmd will send sigTerm to rsylogd, and rsyslogd will handle the
signal in rsyslogdDoDie. If the rsyslogd havn't parse the conf, the runConf
will be NULL So check the pointer before reference it.
see also: https://github.com/rsyslog/rsyslog/issues/5453
thanks to Wang Haitao for the patch.
- 2024-11-14: imhiredis cleanup: fix incorrect variable definitions and missing prototype
Thanks to Théo Bertin for the patch.
- 2024-11-14: config processing bugfix: typo and missing space when file can't be accessed
When using the backtick feature with cat and a file that does not exist,
an error message is placed where the file content would be. This error
message contained a typo in could as well as a missing space between
see and error, which have now been fixed.
Thanks to Tobias Kantusch for the patch.
- 2024-11-14: build fix: resolved issue when building on musl
Thanks to Quincy Fleming for the patch.
- 2024-11-14: testbench bugfix: typo caused invalid test file to be used
... which went unnoticed during regular make check runs, but lead to
"left-over files after distclean" after make distcheck.
This could also potentially be responsible for some flakes that were
not fully explainable.
- 2024-11-14: nsd_ptcp regression fix: remove debugging messages emited to stderr
fix regression introduced by 9ac56b286. This spits out a debug message
to stderr. That message is removed by this patch here.
closes https://github.com/rsyslog/rsyslog/issues/5485
----------------------------------------------------------------------------------------
Scheduled Release 8.2410.0 (aka 2024.10) 2024-10-22
- network subsystem: improve connection failure error message
If we try to connect via TCP and the connections fails, we now
tell inside the error message how long the connection attempt
took. This is useful to find out if targets connect very
slowly.
- regression fix: build issue on Solaris 10
Solaris 10 does not support SO_REUSEPORT, which we need for some
tests. It is used in minitcpsrvr.c, and will now not be used if
not available.
Note that tests requiring that option will also need to be disabled
for that platform.
commit which introduced regression: 1c0f9bb
- testbench: correctly apply socket options in minitcpsrvr
The option name in setsockopts is not a bitmask, so SO_REUSEADDR and
SO_REUSEPORT can't be ORed together. Instead apply the options via
separate calls.
Fixes: #5456
Thanks: Chris Hofstaedtler <zeha@debian.org> and Michael Biebl
----------------------------------------------------------------------------------------
Scheduled Release 8.2408.0 (aka 2024.08) 2024-08-20
- 2024-08-16: omfwd: implement native load balancing - phase 1
This patch implements a simple round-robin load balancer
for omfwd. It provides equal distribution of load to a pool
of target servers.
The code currently has no different modes and no special tuning
for the load balancer. However, it works very well in the most
common use cases. Furthermore, it provides a solid base on which
more elaborate functionality can be build if there is need to.
The new functionality is fully backwards compatible with previous
configuration settings.
New action() config params:
* pool.resumeinterval
New/"changed" rstats counters
Each target receives its own set of pstats counters. Most
importantly this is the case for byte counts. That counter retains
the same naming, but there may now be multiple of these counters,
one for each target ip, port tuple.
New pstats message count to target
Among others, this can be used for checking that the load balancer
works as intended. The so-far byte count emitted does not provide
a clear indication of how many messages the targets had actually
processed.
For obvious reasons, this message count makes most sense in
advanced load balancing scenarios, but also provides additional
insight into round-robin. Non-matches indicate that targets
went offline, and we can now evaluate the impact this had
on processing.
- re-design rebind functionality
This now works at the transaction level. It causes a rebind of all
pool members. Previous code did not work 100% correct since for a
couple of years now (after output batching integration).
As cleanup, rebindInterval support has been removed from tcpClt,
because omfwd is the only user. This permits a cleaner code path.
We also noticed a bug with rebindInterval: it caused some mild
message duplication for quite some time. This went unnoticed.
To address that efficiently, rebindInterval in the future will
be considered once per batch. That means up to (maxBatchSize - 1)
messages may be transmitted more than the rebindinterval is.
That's the cleanest mode of operation and should not make any
difference for real deployments.
Some additional work done in this commit:
- netstream: harden component against upper-layer logic errors
- network subsystem: better handle API errors and provide more info
- omfwd: add new parameter "iobuffer.maxsize"
- add new global parameter debug.abortoninternalerror and use it
- This parameter permits to make test runs fail when an internal error
- is detected and gracefully handled by rsyslog. While it is great to
have it gracefully handled in practice, we should not accept this
during testing. The new parameter permits to abort in this case and
emits the related error message beforehand. It is turned on by
default in our regular tests.
- add dedicated error code for "hard" program errors
- omfwd: some cleanup + error message fix + new debug level messages
- imptcp: improve error messages
- add omfwd option to NOT do extended connection check
- also output wrkr id in some omfwd messages (primarily debugging aid)
- better debug info via LogMsg() interface
- improve messages regarding imptcp and omfwd suspension / thread IDs
- refactor and enchance minitcpsrvr for mimicing died servers
- new global (debugging) option, correction of an informational msg
- add global option allmessagestostderr
- add new tests
- 2024-08-16: omkafka enhance: write Kafka log with level ERROR or higher into errorfile
closes: https://github.com/rsyslog/rsyslog/issues/5425
- 2024-08-16: net subsusytem bugfix: some config statemens were not accepted
The following parameters were not always excepted, even though they were documented
and the supporting code was also present. This has been corrected:
* streamdriver.cafile
* streamdriver.crlfile
* streamdriver.keyfile
* streamdriver.certfile
Thanks to Qiumiao Zhang for the fix.
- 2024-08-13: new "ossl" crypto provider
Thanks to Attila Lakatos for the patch.
- 2024-08-05: imtcp: improve connection error messages
They now contain remote peer information whereever possible.
----------------------------------------------------------------------------------------
Scheduled Release 8.2406.0 (aka 2024.06) 2024-07-02
- 2024-07-01: ompgsql bugfix: unexpected and unnecessary message loss
In case of PG not available lets retry instead of dropping messages
Thanks to Nickolai Novik for the patch.
- 2024-07-01: tls subsystem/ossl driver
Several small fixes/additions
* output all loaded ciphers and engines into debug log
* Add new global option "defaultopensslengine" to customize the default openssl
engine. If not defined, openssl will handle the default engine automatically.
Sample: global(defaultopensslengine="rdrand")
* Add simple openssl performance test (imtcp-tls-ossl-basic-stress.sh) with
defaultopensslengine set to rdrand (Intel).
* removed unneeded testcase files in runtime folder.
- 2024-04-18: [o|i]mprog/mmexternal bugfix: invalid command line parameter passing
Quoted command line parameters were incorrectly passed to the called program. This
resulted in unexpected behaviour. For example, in
bash -c "echo test"
bash got passed parameters '-c" and '"echo test"'. Note the double quotes in
'"echo test"'. These needed to be removed by Unix/Linux standards but were instead
passed to bash. That in turn resulted in invalid execution. With the fix, the
behaviour is now correct. Now, bash gets passed '-c' and 'echo test'.
This actually is a BREAKING CHANGE. However, it was outright wrong behaviour from
the beginning. We assume that people either never noticed it (because they did not
use quoted parameters) or used some workaroud, likely a "starter script", which
performed the right task. As such, we do expect that only a very limited set of
installations might be affected by the change.
Even more important, we would need to change the default behaviour in any case,
because the previous handling was obviosuly unacceptable. As such, there was no
way to keep rsyslog perform the previous action.
Thanks to Paul Fertser for the patch.
- 2024-04-12: bugfixes related to time_t on 32 bit platforms (y38k isue)
Thanks to Michael Biebl for the patch.
----------------------------------------------------------------------------------------
Scheduled Release 8.2404.0 (aka 2024.04) 2024-04-02
- 2024-04-02: omhttp patches and enhancement
New omhttp plugin configuration parameters added:
* restpathtimeout - configures a timeout value for an omhttp restpath, and retry again
* httpretrycodes (list) - configurable list of HTTP status codes that should be
retried by omhttp plugin. The default behavior is to retry any non 2xx status code.
* httpignorablecodes (list) that can specify HTTP status codes that should be ignored
(as failures). status codes specified as ignorable code will not be retried.
* proxyhost, proxyport - configures a proxy, for which omhttp can use to set up a
HTTP proxy tunnel connection. Also works by reading environment variable if
configured HTTP_PROXY. For more details see libcurl docs on CURLOPT_PROXY
thanks to @erenwh for the contribution!
* retry.addmetadata - when this option is enabled, omhttp will add the
response metadata to: $!omhttp!response. There are 3 response metadata added:
code, body, batch_index.
More statistics omhttp curl statistic counters:
* requests.count
* requests.status.0xx
* requests.status.1xx
* requests.status.2xx
* requests.status.3xx
* requests.status.4xx
* requests.status.5xx
* requests.bytes
* requests.time_ms
No longer discard 3xx, 4xx errors
see also https://github.com/rsyslog/rsyslog/issues/4636
Thanks to github user n2yen for the patches.
- 2024-04-02: remove CAP_IPC_LOCK capability
Does not seem to be necessary.
Thanks to Michael Biebl for the patch.
- 2024-03-28: TLS bugfix: TLS drivers did not properly load under some conditions
This was a regeression from the DTLS implementation
- 2024-03-28: mmdblookup bugfix: do not suspend on incompatible IP lookup
Mmdblookup module used to suspend after erroring on an IPv6 IP lookup on IPv4-only
DBs. The suspension of the module is now replaced by a simple log message,
allowing it to keep working for future lookups.
Thanks to Théo Bertin (frikilax) for the patch.
- 2024-03-28: tarball fix: dist tarball was missing a textbench file
This made the testbench fail.
----------------------------------------------------------------------------------------
Scheduled Release 8.2402.0 (aka 2024.02) 2024-02-27
- 2024-02-26: add DTLS support
This version comes with the initial implementation of imdtls and omdtls.
These modules permit secure message exchange over UDP.
- 2024-02-26: testbench: make omusrmsg-noabort test more reliable
The previous test did not always detect an abort of rsyslog/omusrmsg.
The detection method has now been improved, so it is far more
probable that an abort is detected.
While doing this, we noticed that the omusrmsg-noabort-legacy test was
now a 100% duplicate. There is no need any longer to check pure legacy
syntax, and so that test has been removed.
We also added a valgrind-based test ofr omusrmsg-noabort, which furthers
strengthens bug detection. Most importantly, it helps us to detect
potentially new memory leaks on all CI platforms (in case the lib
behaves differently depending on os/distro).
see also https://github.com/rsyslog/rsyslog/issues/5294
- 2024-02-26: omusrmsg bugfix: potential double free, which can cause segfault
omusrmsg frees a string which points to OS/system library memory. When
the os/libs clean up, it frees the memory as well. This results in a
double free. This bug interestingly seems to go unnoticed in many cases.
But it can cause a segfault or hard-to-trace memory corruptions which
could lead to other problems later on. The outcome of this bug most
probably depdns on os/library versions.
closes https://github.com/rsyslog/rsyslog/issues/5294
- 2024-02-26: ommysql bugfix: potential segfault on database error
Due to an invalid code path, ommysql may cause a segfault if database
transactions fail into a specific way. The main trigger is a totally
irrecoverrable database error which can lead to premature connection
close, which is not checked for in all recover code.
This was detected in a setting where a stored procedure is called that
rolls back a transaction in itself.
This patch fixes the issue.
closes https://github.com/rsyslog/rsyslog/issues/5288
- 2024-02-26: omfile: do not carry out actual action when writing to /dev/null
In some use cases omfile is configured to write to /dev/null. This seems
primarily be done because of statistics gathering but maybe some other
scenarios. We now add conditional logic to not do any actual omfile
action when the target file is /dev/null.
Note: this check only works on static file names. When /dev/null is
evaluated as part of dynafile, it will be handled just in the regular
case like before this patch.
----------------------------------------------------------------------------------------
Scheduled Release 8.2312.0 (aka 2023.12) 2023-12-12
- 2023-12-11: imjournal: Add new input module parameter 'defaulttag'
The DefaultTag option specifies the default value for the tag field.
In imjournal, this can happen when one of the following is missing:
* identifier string provided by the application (SYSLOG_IDENTIFIER)
* name of the process the journal entry originates from (_COMM)
Thanks to Attila Lakatos for the patch.
- 2023-12-08: core bugfix: rsyslog messages may not always have FQDN
Even if hostname FQDN is configured, rsyslog internal messages generated
after rsyslog startup and before the first HUP will not necessarily have
FQDN but instead only the shortname of the local host. This commit
fixes the situation.
Special thanks to github user eciii for doing a great bug analysis
and helping us considerably to fix the issue.
closes https://github.com/rsyslog/rsyslog/issues/5218
- 2023-12-08: omlibdbi regression fix: database path was not properly used
Commit 4a072d6c93015a63716c49a6c7756df22750086a caused a regression that made
the database path unreliable to use. Depending on platform/libc version the
basename was improperly extracted, which made access to the database of sqllite
impossible.
Thanks to Flávio Tapajós for the patch.
closes: https://github.com/rsyslog/rsyslog/issues/5282
- 2023-12-06: mazureeventhubs: Corrected handling of transport closed failures
- Added test for connection interrupts (requires root)
- Corrected handling of PN_TRANSPORT_CLOSED.
- Make sure Connection is being reestablished trough tryResume
- Enhanced Debug log output
closes: https://github.com/rsyslog/rsyslog/issues/5269
- 2023-11-24: imkmsg: add params "readMode" and "expectedBootCompleteSeconds"
These parameters permit to control when imkmsg reads the full
kernel log upon startup.
Parameter "readMode" provides the following options:
* full-boot - (default) read full klog, but only "immediately" after
boot. "Immediately" is hereby meant in seconds of system
uptime given in "expectedBootCompleteSeconds"
* full-always - read full klog on every rsyslog startup. Most
probably causes messag duplication
* new-only - never emit existing kernel log message, read only
new ones.
Note that some message loss can happen if rsyslog is stopped
in "full-boot" and "new-only" read mode. The longer rsyslog is
inactive, the higher the message loss probability and potential
number of messages lost. For typical restart scenarios, this
should be minimal. On HUP, no message loss occurs as rsyslog
is not actually stopped.
The default value for "expectedBootCompleteSeconds" is 90.
see also https://github.com/rsyslog/rsyslog/issues/5161
- 2023-11-10: imkmsg: add module param parseKernelTimestamp
The parameter permits to select whether or not and when kernel
timestamps shall parsed, that is be used as the actual time a
log message occurs.
This permits to work around problems with the way kernel
timestamps are represented. The reasoning is given in a sysklogd
commit by Joachim Wiberg, which we reproduce below ("QUOTE") to
have a stable reference.
The commit itself can be found for example at:
https://github.com/troglobit/sysklogd/commit/9f6fbb3301e571d8af95f8d771469291384e9e95
The new parameter parseKernelTimestamp has three possible modes:
"startup" - uses the kernel time stamp during the initial read
loop of /dev/kmsg, but replaced it later ignores it for later reads.
This is the DEFAULT setting.
"on" - kernel timestamps are always used and no correction is tried
"off" - kernel timestamps are never used, system time is used instead
Note that there this is a slightly breaking change. Previously, imkmsg
reported similar to "off" mode, now it reports by default in "startup"
mode. We consider this acceptable, as "off" mode timestamps are not
correct for startup. After startup, the behaviour is correct. All in
all, the new default is kind of a bugfix.
============== QUOTE ===============
The spec[1] says the /dev/kmsg timestamp is a monotonic clock and in
microseconds. After a while you realize it's also relative to the boot
of the system, that fact was probably too obvious to be put in the spec.
However, what's *not* in the spec, and what takes a while to realize, is
that this monotonic time is *not* adjusted for suspend/resume cycles ...
On a frequently used laptop this can manifest itself as follows. The
kernel is stuck on Nov 15, and for the life of me I cannot find any to
adjust for this offset:
$ dmesg -T |tail -1; date
[Mon Nov 15 01:42:08 2021] wlan0: Limiting TX power to 23 (23 - 0) dBm as advertised by 18:e8:29:55:b0:62
Tue 23 Nov 2021 05:20:53 PM CET
Hence this patch. After initial "emptying" of /dev/kmsg when syslogd
starts up, we raise a flag (denoting done with backlog), and after this
point we ignore the kernel's idea of time and replace it with the actual
time we have now, the same that userspace messages are logged with.
Sure, there will be occasions where there's a LOT of kernel messages to
read and we won't be able to keep track. Yet, this patch is better than
the current state (where we log Nov 15).
[1]: https://www.kernel.org/doc/Documentation/ABI/testing/dev-kmsg
===========END QUOTE ===============
closes https://github.com/rsyslog/rsyslog/issues/4561
closes https://github.com/rsyslog/rsyslog/issues/5161
- 2023-11-07: imfile bugfix: remove state file on file delete
The state file would remain in the working directory
after shutdown, even though deleteStateOnfileDelete is
set to "on" and the monitored file was removed.
closes https://github.com/rsyslog/rsyslog/issues/5258
Thanks to Attila Lakatos for the patch.
- 2023-10-31: TLS subsystem: fix small memory leak on startup
This was a one-time leak of the file name that hapened if a certificate file
was not accessible. It had no operational issues, but could confuse automatted
testing. As not only a side-effect, certificate load failures are now somewhat
more verbosely reported, which we consider helpful to the user.
Thanks to Attila Lakatos for the patch.
- 2023-10-31: imklog bugfix: keepKernelTimestamp=off config param did not work
... at least not as expected. It was only honored for kernel-level
messages and only when parseKernelTimestamp was "on". Otherwise, the
kernel timestamp was always kept inside the message.
closes https://github.com/rsyslog/rsyslog/issues/5160
- 2023-10-26: TLS subsystem: add remote hostname to error reporting
This provides richer and easier to process logs for error and warning
cases. One goal is to enable automatic operations without the need
to consolidate multiple message to a single information.
This improves one situation in gtls driver and provides a more
generic approach in ossl driver for OpenSSL error reporting.
There is probably still room for improvement, however this patch
is at least a good starting point for further work. Please
provide feedback if you need more!
closes https://github.com/rsyslog/rsyslog/issues/5244
- 2023-10-24: imjournal: add the ability to run multiple journal inputs
This may be useful to de-couple journal processing.
Thanks to Willy Tu for the patch.
- 2023-10-24: regression fix: forking rsyslogd on BSD did not work
Actually, this was an issue for all platforms that do not provide open file handle
detection via the /proc file system.
Tech details: After fork if the child process uses close_range to close open file
descriptors it has no way to exempt the parentPipeFD causing a failure to signal
successful startup to the parent process. This causes failures on all systems that
aren't Linux that implement close_range.
Thanks to Nathan Huff for the patch.
- 2023-10-24: omusrmsg: use logind instead of utmp for wall messages with systemd
Future SUSE versions will get rid of utmp due to a 32bit time_t counter
overflow in 2038.
See details at:
https://github.com/thkukuk/utmpx/blob/main/Y2038.md
On systemd based systems logind is an alternative to utmp.
Thanks to github user tblume for the patch.
- 2023-10-24: cleanup: rm no longer used --with-systemdsystemunitdir configure switch
This is a clean up following the removal of the service unit in
cfd07503ba055100a84d75d1a78a5c6cceb9fdab
- 2023-10-23: testbench: bump zookeeper version to match current offering
Older version can no longer be downloaded. It also makes sense to
test with mainstream version.
----------------------------------------------------------------------------------------
Scheduled Release 8.2310.0 (aka 2023.10) 2023-10-10
- 2023-10-04: Add CAP_NET_RAW capability due to the omudpspoof module
The CAP_NET_RAW ensures the use of RAW and PACKET sockets,
which is utilized by the omudpspoof module, more precisely
the libnet_init function.
Thanks to Attila Lakatos for the patch.
- 2023-10-04: Add new global config option "libcapng.enable"
Defines whether rsyslog should drop capabilities at startup or not.
By default, it is set to "on". Until this point, if the project was
compiled with --enable-libcap-ng option, capabilities were
automatically dropped. This is configurable now.
Thanks to Attila Lakatos for the patch.
- 2023-10-04: tcp net subsystem: handle data race gracefully
It may happen that a socket file descriptor has been closed either
while setting up poll() et al or while being inside the system call.
This was previously treated as error and caused abort in debug
builds. However, it was essentially ignored in production builds.
This has now been fixed and now is always gracefully ignored. This
most importantly fixes some flakes in CI runs (which were caused
by this situation).
- 2023-09-29: imrelp bufgifx: avoid crash on restart in imrelp SIGTTIN handler
While existing, if at specific time rsyslog receives a SIGTTIN, it
crashes due to 2 issues.
1. debug.unloadModules="off" a double free of pRelpEngine
2. debug.unloadModules="on" it crashes because the signal handler has
been unmapped from memory.
This patch covers both issues.
Thanks to Ali Abdallah for the patch.
- 2023-09-28: fix startup issue on modern systemd systems
When we startup AND are told to auto-background ourselfs, we must
close all unneeded file descriptors. Not doing this has some
security implications. Traditionally, we do this by iterating
over all possible file descriptor values. This is fairly compatible,
because we need no OS-specific method. However, modern systemd configs
tend to not limit the number of fds, so there are potentially 2^30(*)
fds to close. While this is OKish, it takes some time and makes
systemd think that rsyslog did not properly start up.
We have now solved this by using the /proc filesystem to obtain our
currently open fds. This works for Linux, as well as Cygwin, NetBSD,
FreeBDS and MacOS. Where not available,and close_range() is available
on the (build) platform, we try to use it. If that fails as well, we
fall back to the traditional method. In our opionion, this fallback
is unproblematic, as on these platforms there is no systemd and in
almost all cases a decent number of fds to close.
Very special thanks go out to Brennan Kinney, who clearly described
the issue to us on github and also provided ample ways to solve it.
What we did is just implement what we think is the best fit from
rsyslog's PoV.
(*) Some details below on the number of potentially to close fds.
This is directly from a github posting from Brennan Kinney.
Just to clarify, by default since systemd v240 (2018Q4), that
should be `1024:524288` limit. As in the soft limit is the expected
`1024`.
The problem is other software shipping misconfiguration in systemd
services that overrides this to something silly like
`LimitNOFILE=infinity`.
- Which will map to the sysctl `fs.nr_open` (_a value systemd
v240 also raises from `2^20` to 2^30`, some distro like Debian are
known to opt-out via patch for the `fs.nr_open` change_).
- With the biggest issue there being that the soft limit was also
set to `infinity` instead of their software requesting to raise
the soft limit to a higher value that the hard limit permits.
`infinity` isn't at all sane though.
- The known source of this misconfiguration is container software such
as Docker and `containerd` (_which would often sync with the
systemd `.service` config from the Docker daemon `dockerd.service`_).
closes https://github.com/rsyslog/rsyslog/issues/5158
- 2023-09-13: Add the 'batchsize' parameter to imhiredis
Parameter set to allow configuring the amount of entries imhiredis debatches at once.
Default value of '10' has been kept to avoid any side effect on existing
configurations.
Thanks to Jérémie Jourdin for the patch.
- 2023-09-13: omprog bugfix: Add CAP_DAC_OVERRIDE to the bounding set
The omprog module uses the execve() function to execute
a third party program. Some required capabilities were not
preserved in the bounding set [1]. This caused problems, e.g.
the program could not write to files even if rsyslog was
executed as root and privileges were not dropped. As of now,
only the CAP_DAC_OVERRIDE capability is added to the bounding
set. Others could be added later, if there is justification
behind that.
[1] The capability bounding set is a security mechanism that
can be used to limit the capabilities that can be gained
during an execve(2). During an execve, the capability
bounding set is ANDed with the file permitted capability
set, and the result of this operation is assigned to the
thread's permitted capability set. The capability
bounding set thus places a limit on the permitted
capabilities that may be granted by an executable file.
Thanks to Attila Lakatos for the patch.
- 2023-09-13: tcpflood bugfix: plain tcp send error not properly reported
The error code when plain tcp sending failed was improperly returned,
resulting in no meaningful error message.
Note: tcpflood is a testbench tool, not part of production rsyslog.
----------------------------------------------------------------------------------------
Scheduled Release 8.2308.0 (aka 2023.08) 2023-08-15
- 2023-08-07: crypto subsystem bugfix: potential undefined behaviour
The is some potential undefined behaviour when initializting the IV for locally
encrypting log files. The issue cancels itself out, but at least causes
some confusion when using undefined behaviour sanitizer (UBSAN). However,
UBSAN seems not to detect the issue on all platforms and/or in all versions
(we were not able to reproduce this issue in our CI).
Please also note that the functionality where this can happen is extremely
rarely being used.
Thanks to Jeffrey Walton for providing the patch.
- 2023-08-02: lookup tables: fix static analyzer issue
If something goes really wrong, a lookup table's name would not
be set. That could lead to a NULL pointer access. HOWEVER, this
would require serious bugs in config parameter parsing, as the
lookup table name is a required parameter and the parser will
error out if not set.
So the bug is mostly cosmetic - but it does not hurt to handle
this case, of course.
- 2023-08-02: lookup tables bugfix: reload on HUP did not work when backgrounded
Lookup tables were only reloaded on HUP if the -n option was given
and rsyslog no backgrounded. This patch fixes the issue.
closes: https://github.com/rsyslog/rsyslog/issues/4813
- 2023-07-30: testbench: make test more reliable
There was a race between tcpflood and rsyslog in imptpc_maxsessions.sh.
We now use the new -A tcpflood option to make the timing more
predictable, hopefully fixing test flakiness.
Note: if that does not help, we need to introduce a wait on the number
of error messages and maybe a delay before tcpflood termination. The
theory behind the latter is that rsyslog possibly does not fully
iniaitlize session which are quickly aborted before rsyslog receives
the related OS notification! We just record this info in case we
need it and are positive that this change will fix the situation.
- 2023-07-28: openssl: make connection setup more reliable by use of newer lib feature
Replaced depreceated method SSLv23_method with TLS_method.
In OpenSSL 1.1.0 and higher, SSLv23_method causes some errors
in TLS handshake from time to time. As this method is depreceated
since 1.1.0, I have replaced it with the follow up method
TLS_method which is the most generic one.
It fixes the random test failures in tests like
- sndrcv_tls_ossl_anon_rebind.sh
Also added some debug output in OpenSSL error handling, which is
useful when analysing debug files.
closes: https://github.com/rsyslog/rsyslog/issues/5201
- 2023-07-28: testbench improvement: define state file directories for imfile tests
Not all imfile tests have state file directories or a global working
directory defined. This results in usage of the default location.
While state file names should be sufficiently different, there is still
some riks of using the same name in different tests. That becomes
problematic if tests are run in parallel (and they are run in
parallel inside the regular CI).
NOTE: NOT YET COMPLETED FOR ALL TESTS! We are considering if it makes
sense to deliberately keep some as-is.
- 2023-07-28: tcpflood bugfix: TCP sending was not implemented properly
Note: tcpflood is a testbench tool. This bug could lead to testbench
false positives. No way it can affect production deployments.
The tcpflood tool did improperly assume that a TCP sendto() call
would send messages of any size in a single shot. This is not the
case. It has now been corrected to proper behavior.
As a side-activity, some int variables which acutally needed to be
size_t have been fixed as well.
- 2023-07-28: testbench: make waiting for HUP processing more reliable
The previous approach was more or less delay based. We have now
changed the code to enable imdiag to detect if HUP is underway
and wait until it is completed. The new method still employs some
kind of timeout, but is now quite reliable. Most importantly,
it works great with long-running HUP processing, which can happen
e.g. when querying the system name takes long or some actions need
longer time to persist their HUP processing.
The new approach will most likely reduce CI flakes and also speed
up testbench runs. The speedup happens from not having to wait a
full delay in cases where we detect HUP is completed (plus reduced
timeout when we cannot clearly detect this - see code comments why
the new method is still considered more reliable than the old one).
Code note: we needed to slightly re-structure the way actual HUP
processing and the "HUP mutex" is handled. After best analysis,
this does not affect the reliability or speed in production
settings.
closes https://github.com/rsyslog/rsyslog/issues/5192
- 2023-07-27: build system: make rsyslogd execute when --disable-inet is configured
This option is mostly useless, as network functionality depends on the
modules loaded by the config. The only real, and important, effect it
has is to control auto-load of omfwd - a feature almost all installations
depend in (backward compatibility).
This has been clarified in ./configure -help
Also, when --disable-inet is given, rsyslog now executes successfully.
The reason for the abort was that previously building of the lmnet
component was prevented, but that component is also needed by rsyslog
startup itself to query its own (correct) hostname.
Note that --disable-inet still does not compile some networking
libraries. So do not use it if you intend to load standard networking
modules like omfwd, imtcp or imudp.
closes https://github.com/rsyslog/rsyslog/issues/5188
- 2023-07-26: testbench/CI: update zookeper download to newer version
Old version is no longer available.
- 2023-07-24: openssl: add support for new-version init function
- 2023-07-07: add CRL support for network (TLS) drivers
Thanks to Darren J Moffat for implementing the OpenSSL part.
- 2023-07-07: omazureeventhubs: Initial implementation of new output module
The output module uses Apache "Qpid Proton C API" which is a solid
AMQP protocol library implementation that can be integrated
very well into the rsyslog dev environment.
- Implemented Delivery with submitted and accepted state checking
- saving of failed messages in a failed list with support of saving
and restoring.
- Add testcases (requires ENV variables) to testbench
- Using application/octect-stream (binary) to send messages based on
Microsoft Code Sample:
https://docs.microsoft.com/en-us/azure/event-hubs/event-hubs-c-getstarted-send
* Note original Microsoft Samplecode is not working anymore, we are using
* QPID Proton Proactor based on
https://github.com/apache/qpid-proton/blob/main/c/examples/send.c
- requires QPID-PROTON Version 0.13 or higher because of the proactor API
- Add EventProperties configuration parameters
- Slow down when sender credit reaches zero (10ns).
- Add support for static library linking of qpid-proton
This is needed to build the module from source and remove
library package dependencies.
- adjusted valgrind suppressions
- 2023-07-04: core bugfix: action.resumeintervalmax parameter was not respected
Unfortunately, defining action.resumeintervalmax in the configration
did not have any effect at all. Instead, the default value was used,
which is 1800. This was caused by not having all the letters in
lower-case.
Fixes https://github.com/rsyslog/rsyslog/issues/5132
Thanks to Attila Lakatos for the patch.
- 2023-06-29: core bugfix: do not try to drop capabilities when we don't have any
In case the process does not have any capabilities, e.g. running as regular user then
we do not have to force capability dropping. The capng_have_capabilities() returns
none if that's the case.
Fixes https://github.com/rsyslog/rsyslog/issues/5091
Thanks to Attila Lakatos for the patch.
- 2023-06-29: imhiredis bugfix: Restore compatiblity with hiredis < v1.0.0
RESP3 protocol wasn't implemented yet, some types weren't
available (REDIS_REPLY_DOUBLE)
Thanks to Théo Bertin (frikilax) for the patch.
- 2023-06-23: testbench: use newer zookeeper version in tests
- 2023-06-23: build system: more precise error message on too-old lib
When libcap-ng was enabled, the lib was present but did not meet the minimum version
dependency during configure, it was reported as "missing". We now emit a message
telling that it is present, but the version too old.
----------------------------------------------------------------------------------------
Scheduled Release 8.2306.0 (aka 2023.06) 2023-06-20
- 2023-06-19: mmnormalize bugfix: if msg cannot be parsed, parser chain is stopped
When an parser is not able to parse a message, it should indicate this
to rsyslog core, which then activates the next parser(s) inside the
configured parser chain.
Unfortunatley, mmnormalize always tells core "success", and so no
other parsers are activated.
closes https://github.com/rsyslog/rsyslog/issues/5148
- 2023-06-19: [i/o]mhiredis: various fixes and enhancements
please see the change log for details. Among others, suspending of the modules
has been fixed. Also a new "stream" mode has been added.
Thanks to Théo Bertin (frikilax) for the patch.
- 2023-06-19: testbench/bug: mmexternal-SegFault-empty-jroot-vg.sh fails due to typo
Fix the typo that makes the test fail.
Thanks to Paul Fertser for the patch.
- 2023-06-16: imjournal: Add FileCreateMode module parameter
FileCreateMode allows to set the default file mode bits
when creating new files. As of now, it has only impact on the state file.
Add test suite as well.
Minor indentation fix in run_journal.yml
Thanks to Attila Lakatos for the patch.
- 2023-06-16: core bugfix: potential segfault on busy systems
This was discovered by Konstantin J. Chernov in a practicaly deployment.
Here, msg object tag processing caused sporadic segfaults. We did not
hear from similiar cases, but there clearly is potential for problems
because a mutex lock had insufficient range, thus leading to a potential
race.
The patch is directly from Konstantin J. Chernov, thanks for that.
Please note that the mutex lock could be minimized as it is not strictly
needed for the pM == NULL case, but this cause is extremely exotic
and the resulting code would be harder to understand. Thus we opt
to do the locking on funtion level (as usual).
Descriptiond edited by Rainer Gerhards
closes: https://github.com/rsyslog/rsyslog/issues/5110
- 2023-06-16: Add new global config option "libcapng.default"
Defines how rsyslog should behave in case something went wrong
when capabilities were to be dropped. Default value is "on",
in which case rsyslog exits on a libcapng related error.
Thanks to Attila Lakatos for the patch.
Closes https://github.com/rsyslog/rsyslog/issues/5096
- 2023-06-05: imfile bugfix: file handle leak, primarily in kubernetes context
At this point there is a code imfile.c#L919 that adds an inotify observer to the
parent of the symbolic link target. But there is no such code that removes this
observer in the case when inotify events do not occur in the directory tree above.
This may be if the directory tree of the symbolic link target and the directory tree
of the symbolic link itself are divided into different subtrees somewhere at the levels
above.
For example, in the rsyslog configuration, an imfile with the
template /var/log/containers/*.log is configured and there is the following directory
tree:
/var/log/pods/pod-1/a/0.log
/var/log/containers/pod-1-a-0.log -> /var/log/pods/pod-1/a/0.log
In this example, kubernetes cron jobs will permanently delete directories at the
/var/log/pods/pod-* level. And thus, inotify observer on the parent object of the
symbolic link target (/var/log/pods/pod-1/a/0.log) looking at the directory
/var/log/pods/pod-1/a will constantly leak.
This is due to the fact that the list of active objects in the edge with path
/var/log/containers, where the parent object of the target symbolic link is added,
is not checked. Verification and deletion will occur only in the case of an inotify
event in the upper nodes of the directory tree, in /var/log and above.
Thanks to Sergey Kacheev for the patch!
- 2023-06-05: GNUTls Driver: Fix memory leaks in gtlsInitCred
Missing CA Certificate or multiple Connections caused
a memory leak in pThis->xcred as it was allocated each time in
gtlsInitCred by gnutls_certificate_allocate_credentials
closes: https://github.com/rsyslog/rsyslog/issues/5135
- 2023-05-24: CI: update base ubuntu image for github actions
----------------------------------------------------------------------------------------
Scheduled Release 8.2304.0 (aka 2023.04) 2023-04-18
- 2023-04-17: imptcp bugfix: spam log on oversize message
If an oversize message was received by imptcp, imptcp reported
one error message for EACH oversize character. This could
result in a potentially very large number of similar (and
useless) messages.
This is a regression from commit f052717178.
closes https://github.com/rsyslog/rsyslog/issues/5078
- 2023-04-17: core/bugfix: using $uuid msg prop can deadlock rsyslog on shutdown
This problem can occur if a large number of threads is used and rsyslog
cannot shut down all queues etc within the regular time interval. In this
case, it cancels some threads. That can leave the mutex guarding libuuid
calls locked and thus prevents other, not yet cancelled threads from
progressing. Assuming pthread_mutex_lock() is not a cancellation point,
this will case these other threads to hang forever and thus create a
deadlock situation.
closes https://github.com/rsyslog/rsyslog/issues/5104
- 2023-04-17: Do not preserve capabilities when changing credentials
In configurations where $PrivDropToGroup or $PrivDropToUser are used,
rsyslogd changes uid/gid to a non-privileged user. As part of that
change, all capabilities should be lost. However, if rsyslog is
compiled with --enable-libcap-ng option, some capabilities are
preserved due to using capng_change_id() instead of setgid()and
setuid(). https://linux.die.net/man/3/capng_change_id:
This function preserves capabilities while changing uid/gid, causing
rsyslogd to run as non-root user, but with some root capabilities.
Unfortunately, rsyslogd will run with higher privileges than before.
The patch also removes CAP_SETPCAP, because the capability set does
not need to be altered at a later phase.
Thanks to Attila Lakatos for the patch.
----------------------------------------------------------------------------------------
Scheduled Release 8.2302.0 (aka 2023.02) 2023-02-21
- 2023-01-27: core/template: implement negative position.to
This will easily permit to drop the last n characters from a property
without the need to know the exact length of the string. This is
especially useful as the exact length is most often not known
beforehand.
- 2023-01-18: Introduce --enable-libcap-ng configure option
The option allows to drop the capabilities to only
the necessary set, to minimize security exposure in
case there was ever a mistake in a networking
plugin or some other input resource. Moreover, it adds
ability to change uid and gid while retaining the
previously specified capabilities.
Add ability to change uid and gid while retaining the
capabilities previously specified.
closes https://github.com/rsyslog/rsyslog/issues/4986
Thanks to Attila Lakatos for the patch.
- 2023-01-16:
- omfile: add action parameters "rotation.*"
Add new action parameters
- rotation.sizeLimit
- rotation.sizeLimitCommand
provide automatic output file rotation functionality feature-wise
equivalent to legacy $outchannel. This finally permits to use
this feature set in rscript.
- core substring function: enhancement and hardening
Now, length can have a negative value -n to denote that the
substring should be build between startpos and the character
-n chars from the end. This is a shortcut for stripping charactes
on "both ends" of the string. See doc for details on the enhanced
semantics.
Also, some hardening against invalid startpos and length has
been added.
- core bugfix: wrong type conversion in internal string class could lead to segfault
This could only happen with very unusually large strings
Thanks to Flos Lonicerae for the patch.
- QA: changed to CodeQL scanning on github as LGTM replacement
- bugfix: wrong version number on daily stable builds
- CI: use newer version of zookeeper (needed modernization)
- ffaup bugfix : memory corruption with concurrent workers
The ffaup function fails to work properly when it is used with multiple workers.
The faup_handler_t struct is not supposed to be shared between threads.
This may have caused memory corruptions and race conditions when used
inside of actions.
Thanks to Thibaud Cartegnie for the fix.
- openssl bugfix: undefined reference error on OpenSSL 1.1 or higher.
This could have prevented ossl components from being loaded/used.
- 2023-01-02: core bugfix: template system may generate invalid json
When
- a list template
- is created with option.jsonf="on"
- and the last list element is a property with onEmpty="skip"
- and that property is actually empty
invalid JSON is generated.
The JSON string in this case ends with ", " instead of "}\n". This
patch fixes the issue.
closes https://github.com/rsyslog/rsyslog/issues/5050
----------------------------------------------------------------------------------------
Scheduled Release 8.2212.0 (aka 2022.12) 2022-12-06
- 2022-12-05: testbench: make python http server based tests more reliable
Harden them against races during server port assignment. Prevents
testbench flakes.
- 2022-12-05: omprog bugfix: invalid status handling at called program startup
There is a bug when external program *startup* does not return "OK". This
can also lead to a misadressing with potentially a segfault (very unlikely).
Note that no problem exists once the initializiation phase of the external
program is finished and regular message transfer runs.
The problem basically is that for a startup failure, the control data for
that external program instance is freed on error. Unfortunately, that state
data is needed later on to detect a suspended instance. We now keep the control
data even on init failure (as we then need to do normal control options).
closes https://github.com/rsyslog/rsyslog/issues/4967
- 2022-11-29: testbench bugfix: wrong message injection object of instance 1
In some client-server test cases, messages are supposed to be injected into
the instance 2(client), but they are actually injected into instance 1(server),
which may lead to false negative results. This patch fixed it by replacing
'injectmsg' with 'injectmsg2', and dealt with some minor issues.
Thanks to Guodong Zhu for the patch.
- 2022-11-21: rsyslog.conf man page bugfix: description of selectors
Document historic difference to BSD syslog selectors.
- 2022-11-18: imtcp bugfix: legacy config directives did no longer work
Many "$InputTCPServer..." config directives did no longer work
and were completely ignored (e.g. "$InputTCPServerStreamDriverMode").
This was a regression from a08591be5d9 (May, 5th 2021).
closes https://github.com/rsyslog/rsyslog/issues/5021
- 2022-11-16: ksi bugfix: sending of too many signing requests fixed.
As there is a bug in libksi where too many signing requests may have bene sent
out the amount of signing requests will be limited by KSI module until the fix
is implemented.
Thanks to Taavi Valjaots for the patch.
- 2022-11-14: bugfix: prevent potential segfault when switchung to queue emergency mode
When switching to Disk queue emergency mode, we destructed the in-memory
queue object. Practice has shown that this MAY cause races during
destruction which themselfs can lead to segfault. For that reason, we
now keep the disk queueu object. This will keep some ressources,
including disk space, allocated. But we prefer that over a segfault.
After all, it only happens after a serious queue error when we are
already at the edge of hard problems.
see also: https://github.com/rsyslog/rsyslog/issues/4963
- 2022-11-08: ksi bugfix: Segmentation fault in async mode fixed
Thanks to Taavi Valjaots for the patch.
- 2022-11-02: imjournal: add second fallback to _COMM
If SYSLOG_IDENTIFIER is not present in the journal message,
then lookup the _COMM field, which stands for the name
of the process the journal entry originates from. This is
needed in order to be in compliance with the journalctl
output.
Thanks to Attila Lakatos for the patch.
- 2022-10-25: core bugfix: local hostname invalid if no global() config object given
The local hostname is invalidly set to "[localhost]" on rsyslog startup
if no global() config object is present in rsyslog.conf. Sending a HUP
corrects the hostname.
This is a regression from ba00a9f25293f
closes https://github.com/rsyslog/rsyslog/issues/4975
closes https://github.com/rsyslog/rsyslog/issues/4825
- 2022-10-25: testbench bugfix: fixed timing issue that sometimes lead to test failure
Timing caused a race in test tool sync and could lead to premature termination of
tools, which in turn caused test failure
----------------------------------------------------------------------------------------
Scheduled Release 8.2210.0 (aka 2022.10) 2022-10-18
- 2022-10-13: fix NetBSD build issue
On NetBSD, time_t has for a long time now been __int64_t.
On 32-bit CPUs, the compiler is not obliged to define
__sync_bool_compare_and_swap_8, so instead this ends up
as an undefined symbol when linking rsyslog. This makes
the code fall back to the pthread / locking method on these
systems, but at least lets the program build.
Thanks to Havard Eidnes for the patch.
- 2022-10-12: omrabbitmq: Add TLS support
Thanks to github user 21stcavenan for the patch.
- 2022-09-14: config: add "abortOnFailedQueueStartup" global config parameter
similiar to "abortONUncleanConfig", this parameter aborts rsyslog
when a queue has problems during startup. Some users perfer rsyslog
to terminate in this case. By default, nothing changes.
closes https://github.com/rsyslog/rsyslog/issues/4902
- 2022-09-07: cor bugfix: leak in helper function SetString
A part of rsyslog runtime, SetString(), had a small memory leak when a value was
assigned multiple times. While this could potentially consume larger amounts of
memory, this did not happen in practice. The reason is that multiple assignments
to the same object occur very seldom.
Thanks to github user seuzw930 for the patch.
closes: https://github.com/rsyslog/rsyslog/issues/4961
- 2022-09-07: core bugfix: correct local host name after config processing
rsyslog.conf may affect the host's local name. These changes were
so far only activated after the first HUP. This patch now ensures
that the configured local host name is applied correctly throughout
all processing, including early startup.
This patch causes a slight change of behaviour. However, the behaviour
was inconsitent before. Now it is consistent and according to the config.
Please note: this patch also exposes a global entry point via "regular"
dynamic loading as this makes things much easier to do. This is in-line
with ongoing simplification effort.
Finally, we also remove a CI test that we do no longer need because
the problem covered is now addressed differently and the original issue
can no longer occur.
closes https://github.com/rsyslog/rsyslog/issues/4975
- 2022-08-31: imtcp: add option notifyonconnectionopen
Add this both as module an input parameter. Complements already-existing
config param notifyonconnectionclose and mirrors the similar feature from
imptcp.
The module parameter acts as default, similarly to notifyonconnectionclose.
Note that in contrast to imptcp, we emit IP addresses and not host
names. This sticks with the traditional semantics of imtcp.
Note that we also fixed a mislading error message in the case when a
disallowed sender tried to connect.
Thanks to John Chivian for suggesting the addition.
- 2022-08-26: openssl TLS driver: add mechanism to include extra CA files parameter
This change allows to include extra CA files so that no "unable to get issuer
certificates" issue is obtained when using chained cert files. New parameter name is
"NetstreamDriverCAExtraFiles".
Thanks to Sergio Arroutbi for the patch.
closes: https://github.com/rsyslog/rsyslog/issues/4851
- 2022-08-19: fix compile issue with older gcc compilers
Thanks to Julien Thomas for the contribution.
----------------------------------------------------------------------------------------
Scheduled Release 8.2208.0 (aka 2022.08) 2022-08-09
- 2022-08-09: ksi bugfix: request cache size and send timeout issue fixed.
Async service send timeout is not configurable and request cache size is too
small to handle large amount of signing requests with small amount of permitted
requests per aggregation round. For example user with max_requests = 4 results
cache size 5 * max_requests or at least 256. When signing 300 log files cache
will be too small resulting several unsigned blocks. When signing 200 log file
cache will be adequate, but with rate of 4 signatures per second, it is only
possible to sign 4 * 10 blocks before all requests that are not sent out will
timeout.
Fix for the issue is to make send timeout configurable and make the size of the
cache depend on the value of send timeout. New configuration value
sig.block.signtimeout="time, s" introduced that defines the time window wherein
the block has to be signed. The size of the request cache is increased to
3 * max_requests * sign_timeout or at least 256.
Thanks to Taavi Valjaots for the patch.
- 2022-08-09: imjournal bugfix: segmentation fault in close journal
Thanks to github user t-feng for the patch.
- 2022-08-09: net subsystem: support sha256 for StreamDriverAuthMode="x509/fingerprint"
Thanks to github user codemaker219 for the patch.
- 2022-08-05: imfile bugfix: message loss/duplication when monitored file is rotated
When a to-be-monitored file is being rotated, some messages may be lost or
duplicated. In case of duplication, many file lines may be duplicated
depending on actual timing. The whole bug was primarily timing depenedent
in general. It most often was visible in practice when the monitored
file was very frequently rotated (we had some report with every few
seconds).
Note that while we try hard to not lose any messages, input file
rotation always has some loss potential. This is inevitable if
the monitored file is being truncated.
Also note that this bugfix affects imfile, only. It has nothing to do
and no relation to rsyslog output files being rotated on HUP.
closes: https://github.com/rsyslog/rsyslog/issues/4797
- 2022-08-05: ksi bugfix: optimize processing of signer queue to fix delays.
There is a worker queue where rsyslog KSI module collects events and signing
requests. When queue is processed thread is periodically put to sleep. Previous
implementation handles signature requests well but sleeps every time after
handling new file open / close event. When several log files are opened or
closed simultaneously process is significantly slowed down. Another issue is
that thread always sleeps 1000ms that may be 2x longer than aggregation round.
This slows down overall signing process.
Fix for the issue is to simply not sleep after file open / close event if there
are next items to be processed. To speed up the signing process, rsyslog uses
KSI aggregator conf. to obtain the aggregation period that is used for the sleep
time configuration.
Thanks to Taavi Valjaots for the patch.
- 2022-08-04: ksi bugfix: possible crash fixed when several log files are opened.
KSI module in async mode used to request aggregator conf. every time a log
file was opened. When several log files were opened simultaneously
corresponding amount of pointless concurrent conf. requests were posted.
Concurrent conf. requests lead to a bug in libksi, where internal count of
pending requests was not decremented correctly causing system to crash.
Fix for the issue is to optimize the frequency of conf. requests so that only
one conf. requests is handled at once. Instead of checking conf. every time
log file is opened, conf is requested periodically after conf timeout. This will
affect both sync and async mode.
New option for KSI module introduced - sig.confinterval="time, s".
Thanks to Taavi Valjaots for the patch.
- 2022-08-04: openssl: add support to split tls commands by semicolon
- Add support to split tls commands by semicolon.
- Changed one test with multiple tls commands to use semicolon as
separator instead of newline.
closes: https://github.com/rsyslog/rsyslog/issues/4852
- 2022-08-04: openssl subsystem bugfix: build issue on Solaris
Needed header file was added. Platforms other than Solaris did not actually need it,
so this bug was discovered late.
Thanks to Jakub Kulík for the patch.
Import <strings.h> when index() is used.
- 2022-08-04: openssl: add more details to error messages
- Avoid LogMsg outputs osslEndSess on successfull terminated
connection. Only LogMsg if the connection was terminated
unsuccessfully.
- Handle SSL_ERROR_SYSCALL in both Send / osslRecordRecv,
do not log as error if underlaying socket was terminated
(ECONNRESET). Log as information instead.
closes: https://github.com/rsyslog/rsyslog/issues/4946
- 2022-08-04: omclickhouse: capture additional exceptions
- DB::NetException
- DB::ParsingExceptions
Thanks to Victor Kustov for the patch.
- 2022-08-04: mmanon bugfix: Simplified and fixed IPv4 digit detection.
- Fixed an issue with numbers above int64 in syntax_ipv4.
Numbers that were up to 256 above the max of an int64
could incorrectly be detected as valid ipv4 digit.
- Simplified the IPv4 digit detection function and renamed
to isPosByte.
- added testcasse for malformed IPvc4 addresses
closes: https://github.com/rsyslog/rsyslog/issues/4940
- 2022-07-21: imptcp: slight tuning
- reduce indirect addressing to obtain more speed
- also a fix for an annoying typo
- minor other optimizations
- modernization of one test
- 2022-07-20: template procesing/json: performance optimization
- 2022-07-19: core bugfix: memory leak when free action worker data table
During free action worker data table when action destruct, worker instance in worker
data table were not null. It resulted in memory leak.
Thanks to github user seuzw930 for the patch.
- 2022-07-13: omfile: support for zstd compression
The zstd library provides better and faster compression than zlib.
This patch integrates zstd as a dynamically-loadable functionality.
As such, no further dependencies need to be added to the rsyslog
base package.
Due to the increased performance, usage of zstd is highly recommended
for high-volume use cases.
This patch also refactor zlib compression in order to unify handling
in both compression cases.
- 2022-07-07: stream cleanup: move error message to debug log, only
This error message is most probably rooted in a kernel problem. At
least knowbody knows how it can happen. It's definitely not a
rsyslog issue. We also can recover from it for a long time now
so there is no reason to irritate users by emitteing this
"error" message.
- 2022-07-04: mmdblookup bugfix: Don't crash Rsyslog on mmdb file errors
Thanks to Théo Bertin (frikilax) for the patch.
- 2022-06-28: build error fix: libbson requires out-of-date language constructs
- 2022-06-27: OpenSSL: fix depreacted API issues for OpenSSL 3.x
- OpenSSL error strings are loaded automatically now
- Debug Callback has changed
- See for more:
https://www.openssl.org/docs/manmaster/man7/migration_guide.html
closes: https://github.com/rsyslog/rsyslog/issues/4912
----------------------------------------------------------------------------------------
Scheduled Release 8.2206.0 (aka 2022.06) 2022-06-14
- 2022-05-25: omelastisearch: allow omitting _type field
Allow omitting the _type field by setting it to an empty string.
Setting this field has been deprecated since 6.0, and support will
be removed in 8.0
Also add testbench test for empty searchType with ES 7.0
This checks for messages in the deprecation log and also provides
avoids deprecation messages from usage of transport.tcp.port in the
test configuration
Thanks to Jarkko Oranen for the patch.
- 2022-05-18: tcpsrv/imtcp: slight performance improvements
This change slightly improves performance for tcpsrv-based servers.
This affects imtcp and imgssapi as well as some helpers.
No other functional change is included in this change.
- 2022-05-12: imptcp bugfix: worker thread starvation on extreme traffic
When connectes were totally busy, without any pause, the assigened worker
did never terminate its reading loop. As such, it could not service any
other conenctions. If this happened multiple time and to all configured
workers, all other connections could not be processed at all. This extreme
scenario is very unlikely, as the whole issue is relatively unlikely.
In practice, the issue could lead to somewhat degraded performance and
resolved itself after some time (in practice no connection is 100% busy
for an extended period of time).
Note that this patch sets a fixed limit of 16 iterations for very busy
connections. This sounds like a good compromise between non-starvation
and performance. The exact number may be made configurable if there
is really need to.
- 2022-05-11: omelasticsearch: several support option for ElasticSearch 8
- config params searchIndex and documentType can be empty
- support for Data Stream API
Thanks to github user EHerzog76 for these changes.
- new config param esVersion.major
- 2022-05-09: tcp receiver bugfix: delay/potential hang on some error conditions
Error were not correctly handled in some cases for imtcp and imgssapi. This could
lead to a temporary stall of some connections. For ultry-low traffic systems, this
stall could stay for a long period of time. In most cases, it was resolved very quickly.
Note that imptcp was not affected.
Thanks to Iwan Timmer for the fix.
- 2022-05-05: net bugfix: potential buffer overrun
there is heap buffer overflow vulnerability in rsyslog tcp reception components.
This can only happen in octet-counted mode, which is enabled by default.
Affected components: imtcp, imptcp, imhttp, imgssapi, imdiag when octet-counted
framing was enabled.
If the receiver ports are exposed to the public Internet AND are used
without authentication, this can lead to remote DoS and potentially to
remote code execution. It is unclear if remote code execution is
actually possible. If so, it needs a very sophisticated attack.
When syslog best practices with proper firewalling and authentication
is used, thean attack can only be carried out from within the Intranet
and authorized systems. This limits the severity of the vulnerability
considerably (it would obviously require an attacker already to be
present inside the internal network).
Credits to Peter Agten for initially reporting the issue and working
with us on the resolution.
fixes CVE-2022-24903
Advisory:
https://github.com/rsyslog/rsyslog/security/advisories/GHSA-ggw7-xr6h-mmr8#advisory-comment-72243
- 2022-05-05: imptcp: set OS worker thread name
We now set the worker thread names to "imptcp/<thrd nbr>" where
<thrd nbr> is the numerical index (0, 1, ...) of the worker thread.
This enables to distinguish individual worker threads in OS tools like
htop. That is useful for performance testing and system monitoring.
The choosen name format is consistant with other similar thread
names inside rsyslog. For imptcp, worker threads were not yet
given individual names.
Note: "in:imptcp" is imptcp's "main" thread, which also is used
as a worker in some scenarios. This name was not modified.
- 2022-04-26: mmanon bugfix: shortened IPv6 form not always anonymized
If the IPv6 is in non-recommended form followed by a 5 digit port number, it
is not anonymized.
A reproducer for this is: 1a00:c820:1180:c84c::ad3f:d991:ec2e:49255
closes https://github.com/rsyslog/rsyslog/issues/4856
- 2022-04-22: mmdblookup fix: wrong copy of buffer
...following parse of libmaxminddb's return after a successful search sometimes
failed to return specific field from data.
Thanks to Théo Bertin for the patch.
- 2022-04-22: mmdblookup: several enhancements
- support arrays in MMDB entry
- support escaped quotes '"' in MMDB entry
- support '<' characters in MMDB entry, when in a field
- support '}' characters in MMDB entry, when in a field
Thanks to Théo Bertin for the patch.
----------------------------------------------------------------------------------------
Scheduled Release 8.2204.1 (aka 2022.04) 2022-05-05
- security bugfix: potential buffer overrun in imptcp, imtcp, imgssapi and others
This addresses CVE-2022-24903
see also https://github.com/rsyslog/rsyslog/security/advisories/GHSA-ggw7-xr6h-mmr8
----------------------------------------------------------------------------------------
Scheduled Release 8.2204.0 (aka 2022.04) 2022-04-19
- 2022-04-18: gnutls bugfix: possibility of infinite loop
There was a rare possibility that the E_AGAIN/E_INTERRUPT handling
could cause an infinite loop (100% CPU Usage), for example when a TLS
handshake is interrupted at a certain stage.
* After gnutls_record_recv is called, and E_AGAIN/E_INTERRUPT error
occurs, we need to do additional read/write direction handling
with gnutls_record_get_direction.
* After the second call of gnutls_record_recv (Expand buffer)
we needed to also check the eror codes for E_AGAIN/E_INTERRUPT
to do propper errorhandling.
* Add extra debug output based on ossl driver.
* Potential fix for 100% CPU Loop Receiveloop after gtlsRecordRecv
in doRetry call.
closes https://github.com/rsyslog/rsyslog/issues/4834
closes https://github.com/rsyslog/rsyslog/issues/4818
closes https://github.com/rsyslog/rsyslog/issues/4638
- 2022-04-17: core/bugfix: errorfile could grow over max configures size
When action.errorfile.maxsize configuration option is enabled and error file
already has a certain size smaller than max size configured, it is increasing
higher than configured max size as the error file is considered to be zero in code.
This fix reads current error file size and limits the size to the maximum
size configured.
Thanks to Sergio Arroutbi for the patch.
fixes https://github.com/rsyslog/rsyslog/issues/4821
- 2022-04-17: omkafka bugfix: potential misadressing
The `failedmsg_entry` expects a null-terminated string in `key`, but
here we allocate with malloc and copy a string-with-length-n into only
the first n bytes. If the final byte is null, this is by coincidence
only.
This was observed by means of seeing random binary data appended to
keys submitted to kafka apparently at random. This could also result
in more severe problems, inclusing a segfault.
Thanks to David Buckley for the patch.
- 2022-04-06: added new "FullJSONFmt" standard template (with addtl fields)
This comes handy for a number of use cases, especially with ElasticSearch.
Thanks to Art O Cathain for the patch.
- 2022-04-04: imfile: potential processing delay
This was mentioned by Mikko Kortelainen without exact details on what exactly
this could cause in practice. But we were confident enough that it is worth
merging (though it does not look like something that brought real problems in
practice, as we do not know any related reports).
see also: https://github.com/rsyslog/rsyslog/pull/4445
Thanks to Mikko Kortelainen for the patch.
- 2022-04-04: bugfix: cosmetic data races
there was a more or less cosmetic data race which could happen when children
processes died in quick sequence. Even then, no real harm happened, as all
children were reaped eventually.
A similar data race exists for HUP processing.
However, these races polluted TSAN test runs, and so we fixed them
- 2022-04-01: add property options to support ISO week/year number
Thanks to Mattia Barbon for the patch.
- 2022-04-01: core bugfix: "action suspended" message was emitted even when turned off
Most messages were diasabled, but there was one part of the code that ignored the
user configuration.
Thanks to Deyneko Aleksey for the patch.
- 2022-03-31: testbench: add more tests for rscript comparison operations
- 2022-03-31: core bugfix: make internal logs emitted during HUP procesing appear quicker
After call doHUP(), probably there is a internal log in the list. However, it
will not be wrote out immediately, because the mainloop will be blocked at
pselect in wait_timeout() until a long timeout or next message occur.
More deadly, the log may be lost if the deamon exits unexpectedly.
We might as well put processImInternal() after doHUP(), so that the message
will be flushed out immediately.
Fixes: 723f6fdfa6(rsyslogd: Fix race between signals and main loop timeout)
Thanks to Yun Zhou for the patch.
- 2022-03-20: refactor: Move the parser directive to the main config
Thanks to Attila Lakatos for the patch.
- 2022-03-16: refactor: ake the main message queue part of the config
The intent of this patch is to make the main message queue part of the main config.
It will help us to proceed towards dynamic configuration reload.
- regression bugfix: rsyslog may segfault during startup
glblGetMaxLine() might be called even before the main configuration file exists
resulting unexpected behavior, most probably segmentation fault. This is addressed
by re-introducing the old default of 8KiB. The problem was introduced earlier in
2022.
- regression fix: script string comparison did not work correctly
In rscript, comparison operations on strings did not work correctly
and returned false results. This is cause by a regression in commit
5cec5dd634e0. While it fixed number comparisons, it introduced new
problems in string comparisons, which were not present before. Note
that most items in rsyslog are strings, so this can actually cause
some problems.
----------------------------------------------------------------------------------------
Scheduled Release 8.2202.0 (aka 2022.02) 2022-02-15
- 2022-02-14: imfile bugfix: remove cause for "internal error message" (not causing harm)
When any message is output into a renamed input file, rsyslogd output the following:
message.
imfile: internal error? inotify provided watch descriptor 7 which we could not find
in our tables - ignored
When rsyslogd detects the inode change, it deletes the entry from wdmap[]. But,
the watch descriptor is not removed. Some application like sssd outputs some messages
(like "HUP signal was received!!") after HUP signal is received and before switching
into the new log file. And, the above messages can be output every log rotation.
This situation is now resolved.
Thanks to Masahiro Matsuya for the patch.
- 2022-02-04: rscript bugfix: literal numbers were not compared correctly
This problem occurred when numbers were used in rsyslog.conf in
the set statement, e.g.
set $nbr = 1234;
In this case, during comparisons, the number was actually interpreted
as a string with digits. Thus numerical comparisons lead to unexpected
results. Even more so, as in other places of the code they were
treated as native numbers.
This is now fixed. We cannot outrule that this causes, in border cases,
change of behavior to existing configs. But it is unlikely and the
previous behaviour was a clear bug and very unintuitive. This in our
opinion it is justified to risk a breaking change for an expected
very minor subset of installations, if any such exists at all.
closes https://github.com/rsyslog/rsyslog/issues/4770
- 2022-02-04: omelasticsearch bugfix: indexSuccess impstats counter in bulkmode wrong
When bulkmode is enabled, and a batch was processed without any
failures (errors is false), the code that increments the indexSuccess
impstats counter was never reached.
closes: https://github.com/rsyslog/rsyslog/issues/4794
- 2022-01-17: imkmsg bugfix: effectively disabled input on error reading kmsg
Due to a program bug, imkmsg could not recover from an kmsg read error.
Note that recovering is possible and was intended.
Thanks to Kailash Sethuraman for the patch.
- 2022-01-17: imtcp bugfix: worker threads were not properly terminated
Graceful shutdown of Rsyslog could lead to segmentation faults when
multiple imtcp inputs were being used. That is because the rest of the
tcpsrv threads are left behind running, while their underlying objects
are being disposed by the main thread as part of the module
de-initialization.
closes: https://github.com/rsyslog/rsyslog/issues/4776
Thanks to Gabor Orosz <goro@goro.io> for the analysis and patch.
- 2022-01-07: omlibdbi bugfix: use-after-free bug
This occurred in when sqllite driver was used. Depending on circumstances, this had
no visible issues (often) up to rsyslog segfault. The busier rsyslog is, the more
likely a bad outcome.
- 2022-01-06: omhttp bugfix: memory leak in lokirest batchmode
A JSON object was created (valueObj) but not used and also not released causing a
memory leak. Over time, this could lead to memory overcomittent.
closes: https://github.com/rsyslog/rsyslog/issues/4766
----------------------------------------------------------------------------------------
Scheduled Release 8.2112.0 (aka 2021.12) 2021-12-16
- 2021-12-14: refactor:Deallocate outchannel resources in rsconf destructor
Thanks to Attila Lakatos for the patch.
- 2021-12-14: refactor: use runConf instead of loadConf in ratelimiting during runtime
Thanks to Attila Lakatos for the patch.
- 2021-11-22: new contribtion: URL parser module function using libfa
Thanks to Théo Bertin for the patch.
- 2021-11-18: mmanon: relax IPv6 detection - improve anonymization
We so far tried to ensure a value is really an IPv6 address, in order
to avoid to mangle with just similar-looking information elements.
However, this lead to misdetection for unusual formats, e.g. when a
port is appended to a numerical IPv6 adress given without braces [].
This has been changed now. In a sense, we now prefer to err on the
side of privacy.
BEHAVIOR CHANGE:
Previously, a suspect value was not anonymized, and thus some other
elements (like some MAC addresses) preserved. Now the opposite is
true, and we anonymize anything that looks close enough to be an
IPv6 address. This improves anonymization.
closes https://github.com/rsyslog/rsyslog/issues/4725
- 2021-11-10: ruleset bugfix: ruleset queue was incorrectly named
The ruleset was incorrectly and unusably named. This was a regeression
from 4a63f8e9629c3c9481a8b6f9d7787e3b3304320b.
Many thanks to github user digirati82 for alerting us.
closes https://github.com/rsyslog/rsyslog/issues/4730
- 2021-11-10: omsnmp: update module to current IP best practices
The omsnmp module uses the inet_addr() function to convert the Internet host address
from IPv4 numbers-and-dots notation into binary data in network byte order. If the input
is invalid, INADDR_NONE (usually -1) is returned. Use of this function is problematic
because -1 is a valid address (255.255.255.255). We should avoid its use in favor of
inet_aton(), inet_pton(3), or getaddrinfo(3), which provide a cleaner way to indicate
error return [1].
This is just a request to satisfy covscan, so no error is reported at all.
Thanks to Attila Lakatos for the patch.
- 2021-10-27: ommysql: fix threading bug
When the MariaDB connection was (re)established, old or NULL handle
could be used. This is fixed now.
We need to synchronize access to the mysql handle, because multiple threads
use it and we may need to (re)init it during processing. This could lead to
races with potentially wrong addresses or NULL accesses. If this really
matters mostly depends on the MariaDB/MySQL client library. It looks like
they guard against fatal failuers. Anyhow, logging errors inside rsyslog
could happen in any case.
- 2021-10-25: testbench: false positive when impstats was not built
Test omfwd_fast_imuxsock failed when impstats was not built. This
has been corrected, test is now only executed when impstats is
present.
- 2021-10-25: imtcp: add support for permittedPeers setting at input() level
The permittedPeers settig was actually forgotten during the refactoring
of TLS input() level settings. This functionality is now added.
closes: https://github.com/rsyslog/rsyslog/issues/4706
----------------------------------------------------------------------------------------
Scheduled Release 8.2110.0 (aka 2021.10) 2021-10-19
- 2021-10-13: config bugfix: global(security.abortonidresolutionfail=) did not work
when used with rscript based configuration, it was not checked.
- 2021-10-13: config bugfix: global param $privDropToUser did not work correctly
The parameter was not implemented for rscript based configuration and
did not properly apply to legacy configuration. In essence, it almost always
did not work as expected.
see also: https://github.com/rsyslog/rsyslog/issues/4642
see also: https://github.com/rsyslog/rsyslog/commit/cbcaf2c7e5b67e5465e47bc7cc67af2eae47bd31
- 2021-10-12: rscript bugfix: ruleset called async when ruleset had queue.type="direct"
The call rscript statement is able to call a rule set either synchronously or
asynchronously. We did this, because practice showed that both modes
are needed. For various reasons we decided to make async
calls if the ruleset has a queue assigned and sync if not.
To know if a "queue is assigned" we just checked if queue parameters were
given. It was overlookeded the case of someone explicitly specifying a
"direct queue", aka "no queue". As such, queue="direct" triggered async
calls. That in turn meant that when a write operation to a variable was
made inside that rule set, other rulesets could or could not see the
write. While if was often not seen, this was a data race where the
change could also be seen by the outside.
This is now fixed. No matter if queue.type="direct" is specified or
left out, the call will always by synchronous. Any values written to
variables will also be seen by the "outside world" in later processing
stages.
Note that this has some potential to BREAK EXISTING CONFIGURATIONS.
We deem this acceptable because:
1. this was racy at all, so unexpected behaviour could alwas occur
2. it is actually unlikely that someone used the triggering conditions
in practice. But we can not outrule this, especially when the
configuration was auto-generated.
Potential compatibility issues can be solved by defining a small
array-memory queue on the ruleset in question instead of specifying
direct type.
Again, we expect that almost all users will never experience any
problems. If you do, however, please let us know: we may add an
option to re-enable the bug.
- 2021-10-12: ksi bugfix: locking bug fixed in rsksiCtxOpenFile
Thanks to Taavi Valjaots for the patch.
- 2021-10-11: core bugfix: fix typo in error message
Thanks to github user jkschulz for the patch.
- 2021-10-11: tcpsrv bugfix: compilation without exceptions
tcpsrv.c:992:1: error: label at end of compound statement
finalize_it:
^~~~~~~~~~~
Quoting from pthread.h:
pthread_cleanup_push and pthread_cleanup_pop are macros and must always
be used in matching pairs at the same nesting level of braces.
Amends commit bcdd220142ec9eb106550195ba331fd114adb0bd.
Thanks to Orgad Shaneh for the patch.
- 2021-10-11: mkubernetes bugfix: no connection retry to kubernetes APP
When connection to the kubernates API was not possible, mmkubernetes
did not retry. This does now happen via regular rsyslog retry
mechanism.
Thanks to github user jayme-github for the analysis and patch.
closes https://github.com/rsyslog/rsyslog/issues/4669
- 2021-10-11: openssl bugfix: Correct gnutlsPriorityString (custom ciphers) behaviour
- Only apply default anon ciphers if gnutlsPriorityString is NULL and
Authentication Mode is set to anon. Otherwise we do not set them
as they overwrite custom Ciphers.
- Added two tests for custom cipher configuration (anon/certvalid mode).
- Add call for applyGnutlsPriorityString if gnutlsPriorityString changes.
- Merged openssl init code from Connect into osslInitSession
closes: https://github.com/rsyslog/rsyslog/issues/4686
- 2021-10-11: build issue: handle undefined MAXPATHLEN, PATH_MAX
While we handled missing PATH_MAX, we did not handle missing MAXPATHLEN.
This happens under GNU/Hurd, because there is no official limit. However,
extremely long pathes are extremely uncommon, so we do not want to
use slow dynamic alloc each time we need to build pathes. So we
impose a limit of 4KiB, which should be fairly enough. Note that
this obviously increases stack requirements in GNU/Hurd.
As suggested by Michael Biebl, we have now implemented a generic
approach to handle this via autoconf.
- 2021-09-12: openssl: extended output information on connection failure
Now includes the remote client/server IP address in the log output.
- 2021-09-12: imhttp enhancements - query parameter ingestion & basic auth support
- Basic Authentication support & tests
* configured via imhttp option "basicAuthFile". This option should be configured
to point to your htpasswd file generated via a standard htpasswd tool.
tests:
* imhttp-post-payload-basic-auth.sh
* imhttp-post-payload-basic-auth-vg.sh
- Query parameter ingestion capability & tests
use t `addmetadata` option to inject query parameters into
metadata for imhttp input.
DISTRO PACKAGERS BEWARE: NEW DEPENDENCY FOR IMHTTP:
libaprutil (libaprutil1-dev on debian'ish, apr-util-devel on Red Hat)
Thanks to Nelson Yen for the patch.
- 2021-09-07: testbench bugfix: privdrop tests under root user did not work
When running under root, the privdrop tests did not properly work. This
patch fixes the issue and skips test where necessary.
This also includes some modernization of the related tests.
closes https://github.com/rsyslog/rsyslog/issues/4619
- 2021-09-07: core/ratelimiting: fix rate limiting for already parsed messages
Rate limiting may not have worked if the considered message had already
been parsed (not having NEEDS_PARSING in msgFlags).
This affects also imuxsock in its default configuration
(useSpecialParser="true" and ratelimit.severity="1")
- 2021-09-07: core bugfix: use of property $wday terminates string
When $wday is used inside a template, all template parts after it
are ignored. For exmaple:
template(name="json_filename" type="string" string="/var/log/%$wday%.log")
would generate something like "/var/log/0" - the ".log" part would be
missing. For the same reason, $wday can not reliably checked in script
filters.
Thanks to Alain Thivillon for reporting the bug and providing an
excellent analysis, which essentiellay was exactly this fix here.
closes https://github.com/rsyslog/rsyslog/issues/4670
- 2021-09-07: core/queue bugfix: potential misadressing when queue discarded messages
When a discard mark was set, the queue was very busy and discarded messages, a
NULL pointer access could happen. Depending on circumstances, several problems
could occur, including a SEGFAULT. This is now fixed.
closes: https://github.com/rsyslog/rsyslog/issues/4437
- 2021-09-07: imdiga bugfix: iOverallQueueSize calculation could be incorrect
This issue only affects testbench and rsyslog development debugging. The active
messages counter, used for synchronizing test steps, went wrong when the queue
discarded messages on it's consumer thread. Now fixed.
- 2021-09-06: gnutls driver: SAN priority did not work correctly on server side
PrioritizeSAN was not propagated when accepting a new connection, this is now fixed.
Thanks to Attila Lakatos for the patch.
- 2021-08-24: config: implement script-equavalent for $PrivDrop* statements
closes https://github.com/rsyslog/rsyslog/issues/891
----------------------------------------------------------------------------------------
Scheduled Release 8.2108.0 (aka 2021.08) 2021-08-17
- 2021-08-16: openssl tls: Improved error message output on tls failures.
closes: https://github.com/rsyslog/rsyslog/issues/4645
- 2021-08-16: impstats: add percentile metrics tracking functionality
Brief overview:
TO configure tracking percentile metrics in rainerscript:
User would need to define:
- which percentile to track, such as [p50, p99, etc.]
- window size - note, this correlates directly with memory usage to
track the percentiles.
To track a value, user would call built-in function `percentile_observe()` in their configurations to
record an integer value, and percentile metrics would be emitted every
impstats interval.
Thanks to Nelson Yen for the patch.
- 2021-08-12: imfile: add parameter "ignoreolderthanoption"
instructs imfile not to ingest a file that has not been modified in the
specified number of seconds.
Thanks to github user yanjunli76 for the patch (submitted from Nelson Yen)
- 2021-08-10: imklog bugfix: invalid memory adressing, could cause abort
This is a regeression from commit 94c4a87. It introduced a free() call
using an object that was no longer valid (the main pointer to the
to-be-freed object) was already freed at time of use. This could
cause various issues, including a segfault.
Note: this bug was triggerred only during late phase of rsyslog
shutdown, so it did not affect regular operation.
Special thanks to github user wxiaoguang for analyzing the issue
and providing a draft fix proposal, on which this patch builds.
see also https://github.com/rsyslog/rsyslog/pull/4629
closes https://github.com/rsyslog/rsyslog/issues/4625
- 2021-08-09: imfile bugfix: deleteStateOnFileDelete missed some state files
When the log file is deleted, imfile would attempt to delete the statefile but it
was missing the file_id part of the statefile name. This means the statefiles were
only removed in the log file was less than 512 characters, because for very small
files the file ID hash is not created. This lead to some state files not being
deleted.
Thanks to pearseimperva for the patch.
- 2021-08-09: imfile bugfix: hash char invalidly added in readmode != 0
If imfile is ingesting log files with readMode set to 2 or 1, the resulting
messages all have a '#' character at the end. This patch corrects the behaviour.
Note: if some external script "supported" the bug of extra hash character at
the end of line, it may be necessary to update them.
closes https://github.com/rsyslog/rsyslog/issues/4491
- 2021-08-09: omelasticsearch bugfix: errorFile mutex was not consistently locked
Lock the file during SIGHUPs to avoid issues with concurrent accesses by
writeDataError().
Thanks to François Poirotte for the patch.
- 2021-08-09: imudp: add socket type (IPv4 vs. 6) to input name
Most importantly, the input name is used for stats counter names as
well. Previously, the same name was used for IPv4 and IPv6, so we had
two counters with an equal name. That left users puzzled.
Unfortunately, this change can potentially require changes to existing
analysis scripts, as the name is now slightly different.
closes https://github.com/rsyslog/rsyslog/issues/4364
- 2021-08-06: omfwd: add capability for action-specific TLS certificate settings
This permits to override the global definitions for TLS certificates
at the action() level.
- 2021-08-06: imfile bugfix: file handle leak if "freshStartTail" was turned on
- 2021-08-05: imtcp: permit to use different certificate files per input/action
This completes the ability to override global/default TLS settings at the imtcp
input() level. Support for using multiple CAs/Certs per Connection is now provided.
- 2021-08-04: imptcp bugfix: keep alive interval was incorrectly set
The interval was accidentally set to keep alive interval. This has been
corrected.
closes https://github.com/rsyslog/rsyslog/issues/4609
- 2021-07-08: openssl network driver bugfix: small memory leak
Fixes a static, non-growing memory leak which existed when parameter
"GnutTLSPriorityString" was used. This was primarily a cosmetic issue,
but caused some grief during development in regard to memory leak
detectors.
Note: yes, this is for openssl -- the parameter name is historical.
- 2021-07-07: psrv bugfix: abort if no listener could be started
Modules (like imtcp and imdiag) which use tcpsrv could abort or
otherwise malfunction if no listener for a specific input could
be started.
Found during implementing a new feature, no report from practice.
But could very well happen.
- 2021-07-07: mmkubernetes bugfix: apiserver error handling
- Added graceful handling of apiserver errors with unexpected responses,
i.e., anything other than 200, 404, or 429. Idea is that apiserver
transient error state will recover. We don't want mmkubernetes to miss
metadata resolution for containers that don't have cached metadata.
During these transient error states, mmkubernetes will provide basic
container file path based resolution of namespace and pod metadata for
new pods whose metadata is not yet cached. After this error state
recovers, mmkubernetes is expected to resume its metadata resolution as
expected.
- Added a unit test case for apiserver return 500 with changes to mock server
- Fixed existing unit test that was failing due to missing expected results file
- Added mmkubernetes unit tests to testbench
Thanks to Abdul Waheed for the patch (submitted from Nelson Yen).
- 2021-07-07: ommongodb bugfixes
- Fix Segmentation fault when server is down
- Add server connexion check while resuming
Thanks to Kevin Guillemot for the patch.
- 2021-06-28: omkafka improvements
- drain librdkafka queues and retry later during rsyslog restart or hup. This
re-injects messages into rsyslog's native queues.
- add statsname on per kafka instance for better visibility
- omkafka - count errors related ssl as "errors_ssl"
Thanks to Nelson Yen for the patch.
- 2021-06-23: some CI/QA improvements, Travis-CI disabled
For the time being, Travis CI is disabled because it was outdated and Travis also
changed their system. We will re-evaluate if we re-enable it. Since quite a while
the Travits tests were redundant with the rest of CI, so this does not reduce
coverage.
- 2021-06-23: omhttp bugfix: dynrestpath param in batch mode invalid
When batchmode was used, the templates could not be used to
expand dynrestpath. We are now storing the restpath param
within the batch data if we are in batch mode.
When we are in batch mode, and the restpath value changes, the
batch is submitted and reinitialized
closes: https://github.com/rsyslog/rsyslog/issues/4567
- 2021-06-17: add predefined template RSYSLOG_SyslogRFC5424Format
This is essentially the same as RSYSLOG_SyslogProtocol23Format with
a better name and a fix to remove the unnecessary LF at the end of
the message.
The different name also enables us to fix the LF issue without
any concern about backwards compatibility.
closes https://github.com/rsyslog/rsyslog/issues/4384
- 2021-06-17: impstats/bugfix: _sender_stats reports integer counter as string
Note that this introduces a small backwards incompatibility: in previous output
the field was of string type, now it is integer (as intended). We discussed this
on the mailing list and the overwhelming thought was that this is not a problem
because almost all analysis backends are able to cover that format change. This made
the bugfix essentially costmetic.
HOWEVER, if you still experience issues, please let us know. We can add an option
to provide the previous format, and just spared to do so because there was no
evidence it was needed.
----------------------------------------------------------------------------------------
Scheduled Release 8.2106.0 (aka 2021.06) 2021-06-15
NOTE: the prime new feature is support for TLS and non-TLS connections
via imtcp in parallel. Furthermore, most TLS parameters can now be overriden
at the input() level. The notable exceptions are certificate files, something
that is due to be implemented as next step.
- 2021-06-14: new global option "parser.supportCompressionExtension"
This permits to turn off rsyslog's single-message compression extension
when it interferes with non-syslog message processing (the parser
subsystem expects syslog messages, not generic text)
closes https://github.com/rsyslog/rsyslog/issues/4598
- 2021-05-12: imtcp: add more override config params to input()
It is now possible to override all module parameters at the input() level. Module
parameters serve as defaults. Existing configs need no modification.
- 2021-05-06: imtcp: add stream driver parameter to input() configuration
This permits to have different inputs use different stream drivers
and stream driver parameters.
closes https://github.com/rsyslog/rsyslog/issues/3727
- 2021-04-29: imtcp: permit to run multiple inputs in parallel
Previously, a single server was used to run all imtcp inputs. This
had a couple of drawsbacks. First and foremost, we could not use
different stream drivers in the varios inputs. This patch now
provides a baseline to do that, but does still not implement the
capability (in this sense it is a staging patch).
Secondly, we now ensure that each input has at least one exclusive
thread for processing, untangling the performance of multiple
inputs from each other.
see also: https://github.com/rsyslog/rsyslog/issues/3727
- 2021-04-27: tcpsrv bugfix: potential sluggishnes and hang on shutdown
tcpsrv is used by multiple other modules (imtcp, imdiag, imgssapi, and,
in theory, also others - even ones we do not know about). However, the
internal synchornization did not properly take multiple tcpsrv users
in consideration.
As such, a single user could hang under some circumstances. This was
caused by improperly awaking all users from a pthread condition wait.
That in turn could lead to some sluggish behaviour and, in rare cases,
a hang at shutdown.
Note: it was highly unlikely to experience real problems with the
officially provided modules.
- 2021-04-22: refactoring of syslog/tcp driver parameter passing
This has now been generalized to a parameter block, which makes it much cleaner and
also easier to add new parameters in the future.
- 2021-04-22: config script: add re_match_i() and re_extract_i() functions
This provides case-insensitive regex functionality.
closes https://github.com/rsyslog/rsyslog/issues/4429
----------------------------------------------------------------------------------------
Scheduled Release 8.2104.0 (aka 2021.04) 2021-04-20
- 2021-04-19: new contributed module imhiredis
Thanks to Théo Bertin (frikilax) for the patch.
- 2021-04-19: new built-in function get_property() to access property vars
Provides ability to evaluate a rsyslog variable using dynamically
evaluated parameters.
1st param is the rsyslog param, 2nd param is a key, can be an array
index or key string.
Useful for accessing json sub-objects, where a key
needs to be evaluated at runtime. Can be used to access arrays as well.
Thanks to Nelson Yen for contributing this module.
- 2021-04-19: mmdblookup: add support for mmdb DB reload on HUP
Thanks to Théo Bertin (frikilax) for the patch.
- 2021-04-19: script bugfix: empty array in foreach() improperly handled
When running a foreach() loop inside a ruleset, if the json array/object iterated
over is empty but valid, the foreach will make the message processing in the
ruleset abort operation, no following operation (such as actions) will be
executed after this.
Thanks to Théo Bertin (frikilax) for the patch.
- 2021-04-19: imjournal bugfixes (handle leak, empty file)
Flush the FILE* buffer before rename & fsync in order
to not end up syncing an empty file.
Also, close WorkDir on fsync in order to prevent
file descriptor leakage.
Thanks to github user gerd-rausch for the fix.
- 2021-04-06: new contributed function module fmunflatten
This commit adds a new rainerscript function to unflatten keys in a JSON tree. It
provides a way to expand dot separated fields.
<result> = unflatten(<source-tree>, <key-separator-character>);
It allows for instance to produce this: { "source": { "ip": "1.2.3.4", "port": 443 } }
from this source data: { "source.ip": "1.2.3.4", "source.port": 443 }
Thanks to Julien Thomas for the contribution.
- 2021-02-22: test bugfix: some tests did not work with newer TLS library versions
Newer versions provide TLS versions that cannot be disabled in older versions as they
are unknown there. This is solved by setting restrictions in multiple steps. For
older library versions, the final step will error out, but the other one be applied.
This permits to achieve proper test results.
closes: https://github.com/rsyslog/rsyslog/issues/4534
- some improvements to project CI
----------------------------------------------------------------------------------------
Scheduled Release 8.2102.0 (aka 2021.02) 2021-02-16
- 2021-02-15: omfwd: add stats counter for sent bytes
Thanks to John Chivian for suggesting this feature.
- 2021-02-15: omfwd: add error reporting configuration option
RSyslog on a plain TCP cannot guarantee the message delivery
without using RELP protocol. Besides that the logs may be
flooded with connection errors making the rest of messages
difficult to find. To alleviate the problem (see issue 3910),
this patch adds a configuration option that enables to reduce
the number of network errors logged and reported.
For example, if each 10th network error message should be logged,
the rsyslog configuration has to be updated as follows.
action(type="omfwd" Target="<IP_ADDR>" Port="<PORT>" Protocol="tcp" ConErrSkip="10")
Thanks to Libor Bukata for the patch.
- 2021-02-15: action stats counter bugfix: failure count was not properly incremented
In some cases the counter was not incremented, most notably with transaction-enabled
actions.
Thanks to github user thinkst-marco for the patch.
- 2021-02-15: action stats counter bugfix: resume count was not incremented
And so it always stayed at zero.
Thanks to github user thinkst-marco for the patch.
- 2021-02-15: omfwd bugfix: segfault or error if port not given
If omfwd is configured via RainerScript config format and the "port"
parameter is not given, a segfault will most likely happen on
connection establishment for TCP connections. For UDP, this is
usually not the case.
Alternatively, in any case, errors may happen.
Note that the segfault will usually happen right on restart so this
was easy to detect.
We did not receive reports from practice. Instead, we found the bug
while conducting other work.
- 2021-01-29: lookup table bugfix: data race on lookup table reload
A data race could happen when a lookup table was reloaded. We found
this while moving to newer version of TSAN, but have no matching
report from practice. However, there is a potential for this to cause
a segfault under "bad circumstances".
- 2021-01-18: testbench modernization
Bump dependency versions, use newer distro versions for some tests.
Make kafka distcheck separate to help diagnose flaky kafka tests.
- 2021-01-16: testbench: fix invalid sequence of kafka tests runs
kafka tests can not run well in parallel (mostly due to ressource
constraints on CI machines). Accidentally, this was not enforced for
one of the tests. That could lead to random failures and false positives.
- 2021-01-14: testbench: fix kafkacat issues
The kafkacat tool has an upper limit of how many messages it can send
at once. Going over that limit causes messages loss. The exact limit
seems to depend on the environment. This causes testbench false positives.
This commit fixes two related issues:
- errors during kafkacat run were not detected - this has been added
- we now have a "max messages at once" setting, after which kafkacat
is restarted for the next batch of messages. It currently is set
to 25,000 msgs per incarnation. All tests loop now to send the
required number of messages. This has been fixed at the testbench
framework level, so no need to adjust individual tests.
- 2021-01-14: testbench: fix year-dependendt clickhouse test
A test had the year value hardcoded and as such failed whenever the
year changed. This patch corrects that.
----------------------------------------------------------------------------------------
Scheduled Release 8.2012.0 (aka 2020.12) 2020-12-08
- 2020-12-07: testbench bugfix: some tests did not work in make distcheck
- certificate file missing in dist tarball
- some test cases did not properly specify path to cert file
Thanks to Michael Biebl for alerting us and providing part of
the fix.
closes https://github.com/rsyslog/rsyslog/issues/4446
- 2020-12-07: immark: rewrite with many improvements
- mark message text can now be specified
- support for rulesets
- support for using syslog API vs. regular internal interface
- support for output template system
- ability to specify is mark message flag can be set
- minor changes and improvements
- 2020-11-30: usability: re-phrase error message to help users better understand cause
see also https://github.com/rsyslog/rsyslog/issues/3910
- 2020-11-10: add new system property $now-unixtimestamp
Among others, this may be used as a monotonic counter
for doing load-balancing and other things.
Thanks to Nicholas Brown for suggesting this feature.
- 2020-11-04: omfwd: add new rate limit option
Adding new rate limit option to omfwd for rate limiting
syslog messages sent to the remote server
ratelimit.interval:
Specifies the rate-limiting interval in seconds.
Default value is 0, which turns off rate limiting.
ratelimit.burst
Specifies the rate-limiting burst in number of messages.
closes https://github.com/rsyslog/rsyslog/issues/4423
Thanks to Dinesh-Ramakrishnan for the patch.
- 2020-11-03: omfwd bug: param "StreamDriver.PermitExpiredCerts" is not "off" by default
The default behaviour of expired certificates of stream driver in TLS mode, should
have been that the see tcp transmission is closed due to expired certificates, and
error messages emited in rsyslog status. This was not the case. That in turn could
lead to permitting sessions which should not be permitted.
Thanks to Vincent Zhu for alerting us and providing a great problem analysis
closes: https://github.com/rsyslog/rsyslog/issues/4425
----------------------------------------------------------------------------------------
Scheduled Release 8.2010.0 (aka 2020.10) 2020-10-20
- 2020-10-13: gnutls TLS subsystem bugfix: handshake error handling
If the tls handshake does not immediatelly finish, gnutls_handShake is called in
doRetry handler again. However the error handling was not
complete in the doRetry handler. A failed gnutls_handShake call
did not abort the connection and properly caused unexpected
problems like in issues:
https://github.com/rsyslog/rsyslog/issues/4270
https://github.com/rsyslog/rsyslog/issues/4288
- 2020-10-13: core/msg bugfix: memory leak
There is a missing call to json_object_put(json) if the call to
jsonPathFindParent() failed. It's leaking memory. Depending on workload and config,
this leak can potentially grow large (albeit we did not see reports from practice).
Thanks to Julien Thomas for the patch.
- 2020-10-13: core/msg bugfix: segfault in jsonPathFindNext() when <root> not an object
The segfault gets happens when <bCreate> is 1 and when the <root>
container where to insert the <namebuf> key is not an object.
Here is simple reproducible test case:
// ensure we start fresh
// unnecessary if there was no previous set
unset $!;
set $! = "";
set $!event!created = 123;
Thanks to Julien Thomas for the patch.
- 2020-10-13: openssl TLS subsystem: improvments of error and status messages
Adding error logs at the ssl handshake failure scenarios.
Adding the header "nsd_ossl:" tag to these logs to identify
the origin module from which logs are generated.
Thanks to Anusha Pai G for the patch.
- 2020-10-06: add 'exists()' script function to check if variable exists
This implements a way to check if rsyslog variables (e.g. '$!path!var') is
currently set of not.
Sample: if exists($!somevar) then ...
closes https://github.com/rsyslog/rsyslog/issues/4385
- 2020-10-03: core bugfix: do not create empty JSON objects on non-existent key access
Performing a condition (eg: check for an empty string) on a subtree key that do not
exists (depth > 1 from the root container), creates an empty "parent" object.
Depending on your context, you may end up with (kind of...) annoying garbage when
producing object documents (for instance to index in ES).
Also fixes a hypothetical hang condition with an almost (?) unused plugin parameter
passing mode, for details see
https://github.com/rsyslog/rsyslog/issues/4436
closes https://github.com/rsyslog/rsyslog/issues/4430
Thanks to Julien Thomas for the patch.
- 2020-09-28: gnutls subsysem bugfix: potential hang on session closure
Some TLS servers don't reply to graceful shutdown requests "for
optimization". This results in rsyslog's omfwd+gtls client to wait
forever for a reply of the TLS server which never comes, due to shutting
down the connection with gnutls_bye(GNUTLS_SHUT_RDWR).
On systemd systems, commands such as "systemctl restart rsyslog" just
hang for 1m30 and rsyslogd gets killed upon timeout by systemd.
This is fixed by replacing the call to gnutls_bye(GNUTLS_SHUT_RDWR) by calls to
gnutls_bye(GNUTLS_SHUT_WR) which is sufficient and doesn't wait for a
server reply.
As an example, Kiwi Syslog server is known to cause this issue.
Thanks to Renaud Métrich for the patch.
- 2020-09-23: core/network bugfix: obey net.enableDNS=off when querying local hostname
Local hostname resolution used DNS queries even if the enableDNS was set to off, and
this could cause unexpected delays in the HUP signal handling if the DNS server was
not responsive.
Thanks to Samu Nuutamo for the fix.
- 2020-09-14: core bugfix: potential segfault on query of PROGRAMNAME property
A data race can happen on variable iLenProgram as it is not guarded
by the message mutex at time of query. This can lead to it being
non -1 while the buffer has not yet properly set up.
Thanks to Leo Fang for alerting us and a related
patch proposal.
replaces https://github.com/rsyslog/rsyslog/pull/4300
- 2020-09-14: imtcp bugfix: broken connection not necessariy detected
Due to an invalid return code check, broken TCP sessions could not
necessarily be detected "right in time". This can result is the loss
of one message.
closes https://github.com/rsyslog/rsyslog/issues/4227
Thanks to Leo Fang for the patch.
- 2020-09-14: new module: imhttp - http input
permits to receive log data via HTTP.
uses http library to provide http input.
user would need to configure an 'endpoint' as input, along
with a ruleset, defining how the input should be routed in
rsyslog.
Thanks to Nelson Yen for contributing this module.
- 2020-09-11: mmdarwin bugfix: potential zero uuid when reusing existing one
- fix a use-after-free variable during darwin uuid message extraction
- improve debug/output by logging uuid parse errors
Thanks to github user frikilax for the patch.
- 2020-09-10: imdocker bugfix: build issue on some platforms
An invalid variable type was used, leading to compile errors at least on
all platform that use gcc 10 and above. Otherwise, however, it looks like the
issue caused no real harm.
- 2020-09-07: omudpspoof bugfix: make compatbile with Solaris build
Thanks to Dagobert Michelsen for the patch.
- 2020-09-03: testbench fix: python 3 incompatibility
- 2020-09-02: core bugfix: segfault if disk-queue file cannot be created
When using Disk Queue and a queue.filename that can not be created
by rsyslog, the service does not switch to another queue type as
supposed to and crashes at a later step.
closes: https://github.com/rsyslog/rsyslog/issues/4282
- 2020-08-26: cosmetic: fix dummy module name in debug output
When we have optional components (like imjournal) a dummy module
is used. It's sole purpose is to emit "this module is not available".
During init, the module emitted an invalid module name into the debug
log. This has now been replaced by the generic term "dummy".
Note: it is highly unlikely that someone will ever see that message
at all, as it is unlikely for the dummy modules to be build.
see also: https://github.com/rsyslog/rsyslog/commit/84a7e3d80b80106dcc86c273ed8cf78a6c11c722#r41782830
Thanks to Thomas D. (whissi) for the patch.
- 2020-08-26: config bugfix: intended warning emitted as error
When there are actions configured after a STOP, a warning should be
emitted. In fact, an error message is generated. This prevents the
construct, which may have some legit uses in exotic settings. It
may also break older configs, but as the message is an error
for so long now, this should be no longer of concern.
----------------------------------------------------------------------------------------
Scheduled Release 8.2008.0 (aka 2020.08) 2020-08-25
- 2020-08-25: imdocker bugfix: error reporting not always correct
A wrong function to obtain the error code was used. This
could lead to invalid error messages.
Thanks to Steve Grubb for the bug report and fix proposal.
closes https://github.com/rsyslog/rsyslog/issues/4381
- 2020-08-25: imptcp: add max sessions config parameter
The max is per-instance, not global across all instances.
There is also a bugfix where if epoll failed I think we could leave a
session linked in the list of sessions, this code unlinks it.
Thank to Alfred Perlstein for the patch.
- 2020-08-24: omelasticsearch bugfix: reply buffer reset after health check
The issue happens when more than one server is defined on the
action. On that condition a health check is made through
checkConn() before sending the POST. The replyLen should be
set back to 0 after the health check, otherwise the response
data received from the POST gets appended to the end of the
last health check.
Thanks to Julien Thomas for the patch.
- 2020-08-14: omfile: do no longer limit dynafile cache size in legacy format
When using obsolete legacy config format, omfile had a hard limit of
1,000 dynafile cache entries. This does not play well with very
large installation. This limit is now removed and converted into
a warning if cache size > 25,000 is specified.
Note: the problem can easily be worked-around by using modern
config format (RainerScript).
closes: https://github.com/rsyslog/rsyslog/issues/4241
- 2020-08-13: imudp: fix very small, static memory leak
When ruleset support was used, the ruleset name was not freed upon rsyslog
termination. While this has no consequences for regular runs, it generates
leak errors under memory debuggers and as such makes debugging harder than
necessary.
Thanks to github user frikilax for the patch.
- 2020-08-13: omelasticsearch: add parameter skipPipelineIfEmpty
When POST'ing a document, Elasticsearch does not allow an empty pipeline
parameter value. This patch introduces boolean option skipPipelineIfEmpty
to the omelasticsearch action. When set to true, the pipeline parameter
won't be posted. Default is false so we do not modify current behavior.
Thanks to Julien Thomas for the patch.
- 2020-08-12: systemd service file removed from project
This was done as distros nowadays have very different service files and it no
longer is useful to provide a "generic" (sic) example.
see also: https://github.com/rsyslog/rsyslog/issues/4333
- 2020-08-11: gnutls TLS driver bugfix: EKU check not done properly
When the server accepted a new connection, it did not properly set the
dataTypeCheck field based on the listening socket. That resulted in
skipping ExtendedKeyUsage (EKU) check on the client.
Thanks to Daiki Ueno for the patch.
- 2020-08-06: MMDARWIN:: improve configuration flexibility and UUID fix
-t pu now able to get fields from local variables ($.)
- now able to configure a custom root container for mmdarwin fields
- now able to put nested keys ($!key1!key2)
- don't regenerate a UUID each time, but instead check if one exists before
creating it (allow successive calls without losing previous UUID)
Thanks to github user frikilax for the contribution.
- 2020-08-06: add --enable-imjournal=optional ./configure option
- 2020-08-06: IMPCAP::Fixes: segfault, memory and build corrections
* fix bug in ethernet packets parsing
* fix removes build error with gcc10: 'multiple definition of...'
* resolve memory leak during interface init failure (device not freed after post-create error)
* add test 'impcap_bug_ether' to prove ethernet parser fix is working
Thanks to github user frikilax for the contribution.
closes https://github.com/rsyslog/rsyslog/issues/4332
- 2020-07-14: CI: add support for github actions
- 2020-07-14: imklog: add ruleset support
see also: https://github.com/rsyslog/rsyslog/issues/4344#issuecomment-658001854
see also: https://github.com/rsyslog/rsyslog/issues/106
- 2020-07-06: config system fix: ChkDisabled method to make config.enabled work
There was wrong negation in the method so it returned 0/1 in reverse
and also it did not mark the node to not be reported as unknown at all
times which is needed after all.
Thanks to Jiri Vymazal for the patch.
----------------------------------------------------------------------------------------
Scheduled Release 8.2006.0 (aka 2020.06) 2020-06-23
- 2020-06-22: queue: permit ability to double size at shutdown
This prevents message loss due to "queue full" when re-enqueueing data
under quite exotic settings.
see also https://github.com/rsyslog/rsyslog/issues/3941#issuecomment-549765813
closes https://github.com/rsyslog/rsyslog/issues/4020
- 2020-06-22:Fixing imfile segfaulting on selinux denial
If imfile is denied access to file watched trough symlink there is
unchecked condition resulting in access to not initialized memory.
- 2020-06-22: openssl: Fixed memory leak when tls handshake failed.
closes: https://github.com/rsyslog/rsyslog/issues/4319
- 2020-06-22: change systemd service file to wait for network
now that rsyslog is usually only installed for real syslog servers,
we should assume that some network listening or forwarding happens
on start. As such we need to start a bit later, after the network.
This poses no problem as systemd nowadays comes with journal which
is in almost all cases configured to buffer log data while
rsyslog is not yet running.
see also https://github.com/rsyslog/rsyslog-pkg-rhel-centos/issues/72
- 2020-06-22: NEW INPUT MODULE:: impcap, network packets input parser
Thanks to github user frikilax for the contribution.
- 2020-06-22: ksi bugfix: Optimized code in KSI module initialization fixed.
KSI module initialization will not stuck in infinite loop when code is
built with optimization -O2.
- 2020-06-05: operatingstatefile bugfix: month was given too low
The month was printed with the range 0 (January) to 11 (December).
This has now been corrected.
closes https://github.com/rsyslog/rsyslog/issues/4292
- 2020-06-05: build system: add "optional" build functionality to some components
Nameley:
--enable-libdbi=optional
--enable-mmdblookup=optional
--enable-imkafka=optional
--enable-omkafka=optional
If used, builds a dummy module which just emits a "module not supported
on this platform" error message when loaded.
Primary use case for this system is Debian-ish builds on SUSE OBS,
where we prefer to have a single package definition for all versions
(else things get much more complicated).
- 2020-05-23: config system bugfix: backticks cat segfault if file cannot be opened
when a `cat <filename>` construct is used in rsyslog.conf and <filename> can not
be accessed (does not exist, no permissions, ...), rsyslog segfaults.
Thanks to Michael Skeffington for notifying us and providing root cause analysis.
closes https://github.com/rsyslog/rsyslog/issues/4290
- 2020-05-15: imtcp bugfix: octet framing/stuffing problem with discardTruncatedMsg on
When "discardTruncatedMsg" was enabled in imtcp, messages were incorrectly
skipped if the last character before the truncation was the LFdelimiter.
Also adds two testbench tests for this case.
closes: https://github.com/rsyslog/rsyslog/issues/4281
- 2020-05-12: ompipe bugfix: race during HUP
When HUP was received, the write mutex was not acquired. This could
lead to unexpected invalidation of the output file descriptor.
Thanks to Julien Thomas for alerting us on this issue.
see also https://github.com/rsyslog/rsyslog/pull/4136#issuecomment-578326278
- 2020-05-12: ompipe: add action parameter tryResumeReopen
Sometimes we need to reopen a pipe after an ompipe action gets
suspended. Sending an HUP signal to rsyslog does the job but requires
an interraction with rsyslog. The patch adds support for a new boolean
option, tryResumeReopen, for the ompipe action. It mimics what an HUP
signal would do.
Thanks to Julien Thomas for the patch.
- 2020-05-12: imjournal: remove strcat call
Thanks to Jeff Marckel for the patch.
- 2020-05-12: build system: libzcmq version requirement needs to be bumped
Thanks to Thomas Deutschmann for pointing this out.
closes https://github.com/rsyslog/rsyslog/issues/3957
- 2020-05-12: testbench: download ElasticSearch binaries from rsyslog.com
The official ElasticSearch download site sometimes denies the download.
- 2020-05-11: openssl netstream driver bugfix: context leak
The context object was not properly freed.
Thanks to Michael Zimmermann for the fix.
- 2020-05-11: omhttp: Add support for multiple http headers
Allows the inclusion of multiple http headers on the REST call.
Thanks to callmegar for the patch.
- 2020-04-29: core bugfix: group id could not be obtained for very large groups
Thanks to github user emilbart for the patch.
- 2020-04-29: testbench additions (relp broken connection test)
- 2020-04-29: omudpspoof bugfix: issues with oversized messages
First issue was an incorrect packet length in UDP Header. It has to be the FULL UDP Packet
regardless of the MTU Setting. As a result regardless of IP fragmentation, the MTU setting
also limited the siizmax size of the UDP message.
The second issue was incorrect calculation of the UDP Checksum with libnet if
IP fragmentation was used (Based on MTU Setting). As a result, the network packets were
dropped by the tcp stack before they even could reach there target. The workarround for this
problem is, that we set the UDP Checksum to 0x0000 which allows skipping of the checksum
test. Fixing the problem by calculating the correct UDP Checksum would require some
code changes in the libnet.
Also fixed the omudpspoof bigmsg test and increased the testing size to 16KB.
- 2020-04-29: omprog: fix assert failed on HUP with output flag
If the 'output' setting of omprog was used and rsyslog received a HUP
signal just after starting (and before the omprog action received the
first log to process), an internal assertion could fail, causing
rsyslog to terminate. The failure message was "rsyslogd: omprog.c:660:
closeOutputFile: Assertion `pCtx->bIsRunning' failed."
The failure could also occur if rsyslog received a HUP signal during
the shutdown sequence.
This bug was introduced in v8.2004 by PR https://github.com/rsyslog/rsyslog/pull/4255
Although a test already existed that checked the interaction of HUPs
with the 'output' setting, it didn't always fail in this particular case
due to timing conditions. The test has been improved to cover this case
more reliably.
Thanks to Joan Sala Isern for the patch.
----------------------------------------------------------------------------------------
Scheduled Release 8.2004.0 (aka 2020.04) 2020-04-28
- 2020-04-28: ksi bugfix: When KSI module is suddenly closed, files are finalized
In async. mode all pending signature requests are closed immediately and
unsigned block marker is attached with message about sudden closure.
Similar approach is used for blocks that already contain some records.
Empty blocks are just closed without any metadata.
Thanks to Taavi Väljaots for the patch.
- 2020-04-28: ksi bugfix: Signer thread initialization is verified before usage.
When signer thread is created in rsksiInitModule thread successful
initialization is verified before returning the function. This will
prevent adding records to not initialized module and in case of an
error signature files opened will contain only magic bytes.
Thread flags replaced with thread state.
When init module fails, module is disabled.
Thanks to Taavi Väljaots for the patch.
- 2020-04-28: ksi bugfix: Hardcoded default hash algorithm replaced with 'default'
Instead of hardcoded SHA-256 KSI_getHashAlgorithmByName("default")
is used to get default hash function.
Function rsksiSetHashFunction and SetCnfParam updated.
Thanks to Taavi Väljaots for the patch.
- 2020-04-28: imfile bugfix: poential segfault in stream object on file read
- if cstrLen(pThis->prevMsgSegment) > maxMsgSize then len calculation
become negative if cstrLen(thisLine) < cstrLen(pThis->prevMsgSegment)
This causes illegal access to memory location and thus causing segfault.
- assigning len = 0 if cstrLen(pThis->prevMsgSegment) > maxMsgSize so that
it access the correct memory location.
Thanks to github user jaankit
- 2020-04-28: openssl TLS drivers: made more reliable for older openssl versions
OpenSSL can retry some failed operations, but older versions need an explicit
opt-in to do so. This is now done.
- 2020-04-28: omprog: fix bad fd errors in daemon mode
When omprog was used with the 'forceSingleInstance=on' option, and/or
the 'output' setting, "bad file descriptor" errors occurred, which
prevented the external program to be executed and/or the program output
to be correctly captured. The bug could also manifest as "resource
temporarily unavailable" errors, or other errors related to the use of
invalid/reassigned file descriptors. These errors only happened when
rsyslog ran in daemon mode (i.e. they didn't happen if rsyslogd was
run with the '-n' option).
The cause of the bug was that omprog opened the pipe fds needed by
these flags during the configuration load phase (in the 'newActInst'
module entrypoint). This is a bad place since the fork of the daemon
occurs after this phase, and all fds are closed when the daemon process
is started (see 'initAll' in rsyslogd.c), hence invalidating the
previously opened fds.
To correct this, the single child process and the output capture thread
are now started later, when the first log message is received by the
first worker thread. (Note: the 'activateCnf' module entrypoint, despite
being invoked after the fork, cannot be used for this purpose, since it
is invoked per module, not per action instance.)
Currently no automated test exists for this use case since the testbench
always runs rsyslog in non-daemon mode.
Affected versions: v8.38 and later
closes: https://github.com/rsyslog/rsyslog/issues/4247
Thanks to Joan Sala Isern for the patch.
- 2020-04-28: omfile bugfix: $outchannel split log lines at rotation time
- 2020-04-17: openssl: add support for libreSSL
Disable use of "@SECLEVEL" in default cipher string and
avoid SSL_CONF_CTX_set_flags() API when LIBRESSL is used.
This means tlscommands will not work.
closes: https://github.com/rsyslog/rsyslog/issues/4210
- 2020-03-04: imudp bugfix: build problems on some Linux kernel versions
Thanks to Wen Yang for the patch.
- 2020-03-02: conf output bugfix: -o produces missing space between call and rulename
Thanks to Tetiana Ohnieva for the patch.
closes https://github.com/rsyslog/rsyslog/issues/3761
----------------------------------------------------------------------------------------
Scheduled Release 8.2002.0 (aka 2020.02) 2020-02-25
- 2020-02-25: imfile: add per minute rate limiting
Add MaxBytesPerMinute and MaxLinesPerMinute options.
These take integer values and, respectively, limit the number
of bytes or lines that may be sent in a minute.
This can be used to put a limit on the count or volume of logs
that may be sent for an imfile.
Thanks to Greg Farrell for the patch.
- 2020-02-24: core: add global parameter "security.abortOnIDResolutionFail"
This parameter controls whether or not rsyslog aborts when a name ID
lookup fails (for user and group names). This is necessary as a security
measure, as otherwise the wrong permissions can be assigned or privileges
are not dropped.
CHANGE OF BEHAVIOR
The default for this parameter is "on". In previous versions, the default
was "off" (by virtue of this parameter not existing). As such, existing
configurations may now error out.
We have decided to accept this change of behavior because of the potential
security implications.
closes https://github.com/rsyslog/rsyslog/issues/4164
- 2020-02-24: openssl TLS driver bugfix: chained certificates were not accepted
This was supported since always inside GnuTLS driver, but was missing for openssl one.
- 2020-02-24: core bugfix: too early parsing of incoming messages
In theory, rsyslog should call parsers on the queue worker threads whenever
possible. This enables the parsers to be executed in parallel. There are
some cases where parsers needs to be called earlier, namely when parsed
data is needed for rate-limiting.
The logic to do this previously did not work correctly and was fixed six
years ago (!) by b51dd22. Unfortunately, b51dd22 was overly agressive:
it actually makes the early parser call now mandatory, effectively moving
parsing to the input side where there is no to little concurrency.
We still do not need to call the parser when all messages, regardless of
severity, need to be rate-limited. This is the default and very frequent
case. This patch introduces support for this and as such makes parsers
able to run in parallel in the frequent case again.
closes https://github.com/rsyslog/rsyslog/issues/4187
- 2020-02-20: testbench bugfix: two minor issues in omkafkadynakey.sh test
lead to false positives during test runs (depending on circumstances)
closes: https://github.com/rsyslog/rsyslog/issues/4134
- 2020-02-20: testbench: set max extra data length for tcpflood from 200 to 512KiB
Added a imrelp test for big messages (256KB).
closes: https://github.com/rsyslog/rsyslog/issues/4158
- 2020-02-20: config system bugfix: 'config.enabled' directive oddities
Previously the directive was processed way too late which caused false
errors whenever it was set to 'off' and possibly other problems.
Thanks to Jiri Vymazal for the patch.
- 2020-02-09: imfile bugfix: timeout did not work on very busy system
The timeout feature was soley based on timeouts of the poll()
system call. On a very busy system, this would probably happen
very seldomly. Moreover, the timeout could occur later than
expected on any system with high load.
The issue was not reported from practice but discovered during
CI system improvements.
- 2020-01-30: build system: change --enable-imfile-tests default to "yes"
This was accidentally set to "no" some time ago (actual commit unknown). Tests for
imfile should by default run when imfile is enabled.
see also https://github.com/rsyslog/rsyslog/issues/4120
- 2020-01-27: build system: add option --enable-gnutls-tests
This enables us to build GNUtls support but not necessarily
test it in CI. This is useful for some specialised subcomponent
test. The default is enabled if gnutls is enabled and disabled if not.
- 2020-01-26: testbench: new test for loadbalancing via global vars
This is a popular functionality which had not been routinely tested
in the past.
- 2020-01-26: mmdblookup bugfix: invalid data returned when no entry found
Since the upgrade of the package libmaxminddb on FreeBSD (1.3.2_2 -> 1.4.2),
the module mmdblookup returns the first entry of the mmdb database even if the entry
is not found. After some debug, I found the solution in the official maxminddb
repository : to check if the entry is in database, we must check the found_entry
attribute, otherwise the function MMDB_get_entry_data_list will return the first
entry of the database if the entry is not found in it.
Thanks to Kevin Guillemot for the patch.
- 2020-01-23: oversize message log bugfix: do not close fd -1
The oversize message log fd is always closed on HUP, even if it never
was opened (and thus has -1 value). This patch corrects the issue.
The bug had no know-bad effect in practice other than getting an
(ignored) error status from close(). However, it introduced warnings
in test runs (e.g. when running under valgrind).
- 2020-01-22: imfile bugfix: saving of old file_id for statefiles
Previously we saved old file_id unconditionally, which led to not
deleting old statefiles if files changes without rsyslog running.
Now it should work correctly.
Thanks to Jiri Vymazal for the patch.
- 2020-01-22: imfile bugfix: misadressing and potential segfault
Commit 3f72e8c introduced an invalid memory allocation size. This lead to
too-short alloc and thus to overwrite of non-owned memory. That in turn
could lead to segfaults or other hard to find problems.
The issue was detected by our upgraded CI system. We did not receive
any problem reports in practice. Nevertheless, the problem is real and
people should update affected versions to patched ones.
The bug was present in scheduled stable release 8.1911.0 and 8.2001.0.
see also: https://github.com/rsyslog/rsyslog/issues/4120
see also: https://github.com/rsyslog/rsyslog/pull/4141
- 2020-01-20: core bugfix: potential race during HUP
when rsyslog is HUPed immediately after startup and before it is fully
initialized, there is a potential race with the list of loaded modules.
This patch ensures no bad things can happen in that case.
Detected by LLVM TSAN, not seen in practice.
- 2020-01-20: testbench improvements and fixes
modernize tests, reduce robustness against slow machines, provide some
test framework functional enhancements, and optimize some tests.
Also includes some code changes to C testing components. Among others,
tests have slightly been speeded up by reducing the wait time at queue
shutdown. This is possible because of better overall completion checks.
----------------------------------------------------------------------------------------
Scheduled Release 8.2001.0 (aka 2020.01) 2020-01-14
- 2020-01-12: core bugfix: race condition related to libfastjson when using DA queue
Rsyslogd aborts when writing to disk queue from multiple workers simultaneously.
It is assumed that libfastjson is not thread-safe.
Resolve libfastjson race condition when writing to disk queue.
see also https://github.com/rsyslog/rsyslog/issues/4041
Thanks to MIZUTA Takeshi for the fix.
- 2020-01-12: omfwd bugfix: parameter streamdriver.permitexpiredcerts did not work
closes https://github.com/rsyslog/rsyslog/issues/4098
- 2020-01-11: Bugfix: KSI module + dynafile in asynchronous mode fixed
Thanks to Taavi Valjaots for the patch
- 2020-01-08: tls driver: add support to configure certificate verify depth
Support added in omfwd as instance parameter:
streamdriver.TlsVerifyDepth
Support added in imtcp as module parameter:
streamdriver.TlsVerifyDepth
Can be 2 or higher.
Support added into ossl driver
Support added into gtls driver
Added testcases for both drivers.
closes: https://github.com/rsyslog/rsyslog/issues/4035
- 2020-01-08: modernization of testbench
moved some tests to newer standards, hardened them against slow testbench machines,
kafka component download improvements, and prevent dangling left-over test tool
instances from aborted tests
- 2020-01-07: tls subsystem bugfix: default for permitExpiredCerts was invalidly "on"
The problem occurred with commit 3d9b8df in December 2018 and went into
scheduled stable 8.1901.0. Unfortunately, the change in default was not detected
until a year later. This commit re-enables the previous default ("off"), which is
also the only sensible default from a security PoV. Unfortunately, new 2019
deployments may begin to see connection rejection when usin expired certs. As
expired certs should not be used, this hopefully will not cause problems in
practice.
Thanks to Jiri Vymazal for the patch.
- 2020-01-01: testbench: improve ElasticSearch test speed
We now support re-using suitable running ES instances, which reduces the
number of restarts.
- 2019-12-31: omelasticsearch: improve curl reply buffer handling
The curl reply buffer (pWrkrData->reply) was allocated, realloced and freed with
each request. This has now been reduced to once per module, slightly increasing
overall performance.
closes https://github.com/rsyslog/rsyslog/issues/1964
- 2019-12-31: config system: emit proper error message on $ in double-quoted string
closes https://github.com/rsyslog/rsyslog/issues/2869
- 2019-12-30: core bugfix: rsyslog aborts when config parse error is detected
In defaut settings, rsyslog tries to continue to run, but some data
structures are not properly initialized due to the config parsing error.
This causes a segfault.
In the following tracker, this is the root cause of the abort:
see also https://github.com/rsyslog/rsyslog/issues/2869
- 2019-12-30: fix some alignment issues
So far, this worked everywhere (for years). But it may still have
caused issues on some platforms.
closes https://github.com/rsyslog/rsyslog/issues/2608
- 2019-12-27: core bugfix: APP-NAME fields could become empty
RFC 5424 specifies that an empty APP-NAME needs to be indicated by
"-". Instead, the field could become empty under certain conditions.
If so, outgoing 5424 messages were invalidly formatted.
This happened under quite unusual conditions, but could be seen
in practice.
closes https://github.com/rsyslog/rsyslog/issues/4043
- 2019-12-27: core bugfix: reopen /dev/urandom file descriptor after fork on Linux
This patch updates prepareBackground() in tools/rsyslogd.c to reopen any file
descriptors used for random number generation in the child process. This fixes
an issue on Linux systems where the file descriptor obtained for /dev/urandom
by seedRandomNumber() in runtime/srutils.c was left closed after the fork. This
could be observed in procfs, where /proc/fd/ would show no open descriptors to
/dev/urandom in the forked process. /dev/urandom is reopened as the child may be
be operating in a jail, and so should not continue to use file descriptors from
outside the jail (i.e. inherited from the parent process).
I found that this issue led to rsyslog intermittently hanging during seedIV()
in runtime/libgcry.c. After the fork, the closed file descriptor number tended
to get re-assigned. randomNumber() would then read from an incorrect (although
still valid) file descriptor, and could block (depending on the state of that
file descriptor). This gave rise to the intermittent hang that I observed.
Thanks to Simon Haggett for the patch.
- 2019-12-20: imdocker bugfix: did not compile without atomic operations
- 2019-12-20: omclickhouse: new parameter "timeout"
Thanks to Pavlo Bashynskiy for the patch.
- 2019-12-20: omhiredis: add 'set' mode plus some fixes
- new mode 'set' to send SET/SETEX commands
- new parameter 'expiration' to send SETEX instead of SET commands (only applicable to 'set' mode)
- fixes to missing frees
Thanks to github user frikilax for the patch.
- 2019-12-18: relp: Add support setting openssl configuration commands.
Add new configuration parameter tls.tlscfgcmd to omrelp and imrelp.
(Using relpSrvSetTlsConfigCmd and relpCltSetTlsConfigCmd)
OpenSSL Version 1.0.2 or higher is required for this feature.
A list of possible commands and their valid values can be found in the
documentation: https://www.openssl.org/docs/man1.0.2/man3/SSL_CONF_cmd.html
The setting can be single or multiline, each configuration command is
separated by linefeed (n). Command and value are separated by
equal sign (=). Here are a few samples:
tls.tlscfgcmd="Protocol=ALL,-SSLv2,-SSLv3,-TLSv1,-TLSv1.2"
tls.tlscfgcmd="Protocol=ALL,-SSLv2,-SSLv3,-TLSv1
MinProtocol=TLSv1.2"
Add to new testcases for librelp and tlscfgcmd.
closes https://github.com/rsyslog/rsyslog/issues/3959
- 2019-12-18: bugfix core: potential segfault in template engine
under some circumstances (not entirely clear right now), memory
was freed but later re-used as state-tracking structures were not
properly maintained. Github issue mentioned below has full details.
Thanks to github user snaix for analyzing this issue and providing
a patch. I am committing as myself as snaix did not disclose his or
her identity.
closes https://github.com/rsyslog/rsyslog/issues/3019
closes https://github.com/rsyslog/rsyslog/issues/4040
- 2019-12-18: fixed some minor issues detected by clang static analyzer 9
- 2019-12-10: core/config bugfix: false error msg when config.enabled="on" is used
When the 'config.enabled="on"' config parameter an invalid error message
was emitted that this parameter is not supported. However, it was still
applied properly. This commit removes the invalid error message.
closes https://github.com/rsyslog/rsyslog/issues/4011
- 2019-12-03: omsnmp bugfix: "traptype" parameter invalidly rejected value 6
"Traptype" needs to support values 0 to 6.
However, if value 6(ENTERPRISESPECIFIC) was set, an invalid error message
was emitted. Otherwise processing was correct.
This could lead to problems with automatic config deployment,
as valid configurations were invalidly reported as incorrect.
That in turn could make a deployment fail.
closes https://github.com/rsyslog/rsyslog/issues/3973
- 2019-12-03: omsnmp: add new parameter "snmpv1dynsource"
If set, the source field from SNMPv1 trap can be overwritten
with a template, default is "%fromhost-ip%". The content should be a
valid IPv4 Address that can be passed to inet_addr(). If the content
is not a valid IPv4 Address, the source will not be set.
closes: https://github.com/rsyslog/rsyslog/issues/3991
- 2019-12-02: imfile bugfix: state file renaming sometimes did not work properly
Now checking if file-id changes and renaming - cleaning state file
accordingly and always checking and cleaning old inode-only style
state files.
Thanks to Jiri Vymazal for the patch.
- 2019-12-02: ratelimit: increase rate limit interval parameter max value
The burst parameter in the ratelimit was increased to an unsigned int
but the interval remained an unsigned short. While it may be unusual,
there is possibly a chance to need to represent an interval longer than
about 3/4 of a day.
While here, go through and normalize all the various incarnations of
rate limiting to be explicitly unsigned int for the burst and interval.
Thanks to github user frikilax for the patch.
- 2019-12-02: ommongodb: Add other supported formats for 'time' and 'date' fields
Thanks to github user frikilax for the patch.
- 2019-12-02: imjournal bugfix: too many messages in error case
Under certain error conditions, `ignorePreviousMessages="on"` could be ignored
an existing messages be processed.
Thanks to github user 3chas3 for the patch.
- 2019-11-27: core bugfix: action on retry mangles messages
When a failed action goes into retry, template content is rendered
invalid if the action uses more than 1 template.
closes https://github.com/rsyslog/rsyslog/issues/3898
Thanks to Mikko Kortelainen for the patch.
- 2019-11-27: testbench: improve mysql testing support
tests can now run in parallel and are hardened against several glitches
- 2019-11-22: omhttp: add basic support for Loki Rest
Loki is a new message indexer and querier from Grafana Labs. See
https://github.com/grafana/loki for details on Loki.
This change provides the initial message structure to send bulk message
payloads to the Loki Rest endpoint. omhttp, received a new bulk message
format called lokirest. Additionally, the plugin relies on the user to
provide the correct "stream" read message format.
A loki template must be json compatible and include a "stream" key of
key value tags, and a values key of an array of 2 element arrays, where
each 2 element array is the unix epoch in nanoseconds followed by an
unstructured message.
An example:
template(name="array_loki" type="string" string="{\"stream\":{\"host\":\"%HOSTNAME%\",\"facility\":\"%syslogfacility-text%\",\"priority\":\"%syslogpriority-text%\",\"syslogtag\":\"%syslogtag%\"},\"values\": [[ \"%timegenerated:::date-unixtimestamp%000000000\", \"%msg%\" ]]}")
- 2019-11-22: testbench: obtain python binary path via AM_PATH_PYTHON
see also https://github.com/rsyslog/rsyslog/issues/3853
- 2019-11-22: omprog: detect violation of interface protocol
The spec for the omprog interaction with the program it calls specifies
that the program receives one message via one line. In other words:
it must be a string terminated by LF.
However, omprog does currently rely on a proper template to fulfill this
requirement, If the template does not provide for the LF, it is never
written. For the called program, this looks like it does not receive any
input at all. Even if it finally reads data (e.g. due to full buffer),
it will not properly be able to discern the messages.
This handling is improved with this commit.
We cannot just check the template, because at the end of the template
may by a non-constant value. As such, we do not know at config load
time if there is this problem or not.
So the correct approach is to, during runtime, check if each message
is properly terminated. For those that are not:
* we append a LF, because anything else makes matters worse
* log a warning message, at least for a sample of the messages
The warning is useful in the (expected most often) case that the template
is simply missing the LF. While appending works, it slows down processing.
As such the user should be given a chance to correct the config bug.
To avoid clutter, the warning is emitted at most once every 30 seconds.
This value is hardcoded as we do not envision a need to adjust it. Usually
users should quickly fix the template.
closes https://github.com/rsyslog/rsyslog/issues/3975
- 2019-11-19: core queue: emit warning if parameters are set for direct queue
Direct queues do not apply queue parameters because they are actually
no physical queue. As such, any parameter set is ignored. This can
lead to unintentional results.
The new code detects this case and warns the user.
closes https://github.com/rsyslog/rsyslog/issues/77
- 2019-11-19: imjournal bugfix: do not wait too long on recovery try
When trying to recover journal errors, imjournal waited a hardcoded
period of 10s between tries. This was pretty long and could lead to
loss of journal data.
This commit adjust it to 100ms, which should still be fully sufficient
to prevent the journal from "hammering" the CPU.
It may be worth considering to make this setting configurable - but
let's first see if there is real demand to actually do that.
closes https://github.com/rsyslog/rsyslog/issues/3969
- 2019-11-19: mmutf8fix: enhance handling of incorrect UTF-8 sequences
1. Invalid utf8 detection didn't handle 3 and 4-byte overlong encodings (2
byte overlong encodings were handled explicitly by rejection E0 and E1
start bytes). Unified checks for overlong encodings.
2. Surrogates U+D800..U+DFFF are not valid codepoints (Unicode Standard, D92)
3. Replacement of characters in invalid 3 or 4-bytes encodings was too
eager. It must not replace bytes which are valid UTF-8 sequences. For
example, in [0xE0 0xC2 0xA7] sequence the 0xC2 is invalid as a continuation
byte, but it starts a valid UTF8 symbol [0xC2 0xA7]. That is, with current
code processing the sequence will result in "???" but the correct result is "?§"
(provided that the replacement character is "?").
4. Various tests for UTF-8 invalid/valid sequences.
Thanks to Sergei Turchanov for the patch.
- 2019-11-14: imfile: add new input parameter escapeLF.replacement
The new parameter permits to specify a replacement to be configured
when "escapeLF" is set to "on". Previously, a fixed replacement string
was used ("#012"/"\n") depending on circumstances. If the parameter is
set to an empty string, the LF is simply discarded.
closes https://github.com/rsyslog/rsyslog/issues/3889
----------------------------------------------------------------------------------------
Scheduled Release 8.1911.0 (aka 2019.11) 2019-11-12
- 2019-11-12: core queue: add config param "queue.takeFlowCtlFromMsg"
This is a fine-tuning option which permits to control whether or not
rsyslog shall alays take the flow control setting from the message. If
so, non-primary queues may also block when reaching high water mark.
This permits to add some synchronous processing to rsyslog core engine.
However, it is dangerous, as improper use may make the core engine
stall. As such, enabling this option requires very careful planning
of the rsyslog configuration and deep understanding of the consequences.
Note that the option is applied to individual queues, so a configuration
with a large number of queues can (and must if use) be fine-tuned to
the exact use case.
The rsyslog team strongly recommends to let the option turned off,
which is the default setting.
see also https://github.com/rsyslog/rsyslog/issues/3941
- 2019-11-12: imrelp: add new config parameter "flowcontrol"
This permits to fine-tune the flowControl parameter. Possible values are
"no", "light", and "full". With light being the default and previously
only value.
Changing the flow control setting may be useful for some rare applications,
but be sure to know exactly what you are doing when changing this setting.
Most importantly, whole rsyslog may block and become unresponsive if you
change flowcontrol to "full". While this may be a desired effect when
intentionally trying to make it most unlikely that rsyslog needs to
lose/discard messages, usually this is not what you want.
see also https://github.com/rsyslog/rsyslog/issues/3941
- 2019-11-11: imrelp: remove unsafe debug instrumentation
dbgprintf, which is not signal safe, was called from a signal handler
to get better understanding during debugging. While this usually works,
it can occasionally (5%) lead to a hang during shutdown. We have now
removed that debug info as it is no longer vital.
Note: this could only happen during debug runs. Production mode was
not affected. As such, this fix is only relevant to developers.
However, it caused some confusion in the following issue tracker.
see also https://github.com/rsyslog/rsyslog/issues/3941
- 2019-11-06: ossl driver bugfix: fix wrong OpenSSL Version check
Fix OpenSSL Version check in:
- SetGnutlsPriorityString function in nsd_ossl.c
- initTLS() function tcpflood.c
See https://www.openssl.org/docs/man1.1.0/man3/OPENSSL_VERSION_NUMBER.html
for more.
This bug lead to not enabling some functionality correctly.
Removed "MinProtocol=TLSv1.1" from two testcases because MinProtocol
is only supported by OpenSSl 1.1.0 or higher and was not really
necessary for the testcases.
closes https://github.com/rsyslog/rsyslog/issues/3939
- 2019-11-05: mmdarwin: Optimizations, new parameters, update to protocol header
- use permanent worker-dependent buffers to avoid malloc/free for each entry
- move socket structures to worker data, remove global mutex
- add log lines for parameters and general workflow
- don't send body if empty/incomplete (see new parameters)
- don't close/reopen socket every time -> let session open or create new every X
entry (see new parameters)
- clean up code
- added 'send_partial', to let mmdarwin send body if not all fields were
retrieved, or not; default false = only send complete bodies
- added 'socket_max_use' to open new session every X packet, useful for
some versions of Darwin (prior to 1.1)
default is 0 = do not open new session/keep only one
- added 'evt_id' to the darwin header (Darwin v1+ compatibility)
Note: mmdarwin is a contributed module
Thanks to github user frikilax for the patch.
- 2019-11-01: mmkubernetes bugfix: improper use of realloc()
could cause problems under extreme memory shortage - very unlikely
credits to LGTM.COM for detecting this
- 2019-10-31: imjournal: set the journal data threshold to MaxMessageSize
When data is read from the journal using sd_journal_get_data it may be
truncated to a certain threshold (64K by default).
If the rsyslog MaxMessageSize is larger than the threshold, there is a
chance rsyslog will receive incomplete messages from the journal.
Empirically, this appears to happen reliably when XZ compression is
used by journald. Systems where journald uses LZ4 compression do not
appear to suffer this issue reliably--if at all.
This change sets the threshold to the MaxMessageSize when the
journal is opened.
Thanks to Robert Winslow Dalpe for the patch.
- 2019-10-30: improg bugfix: allow improg to handle multi-line inputs
miscellaneous bug fixes in improg:
* properly truncate string after an input event is submitted
* set msgoffset to 0.
* tests added to check above fixes
Thanks to Nelson Yen for the fix.
- 2019-10-30: mmdblookup bugfix: missing space in city name
This fixes the issue that spaces in city names are dropped. However, the
fix is more or less a work-around. As it turns out, the libmaxminddb API
is not correctly used. In the somewhat longer term, we should fix this.
see also https://github.com/maxmind/libmaxminddb/issues/218
closes https://github.com/rsyslog/rsyslog/issues/1650
- 2019-10-30: core/queue: provide ability to run diskqueue on multiple threads
Up until this release, disk queues could only use a single thread,
what limited their performance with outputs like ElasticSearch.
Now disk queues can utilize multiple threads just like any other
queue type. Most importantly, the disk queue part of a DA queue
now inherits the max number of threads from its memory queue
counterpart.
NOTE: the new multi-threaded DA disk queue is actually a change of
behavior. We have not guarded it by a new config switch as we
assume the new behavior is most often exactly within user
expectations. In any case, we cannot see any harm from running
the disk queue on multiple threads.
see also https://github.com/rsyslog/rsyslog/issues/3543
closes https://github.com/rsyslog/rsyslog/issues/3833
- 2019-10-25: omfile bugfix: file handle leak
The stream class does not close re-opened file descriptors.
This lead to leaking file handles and ultimately to the inability
to open any files/sockets/etc as rsyslog ran out of handles.
The bug was depending on timing. This involved different OS
thread scheduler timing as well as workload. The bug was more
common under the following conditions:
- async writing of files
- dynafiles
- not committing file data at end of transaction
However it could be triggered under other conditions as well.
The refactoring done in 8.1908 increased the likelihood of
experiencing this bug. But it was not a real regression, the new
code was valid, but changed the timing so that the race was more
likely.
Thanks to Michael Biebl for reporting this bug and helping to
analyze it.
closes https://github.com/rsyslog/rsyslog/issues/3885
- 2019-10-22: imfile bugfix: improper use of calloc()
could cause problems under extreme memory shortage - very unlikely
credits to LGTM.COM for detecting this
- 2019-10-22: TLS driver bugfix: improper use of calloc()
can cause problems under extreme memory shortage - very unlikely
credits to LGTM.COM for detecting this
- 2019-10-22: imuxsock bugfix: improper use of calloc()
can cause problems under extreme memory shortage - very unlikely
credits to LGTM.COM for detecting this
- 2019-10-17: build system bugfix: incorrect default in ./configure help text
closes https://github.com/rsyslog/rsyslog/issues/3904
Thanks to Michael Biebl for pointing this out.
- 2019-10-17: mmkubernetes bugfix: improper use of calloc()
can cause problems under extreme memory shortage - very unlikely
credits to LGTM.COM for detecting this
- 2019-10-16: core queue bugfix: propagate batch size to DA queue
This was a long-standing bug where the DA queue always had a fixed small batch
size because the setting was not propagated from the memory queue. This also
removes a needless and counter-productive "debug aid" which seemed to be in
the code for quite some while. It did not cause harm because of the batch
size issue.
- 2019-10-16: testbench: fix unreliable gzipwrite test
The test was timing-sensitive as we did not properly check all data
was output to the output file - we just relied on sleep periods.
This has been changed. Also, we made some changes to the testing
framework to fully support sequence checking of multiple ZIP files.
- 2019-10-16: core queue bugfix: handle multi-queue-file delete correctly
Rsyslog may leave some dangling disk queue files under the following
conditions:
- batch sizes and/or messages are large
- queue files are comparatively small
- a batch spans more than two queue files (from n to n+m with m>1)
In this case, queue files n+1 to (n+m-1) are not deleted. This can
lead to problems when the queue is re-opened again. In extreme cases
this can also lead to stalled processing when the max disk space is
used up by such left-over queue files.
Using defaults this scenario is very unlikely, but it can happen,
especially when large messages are being processed.
- 2019-10-16: imjournal: fix regression from yesterday's patch
commit 78976a9bc059 introduced a regression that caused writing
the journal state file to fail. This happens when the state file
is given as relative file name and the working directory is also
a relative path. This situation is very uncommon. So most deployments
will never experience it. We discovered the issue during CI runs
where the trigger condition is given. Note that it also takes
multiple times of loading the journal to actually see the bug.
see also https://github.com/rsyslog/rsyslog/pull/3878
- 2019-10-15: imjournal plugin code restructuring, added remote option
Decomposed ReadJournal() a bit, also now coupling journald
variables in one struct, added few warning messages and debug
prints to help with bug hunts in future, also got rid of two
needless journald calls. WorkAroundJournalBug now deprecated.
Added option to pull journald records from outside local machine.
Thanks to Jiri Vymazal for the patch.
- 2019-10-11: core bugfix: potential abort on very long action name
The action name is stored in modified form for the debug header and
some messages. If it is extremely long, a buffer can be overrun,
resulting in misaddressing and potential segfault for rsyslog. This
can also happen if the action is NOT named, but a custom path to
the output module is given and that path is very long. This triggers
the same issue because by default the module load path is included
in the action name.
This patch corrects the problem and truncates overly long names
when being used for name generation.
The problem was detected during testbench work. We did never receive
a bug report from practice.
- 2019-10-10: testbench: add test for mmpstrucdata with RFC5424 escape sequences
----------------------------------------------------------------------------------------
Scheduled Release 8.1910.0 (aka 2019.10) 2019-10-01
- 2019-10-01: core bugfix: incorrect error message on duplicate module load
A Null-pointer was passed to printf instead of the module name.
On some platforms this may lead to a segfault. On most platforms
printf check's for NULL pointers and uses the string "(null)"
instead. In any case, the module name is missing from the error message.
- 2019-10-01: imczmq nitfix: potential NULL ptr in printf on out-of-memory condition
very unlikely to happen but if it does without any real issue on most platforms.
- 2019-10-01: work around some compiler warning messages induced by pthreads API
- 2019-10-01: core ratelimiting: more verbose message when rate-limiting happens
When messages are rate-limited, the error message now also contains the
rate limiter setting. This enables the user to more quickly understand what
the problem is (especially if default values apply).
Thanks to Jiri Vymazal for the patch.
- 2019-10-01: openssl TLS driver: do not emit unnecessary error message
On older openssl versions, an API was missing to set user-defined parameters. If we
had such an older version, rsyslog emitted an error message even if the user did
not configure such parameters. This has been corrected, so that a message is only
emitted if there really is a problem. Based on user feedback the severity has also
been downgraded to "warning".
- 2019-10-01: pmcisconames (contributed module) bugfix: potential misaddressing
- 2019-09-30: pmaixforwardedfrom (contributed module) bugfix: potential misaddressing
- 2019-09-30: pmdb2diag (contributed module) bugfix: Out of bounds issue
Add a new sanity check after determining the level len.
Thanks to Philippe Duveau for the patch.
see also: https://nvd.nist.gov/vuln/detail/CVE-2019-17040
- 2019-09-02: ability to set stricter TLS operation modes
- checking of extendedKeyUsage certificate field
- stricter checking of certificate name/addresses
Thanks to Jiri Vymazal for the patch.
- 2019-08-21: testbench: add basic test for immark
- 2019-08-20: core: do not unnecessarily set hostname on each HUP
- 2019-08-20: build system: support cross-platform build for mysql/mariadb
rsyslog fails to cross build from source, because it uses mysql_config
and mysql_config is unfixably broken for cross compilation. It would be
better to use pkg-config. The attached patch makes rsyslog try
pkg-config first and fall back to mysql_config.
Thanks to Helmut Grohne for providing a base patch.
- 2019-08-20: core/tcpsrv: potential race on startup/shutdown
if the tcpsrv component is started and quickly terminated, it may hang
for a short period of time. Also a very small amount of memory is leaked
immediately before shutdown. While this leak is irrelevant in practice
(the OS clean up the process anyways), it leads to CI failures. The hang,
however, can lead to longer than expected shutdown times for rsyslog.
The problem can be experienced via imtcp, imgssapi and imdiag (users
of affected core component).
----------------------------------------------------------------------------------------
Scheduled Release 8.1908.0 (aka 2019.08) 2019-08-20
- 2019-08-19: testbench: add test for $allowedSender functionality
- 2019-08-19: testbench: harden some tests against very slow CI machines
- 2019-08-16: testbench: make most tests use a port file and assign listen port 0
This makes the test much more robust against heavily loaded test systems.
- 2019-08-16: core/action: guard action.externalstate.file content against whitespace
remove trailing whitespace before checking the status string. This is
most important as a line usually ends with \n, which is considered
trailing whitespace. Accepting this increases usability.
- 2019-08-16: imtcp bugfix: multiple listenerPortFile parameter did not work
... because they were treated as module-global. If we had multiple imtcp
listeners with multiple port files, only the last filename was always used.
closes https://github.com/rsyslog/rsyslog/issues/3817
- 2019-08-16: testbench: improve testbench plumbing for gzip and fail cases
We have added new capabilities to the testbench plumbing to automatically
deal with gzip-compressed files. This also permits to use the wait_seq_check
function to work for gzip tests as well. The known-timing-sensitive
gzipwr_large test now makes use of the new capabilities. This enables us
to more reliably detect when we can savely shutdown the tested instance.
This commit also adds an ability to "abort" the full testbench run on
first test failure. This is especially useful during CI.
- 2019-08-13: testbench: add test for imuxsock legacy format
This was never tested. Ensures we don't accidentally break existing
configurations.
- 2019-08-13: omelasticsearch bugfix: segfault on unknown retryRuleset
omelasticsearch does some "interesting tricks" for an output module.
This causes a segfault if the retryRuleset is now known.
The action module interface currently expects that all config errors
be detected during instance creation. Instead omelasticsearch defers
the retry ruleset check to a later state. The reason is that it wants
to support the use the same rulesetname it is defined in - and this
is not yet available at action parsing.
We fix this by ensuring that any deleted instance is properly unlinked
from the instance list. One may argue the module interface should get
upgrade for such cases, but this is a longer-term approach.
closes https://github.com/rsyslog/rsyslog/pull/3796
- 2019-08-12: imptcp bugfix: port="0" parameter did not work as expected
when multiple interfaces and/or protocols could be bound, each of
them used a different listener ports were assigned. While this is
basically correct, it makes things unusable, especially as
listenPortFileName will only contain the port number used for
the latest listener.
This patch now follows the model of nsd_ptcp.c to assign only
the first port randomly and then use that port consistently.
- 2019-08-10: omelasticsearch bugfix: potential resource leak with "rebindinterval"
If the "rebindInterval" parameter was used connections could be linked. This
was especially the case with small intervals (such as "2"). This is fixed by
forcing libcurl to close the connection on rebind.
Thanks to Noriko Hosoi for providing the patch.
- 2019-08-10: imjournal bugfix: state file close with fsync() was incorrect
This lead to fsync() now always applied where expected.
Thanks to Jiri Vymazal for the patch.
- 2019-08-10: testbench: add addtl test for multithreading and HUP
- 2019-08-10: imptcp bugfix: received bytes counter improperly maintained
imptcp counts the number of bytes received. However, receives
happen on different worker thread. The access to the counter
was not synchronized, which can cause loss of updates. Also,
thread debuggers validly flag this as an error, which creates
problems under CI.
This commit fixes the situation via atomic operations and
falls back to mutex calls if they are not available.
Detected by LLVM thread sanitizer.
closes https://github.com/rsyslog/rsyslog/issues/3798
- 2019-08-07: testbench: add basic tests for omusrmsg
- 2019-08-05: omhttp bugfix: enable checkpath configuration parameter
omhttp, 'checkpath' option, was not configurable in the past.
- add 'checkpath' to the cnfparamdescr table.
- fix issue with checkpath passing extra garbage characters in string.
- add 'checkpath' into unit test - omhttp-retry.sh
Thanks to Nelson Yen for the fix.
- 2019-08-05: testbench bugfix: some tests were executed when req module was missing
In actual case if --enable-impstats was not given some other tests failed.
- 2019-08-03: iminternal bugfix: race on termination
This could in theory lead to loss of shutdown messages, but was mostly a
cosmetic issues. We primarily fixed it to get TSAN-clean so that we can
utilize LLVM TSAN in CI.
- 2019-08-02: testbench: new test for omfile outchannel functionality
- 2019-08-02: core/janitor bugfix: properly maintain dynafile cache
When the janitor cleans out timed-out files, it does not
properly indicate the entry is gone. Especially when running
in async mode this can lead to use-after-free and thus
memory corruption or segfault.
see also https://github.com/rsyslog/rsyslog/issues/3756
- 2019-08-01: omfile bugfix: race file when async writing is enabled
This seems to be a long-standing bug, introduced around 7 years ago.
It became more visible by properly closing files during HUP, which
was done in 8.1905.0 (and was another bugfix). Note that due to this
race a memory corruption can occur under bad circumstances. As such,
this may have also caused segfaults or system hangs (mutexes could
have been affected).
closes https://github.com/rsyslog/rsyslog/issues/3772
- 2019-08-01: testbench: additional tests for HUP
- 2019-07-31: imrelp bugfix: hang after HUP
termination condition was not properly checked; this lead to
premature termination after patch 1c8712415b9 was applied.
It is open to debate if patch 1c8712415b9 changed the module
interface. Actually it looks like this was previously not
well thought out.
closes https://github.com/rsyslog/rsyslog/issues/3760
- 2019-07-24: mmdarwin: add new module
This is a contributed module. For details see doc.
Thanks to the Advens team for contributing it.
- 2019-07-23 iminternal bugfix: suppress mutex double-unlock
If there is a burst of log messages during a time when rsyslog is unable
to output (either during log rotation, an out-of-space condition, or
some other similar condition), rsyslog can SEGFAULT due to a mutex
double-unlock.
- 2019-07-23 imtcp: enable listenPortFileName parameter
this parameter was added, but it had no effect as it was not
passed down to the driver layer. This has been fixed. That also
now enables us to use dynamically-assigned port, which are
very useful for further testbench stabilization. Quite some
false positives occurred because the pre-selected port was
already in use again when rsyslog started.
- 2019-07-19 imtcp: enable listenPortFileName parameter
this parameter was added, but it had no effect as it was not
passed down to the driver layer. This has been fixed. That also
now enables us to use dynamically-assigned port, which are
very useful for further testbench stabilization. Quite some
false positives occurred because the pre-selected port was
already in use again when rsyslog started.
- 2019-07-18 core/action: no error file written if act suspended on TX commit
when an action was already disabled while the action was tried to be
committed, no error file was written. Note that this state is highly
unlikely to happen. Most probably, it can only happen if parameter
action.externalstate.file is used.
----------------------------------------------------------------------------------------
Version 8.1907.0 (aka 2019.07) 2019-07-09
NOTE TO MAINTAINERS: libee is not used by rsyslog for quite some while.
However, we never included this info into the changelog. So if you still
make rsyslog depend on libee (some do this), you should stop doing so now.
Libee is dead and no longer been maintained nor hosted by us. Old versions
can still be found at github for those in need.
GENERAL NOTE: during 8.1907 scheduled release timeframe we changed the ChangeLog
format to include the date a change went into master branch. This is to provide
an easy way to identify which changes went into the respective daily stable.
- 2019-07-05 imuxsock: support FreeBSD 12 out of the box
FreeBSD 12 uses RFC5424 on the system log socket by default. This
format is not supported by the special parser used in imuxsock.
Thus for FreeBSD the default needs to be changed to use the
regular parser chain by default. That is all this commit does.
closes https://github.com/rsyslog/rsyslog/issues/3694
- 2019-07-05 function bugfix: "ipv42num" misspelled as "ip42mum" (without "v")
To fix the issue but keep compatible with existing deployments
both function names are now supported.
closes https://github.com/rsyslog/rsyslog/issues/3676
- 2019-07-04 fix leading double space in rsyslog startup messages
see also https://github.com/rsyslog/rsyslog/issues/2979
- omamqp1: port to latest api, add tests
This brings omamqp1 up-to-date with the latest qpid-proton-c
api version. This also adds a test for the plugin, to test
the basic functionality. The test requires the user to
install qdrouterd and the python qpid-proton library in order
to use the simple_recv.py test program.
Thanks to Richard Megginson for the patch.
- omclickhouse bugfix: potential segfault on omclickhouse batchmode
segfault happened when the template did not contain the string
"VALUES".
Thanks to github user wdjwxh for the fix.
- core bugfix: message duplication copied incorrect timestamp
MsgDup() placed timereported into timegenerated property, resulting
in invalid property values. Original timegenerated was lost. This
occurred always when a message needed to be duplicated. Most
importantly this is the case when queues are used.
closes https://github.com/rsyslog/rsyslog/issues/3716
- core bugfix: segfault on startup depending on queue file names
rsyslog will segfault on startup when a main queue file name has
been set and at least on other queue contains a file name. This
was cased by too-early freeing config error-detection data
structures. It is a regression caused by commit e22fb205a3.
Thanks to Wade Simmons for reporting this issue and providing
detailed analysis. That greatly helps fixing it quickly.
closes https://github.com/rsyslog/rsyslog/issues/3681
- core "bugfix": alignment issue
This was not a hard error on current platforms, but a
to-be-considered compiler warning regarding invalid alignment.
While it works well on current platforms, alignment issues may
turn into real issues in future platforms. So we try to fix them
if possible. As not only a side-effect this resolves compiler
warnings even on current platforms.
This fix has some regression potential. If so, the problems
may occur during IP address resolution.
see also https://github.com/rsyslog/rsyslog/issues/2608
- omfile bugfix: potential hang/segfault on HUP of dynafile action
when omfile was HUPed it did not sufficiently clear all dynafile
cache maintenance data structures. This usually lead to misaddressing
and could result in various issues, including a hang of rsyslog
processing or segfaults. It could also have "no effect" by pure
luck of not hitting anything important. This actually seems to
have been the most frequent case.
This seems to be a long-standing bug, but the likelihood of its
appearance seems to have been increased by commit 62fbef7
introduced in 8.1905. Note: the commit itself has no regression,
just increases the likelihood to trigger the pre-existing bug.
special thanks to Alexandre Guédon for his help in analyzing
the issue - without him, we would probably still not know
what actually went wrong.
closes https://github.com/rsyslog/rsyslog/issues/3686
- imjournal bugfix: potential message duplication
When journal was preloaded from previously saved cursor it was not advanced
to next entry so reading begun from last message which was therefore
duplicated.
Thanks to Jiri Vymazal for the patch.
- rfc5424 parser bugfix: leading space sometimes lost
if structured data is present a leading space in MSG field is lost
- queue subsystem bugfix: oversize queue warning message shown as error
The warning message was emitted as an error message, which is misleading
and may also break some automated procedures.
- core bugfix: HUP did not work reliable on all platforms
most notably not on FreeBSD, maybe others. The reason was obviously
different handling of signals in respect to multiple threads.
- build system bugfix: missing files in distribution tarball
- testbench
* fixed "make distcheck" settings which were missing some modules
This lead to incomplete "make distcheck" run; some errors were not
detected due to that.
* testbench framework: use ip tool instead of outdated ifconfig
The framework now first checks if "ip" is available and falls back
to "ifconfig" only if this is not the case.
Thanks to Michael Biebl for the suggestion.
closes https://github.com/rsyslog/rsyslog/issues/3682
------------------------------------------------------------------------------
Version 8.1905.0 (aka 2019.05) 2019-05-28
- templates: add datatype template option for JSON generation
The new "datatype" and "onEmpty" template options permits to
generate non-string data rather easily. It works together with
jsonf formatting, which is what people should use nowadays.
closes https://github.com/rsyslog/rsyslog/issues/2827
- config processing: check disk queue file is unique
If the same name is specified for multiple queues, the queue files
will become corrupted. This commit adds a check during config parsing.
If duplicate names are detected the config parser errors out and the
related object is not created.
Note: this may look to a change-of-behavior to some users. However,
this never worked and it was pure luck that these users did not run
into big problems (e.g. DA queues were never going to disk at the
same time). So it is acceptable to error out in this hard error case.
closes https://github.com/rsyslog/rsyslog/issues/1385
- global config: new parameters for ruleset queue defaults
specifically:
* default.ruleset.queue.timeoutshutdown
* default.ruleset.queue.timeoutactioncompletion
* default.ruleset.queue.timeoutenqueue
* default.ruleset.queue.timeoutworkerthreadshutdown
closes https://github.com/rsyslog/rsyslog/issues/3656
- add capability to write full config file (-o cmdline option)
Introduces the capability to create an output config file that explodes
all "includes" into a single file. This provides a much better overview
of how exactly the configuration is crafted. That could often be a great
troubleshooting aid.
This commit also contains some slight not-really-related cleanup.
closes https://github.com/rsyslog/rsyslog/issues/3634
- queue subsystem: permit to disable "light delay mark"
New semantic: if lightDelayMark is 0, it is set to the max queue
size, effectively disabling the "light delay" functionality.
Thanks to Yury Bushmelev to mentioning issues related to light
delay mark and proposing the solution (which actually is what
this commit does).
closes https://github.com/rsyslog/rsyslog/issues/1778
- queue subsystem: provide better user status messages
The queue subsystem now provides additional information messages which
may help a regular user to maintain system health. Most importantly,
DA queues now output when they persist queue data at end of run and
when they restart the queue based on persisted data.
- core: emit a warning message for ultra-large queue size definitions
We see error reports from users who have configured excessively large queues
and receive an OOM condition or other problems.
With that patch we generate a warning message if a queue is configured very
large. "Very large" is defined to be in excess of 500000 messages.
see also https://github.com/rsyslog/rsyslog/issues/3314
closes https://github.com/rsyslog/rsyslog/issues/3334
- new global config parameter "internalmsg.severity"
permits to specify a severity filter for internal message. Only
messages with this severity level or more severe are logged.
Originally this was done in rsyslog.conf as usual: you can filter
rsyslog messages on severity, just like any other. But with systemd,
we now emit primarily to the journal, and this is outside of rsyslog's
rule engine and so regular filters do not apply (at least in regard
to the journal). Logging to journal is good, because finally
folks begin to see the messages (traditional distro configs discard
them, for whatever is the reason).
This commit implements a global setting for a severity-based filter
for internal messages, before submitted to journal. So it's not 100%
of what rsyslog can do, but at least some way to customize.
see also https://github.com/rsyslog/rsyslog/issues/3639
- config processing bugfix: error messages if config.enabled="off" is used
Using config.enabled="off" could lead to error messages on
"parameter xxx not known", which were invalid. They occurred
because the config handler expected them to be used, which
was not the case due to being disabled.
This commit fixes that issue.
closes https://github.com/rsyslog/rsyslog/issues/2520
- core portability bugfix: harden shutdown processing on FreeBSD
On FreeBSD, rsyslog does not always terminate immediately on SIGTERM.
Root cause seems to be that SIGTERM is delivered differently under
FreeBSD. This causes the main thread to not be awaken, and so it
takes until the next janitor interval to come back to life - which
can be far too long. Fixed this bug explicitly awaking the main
thread.
- imtcp bugfix: oversize message truncation causes log to be garbled
The actual problem is in the tcpserver component. However, the prime user
is imtcp and so users will likely experience this as imtcp problem.
When a too-long message is truncated, the byte after the truncation
position becomes the first byte of the next message. This will garble
the next messages and in almost all cases render it is syslog-noncompliant.
The same problem does NOT occur when the message is split.
This commit fixes the issue. It also includes a testbench fix.
Unfortunately the test for exactly this feature was not properly
crafted and so could not detect the problem.
closes https://github.com/rsyslog/rsyslog/issues/3580
- omfile bugfix: FlushOnTXEnd does not work reliably with dynafiles
The flush was only done to the last dynafile in use at end of
transactions. Dynafiles that were also modified during the
transaction were not flushed.
Special thanks to Duy Nguyen for pointing us to the bug and
suggesting a solution.
This commit also contains a bit of cosmetic cleanup inside
the file stream class.
closes https://github.com/rsyslog/rsyslog/issues/2502
- lmcry_gcry build bugfix: was not always properly build
Due to an invalid definition in build system this seems to have not
been correctly build on at least some platforms (but it worked on
others as it passed CI testing). This has now been corrected.
Thanks to Remi Locherer for the patch.
- dnscache bugfix: very unlikely memory leak
This fixes a memory leak that can only occur under OOM conditions.
Detected by Coverity Scan, CID 203717
- testbench bugfix: wrong parameter check in diag.sh (tcpflood())
When first parameter is check_only, the tcpflood funtion shall not
abort the test itself (The fail is intended if this option is set).
closes issue #3625
- testbench bugfix: imfile-symlink test failed w/ parallel test run
The test sometimes failed. It used a symlink to a hardcoded name
rsyslog-link.*.log. This symlink was created but then disappears.
The reason is that upon (every!) test exit, rsyslog-link.*.log is
deleted. So a parallel test running the exit procedure just at the
"right" time can removed that file.
The bug is that the file name should be created using the tests's
dynamic name. This is done now.
closes https://github.com/rsyslog/rsyslog/issues/3550
------------------------------------------------------------------------------
Version 8.1904.0 (aka 2019.04) 2019-04-16
- omfile: provide more helpful error message on file write errors
now contains actual file name plus a link to probable causes for this type
of problem
- imfile: emit error on startup if no working directory is set
When the work directory has not been set or is invalid, state files
are created in the root of the file system. This is neither expected
nor desirable. We now complain loudly about this fact. For backwards
compatibility reasons, we still need to support running imfile in
this case.
closes https://github.com/rsyslog/rsyslog/issues/1296
- dnscache: add global parameter dnscache.default.ttl
This permits to control default TTL for cache entries. If set
to 0, the DNS cache is effectively disabled.
closes https://github.com/rsyslog/rsyslog/issues/49
closes https://github.com/rsyslog/rsyslog/issues/1487
- omelasticsearch: new parameter rebindinterval
Thanks to Richard Megginson for the patch.
- omelasticsearch: new parameter skipverifyhost
Add ability to specify the libcurl CURLOPT_SSL_VERIFYHOST
option to skip verification of the hostname in the peer cert.
WARNING: This option is insecure, and should only be used
for testing. The default value is off, meaning, the hostname
will be verified by default.
Thanks to Richard Megginson for the patch.
- omelasticsearch: set rawmsg to data from original request
Previously, when constructing the message to submit for a retry
for an original request, if the original request did not contain
the field `message`, the system property `rawmsg` was set to
the entire metadata + data from the original request. This was
causing problems with Elasticsearch. This patch changes
the code so that the `rawmsg` will be set to only the data part
of the original request if there is no `message` field.
closes https://github.com/rsyslog/rsyslog/issues/3573
Thanks to Richard Megginson for the patch.
- mmkubernetes - support for metadata cache expiration
New parameters for mmkubernetes (module and action):
* `cacheexpireinterval`
If `cacheexpireinterval` is -1, then do not check for cache expiration.
If `cacheexpireinterval` is 0, then check for cache expiration.
If `cacheexpireinterval` is greater than 0, check for cache expiration
if the last time we checked was more than this many seconds ago.
* `cacheentryttl` - maximum age in seconds for cache entries
New statistics counters:
* `podcachenumentries` - the number of entries in the pod metadata cache.
* `namespacecachenumentries` - the number of entries in the namespace
metadata cache.
* `podcachehits` - the number of times a requested entry was found in the
pod metadata cache.
* `namespacecachehits` - the number of times a requested entry was found
in the namespace metadata cache.
* `podcachemisses` - the number of times a requested entry was not found
in the pod metadata cache, and had to be requested from Kubernetes.
* `namespacecachemisses` - the number of times a requested entry was not
found in the namespace metadata cache, and had to be requested from
Kubernetes.
- imdocker: new contributed module
imdocker will get (docker) container logs from a host as well as filling
out some basic container metadata as id, name, image, labels.
Thanks to Nelson Yen for the contribution.
- mmtaghostname: new contributed module
This module allows one to force hostname after parsing to the localhostname of
rsyslog and/or add a tag to messages received from input modules without
tag parameter.
Thanks to Philippe Duveau for the contribution.
- imbatchreport: new contributed input module
This input module manage batches' reports : complete file as a single log.
Thanks to Philippe Duveau for the contribution.
- imtuxedolog: new contributed input module for Tuxedo ULOG
Thanks to Philippe Duveau for the contribution.
- openssl network driver: Added support setting openssl configcommands
We are using the gnutlsPriorityString setting variable, to pass
configuration commands to openssl.
closes: https://github.com/rsyslog/rsyslog/issues/3605
- omkafka: drop messages rejected due to being too large
Drop messages that were rejected due to
'RD_KAFKA_RESP_ERR_MSG_SIZE_TOO_LARGE' error
Thanks to Nelson Yen for the patch
- core/action: implement capability to resume/suspend via external file
It has been reported that some TCP receivers exists that accept syslog tcp
messages at any rate, even if they do not manage to actually process them.
Instead, they silently drop the message. This behavior is not configurable.
All in all, it can lead to considerate message loss.
To support such use cases, we need to provide an ability to externally
trigger actions suspension and resumption.
We do this via a configured file which contains the status of the action.
Rsyslog periodically reads the file and if it contains "SUSPEND", it
suspend the action (and likewise for resume).
closes https://github.com/rsyslog/rsyslog/issues/2924
- improg bugfix: some memory leaks
Thanks to Philippe Duveau for the contribution.
- msg object bugfix: regression from 1255a67
closes https://github.com/rsyslog/rsyslog/issues/3570
- pmnormalize: fix memory leaks, improve tests
This patch fixes a set of problems plus provides more and enhanced
tests for the module.
Most important problem was a memory leak that occurred when a message
could not be passed at all. For each message that could not be parsed
memory of at least the size the message is leaked. Depending on
traffic pattern this can quickly lead to OOM. Note, however, that
this leak was never reported - it was discovered as part of code
review.
closes https://github.com/rsyslog/rsyslog/issues/2007
- omkafka bugfix: build failure due to inconsistent type
fails depending on platform and settings; was somehow undetected by CI
- imjournal bugfix: potential segfault on some API failure returns
In one case there was possibility of free()'d value of journal
cursor not being reset, causing double-free and crash later on.
closes https://github.com/rsyslog/rsyslog/issues/3537
- openssl subsystem bugfix: better error handling
Handling of SSL_ERROR_SYSCALL has been hardened.
Handling for SSL_Shutdown errors has been corrected.
Also fixed SSL Shutdown handling in tcpflood (openssl code).
If SSL_Shutdown returns error, we call SSL_read as described in
the documentation to do a bidirectional shutdown.
Closes https://github.com/rsyslog/rsyslog/issues/3561
- imjournal bugfix: Fetching journal cursor only for valid journal
The sd_journal_get_cursor() got called regardless of previous
retcodes from other journal calls which flooded logs with journald
errors. Now skipping the call in case of previous journal call
non-zero result. Fixed success checking of get_cursor() call
to eliminate double-free possibility.
Also, making WorkAroundJournalBug true by default, as there were no
confirmed performance regressions for a quite long time.
Thanks to Jiri Vymazal for the patch.
- omamqp: fix build errors
They occur on some, newer, platforms. We do not really fix them, but rather
make the compiler ignore them. This is not really good, but the module is
contributed and so that's for now the best thing we can do.
- testbench: change manytcp.sh to use a larger connection count again
not sure why it was reduced, maybe related to
https://github.com/rsyslog/rsyslog/issues/1108
also, modernize this and another test
- tcpflood bugfix: make soft connection limit work again
It looks like the soft limit became defunct when tcpflood was enhanced to
request more open file handles from OS.
closes https://github.com/rsyslog/rsyslog/issues/1108
- testbench bugfix: omhttp tests were not run during "make distcheck"
- build system bugfix: omhttp test files were not included in dist tarball
Thanks to Thomas D. (whissi) for the patch.
------------------------------------------------------------------------------
Version 8.1903.0 (aka 2019.03) 2019-03-05
- omrabbitmq: add features (RabbitMQ HA management, templatize routing_key,
populate amqp message headers, delivery_mode and expiration parameters)
- improg: create input module to use external program as input datas
- imtuxedoulog: create input module to consume Tuxedo ULOG files
- omhttp: rewritten with large feature enhancements
Many thanks to Gabriel Intrator for this work. Gabriel also has adopted the
module and plans to support it in the future.
- pmdb2diag: create parser module for DB2 diag logs
- TLS subsystem: add support for certless communication
both openssl and GnuTLS drivers have been updated to support certless
communications. In this case e.g. Diffie-Helman is used.
NOTE: this is an insecure mode, as it does NOT guard against
man-in-the-middle attacks. We implemented it because of the large demand,
not because we think it makes sense to use this mode. We strongly recommend
against it.
closes https://github.com/rsyslog/rsyslog/issues/1068
- imrelp/omrelp: add capability to specify tlslib for librelp
closes https://github.com/rsyslog/rsyslog/issues/3451
- build system: introduce a better way to handle compiler pragmas
we now use macros and _Pragma(). This requires less code lines and is more
portable.
- omkafka: add support for dynamic keys
A new configuration property "dynaKey" is added that, when "on", changes the
value of property "key" to a template names instead of a constant value.
This is similar in approach to the DynaTopic implementation.
Thanks to Ludo Brands for the patch.
- AIX port: add AIX linking extensions on many plugins and contributions to
allow building them on this os.
- template: add Time-Related System Property $wday which is the day of week
This allows one to get a week based rotation of log as AIX does.
- ksi subsystem: add high availability mode
Note: ksi subsystem now REQUIRES libksi 3.19.0 or above
Thanks to Allan Park for the patch.
closes https://github.com/rsyslog/rsyslog/issues/3338
- imfile bugfix: file reader could get stuck
State file handling was invalid. When a file was moved and re-created
rsyslog could use the file_id if the new file to write the old files'
state file. This could make the file reader stuck until it reached the
previous offset. Depending on file sizes this could never happen AND
would cause large message loss. This situation was timing dependent
(a race) and most frequently occurred under log rotation. In polling
mode the bug was less likely, but could also occur.
closes: https://github.com/rsyslog/rsyslog/issues/3465
closes: https://github.com/rsyslog/rsyslog/issues/3468
- imfile bugfix: potential segfault when working with directories or symlinks
see also https://github.com/rsyslog/rsyslog/pull/3496
Thanks to Nelson Yen for the patch
- omhttp bugfix: header items could not have spaces in them
Thanks to Nathan Brown for the patch.
- core bugfix: enlarged msg offset types for bigger structured messages
using a large enough (dozens of kBs) structured message
it is possible to overflow the signed short type which leads
to rsyslog crash. (applies to msg.c, the message object)
Thanks to Jiri Vymazal for the patch.
- core bugfix for AIX: timeval2syslogTime now handle the bias according to
local time zone as documented by IBM.
- imfile feature: add configuration parameter to force parsing of read logs
- imczmq bugfix:
Release zframe following read from socket
Make the 0MQ frame pointer local to the receive loop and destroy the
frame as soon as the contents have been copied. This avoids:
* a memory leak should the receive loop execute more than once
* referencing an un-initialized value during cleanup (finalize_it)
Thanks to Mark Gillott for the patch.
- omclickhouse bugfix: default template unusable
STDSQL option added to the default template used in output module of clickhouse
Thanks to gagandeep trivedi for the patch.
- omclickhouse "bugfix": work-around failed error detection
omclickhouse uses a questionable method to check if a request generated
an error. We have seen the method to fail when we slightly upgraded clickhouse
server in CI testing.
This commit makes the method a bit more reliable without really fixing it.
But it's at least a short-term solution.
This should be changed to a proper status check. I assume such is possible.
see also https://github.com/rsyslog/rsyslog/issues/3485
- imptcp bugfix: overly long socket bind path can lead to segfault
if the `path` input parameter is overly long (e.g. more than 108
characters on some platforms) a non-terminated string is generated
and then passed to OS API. This can lead to all sorts of problems
including segfault.
We detected that based on gcc-8 warnings during code inspection.
No real-world problem case is known.
- ommongodb bugfix: improper stpncpy() calls
- testbench tcpflood: add new transport option relp-tls
Tcpflood can now send messages via relp with tls support.
closes https://github.com/rsyslog/rsyslog/issues/3448
- testbench: mmdb valgrind tests failed is srcdir env was not set
- testbench: add omclickhouse tests
- testbench bugfix: some long-running tests had too low runtime allowance
closes https://github.com/rsyslog/rsyslog/issues/3493
- testbench bugfix: daqueue-dirty-shutdown test
This test occasionally failed with left-over spool files. As far as we
have analyzed, this is due to the use of an invalid shutdown timeout
(very short) in the second phase of the test. It looks like this is
actually a copy&paste error from phase one. Behavior of rsyslog was
correct, but the test itself created a false positive.
We have corrected the timeout now and also modernized the test
a bit.
closes https://github.com/rsyslog/rsyslog/issues/2122
- testbench bugfix: some omhttp tests had compatibility issues with Python 3
Thanks to Thomas D. (whissi) for the patch.
------------------------------------------------------------------------------
Version 8.1901.0 (aka 2019.01) 2019-01-22
- new version scheme: 8.yymm.0 - version now depends on release date
see also https://rainer.gerhards.net/2018/12/rsyslog-version-numbering-change.html
- queue: add support for minimum batch sizes
closes https://github.com/rsyslog/rsyslog/issues/495
- change queue.timeoutshutdown default to 10 for action queues
The previous default of 0 gave action queues no real chance to
shutdown - at the time they were applied, they were usually already
expired (computing the absolute timeout took a small amount of time).
So we change this now to 10ms, which still is very quick but gives
the queue at least a chance to shutdown itself. That in turn
smoothes the whole shutdown process.
If a very large number of action queues is used this may lead
to a very slightly longer shutdown time, albeit this is very
improbable.
- omclickhouse: new output module for clickhouse
This output module adds the possibility to send
INSERT querys to a Clickhouse database. See doc for details.
The messages are sent via a REST interface.
This commit also adds support of the testbench
for clickhouse tests, as well as various tests.
Closes https://github.com/rsyslog/rsyslog/issues/2272
- omkafka: Add ability to dump librdkafka statistics to a file
Use statsFile to specify statistics output file; also requires
setting statistics.interval.ms confparam to a non-zero value.
Thanks to github user pcullen65 for the contribution.
- tls(ossl/gtls): add new Option "StreamDriver.PermitExpiredCerts"
The new Option can have one of the following values:
on = Expired certificates are allowed
off = Expired certificates are not allowed
warn = Expired certificates are allowed but warning will be logged (Default)
Includes necessary tests to validate new code.
closes https://github.com/rsyslog/rsyslog/issues/3364
- action: add "action.resumeIntervalMax" parameter
This parameter permits to set an upper limit on the growth of the
retry interval. This is most useful when a target has extended
outage, in which case retries can happen very infrequently.
closes https://github.com/rsyslog/rsyslog/issues/3401
- report child process exit status according to config parameter
Add new global setting 'reportChildProcessExits' with possible values
'none|errors|all' (default 'errors'), and new global function
'glblReportChildProcessExit' to report the exit status of a child
process according to the setting.
Invoke the report function whenever rsyslog reaps a child, namely in:
- rsyslogd.c (SIGCHLD signal handler)
- omprog
- mmexternal
- srutils.c (execProg function, invoked from stream.c and omshell)
Remove redundant "reaped by main loop" info log in omprog.
Promote debug message in mmexternal indicating that the child has
terminated prematurely to a warning log, like in omprog.
closes https://github.com/rsyslog/rsyslog/issues/3281
Thanks to Joan Sala for contributing this.
- build system: add capability to turn off helgrind tests
we add configure switch --enable-helgrind. We need to turn helgrind off
when we use clang coverage instrumentation. The instrumentation injects
mt-unsafe counter updates which we seem to be unable to suppress.
Note: for gcc this was possible, because they all occurred in a utility
function. For clang, they are inlined so we get many -and changing- violations.
see also https://github.com/rsyslog/rsyslog/issues/3361#issuecomment-450502569
- imzmq3/omzmq3: remove modules
according to @brianknox (their author) these modules are outdated:
https://twitter.com/taotetek/status/931860786959540224
They are replaced by imczmq/omczmq and are no longer maintained. We put a
depreciation notice into the modules a year ago, and now it finally is time
to remove them. They do NOT build in any case, except if very old versions
of the 0mq ecosystem are used.
see also https://github.com/rsyslog/rsyslog/issues/2100
closes https://github.com/rsyslog/rsyslog/issues/2103
- bugfix omusrmsg: don't overwrite previous set _PATH_DEV value
Since commit 56ace5e418d149af27586c7c1264fccfbc6badf1, omusrmsg was broken
because "memcpy()" is not a suitable substitute for "strncat()" in this
context, it is actually replacing the previous added content.
Bug: https://bugs.gentoo.org/673004
Closes: https://github.com/rsyslog/rsyslog/issues/3346
Thanks to Thomas D. (whissi) for the patch.
- bugfix ossl TLS driver: fixed authentication mode anon
authentication mode "anon" was not properly supported in ossl TLS
driver; if selected, did still require a full certificate.
closes: https://github.com/rsyslog/rsyslog/issues/3037
- bugfix tls subsystem: Receiver hang due to insufficient TLS buffersize.
gtls and ossl driver used a default buffersize of 8KiB to store received
TLS packets. When tls read returned more than buffersize, the additional
buffer was not processed until new data arrived on the socket again.
TLS RFCs require up to 16KiB+1 buffer size for a single TLS record.
closes https://github.com/rsyslog/rsyslog/issues/3325
- bugfix pmpanngfw: build issue due to non-matching data types in comparison
Thanks to Narasimha Datta for the patch.
- omfile: work-around for "Bad file descriptor" errors
This works-around an issue we can reproduce e.g. via the
imtcp-tls-ossl-x509fingerprint.sh test. Here, omfile gets a write
error with reason EBADF. So far, I was not able to see an actual
coding error. However I traced this down to a multithreaded race
on open and close calls. I am very surprised to see this type
of issue, as I think the kernel guarantees that it does not happen.
Here is what I see in strace -f:
openssl accepts a socket:
[pid 66386] accept(4, {sa_family=AF_INET, sin_port=htons(59054), sin_addr=inet_addr("127.0.0.1")}, [128->16]) = 10
then, it works a bit with that socket, detects a failure and shuts it down. Sometimes, at the very same instant omfile on another thread tries to open on output file. Then the following happens:
[pid 66386] close(10) = 0
[pid 66389] openat(AT_FDCWD, "./rstb_356100_31fa9d20.out.log", O_WRONLY|O_CREAT|O_NOCTTY|O_APPEND|O_CLOEXEC, 0644 <unfinished ...>
[pid 66386] close(10 <unfinished ...>
[pid 66389] <... openat resumed> ) = 10
[pid 66386] <... close resumed> ) = 0
[pid 66386] poll([{fd=4, events=POLLIN}, {fd=5, events=POLLIN}], 2, -1 <unfinished ...>
[pid 66389] write(2, "file './rstb_356100_31fa9d20.out"..., 66file './rstb_356100_31fa9d20.out.log' opened as #10 with mode 420
) = 66
[pid 66389] ioctl(10, TCGETS, 0x7f59aeb89540) = -1 EBADF (Bad file descriptor)
This is **literally** from the log, without deleting or reordering
lines. I read it so that there is a race between `open` and `close`
where fd 10 is reused, but seemingly closed - resulting in the `EBADF`
While it smells like a kernel issue, it may be a well-hidden program
bug - if so, one I currently do not find. HOWEVER, this commit
works around the issue by reopening the file when we receive EBADF.
That's the best thing to do in that case, especially if it really is
a kernel bug. Data loss should not occur, as the previous writes
succeeded in that case.
The backdraw of this work-around is that it only "fixes" omfile. In
theory every part of rsyslog can be affected by this issues (queue
files, for example). So this is not to be considered a final solution
of the root issues (but a big step forward for known problem cases).
see also https://github.com/rsyslog/rsyslog/issues/3404
- omhttp bugfix: segfault due to NULL pointer access
many thanks to Gerardo Puerta for the patch
- omkafka bugfix: segfault when running in debug mode using dynamic topics
This should only affect test environments, as debug mode is not
suitable for production (and really does not work when running for
extended period of time).
- testbench bugfix: TLS syslog tests for "anon" mode were broken
They did not detect when "anon" mode was not properly supported by the
drivers.
- test tooling bugfix: correct tcpflood error messages
it looks like tcpflood's openssl code stems partly back to tcpdump, at
least the error messages indicate this. Thankfully tcpdump is BSD licensed,
so this should not be a big issue. Nevertheless, the incorrect program name
in error messages needs to be corrected, and this is what this commit does.
- tcpflood bugfix: tool did not terminate on certificate error
when tcpflood detected a certificate error, it reported an
error message but did not abort. This could make errors undetectable
during CI runs.
also fix tests which did not properly provide CA cert (which than
caused the error).
- testbench: fix issues with journal testing
The configure/Makefile checks were not correct, leading to the
build of journal components when not necessary, even if not
supported by the platform. Thus lead to invalid build and test
failures.
- testbench: add tests for "certless" tcp/tls
This adds a test to ensure that a client without certificate can
connect to a server with certificates. So it is not exactly
"certless".
The prime intent of this test is to match config suggestions given
by log hosting companies (like loggly) and so ensure that we do
not accidentally break them. This is especially important as the
capability for certless clients was not properly documented and
also become forgotten by the rsyslog team.
see also https://github.com/rsyslog/rsyslog/issues/3413
- CI
- further improve testbench robustness against slow machines
- testbench: add tests for parser.EscapeControlCharacterTab global option
- testbench: Updated all expired x.509 certs
Closes https://github.com/rsyslog/rsyslog/issues/3348
- fix a potential race in CI debug mode which can lead to segfault
only when instructed to do so, rsyslog may emit a "final worker thread shutdown"
messages. This is usually only enabled in CI and/or other testing. If enabled,
the code has a race on the pWti object which can lead to segfault or abort.
Only system which explicitly enable this CI aid are affected (running in debug
mode alone is NOT sufficient).
This is a regression from 8.40.0.
- testbench: improve robustness against slow CI, gen. improvements
* add an overall timeout value for tests - if running longer,
testbench framework tries to FAIL and end test. Note that
this is not bullet-proof and not intended to be so.
* guard against hanging rsyslog instances via a new imdiag
feature to abort after n number of seconds; among others,
this guards as against timeout-cancel in CI, which is always
pretty hard to diagnose - now we see these errors in test-suite.log
* fix a bug in tcp zip test, which actually did not use zip mode
* experimentally add debug output to better understand
shutdown_when_empty operation; goal is to improve understanding
and then remove that code again.
* improve shutdown predicate for a couple of tests
* made travis run make check with two parallel threads, for which
we seem ready now. Nevertheless, it's still experimental and we
may roll this back if required.
* testbench: disable omprog tests that hang under coverage instrumentation
When gcc coverage instrumentation is used, these tests hang. They work
with clang coverage instrumentation, but for some reason clang does not
give us full reports (at least not when used together with CodeCov.io).
We have tried to troubleshoot this for hours and hours - now is time to
give up until someone comes up with a bright idea. So we make the affected
tests skip themselves when they detect gcc with coverage instrumentation.
* testbench: add new test for imfile and logrotate in copytruncate mode
* testbench: add new omkafka tests for dynamic topics
* travis: do no longer run 0mq tests
This often causes trouble when the packages are rebuild by the 0mq project
(which happens frequently). We already do intensive testing of the 0mq
components in the buildbot infrastructure, where we use dedicated containers.
This is reliable, as the containers already contain everything needed and so
do not need to reach out to the 0mq package archives. In the light of this,
let's save us the trouble of Travis failures. The only downside is that
users cannot pre-test with their local Travis when modifying 0mq modules,
which is quite acceptable.
------------------------------------------------------------------------------
Version 8.40.0 [v8-stable] 2018-12-11
- mmkubernetes: add support for sslpartialchain for openssl
If `"on"`, this will set the OpenSSL certificate store flag
`X509_V_FLAG_PARTIAL_CHAIN`. This will allow you to verify the Kubernetes API
server cert with only an intermediate CA cert in your local trust store, rather
than having to have the entire intermediate CA + root CA chain in your local
trust store. See also `man s_client` - the `-partial_chain` flag.
This option is only available if rsyslog was built with support for OpenSSL and
only if the `X509_V_FLAG_PARTIAL_CHAIN` flag is available. If you attempt to
set this parameter on other platforms, you will get an `INFO` level log
message. This was done so that you could use the same configuration on
different platforms.
- openssl driver: improved error messages
also fixes misleading wording of some error messages
closes https://github.com/rsyslog/rsyslog/issues/3238
- imfile: disable file vs directory error on symlinks
The file/directory node-object alignment now ignores symlinks. Previously
it reported error on each directory symlink spamming user error logs.
Thanks to Jiri Vymazal for the patch.
- cleanup: remove no longer needed --enable-rtinst code
configure option --enable-rtinst is gone-away since a while, but there were
still some supporting code left. It required careful analysis what could
actually be removed. This is now done and the code fully cleaned up. This
greatly simplifies the code and also makes it better readable for
developers which are not deep inside the rsyslog code base.
As a positive side effect, we could eliminate mutex calls inside
the debug system. This means we are more likely to reproduce race
conditions in runs with debugging enabled.
closes https://github.com/rsyslog/rsyslog/issues/2211
- bugfix imfile: rsyslog re-sends data for files larger 2GiB
This occurs always if and only if
- reopenOnTruncate="on" is set
- file grows over 2GiB in size
Then, the data is continuously re-sent until the file becomes smaller
2GiB (due to truncation) or is deleted.
It is a regression introduced by 2d15cbc8221e385c5aa821e4a851d7498ed81850
closes https://github.com/rsyslog/rsyslog/issues/3249
- config: fix segfault in backticks "echo" expansion of undefined variables
The bug was introduced in commit abe0434 (config: enhance backticks "echo"
capability). The getenv() result passed to strlen() and es_addBuf() may be
NULL if the environment variable does not exist, resulting in a segfault.
Thanks to Julien Thomas for the patch.
fixes https://github.com/rsyslog/rsyslog/issues/3006
- bugfix imsolaris: message timestamps on Solaris
On Solaris messages don't have their time directly in the raw body but in
a separate log_ctl structure which is currently not used.
When message is logged and processed, rsyslogd gives it current time because
it ignores the actual one. That means that old messages (e.g. from system
reboot) get timestamp of processing instead of the reboot itself (it is
not a problem for live logging where now is used anyway).
Thanks to Jakub Kulik for the patch.
- bugfix build system: "make distcheck" did not work for mysql tests
- bugfix build system: don't link liblogging-stdlog when available but not enabled
When liblogging-stdlog was available but configure option "--disable-liblogging-stdlog"
was set, rsyslog was still linking against liblogging-stdlog.
This commit will ensure that rsyslog will only link against liblogging-stdlog when
"--enable-liblogging-stdlog" was set.
see also: https://bugs.gentoo.org/667836
- bugfix RainerScript: abs() could return negative value, now in range [0..max]
Thanks to Harshvardhan Shrivastava for providing the patch
- bugfix debug output: date property options output wrongly
inside debug logging, the date property options were not all
properly converted into strings. Some of the newer ones were
invalidly flagged as "UNKNOWN". This is primarily a cosmetic
problem and has no effect other than puzzling folks looking at
the debug log.
- bugfix omhttp: did not compile on some platforms
- CI
* made mysql-based tests (ommysql and omlibdbi) work inside containers
* bugfix testbench: do not execute libgcrypt tests if disabled
closes https://github.com/rsyslog/rsyslog/issues/3228
* testbench: grep failed when string starting with "-" was used
The search term was mistakenly interpreted as an option.
* testbench: support auto-start/-stop of mysqld
This is required to run mysql/mariadb tests inside containers.
closes https://github.com/rsyslog/rsyslog/issues/3223
* improve bash coding style and fix a some bug in testbench
- duplicate diag.sh init call was not detected due to typo
- queue-persists test did not work correctly
- some general testbench framework improvements
issues found be shellcheck, fixes brought up other work to do
* testbench: improve journal tests and testbench framework
improving both style and reliability of journal tests; along that way
also improve testbench framework:
- do cleanup on error_exit and skip
- explicit skip handler (vs exit 77)
this permits us to do better cleanup
- new testbench functions for journal-specific functionality
reduce code duplication and make things easier to maintain in the
future
- provide a way to do valgrind and non-valgrind tests with a single
test file
see also https://github.com/rsyslog/rsyslog/issues/2564
* testbench: improve framework, harden rscript http test
- the test now tries to detect unavailable http server, which
should not result in test failure
- equivalent valgrind test changed to new method, removing code
duplication
- testbench supports
* new exit code 177, which indicates environment error, makes
test SKIP but still reports the failure
* new exitcode, logurl stats reporting fields
* report buildbot builder (if provided) in failure report
* testbench: add test for mmjsonparse with unparsable data
* testbench: make es-bulk-retry test more reliable
We now no longer depend on a fixed 'sleep' command but rather
check the output file for what we expect. This is much more
robust on slow test machines.
We believe this closes the below-mentioned issue. If not, it
should be re-opened.
closes https://github.com/rsyslog/rsyslog/issues/3104
* testbench: suppress valgrind error caused by pthreads lib
finally I give up and honestly think this is a problem in pthreads and
not in rsyslog code. See issue below and previous commit for more
information.
Unfortunately, this will also mask off cases where we do not properly
call pthread_join() albeit it is needed. Nevertheless, this bug is
causing so much CI grief that it is definitely worth it.
closes https://github.com/rsyslog/rsyslog/issues/2902
* testbench: made a couple of (unnamed due to too many) test more robust
against slow (CI) machines
------------------------------------------------------------------------------
Version 8.39.0 [v8-stable] 2018-10-30
- imfile: improve truncation detection
previously, truncation was only detected at end of file. Especially with
busy files that could cause loss of data and possibly also stall imfile
reading. The new code now also checks during each read. Obviously, there
is some additional overhead associated with that, but this is unavoidable.
It still is highly recommended NOT to turn on "reopenOnTruncate" in imfile.
Note that there are also inherent reliability issues. There is no way to
"fix" these, as they are caused by races between the process(es) who truncate
and rsyslog reading the file. But with the new code, the "problem window"
should be much smaller and, more importantly, imfile should not stall.
see also https://github.com/rsyslog/rsyslog/issues/2659
see also https://github.com/rsyslog/rsyslog/issues/1605
- imjournal: work around journald excessive reloading behavior
This is workaround for possible imjournal interaction with systemd
where journal invalidate fix is not present. The code tries to
detect SD_JOURNAL_INVALIDATE loop and not reload after each call.
Thanks to Jiri Vymazal for the patch.
- errmsg: remove no longer needed code
refactored code (over a long time) so that object-ish style is no longer
needed and could now finally be removed; We also refactored the last
component (omhttp contrib module) that used the old interface.
closes https://github.com/rsyslog/rsyslog/issues/1684
- queue bugfix: invalid error message on queue startup
due to some old regression (commit not exactly identified, but for
sure a regression, 9 years ago it was correct) an error message
is emitted when no .qi file exists on startup of the queue, which
is a normal condition.
Actually, the code should not have tried to open the .qi file in
the first place because it detected that it did not exist. That
(necessary) shortcut had been removed a while ago.
closes https://github.com/rsyslog/rsyslog/issues/3117
- bugfix imrelp: regression with legacy configuration startup fail
Startup of a relp listener failed if legacy configuration was used.
caused by commit: 32b71daa8aadb8f16fe0ca2945e54d593f47a824
closes https://github.com/rsyslog/rsyslog/issues/3106
- bugfix imudp: stall of connection and/or potential segfault
There was a regression in 493279b790a8cdace8ccbc2c5136985e820dd2fa.
This regression may cause stop (or delay) of reception from some systems
and may also cause a segfault. Triggering condition is that at least
one listener could not be created.
Thanks to Jens Låås for the patch.
- bugfix gcry crypto driver: small memleak
If a crypto key is specified directly via the key="" parameter,
the storage for that key is not freed, causing a small memleak.
Note that the problem occurs only once per context, so this
should not cause real issues. Even more so, as specifying a
key directly is meant only for testing purposes and is strongly
discouraged for production use.
Detected by internal testing, no actual fail case known.
- fix potential misaddressing in encryption subsystem
could happen if e.g. disk queues were encrypted
not seen in practice but caught by testbench test
- ksi subsystem changes
* enhance debug logging
* disable unsafe SHA1 algorithm
Thanks to Allan Park for the patch.
- bugfix core: regex compile error messages could be incorrect
- bugfix core: potential hang on rsyslog termination
The root cause was a deadlock during worker startup. This could
happen for example when a DA queue needed to persist data during
shutdown.
Fail condition:
* startup request for a new worker
* initialization of that worker
* immediate detection that the worker can or must shutdown
* main thread waiting for worker running state, which it skips,
and so the main thread hangs inside a loop
closes https://github.com/rsyslog/rsyslog/issues/3094
- bugfix imkafka: system hang when backgrounded
imkafka initializes librdkafka too early (before the fork). This leads
to hangs in various parts of the system - not only im imkafka but
other functions as well (e.g. getaddrinfo() calls).
closes https://github.com/rsyslog/rsyslog/issues/3180
- bugfix imfile: file change was not reliably detected
A change in the inode was not detected under all circumstances,
most importantly not in some logrotate cases.
Includes new tests made by Andre Lorbach. They now use the
logrotate tool natively to reproduce the issue.
closes https://github.com/rsyslog/rsyslog/issues/2659
closes https://github.com/rsyslog/rsyslog/issues/1605
- bugfix imrelp: do not fail build if librelp does not have relpSrvSetLstnAddr
closes https://github.com/rsyslog/rsyslog/issues/2938
- bugfix queue subsystem: DA queue did ignore encryption settings
closes https://github.com/rsyslog/rsyslog/issues/3066
closes https://github.com/rsyslog/rsyslog/issues/2575
- bugfix KSI: lmsig-ksils12 module skips signing the last block
Thanks to Allan Park for the patch.
closes https://github.com/rsyslog/rsyslog/issues/3105
- bugfix fmhash: function hash64mod sometimes returned wrong result
Thanks to Harshvardhan Shrivastava for providing the patch
closes https://github.com/rsyslog/rsyslog/issues/3025
- bugfix core/debug: data written to random fd 2 under some debug settings
This happens only during auto-backgrounding, where we cannot any longer
access stderr. Whatever is opened with fd2 receives some debug messages.
Note that the specific feature is usually turned on only in CI runs.
- cleanup: removed no longer needed code
Code that was unused for quite a while or did not really belong to the
project identified and removed.
- overall code cleanup
e.g. remove unused code, replace bad bash constructs, etc...
- CI:
* some small improvements in testbench plumbing
e.g. (`cmd` replaced by $(cmd), removed useless use of cat, ...)
* testbench: improve plumbing for kafka tests
- Removed all sleeps where possible.
- Moved all kafka start/stop/download logic into functions.
- Moved kafka/zookeeper stop into error_exit and exit_test.
- Kafka/Zookeeper cleanup only done on success now.
- Kafka/Zookeeper logfiles automatically dumped on error_exit only now.
- Added cleanup for Kafka/Zookeeper instances into CI/buildbot_cleanup.sh
- added new tests
* testbench: fix incompatibility of one omprog test with Python3
Python3 writes to stderr immediately, and this caused the
captured output to differ with respect to Python2. Simplified
the test to do a single write to stderr. Also a cast to int
was needed when calculating 'numRepeats'.
closes https://github.com/rsyslog/rsyslog/issues/3030
* testbench: fixed imfile parallel issues
- Fixed timing issues in some imfile wildcard/regex tests
- Added touch command in imfile wildcard tests to make sure directories
exist before files are created in it if IO is under stress.
- changed content checking in some tests to use "content_check_with_count"
with check timeouts instead of using fixed sleeptimes.
* testbench: new basic tests
These ensure that for some modules that did not have any tests at all
we have at least a minimal coverage (module loads, activates, is able
to emit error messages). Of course, further improvements would make
much sense. Modules:
- ommail
- testbench: new tests for disk queue encryption
- testbench: improved auto-diagnostics for hanging instance
- testbench: hardened kafka test against failing kafka subsystem,
not in 100% of the cases, but at least in some that frequently occur
- failing tests now report failure status so that we can get stats
on unreliable tests
- testbench tooling: fix incorrect tcpflood TLS parameter check
could lead to segfault when started
- bugfix testbench tooling: tcpflood invalid type in calloc (openssl mode)
It is unlikely that this has caused a real issue, as long as pointers
are all of the same size (what is highly probable).
detected by cppcheck via Codacy.com
------------------------------------------------------------------------------
Version 8.38.0 [v8-stable] 2018-09-18
- AIX: make basic modules work again
- make rsyslog build on AIX again
... at least for a limited set of default modules
- imfile: support for endmsg.regex
This adds support for endmsg.regex. It is similar to
startmsg.regex except that it matches the line that denotes
the end of the message, rather than the start of the next message.
This is primarily for container log file use cases such as this:
date stdout P start of message
date stdout P middle of message
date stdout F end of message
The `F` means this is the line which contains the final part of
the message. The fully assembled message should be
`start of message middle of message end of message`.
`startmsg.regex="^[^ ]+ stdout F "` will match.
Thanks to Richard Megginson for the patch.
- imkafka: add parameter "parseHostName"
This enables imkafka to parse the hostname from log message.
Previously that was not possible. It was most likely a bug, but
one that users may count on. The new parameter "ParseHostName"
(default is off) controls this behavior. Default is to NOT
parse the hostname.
Thanks to github user snaix for the contribution.
- im[p]tcp: improve error message on connect failure
Now a message with the actual OS error is emitted, making things far
easier to troubleshoot.
- imkafka: implement multithreading support for kafka consumers.
Each consumer runs in it's own consumer thread now. New tests have also
been added for this.
- omelasticsearch: write all header metadata to $.omes for retries
Write all of the original request metadata fields to $.omes for
the retry, if present. This may include all of the following:
_index, _type, _id, _parent, pipeline
This is in addition to the fields from the response. If the same
field name exists in the request metadata and the response, the
field from the request will be used, in order to facilitate
retrying the exact same request.
Thanks to Richard Megginson for the patch.
- core: improve error message on module load fail
The error message now lists all dlopen() errors in depth. This is
especially useful if the error is due to missing symbols or file
format errors.
- core/queue: add error message if queue file cannot be accessed
When having a disk-assisted queue without permission to write to the specified
queue file an error will now be generated.
closes https://github.com/rsyslog/rsyslog/issues/323
- imtcp/imudp: new option preservecase for managing the case of FROMHOST value
default is left at current behavior
see also https://github.com/rsyslog/rsyslog/pull/2774
see also https://bugzilla.redhat.com/show_bug.cgi?id=1309698
- omprog: add feedback timeout and keep-alive feature
- Restart the program if it does not respond within timeout.
- New setting 'confirmTimeout' (default 10 seconds).
- Allow the program to provide keep-alive feedback when a
message requires long-running processing.
- Improve efficiency when reading feedback line (use buffer).
Retry interrupted writes/reads to/from pipe.
- New setting 'reportFailures' for reporting error messages
from the program.
- Report child termination when writing to pipe.
- Minor refactor: renamed writePipe function to sendMessage,
renamed readPipe to readStatus.
Thanks to Joan Sala for contributing this.
- omprog: fix forceSingleInstance configuration option
The forceSingleInstance option did not work as intended. Even
if set multiple instances were spawned. This most probably
was a regression from 0453b1670fc34c96d31ee7c9a370f0f5ec24744a
The code was broken roughly 3.5yrs ago, so it looks like the
issue was little-noticed. This also means that potentially some users
may see the bugfix as change of behavior. If so, just remove
the option.
closes https://github.com/rsyslog/rsyslog/issues/2813
closes https://github.com/rsyslog/rsyslog/issues/2468
Thanks to Joan Sala for contributing this.
- imfile: implement file-id, used in state file
This ensures that files with the same inodes are not accidentally treated
as equal, at least within the limits of the file id hash (see doc for
details).
We use the siphash reference implementation to generate our non-cryptographic
hash.
closes https://github.com/rsyslog/rsyslog/issues/2530
closes https://github.com/rsyslog/rsyslog/issues/2231
- imfile: experimental input throttling feature
The new input parameter delay.message has been added. It specifies
a delay in microseconds after each line read.
closes https://github.com/rsyslog/rsyslog/issues/2960
- core: emit TZ warning on startup not on Linux non-container
On Linux it seems common that the TZ variable is NOT properly set.
There are some concerns that the warning related to rsyslog correcting
this confuses users. It also seems that the corrective action rsyslog
takes is right, and so there is no hard need to inform users on that.
In Linux containers, however, the warning seems to be useful as the
timezone setup there seems to be frequently-enough different and
rsyslog's corrective action may not be correct.
So we now check if we are running under Linux and not within a container.
If so, we do not emit the warning. In all other case, we do. This is
based on the assumption that other unixoid systems still should have
TZ properly set.
closes https://github.com/rsyslog/rsyslog/issues/2994
- omkafka:
* better debug information
* Fixed minor issue in omkafka producing wrong kafka timestamps when
msgTimestamp was NULL.
* Setting RD_KAFKA_V_KEY(NULL, 0) in rd_kafka_producev now when KEY is not
configured.
* Fixed minor issue when rsyslog is compiled with --enable-debug and
librdkafka is too old.
- omfile bugfix: errant error message when dynafile param needed
also fixes related message in contributed module omfile-hardened
closes https://github.com/rsyslog/rsyslog/issues/2975
Thanks to Frank Bicknell for the patch
- omhttp: new contributed module
Thanks to Christian Tramnitz for contributing it.
Some more info at https://github.com/rsyslog/rsyslog/pull/2782
- mmkubernetes: action fails preparation cycle if kubernetes API ...
... destroys resource during bootup sequence
The plugin was not handling 404 Not Found correctly when looking
up pods and namespaces. In this case, we assume the pod/namespace
was deleted, annotate the record with whatever metadata we have,
and cache the fact that the pod/namespace is missing so we don't
attempt to look it up again.
In addition, the plugin was not handling error 429 Busy correctly.
In this case, it should also annotate the record with whatever
metadata it has, and _not_ cache anything. By default the plugin
will retry every 5 seconds to connect to Kubernetes. This
behavior is controlled by the new config param `busyretryinterval`.
This commit also adds impstats counters so that admins can
view the state of the plugin to see if the lookups are working
or are returning errors. The stats are reported per-instance
or per-action to facilitate using multiple different actions
for different Kubernetes servers.
This commit also adds support for client cert auth to
Kubernetes via the two new config params `tls.mycert` and
`tls.myprivkey`.
Thanks to Richard Megginson for the patch.
- bugfix pmnormalize/core: several memory leaks, invld property handling
- major memory leak which occurred once per message processed
So this could lead to OOM. Caused by improper free of json
structure
- another two major leaks of similar magnitude could occur if
"fromhost-ip" and/or "fromhost" properties were set
- minor leaks upon termination. these were unproblematic as
static and only occurred immediately before shutdown.
But they triggered memory debugger errors.
- fixed test which did not check for mem leaks albeit it should
- core invalid handling of the "fromhost" property, if set via
the MsgSetPropsViaJSON() call. This was primarily of concern
for pmnormalize and mmexternal, and only if these properties
were used by either the rulebase or the external program
response.
Actually, most of the leaks go back to rsyslog core, but that
core functionality was not used by other modules in the same
way. But if some other would have used it, the effects would
have been the same (so be aware if you wrote custom modules).
- bugfix imptcp: fixed pointers for session counting
imptcp open, failedopen, and closed pstats counters were assigned the wrong
name, thus pstats values did provide a totally wrong picture of what was
going on.
Thanks to github user jeverakes for the patch.
- bugfix omprog: invalid memory access on partial writes to pipe
When sending logs to the program, in case of a partial write to the pipe,
invalid data was sent, or an invalid memory access could occur. (A
partial write can occur if the syscall is interrupted or the pipe is full.)
Thanks to Joan Sala for contributing this.
- bugfix omprog: rsyslog's environment was not passed to script
closes https://github.com/rsyslog/rsyslog/issues/2921
- bugfix omprog: severity of some log messages in waitForChild corrected
Log some messages related to child process termination as info/warn
instead of error.
- bugfix imfile: files which were loaded via symlink were not always followed
They were stopped watching after being rotated.
closes https://github.com/rsyslog/rsyslog/issues/2229
Thanks to Jiri Vymazal for the patch.
- bugfix imfile: potential misaddressing when processing symlinks
Fixed parent name when processing symlinks. Detected during code review.
There was a garbage byte left before which could cause errors down the
road.
Thanks to Jiri Vymazal for the patch.
- bugfix ommongodb: build issue if mongo-c-driver is not compiled with TLS
Let ommongodb module works even if mongo-c-driver is not compiled with SSL support.
Thanks to Jérémie Jourdin for the patch.
closes https://github.com/rsyslog/rsyslog/issues/2907
- CI:
* many changes with the goal to support parallel test execution, e.g.
use dynamic ports and file names, changes to testing tools, etc.
* kafka tests re-enabled, as they should now no longer be racy. However,
this has yet to be proven in practice.
* upgrading kafka server version to current
* Fixed server configuration issues holding the kafka tests back from working
* Fixed some config issues in all sndrcv kafka tests.
* Generating dynamically kafka topics now for each kafka test.
* Reenabled kafka_multi test which runs a test on 3 kafka/zookeeper instances
------------------------------------------------------------------------------
Version 8.37.0 [v8-stable] 2018-08-07
- build system: add --enable-default-tests ./configure option
This permits to control the "default tests" in testbench runs. These
are those tests that do not need a special configure option. There are
some situations where we really want to turn them of so that we can
run tests only for a specific component (e.g. ElasticSearch).
This commit also removes the --enable-testbench[12] configure switches,
which were introduced just to work-around travis runtime restrictions.
With the new CI setup and new options we could reduce the Travis runtime
dramatically and so we do not need them any longer.
- overall adaptation to gcc 8 which emits new warnings
- fix some build warnings on 32bit systems, namely armhf architecture
- ommail change of behavior: "enable.body" default now "on"
This was always documented to be "on", but actually was "off". Usually, we
fix the doc, but after long discussion the agreement was that in this
specific case it was actually better to change the default.
see also: https://github.com/rsyslog/rsyslog/pull/2791
- core/omfile: race in async writing mode
mutex was not properly locked at all times when the async writing buffer
was flushed
Thanks to Radovan Sroka for the patch.
- core: provide a somewhat better default action name
We now include the module name (e.g. "omelasticsearch" or "builtin:omfile")
as part of the name. This is still not perfect, but hopefully a bit
easier to grasp.
see also https://github.com/rsyslog/rsyslog/issues/342
- new global() parameter "abortOnUncleanConfig"
This provides a new-style alternative to $AbortOnUncleanConfig.
closes https://github.com/rsyslog/rsyslog/issues/2744
- tcpflood no longer links with -lgrcypt
as this is no longer necessary for GnuTLS
Thanks to Michael Biebl for the patch.
- imjournal: add journal-specific impstats counters
these provide some additional insight into journal operations
Thanks to Abdul Waheed for the patch.
- imjournal: fixed startup on missing state file
When starting rsyslog with imjournal for first time it outputs
an error and plugin does not run because no state file exists yet.
Now it skips the loading and creates state file on first persist.
Thanks to Jiri Vymazal for the patch.
- imjournal: fetching cursor on readJournal() and simplified pollJournal()
Fetching journal cursor in persistJournal could cause us to save
invalid cursor leading to duplicating messages further on, when new
WorkAroundJournalBug option is set we are saving it on each
readJournal() where we now that the state is good.
pollJournal() is now cleaner and faster, correctly handles INVALIDATE
status from journald and is able to continue polling after journal
flush. Also reduced POLL_TIMEOUT a bit as it caused rsyslog to exit
with error in corner cases for some ppc when left at full second.
re-factored imjournal CI tests with journal_print tool to have more
detailed error reporting.
Thanks to Jiri Vymazal for the patch.
- config: enhance backticks "echo" capability
This is now more along the lines of what bash does. We now support
multiple environment variable expansions as well as constant text
between them.
example:
env SOMEPATH is set to "/var/log/custompath"
config is: param=`echo $SOMEPATH/myfile`
param than is expanded to "/var/log/custompath/myfile"
among others, this is also needed inside the testbench to properly
support "make distcheck".
Note: testbench tests follows via separate commit. There will be
no special test, as the testbench itself requires the functionality
at several places, so the coverage will be very good even without
a dedicated test.
- imrelp: add support for setting address to bind to (#894)
This adds a new optional `address` parameter to `imrelp` inputs in order
to specify an address to bind to.
Based on support added by rsyslog/librelp@96eb5be
Thanks to Simon Wachter for the patch.
- omrelp: permit all authmodes; updated tests
omrelp for some time limited authentication modes to those
that were known. While this was OK, it prevented the easy
introduction of new auth modes into librel.
This has now been changed; omrelp now checks the validity of
the authmode directly via librelp by doing some librelp calls
upon processing the configuration.
Also, some tests have been updated to check this feature and
also ensure that the new librelp mode "certvalid" works
(if it is available).
- regexp.c: reduce lock contention when using glibc.
When using glibc, we enable per-thread regex to avoid lock contention.
See:
- https://github.com/rsyslog/rsyslog/issues/2759
- https://github.com/rsyslog/rsyslog/pull/2786
- https://sourceware.org/bugzilla/show_bug.cgi?id=11159
This should not affect BSD as they don't seem to take a lock in regexec.
NOTE: it is assumed that we can craft an even better solution than
this patch, but it improves the situation and we do not have time to
craft more. So we decided to merge. For details see
https://github.com/rsyslog/rsyslog/pull/2786
- mmpstrucdata: better error message, support $! in var names
see also https://github.com/rsyslog/rsyslog/issues/1262#issuecomment-404773495
- more explicit error msg with message modification mod on queue
Message modification modules do not work if used with a non-direct queue.
We now make this more explicit in the config parsing error message.
closes https://github.com/rsyslog/rsyslog/issues/1323
- omrabbitmq: improve high-load performance
A different pthread mutex is created for each connection (action)
instead of a single one shared by all connections. This will
improve performance when using multiple concurrent connections
to a single (or multiple) RabbitMQ instance(s) (e.g. for load balancing)
Thanks to github user micoq for contributing the patch.
- imudp: replace select() calls by poll()
This improves reliability in extreme cases (more than 1024 fds open when
imudp begins to listen) and potentially improves performance a little.
- ommysql: support mysql unix domain socket:
via action(.. socket="/tmp/mysqld.sock" ..)
Thanks to JoungKyun Kim for contributing this.
- impstats: emit warning if log.syslog="off" and ruleset name given
With this config, "ruleset" is silently ignored, what probably is
not obvious to a user.
closes https://github.com/rsyslog/rsyslog/issues/2821
- build system cleanup: remove no longer needed --enable-memcheck
This was used for a very old testing capability, no longer functional but
causes build to fail if enabled. Replaced by ASAN/valgrind.
Issue detected while testing some other CI settings.
- tools: Updated python based statslog analyzer sample scripts
- developer tools: make devcontainer tool more developer friendly
slight improvement for easy interactive use
- enable better testing via "make distcheck"
Also a couple of changes to testbench worth mentioning:
* use cp -f to ensure files can be overwritten in VBUILD
* fix issue of missing include test file in EXTRA_DIST
* new suppressions
* testbench: try to use local system dependency cache
avoid going to Internet repos if not absolutely necessary. For
development containers, they should be pre-populated with the
important dependencies.
* do not enable libfaketime if ASAN is selected
unfortunately, libfaketime does not work in that case
Note: for modules with non-standard dependencies (e.g. databases),
"make distcheck" only enables what on the original ./configure line
was enabled. This is done in order to ensure that "distcheck" adapts
to what is actually available on the system in question. Rsyslog's
own CI system installs the maximum set of possible dependencies and
so tries the maximum set "make distcheck" can support on a platform.
see also https://github.com/rsyslog/rsyslog/issues/174
- add new global config parameter "inputs.timeout.shutdown"
- omusrmsg: do not fall back to max username length of 8
This happens if utmp.h and friends are not available and stems back to
the original syslogd. Nowadas, 32 is more appropriate and now being used
in that (now very unlikely) case. The detection logic for UT_NAMESIZE has
also been streamlined.
closes https://github.com/rsyslog/rsyslog/issues/2834
- bugfix build system: fix race in parallel builds
If libgcry.la is built later than lmcry_gcry.la, there is a failure:
[snip]
|../aarch64-wrs-linux-libtool --tag=CC --mode=link aarch64-wrs-linux-gcc
-o lmcry_gcry.la lmcry_gcry_la-lmcry_gcry.lo libgcry.la -lgcrypt
|aarch64-wrs-linux-libtool: error: cannot find the library 'libgcry.la'
or unhandled argument 'libgcry.la'
|Makefile:1049: recipe for target 'lmcry_gcry.la' failed
|make[2]: *** [lmcry_gcry.la] Error 1
[snip]
The LIBADD of lmcry_gcry.la contains libgcry.la, we should also add libgcry.la
to lmcry_gcry.la's DEPENDENCIES.
Thanks to Hongxu Jia for the patch.
- bugfix imfile: memory leak upon shutdown (cosmetic)
When rsyslog shuts down and imfile is inside a change polling loop,
it does not properly free memory returned by glob(). This is a cosmetic
bug as the process terminates within the next few milliseconds. However,
it causes memory analyzer reports and thus makes CI fail.
- bugfix core msg: potential deadlock (and rsyslog hang)
can happen e.g. with headerless messages when app-name
property is used
closes https://github.com/rsyslog/rsyslog/issues/3135
- bugfix core: do not abort startup on problems setting scheduling policy
rsyslog creates a default scheduling policy on startup. This code
invalidly used CHKiRet (our exception handler) to check pthreads
return codes, what this macro cannot do. This lead to hard to
diagnose startup problems in cases where there were problems
setting the scheduling defaults (e.g. when rsyslog is set to run
at idle priority). Even more so, this blocked startup altogether,
which is not the right thing to do. Actually, this can be considered
a regression from commit 7742b21. That commit was 8 years ago, so
in general this cannot be a big issues ;-)
The code now emits proper error messages (to stderr, as at this point
no other output is available as it is during the initial state of
rsyslog initialization) and continues the startup.
closes https://github.com/rsyslog/rsyslog/issues/2855
- bugfix core: input shutdown timeout not properly applied
The timeout could be reduced by mutex wait time, which was not the
intended behavior and could lead the the input thread being
cancelled while it would have been perfectly legal to shut it down
cleanly.
Noticed during working on the CI system. May explain some testbench
instability and may have caused trouble with state files (not)
properly being written by inputs.
- bugfix config optimizer: error in constant folding
did not work properly if a string and a number were to be folded.
Detected by gcc 8.
- build: fix improper function casts
no real issue, but generated warnings under gcc 8 and thus
broke CI
- bugfix omlibdbi: fix potential small memory leak
detected by clang static analyzer
- bugfix ommysql: unsafe use of strncpy()
also now reports oversize names as user error vs. silent truncation
overly long names only could affect config load phase
- bugfix omhttpfs: fix insecure usage if strncmp()
consequences not evaluated as this is a contributed module.
Detected by gcc 8.
- bugfix mmgrok: cosmetic build issue - compiler warnings
caused build under gcc 7 to fail with warning
- bugfix mmkubernetes: stops working with non-kubernetes container names
When mmkubernetes encounters a record with a CONTAINER_NAME field,
but the value does not match the rulebase, mmkubernetes returns
an error, and mmkubernetes does not do any further processing
of any records.
The fix is to check the return value of ln_normalize to see if
it is a "hard" error or a "does not match" error.
This also adds a test for pod names with dots in them.
Thanks to Richard Megginson for the patch.
- bugfix mmkubernetes: potential NULL pointer access
If token file could not be opened, fclose() was passed a NULL pointer.
Thanks to github user jvymazal for finding and Richard Megginson
for fixing the issue.
- bugfix omsnmp: invalid traptype was not detected
this could leave config errors unreported and cause unexpected
behavior
- bugfix mmkubernetes: default rules use container_name_and_id
also include rulebase files in dist and fix rule so that dot inside
pod name is supported.
Thanks to Richard Megginson for fixing the issue.
- bugfix omelasticsearch: build regression
Commit 6d4635efbb13907bf651b1a6e5a545effe84d9d9 introduced some compile
problems, which were only detected on CentOS6, which unfortunately did
not compile omelasticsearch during CI runs
- bugfix ommongodb: do not force MongoDB to use "PLAIN" auth mechanism
... which also seems not to be handled by current MongoDB.
Remove ?authMechanism=PLAIN URI part to let the mongo library chooses the
default mechanism. One can force a specific authentication mechanism by
adding ?authMechanism=XXX into the uristr argument of the module
Thanks to Jérémie Jourdin for the fix.
closes https://github.com/rsyslog/rsyslog/issues/2753
- build system: do not disable tests via --disable-liblogging-stdlog
This setting controlled both the actual rsyslog functionality as well
as some testbench tests, which use liblogging-stdlog to provide some
specific functionality. This meant those tests were not run since
changing the default. Now untangling the dependency.
- CI:
* most test refactored to use newer testbench plumbing
while no functional change, this permits further enhancements
* ElasticSearch startup timeout in tests increased to care for
slower test systems
* imjournal: fixed tests to actually test plugin functionality
Thanks to Jiri Vymazal for the patch.
* new test for gnutls priority string in librelp
Thanks to github user jvymazal for the patch
* testbench: relax hanging instance detection
This does not work reliably if multiple instances of rsyslog
builds run on a single machine. We need to improve, but this
commit makes conflict less likely and provides some diagnostic
info to help guide us towards a final solution.
* testbench: fix tests that look awfully wrong
These tests indicated they terminate rsyslog forcefully without
draining the queues, but then checked if they were drained (all
messages processed). That does not make sense, and we cannot
envision why this was written the first place. So we assume some
copy&paste problem was the root of that.
* testbench: refactor tests which used "nettester" tool
Some old tests are carried out via the nettester tool. This was
our initial shot at a testbench a couple of years ago. While it
worked back then, the testbench framework has been much enhanced.
These old tests are nowadays very hard to handle, as they miss
debug support etc. So it is time to refactor them to new style.
As a side-activity, the testbench plumbing has been enhanced to
support some operations commonly needed by these tests. Contrary
to pre-existing plumbing, these new operations are now crafted
using bash functions, which we consider superior to the current
method. So this is also the start of converting the older-style
functionality into bash functions. We just did this now because
it was required and we entangled it into the test refactoring
because it was really needed. Else we had to write old-style
operations and convert them in another commit, which would
have been a waste of time.
Special thanks to Pascal Withopf for the initial step of taking
old tests and putting config as well as test data together into
the refactored tests, on which Rainer Gerhards than could build
to create the new tests and update testbench plumbing.
* testbench: ensure uxsock test leaves no dangling listener instances
..in case the test aborts. We utilize the timeout utility for now
to prevent this.
* testbench: make port for imdiag dynamic
This is prep work to support parallel test runs
------------------------------------------------------------------------------
Version 8.36.0 [v8-stable] 2018-06-26
- build system change:
Liblogging-stdlog was introduced to provide a broader ability to send rsyslog
internal logs to different sources. However, most distros did not pick up
that capability and so instead we do a regular syslog() call. We assume that
the actual functionality is never used in practice, so we plan to retire it.
That makes building rsyslog from source easier.
The plan is to disable use of liblogging-stdlog by default during
configure. So users (and distros!) can still opt-in to have it enabled if
they desire.
A couple of releases later, we want to completely remove the functionality,
except if there has desire been shown in the meantime which justifies to keep
liblogging-stdlog.
This version disabled liblogging-stdlog by default. We now also
emit a warning message ("liblogging-stdlog will go away") so that users
know what is going on and my react.
closes https://github.com/rsyslog/rsyslog/issues/2705
see also https://github.com/rsyslog/rsyslog/issues/2706
- add openssl driver alongside GnuTLS one for TLS communication
The openssl driver is currently experimental. It will become the new preferred
driver as it permits us to provide much better end-user error message than
we could provide with GnuTLS. It is also less picky with certificate files
and provides specific error messages if there are certificate problems.
closes: https://github.com/rsyslog/rsyslog/issues/1390
closes: https://github.com/rsyslog/rsyslog/issues/1840
closes: https://github.com/rsyslog/rsyslog/issues/1352
closes: https://github.com/rsyslog/rsyslog/issues/1702
closes: https://github.com/rsyslog/rsyslog/issues/2547
- GnuTLS TLS driver: support intermediate certificates
this is necessary for certificate chains
Thanks to Arne Nordmark for providing the patch.
closes https://github.com/rsyslog/rsyslog/issues/2762
- omelasticsearch: write op types; bulk rejection retries
* Add support for a 'create' write operation type in addition to
the default 'index'. Using create allows specifying a unique id
for each record, and allows duplicate document detection.
* Add support for checking each record returned in a bulk index
request response. Allow specifying a ruleset to send each failed
record to. Add a local variable `omes` which contains the
information in the error response, so that users can control how
to handle responses e.g. retry, or send to an error file.
* Add support for response stats - count successes, duplicates, and
different types of failures.
* Add testing for bulk index rejections.
Thanks to Richard Megginson for the patch.
- lookup tables: reload message now with "info" severity (was "error")
thanks to Adam Chalkley for the patch
- imptcp: add support for regex-based framing
for complex multi-line messages (XML in particular), the multiLine method
does not work well. We now have a capability to specify via a regex when
a frame starts (and the previous thus ends).
adds imptcp input parameter "framing.delimiter.regex"
- imjournal: add statistics counter
following statistics counter are now supported by imjournal
- submitted = total number of messages submitted for processing
closes https://github.com/rsyslog/rsyslog/issues/2549
- config: permit 4-digit file creation modes
permit 4-digit file creation modes (actually 5 with the leading zero) so
that the setgid bit can also be set (and anything else on that position.
closes https://github.com/rsyslog/rsyslog/issues/1092
- ommongodb: add possibility to ignore some insertion error code
new config parameter "allowed_error_codes", which will be ignored if
they happen. For example, 11000 DuplicateKey in case of collection
containing a unique field.
Thanks to Hugo Soszynski for contributing this work
- omprog: simplify 'plugin-with-feedback.py' example
Make the skeleton easier to understand by removing transaction support.
Also, transaction failures did not work as explained in the skeleton,
because of issue #2420. In the future, a 'plugin-with-transactions.py'
example can be added, ideally once the issue is solved.
Thanks to Joan Sala for contributing this.
- core: misaddressing when writing disk queue files
when writing disk queue files during shutdown, access to freed
memory can occur under these circumstances:
- action A is processing data, but could not complete it
most importantly, the current in-process batch needs not to
be totally completed. Most probable cause for this scenario
is a suspended action in retry mode.
- action A is called from a ruleset RA which
- does not have a queue assigned
- where RA is called from a ruleset RO which is bound
to the input from which the message originated
- RO must be defined before RA inside the expanded config
- Disk queues (or the disk part of a DA queue) must be utilized by A
When re-injecting the unprocessed messages from A into the disk queue, the
name of ruleset RO is accessed (for persisting to disk). However, RO is
already destructed at this point in time.
The patch changes the shutdown processing of rulesets, so that all
shutdown processing is done before any ruleset data is destructed. This
ensures that all data items which potentially need to be accessed
remain valid as long as some part may potentially try to access them.
This follows a the approach used in
https://github.com/rsyslog/rsyslog/pull/1857
where obviously that part of the problem was not noticed.
see also https://github.com/rsyslog/rsyslog/issues/1122
closes https://github.com/rsyslog/rsyslog/issues/2742
- core: fix message loss on target unavailability during shutdown
Triggering condition:
- action queue in disk mode (or DA)
- batch is being processed by failed action in retry mode
- rsyslog is shut down without resuming action
In these cases messages may be lost by not properly writing them
back to the disk queue.
closes https://github.com/rsyslog/rsyslog/issues/2760
- imrelp bugfix: error message "librelp too old" is always emitted ...
... even if librelp is current. The condition check was actually missing.
This commit adds it.
closes https://github.com/rsyslog/rsyslog/issues/2712
- imrelp: segfault on startup when cert without priv key is configured
closes https://github.com/rsyslog/rsyslog/issues/2747
- omrelp bugfix: segfault on first message sent when authmode was wrong
A segfault could occur if the authmode was configured to an invalid value.
This is now caught during config processing and an error is reported.
closes https://github.com/rsyslog/rsyslog/issues/2743
- imfile bugfix: double-free on module shutdown
detected by code review, not seen in practice
- imfile/core bugfix: potential misaddressing in string copy routine
This can be exposed via imfile, as follows:
- use a regex to process multiline messages
- configure timeouts
- make sure imfile reads a partial message
- wait so that at least one timeout occurs
- add the message termination sequence
This leads to a misaddressing, which may have no obvious effects potentially
up to a segfault.
closes https://github.com/rsyslog/rsyslog/issues/2661
- imfile bugfix: if freshStartTail is set some initial file lines missing
When the option is set and a new file is created after rsyslog startup,
freshStartTail is also applied to it. That is data written quickly to it
(before rsyslog can process it) will potentially be discarded. If so,
and how much, depends on the timing between rsyslog and the logging process.
This problem is most likely to be seen in polling mode, where a relatively
long time may be required for rsyslog to find the new file.
This is changed so that now freshStartTail only applies to files that
are already-existing during rsyslog's initial processing of the file
monitors. HOWEVER, depending on the number and location (network?) of
existing files, this initial startup processing may take some time as
well. If another process creates a new file at exactly the time of
startup processing and writes data to it, rsyslog might detect this
file and it's data as prexisting and may skip it. This race is inevitable.
So when freshStartTail is used, some risk of data loss exists. The same
holds true if between the last shutdown of rsyslog and its restart log
file content has been added. This is no rsyslog bug if it occurs.
As such, the rsyslog team advises against activating the freshStartTail
option.
closes https://github.com/rsyslog/rsyslog/issues/2464
- core: fix undefined behavior (unsigned computation may lead to value < 0)
This was detected by LLVM UBSAN. On some platforms re-setting the rawmsg
inside the message object could lead to invalid computation due to the
fact the the computation was carried out as unsigned and only then
converted to integer.
No known problem in practice.
- CI/QA:
- improved Elasticsearch tests so they can now be run without system-
installed ES service; also enables us to specify specific ES versions
and should now make the tests executable inside a container
------------------------------------------------------------------------------
Version 8.35.0 [v8-stable] 2018-05-15
- imptcp: add ability to configure socket backlog
this can be useful under heavy load.
For a detailed discussion see https://github.com/rsyslog/rsyslog/pull/2561
Thanks to Maxime Graff for implementing this.
- omfile: do not permit filename that only consists of whitespace
- fmhash: new hash function module
implements hash32() and hash64() functions
Thanks to Harshvardhan Shrivastava for implementing these
- some better error messages
- imklog: add ratelimiting capability
On Linux kernel logs are ratelimited only for messages using
printk_ratelimit(). Some logs do not use this facility, so
we ratelimit kernel ourselves.
Thanks to Berend De Schouwer for the patch.
- omkafka: added impstats counters for librdkafka returned statistics
Adds:
* statscallback counters
* librdkafka failure and error counters
* acked message counter
Thanks to Abdul Waheed for implementing this.
- imudp
* use rsyslog message rate-limiter instead of home-grown one
imudp introduced it's own (feature-limited) rate-limiting capability for
message on disallowed senders before we had central rate-limiters
inside rsyslog. Also, that code evolved from running on a single
thread to running on multiple threads, which introduced data races
and so made unreliable.
Now we removed the old rate-limiting capability and depend on the
system rate limiter for internal rsyslog messages.
closes https://github.com/rsyslog/rsyslog/issues/2467
* add stats counter "disallowed"
counts the number of messages discarded due to being received from
disallowed senders
see also https://github.com/rsyslog/rsyslog/issues/2467
- imrelp: add parameter "oversizeMode"
Permits to instruct librelp how to handle oversize messages. The new default
is to truncate messages. Previously, the connection was aborted, what often
lead to stuck messages at the sender side. Now, there are three options passed
down to librelp:
* abort - same behavior as previously, connection is aborted on error
* truncate - do not abort but instead truncate oversize message to
configured max size
* accept - accept all oversize messages (note: this can cause security issues,
see doc for details)
see also https://github.com/rsyslog/rsyslog/pull/1525#issuecomment-384179393
see also https://github.com/rsyslog/rsyslog/issues/2190
closes https://github.com/rsyslog/rsyslog/issues/2633
closes https://github.com/rsyslog/rsyslog/issues/1741
closes https://github.com/rsyslog/rsyslog/issues/1782
closes https://github.com/rsyslog/rsyslog/issues/2496
- core: consistent handling of oversize input messages
In the community we frequently discuss handling of oversize messages.
David Lang rightfully suggested to create a central capability inside
rsyslog core to handle them.
We need to make a distinction between input and output messages. Also,
input messages frequently need to have some size restrictions done at
a lower layer (e.g. protocol layer) for security reasons. Nevertheless,
we should have a central capability
* for cases where it need not be handled at a lower level
* as a safeguard when a module invalidly emits it (imfile is an example,
see https://github.com/rsyslog/rsyslog/pull/2632 for a try to fix it
on the module level - we will replace that with the new capability
described here).
The central capability works on message submission, and so cannot be
circumvented. It has these capabilities:
* oversize message handling modes:
- truncate message
- split message
this is of questionable use, but also often requested. In that mode,
the oversize message content is split into multiple messages. Usually,
this ends up with message segments where all but the first is lost
anyhow as the regular filter rules do not match the other fragments.
As it is requested, we still implemented it.
- accept message as is, even if oversize
This may be required for some cases. Most importantly, it makes
quite some sense when writing messages to file, where oversize
does not matter (accept from a DoS PoV).
* report message to a special "oversize message log file" (not via the
regular engine, as that would obviously cause another oversize message)
This commit, as the title says, handles oversize INPUT messages.
see also https://github.com/rsyslog/rsyslog/issues/2190
closes https://github.com/rsyslog/rsyslog/issues/2681
closes https://github.com/rsyslog/rsyslog/issues/498
Note: this commit adds global parameters:
* "oversizemsg.errorfile",
is used to specify the location of the oversize message log file.
* "oversizemsg.report",
is used to control if an error shall be reported when an oversize
message is seen. The default it "on".
* add global parameter "oversizemsg.input.mode"
is used to specify the mode with which oversized messages will
be handled.
- omfwd: add support for bind-to-address for UDP
To allow the same source address to be used regardless of the egress
interface taken, an option is added for an address to bind the datagram
socket to. Similarly to imudp, it is necessary to add an ipfreebind
option which is set by default, so as to avoid an excess of errors at
startup before the network interface has come up. This enhancement
allows a usecase on networking devices, by which a source interface
that is typically a loopback is specified, on which an address to bind
to is configured. This is so that the same source address is used for
all packets from rsyslog.
Thanks to Mike Manning for the patch.
- template systemd service file proposes higher permitted file handle limit
Especially on busy systems the default are too low. Please keep in mind
that on a very busy system even the now-proposed setting may be too low.
Thanks to github user jvymazal for the patch.
- imuxsock: replace select() call by poll()
While extremely unlikely, imuxsock could abort if a file descriptor
> 1024 was received during the startup phase (never occurred in
practice, but theoretically could if imfile monitored a large number
of files and were loaded before imuxsock - and maybe other
strange cases).
see also https://github.com/rsyslog/rsyslog/issues/2615
- nsdsel_ptcp: replace select() by poll()
This removes us of problems with fds > 1024. The performance will
probably also increase in most cases.
Note this is not a replacement for the epoll drivers, but a general
stability improvement when epoll() is not available for some reason.
see also https://github.com/rsyslog/rsyslog/issues/2615
closes https://github.com/rsyslog/rsyslog/issues/1728
closes https://github.com/rsyslog/rsyslog/issues/1459
- omprog: refactor tests, fix child closing issues
Refactor omprog tests. Fix sync issues in these tests by
using the feedback mode (confirmMessages=on) to synchronize
the test with the external program. Closes #2403 (I hope)
Fix omprog not properly closing child process when
signalOnClose=on. Needed for the new tests. Closes #2599
Fix omprog not waiting for the child process to terminate
when signalOnClose=off. Needed for the new tests. Closes #2600
Close all fds before executing the child even when valgrind
is enabled (--enable-valgrind). Needed for the new tests.
Fix memory leak when the xxxTransactionMark parameters were
used.
Thanks to Joan Sala for the patch.
- core: config optimizer did not handle call_indirect
This also caused the emission of an "internal error" error message
closes https://github.com/rsyslog/rsyslog/issues/2665
- debug support: add capability to print testbench-specific timeout reports
done by setting RSYSLOG_DEBUG_TIMEOUTS_TO_STDERR to "on"
this is by default activated inside the testbench
- mmgrok: fix potential segfault
The modules used strtok(), which is not thread-safe. So it will potentially
segfault when multiple instances are spawned (what e.g. happens on busy
systems).
This patch replaces strtok() with its thread-safe counterpart
strtok_r().
see also https://github.com/rsyslog/rsyslog/issues/1359
- imrelp bugfix: maxDataSize could be set lower than maxMessageSize
maxDataSize specifies the length which will still be accepted
It previously could be set to any value, including values lower than the
configured rsyslog max message size, which makes no sense. Now this is
checked an error message is emitted if the size is set too low.
- build system bugfix: build broken if liblogging-stdlog installed in custom path
Thanks to Dirk Hörner for the patch.
- core bugfix: segfault on queue shutdown
if a ruleset queue is in direct mode, a segfault can occur during
rsyslog shutdown. The root cause is that a direct queue does not
have an associated worker thread pool, but the ruleset destructor
does not anticipate that and tries to destruct the worker thread
pool. It needs to do this itself, as otherwise we get a race
between rulesets on shutdown.
This was a regression from
https://github.com/rsyslog/rsyslog/commit/3fbd901b3e6300010
closes https://github.com/rsyslog/rsyslog/issues/2480
- imfile bugfix: statefiles contain invalid JSON
When imfile rewrites state files, it does not truncate previous
content. If the new content is smaller than the existing one, the
existing part will not be overwritten, resulting in invalid json.
That in turn can lead to some other failures.
closes https://github.com/rsyslog/rsyslog/issues/2662
- omfile bugfix: segfault if empty filename was given
closes https://github.com/rsyslog/rsyslog/issues/2417
- fix build issues when atomic operations are not present
for details, see https://github.com/rsyslog/rsyslog/pull/2604
- lmsig_ksils12 bugfix: build and static analyzer issues
The module had a couple of problems building as well as some potential
errors detected by clang static analyzer. These have been fixed.
Thanks to Allan Park for the patch.
closes https://github.com/rsyslog/rsyslog/issues/2517
- impstats bugfix: segfault if bound to non-existing ruleset
segfault happens during shutdown; up until unload of impstats,
rsyslog works correctly, except that no pstats are emitted. This
can be considered to be expected, because the error message
indicates the default ruleset is used instead. This is what
now actually happens.
closes https://github.com/rsyslog/rsyslog/issues/2645
- mmjsonparse bugfix: invalid container name was not detected
in debug builds, this will trigger an assertion. In production
builds, an rsyslog internal error is logged, but rsyslog
continues to run.
closes https://github.com/rsyslog/rsyslog/issues/2584
- mmkubernetes bugfixes: fix lnrules, add defaults, add test
- Fix lnrules for CONTAINER_NAME
- Add pkg check for lognorm >= 2.0.3 so we can set the macro
to enable ln_loadSamplesFromString
- Add some reasonable default values for parameters, such as
kubernetesurl https://kubernetes.default.svc.cluster.local:443
- Clean up sample.conf configuration file
Thanks to Richard Megginson for the patch set.
- build system bugfix: --enable-atomic-operations did not work
closes https://github.com/rsyslog/rsyslog/pull/2604
- bugfix: rsyslog aborts on startup when specific config errors are made
The following errors must be made in rsyslog.conf:
* no action present
* a call statement is used on an undefined ruleset
In this case, rsyslog emits an error message on the missing actions and
then segfaults. Depending on memory layout, it may also continue to run
but do nothing except accepting messages as no action is configured.
This patch make rsyslog properly terminate after the error message. It
is a change in behavior, but there really is no reason why a defunct
instance should be kept running.
closes https://github.com/rsyslog/rsyslog/issues/2399
- build system: remove no longer needed --enable-libcurl configure switch
The --enable-libcurl switch was added to be able to disable libcurl
functionality inside the rsyslog core, see 46f4f43. As libcurl is no
longer used inside the core (due to introducing function modules),
--enable-libcurl needs to be removed.
closes https://github.com/rsyslog/rsyslog/issues/2628
- QA/CI
* fixed races in some tests; root cause was that default enq timeout was too
low - we may also see in the future that other tests also need adjustment
(note that this is not a code problem but rather slow CI environments,
so increasing the timeout to get to a stable test state is the absolutely
correct thing to do)
* enabled some additional useful compiler warnings
* new test for diskqueue hitting configured disk space limit
* new tests for omfile
* added tests for mmkubernetes
* added tests for some script functions that were missing them
* made far more test compatible with FreeBSD, so that we now have fuller
coverage there
------------------------------------------------------------------------------
Version 8.34.0 [v8-stable] 2018-04-03
- mmkubernetes: new module
Thanks to Richard Megginson and Peter Portante for contributing the module.
- rsyslog script: introduce loadable function modules
rsyslog scripting can now also be extended via loadable modules - they
provides functions (just like loadable input, output, ... modules)
see also http://jan.gerhards.net/2018/03/loadable-rainerscript-functions.html
- imfile: large refactoring of complete module
This commit greatly refactors imfile internal workings. It changes the
handling of inotify, FEN, and polling modes. Mostly unchanged is the
processing of the way a file is read and state files are kept.
This is about a 50% rewrite of the module.
Polling, inotify, and FEN modes now use greatly unified code. Some
differences still exists and may be changed with further commits. The
internal handling of wildcards and file detection has been completely
re-written from scratch. For example, previously when multi-level
wildcards were used these were not reliably detected. The code also
now provides much of the same functionality in all modes, most importantly
wildcards are now also supported in polling mode.
The refactoring sets ground for further enhancements and smaller
refactorings. This commit provides the same feature set that imfile
had previously and all existing CI tests pass, as do some newly
created tests.
Some specific changes:
- bugfix: module parameter "sortfiles" ignored
This parameter only works in Solaris FEN mode, but is otherwise
ignored. Most importantly it is ignored under Linux.
fixes https://github.com/rsyslog/rsyslog/issues/2528
- bugfix: imfile did not pick up all files when not present
at startup
fixes https://github.com/rsyslog/rsyslog/issues/2241
fixes https://github.com/rsyslog/rsyslog/issues/2230
fixes https://github.com/rsyslog/rsyslog/issues/2354
fixes https://github.com/rsyslog/rsyslog/issues/1716
- bugfix: directories only support "*" wildcard, no others
fixes https://github.com/rsyslog/rsyslog/issues/2303
- bugfix: parameter "sortfiles" did only work in FEN mode
fixes https://github.com/rsyslog/rsyslog/issues/2528
- provides the ability to dynamically add and remove files via
multi-level wildcards
see also https://github.com/rsyslog/rsyslog/issues/1280
- the state file name currently has been changed to inode number
This will further be worked on in upcoming PRs
see also https://github.com/rsyslog/rsyslog/issues/2231
- some enhancements were also done to CI tests, most importantly
they were made more compatible with BSD
Note that most of the mentioned bug fixes cannot be applied to older
versions, as they fix design issues which are solved by the refactoring.
Thus there are not separate commits for them.
There are probably also a number of different issues fixed, which have
not yet been full confirmed. Especially anyone having troubles with imfile
and wildcards will benefit from the refactoring.
closes https://github.com/rsyslog/rsyslog/issues/2359
- omelasticsearch: add support for CA cert, client cert auth
This allows omelasticsearch to perform client cert based authentication
to Elasticsearch.
adds parameters: tls.cacert, tls.mycert, tls.myprivkey
Thanks to Richard Megginson for the patch.
- omfile-hardening: new contributed module for "omfile hardened operations"
This extends omfile with features considered useful for hardening. Comes
at the expense of performance loss and changed semantics.
Thanks to Mikko Kortelainen for contributing this work.
- stream/bugfix: memory leak on stream open if filename as already generated
this can happen if imfile reads a state file. On each open, memory for the
file name can be lost.
We detected this while working on imfile refactoring, so there is no related
bug report. No specific test has been crafted, as the refactored imfile
tests catch it (as soon as they are merged).
- bugfix/omkafka: did not build on platforms without atomic operations
Thanks to github user bruce87en for the patch
- bugfix/core/ratelimiting: SystemLogRateLimitBurst was limited to 65535
rsyslog uses unsigned short for configuration setting SystemLogRateLimitBurst.
Being just 16 bits, unsigned short cannot hold values bigger than 65535. in a
practical setting rsyslog misbehaved with SystemLogRateLimitBurst being bigger
than 65535.
Thanks to github user KaleviKolttonen for the patch.
- bugfix imfile: memory leak in readMode 0
closes https://github.com/rsyslog/rsyslog/issues/2421
- bugfix omfile: some error messages had parameters in wrong order
which made the message look strange, but still readable
Thanks to Hans Rakers for the patch.
- bugfix omprog: file handle leak
There was a fd leak in the feedback feature added in v8.31.0 (github PR #1753).
The leak occurred when omprog was used with the confirmMessages=on setting
and no output setting. One fd was leaked every time the external program was
started.
Thanks to Joan Sala for the patch.
- bugfix imuxsock: data alignment problems
gcc did rightly complain that the cred and ts pointers would cause
alignment problems, so they were converted to structs and the necessary
data was memcpy()'ed to them.
the aux[] buffer was also potentially misaligned, so making a union
out of it and struct cmsghdr insured it was properly aligned.
The problems were especially visible on alpha and ia64 machines.
Thanks to Jason Duerstock for the fix.
- bugfix testbench: some test were accidentally not executed
Thanks to Kasumi Hanazuki for the patch.
- bugfix tcp subsystem: keepalive settings mixed up
TCPKeepAliveIntvl and TPCKeepAliveTime were switched. This is now correct and
thus causes a CHANGE OF BeHAVIOR of these settings. We applied this change only
after careful consideration of the effect. The contributor Alexandre Pierret
explained the situation as such:
"From my side, I work with thousands of servers centralizing logs to rsyslog
servers in tcp. All of them are running RHEL 6 and 7. The default rsyslog settings
in RHEL is TCPKeepAlive off. Since there are thousands of connections on the
rsyslog servers, I had to turn the TCPKeepAlive on to setup an aggressive policy
regarding ghost connections (following firewall tcp-timeout issue). Basically,
I set up: intvl=10 - probe=5 - time=2 If intvl and time are switched, it won't
break anything. It will just send 5 more empty tcp packets for 10 seconds (5
probe x 2 seconds), which is painless (any professional grade 100€ router can
send more than 1.000.000 PPS). For 3000 servers, it means 3000 pps for 5
seconds (3000 servers x 2 back-and-forth / 2 seconds). Let's take another worst
example: intvl=3600 - probe=5 - time=1. It means one keepalive every hour and
a 5 retry every 1s after a network issue. If the time and intvl values are
switched, it will generate 1 keepalive every seconds, It's a LOT more, but
after 5 probe or packet, it will stop. To summarize, I think it won't
break anything:
* Keepalive is off by default is many linux distribution
* When we enable it, it's to set up an aggressive policy. And setting up a
10-5-1, 60-5-2, 2-5-60 or 1-20-1 policy is almost the same.
Bonus: For people setting up their rsyslog from the documentation, it will
now work as expected."
This was convincing, and we actually think that the fast majority of users set
up keepalive based on the doc and did never verify it actually worked as
expected. So we think that in all those cases, rsyslog will finally work as
intended. So we consider it justified to "change the behavior" here.
full discussion in PR: https://github.com/rsyslog/rsyslog/pull/2367
Thanks to Alexandre Pierret for analyzing the situation and providing the
patch.
- fix some cosmetic issues found by lgtm.com static code analyzer
e.g. header file guard not correctly set - if you really are interested in
details, check git log
- CI
* add build test without atomic operations - now catches missing mutex macros
* add lgtm.com static analyzer (automatically called via GitHub PR)
* improved stability of global-umask.sh test, which unnecessarily used
wildcards for test output file checking.
Thanks to Kasumi Hanazuki for the patch.
* added some test for omprog with transactional interface
Thanks to Joan Sala for the new tests.
* fixed some omjournal tests which did not properly check result
------------------------------------------------------------------------------
Version 8.33.1 [v8-stable] 2018-03-06
- 8.33.0 tarball release was actually pre-8.33.0
... and so did not contain all features. This alone made a re-release
necessary, which is what now happens with 8.33.1.
Note: the git 8.33.0 label was correctly applied, "just" the tarball
was wrong.
- devcontainer: use some more sensible defaults
and add ability to specify generic docker run options
this makes integration into CI (and other scripting) easier
- fix problems with make dist
make dist did not package everything that was needed for CI, thus
resulting in make check failures if build from tarball.
Thanks to Thomas D. (whissi), and Michael Biebl for alerting us on the
problem, providing advise and some of the patches. We also added addt'l
patches ourselves. The problem occurred as the CI check for tarball
completeness was more or less disabled a couple of weeks ago, which
unfortunately went unnoticed. We have also applied some more safeguards
to detect such problems in the future.
------------------------------------------------------------------------------
Version 8.33.0 [v8-stable] 2018-02-20
- auto-detect if running inside a container (as pid 1)
adjust defaults in this case to be more container-friendly
- config: add include() script object
This permits to include files (like legacy $IncludeConfig) via a
script object. Needless to say, the script object offers more
features:
- include files can now be
- required, with rsyslog aborting when not present
- required, with rsyslog emitting an error message but otherwise
continuing when not present
- optional, which means non-present include files will be
skipped without notice
This is controlled by the "mode" parameter.
- text can be included form e.g. an environment variable
--> ex: include(text=`echo $ENVVAR`)
This finally really obsoletes $IncludeConfig.
closes https://github.com/rsyslog/rsyslog/issues/2151
- template: add option to generate json "container"
This enables easy JSON generation via template.
This commit also corrects an issue with the constant "jsonf"
format. That was recently added, and the implementation problem
only became visible when used inside a larger json object. No
officially released code is affected, thought - so it really
is just a side-note.
closes https://github.com/rsyslog/rsyslog/issues/2347
- core/template: add format jsonf to constant template entries
closes https://github.com/rsyslog/rsyslog/issues/2348
- config: add ability to disable config parameter ("config.enabled")
For auto-generated configs, it is useful to have the ability to disable some
config constructs even though they may be specified inside the config. This
can now be done via the ```config.enabled``` parameter, applicable to all
script objects. If set to ```on``` or not specified, the construct will be
used, if set to any other value, it will be ignored. This can be used
together with the backtick functionality to configure enable and disable
from either a file or environment variable.
closes https://github.com/rsyslog/rsyslog/issues/2431
- script: permit to use environment variables during configuration
new constant string type "backticks", inspired by sh
(sample: `echo $VARNAME`).
- new global config parameter "shutdown.enable.ctlc"
permits to shutdown rsyslog via ctl-c; useful e.g. in containers
- config optimizer: detect totally empty "if" statements and optimize
them out
- template: constant entry can now also be formatted as json field
This enhancements permits to craft clean templates that generate JSON,
e.g. for ElasticSearch consumption (or any other REST API)
- omstdout: support for new-style configuration parameters added
- core: set TZ on startup if not already set
In theory, TZ should be set by the OS. Unfortunately, this seems
to be not the case any longer on many Linux distros. We now check
it and set it appropriate if not already given.
Thanks to github user JPvRiel for providing an excellent explanation
of the reasoning for this and how to work around it.
closes https://github.com/rsyslog/rsyslog/issues/2054
- imjournal bugfix: file handle leak during journal rotation
Thanks to Peter Portante for the patch
see also: https://github.com/rsyslog/rsyslog/pull/2437
- lmsig_ksils12 bugfix: dirOwner and dirGroup config was not respected
- script bugfix: replace() function worked incorrectly in some cases
If the end of the message was similar to the replacement string, parts
of the string could (not always) be missing.
Thanks to Yaroslav Bo for the patch.
- build system bugfix: --disable-libcurl did not work
Thanks to Dan Molik, Thomas D. (whissi), and Michael Biebl for the patches.
- fixed build issues on Alpine Linux
- core bugfix: misaddressing in external command parser
This parser is used whenever a module (e.g. omprog) needs to process
command lines. If command parameters were given, memory misaddressing
occurred. This could lead to a segfault.
This is a regression in 8.32.0.
closes https://github.com/rsyslog/rsyslog/issues/2408
- core bugfix: small memory leak in external command parser
This parser is used whenever a module (e.g. omprog) needs to process
command lines. On each action definitions for actions that use the
parser a small amount of memory was leaked. It is an uncritical leak
as it only occurs during config parsing. So it leaks a couple of
KiB during startup but does not grow during actual message processing.
This is a regression in 8.32.0.
- core bugfix: string not properly terminated when RFC5424 MSGID is used
This could lead to misaddressing when the jsonmesg property was used.
closes https://github.com/rsyslog/rsyslog/issues/2396
- bugfix: strndup() compatibility layer func copies too much
The function did not obey the upper limit, effectively becoming
a strdup(). This was only noticed when the compatibility layer
was required, most importantly on Solaris 10.
- CI system
- we now use well-defined containers for parts of the CI runs
- now also build test under Alpine Linux
- test added for omprog feedback feature
------------------------------------------------------------------------------
Version 8.32.0 [v8-stable] 2018-01-09
- NEW BUILD REQUIREMENTs:
* libfastjson 0.99.8 is now required; older versions lead to bugs in rsyslog
* libczmq >= 3.0.2 is now required for omczmq
This was actually required for quite some while, but not properly checked
during configure run. If the lib was older, build failed. Now configure
detects this and emits the appropriate error message.
* libcurl is now needed for rsyslog core
due to new script function http_request(). This can be turned off by the
new configure option --disable-libcurl. If so, http_request() is not
available.
- rsyslogd: add capability to specify that no pid file shall be written
Command line option -iNONE provides this capability. This utilizes the
pre-existing -i option, but uses the special name "NONE" to turn of the
pid file check feature. Turning off is useful for systems where this no
longer is needed (e.g. systemd based).
closes https://github.com/rsyslog/rsyslog/issues/2143
- ompgsql: considerable enhancements
The PostgreSQL output module was woefully out-of-date the following
list is changes made to update the module to current Rsyslog standards.
* allow for v6 configuration syntax
* configurable ports
* support transactional interface
* push db connection into workers (libpq is threadsafe)
* enable module testing on travis
* ensure configuration syntax backwards compatibility
* formatting around postgres core templating
* use new test conventions
* add new configuration syntax test
* add valgrind tests for new and old syntax
* add threading tests
* add action queue long running tests
* add action queue valgrind test
Thanks to Dan Molik for contributing this great enhancement!
- build system: removed --enable-rtinst configure option
This was a historic debugging option which has been superseded by
newer tools like valgrind, helgrind, ASAN, TSAN, etc...
- pmrfc3164: support for headerless messages
pmrfc3164 now detects if the first non-SP, non-HT character is either
'{' or '[' and if so assume that no header (TAG, HOSTNAME, DATE) is
given. If so, it uses defaults for these values. The full message is
used as the MSG part in that case. Note that an initial PRI may still
be specified.
This follows the trend to send JSON messages via syslog without any
header. We use default header values in this case.
This right now is a bit experimental; we may roll it back if
problems show up in practice.
closes https://github.com/rsyslog/rsyslog/issues/2030
- omhiredis: add option to use RPUSH instead of LPUSH
see also https://github.com/rsyslog/rsyslog/issues/1625
- mmexternal improvements
* better error reporting if to-be-executed script cannot be executed
* some general cleanup
* better redirection of stdin/out/err for the executed script
* bugfix: argv[0] of the script was missing if command line parameters
were not specified
- omprog: refactored, code shared with mmexternal moved to common object
- logctl tool: refactor to support newer rsyslog standards
* Made the logctl usertool ISO C90 compliant.
* Made the logctl usertool use a homogeneous coding style.
Thanks to Hugo Soszynski for contributing this work (as well as
suggesting some workarounds related to libmongoc/libbson).
- imfile: added support for Solaris File Event notification (FEN)
also improves performance under Solaris, with FEN imfile provides
features equivalent to inotify mode
- core/action: new parameter "action.errorfile"
permits to write failed messages to an "error file" so that they
can be reviewed and potentially be reprocessed
- imfile: added new module parameter "sortFiles"
This permits to process newly created files in sorted order.
- imuxsock: improved status reporting: socket name received from systemd
Providing an indication of what we got from systemd facilitates problem
analysis.
- build system: added new testbench configure switches
now --enable-testbench1 and --enable-testbench2 exists which permit
to enable/disable parts of the testbench. By default, both are on
when --enable-testbench is given. For full testbench coverage, both
options must be given. These options are necessary because under
Travis we hit the max runtime for tests and needed to split tests
over multiple incarnations.
- mmpstrucdata: new parameter "sd_name.lowercase"
to permit preserving case for structured data identifiers
Special thanks to github user alanrobson for the initial commit that
preserves case (on which we based other work).
- omfile: add module-global option "dynafile.donotsuspend"
this permits to enable SUSPENDing dynafile actions. Traditionally,
SUSPEND mode was never entered for dynafiles as it would have blocked
overall processing flow. Default is not to suspend (and thus block).
closes https://github.com/rsyslog/rsyslog/issues/2236
- testbench: add a capability to turn off libfaketime tests via configure
Unfortunately, libfaketime becomes more and more problematic in newer
versions and causes aborts on some platforms. This provides the ability
to turn it off via --disable-libfaketime.
In the longer term, we should consider writing our own replacement.
- testbench: name valgrind tests consistently
all valgrind tests now end in -vg.sh
- RainerScript: add function parse_json()
- RainerScript: add function substring()
- RainerScript: add function http_request()
- RainerScript: add function previous_is_suspended()
This function returns a boolean indicating if the previous action is
suspended (0 - no, 1 - yes). This is useful if arbitrary processing
(other than calling actions) should be made depending on that state.
A prime example for this is probably calling a ruleset.
closes https://github.com/rsyslog/rsyslog/issues/1939
- Patches from BSD projects have been imported
... as far as they still apply. Some patches that patched BSD-specific
code were broadened to be more generic.
- script bugfix: invalid function names were silently ignored
no error message was produced
thanks to Matt Ezell for providing the patch.
- rainerscript: add int2hex() function
- rainerscript: add is_time() function
Thanks to Stephen Workman for implementing this.
- RainerScript: add function script_error() and error-reporting support
This permits script functions that could fail to report errors back, so
that the user can handle them if desired. We use an errno-style of
interface. That means script_error() needs to be called after functions
that supports it. It will return either 0 (all OK) or something else
(an error condition).
The commit also modifies the parse_time() function to use the new
interface. First of all, this is useful for users, and secondly we
needed a capability to craft a testbench test.
closes https://github.com/rsyslog/rsyslog/issues/1978
- testbench: fixed build problem of testbench tools under Alpine Linux
- added --enable-libsystemd configure option to enforce use of libsystemd
so we can fail the build on platforms where this is required
- core/glbl: remove long-unused option $optimizeforuniprocessor
This was still available, but had no effect (for ~10 years or so). The
plumbing is now removed. If someone tries to use the option, an
error message is generated.
closes https://github.com/rsyslog/rsyslog/issues/2280
- core/queue: emit better status messages at rsyslog shutdown
this helps to diagnose issue - unfortunately we need more work to ensure
that the messages always make it to the user. This is a start and
hopefully useful at least for the testbench, possibly more.
- fixed a couple of build issues with gcc-7 (in less frequently used modules)
- fixed a couple of build issues on the arm platform (actually raspbian)
- impstats: fix invalid counter definitions for getrusage() reporting
some of the counters were defined as int (32 bit) vs. intctr_t (64 bit).
On some platforms "long" seems to be 64bit, and getrusage() provides
what we store as int via long. So this caused truncation and/or overflow.
This had undefined effects. Most often, everything worked fine
for values smaller than 2^31 but sometimes we got negative values.
closes https://github.com/rsyslog/rsyslog/issues/1517
- imudp bugfix: potential segfault in ratelimiting
The rate-limiter inside imudp was not set to be thread safe, but was
used across multiple threads. This worked in default configuration,
but failed when RepeatedMsgReduction was set to "on".
Note that it in general is a bug to use a rate-limiter in
non-threadsafe mode across multiple threads. This also causes invalid
rate limiting counts in the default case.
closes https://github.com/rsyslog/rsyslog/issues/441
fixes https://github.com/rsyslog/rsyslog/issues/2132
- imptcp bugfix: access to free'ed memory
When notifyconnectionclose was on, a string buffer was accessed immediately
after it was freed (as part of the connection close operation).
Detected by LLVM ASAN.
- mmanon bugfix: fix wrong ipv6 embedded recognition
mmanon recognized IPv6 with embedded IPv4 that have too few (16 bit) fields.
example: 13:abd:45:0.0.0.0
closes https://github.com/rsyslog/rsyslog/issues/2357
- imfile bugfix: not detecting files in directory when wildcards are used.
When directories and files are created at the same time,
imfile may missed subdirs or file if the machine is on high load.
The handling has been enhanced to scan newly created directories ALWAYS for
matching files.
fixes https://github.com/rsyslog/rsyslog/issues/2271
However there still exist problems with multilevel directory configurations.
Details are discussed in https://github.com/rsyslog/rsyslog/issues/2354
Fixes for the remaining issues are expected for 8.33.0.
- script bugfix: improper string-to-number conversion for negative numbers
- core/action bugfix: 100% CPU utilization on suspension of output module
Triggering condition:
* output module using the legacy transaction interface
(e.g. omelasticsearch, omlibdbi)
* output module needs to suspend itself
In these cases, rsyslog enters a busy loop trying to resolve the
suspend condition. The bug is rooted in rsyslog core action code.
This patch fixes it by inserting a 1-second sleep during calls
to the resume handler.
Note: we cannot sleep exactly as long as tryResume needs. This
would require larger refactoring, which probably is not worth for
the legacy interface. The current solution is almost as good, as
the one second sleep has very little overhead on a real system.
Thus we have chosen that approach.
This patch now also ensures that failed messages are properly
handled and do not cause eternal hang.
closes https://github.com/rsyslog/rsyslog/issues/2113
- core/variables bugfix: bare $! cannot be used in set statement
fixes https://github.com/rsyslog/rsyslog/issues/326
- core bugfix: auto commit of actions improperly handled
The internal state variable bHadAutoCommit was handled in thread-unsafe way
and most probably caused (hard to see) issues when action instances were
run on multiple worker threads. It looks like the state variable was
forgotten to move over to worker state when action workers were introduced.
closes https://github.com/rsyslog/rsyslog/issues/2046
- core bugfix: filename length limitation of 199 bytes
file names (including path names) longer than 199 bytes could not be
handled at many places. This has now been uplifted to 4KiB after careful
review for the largest size supported among all relevant platforms.
- core bugfix: undefined behavior due to integer overflow
when searching strings, we may have an (unsigned) integer overflow
which can lead to misaddressing.
Detected by clang ubsan.
- core bugfix: race on LocalHostIP property during startup
The way the default was set could lead to a race if e.g. two internal
messages were emitted at startup when the property was not yet set. This
has been seen to happen in practice. It had no bad effect except a very
small stationary memory leak, but made using thread analyzers unreliable
(as it was rightfully detected as a problem).
closes https://github.com/rsyslog/rsyslog/issues/2012
- bugfix: potential segfault on startup
timezone info table was "sorted" even though it may be NULL. There is
no practical case known where this lead to an actual abort, but in
theory it would be possible. If so, it would happen immediately on
startup.
Detected by clang ubsan.
- omhiredis bugfix: rsyslog segfault on startup if no template is specified
- omprog bugfix: argv[0] not set when using binary without arguments
When using the omprog plugin with a binary without arguments, argv[0] (the
name of the binary) is not set, causing binaries that depend on this value
being set to crash or misbehave.
This patch also mildly refactors omprog argv[] creations, albeit some more
refactoring would be useful.
closes https://github.com/rsyslog/rsyslog/issues/1858
- core: refactoring of rsyslog's cstr "class"
Function cstrGetSzStrNoNULL shall modified the string buffer on each call,
albeit it is considered a "read-only" function. It currently adds a '\0'
at the end. This is bad, especially when multiple threads access the same
string. As always the same data is written, it was not causing real issues
(except unnecessary cache writes), but it polluted the thread debugger and
as such prevent more elaborate automated tests.
- parent directory creation function refactored
This should not cause any change of behavior, but is worth noting in case
we see a regression not caught by the CI system.
- mmsnmptrapd bugfix: potential misaddressing
This only occurred in situations when the system was totally out of memory.
- imkafka: fix potential small resource leak
If rdkafka handle cannot fully populated, cleanup is added. Previously, we
could leak a handle if e.g. no brokers were available. Note that this was
a cosmetic leak, as proper processing is not possible in any case and the
leak is once per listener, so not growing. But we now also ensure that
proper error reporting and handling is done in any case. Previously, we
may have some misleading error messages if the defunct kafka handle was
used.
closes https://github.com/rsyslog/rsyslog/issues/2084
- imkafka bugfix: do not emit error message on regular state
This was misunderstood as an error state and could spam the system
log considerably. Regression from 8.31.0.
- omkafka: expose operational status to user where useful
omkafka emits many useful operational status messages only to the debug
log. After careful review, we have exposed many of these as user error
and warning message (ex: librdkafka queue full, so user knows why we
suspend the plugin temporarily). This may have made the module too
chatty. If so, one can always filter out messages via configuration. And
if we really went overboard, we can undo those parts with the next
release. So it's better to give a bit more than less, as this definitely
eases troubleshooting for users.
closes https://github.com/rsyslog/rsyslog/pull/2334
- omkafka bugfix: potential message duplication
If a message that already failed in librdkafka was resubmitted and that
resubmit also failed, it got duplicated.
- omkafka: fix multithreading
omkafka has several issue if multiple worker instances are used. This commit
actually make the module use a single worker thread at max. Reasoning:
Librdkafka creates background threads itself. So omkafka basically needs to move
memory buffers over to librdkafka, which then does the heavy hauling. As such, we
think that it is best to run max one wrkr instance of omkafka -- otherwise we just
get additional locking (contention) overhead without any real gain. As such,
we use a global mutex for doAction which ensures only one worker can be active
at any given time. That mutex is also used to guard utility functions (like
tryResume) which may also be accessed by multiple workers in parallel.
Note: shall this method be changed, the kafka connection/suspension handling needs
to be refactored. The current code assumes that all workers share state information
including librdkafka handles.
closes https://github.com/rsyslog/rsyslog/issues/2313
- omkafka bugfix: potential misaddressing
The failed message list is improperly cleaned. This is a regression
from recent commit 4eae19e089b5a83da679fe29398c6b2c10003793, which
was introduced in 8.31.0.
This problem is more likely to happen under heavy load or bad
connectivity, when the local librdkafka queue overruns or message
delivery times out.
closes https://github.com/rsyslog/rsyslog/issues/2184
closes https://github.com/rsyslog/rsyslog/issues/2067
- omkafka bugfix: build fails with older versions of librdkafka
closes https://github.com/rsyslog/rsyslog/issues/2168
- omgssapi bugfix: fix compiler warnings with gcc-7
closes https://github.com/rsyslog/rsyslog/issues/2097
- dnscache bugfix: entries were cached based on IP AND port number
That hash key which is used to find out already cached dns entry gets
incorrectly computed from the whole sockaddr_storage
(sockaddr_in/sockaddr_in6) structure including a sin_port (which doesn't
have a static value) instead of only an address, thus creating redundant
dns cache entries/consuming more space. This lead to potentially high memory
usage and ineffectiveness of the case. It could be considered a memory leak.
Thanks to Martin Osvald for the patch.
see also: https://github.com/rsyslog/rsyslog/pull/2160
- omkafka bugfix: fixed memory leak
a memory leak occurred when librdkafka communicated error/status information
to omkafka. this seems to happen relatively frequently, so this leak
could be pretty problematic.
- mmdblookup bugfix: replace thread-unsafe strtok() by thread-safe counterpart
Many thanks to Will Storey (github user @horgh) for mentioning this and
his phantastic help in debugging this rsyslog problem!
- pmnormalize bugfix: remove unsave "strcat" implementation
- rainerscript bugfix: ltrim() and rtrim function misaddressing
This could lead to a segfault and was triggered by certain input data
schemes. For example, a ltrim(" a") could lead to the fault.
- imklog bugfix: local host IP was hardcoded to 127.0.0.1
This is now taken from the global localHostIP setting, which is used
consistent across all modules.
Also, the removed (2012?) directive $klogLocalIPIF has been added
again but directly marked as removed. That way, an informative error
message is generated if someone tries to use it.
closes https://github.com/rsyslog/rsyslog/issues/2276
- cleanup: remove obsolete pre-KSI GuardTime signature interface
this is no longer functional starting Jan 2018 as it reached end of life
closes https://github.com/rsyslog/rsyslog/issues/2128
- cleanup: obsolete definition SOL_TCP replaced by newer IPPROTO_TCP
this should not have any effect at all except better portability, but is
worth mentioning in the ChangeLog nevertheless.
- lookup tables: fixed undefined behavior detected by UBSan
- CI testing
- ARM (via Raspberry PI) added to CI system
- Debian 9 added to CI system
- omgssapi and usertools components are now also tested in Travis
- test coverage on BSD has been enhanced
------------------------------------------------------------------------------
Version 8.31.0 [v8-stable] 2017-11-28
- NEW BUILD DEPENDENCY: ommongodb now requires libmongo-c
instead of deprecated libmongo-client.
- remove systemd embedded code, use libsystemd instead
Since the early days rsyslog used the original systemd embedded
interface code. This version now uses libsystemd where available.
If we do not find libsystemd, we assume the system does not use
systemd, which is a safe assumption nowadays. This ensures we use the
fresh interface code and also removes bloat from our project.
closes https://github.com/rsyslog/rsyslog/issues/1933
- mmanon: add support for IPv6 addresses with embedded IPv4 address
While this format is uncommon, it may still be present in logs and as
such should be supported. It is configurable via individual settings,
though. Especially the number of bits to anonymize may be desired to
be different than in pure IPv6.
- ommongodb: big refactoring, more or less a feature-enhanced rewrite
New features are :
* Handle TLS connection to mongodb
* Handle MongoDB Replicasets
* Added the 'ssl_ca' and 'ssl_cert' directives to configure tls connection
* Added 'uristr' directive to configure the connection uri in the form
of 'mongodb://...'
Now uses the official mongo-c-driver library instead of the deprecated
mongo-client library
Special thanks to Hugo Soszynski and Jérémie Jourdin for there hard work
to make this a reality!
See also: https://github.com/rsyslog/rsyslog/pull/1917
- rainerscript: add parse_time() function
Thanks to Stephen Workman for implementing this.
- omelasticsearch: add LF to every elastic response for error file
error file content was written without LF after each message, making
it hard to work with and monitor.
Thanks to Yaroslav Bo for the patch.
- omelasticsearch: add pipeline support
supports static and dynamic ElasticSearch pipeline parameter.
closes https://github.com/rsyslog/rsyslog/issues/1411
Thanks to github users scibi and WaeCo for the implementation.
- lmsig_ksi_ls12: support asynchronous mode of libksi
- omprog: added error handling and transaction support for external plugins
This permits much better integration of external output modules.
Special thanks to Joan Sala for providing this work!
- imzmq3/omzmq3: marked as deprecated, modules will be remove in v8.41
see also: https://github.com/rsyslog/rsyslog/issues/2100
- imzmq3/omzmq3: fixed build issues with gcc-7
- core: emit error message on abnormal input thread termination
This indicates a serious issue of which the user should be notified.
Was not done so far and caused grief when troubleshooting issues.
- core: refactored locking for json variable access
refactored the method so that it consistent in all functions and easier
to follow. Most importantly, now an as simple as possible locking paradigm
of lock ... unlock within the function. Hopefully easier to understand
both for humans and static code analyzers.
- core: refactored creation of UDP sockets
was very old, hard to follow code; streamlined that a bit
- core/dnscache: refactor locking
keep a simple lock ... unlock scheme within the function. That is
easier to follow for both humans as well as static analyzers.
Also removes Coverity scan CID 185419
- rainerscript: use crypto-grade random number generator for random() function
We now use /dev/urandom if available. If not, we fall back to the weak PRNG.
- imkafka: improve error reporting and cleanup refactoring
- imkafka bugfix: segfault if "broker" parameter is not specified
Now emits warning message instead and uses hardcoded default
(which usually matches where the kafka broker can be found).
fixes https://github.com/rsyslog/rsyslog/issues/2085
- omkafka: improve error reporting
- omkafka: slight speedup do to refactoring of LIST class
double-linked list was used for temporarily undeliverable message tracking
where singly-linked list was sufficient. Changed that.
- TCP syslog: support SNI when connecting as a client
This is done if a hostname is configured and turned off if an IP is used.
Thanks to Art O Cathain for the patch.
see also https://github.com/rsyslog/rsyslog/pull/1393
- msg variable bugfix: potential segfault on variable access
A segfault is likely to happen if during processing a variable with
more than one path component is accessed (e.g. $!path!var) and NO
variables oft hat kind (local, message, global) are defined at all.
closes https://github.com/rsyslog/rsyslog/issues/1920
- ratelimiting bugfix: data race in Linux-like ratelimiter
access to the Linux-like ratelimiter was not properly synchronized, and
the system rate-limiter was not using it in any case.
This could lead to the rate-limit settings not being properly
respected, but no "hard error".
- core/template bugfix: potential NULL pointer access at config load
could happen if the config was loaded and the parameters could not properly
be processed. If so, this occurred only during the startup phase.
Detected by Coverity scan, CID 185318
- core/json var subsystem bugfix: segfault in MsgSetPropsViaJSON
Invalid libfastjson API use lead to double-free. This was most importantly
triggered by mmexternal (but could potentially be triggered by other
uses as well)
closes https://github.com/rsyslog/rsyslog/issues/1822
- core/wrkr threads bugfix: race condition
During e.g. shutdown it could happen that a worker thread was started
and immediately be requested to terminate. In such situations there was
a race the prevented proper initialization. This could lead to follow-on
problems.
We believe (but could not proof) that this also could lead to a hang of
the termination process. Thus we claim to close an issue tracker down
here below, but are not 100% certain it really closes it (we hope for
user feedback on this). In any case, the thread debugger showed invalid
operations and this has been fixed, so it is useful in any case.
closes https://github.com/rsyslog/rsyslog/issues/1959
- core/wtp: potential hang during shutdown
when the wtp worker is cancelled in the final stage of shutting down
while the mutex is locked and there is one worker left, the system
will hang. The reason is that the cancelled thread could not free the
mutex that the other needs in order to shut down orderly.
Detected with clang thread sanitizer.
- omfwd bugfix: generate error message on connection failure
- imtcp bugfix: "streamdriver.mode" parameter could not be set to 0
- imjournal bugfix: module was defunctional
The open function was broken by commit 92ac801, resulting in
no data being ever read from the journal.
patch bases on the idea of Radovan Sroka given here:
https://github.com/rsyslog/rsyslog/issues/1895#issuecomment-339017357
but follows the current imjournal-paradigm of having the journal
handle inside a global variable.
see also https://github.com/rsyslog/rsyslog/issues/1895
closes https://github.com/rsyslog/rsyslog/issues/1897
- imjournal: refactor error handling, fix error messages
imjournal did not try to recover from errors and used the error state
returned by journal functions incorrectly, resulting in misleading
error messages. Fixed this and also increased the number of error
messages so that it now is easier to diagnose problems with this module.
Also a little bit of internal brush-up.
-mmdblookup bugfix: fix potential segfault due to threading issues
libmaxminddb seems to have issues when running under multiple threads. As
a first measure, we prevent mmdblookup now from running on more than one
thread concurrently.
see also: https://github.com/rsyslog/rsyslog/issues/1885#issuecomment-344882616
- omelasticsearch bugfix: operational error messages not passed to user
This lead to sometimes hard to diagnose problem. Note that for obvious
reasons the amount of messages from omelasticsearch has increased; this
is not a sign of a problem in itself -- but it may reveal problems that
existed before and went unnoticed. Also note that too-verbose messages
can be filtered out via regular rsyslog methods (e.g. message discarding
based on content).
- omkafka bugfixes
* statistics counter maxoutqsize could not be reset
Thanks to github user flisky for the patch.
* potential hang condition
omkafka did not release a mutex under some error conditions (most
notably out of memory on specific alloc calls). This lead to a hang
during actively processing messages or during shutdown (at latest).
This could happen only if dynamic topics were configured.
Detected by Coverity Scan, CID 185781 (originally 185721, detected
as a different issue by Coverity after code refactoring done in regard
to 185721 -- then the problem became more obvious).
* file handle leak, which could occur when local buffering
of messages was needed
* invalid load of failedmsg file on startup if disabled
error "rsyslogd: omkafka: could not load failed messages from "
"file (null) error -2027 - failed messages will not be resend."
occurs because, despite `keepFailedMessages="off"` as a default,
omkafka still tries to check for and load a `(none)` file which
triggers an IO error of sorts according to the 2027 link above.
Obviously, it probably shouldn't try load the file if
`keepFailedMessages` is not enabled.
Thanks to github user JPvRiel for a very good error report and
analysis.
closes https://github.com/rsyslog/rsyslog/issues/1765
* various config parameters did not work
These were not even recognized when used and lead to a config startup
error message:
~ closeTimeout
~ reopenOnHup
~ resubmitOnFailure
~ keepFailedMessages
~ failedMsgFile
closes https://github.com/rsyslog/rsyslog/issues/2052
* considerable memory leak
Whenever a message could (temporarily) not be delivered to kafka,
a non-trivial amount of memory was leaked. This could sum up to
quite a big memory leak.
fixes https://github.com/rsyslog/rsyslog/issues/1991
* some small memory leaks fixed
most of them cosmetic or a few bytes statically (not growing as
omkafka was used) -- thus we do not mention each one explicitly.
For more details, see git commit log or this pull request:
https://github.com/rsyslog/rsyslog/pull/2051
- kafka bugfix: problem on invalid kafka configuration values
omkafka ended up in an endless loop and high cpu.
imkafka tried to subscribe to a not connected kafka server.
closes https://github.com/rsyslog/rsyslog/issues/1806
- [io]mgssapi: fix build problems (regression from 8.30.0)
- [io]czmq: fix build problems on some platforms (namely gcc 7, clang 5)
- tcpsrv bugfix: potential hang during shutdown
- queue bugfix: potential hang during shutdown
- queue bugfix: NULL pointer dereference during config processing
If the queue parameters were incorrectly given, a NULL pointer dereference
could happen during config parsing. Once post that stage, no problem could
occur.
Detected by Coverity scan, CID 185339
- imczmq bugfix: segfault
happened in a call to
371: zcert_destroy(&serverCert) called from rcvData().
Thanks to ~achiketa Prachanda for the patch.
- imfile: some small performance enhancements
Thanks to Peter Portante for the patch
- omfile: handle file open error via SUSPEND mode
For a while, an open file error lead to suspension as the error was
not detected by the rule engine. This has changed with fixes
in 8.30.0. I asked users what they prefer (and expect) and
everyone meant it should still be handled via suspension. See
github tracker below for more details.
closes https://github.com/rsyslog/rsyslog/issues/1832
- omfile bugfix: race during directory creation can lead to loop
There was a race where two threads were competing for directory creation
which could lead to none succeeding and a flood of error message like this
"error during config processing: omfile: creating parent directories for
file". This has been solved.
Thanks to Niko Kortström for the patch.
- imudp: improve error reporting
When udp listener cannot be created, an error message containing
the ip-address and port is put out.
closes https://github.com/rsyslog/rsyslog/issues/1899
- omrelp bugfix: incorrect error handling
if librelp with TLS but without Authentication was included, librelp
did not emit the correct error message due to invalid error code
check. It also did not err-out but instead suspended itself.
Detected by Coverity scan, CID 185362
- [io]mrelp bugfix: segfault on startup if configured cert not readable
When the certificate file specified in the omrelp/imrelp configuration
can't be accessed, e.g. because it doesn't exist or you don't have
permission to do so, a Segmentation Fault will appear when you start
Rsyslog. This commit fixes that problem.
closes https://github.com/rsyslog/rsyslog/issues/1869
- mmanon fix: make build under gcc 7
Thanks to William Dauchy for the patch
- mmpstrucdata bugfix: formatting error of ']' char
This was invalidly formatted as '"'. Thanks to github user
wu3396 for the error report including the patch idea.
closes https://github.com/rsyslog/rsyslog/issues/1826
- mmexternalb bugfix: memory leak
- core/stats bugfix: memory leak if sender stats or tracking are enabled
- core bugfix: potential segfault during startup
A NULL pointer could be accessed if there was a problem with the
timezone parameters. Affects only startup, once started, no problem
existed.
Detected by Coverity scan; CID 185414
- core bugfix: potential race in variable handling
Root of variable tree is accessed prior to locking access to it.
This introduces a race that may result in various kinds of
misaddressing.
Found while reviewing code, no bug report exists.
- core bugfix: potential segfault when shutting down rsyslog
when rulesets are nested a segfault can occur when shutting down
rsyslog. the reason is that rule sets are destructed in load order,
which means a "later" ruleset may still be active when an "earlier"
one was already destructed. In these cases, a "call" can invalidly
call into the earlier ruleset, which is destructed and so leads to
invalid memory access. If a segfault actually happens depends on the
OS, but it is highly probable.
The cure is to split the queue shutdown sequence. In a first step,
all worker threads are terminated and the queue set to enqOnly.
While some are terminated, it is still possible that the others
enqueue messages into the queue (which are then just placed into the
queue, not processed). After this happens, a call can no longer
be issued (as there are no more workers). So then we can destruct
the rulesets in any order.
closes https://github.com/rsyslog/rsyslog/issues/1122
- core/action bugfix: potential misaddressing when processing hard errors
For batches that did fail in an output module, the rsyslog core
tries to find offending messages that generate hard (non-recoverable)
errors. During this process, the action templates for each message
are copied into a temporary buffer. That copy was invalidly sized,
actually copying only the first template string. As such, outputs
that requested more template strings AND had errors in batch submission
received uninitialized pointers. This could lead to all sorts of
problems.
see also https://github.com/rsyslog/rsyslog/issues/1885
closes https://github.com/rsyslog/rsyslog/issues/1906
- template object bugfix: NULL pointer access on invalid parameters
could happen only during startup
Detected by Coverity scan, CID 185376
- omjournal bugfix: NULL pointer access on invalid parameters
could happen only during startup
- omelasticsearch bugfix: configured credentials not used during health check
Authentication credentials were not applied during health check,
permission to use unsigned CERTS was not applied to regular data post.
closes https://github.com/rsyslog/rsyslog/issues/1949
- omelasticsearch bugfix: abort on unavailable ES server
Depending on the state of unavailability (libcurl return code),
omelasticsearch tries to process a NULL return message, what
leads to a segfault.
This fixes the problem and introduces better error handling and
better error messages.
see also https://github.com/rsyslog/rsyslog/issues/1885
- omelasticsearch: fix memory leak and potential misaddressing
Commit 96b5fce introduced regressions, leading to potential misaddressing
and a very probable memory leak. This commit fixes the issues and
hardens the module to better detect some error cases in the
future.
It also adds valgrind-based testbench tests which ensure that no
pointer errors exist. If they had been in place, the regressions
would never have been undetected.
Note that commit 96b5fce was introduced in 8.23.0 on Nov, 15th 2016.
Many thanks to Yaroslav Bo for alerting me on the root problem and
providing a very good analysis and guidance.
see also https://github.com/rsyslog/rsyslog/issues/1906
see also https://github.com/rsyslog/rsyslog/issues/1964
closes https://github.com/rsyslog/rsyslog/issues/1962
- omelasticsearch bugfix: output from libcurl to stdout
omelasticsearch made libcurl output messages to stdout. This
commit fixes that. It also automatically enables libcurl verbose
mode during debug runs - it needs to be seen if this is smart or
not (previously, code needed to be commented in).
closes https://github.com/rsyslog/rsyslog/issues/1909
- iczmq bugfix: potential memory leak
- imptcp bugfix: potential misaddressing
When during a connection request the remote peer could not be
identified, imptcp could misaddress memory if it is configured
to emit messages on connection open.
Detected by clang 5.0 static analyzer.
- imptcp: potential buffer overflow
if the local hostname or IP is larger than NI_MAXHOST-1, an internal
buffer is overflowed. This is irrespective of any input data.
Detected by Coverity scan, CID 185390
- core/nsd_gtls: fix potential uninitialized data access
could occur during certificate check
found by clang 5.0 static analyzer
- stats bugfix: potential program hang
due to missing unlock. This could only occur if pstats was set to
CEE-format logging (very uncommon) AND if the system runs out of
memory (in which case other things go pretty bad as well).
found by Coverity scan
- omfwd bugfix: memory leak if network namespaces are used
very seldom used feature, occurs only during error case
found by Coverity scan.
- core: potential misaddressing when accessing JSON properties
When a JSON property is accessed in template processing, memory may
have been misaddressed or a double-free may occur while obtaining the
property.
This was detected by a Coverity scan.
- gcry crypto provider bugfixes: potential misaddressing and memory leak
If the config parameters were invalid, a misaddressing could occur. If so,
this happens only during startup.
Also, a memory leak existed when the crypto provider errored out. This could
build up if it were used in frequently-changing dynafiles. This was
detected by Coverity scan, CID 185360.
- core/file stream object bugfix: memory leak
If a multiline read errored out, a line buffer could be leaked.
Detected by Coverity scan, CID 185328
- imdiag bugfix: double mutex unlock when working with stats
Note: while this could potentially lead to a program hang, it affected
only testbench execution as imdiag is a testbench-only tool.
Detected by Coverity scan, CID 185348 and 185350
- fixed several minor and cosmetic issues found by Coverity scan
including false positives. For details see "$ git log". All noteworthy
issues are separately mentioned in this ChangeLog. The ones not mentioned
are for example problems that can only occur during out of memory
conditions, under which it is extremely likely tha the rsyslog process
will be killed in any case
- testbench:
* added compile-check for [io]mgssapi, mmcount
* harden tests against hanging previous instances
* re-enable RELP tests on Solaris
* added basic test for imjournal
* added threading tests via valgrind's helgrind tool
* added valgrind test for kafka modules
* added capability to run elasticsearch tests with
a) different ElasticSearch versions
b) independently from OS-installed version
This also sets base to enable more elaborate ES tests
* further relaxed timing of dynstats tests, as they tend to create
false positives on slow machines
- CI: improved test coverage on FreeBSD
- Travis: clang static analyzer 5.0 now run over all source files
- build: make compile warning-free under gcc 7
------------------------------------------------------------------------------
Version 8.30.0 [v8-stable] 2017-10-17
- NEW BUILD REQUIREMENTS
* libfastjson 0.99.7 is now mandatory
the new version is required to support case-insensitive variable
comparisons, which are now the default
* when building imjournal, libsystemd-journal >= 234 is now recommended
This is to support the imjournal enhancement. Note that it is possible
to build with lower version, but this will degrade imjournal functionality.
- CHANGE OF BEHAVIOR: all variables are now case-insensitive by default
Formerly, JSON based variables ($!, $., $/) were case-sensitive.
Turn old default back on: global(variables.casesensitive="on")
See ChangeLog entry below for more details.
- core: handle (JSON) variables in case-insensitive way
The variable system inside rsyslog is JSON based (for easy consumption
of JSON input, the prime source of structured data). In JSON, keys
("variable names") are case-sensitive. This causes constant problems
inside rsyslog configurations. A major nit is that case-insensitivity
option inside templates (even if turned on) does not work with JSON
keys because they of inner workings*1.
It is much more natural to treat keys in a case-INsensitive way (e.g.
"$!Key" and "$!key" are the same). We do not expect any real problems
out of this, as key names only differing in case is highly unlikely.
However, as it is possible we provide a way to enable case-sensitivity
via the global(variables.casesensitive="on") global config object.
Note that the default is to do case-insensitive matches. The reason
is that this is the right thing to do in almost all cases, and we do
not envision any problems at all in existing deployments.
*1 Note: case-insensitivity in rsyslog is achieved by converting all
names to lower case. So that the higher speed of strcmp() can be used.
The template option does actually that, convert the template keys to
lower case. Unfortunately, this does not work with JSON, as JSON keys
are NOT converted to lower case.
closes https://github.com/rsyslog/rsyslog/issues/1805
- imjournal: made switching to persistent journal in runtime possible
with this patch imjournal can continue logging after switch to
persistent journal without need to restart rsyslog service
Thanks to github user jvymazal for the patch
- mmanon: complete refactor and enhancements
- add pseudonymization mode
- add address randomization mode
- add support for IPv6 (this also supports various replacement modes)
closes https://github.com/rsyslog/rsyslog/issues/1614
also fixes bugs
- in IPv4 address recognition
closes https://github.com/rsyslog/rsyslog/issues/1720
- in IPv4 simple mode to-be-anonymized bits can get wrong
closes https://github.com/rsyslog/rsyslog/issues/1717
- imfile: add "fileoffset" metadata
This permits to send the offset from which the message was read together
with the message text.
Thanks to github user derekjsonar for the initial implementation which
we extended to use the message start offset.
- RainerScript: add ltrim and rtrim functions
closes https://github.com/rsyslog/rsyslog/issues/1711
- core: report module name when suspending action
Thanks to Orion Poplawski for the patch.
- core: add ability to limit number of error messages going to stderr
This permits to put a hard limit on the number of messages that can
go to stderr. If for nothing else, this capability is helpful for the
testbench. It permits to reduce spamming the test log while still
providing the ability to see initial error messages. Might also be
useful for some practical deployments.
global parameter: global(errorMessagesToStderr.maxNumber)
- tcpsrv subsystem: improve clarity of some error messages
operating system error message are added to some messages, providing
better advise of what actually is the error cause
- imptcp: include module name in error msg
- imtcp: include module name in error msg
- tls improvement: better error message if certificate file cannot be read
- omfwd: slightly improved error messages during config parsing
They now contain config file/line number information where this was missing.
- ommysql improvements
* Return specific code for unrecoverable errors. This makes retry processing
more performant and robust.
* error messages improved
* Update to utilize native v8 transactional interface. Previously, it used
the v7 interface with v8 emulation.
* treat server and client-generated messages differently
Server-generated error messages are considered non-recoverable, while
client generated once point into connection problems (which simply can
be retried). This is part of the improvements towards better
message-induced errors. Previous commits did only handle SQL parsing
errors, now we aim to address all of the message-induced error. We assume
that all server-generated errors are such - mysql API unfortunately does
not provide a clear indication of what type if error this is and it is
out of question to check for hundreds of error codes.
closes https://github.com/rsyslog/rsyslog/issues/1830
- ommysql bugfix: do not duplicate entries on failed transaction
If a multi-message batch contains data errors, messages may be
duplicated as connection close is implicit commit (not rollback).
This patch introduces a specific rollback request in those cases.
closes https://github.com/rsyslog/rsyslog/issues/1829
- imtcp bugfix: parameter priorityString was ignored
defaults were always used
- template/bugfix: invalid template option conflict detection
This prevented "option.casesensitive" to be used with the SQL and JSON
options.
- core/actions: fix handling of data-induced errors
Rsyslog core should try to detect data-induced (unrecoverable) errors
during action processing. An example of such is invalid SQL statements.
If the action returns a data error, rsyslog shall retry individual
messages from a batch in an effort to log those without errors. The others
shall be dropped.
This logic was temporarily disabled after the switch to the new v8
transaction interface. Now this bug is fixed and the testbench has been
amended to detect problems in the future.
closes https://github.com/rsyslog/rsyslog/issues/974
- core/action bugfix: no "action suspended" message during retry processing
The action engine does not emit "action suspended" messages but "resumed"
ones in retry processing. This is wrong, as they are a strong indication
that something does not work correctly. Nevertheless, "resumed" messages
were emitted, which was very puzzling for the user.
This patch fixes it so that "suspend" messages are given during retry
processing. These do not contain a retry timestamp, providing evidence
that a retry is currently being tried.
closes https://github.com/rsyslog/rsyslog/issues/1069
- core/ratelimit bugfix: race can lead to segfault
There was a race in iminternalAddMsg(), where the mutex is
released and after that the passed message object is accessed.
If the mainloop iterates in between, the msg may have already
been deleted by this time, resulting in a segfault.
Most importantly, there is no need to release the mutex lock
early, as suggested by current code. Inside mainloop the mutex
is acquired when it is time to do so, so at worst we'll have a
very slight wait there (which really does not matter at all).
This only happens if a large number of internal messages are emitted.
closes https://github.com/rsyslog/rsyslog/issues/1828
- core bugfix: rsyslog aborts if errmsg is generated in early startup
Note that the segfault can occur only during early startup. Once
rsyslog has started, everything works reliably. This condition can
especially be triggered by specifying invalid TLS default certificates.
closes https://github.com/rsyslog/rsyslog/issues/1783
closes https://github.com/rsyslog/rsyslog/issues/1786
- core bugfix: informational messages was logged with error severity
When the main loop reaped a child process (a normal action), this was
reported as an error. This caused user confusion. Now it is reported as
an informational message.
- core bugfix: --enable-debugless build was broken
This was a regression from the v8.29.0 debug enhancements
Thanks to Stephen Workman for the patch.
- queue bugfix: file write error message was incorrect
when a queue was restarted from disk file, it almost always
emitted a message claiming
"file opened for non-append write, but already contains xxx bytes"
This message was wrong and did not indicate a real error condition.
The predicate check was incorrect.
closes https://github.com/rsyslog/rsyslog/issues/170 (kind of)
- omrelp bugfix: segfault when rebindinterval parameter is used
- imudp bugfix: UDP oversize message not properly handled
When a message larger than supported by the UDP stack is to be sent,
EMSGSIZE is returned, but not specifically handled. That in turn
will lead to action suspension. However, this does not make sense
because messages over the UDP max message size simply cannot be sent.
closes https://github.com/rsyslog/rsyslog/issues/1654
- core bugfix: memory corruption during configuration parsing
when omfwd is used with the $streamdriverpermittedpeers legacy
parameter, a memory corruption can occur. This depends on the
length of the provided strings and probably the malloc subsystem.
Once config parsing succeeds, no problem can happen.
Thanks to Brent Douglas for initially reporting this issue and
providing great analysis.
Thanks to github user bwdoll for analyzing this bug and providing
a suggested fix (which is almost what this commit includes).
closes https://github.com/rsyslog/rsyslog/issues/1408
closes https://github.com/rsyslog/rsyslog/issues/1474
- core bugfix: race on worker thread termination during shutdown
The testbench got some occasionally failing tests. Review of
them brought up the idea that there is a race during worker
threat termination. Further investigation showed that this
might be a long-standing issue, but so far did not really
surface as the timing was almost always correct. However,
with the new functionality to emit a message on worker
shutdown (v8.29), the timing got more complex and now this
seemed to occasionally surface.
closes https://github.com/rsyslog/rsyslog/issues/1754
- omelasticsearch: avoid ES5 warnings while sending json in bulkmode
do this by adding proper content type header to ES request
Thanks to William Dauchy for the patch
- omelasticsearch bugfix: incompatibility with newer ElasticSearch version
ElasticSearch changed its API in newer versions. When "bulkmode" is enabled
in omelasticsearch, rsyslog seems to consider all responses from Elasticsearch
as errors, even the successful ones. As a consequence, every single request
ends up being logged into the error file.
closes https://github.com/rsyslog/rsyslog/issues/1731
Thanks to Vincent Quéméner for the patch.
- imptcp bugfix: invalid mutex addressing on some platforms
code did not compile on platforms without atomic instructions
Thanks to github user petiepooo for the patch
- imptcp bugfix: do not accept missing port in legacy listener definition
If legacy listener definition was used, a missing port was accepted during
the config read phase but errored out upon listener activation. This now
errors out directly when processing the config directive.
------------------------------------------------------------------------------
Version 8.29.0 [v8-stable] 2017-08-08
- imptcp: add experimental parameter "multiline"
This enables a heuristic to support multiline messages on raw tcp syslog
connections.
- imptcp: framing-related error messages now also indicate remote peer
This is the case e.g. for oversize messages.
- imtcp: framing-related error messages now also indicate remote peer
This is the case e.g. for oversize messages.
- imptcp: add session statistics counter
- session.opened
- session.openfailed
- session.closed
- imtcp: add ability to specify GnuTLS priority string
This permits to set cipher details on a very low level.
- impstats: add new resource counter "openfiles"
- pmnormalize: new parser module
Parser module that uses liblognorm to parse incoming messages.
- core/queue: provide informational messages on thread startup and shutdown
This provides better insight into operational state of rsyslog and is useful
in monitoring system health. Note that this causes the emission of messages
not previously seen. They are of syslog.informational priority.
- omfwd/udp: improve error reporting, deprecate maxerrormessages parameter
Generally improved udp-related error messages (e.g. they now contain the
socket number, which makes it easier to related them to errors reported by
net.c subsystem).
We also deprecated (removed) the "maxerrormessages" configuration parameters.
It provided some very rough rate-limiting capabilities and was introduced
before we had native rate-limiters. The default was that only the first 5
error messages were actually reported. For long-running instances, that
meant that in many cases no errors were ever reported. We now use the default
internal message rate limiter, which works far better and ensures that also
long-running instances will be able to emit error messages after prolonged
runtime. In contrast, this also means that users will see more error
messages from rsyslog, but that should actually improve the end user
experience.
- core: add parameters debug.file and debug.whitelist
allows one to generate debug log output only of specific files
Background information available at:
https://www.linkedin.com/pulse/improving-rsyslog-debug-output-jan-gerhards
- core/net.c: improve UDP socket creation error messages
- omfwd/udp: add "udp.sendbuf" parameter
- core: make rsyslog internal message rate-limiter configurable
New parameters "internalmsg.ratelimit.interval" and "internalmsg.ratelimit.burst"
have been added.
- omelasticsearch bugfixes and changed ES5 API support:
* avoid 404 during health check
Omelasticsearch responds differently to HTTP HEAD and GET requests and
returns correct state only on GET requests. This patch works around
that ES bug and always does a GET request even when technically a HEAD
request would be sufficient.
* avoid ES5 warnings while sending json
ES5 is generating warnings when sending json without the proper header:
$ curl -i -H "Content-Type: text/json" -XGET 'http://elasticsearch5:9200/' \
-d '{}\n'
HTTP/1.1 200 OK
Warning: 299 Elasticsearch-5.4.3-eed30a8 "Content type detection for rest
requests is deprecated. Specify the content type using the [Content-Type]
header." "Wed, 26 Jul 2017 14:33:28 GMT"
no issue on previous version.
Now, the header is set as application/json. It works for all versions
(tested on ES2 and ES5) we also handle the bulkmode where it should be
set to application/x-ndjson
closes https://github.com/rsyslog/rsyslog/issues/1546
* bugfix for memory leak while writing error file
Thanks to William Dauchy for providing the patches
- imfile bugfix: wildcard detection issue on path wildcards
Wildcards mode was not properly detected when wildcards
were only used in a directory name on startup.
This caused imfile not to create a proper dynamic filewatch.
closes: https://github.com/rsyslog/rsyslog/issues/1672
- omfwd bugfix: always give reason for suspension
In many cases, no error message were emitted when omfwd
went into action suspension, which was confusing for end
users. This patch enables explicit error messages in all
those cases.
closes https://github.com/rsyslog/rsyslog/issues/782
- omfwd bugfix: configured compression level was not properly used
Thanks to Harshvardhan Shrivastava for the patch.
- imptcp bugfix: potential socket leak on session shutdown
imptcp first tries to remove a to-be-shut-down socket from the
epoll set, and errors out if that does not work. In that case, the
underlying socket will be leaked.
This patch refactors the code; most importantly, it is not necessary
to remove the socket from the epoll set, as this happens automatically
on close. As such, we simply remove that part of the code, which
also removes the root cause of the socket leak.
- omfwd/omudpspoof bugfix: switch udp client sockets to nonblocking mode
On very busy systems, we see "udp send error 11" inside the logs, and the requesting
action is being suspended (and later resumed). During the suspension period (in
default configuration), messages are lost. Error 11 translates to EAGAIN and the
cause of this problem is that the system is running out of UDP buffer space. This
can happen on very busy systems (with busy networks).
It is not an error per se. Doing a short wait will resolve the issue. The real root
cause of the issue is that omfwd uses a nonblocking socket for sending. If it were
blocking, the OS would block until the situation is resolved. The need for a
non-blocking sockets is a purely historical one. In the days of single-threaded
processing (pre v3), everything needed to be done by multiplexing, and blocking was
not permitted. Since then, the engine has dramatically changed. Actions now run on
their own thread(s). As such, there is no longer a hard need to use non-blocking i/o
for sending data. Many other output plugins also do blocking wait (e.g. omelasticsearch).
As such, the real root cause of the trouble is unnecessarily using non-blocking mode,
and consequently the right solution is to change that.
Note that using blocking i/o might change some timing inside rsyslog, especially
during shutdown. So theoretical there is regression potential in that area. However,
the core is designed to handle that situation (e.g. there is special shutdown code to
handle the blocking case), so this does not stand against the "proper" solution.
This patch applies the change on the rsyslog core level, within net.c. The only
users of the changed functionality are omfwd and omudpspoof. Imudp is unaffected as
it requests server sockets.
Note that according to the sendto() man page, there is a second cause for the EAGAIN
error, this is when the system temporarily runs out of ephemeral ports. It is not
100% clear if this can also happen in the blocking case. However, if so, we can argue
this is a case where we really want the default retry logic. So for the time being,
it is appropriate to not handle EAGAIN in a special case any longer.
closes https://github.com/rsyslog/rsyslog/issues/1665
- imklog: fix permitnonkernelfacility not working
- impstats bugfix: impstats does not handle HUP
If the parameter "log.file" is specified, impstats writes its own
log file. However, HUP is not handled for this file, which makes
the functionality unusable with log rotation. It is also counter-
intuitive for users.
This patch enables correct HUP processing. As a sideline, it also
introduces a generic HUP processing framework for non-action type
of loadable modules.
closes https://github.com/rsyslog/rsyslog/issues/1662
closes https://github.com/rsyslog/rsyslog/issues/1663
- core bugfix: segfault after configuration errors
- core/queue bugfixes:
* Fix behavior of PersistStateInterval
If PersistStateInterval=1, then each log line read should cause the state file
to be updated, but this was not happening because nRecords was being post-increment.
Thanks to Anthony Howe for the patch.
* potential problem during deserialization
if queue object deserialization fails, invalid memory blocks might be
free'ed.
For more information see https://github.com/rsyslog/rsyslog/pull/1647
Thanks to Derek Smith for the patch.
- core bugfix: message garbled after message modification
The MsgDup() function will return a garbled message object under these
conditions: The message was originally created with message length equal or
larger to CONF_RAWMSG_BUFSIZE. This makes rsyslog store the message in
dynamically allocated buffer space. Then, a component reduces the message
size to a size lower than CONGF_RAWMSG_BUFSIZE. A frequent sample is the
parser removing a known-bad LF at the end of the messages. Then, MsgDup is
executed. It checks the message size and finds that it is below
CONF_RAWMSG_BUFSIZE, which make it copy the msg object internal buffer
instead of the dynamically allocated one. That buffer was not written to in
the first place, so uninitialized data is copied. Note that no segfault can
happen, as the copied location was properly allocated, just not used in
this processing flow. In the end result, the new message object contains
garbage data. Whenever the new object is used (e.g. in a async ruleset or
action) that garbage will be used. Whenever the old object is accessed,
correct data will be used. Both types of access can happen inside the
same processing flow, which makes the problem appear to be random.
closes https://github.com/rsyslog/rsyslog/issues/1658
- lmsig_ksi: removed pre-KSI_LS12 components
As of GuardTime, the provider, these no longer work due to backend
changes. The lmsig_ksi_ls12 module shall be used instead. This is
available since 8.27.0.
- testbench bugfix: hang in tests if omstdout is not present
Many tests depend on omstdout. Given the fact that omstdout
is really only useful for the testbench (at least that's the intent),
we now require --enable-omstdout if --enable-testbench is given.
The alternative would have been to disable all those tests that
need it, which would have lead to considerable less testbench
coverage.
closes https://github.com/rsyslog/rsyslog/issues/1649
------------------------------------------------------------------------------
Version 8.28.0 [v8-stable] 2017-06-27
- NEW BUILD REQUIREMENT: librelp 1.2.14 (to build relp components)
This was necessary because imrelp requires an API introduced in 1.2.14.
- omfwd: add parameter "tcp_frameDelimiter"
- omkafka: large refactor of kafka subsystem
This offers improvements and greatly increases reliability.
Closes https://github.com/rsyslog/rsyslog/issues/1559
Closes https://github.com/rsyslog/rsyslog/issues/1584
Closes https://github.com/rsyslog/rsyslog/issues/1515
Closes https://github.com/rsyslog/rsyslog/issues/1052
May fix https://github.com/rsyslog/rsyslog/issues/1230
- imfile: improved handling of atomically renamed file (w/ wildcards)
if a file is atomically renamed, the state file is also being renamed,
so processing continues as if the original name were kept.
see also: https://github.com/rsyslog/rsyslog/issues/1417
- imfile: add capability to truncate oversize messages or split into multiple
also in this case an error message is emitted. Both of these actions are
configurable. This also solves memory issues when an endregex does not
match for prolonged time. In that case, large parts of the file were
previously buffered, which could cause big problems in case e.g. the
endregex was simply wrong and never matched. For the later, see also
https://github.com/rsyslog/rsyslog/issues/1552
- mmdblookup
* upgraded from "contrib" to "fully supported" state
* refactored and simplified code
* added ability to specify custom names for extracted fields
* added ability to specify container name for extracted fields
* bugfix: fixed multiple memory leaks
- imptcp: add new parameter "flowControl"
- imrelp: add "maxDataSize" config parameter
Thanks to Nathan Brown for the patch.
- multiple modules: gtls: improve error if certificate file can't be opened
- omsnare: allow different tab escapes
Thanks to Shane P. Lawrence for the patch.
- omelasticsearch: converted to use libfastjson instead of json-c
json-c was used for historical purposes, and it's source included
within the rsyslog source tree. We now use libfastjson inside all
components.
- imjournal: _PID fallback
* added fallback for _PID property when SYSLOG_PID is not available
* introduced new option "usepid" which sets which property should
rsyslog use, it has 3 states system|syslog|both, default is both
* deprecated "usepidfromsystem" option, still can be used
and override the "usepid"
* it is possible to revert previous default with usepid="syslog"
Thanks to Radovan Sroka for the patch
- multiple modules: add better error messages when regcomp is failing
- omhiredis: fix build warnings
Thanks to Brian Knox for the fix.
- imfile bugfix: files mv-ed in into directory were not handled
Thanks to Zachary M. Zhao for the patch.
see also https://github.com/rsyslog/rsyslog/issues/1588
- omprog bugfix: execve() incorrectly called
this caused failures on some but not all platforms
Thanks to 張君天(Chun-Tien Chang) and Matthew Seaman for the patch.
- imfile bugfix: multiline timeout did not work if state file exists
The timeout feature for multiline reads does not correctly work for
files for which a state file existed. This is usually the case for files
that had been processed by a previous run and that still exist on the
new start. For all other files, especially those monitored by a
wildcard and newly created after the rsyslog start, timeout worked as
expected.
closes https://github.com/rsyslog/rsyslog/issues/1445
- lmsig_ksi-ls12 bugfix: build problems on some platforms
- core bugfix: invalid object type assertion
This lead to aborts due to failing assertion. Note that this could only
happen during debugging runs which includes runtime instrumentation,
something that never should be done in a stable production build.
So this did not affect ordinary users, only developers in with
deep debugging settings.
- regression fix: local hostname was not always detected properly...
... on early start (w/o network). Introduced in 8.27.0.
Thanks to github user jvymazal for the patch and whissi for
reporting and helping with the analysis.
- bugfix: format security issues in zmq3 modules
see also: https://github.com/rsyslog/rsyslog/pull/1565
Thanks to Thomas D. (whissi) for the patch.
- bugfix build system: add libksi only to those binaries that need it
Thanks to Allan Park for the patch.
- bugfix KSI ls12 components: invalid tree height calculation
Thanks to Allan Park for the patch.
- testbench/CI enhancements
* re-enable and add kafka tests
Kafka tests were disabled in 8.27.0 (a regression from imkafka).
* better testbench coverage for mmdblookup
* lmsig_ksi-ls12 is now being built at least on Centos7
------------------------------------------------------------------------------
Version 8.27.0 [v8-stable] 2017-05-16
- imkafka: add module
- imptcp enhancements:
* optionally emit an error message if incoming messages are truncated
* optionally emit connection tracking message (on connection create and
close)
* add "maxFrameSize" parameter to specify the maximum size permitted
in octet-counted mode
* add parameter "discardTruncatedMsg" to permit truncation of
oversize messages
* improve octect-counted mode detection: if the octet count is larger
then the set frame size (or overly large in general), it is now
assumed that octet-stuffing mode is used. This probably solves a
number of issues seen in real deployments.
- imtcp enhancements:
* add parameter "discardTruncatedMsg" to permit truncation of
oversize messages
* add "maxFrameSize" parameter to specify the maximum size permitted
in octet-counted mode
- imfile bugfix: "file not found error" repeatedly being reported
for configured non-existing file. In polling mode, this message
appeared once in each polling cycle, causing a potentially very large
amount of error messages. Note that they were usually emitted too
infrequently to trigger the error message rate limiter, albeit often
enough to be a major annoyance.
- imfile: in inotify mode, add error message if configured file cannot
be found
- imfile: add parameter "fileNotFoundError" to optionally disable
"file not found" error messages
- core: replaced gethostbyname() with getaddrinfo() call
Gethostbyname() is generally considered obsolete, is not reentrant and
cannot really work with IPv6. Changed the only place in rsyslog where
this call remained.
Thanks to github user jvymazal for the patch
- omkafka: add "origin" field to stats output
See also https://github.com/rsyslog/rsyslog/issues/1508
Thanks to Yury Bushmelev for providing the patch.
- imuxsock: rate-limiting also uses process name
both for the actual limit processing as well as warning messages emitted
see also https://github.com/rsyslog/rsyslog/pull/1520
Thanks to github user jvymazal for the patch
- Added new module: KSI log signing ver. 1.2 (lmsig_ksi_ls12)
- rsyslog base functionality now builds on osx (Mac)
Thanks to github user hdatma for his help in getting this done.
- build now works on solaris again
- imfile: fix cross-platform build issue
see also https://github.com/rsyslog/rsyslog/issues/1494
Thanks to Felix Janda for bug report and solution suggestion.
- bugfix core: segfault when no parser could parse message
This could happen if the default parser chain was changed and the
RFC3164 parser was not included. Never seen in practice, just by
experimenting in lab.
- bugfix core: rate-limit internal messages when going to external log system
Rate-limiting was only applied to messages processed internally.
While the external logging system probably also applies rate-limiting,
it would be preferable that rsyslog applies the same policies on
internal messages, no matter where they go. This is now the case.
- bugfix core: when obtaining local hostname, a NULL pointer could be
accessed. This depends on many factors, among them that no local host
name is configured in rsyslog.conf AND the local system configuration
also is set to an empty hostname.
Thanks to github user jvymazal for the patch.
- bugfix core: on shutdown, stderr was written to, even if already closed
This lead to messages going to whatever was associated with file
descriptor two.
Thanks to Allan Park for the patch.
- bugfix core: perform MainqObj destruction only when not NULL already
This affects the config object; in theory may lead to misaddressing during
config parsing.
Thanks to github user jvymazal for the patch
- bugfix core: memory leak when internal messages not processed internally
In this case, the message object is not destructed, resulting in
a memory leak. Usually, this is no problem due to the low number
of internal message, but it can become an issue if a large number
of messages is emitted.
closes https://github.com/rsyslog/rsyslog/issues/1548
closes https://github.com/rsyslog/rsyslog/issues/1531
- bugfix imptcp: potential overflow in octet count computation
when a very large octet count was specified, the counter could overflow
------------------------------------------------------------------------------
Version 8.26.0 [v8-stable] 2017-04-04
- NEW BUILD REQUIREMENT: liblognorm 2.0.3 is required for mmnormalize
If mmnormalize is not built, the build requirements are unchanged.
The new version is necessary because it contains an enhanced API for a
new mmnormalize feature.
- enable internal error messages at all times
This is an important change to the design of the rsyslog core internal
error message system. Previous code could deadlock if internal messages were
issued inside queue processing code, which effectively limited error-reporting
capabilities. This change makes it possible to call error messages from any
part of the code at any time.
As a side-effect, this also fixes an issue where rsyslog could deadlock if
imuxsock submited messages to the system log socket when that socket blocked.
This was a rare race, albeit consistently reproducible and also seen in
practice. The work-around for this issue was to set
global(processInternalMessages="on")
in rsyslog.conf. With the new code, this race can never happen again. The new
code also sets stage for emitting better error messages, especially in places
where we previously refrained from doing so and messages went only to the
debug log. For some file output and queue subsystem related messages, this
is already done, but there is still further work required.
Note well: this is a redesign of an important core component. While intensely
tested, this may still have some larger regression potential than usual code
changes.
- core: added logging name of source of rate-limited messages
This adds the name to the rate-limiting message itself, making it easier
to identify the actual source of "spam" messages.
Thanks to github user jvymazal for the patch.
- omfwd: omfwd: add support for network namespaces
Thanks to Bastian Stender for the patch.
- imrelp: honor input name if provided when submitting to impstats
Thanks to Jon Henry for the patch.
- imptcp: add ability to set owner/group/access perms for uds
Thanks to Nathan Brown for implementing this feature.
- mmnormalize: add ability to load a rulebase from action() parameter
This is especially useful for small rulebases, as it avoids having
a separate rulebase file.
closes https://github.com/rsyslog/rsyslog/issues/625
- pmrfc3164 improvements
- permit to ignore leading space in MSG
- permit to use at-sign in host names
- permit to require tag to end in colon
Thanks to github user bdolez for the contribution
- add new global parameter "umask"
This is equivalent to "$umask" and permits to convert that construct
to new-style config format.
closes https://github.com/rsyslog/rsyslog/issues/1382
- core: make use of -T command line option more secure
When the -T option is used, a chdir is now done right after chroot. It must
be noted, though, that -T is a testing option and has no intent to provide
real security. So this change does not mean it actually is sufficiently
secure.
Thanks to github user jvymazal for the patch.
- omfile: add error if both file and dynafile are set
- bugfix: build problem on MacOS (not a supported platform)
Thanks to FX Coudert for the fix.
- regression fix: in 8.25, str2num() returned error on empty string
past behavior was to return 0 in this case; past behavior was reinstantiated
Thanks to github user jvymazal for the patch.
- bugfix omsnmp: improper handling of new-style configuration parameters
Thanks to Radovan Sroka for the patch.
- bugfix: rsyslog identifies itself as "liblogging-stdlog" in internal messages
This occurred when liblogging-stdlog was used, and was used by default (without
explicit configuration). This is a regression of the new default, which does
not correctly call stdlog_open() in the default case.
closes https://github.com/rsyslog/rsyslog/issues/1442
- bugfix imfile: wrong files were monitored when using multiple imfile inputs
The bug was introduced by the changes for the multilevel wildcard feature
in 8.25.0. We have to handle FileCreate events different if the directory
watch is configured or added dynamically.
closes https://github.com/rsyslog/rsyslog/issues/1452
- bugfix: setting net.aclResolveHostname/net.acladdhostnameonfail segfaults
When compiling using hardened gcc (gentoo), specifying net.aclResolveHostname
or net.acladdhostnameonfail results in rsyslogd segfaulting on startup.
Thanks to Radovan Sroka for the patch.
- bugfix: immark emitted error messages with text "imuxsock"
Thanks to Chris Pilkington for the patch.
- bugfix tcpflood: build failed if RELP was disabled
- fix gcc6 compiler warnings
This also fixes a small bug with incorrectly working deprecated -u
command line option.
Thanks to Nikola Pajkovsky for the patch.
- the output module array passing interface has been removed
It wasn't functional since the v8 update, and the only user was omoracle,
which is a contributed module that is no longer maintained. So we
removed that interface to streamline the code. Should it ever be needed
again, we could check the 8.25 code base. Note, though, that that code
still needs to be adjusted to the v8 engine.
- testbench:
* tcpflood now automatically enters silent mode during Travis CI testing
This reduces testbench output, which is limited under Travis.
* the libqpid-proton package is no longer available for Ubuntu trusty. As
such, we disabled its use in Travis on this platform. Right now, this
means omamqp1 module is no longer tested on trusty.
------------------------------------------------------------------------------
Version 8.25.0 [v8-stable] 2017-02-21
- imfile: add support for wildcards in directory names
This now permits to monitor newly created directories without altering
the configuration.
- add new global option "parser.PermitSlashInProgramname"
- mmdblookup: fix build issues, code cleanup
Thanks to Dan Molik for the patch.
- improved debug output for queue corruption cases
- an error message is now displayed when a directory owner cannot be set
This mostly happens with omfile and dynafile. The new messages
facilitates troubleshooting.
- rainerscript:
* add new function ipv42num
* add new function num2ipv4
- bugfix: ratelimiter does not work correctly is time is set back
Thanks to github user hese10 for the patch.
see also https://github.com/rsyslog/rsyslog/issues/1354
- core: fix potential message loss in old-style transactional interface
This was experienced for example by omrelp. Could loose one message per
broken connection, iff that message did not make it to the unacked list.
- bugfix queue subsystem: queue corrupted if certain msg props are used
The core issues was in the msg object deserializer, which had the wrong
deserialization sequence. That in turn lead to queue corruption issues.
Corruption of disk queue (or disk part of DA queue) always happens if
the "json" property (message variables) is present and "structured-data"
property is also present. This causes rsyslog to serialize to the
queue in wrong property sequence, which will lead to error -2308 on
deserialization.
Seems to be a long-standing bug. Depending on version used, some or
all messages in disk queue may be lost.
closes https://github.com/rsyslog/rsyslog/issues/1404
- bugfix imjournal: fixed situation when time goes backwards
This is resolving the situation when system is after reboot and
boot_id doesn't match so cursor pointing into "future".
Usually sd_journal_next jump to head of journal due to journal
approximation, but when system time goes backwards and cursor is
still invalid, rsyslog stops logging.
We use sd_journal_get_cursor to validate our cursor.
When cursor is invalid we are trying to jump to the head of journal
This problem with time should not affect persistent journal,
but if cursor has been intentionally compromised it could stop
logging even with persistent journal.
- bugfix: bFlushOnTxEnd == 0 not honored when writing w/o async writer
If bFlushOnTXEnd is set, we need to flush on transaction end - in
any case. It is not relevant if this is using background writes
(which then become pretty slow) or not. And, similarly, no flush
happens when it is not set.
see also https://github.com/rsyslog/rsyslog/issues/1297
- bugfix core: str2num mishandling empty strings
If str2num() receives an empty string, misaddressing happens.
This theoretically can lead to a segfault if a RainerScript function
is used inside the configuration which calls code that could trigger
this bug.
closes https://github.com/rsyslog/rsyslog/issues/1412
- bugfix rainerscript: set/unset statement do not check variable name validity
Only JSON-based variables can be use with set and unset. Unfortunately,
this restriction is not checked. If an invalid variable is given
(e.g. $invalid), this is not detected upon config processing on
startup. During execution phase, this can lead to a segfault, a
memory leak or other types of problems.
Thanks to github user mostolog for reporting and helping to analyze
this issue.
see also https://github.com/rsyslog/rsyslog/issues/1376
closes https://github.com/rsyslog/rsyslog/issues/1377
- bugfix mmrm1stspace: last character of rawmsg property was doubled
- bugfix: rsyslog loops on freebsd when trying to write /dev/console
Rsyslog 8.23.0 loops on FreeBSD when trying to access a (now revoked)
/dev/console file descriptor, as per Alexandre's original bug report [1].
The original patch fixes the problem when tryTTYRecover() sees errno 6 ENXIO.
Running FreeBSD 10-stable here and getting errno 5 EIO, same as Xavier gets
in his 2016 bug report [2].
New patch [3] includes errno 5 to tryTTYRecover() in runtime/stream.c and
fixes the problem for me, on multiple machines.
[1] https://github.com/rsyslog/rsyslog/issues/371
[2] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211033
[3] https://bz-attachments.freebsd.org/attachment.cgi?id=178452
closes https://github.com/rsyslog/rsyslog/issues/1351
Thanks to Damien Fleuriot for the patch.
- bugfix imtcp: fix very small (cosmetic) memory leak
For each listener, the name of an assigned ruleset is not freed. This
is cosmetic, because it is a very small static leak AND it needs to
be kept until end of run anyways (and at end of run the OS frees it).
However, the leak breaks memleak checks in the testbench.
- fix build issues on some platforms (detected on newer Fedora)
------------------------------------------------------------------------------
Version 8.24.0 [v8-stable] 2017-01-10
- rsyslog now builds on AIX
see also: https://github.com/rsyslog/rsyslog/pull/1247
Thanks to github user purnimam1 and the team at IBM
Note: the rsyslog project has no AIX platform to ensure that future versions
will remain buildable on AIX. If you would like to contribute resources,
please contact the rsyslog team.
- mmdblookup: new maxminddb lookup message modify plugin
Thanks to 饶琛琳 (github user chenryn) for the contribution
- mmrm1stspace: new module; removes first space in MSG if present
- KSI signature provider: file permissions can now be specified
This happens via parameters equal to those used by omfile itself.
Note that KSI files can have different permissions/owner than the log
files themself.
Thanks to Allan Park for the patch.
- omzmq: new features
Thanks to Brian Knox for the patch.
- change: when the hostname is empty, we now use "localhost-empty-hostname"
In 8.23.0, "localhost" was used in this case, but that could be misleading.
The new name makes the error condition (gethostname() should always return
a non-empty name) more obvious.
- omelasticsearch: remove "asyncrepl" config parameter
The _bulk index endpoint on ElasticSearch 5.0 no longer
ignores the ?replication=async query parameter. It was deprecated
since 1.5 and silently ignored in 2.x but passing it to a 5.x
instance breaks omelasticsearch with a 400 response.
closes https://github.com/rsyslog/rsyslog/issues/1250
- omfwd: Add support for bind-to-device (see below on same for imudp)
- imudp: Add support for bind-to-device
Add support for bind-to-device option to omfwd and imudp modules.
Configured using device="name". Only new syntax format is supported.
e.g.,
input(type="imudp" port=["10514"] device="eth0" name="udp")
Action(type="omfwd" Target="192.168.1.23" Port="10514" Device="eth0")
see also https://github.com/rsyslog/rsyslog/pull/1261
Thanks to David Ahern for the patch.
- imudp: limit rcvbufsize parameter to max 1GiB
- rainerscript: implement new "call_indirect" statement
- bugfix imjournal: make state file handling more robust
There is a bug in rsyslog which is caused by not very atomic writes of
imjournal statefile. It's hardly reproducible but there is a way.
fscanf error appears only when rsyslog reads an empty statefile which
causes that imjournal is stopped so no logging from journal is
performed. When the statefile contains random bytes error appears
again but from journal and imjournal is stopped too.
In this patch Rsyslog writes imjournal statefile more atomically and
secure. Reading the statefile is more robust and doesn't affect
imjournal module so when corrupted statefile is read imjournal
ignores statefile, continues with logging and it doesn't stop. Logger
can be used as a test if it's logging or not.
Patch introduces a new option with both old and new config format
"IgnoreNonValidStateFile" which is "on" by default and it can turn
off ignorance of non valid statefile.
Thanks to github user tomassykora for the patch.
- bugfix core: lookup table reload was not properly integrated
The opcode was not handled, what lead to misleading messages
in debug log. Since we run debug builds more strictly, it also
causes an assertion to trigger, thus aborting the test
- bugfix core: potential deadlock on shutdown
could happen when rsyslog was started and quickly shut down OR when
coincidentally a new thread was spawend "with bad timing" around the time
of shutdown.
See also https://github.com/rsyslog/rsyslog/pull/1274
Thanks to github user tomassykora for the final patch and Rado Sroka for
the analysis and an initial patch.
- bugfix ommongodb: did not work in v8 due to invalid indirection
Thanks to Benoit Dolez for the patch.
- bugfix ommongodb: fix tryResume handling
To make tryResume working, the connection to mongodb need to be closed.
Thus close it on "insert error".
Thanks to Benoit Dolez for the patch.
- bugfix omfwd: retry processing was not done correctly, could stall
see also https://github.com/rsyslog/rsyslog/pull/1261
Thanks to David Ahern for the patch.
- bugfix imuxsock: segfault non shutdown when $OmitLocalLogging is on
Imuxsock tries to close socket on index 0 which ends with segfault.
Thanks to Tomas Sykora for the patch.
- testbench:
* empty-hostname test did not work correctly
* improve debugging by better output
------------------------------------------------------------------------------
Version 8.23.0 [v8-stable] 2016-11-15
- NEW BUILD REQUIREMENT: libfastjson 0.99.3
This was introduced in 8.20.0 as a suggestion and has now become a hard
requirement. See 8.20.0 ChangeLog entry for more details.
- KSI signatures: removed SHA2-224 hash algorithm
This is considered insecure and no longer supported by the underlying
KSI library. If still used within a configuration, a descriptive error
message is emitted during config processing.
Thanks to Henri Lakk for the initial patch.
- imfile: new timeout feature for multi-line reads
When using startmsg.regex, messages are held until the next one is written.
We now provide a "readTimeout" parameter family (see doc) to timeout such
reads and ensure messages are not held for a very long time.
see also https://github.com/rsyslog/rsyslog/issues/1133
- omfile: improve robustness against network file system failures
in case of failure, a close and re-open is tried, which often solves the
issue (and wasn't handle before this patch).
see also https://github.com/rsyslog/rsyslog/pull/1161
Thanks to github user hese10 for the patch.
- pmaixforwardedfrom: support for AIX syslogd -s option
if syslog in AIX started with "-s" option, AIX syslog adds only "From "
instead of "Message forwarded from ". With this patch, both are now
detected.
Thanks to github user patelritesh for the patch.
- omelasticsearch: add ability to specify max http request size
This permits to keep batches below ES-configured limits.
Thanks to github user barakshechter for the patch.
- omelasticsearch: high availability addressing of ElasticSearch cluster
allow one to specify an array of servers, which is tried until a working
one is found (and given up only if none works).
Thanks to github user barakshechter for the patch.
- omelasticsearch: make compatible with ElasticSearch 2.x and 5.x
fixes omelasticsearch logs response from ElasticSearch 5.0 _bulk
endpoint as error
See also https://github.com/rsyslog/rsyslog/pull/1253
Thanks to Christian Rodemeyer for the patch.
- omhiredis: add dynakey attribute.
If set to on, this causes omhiredis to treat the key attribute as the
name of a template so that you can build a dynamic redis queue name
or list key.
see also: https://github.com/rsyslog/rsyslog/pull/1218
Thanks to github user bobthemighty for the patch
- omtcl: new contributed module
see also https://github.com/rsyslog/rsyslog/pull/1041
Please note: contributed modules are not directly supported by the
project. You might want to contact the author for questions.
Thanks to Francisco Castro for contributing it.
- RainerScript: provide a capability to set environment variables
via 'global(environment="var=val")' config statement.
This is most importantly for things like HTTP_PROXY.
see also https://github.com/rsyslog/rsyslog/issues/1209
- lookup tables: improved error checking
Thanks to Janmejay Singh for the patch.
- queue subsystem: add configuration parameter "queue.samplinginterval"
Supports sampling of messages (as often used in data transmission).
Thanks to Zachary M. Zhao for the patch.
- bugfix core: errmsg.LogError now switches to dfltErrLogger just before shutdown
Thanks to Janmejay Singh for the patches.
- bugfix core: fixed un-freed memory in non-transactional action using string-passing
closes https://github.com/rsyslog/rsyslog/issues/968
Thanks to Janmejay Singh for the patches.
- rsgtutil: option to specify KSI publications file certificate constraints
see also https://github.com/rsyslog/rsyslog/issues/1207
- omprog: bugfixes and enhancements
- omprog resource leak fix (fd leak)
- omprog got ability to force-kill process if it doesn't die in 5 seconds
(linux specific)
- child-process lifecycle debugging aid (in form of logs) (mainLoop and
omprog cleanup both log pid at child-death, mainLoop reaping is now
visible to user, as opposed to being a mystery, because omprog didn't
seem to anticipate it in terms of code)
Thanks to Janmejay Singh for the patches.
see also https://github.com/rsyslog/rsyslog/pull/1155
- bugfix imfile: ReopenOnTruncate processing, file open processing
This fixes
* ReopenOnTruncate was only honored when a state file existed
see https://github.com/rsyslog/rsyslog/issues/1090
* open processing could run into a loop
see https://github.com/rsyslog/rsyslog/issues/1174
This is done via refactoring the open file handling, which provides
overall cleaner and easier-to-follow code.
Thanks to Owen Smith for analyzing the problem and providing a
prototype PR which greatly helped towards the final solution.
- bugfix omlibdbi: libdbi-driver-sqlite3/2 requires to provide a path to
database split into two strings:
* absolute path, where the database file sits
* database filename itself.
This was previously not done.
Thanks to github user aleek for the patch.
- bugfix RainerScript: issue in prifilt() function
Initialize func-data(and to-be-freed flag) correctly for prifilt
function-node
Thanks to Janmejay Singh for the patch.
- bugfix omrelp: invalid module name imrelp was used in some error messages
Thanks to Chris Pilkington for the patch.
- bugfix core: abort when persisting object state
This causes a segfault. It happens whenever an object state larger
than 4095 byte is persisted. Then, incorrectly a try to rollover to
a new state file is tried, which will lead to a division by zero
as the necessary variables for this operation are not set because we
are NOT in circular mode.
This problem can happen wherever state files are written. It has been
experienced with imfile and queue files.
Many thanks to github user mostolog for his help in reproducing the issue,
which was very important to finally nail down this long-standing bug.
closes https://github.com/rsyslog/rsyslog/issues/1239
closes https://github.com/rsyslog/rsyslog/issues/1162
closes https://github.com/rsyslog/rsyslog/issues/1074
- bugfix: segfault if hostname is unset on system
happens when gethostname() returns empty string. This will cause
the createon of the localhostname prop_t to fail, which in turn
leads to a NULL pointer dereference when emitting local messages.
As we emit a startup message by default, this had usually lead
to a segfault on startup.
Thanks to Erik Potter and github user mostolog for their help
in analyzing this problem.
closes https://github.com/rsyslog/rsyslog/issues/1040
closes https://github.com/rsyslog/rsyslog/issues/335
- bugfix external module perl skeleton: did not work properly
Thanks to github user Igorjan666 for the patch.
- bugfix build system: Fix detection of pthread_setschedparam() on platforms
such as FreeBSD
see also https://github.com/rsyslog/rsyslog/pull/1147
Thanks to Matthew Seaman for the patch.
- bugfix omelasticsearch: modifies constant memory under some circumstances
Function computeBaseUrl may modify its serverParam parameter, but
this may contain the constant string "localhost". Depending on the
platform, this can lead to a segfault.
Noticed while working on compiler warnings, not seen in practice.
- "bugfix": theoretical queue file corruption when more than MAX_INT files
closes https://github.com/rsyslog/rsyslog/issues/1202
- bug fix/KSI: LOGSIG11 missing in the beginning of KSI log signature file
When logging with KSI is not working properly for whatever reason, an
empty .ksisig file is created (which by itself is not an issue). However,
later it looks like this file is re-used, but it is not checked whether it
already contains the magic LOGSIG11 in the beginning of the file. This leads
to a log signature file which has correct content but is missing the
LOGSIG11 magic in the beginning.
- bugfix template processor: missing escaping of backslash in json mode
Thanks to github user mostolog for providing the patch.
- build environment: --enable-debug now defaults to new "auto" mode
previously, DEBUG mode (and thus assert() macros) was disabled by default
and explicitly needed to be enabled by providing the --enable-debug
./configure switch. Now, a new --enable-debug=auto mode has been added
and made the default. It enables DEBUG mode if we build from git and only
disables it when a release build is done (from the release tarball). This
aims at better error checking during testbench runs and developer testing.
- testbench improvements
* improved testbench file generation tool
Thanks to Pascal Withopf for the patch.
* added some plumbing for extended tests which work by overriding OS APIs
* imfile ReopenOnTruncate option is now being tested
* the CI environment now runs most tests in debug mode, but some in
release mode to cover potential release-mode races
* template json option is now being tested
* object state persisting received a basic test
* added test for empty hostnames
* added tests for omprog
------------------------------------------------------------------------------
Version 8.22.0 [v8-stable] 2016-10-04
- ompgsql: add template support
Thanks to Radu Gheorghe for implementing this.
- generate somewhat better error message on config file syntax error
a common case (object at invalid location) has received it's own error
message; for the rest we still rely on the generic flex/bison handler
- bugfix:omhiredis reconnects after failure
previously it could loose messages under such conditions.
Thanks to Bob Gregory for the patch.
- general cleanup and code improvement
mostly guided by compiler warnings induced by newer opensuse buildbot
environment
------------------------------------------------------------------------------
Version 8.21.0 [v8-stable] 2016-08-23
- CHANGE OF BEHAVIOR:
by default, internal messages are no longer logged via the internal
bridge to rsyslog but via the syslog() API call [either directly or
via liblogging). For the typical single-rsyslogd-instance installation this
is mostly unnoticeable (except for some additional latency). If multiple
instances are run, only the "main" (the one processing system log messages)
will see all messages. To return to the old behavior, do either of those
two:
1) add in rsyslog.conf:
global(processInternalMessages="on")
2) export the environment variable RSYSLOG_DFLT_LOG_INTERNAL=1
This will set a new default - the value can still be overwritten via
rsyslog.conf (method 1). Note that the environment variable must be
set in your **startup script**.
For more information, please visit
https://www.rsyslog.com/rsyslog-error-reporting-improved/
- slightly improved TLS syslog error messages
- queue subsystem: improved robustness
The .qi file is now persisted whenever an existing queue file is fully
written and a new file is begun. This helps with rsyslog aborts, including
the common case where the OS issues kill -9 because of insufficiently
configured termination timeout (this is an OS config error, but a frequent
one). Also, a situation where an orphaned empty file could be left in the
queue work directory has been fixed. We expect that this change causes
fewer permanent queue failures.
- bugfix: build failed on some platforms due to missing include files
------------------------------------------------------------------------------
Version 8.20.0 [v8-stable] 2016-07-12
- NEW BUILD REQUIREMENT: librelp, was 1.2.5, now is 1.2.12
This is only needed if --enable-relp is used. The new version is needed
to support the new timeout parameter in omrelp.
- NEW BUILD SUGGESTION: libfastjson 0.99.3
while not strictly necessary, previous versions of libfastjson have a bug
in unicode processing that can result in non US-ASCII characters to be
improperly encoded and may (very unlikely) also cause a segfault.
This version will become mandatory in rsyslog 8.23.0
- omrelp: add configurable connection timeout
Thanks to Nathan Brown for implementing this feature.
- pmrfc3164: add support for slashes in hostname
added parameter "permit.slashesinhostname" to support this, off by default
[Note that the RFC5424 always supported this, as 5424 is a different
standard]
- bugfix omfile: handle chown() failure correctly
If the file creation succeeds, but chown() failed, the file was
still writen, even if the user requested that this should be treated
as a failure case. This is corrected now.
Also, some refactoring was done to create better error messages.
- omfile now better conveys status of unwritable files back to core
- config files recursively including themselves are now detected
and an error message is emitted in that case; Previously, this
misconfiguration resulted in rsyslog loop and abort during startup.
closes https://github.com/rsyslog/rsyslog/issues/1058
- refactored code to not emit compiler warnings in "strict mode"
We changed the compiler warning settings to be rather strict and cleaned up
the code to work without generating any warning messages.
This results in an overall even more improved code quality, which will now
also be enforced via our CI systems.
- bugfix: fix some issues with action CommitTransaction() handling
An action that returns an error from CommitTransaction() caused a
loop in rsyslog action processing. Similarly, retry processing was not
properly handled in regard to CommitTransaction().
This is a first shot at fixing the situation. It solves the
immediate problems, but does not implement the full desired
functionality (like error file).
see also https://github.com/rsyslog/rsyslog/issues/974
see also https://github.com/rsyslog/rsyslog/issues/500
- bugfix omqmqp1: connecting to the message bus fails on nonstandard port
Thanks to Ken Giusti for the patch.
see also: https://github.com/rsyslog/rsyslog/pull/1064
- testbench/CI enhancements
* new tests for RELP components
* new tests for core action processing and retry
* travis tests now also run against all unstable versions of supporting
libraries. This helps to track interdependency problems early.
* new tests for hostname parsing
* new tests for RainerScript comparisons
------------------------------------------------------------------------------
Version 8.19.0 [v8-stable] 2016-05-31
- NEW BUILD REQUIREMENT: autoconf-archive
- omelasticsearch: add option to permit unsigned certs (experimentally)
This adds plumbing as suggested by Joerg Heinemann and Radu Gheorghe,
but is otherwise untested. Chances are good it works. If you use it,
please let us know your experience and most importantly any bug
reports you may have.
closes https://github.com/rsyslog/rsyslog/issues/89
- imrelp: better error codes on unavailability of TLS options
Most importantly, we will tell the user in clear words if specific TLS
options are not available due to too-old GnuTLS.
closes https://github.com/rsyslog/rsyslog/issues/1019
- default stack size for inputs has been explicitly set to 4MiB
for most platforms, this means a reduction from the default of 10MiB, however
it may mean an increase for micro-libc's (some may have as low as 80KiB by
default).
- testbench: We are now using libfaketime instead of faketime command line
tool. Make sure you have installed the library and not just the binary!
- refactor stringbuf
* use only a single string buffer
... both for the internal representation as well as the C-String one.
The module originally tried to support embedded NUL characters, which
over time has proven to be not necessary. Rsyslog always encodes
NUL into escape sequences.
Also, the dual buffers were used inconsistently, which could lead to
subtle bugs. With the single buffer, this does no longer happen and
we also get some improved performance (should be noticeable)
and reduced memory use (a bit).
closes https://github.com/rsyslog/rsyslog/issues/1033
* removed no longer used code
* internal API changes to reflect new needs
* performance improvements
* miscellaneous minor cleanup
- fix: potential misaddressing in template config processing
This could cause segfault on startup. Happens when template name shorter
than two chars and outname is not set. Once we are over startup, things
work reliably.
- bugfix omfile: async output file writing does not respect flushing
neither parameter flushInterval nor flushOnTXEnd="on" was respected.
closes https://github.com/rsyslog/rsyslog/issues/1054
- bugfix imfile: corrupted multi-line message when state data was persisted
see also https://github.com/rsyslog/rsyslog/issues/874
Thanks to Magnus Hyllander for the analysis and a patch suggestion.
- bugfix imfile: missing newline after first line of multiline message
see also https://github.com/rsyslog/rsyslog/issues/843
Thanks to Magnus Hyllander for the patch.
- bugfix: dynstats unusedMetricTtl bug
Thanks to Janmejay Singh for fixing this.
- bugfix build system: build was broken on SunOS
Thanks to Filip Hajny for the patch.
- bugfix: afterRun entry point not correctly called
The entry point was called at the wrong spot, only when the thread
had not already terminated by itself. This could cause various
cleanup to not be done. This affected e.g. imjournal.
closes https://github.com/rsyslog/rsyslog/issues/882
- bugfix dynstats: do not leak file handles
Thanks to Janmejay Singh for the patch.
- bugfix omelasticsearch: disable libCURL signal handling
previously, this could lead to segfaults on connection timeout
see also https://github.com/rsyslog/rsyslog/pull/1007
Thanks to Sai Ke WANG for the patch.
- bugfix omelasticsearch: some regressions were fixed
* error file was no longer written
* fix for some potential misaddressings
- improved wording: gnutls error message points to potential cause
What GnutTLS returns us is very unspecific and somewhat misleading, so
we point to what it most probably is (broken connect).
see also https://github.com/rsyslog/rsyslog/issues/846
- some general code improvements
* "fixed" cosmetic memory leaks at shutdown
- build system bugfix: configure can't find gss_acquire_cred on Solaris
Thanks to github user vlmarek for the patch.
- improvements to the CI environment
* improvements on the non-raciness of some tests
* imdiag: avoid races in detecting queue empty status
This resolves cases where the testbench terminated rsyslog too early,
resulting in potential message loss and test failure.
* omkafka has now dynamic tests
Thanks to Janmejay Singh for implementing them.
* try to merge PR to master and run tests; this guards against cross-PR
regressions and wasn't caught previously. Note that we skip this test
if we cannot successfully merge. So this is not a replacement for a
daily full "all-project integration test run".
* travis has finally enabled elasticsearch tests
ES was unfortunately not being regularly tested for quite a while due to
missing environment. This lead to some regressions becoming undetected.
These were now discovered thanks to the new support on travis. Also, this
guards against future regressions.
* imfile has now additional tests and overall better coverage
* omfile has now additional tests
------------------------------------------------------------------------------
Version 8.18.0 [v8-stable] 2016-04-19
- testbench: When running privdrop tests testbench tries to drop
user to "rsyslog", "syslog" or "daemon" when running as root and
you don't explicit set RSYSLOG_TESTUSER environment variable.
Make sure the unprivileged testuser can write into tests/ dir!
- templates: add option to convert timestamps to UTC
closes https://github.com/rsyslog/rsyslog/issues/730
- omjournal: fix segfault (regression in 8.17.0)
- imptcp: added AF_UNIX support
Thanks to Nathan Brown for implementing this feature.
- new template options
* compressSpace
* date-utc
- redis: support for authentication
Thanks to Manohar Ht for the patch
- omkafka: makes kafka-producer on-HUP restart optional
As of now, omkafka kills and re-creates kafka-producer on HUP. This
is not always desirable. This change introduces an action param
(reopenOnHup="on|off") which allows user to control re-cycling of
kafka-producer.
It defaults to on (for backward compatibility). Off allows user to
ignore HUP as far as kafka-producer is concerned.
Thanks to Janmejay Singh for implementing this feature
- imfile: new "FreshStartTail" input parameter
Thanks to Curu Wong for implementing this.
- omjournal: fix libfastjson API issues
This module accessed private data members of libfastjson
- ommongodb: fix json API issues
This module accessed private data members of libfastjson
- testbench improvements (more tests and more thorough tests)
among others:
- tests for omjournal added
- tests for KSI subsystem
- tests for privilege drop statements
- basic test for RELP with TLS
- some previously disabled tests have been re-enabled
- dynamic stats subsystem: a couple of smaller changes
they also involve the format, which is slightly incompatible to
previous version. As this was out only very recently (last version),
we considered this as acceptable.
Thanks to Janmejay Singh for developing this.
- foreach loop: now also iterates over objects (not just arrays)
Thanks to Janmejay Singh for developing this.
- improvements to the CI environment
- enhancement: queue subsystem is more robst in regard to some corruptions
It is now detected if a .qi file states that the queue contains more
records than there are actually inside the queue files. Previously this
resulted in an emergency switch to direct mode, now the problem is only
reported but processing continues.
- enhancement: Allow rsyslog to bind UDP ports even w/out specific
interface being up at the moment.
Alternatively, rsyslog could be ordered after networking, however,
that might have some negative side effects. Also IP_FREEBIND is
recommended by systemd documentation.
Thanks to Nirmoy Das and Marius Tomaschewski for the patch.
- cleanup: removed no longer needed json-c compatibility layer
as we now always use libfastjson, we do not need to support old
versions of json-c (libfastjson was based on the newest json-c
version at the time of the fork, which is the newest in regard
to the compatibility layer)
- new External plugin for sending metrics to SPM Monitoring SaaS
Thanks to Radu Gheorghe for the patch.
- bugfix imfile: fix memory corruption bug when appending @cee
Thanks to Brian Knox for the patch.
- bugfix: memory misallocation if position.from and position.to is used
a negative amount of memory is tried to be allocated if position.from
is smaller than the buffer size (at least with json variables). This
usually leads to a segfault.
closes https://github.com/rsyslog/rsyslog/issues/915
- bugfix: fix potential memleak in TCP allowed sender definition
depending on circumstances, a very small leak could happen on each
HUP. This was caused by an invalid macro definition which did not rule
out side effects.
- bugfix: $PrivDropToGroupID actually did a name lookup
... instead of using the provided ID
- bugfix: small memory leak in imfile
Thanks to Tomas Heinrich for the patch.
- bugfix: double free in jsonmesg template
There has to be actual json data in the message (from mmjsonparse,
mmnormalize, imjournal, ...) to trigger the crash.
Thanks to Tomas Heinrich for the patch.
- bugfix: incorrect formatting of stats when CEE/Json format is used
This lead to ill-formed json being generated
- bugfix omfwd: new-style keepalive action parameters did not work
due to being inconsistently spelled inside the code. Note that legacy
parameters $keepalive... always worked
see also: https://github.com/rsyslog/rsyslog/issues/916
Thanks to Devin Christensen for alerting us and an analysis of the
root cause.
- bugfix: memory leaks in logctl utility
Detected by clang static analyzer. Note that these leaks CAN happen in
practice and may even be pretty large. This was probably never detected
because the tool is not often used.
- bugfix omrelp: fix segfault if no port action parameter was given
closes https://github.com/rsyslog/rsyslog/issues/911
- bugfix imtcp: Messages not terminated by a NL were discarded
... upon connection termination.
Thanks to Tomas Heinrich for the patch.
------------------------------------------------------------------------------
Version 8.17.0 [v8-stable] 2016-03-08
- NEW REQUIREMENT: libfastjson
see also:
http://blog.gerhards.net/2015/12/rsyslog-and-liblognorm-will-switch-to.html
- new testbench requirement: faketime command line tool
This is used to generate a controlled environment for time-based tests; if
not available, tests will gracefully be skipped.
- improve json variable performance
We use libfastjson's alternative hash function, which has been
proven to be much faster than the default one (which stems
back to libjson-c). This should bring an overall performance
improvement for all operations involving variable processing.
closes https://github.com/rsyslog/rsyslog/issues/848
- new experimental feature: lookup table support
Note that at this time, this is an experimental feature which is not yet
fully supported by the rsyslog team. It is introduced in order to gain
more feedback and to make it available as early as possible because many
people consider it useful.
Thanks to Janmejay Singh for implementing this feature
- new feature: dynamic statistics counters
which may be changed during rule processing
Thanks to Janmejay Singh for suggesting and implementing this feature
- new contributed plugin: omamqp1 for AMQP 1.0-compliant brokers
Thanks to Ken Giusti for this module
- new set of UTC-based $now family of variables ($now-utc, $year-utc, ...)
- simplified locking when accessing message and local variables
this simplifies the code and slightly increases performance if such
variables are heavily accessed.
- new global parameter "debug.unloadModules"
This permits to disable unloading of modules, e.g. to make valgrind
reports more useful (without a need to recompile).
- timestamp handling: guard against invalid dates
We do not permit dates outside of the year 1970..2100
interval. Note that network-receivers do already guard
against this, so the new guard only guards against invalid
system time.
- imfile: add "trimlineoverbytes" input parameter
Thanks to github user JindongChen for the patch.
- ommongodb: add support for extended json format for dates
Thanks to Florian Bücklers for the patch.
- omjournal: add support for templates
see also: https://github.com/rsyslog/rsyslog/pull/770
Thanks to github user bobthemighty for the patch
- imuxsock: add "ruleset" input parameter
- testbench: framework improvement: configs can be included in test file
they do no longer need to be in a separate file, which saves a bit
of work when working with them. This is supported for simple tests with
a single running rsyslog instance
Thanks to Janmejay Singh for inspiring me with a similar method in
liblognorm testbench.
- imptcp: performance improvements
Thanks to Janmejay Singh for implementing this improvement
- made build compile (almost) without warnings
still some warnings are suppressed where this is currently required
- improve interface definition in some modules, e.g. mmanon, mmsequence
This is more an internal cleanup and should have no actual affect to
the end user.
- solaris build: MAXHOSTNAMELEN properly detected
- build system improvement: ability to detect old hiredis libs
This permits to automatically build omhiredis on systems where the
hiredis libs do not provide a pkgconfig file. Previously, this
required manual configuration.
Thanks to github user jaymell for the patch.
- rsgtutil: dump mode improvements
* auto-detect signature file type
* ability to dump hash chains for log extraction files
- build system: fix build issues with clang
clang builds often failed with a missing external symbol
"rpl_malloc". This was caused by checks in configure.ac,
which checked for specific GNU semantics. As we do not need
them (we never ask malloc for zero bytes), we can safely
remove the macros.
Note that we routinely run clang static analyzer in CI and
it also detects such calls as invalid.
closes https://github.com/rsyslog/rsyslog/issues/834
- bugfix: unixtimestamp date format was incorrectly computed
The problem happened in leap year from March til then end
of year and healed itself at the beginning of the next year.
During the problem period, the timestamp was 24 hours too low.
fixes https://github.com/rsyslog/rsyslog/issues/830
- bugfix: date-ordinal date format was incorrectly computed
same root cause aus for unixtimestamp and same triggering
condition. During the affected perido, the ordinal was one
too less.
- bugfix: some race when shutting down input module threads
this had little, if at all, effect on real deployments as it resulted
in a small leak right before rsyslog termination. However, it caused
trouble with the testbench (and other QA tools).
Thanks to Peter Portante for the patch and both Peter and Janmejay
Singh for helping to analyze what was going on.
- bugfix tcpflood: did not handle connection drops correct in TLS case
note that tcpflood is a testbench too. The bug caused some testbench
instability, but had no effect on deployments.
- bugfix: abort if global parameter value was wrong
If so, the abort happened during startup. Once started,
all was stable.
- bugfix omkafka: fix potential NULL pointer addressing
this happened when the topic cache was full and an entry
needed to be evicted
- bugfix impstats: @cee cookie was prefixed to wrong format (json vs. cee)
Thanks to Volker Fröhlich for the fix.
- bugfix imfile: fix race during startup that could lead to some duplication
If a to-be-monitored file was created after inotify was initialized
but before startup was completed, the first chunk of data from this
file could be duplicated. This should have happened very rarely in
practice, but caused occasional testbench failures.
see also: https://github.com/rsyslog/rsyslog/issues/791
- bugfix: potential loss of single message at queue shutdown
see also: https://github.com/rsyslog/rsyslog/issues/262
- bugfix: potential deadlock with heavy variable access
When making heavy use of global, local and message variables, a deadlock
could occur. While it is extremely unlikely to happen, we have at least
seen one incarnation of this problem in practice.
- bugfix ommysql: on some platforms, serverport parameter had no effect
This was caused by an invalid code sequence which's outcome depends on
compiler settings.
- bugfix omelasticsearch: invalid pointer dereference
The actual practical impact is not clear. This came up when working
on compiler warnings.
Thanks to David Lang for the patch.
- bugfix omhiredis: serverport config parameter did not reliably work
depended on environment/compiler used to build
- bugfix rsgtutil: -h command line option did not work
Thanks to Henri Lakk for the patch.
- bugfix lexer: hex numbers were not properly represented
see: https://github.com/rsyslog/rsyslog/pull/771
Thanks to Sam Hanes for the patch.
- bugfix TLS syslog: intermittent errors while sending data
Regression from commit 1394e0b. A symptom often seen was the message
"unexpected GnuTLS error -50 in nsd_gtls.c:530"
- bugfix imfile: abort on startup if no slash was present in file name param
Thanks to Brian Knox for the patch.
- bugfix rsgtutil: fixed abort when using short command line options
Thanks to Henri Lakk
- bugfix rsgtutil: invalid computation of log record extraction file
This caused verification to fail because the hash chain was actually
incorrect. Depended on the input data set.
closes https://github.com/rsyslog/rsyslog/issues/832
- bugfix build system: KSI components could only be build if in default path
------------------------------------------------------------------------------
Version 8.16.0 [v8-stable] 2016-01-26
- rsgtutil: Added extraction support including loglines and hash chains.
More details on how to extract loglines can be found in the rsgtutil
manpage. See also: https://github.com/rsyslog/rsyslog/issues/561
- clean up doAction output module interface
We started with char * pointers, but used different types of pointers
over time. This lead to alignment warnings. In practice, I think this
should never cause any problems (at least there have been no reports
in the 7 or so years we do this), but it is not clean. The interface is
now cleaned up. We do this in a way that does not require modifications
to modules that just use string parameters. For those with message
parameters, have a look at e.g. mmutf8fix to see how easy the
required change is.
- new system properties for $NOW properties based on UTC
This permits to express current system time in UTC.
See also https://github.com/rsyslog/rsyslog/issues/729
- impstats: support broken ElasticSearch JSON implementation
ES 2.0 no longer supports valid JSON and disallows dots inside names.
This adds a new "json-elasticsearch" format option which replaces
those dots by the bang ("!") character. So "discarded.full" becomes
"discarded!full".
This is a workaround. A method that will provide more control over
replacements will be implemented some time in the future. For
details, see below-quoted issue tracker.
closes https://github.com/rsyslog/rsyslog/issues/713
- omelasticsearch: craft better URLs
Elasticsearch is confused by url's ending in a bare '?' or '&'. While
this is valid, those are no longer produced.
Thanks to Benno Evers for the patch.
- imfile: add experimental "reopenOnTruncate" parameter
Thanks to Matthew Wang for the patch.
- bugfix imfile: proper handling of inotify initialization failure
Thanks to Zachary Zhao for the patch.
- bugfix imfile: potential segfault due to improper handling of ev var
This occurs in inotify mode, only.
Thanks to Zachary Zhao and Peter Portante for the patch.
closes https://github.com/rsyslog/rsyslog/issues/718
- bugfix imfile: potential segfault under heavy load.
This occurs in inotify mode when using wildcards, only.
The root cause is dropped IN_IGNORED inotify events which be dropped
in circumstance of high input pressure and frequent rotation, and
according to wikipeida, they can also be dropped in other conditions.
Thanks to Zachary Zhao for the patch.
closes https://github.com/rsyslog/rsyslog/issues/723
- bugfix ommail: invalid handling of server response
if that response was split into different read calls. Could lead to
error-termination of send operation. Problem is pretty unlikely to
occur in standard setups (requires slow connection to SMTP server).
Thank to github user haixingood for the patch.
- bugfix omelasticsearch: custom serverport was ignored on some platforms
Thanks to Benno Evers for the patch.
- bugfix: tarball did not include some testbench files
Thanks to Thomas D. (whissi) for the patch.
- bugfix: memory misaddressing during config parsing string template
This occurred if an (invalid) template option larger than 63 characters
was given.
Thanks to git hub user c6226 for the patch.
- bugfix imzmq: memory leak
Thanks to Jeremy Liang for the patch.
- bugfix imzmq: memory leak
Thanks to github user xushengping for the patch.
- bugfix omzmq: memory leak
Thanks to Jack Lin for the patch.
- some code improvement and cleanup
------------------------------------------------------------------------------
Version 8.15.0 [v8-stable] 2015-12-15
- KSI Lib: Updated code to run with libksi 3.4.0.5
Also libksi 3.4.0.x is required to build rsyslog if ksi support
is enabled. New libpackages have been build as well.
- KSI utilities: Added option to ser publication url.
Since libksi 3.4.0.x, there is no default publication url anymore.
The publication url has to be set using the --publications-server
Parameter, otherwise the ksi signature cannot be verified. UserID
and UserKey can also be set by parameter now.
Closes https://github.com/rsyslog/rsyslog/issues/581
- KSI Lib: Fixed wrong TLV container for KSI signatures from 0905 to 0906.
closes https://github.com/rsyslog/rsyslog/issues/587
- KSI/GT Lib: Fixed multiple issues found using static analyzer
- performance improvement for configs with heavy use of JSON variables
Depending on the config, this can be a very big gain in performance.
- added pmpanngfw: contributed module for translating Palo Alto Networks logs.
see also: https://github.com/rsyslog/rsyslog/pull/573
Thanks to Luigi Mori for the contribution.
- testbench: Changed valgrind option for imtcp-tls-basic-vg.sh
For details see: https://github.com/rsyslog/rsyslog/pull/569
- pmciscoios: support for asterisk before timestamp added
thanks to github user c0by for the patch
see also: https://github.com/rsyslog/rsyslog/pull/583
- solr external output plugin much enhanced
see also: https://github.com/rsyslog/rsyslog/pull/529
Thanks to Radu Gheorghe for the patch.
- omrabbitmq: improvements
thanks to Luigi Mori for the patch
see also: https://github.com/rsyslog/rsyslog/pull/580
- add support for libfastjson (as a replacement for json-c)
- KSI utilities: somewhat improved error messages
Thanks to Henri Lakk for the patch.
see also: https://github.com/rsyslog/rsyslog/pull/588
- pmciscoios: support for some format variations
Thanks to github user c0by for the patch
- support grok via new contributed module mmgrok
Thanks to 饶琛琳 (github user chenryn) for the contribution.
- omkafka: new statistics counter "maxoutqsize"
Thanks to 饶琛琳 (github user chenryn) for the contribution.
- improvements for 0mq modules:
* omczmq - suspend / Retry handling - the output plugin can now recover
from some error states due to issues with plugin startup or message sending
* omczmq - refactored topic handling code for ZMQ_PUB output to be a little
more efficient
* omczmq - added ability to set a timeout for sends
* omczmq - set topics can be in separate frame (default) or part of message
frame (configurable)
* omczmq - code cleanup
* imczmq - code cleanup
* imczmq - fixed a couple of cases where vars could be used uninitialized
* imczmq - ZMQ_ROUTER support
* imczmq - Fix small memory leak from not freeing sockets when done with them
* allow creation of on demand ephemeral CurveZMQ certs for encryption.
Clients may specify clientcertpath="*" to indicate they want an on
demand generated cert.
Thanks to Brian Knox for the contributions.
- cleanup on code to unset a variable
under extreme cases (very, very unlikely), the old code could also lead
to erroneous processing
- omelasticsearch: build on FreeBSD
Thanks to github user c0by for the patch
- pmciscoios: fix some small issues clang static analyzer detected
- testbench: many improvements and some new tests
note that there still is a number of tests which are somewhat racy
- overall code improvements thanks to clang static analyzer
- gnutls fix: Added possible fix for gnutls issue #575
see also: https://github.com/rsyslog/rsyslog/issues/575
Thanks to Charles Southerland for the patch
- bugfix omkafka: restore ability to build on all platforms
Undo commit aea09800643343ab8b6aa205b0f10a4be676643b
because that lead to build failures on various important platforms.
This means it currently is not possible to configure the location
of librdkafka, but that will affect far fewer people.
closes: https://github.com/rsyslog/rsyslog/issues/596
- bugfix omkafka: fix potentially negative partition number
Thanks to Tait Clarridge for providing a patch.
- bugfix: solve potential race in creation of additional action workers
Under extreme circumstances, this could lead to segfault. Note that we
detected this problem thanks to ASAN address sanitizer in combination
with a very extreme testbench test. We do not think that this issue
was ever reported in practice.
- bugfix: potential memory leak in config parsing
Thanks to github user linmujia for the patch
- bugfix: small memory leak in loading template config
This happened when a plugin was used inside the template. Then, the
memory for the template name was never freed.
Thanks to github user xushengping for the fix.
- bugfix: fix extra whitespace in property expansions
Address off-by-one issues introduced in f3bd7a2 resulting in extra
whitespace in property expansions
Thanks to Matthew Gabeler-Lee for the patch.
- bugfix: mmfields leaked memory if very large messages were processed
detected by clang static analyzer
- bugfix: mmfields could add garbage data to field
this happened when very large fields were to be processed.
Thanks to Peter Portante for reporting this.
- bugfix: omhttpfs now also compiles with older json-c lib
- bugfix: memory leak in (contributed) module omhttpfs
Thanks to git hub user c6226 for the patch.
- bugfix: parameter mismatch in error message for wrap() function
- bugfix: parameter mismatch in error message for random() function
- bugfix: divide by zero if max() function was provided zero
- bugfix: invalid mutex handling in omfile async write mode
could lead to segfault, even though highly unlikely (caught by
testbench on a single platform)
- bugfix: fix inconsistent number processing
Unfortunately, previous versions of the rule engine tried to
support oct and hex, but that wasn't really the case.
Everything based on JSON was just dec-converted. As this was/is
the norm, we fix that inconsistency by always using dec.
Luckily, oct and hex support was never documented and could
probably only have been activated by constant numbers.
- bugfix: timezone() object: fix NULL pointer dereference
This happened during startup when the offset or id parameter was not
given. Could lead to a segfault at startup.
Detected by clang static analyzer.
- bugfix omfile: memory addressing error if very long outchannel name used
Thanks to github user c6226 for the patch.
------------------------------------------------------------------------------
Version 8.14.0 [v8-stable] 2015-11-03
- Added possibility to customize librdkafka location
see also: https://github.com/rsyslog/rsyslog/pull/502
Thanks to Matthew Wang for the patch.
- add property "rawmsg-after-pri"
- bugfix: potential misaddresseing in imfile
Could happen when wildcards were used.
see also https://github.com/rsyslog/rsyslog/issues/532
see also https://github.com/rsyslog/rsyslog/issues/534
Thanks to zhangdaoling for the bugfix.
- bugfix: re_extract RainerScript function did not work
Thanks to Janmejay Singh for the patch
------------------------------------------------------------------------------
Version 8.13.0 [v8-stable] 2015-09-22
- ZeroMQ enhancements:
* Added the ability to set a static publishing topic per action as an
alternative to constructing topics with templates
Contributor: Luca Bocassi
* ZMQ_PUB socket now defaults to bind and ZMQ_SUB socket now defaults to
connect - Contributor: Luca Bocassi
- Redis enhancements:
* Can now LPUSH to a Redis list in "queue" mode - Contributor: Brian Knox
* Can now PUBLISH to a Redis channel in "publish" mode
Contributor: Brian Knox
- build requirement for rsyslog/mmnormalize is now liblognorm 1.1.2 or above
- mmnormalize: liblognorm error messages are now emitted via regular
rsyslog error reporting mechanism (aka "are now logged")
This is possible due to a new API in liblognorm 1.1.2;
Note that the amount of error messages depends on the version of
liblognorm used.
- add support for TCP client side keep-alives
Thanks to github user tinselcity for the patch.
- bugfix: imtcp/TLS hangs on dropped packets
see also https://github.com/rsyslog/rsyslog/issues/318
Thanks to github user tinselcity for the patch.
- bugfix testbench: some tests using imptcp are run if module is disabled
Thanks to Michael Biebl for reporting this
see also https://github.com/rsyslog/rsyslog/issues/524
- bugfix omkafka: Fixes a bug not accepting new messages anymore.
see also: https://github.com/rsyslog/rsyslog/pull/472
Thanks to Janmejay Singh
- bugfix: Parallel build issue "cannot find ../runtime/.libs/librsyslog.a:
No such file or directory" (#479) fixed.
Thanks to Thomas D. (Whissi) for the patch.
- bugfix: Added missing mmpstrucdata testfiles into makefile.
see also: https://github.com/rsyslog/rsyslog/issues/484
- bugfix: Reverted FIX for issue #392 as it had unexpected side effects.
The new fix duplicates the Listener object for static files (like
done for dynamic files already), resolving issue #392 and #490.
see also https://github.com/rsyslog/rsyslog/pull/490
- bugfix: issues in queue subsystem if syncqueuefiles was enabled
* Error 14 was generated on the .qi file directory handle.
As the .qi filestream does not have a directory set, fsync
was called on an empty directory causing a error 14 in debug log.
* When queue files existed on startup, the bSyncQueueFiles
strm property was not set to 1. This is now done in the
qqueueLoadPersStrmInfoFixup function.
- bugfix/testbench: tcpflood tool could abort when random data was added
see also: https://github.com/rsyslog/rsyslog/issues/506
Thanks to Louis Bouchard for the fix
- rscryutil: Added support to decrypt a not closed log file.
Thanks to wizard1024 for the patch.
------------------------------------------------------------------------------
Version 8.12.0 [v8-stable] 2015-08-11
- Harmonize resetConfigVariables values and defaults
see also https://github.com/rsyslog/rsyslog/pull/413
Thanks to Tomas Heinrich for the patch.
- GT/KSI: fix some issues in signature file format and add conversion tool
The file format is incompatible to previous format, but tools have been
upgraded to handle both and also an option been added to convert from
old to new format.
- bugfix: ommysql did not work when gnutls was enabled
as it turned out, this was due to a check for GnuTLS functions
with the side-effect that
AC_CHECK_LIB, by default, adds the lib to LIBS, if there is no
explicit action, what was the case here. So everything was now
linked against GnuTLS, which in turn made ommysql fail.
Thanks to Thomas D. (whissi) for the analysis of the ommysql/gnutls
problem and Thomas Heinrich for pointing out that AC_CHECK_LIB might
be the culprit.
- bugfix omfile: potential memory leak on file close
see also: https://github.com/rsyslog/rsyslog/pull/423
Thanks to Robert Schiele for the patch.
- bugfix omfile: potential race in dynafile detection/creation
This could lead to a segfault.
Thanks to Tomas Heinrich for the patch.
- bugfix omfile: Fix race-condition detection in path-creation code
The affected code is used to detect a race condition in between
testing for the existence of a directory and creating it if it didn't
exist. The variable tracking the number of attempts wasn't reset for
subsequent elements in the path, thus limiting the number of
reattempts to one per the whole path, instead of one per each path
element.
This solution was provided by Martin Poole.
- bugfix parser subsystem: potential misaddressing in SanitizeMsg()
could lead to a segfault
Thanks to Tomas Heinrich for the patch.
- imfile: files moved outside of directory are now (properly) handled
- bugfix: imfile: segfault when using startmsg.regex if first log line
doesn't match
Thanks to Ciprian Hacman for the patch.
- bugfix imfile: file table was corrupted when on file deletion
This could happen when a file that was statically configured (not via an
wildcard) was deleted.
- bugfix ompgsql: transaction were improperly handled
now transaction support is solidly disabled until we have enough requests
to implement it again. Module still works fine in single insert mode.
closes https://github.com/rsyslog/rsyslog/issues/399
- bugfix mmjsonparse: memory leak if non-cee-json message is processed
see also https://github.com/rsyslog/rsyslog/pull/383
Thanks to Anton Matveenko for the patch
- testbench: remove raciness from UDP based tests
- testbench: added bash into all scripts making it mandatory
- bugfix testbench: Fixed problem building syslog_caller util when
liblogging-stdlog is not available.
Thanks to Louis Bouchard for the patch
- bugfix rscryutil.1: Added fix checking for generate_man_pages condition
Thanks to Radovan Sroka for the patch
- bugfix freebsd console: \n (NL) is prepended with \r (CR) in console
output on freebsd only. For more details see here:
https://github.com/rsyslog/rsyslog/issues/372
Thanks to AlexandreFenyo for the patch
------------------------------------------------------------------------------
Version 8.11.0 [v8-stable] 2015-06-30
- new signature provider for Keyless Signature Infrastructure (KSI) added
- build system: re-enable use of "make distcheck"
- add new signature provider for Kesless Signature Infrastructure (KSI)
This has also been added to existing tooling; KSI is kind of v2 of
the Guardtime functionality and has been added in the appropriate
places.
- bugfix imfile: regex multiline mode ignored escapeLF option
Thanks to Ciprian Hacman for reporting the problem
closes https://github.com/rsyslog/rsyslog/issues/370
- bugfix omkafka: fixed several concurrency issues, most of them related
to dynamic topics.
Thanks to Janmejay Singh for the patch.
- bugfix: execonlywhenpreviousissuspended did not work correctly
This especially caused problems when an action with this attribute was
configured with an action queue.
- bugfix core engine: ensured global variable atomicity
This could lead to problems in RainerScript, as well as probably in other
areas where global variables are used inside rsyslog. I wouldn't outrule
it could lead to segfaults.
Thanks to Janmejay Singh for the patch.
- bugfix imfile: segfault when using startmsg.regex because of empty log line
closes https://github.com/rsyslog/rsyslog/issues/357
Thanks to Ciprian Hacman for the patch.
- bugfix: build problem on Solaris
Thanks to Dagobert Michelsen for reporting this and getting us up to
speed on the openCWS build farm.
- bugfix: build system strndup was used even if not present
now added compatibility function. This came up on Solaris builds.
Thanks to Dagobert Michelsen for reporting the problem.
closes https://github.com/rsyslog/rsyslog/issues/347
- bugfix imjournal: do not pass empty messages to rsyslog core
this causes a crash of the daemon
see also https://github.com/rsyslog/rsyslog/pull/412
Thanks to Tomas Heinrich for the patch.
- bugfix imjournal: cosmetic memory leak
very small and an shutdown only, so did not affect operations
see also https://github.com/rsyslog/rsyslog/pull/411
Thanks to Tomas Heinrich for the patch.
------------------------------------------------------------------------------
Version 8.10.0 [v8-stable] 2015-05-19
- imfile: add capability to process multi-line messages based on regex
input parameter "endmsg.regex" was added for that purpose. The new
mode provides much more power in processing different multiline-formats.
- pmrfc3164: add new parameters
* "detect.yearAfterTimestamp"
This supports timestamps as generated e.g. by some Aruba Networks
equipment.
* "permit.squareBracesInHostname"
Permits to use "hostnames" in the form of "[127.0.0.1]"; also seen in
Aruba Networks equipment, but we strongly assume this can also happen
in other cases, especially with IPv6.
- supplementary groups are now set when dropping privileges
closes https://github.com/rsyslog/rsyslog/issues/296
Thanks to Zach Lisinski for the patch.
- imfile: added brace glob expansion to wildcard
Thanks to Zach Lisinski for the patch.
- zmq: add the ability for zeromq input and outputs to advertise their
presence on UDP via the zbeacon API.
Thanks to Brian Knox for the contribution.
- added omhttpfs: contributed module for writing to HDFS via HTTP
Thanks to sskaje for the contribution.
- Configure option "--disable-debug-symbols" added which is disabled per
default. If you set the new option, configure won't set the appropriate
compiler flag to generate debug symbols anymore.
- When building from git source we now require rst2man and yacc (or a
replacement like bison).
That isn't any new requirement, we only added missing configure checks.
- Configure option "--enable-generate-man-pages" is now disabled for non git
source builds per default but enforced when building from git source.
- mmpstrucdata: some code cleanup
removed lots of early development debug outputs
- bugfix imuxsock: fix a memory leak that happened with large messages
... when annotation was enabled.
Thanks to github user c6226 for the patch
- bugfix omhttpfs: memory leak
Thanks to github user c6226 for the patch
- bugfix imuxsock: fix a crash when setting a hostname
Setting a hostname via the legacy directive would lead to a crash
during shutdown caused by a double-free.
Thanks to Tomas Heinrich for the patch.
- bugfix: memory leak in mmpstrucdata
Thanks to Grégoire Seux for reporting this issue.
closes https://github.com/rsyslog/rsyslog/issues/310
- bugfix (minor): default action name: assigned number was one off
see also https://github.com/rsyslog/rsyslog/pull/340
Thanks to Tomas Heinrich for the patch.
- bugfix: memory leak in imfile
A small leak happened each time a new file was monitored based on
a wildcard. Depending on the rate of file creation, this could result
in a serious memory leak.
------------------------------------------------------------------------------
Version 8.9.0 [v8-stable] 2015-04-07
- omprog: add option "hup.forward" to forwards HUP to external plugins
This was suggested by David Lang so that external plugins (and other
programs) can also do HUP-specific processing. The default is not
to forward HUP, so no change of behavior by default.
- imuxsock: added capability to use regular parser chain
Previously, this was a fixed format, that was known to be spoken on
the system log socket. This also adds new parameters:
- sysSock.useSpecialParser module parameter
- sysSock.parseHostname module parameter
- useSpecialParser input parameter
- parseHostname input parameter
- 0mq: improvements in input and output modules
See module READMEs, part is to be considered experimental.
Thanks to Brian Knox for the contribution.
- imtcp: add support for ip based bind for imtcp -> param "address"
Thanks to github user crackytsi for the patch.
- bugfix: MsgDeserialize out of sync with MsgSerialize for StrucData
This lead to failure of disk queue processing when structured data was
present. Thanks to github user adrush for the fix.
- bugfix imfile: partial data loss, especially in readMode != 0
closes https://github.com/rsyslog/rsyslog/issues/144
- bugfix: potential large memory consumption with failed actions
see also https://github.com/rsyslog/rsyslog/issues/253
- bugfix: omudpspoof: invalid default send template in RainerScript format
The file format template was used, which obviously does not work for
forwarding. Thanks to Christopher Racky for alerting us.
closes https://github.com/rsyslog/rsyslog/issues/268
- bugfix: size-based legacy config statements did not work properly
on some platforms, they were incorrectly handled, resulting in all
sorts of "interesting" effects (up to segfault on startup)
- build system: added option --without-valgrind-testbench
... which provides the capability to either enforce or turn off
valgrind use inside the testbench. Thanks to whissi for the patch.
- rsyslogd: fix misleading typos in error messages
Thanks to Ansgar Püster for the fixes.
------------------------------------------------------------------------------
Version 8.8.0 [v8-stable] 2015-02-24
- omkafka: add support for dynamic topics and auto partitioning
Thanks to Tait Clarridge for the patches.
- imtcp/imptcp: support for broken Cisco ASA TCP syslog framing
- omfwd: more detailed error messages in case of UDP send error
- TLS syslog: enable capability to turn on GnuTLS debug logging
This provides better diagnostics in hard-to-diagnose cases,
especially when GnuTLS is extra-picky about certificates.
- bugfix: $AbortOnUncleanConfig did not work
- improve rsyslogd -v output and error message with meta information
version number is now contained in error message and build platform in
version output. This helps to gets rid of the usual "which version"
question on mailing list, support forums, etc...
- bugfix imtcp: octet-counted framing cannot be turned off
- bugfix: build problems on Illuminos
Thanks to Andrew Stormont for the patch
- bugfix: invalid data size for iMaxLine global property
It was defined as int, but inside the config system it was declared as
size type, which uses int64_t. With legacy config statements, this could
lead to misaddressing, which usually meant the another config variable was
overwritten (depending on memory layout).
closes https://github.com/rsyslog/rsyslog/issues/205
- bugfix: negative values for maxMessageSize global parameter were permitted
------------------------------------------------------------------------------
Version 8.7.0 [v8-stable] 2015-01-13
- add message metadata "system" to msg object
this permits to store metadata alongside the message
- imfile: add support for "filename" metadata
this is useful in cases where wildcards are used
- imptcp: make stats counter names consistent with what imudp, imtcp uses
- added new module "omkafka" to support writing to Apache Kafka
- omfwd: add new "udp.senddelay" parameter
- mmnormalize enhancements
Thanks to Janmejay Singh for the patch.
- RainerScript "foreach" iterator and array reading support
Thanks to Janmejay Singh for the patch.
- now requires liblognorm >= 1.0.2
- add support for systemd >= 209 library names
- BSD "ntp" facility (value 12) is now also supported in filter
Thanks to Douglas K. Rand of Iteris, Inc. for the patch.
Note: this patch was released under ASL 2.0 (see email-conversation).
- bugfix: global(localHostName="xxx") was not respected in all modules
- bugfix: emit correct error message on config-file-not-found
closes https://github.com/rsyslog/rsyslog/issues/173
- bugfix: impstats emitted invalid JSON format (if JSON was selected)
- bugfix: (small) memory leak in omfile's outchannel code
Thanks to Koral Ilgun for reporting this issue.
- bugfix: imuxsock did not deactivate some code not supported by platform
Among potential other problems, this caused build failure under Solaris.
Note that this build problem just made a broader problem appear that so
far always existed but was not visible.
closes https://github.com/rsyslog/rsyslog/issues/185
------------------------------------------------------------------------------
Version 8.6.0 [v8-stable] 2014-12-02
NOTE: This version also incorporates all changes and enhancements made for
v8.5.0, but in a stable release. For details see immediately below.
- configuration-setting rsyslogd command line options deprecated
For most of them, there are now proper configuration objects. Some few
will be completely dropped if nobody insists on them. Additional info at
http://blog.gerhards.net/2014/11/phasing-out-legacy-command-line-options.html
- new and enhanced plugins for 0mq. These are currently experimental.
Thanks to Brian Knox who contributed the modules and is their author.
- empty rulesets have been permitted. They no longer raise a syntax error.
- add parameter -N3 to enable config check of partial config file
Use for config include files. Disables checking if any action exists at
all.
- rsyslogd -e option has finally been removed
It is deprecated since many years.
- testbench improvements
Testbench is now more robust and has additional tests.
- testbench is now by default disabled
To enable it, use --enable-testbench. This was done as the testbench now
does better checking if required modules are present and this in turn
would lead to configure error messages where non previously were if we
would leave --enable-testbench on by default. Thus we have turned it off.
This should not be an issue for those few testbench users.
- add new RainerScript functions warp() and replace()
Thanks to Singh Janmejay for the patch.
- mmnormalize can now also work on a variable
Thanks to Singh Janmejay for the patch.
- new property date options for day ordinal and week number
Thanks to github user arrjay for the patch
- remove --enable-zlib configure option, we always require it
It's hard to envision a system without zlib, so we turn this off
closes https://github.com/rsyslog/rsyslog/issues/76
- slight source-tree restructuring: contributed modules are now in their
own ./contrib directory. The idea is to make it clearer to the end user
which plugins are supported by the rsyslog project (those in ./plugins).
- bugfix: imudp makes rsyslog hang on shutdown when more than 1 thread used
closes https://github.com/rsyslog/rsyslog/issues/126
- bugfix: not all files closed on auto-backgrounding startup
This could happen when not running under systemd. Some low-numbered
fds were not closed in that case.
- bugfix: typo in queue configuration parameter
made parameter unusable
Thanks to Bojan Smojver for the patch.
- bugfix: uninitialized buffer off-by-one error in hostname generation
The DNS cache used uninitialized memory, which could lead to
invalid hostname generation.
Thanks to Jarrod Sayers for alerting us and providing analysis and
patch recommendations.
- bugfix imuxsock: possible segfault when SysSock.Use="off"
Thanks to alexjfisher for reporting this issue.
closes https://github.com/rsyslog/rsyslog/issues/140
- bugfix: RainerScript: invalid ruleset names were accepted
during ruleset definition, but could of course not be used when
e.g. calling a ruleset.
IMPORTANT: this may cause existing configurations to error out on start,
as they invalid names could also be used e.g. when assigning rulesets.
- bugfix: some module entry points were not called for all modules
callbacks like endCnfLoad() were primarily being called for input
modules. This has been corrected. Note that this bugfix has some
regression potential.
- bugfix omlibdbi: connection was taken down in wrong thread
this could have consequences depending on the driver being used. In
general, it looks more like a cosmetic issue. For example, with
MySQL it lead to a small memory but also an annoying message about
a thread not properly torn down.
- imttcp was removed because it was an incomplete experimental module
- pmrfc3164sd because it was a custom module nobody used
We used to keep this as a sample inside the tree, but whoever wants
to look at it can check in older versions inside git.
- omoracle was removed because it was orphaned and did not build/work
for quite some years and nobody was interested in fixing it
---------------------------------------------------------------------------
Version 8.5.0 [v8-stable] 2014-10-24
- imfile greatly refactored and support for wildcards added
- PRI-handling code refactored for more clarity and robustness
- ommail: add support for RainerScript config system [action() object]
This finally adds support for the new config style. Also, we now permit
to set a constant subject text without the need to create a template for
it.
- refactored the auto-backgrounding method
The code is now more robust and also offers possibilities for enhanced
error reporting in the future. This is also assumed to fix some races
where a system startup script hang due to "hanging" rsyslogd.
- make gntls tcp syslog driver emit more error messages
Messages previously emitted only to the debug log are now emitted as
syslog error messages. It has shown that they contain information
helpful to the user for troubleshooting config issues. Note that this
change is a bit experimental, as we are not sure if there are situations
where large amounts of error messages may be emitted.
- bugfix: imfile did not complain if configured file did not exist
closes https://github.com/rsyslog/rsyslog/issues/137
- bugfix: build failure on systems which don't have json_tokener_errors
Older versions of json-c need to use a different API (which don't exists
on newer versions, unfortunately...)
Thanks to Thomas D. for reporting this problem.
- imgssapi: log remote peer address in some error messages
Thanks to Bodik for the patch.
---------------------------------------------------------------------------
Version 8.4.3 [v8-stable] 2014-10-??
- ommail: minor bugfixes & improvements
* timestamps were 1 hour out when using daylight saving times when
viewing emails in most email clients due to incorrect date format
* X-Mailer header had a typo in it
* To: header was duplicated once per recipient (this is permitted,
but an address list is a better choice nowadays)
Thanks to github user cacheus for the patches.
- bugfix imkmsg: infinite loop on OpenVZ VMs
Thanks to github user PaulSD for the patch
closes https://github.com/rsyslog/rsyslog/pull/138
- bugfix: typo in queue configuration parameter made parameter unusable
Thanks to Bojan Smojver for the patch.
- bugfix: uninitialized buffer off-by-one error in hostname generation
The DNS cache used uninitialized memory, which could lead to
invalid hostname generation.
Thanks to Jarrod Sayers for alerting us and providing analysis and
patch recommendations.
- bugfix imfile: segfault on startup in "inotify" mode
A segfault happened when more than one file was monitored.
- bugfix imfile: could make rsyslog exit in inotify mode
- bugfix: rsgtutil sometimes crashed in verify mode if file did not exist
- bugfix imklog: pri was miscalculated
actually, the pri was totally off the real value for PRIs > 9
- bugfix imfile:file processing in inotify mode was stalled sometimes
closes https://github.com/rsyslog/rsyslog/issues/134
- bugfix: imjournal did not build properly
The build succeeded, but the module did not load due to a type in
a support function name, which kept unresolved during load.
- bugfix: mmcount did no longer build
note that this is untested -- users of this module should file a bug if
the new (trivial) code is broken [if there are any users, thus I did not
invest time in testing...]
closes https://github.com/rsyslog/rsyslog/issues/129
- bugfix imuxsock: possible segfault when SysSock.Use="off"
Thanks to alexjfisher for reporting this issue.
closes https://github.com/rsyslog/rsyslog/issues/140
---------------------------------------------------------------------------
Version 8.4.2 [v8-stable] 2014-10-02
- bugfix: the fix for CVE-2014-3634 did not handle all cases
This is corrected now.
see also: CVE-2014-3683
- fixed a build problem on some platforms
Thanks to Olaf for the patch
- behavior change: "msg" of messages with invalid PRI set to "rawmsg"
When the PRI is invalid, the rest of the header cannot be valid. So
we move all of it to MSG and do not try to parse it out. Note that
this is not directly related to the security issue but rather done
because it makes most sense.
---------------------------------------------------------------------------
Version 8.4.1 [v8-stable] 2014-09-30
- imudp: add for bracketing mode, which makes parsing stats easier
- permit at-sign in variable names
closes: https://github.com/rsyslog/rsyslog/issues/110
- bugfix: fix syntax error in anon_cc_numbers.py script
Thanks to github user anthcourtney for the patch.
closes: https://github.com/rsyslog/rsyslog/issues/109
- bugfix: ompgsql: don't loose uncommitted data on retry
Thanks to Jared Johnson and Axel Rau for the patch.
- bugfix: imfile: if a state file for a different file name was set,
that different file (name) was monitored instead of the configured
one. Now, the state file is deleted and the correct file monitored.
closes: https://github.com/rsyslog/rsyslog/issues/103
- bugfix: omudpspoof: source port was invalid
Thanks to Pavel Levshin for the patch
- bugfix: build failure on systems which don't have json_tokener_errors
Older versions of json-c need to use a different API (which don't exists
on newer versions, unfortunately...)
Thanks to Thomas D. for reporting this problem.
- bugfix: omelasticsearch does not work with broken/changed ES 1.0+ API
closes: https://github.com/rsyslog/rsyslog/issues/104
- bugfix: mmanon did not properly anonymize IP addresses starting with '9'
Thanks to defa-at-so36.net for reporting this problem.
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=529
- bugfix: build problems on SuSe Linux
Thanks Andreas Stieger for the patch
- bugfix: omelasticsearch error file did not work correctly on ES 1.0+
due to a breaking change in the ElasticSearch API.
see also: https://github.com/rsyslog/rsyslog/issues/104
- bugfix: potential abort when a message with PRI > 191 was processed
if the "pri-text" property was used in active templates, this could
be abused to a remote denial of service from permitted senders
see also: CVE-2014-3634
---------------------------------------------------------------------------
Version 8.4.0 [v8-stable] 2014-08-18
- this is the new stable branch, which incorporates all enhancements of
rsyslog 8.3.
---------------------------------------------------------------------------
Version 8.3.5 [v8-devel] 2014-08-05
- mmjsonparse: support selectable cookie and target containers
This permits to put different meanings into a json formatted syslog
message, e.g. the "traditional" cee or cim data.
- bugfix: mmjsonparse did not build with json-c < 0.10
This was a regression introduced some time in the past in order to
support API changes in json-c. Now we check for the version and use
proper code.
- omprog: emit error message via syslog() if loading binary fails
This happens after forking, so omprog has no longer access to rsyslog's
regular error reporting functions. Previously, this meant any error
message was lost. Now it is emitted via regular syslog (which may end up
in a different instance, if multiple instances run...)
- couple of patches imported from v7-stable (7.6.4)
---------------------------------------------------------------------------
Version 8.3.4 [v8-devel] 2014-07-11
- new pmciscoios parser supporting various Cisco IOS formats
- RFC3164 timestamp parser now accepts timezones and subsecond resolution
... at least for some common formats and where we could do so without
running risk of breaking proper formats (or introducing regressions)
- new parser config object -- permits to define custom parser definitions
- new tzinfo config object -- permits to define time zone offsets
This is a utility object that currently is being used by some parsers.
- bugfix: mishandling of input modules not supporting new input instances
If they did not support this, accidentally the output module part of the
module union was written, leading to unpredictable results. Note: all
core modules do support this interface, but some contributed or very
old ones do not.
- bugfix: double-free when ruleset() parser parameters were used
While unlikely, this could cause stability issues even after the
config phase.
---------------------------------------------------------------------------
Version 8.3.3 [v8-devel] 2014-06-26
- unify input object naming
imudp now supports "name" parameter, as other inputs do. "inputname" has
been deprecated, but can still be used. Same applies to "appendport"
subparameter". Thanks to "Nick Syslog" for the suggestion.
- made the missing (contributed) modules build under v8 [import from 8.2.2]
Modules:
* mmrfc5424addhmac
* omrabbitmq
* omgssapi
* omhdfs
* omzmq3
- added a cleanup process (janitor); permits to close omfile files after a
timeout
- make omgssapi build under v8.3 [import vom v8.2]
note that we could do this to the stable, because there is NO regression
chance at all: only omgssapi was changed, and this module did NOT work
previously.
- removed obsolete --disable-fsstnd configure option
Thanks to Thomas D. for alerting us.
Closes: https://github.com/rsyslog/rsyslog/issues/72
---------------------------------------------------------------------------
Version 8.3.2 [v8-devel] 2014-05-02
- new template options for date extraction:
- year
- month
- day
- wday
- hour
- minute
- second
- tzoffshour
- tzoffsmin
- tzoffsdirection
- wdayname
For string templates, these are property options and they are
prefixed with "date-" (e.g. "date-year", "date-month", ...)
see also: https://github.com/rsyslog/rsyslog/issues/65
- bugfix: mmexternal remove framing char before processing JSON reply
This did not have any real bad effects, but caused unnecessary
processing, as empty replies were not properly detected. Otherwise,
the bug was not noticeable from the user's PoV.
- bugfix: mmexternal segfault due to invalid free in non-json input mode
closes: https://github.com/rsyslog/rsyslog/issues/70
- bugfix: mmexternal segfault when external plugin sent invalid reply
... or no reply at all. This happened if the reply was improper JSON.
Now, we emit an error message in those cases.
see also: https://github.com/rsyslog/rsyslog/issues/69
- bugfix: mmexternal did potentially pass incomplete data to restarted
external plugin
This could happen if EPIPE was returned "too late", in which case the
beginning of the data could be lost.
- bugfix: mmexternal did not properly process messages over 4KiB
The data to be passed to the external plugin was truncated after 4KiB.
see: https://github.com/rsyslog/rsyslog/issues/64
- imrelp: added support for per-listener ruleset and inputname
see: https://github.com/rsyslog/rsyslog/pull/63
Thanks to bobthesecurityguy github user for the patch
---------------------------------------------------------------------------
Version 8.3.1 [v8-devel] 2014-04-24
- external message modification interface now support modifying message PRI
- "jsonmesg" property will include uuid only if one was previously generated
This is primarily a performance optimization. Whenever the message uuid
is gotten, it is generated when not already present. As we used the
regular setter, this means that always the uuid was generated, which is
quite time-consuming. This has now been changed so that it only is
generated if it already exists. That also matches more closely the
semantics, as "jsonmesg" should not make modifications to the message.
Note that the same applies to "fulljson" passing mode for external
plugins.
- added plugin to rewrite message facility and/or severity
Name: fac-sever-rewrite.py
- permits to build against json-c 0.12
Unfortunately, json-c had an ABI breakage, so this is necessary. Note
that versions prior to 0.12 had security issues (CVE-2013-6370,
CVE-2013-6371) and so it is desirable to link against the new version.
Thanks to Thomas D. for the patch. Note that at least some distros
have fixed the security issue in older versions of json-c, so this
seems to apply mostly when building from sources.
- bugfix: using UUID property could cause segfault
- bugfix/mmexternal: memory leak
- bugfix: memory leak when using "jsonmesg" property
- bugfix: mmutf8fix did not detect two invalid sequences
Thanks to Axel Rau for the patch.
- bugfix: build problems with lexer.l on some platforms
For some reason, the strdup() prototype and others are missing. I admit
that I don't know why, as this happens only in 8.3.0+ and there is no
indication of changes to the affected files. In any case, we need to
fix this, and the current solution works at least as an interim one.
---------------------------------------------------------------------------
Version 8.3.0 [v8-devel] 2014-04-10
- new plugin for anonymizing credit card numbers
Thanks to Peter Slavov for providing the code.
- external message modification modules are now supported
They are bound via the new native module "mmexternal". Also, a sample
skeleton for an external python message modification module has been
added.
- new $jsonmesg property with JSON representation of whole message object
closes: https://github.com/rsyslog/rsyslog/issues/19
- improved error message for invalid field extraction in string template
see also:
http://kb.monitorware.com/problem-with-field-based-extraction-t12299.html
- fix build problems on Solaris
- NOTE: a json-c API that we begun to use requires the compiler to be in
c99 mode. By default, we select it automatically. If you modify this and
use gcc, be sure to include "-std=c99" in your compiler flags. This seems
to be necessary only for older versions of gcc.
---------------------------------------------------------------------------
Version 8.2.3 [v8-stable] 2014-??-??
- bugfix: ommysql: handle/mem leak upon termination of worker thread
This could become bad if the (instance) worker threads are often
started and terminated. But it takes quite a while to show effect.
---------------------------------------------------------------------------
Version 8.2.2 [v8-stable] 2014-06-02
- made the missing (contributed) modules build under v8
Note that we could do this to the stable, because there is NO regression
chance at all: only the modules themselves were changed, and they did
NOT work at all previously. Please also note that most of these modules
did not yet receive real testing. As we don't have the necessary
environments (easily enough available), we depend on users submitting
error reports and helping to iron out any issues that may arise.
Modules:
* mmrfc5424addhmac
* omrabbitmq
* omgssapi
* omhdfs
* omzmq3
---------------------------------------------------------------------------
Version 8.2.1 [v8-stable] 2014-04-17
- permits to build against json-c 0.12
Unfortunately, json-c had an ABI breakage, so this is necessary. Note
that versions prior to 0.12 had security issues (CVE-2013-6370,
CVE-2013-6371) and so it is desirable to link against the new version.
Thanks to Thomas D. for the patch. Note that at least some distros
have fixed the security issue in older versions of json-c, so this
seems to apply mostly when building from sources.
- doc is no longer shipped as part of the rsyslog tarball
Instead, the rsyslog-doc project creates its own tarball. This is the
result of a mailing list discussion after the 8.2.0 release with a
tarball-in-tarball approach, which was disliked by almost all distro
maintainers. This move also has the advantage of de-coupling the
release cycles of both projects a bit (which turned out to be a bit
problematic in practice).
- bugfix: mmutf8fix did not detect two invalid sequences
Thanks to Axel Rau for the patch.
---------------------------------------------------------------------------
Version 8.2.0 [v8-stable] 2014-04-02
This starts a new stable branch based on 8.1.6 plus the following changes:
- we now use doc from the rsyslog-doc project
As such, the ./doc subtree has been removed. Instead, a cache of the
rsyslog-doc project's files has been included in ./rsyslog-doc.tar.gz.
Note that the exact distribution mode for the doc is still under
discussion and may change in future releases.
This was agreed upon on the rsyslog mailing list. For doc issues
and corrections, be sure to work with the rsyslog-doc project. It is
currently hosted at https://github.com/rsyslog/rsyslog-doc
- add support for specifying the liblogging-stdlog channel spec
new global parameter "stdlog.channelspec"
- add "defaultnetstreamdrivercertfile" global variable to set a default
for the certfile.
Thanks to Radu Gheorghe for the patch.
- omelasticsearch: add new "usehttps" parameter for secured connections
Thanks to Radu Gheorghe for the patch.
- "action resumed" message now also specifies module type
which makes troubleshooting a bit easier. Note that we cannot output all
the config details (like destination etc) as this would require much more
elaborate code changes, which we at least do not like to do in the
stable version.
- add capability to override GnuTLS path in build process
Thanks to Clayton Shotwell for the patch
- better and more consistent action naming, action queues now always
contain the word "queue" after the action name
- bugfix: ompipe did resume itself even when it was still in error
See: https://github.com/rsyslog/rsyslog/issues/35
Thanks to github user schplat for reporting
- bugfix: ompipe used invalid default template
This is a regression from an old change (didn't track it down precisely,
but over a year ago). It used the Forwarding template instead of
the file template (so we have a full syslog header). This fix corrects
it back to previous behavior, but new scripts that used the wrong
format may now need to have the RSYSLOG_ForwardingFormat template
explicitly be applied.
closes: https://github.com/rsyslog/rsyslog/issues/50
---------------------------------------------------------------------------
Version 8.1.6 [release candidate] 2014-02-20
- omfile: permit to set global defaults for action parameters
Thanks to Nathan Brown for the patch.
See also: https://github.com/rsyslog/rsyslog/pull/23
- add capability to escape control characters in the C way of doing it
adds new global parameter "parser.escapeControlCharactersCStyle"
Thanks to Nathan Brown for the patch.
See also: https://github.com/rsyslog/rsyslog/pull/13
- parser global parameters can now be set using RainerScript global()
Thanks to Nathan Brown for the patch.
See also: https://github.com/rsyslog/rsyslog/pull/23
- omprog: guard program-to-be-executed against CTL-C
This can frequently happen in debug mode, where rsyslog is terminated
by ctl-c. In any case, SIGINT is not meant to control the child process,
so it should be blocked.
- omprog bugfix: parameter "forceSingleInstance" is NOT mandatory
- add new jsonr property replacer option
Thanks to Nathan Brown for the patch.
- added external plugin interface
- ommongodb: add authentication support (untested)
Thanks to JT for the patch.
See also: https://github.com/rsyslog/rsyslog/pull/17
- bugfix: json templates are improperly created
Strings miss the terminating NUL character, which obviously can lead
to all sorts of problems.
See also: https://github.com/rsyslog/rsyslog/issues/27
Thanks to Alain for the analysis and the patch.
- ompgsql bugfix: improper handling of auto-backgrounding mode
If rsyslog was set to auto-background itself (default code behavior, but
many distros now turn it off for good reason), ompgsql could not
properly connect. This could even lead to a segfault. The core reason
was that a PG session handle was kept open over a fork, something that
is explicitly forbidden in the PG API.
Thanks to Alain for the analysis and the patch.
- bugfix: ommongodb's template parameter was mandatory but should have
been optional
Thanks to Alain for the analysis and the patch.
- bugfix: end of batch processing was not 100% correct. Could lead to
outputs not properly writing messages. At least omelasticsearch did not
write anything to the database due to this bug.
See: https://github.com/rsyslog/rsyslog/issues/10
Thanks to Radu Gheorghe for reporting the issue.
---------------------------------------------------------------------------
Version 8.1.5 [devel] 2014-01-24
- omprog: ability to execute multiple program instances per action
It can now execute one program instance per worker thread. This is
generally a very good thing the have performance wise. Usually, this
should cause no problems with the invoked program. For that reason,
we have decided to make this the default mode of operation. If not
desired, it can be turned off via the 'forceSingleInstance="on"'
action parameter.
CHANGE OF BEHAVIOR: previous versions did always execute only one
instance per action, no matter how many workers were active. If
your program has special needs, you need to change your configuration.
- imfile now supports inotify (but must be explicitly turned on)
- imfile no longer has a limit on number of monitored files
- added ProcessInternalMessages global system parameter
This permits to inject rsyslog status messages into *another* main
syslogd or the journal.
- new dependency: liblogging-stdlog (for submitting to external logger)
- bugfix: imuxsock input parameters were not accepted
due to copy&paste error. Thanks to Andy Goldstein for the fix.
---------------------------------------------------------------------------
Version 8.1.4 [devel] 2014-01-10
- add exec_template() RainerScript function
- imrelp: support for TCP KEEPALIVE added
- bumped librelp dependency to 1.2.2 to support new KEEPALIVE feature
- Add directives for numerically specifying GIDs/UIDs
The already present directives (FileOwner, FileGroup, DirOwner,
DirGroup) translate names to numerical IDs, which depends on the user
information being available during rsyslog's startup. This can fail if
the information is obtained over a network or from a service such as
SSSD. The new directives provide a way to specify the numerical IDs
directly and bypass the lookup.
Thanks to Tomas Heinrich for the patch.
- bugfix: action commitTransaction() processing did not properly handle
suspended actions
- bugfix: omelasticsearch fail.es stats counter was improperly maintained
---------------------------------------------------------------------------
Version 8.1.3 [devel] 2013-12-06
THIS VERSION CAN BE CONSIDERED A "NORMAL" DEVEL RELEASE. It's no longer
highly experimental. This assertion is based on real-world feedback.
- changes to the strgen module interface
- new output module interface for transactional modules
- performance improvements
* reduced number of malloc/frees due to further changes to the
output module interface
* reduced number of malloc/frees during string template processing
We now re-use once allocated string template memory for as long
as the worker thread exists. This saves us from doing new memory
allocs (and their free counterpart) when the next message is
processed. The drawback is that the cache always is the size of
the so-far largest message processed. This is not considered a
problem, as in any case a single messages' memory footprint should
be far lower than that of a whole set of messages (especially on
busy servers).
* used variable qualifiers (const, __restrict__) to hopefully help
the compiler generate somewhat faster code
- failed action detection more precisely for a number of actions
If an action uses string parameter passing but is non-transactional
it can be executed immediately, giving a quicker indication of
action failure.
- bugfix: limiting queue disk space did not work properly
* queue.maxdiskspace actually initializes queue.maxfilesize
* total size of queue files was not checked against
queue.maxdiskspace for disk assisted queues.
Thanks to Karol Jurak for the patch.
---------------------------------------------------------------------------
Version 8.1.2 [experimental] 2013-11-28
- support for liblognorm1 added - results in performance improvements
Thanks to Pavel Levshin for his work in this regard.
- support for jemalloc added via --enable-jemalloc
Thanks to Pavel Levshin for suggesting jemalloc
Note that build system is experimental at this stage.
- queue defaults have changed
* high water mark is now dynamically 90% of queue size
* low water makr is now dynamically 70% of queue size
* queue.discardMark is now dynamically 98% of queue size
* queue.workerThreadMinimumMessage set to queue.size / num workers
For queues with very low queue.maxSize (< 100), "emergency" defaults
will be used.
- bugfix: disk queues created files in wrong working directory
if the $WorkDirectory was changed multiple times, all queues only
used the last value set.
- bugfix: legacy directive $ActionQueueWorkerThreads was not honored
- bugfix: mmrfc5424addhmac: "key" parameter was not properly processed
---------------------------------------------------------------------------
Version 8.1.1 [experimental] 2013-11-19
- bugfix: STOP/discard(~) was mostly NOT honored
This lead to execution of config code that was not meant to be executed.
- bugfix: memory leak on worker thread termination
- bugfix: potential segfault in omfile under heavy load
Thanks to Pavel Levshin for alerting us.
- bugfix: mmsequence: instance mode did not work
Thanks to Pavel Levshin for the patch
- bugfix: segfault on startup when certain script constructs are used
e.g. "if not $msg ..."
- omhiredis: now supports v8 output module interface and works again
Thanks to Pavel Levshin for the patch
- mmaudit: now supports v8 output module interface and work again
- bugfix: potential abort on startup in debug mode
This depends on template type being used. The root cause was a
non-necessary debug output, which were at the wrong spot (leftover from
initial testing).
Thanks to Pavel Levshin for alerting us and providing a patch
proposal.
---------------------------------------------------------------------------
Version 8.1.0 [experimental] 2013-11-15
- rewritten core engine for higher performance and new features
In detail:
* completely rewritten rule execution engine
* completely changed output module interface
* remodelled output module interface
* enabled important output modules to support full concurrent
operation
The core engine has been considerably changed and must be considered
experimental at this stage. Note that it does not yet include all
features planned for v8, but is close to this goal. In theory, the
engine should perform much better, especially on complex configurations
and busy servers. Most importantly, actions instances can now be called
concurrently from worker threads and many important output modules
support multiple concurrent action instances natively.
- module omruleset is no longer enabled by default.
Note that it has been deprecated in v7 and been replaced by the "call"
statement. Also, it can still be build without problems, the option must
just explicitly be given.
---------------------------------------------------------------------------
Version 7.6.8 [v7.6-stable] 2014-10-??
- bugfix: typo in queue configuration parameter made parameter unusable
Thanks to Bojan Smojver for the patch.
- bugfix imuxsock: possible segfault when SysSock.Use="off"
Thanks to alexjfisher for reporting this issue.
closes https://github.com/rsyslog/rsyslog/issues/140
- bugfix: uninitialized buffer off-by-one error in hostname generation
The DNS cache used uninitialized memory, which could lead to
invalid hostname generation.
Thanks to Jarrod Sayers for alerting us and providing analysis and
patch recommendations.
- remove zpipe (a testing tool) from --enable-diagtools
This tool is no longer maintained and currently not used inside the
testbench. We keep it in the source tree for the time being in case that
it may be used in the future.
- bugfix: imjournal did not build properly
The build succeeded, but the module did not load due to a type in
a support function name, which kept unresolved during load.
- bugfix imklog: pri was miscalculated
actually, the pri was totally off the real value for PRIs > 9
- bugfix rsgtutil: sometimes crashed in verify mode if file did not exist
- bugfix rsgtutil: some errors/problems at end of file were not reported
* The verification function in rsgtutil tool did not report deletion of
whole signed blocks of lines from the end of the log file.
* The verification function in rsgtutil tool did not report extra
(unsigned) lines at the end of the log file.
Thanks to Henri Lakk for the patch.
- bugfix: error: json_tokener_errors undeclared when overriding PKGCONFIG
If PKGCONFIG settings for json-c were overridden, presence of
json_tokener_errors was not properly detected.
closes: https://github.com/rsyslog/rsyslog/issues/143
Thanks to Alex Fisher for alerting us and the patch.
---------------------------------------------------------------------------
Version 7.6.7 [v7.6-stable] 2014-10-02
- bugfix: the fix for CVE-2014-3634 did not handle all cases
This is corrected now.
see also: CVE-2014-3683
- fixed a build problem on some platforms
Thanks to Olaf for the patch
- behavior change: "msg" of messages with invalid PRI set to "rawmsg"
When the PRI is invalid, the rest of the header cannot be valid. So
we move all of it to MSG and do not try to parse it out. Note that
this is not directly related to the security issue but rather done
because it makes most sense.
---------------------------------------------------------------------------
Version 7.6.6 [v7.6-stable] 2014-09-30
- bugfix: potential abort when a message with PRI > 191 was processed
if the "pri-text" property was used in active templates, this could
be abused to a remote denial of service from permitted senders
see also: CVE-2014-3634
- bugfix: potential segfault on startup on 64 bit systems
This happened immediately on startup during config processing. Once
rsyslog got past this stage, it could not happen.
- bugfix: build problems on SuSe Linux
Thanks Andreas Stieger for the patch
---------------------------------------------------------------------------
Version 7.6.5 [v7.6-stable] 2014-09-17
- bugfix: in 7.6.4, pri-based filters did not work correctly
messages were distributed to the wrong bins.
- bugfix: build problems on systems without atomic instructions
e.g. RHEL 5; backport from v8
---------------------------------------------------------------------------
Version 7.6.4 [v7.6-stable] 2014-09-12
- add --enable-generate-man-pages configure switch (default: enabled)
This forces generation of man pages, even if cached ones exists. This
"fixes" a typical release tarball nit. While it is hackish, the
benefit is clear given the history of failed tarball releases since
we changed the cached man page handling. It was just too easy to get
that wrong.
- removed obsolete --disable-fsstnd configure option
Thanks to Thomas D. for alerting us.
Closes: https://github.com/rsyslog/rsyslog/issues/72
- permits to build against json-c 0.12
Unfortunately, json-c had an ABI breakage, so this is necessary. Note
that versions prior to 0.12 had security issues (CVE-2013-6370,
CVE-2013-6371) and so it is desirable to link against the new version.
Thanks to Thomas D. for the patch. Note that at least some distros
have fixed the security issue in older versions of json-c, so this
seems to apply mostly when building from sources.
- new omfile default module parameters
* filecreatemode
* fileowner
* fileownernum
* filegroup
* filegroupnum
* dirowner
* dirownernum
* dirgroup
* dirgroupnum
Thanks to Karol Jurak for the patch.
- bugfix: memory leak in TCP TLS mode
- bugfix: imfile: if a state file for a different file name was set,
that different file (name) was monitored instead of the configured
one. Now, the state file is deleted and the correct file monitored.
closes: https://github.com/rsyslog/rsyslog/issues/103
- bugfix: using UUID property could cause segfault
- bugfix: mmutf8fix did not detect two invalid sequences
Thanks to Axel Rau for the patch.
- bugfix: file descriptor leak with Guardtime signatures
When a .gtstate file is opened it is never closed. This is especially
bad when dynafiles frequently get evicted from dynafile cache and be
re-opened again.
- bugfix: busy loop in tcp listener when running out of file descriptors
Thanks to Susant Sahani for the patch.
- bugfix: mishandling of input modules not supporting new input instances
If they did not support this, accidentally the output module part of the
module union was written, leading to unpredictable results. Note: all
core modules do support this interface, but some contributed or very
old ones do not.
- bugfix: double-free when ruleset() parser parameters were used
While unlikely, this could cause stability issues even after the
config phase.
- bugfix: output modules with parameters with multiple passing modes
could caused strange behavior including aborts
This was due to the fact that the action module only preserved and
processed the last set passing mode. Note that this was not a problem
for the plugins provided by the rsyslog git: none of them uses different
passing modes.
Thanks to Tomas Heinrich for providing a very detailed bug report.
- various fixes after coverity scan
These do not address issues seen in practice but those seen by the tool.
Some of them may affect practical deployments.
Thanks to Tomas Heinrich for the patches.
- bugfix imuxsock: "Last message repeated..." was not emitted at shutdown
The "Last message repeated..." notice didn't get printed if rsyslog was
shut down before the repetition was broken.
Thanks to Tomas Heinrich for the patch.
- bugfix: make dist failed when GUARDTIME or LIBGCRYPT feature was disabled
- bugfix: mmjsonparse did not build with json-c < 0.10
This was a regression introduced some time in the past in order to
support API changes in json-c. Now we check for the version and use
proper code.
- bugfix: mmanon did not properly anonymize IP addresses starting with '9'
Thanks to defa-at-so36.net for reporting this problem.
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=529
---------------------------------------------------------------------------
Version 7.6.3 [v7.6-stable] 2014-03-27
- add capability to override GnuTLS path in build process
Thanks to Clayton Shotwell for the patch
- support for librelp 1.2.5
Support new return states of librelp 1.2.5 to emit better error messages
For obvious reasons, librelp 1.2.5 is now required.
- bugfix: ompipe used invalid default template
This is a regression from an old change (didn't track it down precisely,
but over a year ago). It used the Forwarding template instead of
the file template (so we have a full syslog header). This fix corrects
it back to previous behavior, but new scripts that used the wrong
format may now need to have the RSYSLOG_ForwardingFormat template
explicitly be applied.
closes: https://github.com/rsyslog/rsyslog/issues/50
- bugfix: ompipe did emit many suspension messages for /dev/xconsole
(hopefully now) closes: https://github.com/rsyslog/rsyslog/issues/35
When it was present, but nobody reading from it. The problem
is the way the rsyslog v7 engine tries to resolve failures in outputs.
It does some retries, and along those lines some state information gets
lost and it is close to impossible to retain it. However, the actual
root problem is that ompipe does not reliably detect if it is able to
recover. The problem here is that it actually does not know this
before it does an actual write. These two things together mess up the
logic that suppresses invalid resumption/suspension messages
(actually, the plugin switches state really that often).
Nevertheless, the prime problem with /dev/xconsole (and probably
most other pipes as well) is that it gets full. So I have now added
code that checks, during resume processing, if the pipe is writable.
If it is not, resume is deferred. That should address the case.
---------------------------------------------------------------------------
Version 7.6.2 [v7.6-stable] 2014-03-17
- support for librelp 1.2.4
This was necessary due to the problems with librelp 1.2.3 API stability.
We now use the new native 1.2.4 APIs to learn about the state of
librelp's TLS support.
For obvious reasons, librelp 1.2.4 is now required.
---------------------------------------------------------------------------
Version 7.6.1 [v7.6-stable] 2014-03-13
- added "action.reportSuspension" action parameter
This now permits to control handling on a per-action basis rather to
the previous "global setting only".
- "action resumed" message now also specifies module type
which makes troubleshooting a bit easier. Note that we cannot output all
the config details (like destination etc) as this would require much more
elaborate code changes, which we at least do not like to do in the
stable version.
- better and more consistent action naming, action queues now always
contain the word "queue" after the action name
- add support for "tls-less" librelp
we now require librelp 1.2.3, as we need the new error code definition
See also: https://github.com/rsyslog/librelp/issues/1
- build system improvements
* autoconf subdir option
* support for newer json-c packages
Thanks to Michael Biebl for the patches.
- imjournal enhancements:
* log entries with empty message field are no longer ignored
* invalid facility and severity values are replaced by defaults
* new config parameters to set default facility and severity
Thanks to Tomas Heinrich for implementing this
- bugfix: ompipe did resume itself even when it was still in error
See: https://github.com/rsyslog/rsyslog/issues/35
Thanks to github user schplat for reporting
- bugfix: "action xxx suspended" did report incorrect error code
- bugfix: ommongodb's template parameter was mandatory but should have
been optional
Thanks to Alain for the analysis and the patch.
- bugfix: only partial doc was put into distribution tarball
Thanks to Michael Biebl for alerting us.
see also: https://github.com/rsyslog/rsyslog/issues/31
- bugfix: async ruleset did process already-deleted messages
Thanks to John Novotny for the patch.
---------------------------------------------------------------------------
Version 7.6.0 [v7.6-stable] 2014-02-12
This starts a new stable branch based on 7.5.8 plus the following changes:
- bugfix: imuxsock input parameters were not accepted
due to copy&paste error. Thanks to Andy Goldstein for the fix.
- added ProcessInternalMessages global system parameter
This permits to inject rsyslog status messages into *another* main
syslogd or the journal.
- new dependency: liblogging-stdlog (for submitting to external logger)
- bugfix: json templates are improperly created
Strings miss the terminating NUL character, which obviously can lead
to all sorts of problems.
See also: https://github.com/rsyslog/rsyslog/issues/27
Thanks to Alain for the analysis and the patch.
- ompgsql bugfix: improper handling of auto-backgrounding mode
If rsyslog was set to auto-background itself (default code behavior, but
many distros now turn it off for good reason), ompgsql could not
properly connect. This could even lead to a segfault. The core reason
was that a PG session handle was kept open over a fork, something that
is explicitly forbidden in the PG API.
Thanks to Alain for the analysis and the patch.
---------------------------------------------------------------------------
Version 7.5.8 [v7-release candidate] 2014-01-09
- add exec_template() RainerScript function
- add debug.onShutdown and debug.logFile global parameters
These enable the new "debug on shutdown" mode, which can be used to
track hard to find problems that occur during system shutdown.
- Add directives for numerically specifying GIDs/UIDs
The already present directives (FileOwner, FileGroup, DirOwner,
DirGroup) translate names to numerical IDs, which depends on the user
information being available during rsyslog's startup. This can fail if
the information is obtained over a network or from a service such as
SSSD. The new directives provide a way to specify the numerical IDs
directly and bypass the lookup.
Thanks to Tomas Heinrich for the patch.
- actions now report if they suspend and resume themselves
this is by default on and controllable by the action.reportSuspension
global parameter
- bugfix: omelasticsearch fail.es stats counter was improperly maintained
- bugfix: mmrfc5424addhmac: "key" parameter was not properly processed
- add new impstats action counters:
* suspended
* suspended.duration
* resumed
---------------------------------------------------------------------------
Version 7.5.7 [v7-devel] 2013-11-25
- queue defaults have changed
* high water mark is now dynamically 90% of queue size
* low water makr is now dynamically 70% of queue size
* queue.discardMark is now dynamically 98% of queue size
* queue.workerThreadMinimumMessage set to queue.size / num workers
For queues with very low queue.maxSize (< 100), "emergency" defaults
will be used.
- worker thread pool handling has been improved
Among others, permits pool to actually shrink (was quite hard with
previous implementation. This will also improve performance and/or
lower system overhead on busy systems.
Thanks to Pavel Levshin for the enhancement.
- bugfix: mmpstrucdata generated inaccessible properties
- bugfix: RainerScript optimizer did not optimize PRI filters
things like "if $syslogfacility-text == "local3"" were not converted
to PRIFILT. This was a regression introduced in 7.5.6.
- bugfix: legacy directive $ActionQueueWorkerThreads was not honored
- bugfix: segfault on startup when certain script constructs are used
e.g. "if not $msg ..."
- bugfix: ommysql lost configfile/section parameters after first close
This means that when a connection was broken, it was probably
re-instantiated with different parameters than configured.
- bugfix: regression in template processing with subtrees in templates
Thanks to Pavel Levshin for the fix
- bugfix: regular worker threads are not properly (re)started if DA
mode is active.
This occurs only under rare conditions, but definitely is a bug that
needed to be addressed. It probably is present since version 4.
Note that this patch has not been applied to v7.4-stable, as it
is very unlikely to happen and the fix itself has some regression
potential (the fix looks very solid, but it addresses a core component).
Thanks to Pavel Levshin for the fix
- now emit warning message if om with msg passing mode uses action queue
These can modify the message, and this causes races.
- bugfix: $SystemLogUseSysTimeStamp/$SystemLogUsePIDFromSystem did not work
Thanks to Tomas Heinrich for the patch.
---------------------------------------------------------------------------
Version 7.5.6 [devel] 2013-10-29
- impstats: add capability to bind to a ruleset
- improved performance of RainerScript variable access
by refactoring the whole body of variable handling code. This also
solves some of the anomalies experienced in some versions of rsyslog.
All variable types are now handled in unified code, including
access via templates.
- RainerScript: make use of 64 bit for numbers where available
Thanks to Pavel Levshin for enhancement.
- slight performance optimization if GCC is used
We give branch prediction hints for the frequent RETiRet macro which is
used for error handling. Some slight performance gain is to be expected
from that.
- removed global variable support
The original idea was not well thought out and global variables, as
implemented, worked far different from what anybody would expect. As
such, we consider the current approach as an experiment that did not
work out and opt to removing it, clearing the way for a better future
solution. Note: global vars were introduced in 7.5.3 on Sept, 11th 2013.
- new module mmsequence, primarily used for action load balancing
Thanks to Pavel Levshin for contributing this module.
- bugfix: unset statement always worked on message var, even if local
var was given
- imudp: support for binding to ruleset added
- bugfix: segfault if variable was assigned to non-container subtree
Thanks to Pavel Levshin for the fix
- bugfix: imuxsock did not support addtl sockets if syssock was disabled
Thanks to Pavel Levshin for the fix
- bugfix: running imupd on multiple threads lead to segfault if recvmmsg
is available
- bugfix: imudp when using recvmmsg could report wrong sender IP
- bugfix: segfault if re_extract() function was used and no match found
- bugfix: omelasticsearch did not compile on platforms without atomic
instructions
- bugfix: potential misaddressing on startup if property-filter was used
This could happen if the property name was longer than 127 chars, a case
that would not happen in practice.
- bugfix: invalid property filter was not properly disabled in ruleset
Note: the cosmetic memory leak introduced with that patch in 7.4.5 is
now also fixed.
- imported bugfixes from 7.4.6 stable release
---------------------------------------------------------------------------
Version 7.5.5 [devel] 2013-10-16
- imfile: permit to monitor an unlimited number of files
- imptcp: add "defaultTZ" input parameter
- imudp: support for multiple receiver threads added
- imudp: add "dfltTZ" input config parameter
- bugfix: memory leak in mmnormalize
- bugfix: mmutf8fix did not properly handle invalid UTF-8 at END of message
if the very last character sequence was too long, this was not detected
Thanks to Risto Vaarandi for reporting this problem.
- mmanon: removed the check for specific "terminator characters" after
last octet. As it turned out, this didn't work in practice as there
was an enormous set of potential terminator chars -- so removing
them was the best thing to do. Note that this may change behavior of
existing installations. Yet, we still consider this an important
bugfix, that should be applied to the stable branch.
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=477
Thanks to Muri Cicanor for initiating the discussion
- now requires libestr 0.1.7 as early versions had a nasty bug in
string comparisons
- bugfix: mmanon did not detect all IP addresses in rewrite mode
The problem occurred if two IPs were close to each other and the first one
was shrunk.
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=485
Thanks to micah-at-riseup.net for reporting this bug
- bugfix: mmanon sometimes used invalid replacement char in simple mode
depending on configuration sequence, the replacement character was set
to 's' instead of the correct value. Most importantly, it was set to
's' if simple mode was selected and no replacement char set.
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=484
Thanks to micah-at-riseup.net for reporting this bug
- bugfix: memory leak in mmnormalize
- bugfix: array-based ==/!= comparisons lead to invalid results
This was a regression introduced in 7.3.5 bei the PRI optimizer
---------------------------------------------------------------------------
Version 7.5.4 [devel] 2013-10-07
- mmpstrucdata: new module to parse RFC5424 structured data into json
message properties
- change main/ruleset queue defaults to be more enterprise-like
new defaults are queue.size 100,000 max workers 2, worker
activation after 40,000 msgs are queued, batch size 256. These settings
are much more useful for enterprises and will not hurt low-end systems
that much. This is part of our re-focus on enterprise needs.
- omfwd: new action parameter "maxErrorMessages" added
- omfile: new module parameters to set action defaults added
* dirCreateMode
* fileCreateMode
- mmutf8fix: new module to fix invalid UTF-8 sequences
- imuxsock: handle unlimited number of additional listen sockets
- doc: improve usability by linking to relevant web resources
The idea is to enable users to quickly find additional information,
samples, HOWTOs and the like on the main site.
At the same time, (very) slightly remove memory footprint when
few listeners are monitored.
- bugfix: omfwd parameter streamdrivermode was not properly handled
it was always overwritten by whatever value was set via the
legacy directive $ActionSendStreamDriverMode
- imtcp: add streamdriver.name module parameter
permits overriding the system default stream driver (gtls, ptcp)
- bugfix: build system: libgcrypt.h needed even if libgrcypt was disabled
Thanks to Jonny Törnbom for reporting this problem
- imported bugfixes from 7.4.4
---------------------------------------------------------------------------
Version 7.5.3 [devel] 2013-09-11
- imfile: support for escaping LF characters added
embedded LF in syslog messages cause a lot of trouble. imfile now has
the capability to escape them to "#012" (just like the regular control
character escape option). This requires new-style input statements to be
used. If legacy configuration statements are used, LF escaping is always
turned off to preserve compatibility.
NOTE: if input() statements were already used, there is a CHANGE OF
BEHAVIOR: starting with this version, escaping is enabled by
default. So if you do not want it, you need to add
escapeLF="off"
to the input statement. Given the trouble LFs cause and the fact
that the majority of installations still use legacy config, we
considered this behavior change acceptable and useful.
see also: http://blog.gerhards.net/2013/09/imfile-multi-line-messages.html
- add support for global and local variables
- bugfix: queue file size was not correctly processed
this could lead to using one queue file per message for sizes >2GiB
Thanks to Tomas Heinrich for the patch.
- add main_queue() configuration object to configure main message queue
- bugfix: stream compression in imptcp caused timestamp to be corrupted
- imudp: add ability to specify SO_RCVBUF size (rcvbufSize parameter)
- imudp: use inputname for statistics, if configured
- impstats: add process resource usage counters [via getrusage()]
- impstats: add parameter "resetCounters" to report delta values
possible for most, but not all, counters. See doc for details.
- librelp 1.2.0 is now required
- make use of new librelp generic error reporting facility
This leads to more error messages being passed to the user and
thus simplified troubleshooting.
- bugfix: very small memory leak in imrelp
more or less cosmetic, a single memory block was not freed, but this
only happens immediately before termination (when the OS automatically
frees all memory). Still an annoyance e.g. in valgrind.
- fix compile problem in debug build
- imported fixes from 7.4.4
---------------------------------------------------------------------------
Version 7.5.2 [devel] 2013-07-04
- librelp 1.1.4 is now required
We use API extensions for better error reporting and higher performance.
- omrelp: use transactional mode to make imrelp emit bulk sends
- omrelp: add "windowSize" parameter to set custom RELP window size
- bugfix: double-free in omelasticsearch
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=461
a security advisory for this bug is available at:
http://www.lsexperts.de/advisories/lse-2013-07-03.txt
CVE: CVE-2013-4758
PLEASE NOTE: This issue only existed if omelasticsearch was used
in a non-default configuration, where the "errorfile" parameter
was specified. Without that parameter set, the bug could not
be triggered.
Thanks to Markus Vervier and Marius Ionescu for providing a detailed
bug report. Special thanks to Markus for coordinating his security
advisory with us.
- doc: fixed various typos
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=391
Thanks to Georgi Georgiev for the patch.
---------------------------------------------------------------------------
Version 7.5.1 [devel] 2013-06-26
- librelp 1.1.3 is required - older versions can lead to a segfault
- add mmfields, which among others supports easy parsing of CEF messages
- omrelp:
* new parameter "compression.prioritystring" to control encryption
parameters used by GnuTLS
- imrelp:
* new parameter "compression.dhbits" to control the number of
bits being used for Diffie-Hellman key generation
* new parameter "compression.prioritystring" to control encryption
parameters used by GnuTLS
* support for impstats added
* support for setting permitted peers (client authentication) added
* bugfix: potential segfault at startup on invalid config parameters
- imjournal: imported patches from 7.4.1
- omprog: add support for command line parameters
- added experimental TCP stream compression (imptcp only, currently)
- added BSD-specific syslog facilities
* "console"
* "bsd_security" - this is called "security" under BSD, but that name
was unfortunately already taken by some standard facility. So I
did the (hopefully) second-best thing and renamed it a little.
- imported fixes from 7.4.2 (especially build problems on FreeBSD)
- bugfix: imptcp did not properly initialize compression status variable
could lead to segfault if stream:always compression mode was selected
---------------------------------------------------------------------------
Version 7.5.0 [devel] 2013-06-11
- imrelp: implement "ruleset" module parameter
- imrelp/omrelp: add TLS & compression (zip) support
- omrelp: add "rebindInterval" parameter
- add -S command line option to specify IP address to use for RELP client
connections
Thanks to Axel Rau for the patch.
---------------------------------------------------------------------------
Version 7.4.11 [v7.4-stable] *never released*
- imjournal enhancements:
* log entries with empty message field are no longer ignored
* invalid facility and severity values are replaced by defaults
* new config parameters to set default facility and severity
Thanks to Tomas Heinrich for implementing this
---------------------------------------------------------------------------
Version 7.4.10 [v7.4-stable] 2014-02-12
- bugfix: json templates are improperly created
Strings miss the terminating NUL character, which obviously can lead
to all sorts of problems.
See also: https://github.com/rsyslog/rsyslog/issues/27
Thanks to Alain for the analysis and the patch.
- ompgsql bugfix: improper handling of auto-backgrounding mode
If rsyslog was set to auto-background itself (default code behavior, but
many distros now turn it off for good reason), ompgsql could not
properly connect. This could even lead to a segfault. The core reason
was that a PG session handle was kept open over a fork, something that
is explicitly forbidden in the PG API.
Thanks to Alain for the analysis and the patch.
---------------------------------------------------------------------------
Version 7.4.9 [v7.4-stable] 2014-01-22
- added ProcessInternalMessages global system parameter
This permits to inject rsyslog status messages into *another* main
syslogd or the journal.
- new dependency: liblogging-stdlog (for submitting to external logger)
- bugfix: imuxsock input parameters were not accepted
due to copy&paste error. Thanks to Andy Goldstein for the fix.
- bugfix: potential double-free in RainerScript equal comparison
happens if the left-hand operand is JSON object and the right-hand
operand is a non-string that does not convert to a number (for
example, it can be another JSON object, probably the only case that
could happen in practice). This is very unlikely to be triggered.
- bugfix: some RainerScript Json(Variable)/string comparisons were wrong
---------------------------------------------------------------------------
Version 7.4.8 [v7.4-stable] 2014-01-08
- rsgtutil provides better error messages on unfinished signature blocks
- bugfix: guard against control characters in internal (error) messages
Thanks to Ahto Truu for alerting us.
- bugfix: immark did emit messages under kern.=info instead of syslog.=info
Note that his can potentially break existing configurations that
rely on immark sending as kern.=info. Unfortunately, we cannot leave
this unfixed as we never should emit messages under the kern facility.
---------------------------------------------------------------------------
Version 7.4.7 [v7.4-stable] 2013-12-10
- bugfix: limiting queue disk space did not work properly
* queue.maxdiskspace actually initializes queue.maxfilesize
* total size of queue files was not checked against
queue.maxdiskspace for disk assisted queues.
Thanks to Karol Jurak for the patch.
- bugfix: linux kernel-like ratelimiter did not work properly with all
inputs (for example, it did not work with imdup). The reason was that
the PRI value was used, but that needed parsing of the message, which
was done too late.
- bugfix: disk queues created files in wrong working directory
if the $WorkDirectory was changed multiple times, all queues only
used the last value set.
- bugfix: legacy directive $ActionQueueWorkerThreads was not honored
- bugfix: segfault on startup when certain script constructs are used
e.g. "if not $msg ..."
- bugfix: imuxsock: UseSysTimeStamp config parameter did not work correctly
Thanks to Tomas Heinrich for alerting us and providing a solution
suggestion.
- bugfix: $SystemLogUseSysTimeStamp/$SystemLogUsePIDFromSystem did not work
Thanks to Tomas Heinrich for the patch.
- improved checking of queue config parameters on startup
- bugfix: call to ruleset with async queue did not use the queue
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=443
- bugfix: if imtcp is loaded and no listeners are configured (which is
uncommon), rsyslog crashes during shutdown.
---------------------------------------------------------------------------
Version 7.4.6 [v7.4-stable] 2013-10-31
- bugfix: potential abort during HUP
This could happen when one of imklog, imzmq3, imkmsg, impstats,
imjournal, or imuxsock were under heavy load during a HUP.
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=489
Thanks to Guy Rozendorn for reporting the problem and Peval Levshin for
his analysis.
- bugfix: imtcp flowControl parameter incorrectly defaulted to "off"
This could cause message loss on systems under heavy load and was
a change-of-behavior to previous version. This is a regression
most probably introduced in 5.9.0 (but did not try hard to find the
exact point of its introduction).
- now requires libestr 0.1.9 as earlier versions lead to problems with
number handling in RainerScript
- bugfix: memory leak in strlen() RainerScript function
Thanks to Gregoire Seux for reporting this bug.
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=486
- bugfix: buffer overrun if re_extract function was called for submatch 50
Thanks to Pavel Levshin for reporting the problem and its location.
- bugfix: memleak in re_extract() function
Thanks to Pavel Levshin for reporting this problem.
- bugfix: potential abort in RainerScript optimizer
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=488
Thanks to Thomas Doll for reporting the problem and Pavel Levshin for
fixing it.
- bugfix: memory leak in omhiredis
Thanks to Pavel Levshin for the fix
- bugfix: segfault if variable was assigned to non-container subtree
Thanks to Pavel Levshin for the fix
---------------------------------------------------------------------------
Version 7.4.5 [v7.4-stable] 2013-10-22
- mmanon: removed the check for specific "terminator characters" after
last octet. As it turned out, this didn't work in practice as there
was an enormous set of potential terminator chars -- so removing
them was the best thing to do. Note that this may change behavior of
existing installations. Yet, we still consider this an important
bugfix, that should be applied to the stable branch.
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=477
Thanks to Muri Cicanor for initiating the discussion
- now requires libestr 0.1.8 as early versions had a nasty bug in
string comparisons
- omelasticsearch: add failed.httprequests stats counter
- bugfix: invalid property filter was not properly disabled in ruleset
Note that this bugfix introduces a very slight memory leak, which is
cosmetic, as it just holds data until termination that is no longer
needed. It is just the part of the config that was invalid. We will
"fix" this "issue" in the devel version first, as the fix is a bit
too intrusive to do without hard need in the stable version.
- bugfix: segfault if re_extract() function was used and no match found
- bugfix: potential misaddressing on startup if property-filter was used
This could happen if the property name was longer than 127 chars, a case
that would not happen in practice.
- bugfix: omelasticsearch: correct failed.http stats counter
- bugfix: omelasticsearch: did not correctly initialize stats counters
- bugfix: omelasticsearch: failed.es counter was only maintained in bulk mode
This usually did not lead to any problems, because they are in static
memory, which is initialized to zero by the OS when the plugin is
loaded. But it may cause problems especially on systems that do not
support atomic instructions - in this case the associated mutexes also
did not get properly initialized.
- bugfix: mmanon did not detect all IP addresses in rewrite mode
The problem occurred if two IPs were close to each other and the first one
was shrunk.
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=485
Thanks to micah-at-riseup.net for reporting this bug
- bugfix: mmanon sometimes used invalid replacement char in simple mode
depending on configuration sequence, the replacement character was set
to 's' instead of the correct value. Most importantly, it was set to
's' if simple mode was selected and no replacement char set.
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=484
Thanks to micah-at-riseup.net for reporting this bug
- bugfix: memory leak in mmnormalize
- bugfix: array-based ==/!= comparisons lead to invalid results
This was a regression introduced in 7.3.5 bei the PRI optimizer
- bugfix: omprog blocked signals to executed programs
The made it impossible to send signals to programs executed via
omprog.
Thanks to Risto Vaarandi for the analysis and a patch.
- bugfix: doc: imuxsock legacy param $SystemLogSocketParseTrusted was
misspelled
Thanks to David Lang for alerting us
- bugfix: imfile "facility" input parameter improperly handled
caused facility not to be set, and severity to be overwritten with
the facility value.
Thanks to forum user dmunny for reporting this bug.
- bugfix: small memory leak in imfile when $ResetConfigVariables was used
Thanks to Grégory Nuyttens for reporting this bug and providing a fix
- bugfix: segfault on startup if TLS was used but no CA cert set
- bugfix: segfault on startup if TCP TLS was used but no cert or key set
- bugfix: some more build problems with newer json-c versions
Thanks to Michael Biebl for mentioning the problem.
- bugfix: build system: libgcrypt.h needed even if libgrcypt was disabled
Thanks to Jonny Törnbom for reporting this problem
---------------------------------------------------------------------------
Version 7.4.4 [v7.4-stable] 2013-09-03
- better error messages in GuardTime signature provider
Thanks to Ahto Truu for providing the patch.
- make rsyslog use the new json-c pkgconfig file if available
Thanks to the Gentoo team for the patches.
- bugfix: imfile parameter "persistStateInterval" was unusable
due to a case typo in imfile; work-around was to use legacy config
Thanks to Brandon Murphy for reporting this bug.
- bugfix: TLV16 flag encoding error in signature files from GT provider
This fixes a problem where the TLV16 flag was improperly encoded.
Unfortunately, existing files already have the bug and may not properly
be processed. The fix uses constants from the GuardTime API lib to
prevent such problems in the future.
Thanks to Ahto Truu for providing the patch.
- bugfix: slightly malformed SMTP handling in ommail
- bugfix: segfault in omprog if no template was provided (now dflt is used)
- bugfix: segfault in ompipe if no template was provided (now dflt is used)
- bugfix: segfault in omsnmp if no template was provided (now dflt is used)
- bugfix: some omsnmp optional config params were flagged as mandatory
- bugfix: segfault in omelasticsearch when resuming queued messages
after restarting Elasticsearch
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=464
- bugfix: imtcp addtlframedelimiter could not be set to zero
Thanks to Chris Norton for alerting us.
- doc bugfix: remove no-longer existing omtemplate from developer doc
was specifically mentioned as a sample for creating new plugins
Thanks to Yannick Brosseau for alerting us of this problem.
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=473
---------------------------------------------------------------------------
Version 7.4.3 [v7.4-stable] 2013-07-18
- bugfix: queue file size was not correctly processed
this could lead to using one queue file per message for sizes >2GiB
Thanks to Tomas Heinrich for the patch.
- bugfix: $QHOUR/$HHOUR were always "00" or "01"
regression some time between v5 and here
Thanks to forum user rjmcinty for reporting this bug
- bugfix: testbench tool chkseq did improperly report invalid file
This happened when permitted duplicate values existed in the very
last lines, right before end-of-file.
Thanks to Radu Gheorghe for reporting this bug.
---------------------------------------------------------------------------
Version 7.4.3 [v7.4-stable] 2013-07-18
- bugfix: memory leak if disk queues were used and json data present
- bugfix: CEE/json data was lost during disk queue operation
- bugfix: potential segfault during startup on invalid config
could happen if invalid actions were present, which could lead
to improper handling in optimizer.
- bugfix: 100% CPU utilization when DA queue became full
- bugfix: omlibdbi did not properly close connection on some errors
This happened to errors occurring in Begin/End Transaction entry
points.
- cosmetic bugfix: file name buffer was not freed on disk queue destruction
This was an extremely small one-time per run memleak, so nothing of
concern. However, it bugs under valgrind and similar memory debuggers.
- fix build on FreeBSD
Thanks to Christiano Rolim for the patch
---------------------------------------------------------------------------
Version 7.4.2 [v7.4-stable] 2013-07-04
- bugfix: in RFC5425 TLS, multiple wildcards in auth could cause segfault
- bugfix: RainerScript object required parameters were not properly
checked - this could result to segfaults on startup if parameters
were missing.
- bugfix: double-free in omelasticsearch
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=461
a security advisory for this bug is available at:
http://www.lsexperts.de/advisories/lse-2013-07-03.txt
CVE: CVE-2013-4758
PLEASE NOTE: This issue only existed if omelasticsearch was used
in a non-default configuration, where the "errorfile" parameter
was specified. Without that parameter set, the bug could not
be triggered.
Thanks to Markus Vervier and Marius Ionescu for providing a detailed
bug report. Special thanks to Markus for coordinating his security
advisory with us.
- bugfix: omrelp potential segfault at startup on invalid config parameters
- bugfix: small memory leak when $uptime property was used
- bugfix: potential segfault on rsyslog termination in imudp
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=456
- bugfix: lmsig_gt abort on invalid configuration parameters
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=448
Thanks to Risto Laanoja for the patch.
- imtcp: fix typo in "listner" parameter, which is "listener"
Currently, both names are accepted.
- solved build problems on FreeBSD
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=457
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=458
Thanks to Christiano for reporting and suggesting patches
- solved build problems on CENTOS5
---------------------------------------------------------------------------
Version 7.4.1 [v7.4-stable] 2013-06-17
- imjournal: add ratelimiting capability
The original imjournal code did not support ratelimiting at all. We
now have our own ratelimiter. This can mitigate against journal
database corruption, when the journal re-sends old data. This is a
current bug in systemd journal, but we won't outrule this to happen
in the future again. So it is better to have a safeguard in place.
By default, we permit 20,000 messages within 10 minutes. This may
be a bit restrictive, but given the risk potential it seems reasonable.
Users requiring larger traffic flows can always adjust the value.
- bugfix: potential loop in rate limiting
if the message that tells about rate-limiting gets rate-limited itself,
it will potentially create and endless loop
- bugfix: potential segfault in imjournal if journal DB is corrupted
- bugfix: prevent a segfault in imjournal if state file is not defined
- bugfix imzmq3: potential segfault on startup
if no problem happened at startup, everything went fine
Thanks to Hongfei Cheng and Brian Knox for the patch
---------------------------------------------------------------------------
Version 7.4.0 [v7.4-stable] 2013-06-06
This starts a new stable branch based on 7.3.15 plus the following changes:
- add --enable-cached-man-pages ./configure option
permits to build rsyslog on a system where rst2man is not installed. In
that case, cached versions of the man pages are used (they were built
during "make dist", so they should be current for the version in
question.
- doc bugfix: ReadMode wrong in imfile doc, two values were swapped
Thanks to jokajak@gmail.com for mentioning this
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=450
- imjournal: no longer do periodic wakeup
- bugfix: potential hang *in debug mode* on rsyslogd termination
This ONLY affected rsyslogd if it were running with debug output
enabled.
- bugfix: $template statement with multiple spaces lead to invalid tpl name
If multiple spaces were used in front of the template name, all but one
of them became actually part of the template name. So
$template a,"..." would be name " a", and as such "a" was not
available, e.g. in
*.* /var/log/file;a
This is a legacy config problem. As it was unreported for many years,
no backport of the fix to old versions will happen.
This is a long-standing bug that was only recently reported by forum
user mc-sim.
Reference: http://kb.monitorware.com/post23448.html
- 0mq fixes; credits to Hongfei Cheng and Brian Knox
---------------------------------------------------------------------------
Version 7.3.15 [beta] 2013-05-15
- bugfix: problem in build system (especially when cross-compiling)
Thanks to Tomas Heinrich and winfried_mb2@xmsnet.nl for the patch.
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=445
- bugfix: imjournal had problem with systemd journal API change
- imjournal: now obtain and include PID
- bugfix: .logsig files had tlv16 indicator bit at wrong offset
- bugfix: omrelp legacy config parameters set a timeout of zero
which lead the legacy config to be unusable.
- bugfix: segfault on startup if a disk queue was configure without file
name
Now this triggers an error message and the queue is changed to
linkedList type.
- bugfix: invalid addressing in string class (recent regression)
---------------------------------------------------------------------------
Version 7.3.14 [beta] 2013-05-06
- bugfix: some man pages were not properly installed
either rscryutil or rsgtutil man was installed, but not both
Thanks to Marius Tomaschewski for the patch.
- bugfix: potential segfault on startup when builtin module was specified
in module() statement.
Thanks to Marius Tomaschewski for reporting the bug.
- bugfix: segfault due to invalid dynafile cache handling
Accidentally, the old-style cache size parameter was used when the
dynafile cache was created in a RainerScript action. If the old-style
size was lower than the one actually set, this lead to misaddressing
when the size was overrun, and that could lead to all kinds of
"interesting things", often in segfaults.
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=440
---------------------------------------------------------------------------
Version 7.3.13 [beta] 2013-04-29
- added omrabbitmq module (contributed, untested)
Note: this is unsupported and as such was moved immediately into the
beta version.
Thanks to Vaclav Tomec for providing this module.
- bugfix: build problem when --enable-encryption was not selected
Thanks to Michael Biebl for fixing this.
- doc bugfix: omfile parameter "VeryRobustZip" was documented as
"VeryReliableZip"
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=437
Thanks to Thomas Doll for reporting this.
---------------------------------------------------------------------------
Version 7.3.12 [devel] 2013-04-25
- added doc for omelasticsearch
Thanks to Radu Gheorghe for the doc contribution.
- omelasticsearch: _id field support for bulk operations
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=392
Thanks to Jérôme Renard for the idea and patches.
- max number of templates for plugin use has been increased to five
- platform compatibility enhancement: solve compile issue with libgcrypt
do not use GCRY_CIPHER_MODE_AESWRAP where not available
- fix compile on Solaris
Thanks to Martin Carpenter for the patch.
- bugfix: off-by-one error in handling local FQDN name (regression)
A temporary buffer was allocated one byte too small. Did only
affect startup, not actual operations. Came up during routine tests,
and can have no effect once the engine runs. Bug was introduced in
7.3.11.
- bugfix: build problems on Solaris
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=436
- bugfix: block size limit was not properly honored
- bugfix: potential segfault in guardtime signature provider
it could segfault if an error was reported by the GuardTime API, because
an invalid free could happen then
---------------------------------------------------------------------------
Version 7.3.11 [devel] 2013-04-23
- added support for encrypting log files
- omhiredis: added support for redis pipeline support
Thanks to Brian Knox for the patch.
- bugfix: $PreserveFQDN is not properly working
Thanks to Louis Bouchard for the patch
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=426
- bugfix: imuxsock aborted due to problem in ratelimiting code
Thanks to Tomas Heinrich for the patch.
- bugfix: imuxsock aborted under some conditions
regression from ratelimiting enhancements - this was a different one
to the one Tomas Heinrich patched.
- bugfix: timestamp problems in imkmsg
---------------------------------------------------------------------------
Version 7.3.10 [devel] 2013-04-10
- added RainerScript re_extract() function
- omrelp: added support for RainerScript-based configuration
- omrelp: added ability to specify session timeout
- templates now permit substring extraction relative to end-of-string
- bugfix: failover/action suspend did not work correctly
This was experienced if the retry action took more than one second
to complete. For suspending, a cached timestamp was used, and if the
retry took longer, that timestamp was already in the past. As a
result, the action never was kept in suspended state, and as such
no failover happened. The suspend functionality now does no longer use
the cached timestamp (should not have any performance implication, as
action suspend occurs very infrequently).
- bugfix: gnutls RFC5425 driver had some undersized buffers
Thanks to Tomas Heinrich for the patch.
- bugfix: nested if/prifilt conditions did not work properly
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=415
- bugfix: imuxsock aborted under some conditions
regression from ratelimiting enhancements
- bugfix: build problems on Solaris
Thanks to Martin Carpenter for the patches.
---------------------------------------------------------------------------
Version 7.3.9 [devel] 2013-03-27
- support for signing logs added
- imudp: now supports user-selectable inputname
- omlibdbi: now supports transaction interface
if recent enough lbdbi is present
- imuxsock: add ability to NOT create/delete sockets during startup and
shutdown
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=259
- imfile: errors persisting state file are now reported
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=292
- imfile: now detects file change when rsyslog was inactive
Previously, this case could not be detected, so if a file was overwritten
or rotated away while rsyslog was stopped, some data was missing. This
is now detected and the new file being forwarded right from the
beginning.
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=228
- updated systemd files to match current systemd source
- bugfix: imudp scheduling parameters did affect main thread, not imudp
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=409
- bugfix: build problem on platforms without GLOB_NOMAGIC
- bugfix: build problems on non-Linux platforms
- bugfix: stdout/stderr were not closed on forking
but were closed when running in the foreground - this was just reversed
of what it should be. This is a regression of a recent change.
---------------------------------------------------------------------------
Version 7.3.8 [devel] 2013-03-18
- imrelp: now supports listening to IPv4/v6 only instead of always both
build now requires librelp 1.0.2
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=378
- bugfix: mmanon did not build on some platforms (e.g. Ubuntu)
- bugfix: segfault in expression optimizer
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=423
- bugfix: imuxsock was missing SysSock.ParseTrusted module parameter
To use that functionality, legacy rsyslog.conf syntax had to be used.
Also, the doc was missing information on the "ParseTrusted" set of
config directives.
- bugfix: include files got included in the wrong order
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=411
This happens if an $IncludeConfig directive was done on multiple
files (e.g. the distro default of $IncludeConfig /etc/rsyslog.d/*.conf).
In that case, the order of include file processing is reversed, which
could lead to all sorts of problems.
Thanks to Nathan Stratton Treadway for his great analysis of the problem,
which made bug fixing really easy.
---------------------------------------------------------------------------
Version 7.3.7 [devel] 2013-03-12
- add support for anonymizing IPv4 addresses
- add support for writing to the Linux Journal (omjournal)
- imuxsock: add capability to ignore messages from ourselves
This helps prevent message routing loops, and is vital to have
if omjournal is used together with traditional syslog.
- field() function now supports a string as field delimiter
- added ability to configure debug system via rsyslog.conf
- bugfix: imuxsock segfault when system log socket was used
- bugfix: mmjsonparse segfault if new-style config was used
- bugfix: script == comparison did not work properly on JSON objects
- bugfix: field() function did never return "***FIELD NOT FOUND***"
instead it returned "***ERROR in field() FUNCTION***" in that case
---------------------------------------------------------------------------
Version 7.3.6 [devel] 2013-01-28
- greatly improved speed of large-array [N]EQ RainerScript comparisons
Thanks to David Lang for a related discussion that inspired the idea
to do this with a much simpler (yet sufficient) approach than originally
planned for.
- greatly improved speed of DNS cache for large cache sizes
- general performance improvements
- omfile: added stats counters for dynafile caches
- omfile: improved async writing, finally enabled full async write
also fixed a couple of smaller issues along that way
- impstats: added ability to write stats records to local file
and avoid going through the syslog log stream. syslog logging can now
also be turned off (see doc for details).
- bugfix: imklog issued wrong facility in error messages
...what could lead to problems in other parts of the code
- fix compile problem in imklog
- added capability to output thread-id-to-function debug info
This is a useful debug aid, but nothing of concern for regular users.
---------------------------------------------------------------------------
Version 7.3.5 [devel] 2012-12-19
- ommysql: addded batching/transaction support
- enhanced script optimizer to optimize common PRI-based comparisons
These constructs are especially used in SUSE default config files,
but also by many users (as they are more readable than the equivalent
PRI-based filter).
- omudpspoof: add support for new config system
- omudpspoof: add support for packets larger than 1472 bytes
On Ethernet, they need to be transmitted in multiple fragments. While
it is known that fragmentation can cause issues, it is the best choice
to be made in that case. Also improved debug output.
- bugfix: omudpspoof failed depending on the execution environment
The v7 engine closes fds, and closed some of libnet's fds as well, what
lead to problems (unfortunately, at least some libnet versions do not
report a proper error state but still "success"...). The order of libnet
calls has been adjusted to by in sync with what the core engine does.
- bugfix: segfault on imuxsock startup if system log socket is used
and no ratelimiting supported. Happens only during initial config
read phase, once this is over, everything works stable.
- bugfix: mmnormalize build problems
- bugfix: mmnormalize could abort rsyslog if config parameter was in error
- bugfix: no error message for invalid string template parameters
rather a malformed template was generated, and error information emitted
at runtime. However, this could be quite confusing. Note that with this
"bugfix" user experience changes: formerly, rsyslog and the affected
actions properly started up, but the actions did not produce proper
data. Now, there are startup error messages and the actions are NOT
executed (due to missing template due to template error).
- bugfix[minor]: invalid error code when mmnormalize could not access
rulebase
- bugfix(kind of): script optimizer did not work for complex boolean
expressions
- doc bugfix: corrections and improvements in mmnormalize html doc page
- bugfix: some message properties could be garbled due to race condition
This happened only on very high volume systems, if the same message was
being processed by two different actions. This was a regression caused
by the new config processor, which did no longer properly enable msg
locking in multithreaded cases. The bugfix is actually a refactoring of
the msg locking code - we no longer do unlocked operations, as the use
case for it has mostly gone away. It is potentially possible only at
very low-end systems, and there the small additional overhead of doing
the locking does not really hurt. Instead, the removal of that
capability can actually slightly improve performance in common cases,
as the code path is smaller and requires slightly less memory writes.
That probably outperforms the extra locking overhead (which in the
low-end case always happens in user space, without need for kernel
support as we can always directly acquire the lock - there is no
contention at all).
- build system cleanup (thanks to Michael Biebl for this!)
- bugfix: omelasticsearch did not properly compile on some platforms
due to missing libmath. Thanks to Michael Biebl for the fix
---------------------------------------------------------------------------
Version 7.3.4 [devel] 2012-11-23
- further (and rather drastically) improved disk queue performance
we now save one third of the IO calls
- imklog: added ParseKernelTimestamp parameter (import from 5.10.2)
Thanks to Marius Tomaschewski for the patch.
- imklog: added KeepKernelTimestamp parameter (import from 5.10.2)
Thanks to Marius Tomaschewski for the patch.
- bugfix: improper handling of backslash in string-type template()s
- bugfix: leading quote (") in string-type template() lead to tight loop
on startup
- bugfix: no error msg on invalid field option in legacy/string template
- bugfix: imklog mistakenly took kernel timestamp subseconds as nanoseconds
... actually, they are microseconds. So the fractional part of the
timestamp was not properly formatted. (import from 5.10.2)
Thanks to Marius Tomaschewski for the bug report and the patch idea.
---------------------------------------------------------------------------
Version 7.3.3 [devel] 2012-11-07
- improved disk queue performance
- bugfix: dynafile zip files could be corrupted
This could happen if a dynafile was destructed before the first write.
In practice, this could happen if few lines were written to a file and
it then became evicted from the dynafile cache. This would probably
look very random, because it depended on the timing in regard to
message volume and dynafile cache size.
---------------------------------------------------------------------------
Version 7.3.2 [devel] 2012-10-30
- mmnormalize: support for v6+ config interface added
- mmjsonparse: support for v6+ config interface added
---------------------------------------------------------------------------
Version 7.3.2 [devel] 2012-10-30
- totally reworked ratelimiting and "last message repeated n times"
all over rsyslog code. Each of the supported inputs now supports
linux-like ratelimiting (formerly only imuxsock did). Also, the
"last message repeated n times" is now processed at the input side
and no longer at the output side of rsyslog processing. This
provides the basis for new future additions as well as usually more
performance and a much simpler output part (which can be even further
refactored).
- imtcp: support for Linux-Type ratelimiting added
- imptcp: support for Linux-Type ratelimiting added
- imudp enhancements:
* support for input batching added (performance improvement)
* support for Linux-Type ratelimiting added
- permited action-like statements (stop, call, ...) in action lists
- bugfix: segfault on startup when modules using MSG_PASSING mode are used
- omelasticsearch: support for writing data errors to local file added
- omelasticsearch: fix check for bulk processing status response
---------------------------------------------------------------------------
Version 7.3.1 [devel] 2012-10-19
- optimized template processing performance, especially for $NOW family
of properties
- change lumberjack cookie to "@cee:" from "@cee: "
CEE originally specified the cookie with SP, whereas other lumberjack
tools used it without space. In order to keep interop with lumberjack,
we now use the cookie without space as well. I hope this can be changed
in CEE as well when it is released at a later time.
Thanks to Miloslav Trmač for pointing this out and a similar v7 patch.
- bugfix: imuxsock and imklog truncated head of received message
This happened only under some circumstances. Thanks to Marius
Tomaschewski, Florian Piekert and Milan Bartos for their help in
solving this issue.
- bugfix: imuxsock did not properly honor $LocalHostIPIF
---------------------------------------------------------------------------
Version 7.3.0 [devel] 2012-10-09
- omlibdbi improvements, added
* support for config load phases & module() parameters
* support for default templates
* driverdirectory is now cleanly a global parameter, but can no longer
be specified as an action parameter. Note that in previous versions
this parameter was ignored in all but the first action definition
- improved omfile zip writer to increase compression
This was achieved by somewhat reducing the robustness of the zip archive.
This is controlled by the new action parameter "VeryReliableZip".
----------------------------------------------------------------------------
Version 7.2.8 [v7-stable] 2013-0?-??
- bugfix: potential segfault on startup when builtin module was specified
in module() statement.
Thanks to Marius Tomaschewski for reporting the bug.
- bugfix: segfault due to invalid dynafile cache handling
Accidentally, the old-style cache size parameter was used when the
dynafile cache was created in a RainerScript action. If the old-style
size was lower than the one actually set, this lead to misaddressing
when the size was overrun, and that could lead to all kinds of
"interesting things", often in segfaults.
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=440
----------------------------------------------------------------------------
Version 7.2.7 [v7-stable] 2013-04-17
- rsyslogd startup information is now properly conveyed back to init
when privileges are being dropped
Actually, we have moved termination of the parent in front of the
priv drop. So it shall work now in all cases. See code comments in
commit for more details.
- If forking, the parent now waits for a maximum of 60 seconds for
termination by the child
- improved debugging support in forked (auto-backgrounding) mode
The rsyslog debug log file is now continued to be written across the
fork.
- updated systemd files to match current systemd source
- bugfix: failover/action suspend did not work correctly
This was experienced if the retry action took more than one second
to complete. For suspending, a cached timestamp was used, and if the
retry took longer, that timestamp was already in the past. As a
result, the action never was kept in suspended state, and as such
no failover happened. The suspend functionality now does no longer use
the cached timestamp (should not have any performance implication, as
action suspend occurs very infrequently).
- bugfix: nested if/prifilt conditions did not work properly
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=415
- bugfix: script == comparison did not work properly on JSON objects
[backport from 7.3 branch]
- bugfix: imudp scheduling parameters did affect main thread, not imudp
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=409
- bugfix: imuxsock rate-limiting could not be configured via legacy conf
Rate-limiting for the system socket could not be configured via legacy
configuration directives. However, the new-style RainerScript config
options worked.
Thanks to Milan Bartos for the patch.
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=390
- bugfix: using group resolution could lead to endless loop
Thanks to Tomas Heinrich for the patch.
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=310
- bugfix: $mmnormalizeuseramsg parameter was specified with wrong type
Thank to Renzhong Zhang for alerting us of the problem.
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=420
- bugfix: RainerScript getenv() function caused segfault when var was
not found.
Thanks to Philippe Muller for the patch.
- bugfix: several issues in imkmsg
see bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=421#c8
- bugfix: imuxsock was missing SysSock.ParseTrusted module parameter
To use that functionality, legacy rsyslog.conf syntax had to be used.
Also, the doc was missing information on the "ParseTrusted" set of
config directives.
- bugfix: parameter action.execOnlyWhenPreviousIsSuspended was accidentally
of integer-type. For obvious reasons, it needs to be boolean. Note
that this change can break existing configurations if they circumvented
the problem by using 0/1 values.
- doc bugfix: rsyslog.conf man page had invalid file format info
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=418
----------------------------------------------------------------------------
Version 7.2.6 [v7-stable] 2013-03-05
- slightly improved config parser error messages when invalid escapes happen
- bugfix: include files got included in the wrong order
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=411
This happens if an $IncludeConfig directive was done on multiple
files (e.g. the distro default of $IncludeConfig /etc/rsyslog.d/*.conf).
In that case, the order of include file processing is reversed, which
could lead to all sorts of problems.
Thanks to Nathan Stratton Treadway for his great analysis of the problem,
which made bug fixing really easy.
- bugfix: omelasticsearch failed when authentication data was provided
... at least in most cases it emitted an error message:
"snprintf failed when trying to build auth string"
Thanks to Joerg Heinemann for alerting us.
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=404
- bugfix: some property-based filter were incorrectly parsed
This usually lead to a syntax error on startup and rsyslogd not actually
starting up. The problem was the regex, which did not care for double
quote characters to follow in the action part - unfortunately something
that can frequently happen with v6+ format. An example:
:programname, isequal, "as" {action(type="omfile" ...) }
Here, the part
:programname, isequal, "as" {action(type="omfile"
was treated as the property filter, and the rest as action part.
Obviously, this did not work out. Unfortunately, such situations usually
resulted in very hard to understand error messages.
----------------------------------------------------------------------------
Version 7.2.5 [v7-stable] 2013-01-08
- build system cleanup (thanks to Michael Biebl for this!)
- bugfix: omelasticsearch did not properly compile on some platforms
due to missing libmath. Thanks to Michael Biebl for the fix
- bugfix: invalid DST handling under Solaris
Thanks to Scott Severtson for the patch.
- bugfix: on termination, actions were incorrectly called
The problem was that incomplete fiter evaluation was done *during the
shutdown phase*. This affected only the LAST batches being processed. No
problem existed during the regular run. Could usually only happen on
very busy systems, which were still busy during shutdown.
- bugfix: very large memory consumption (and probably out of memory) when
FromPos was specified in template, but ToPos not.
Thanks to Radu Gheorghe for alerting us of this bug.
- bugfix: timeval2syslogTime cause problems on some platforms
due to invalid assumption on structure data types.
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=394
Thanks to David Hill for the patch [under ASL2.0 as per email conversation
2013-01-03].
- bugfix: compile errors in im3195
Thanks to Martin Körper for the patch
- bugfix: doGetFileCreateMode() had invalid validity check ;)
Thanks to Chandler Latour for the patch.
- bugfix: mmjsonparse erroneously returned action error when no CEE cookie
was present.
----------------------------------------------------------------------------
Version 7.2.4 [v7-stable] 2012-12-07
- enhance: permit RFC3339 timestamp in local log socket messages
Thanks to Sebastien Ponce for the patch.
- imklog: added ParseKernelTimestamp parameter (import from 5.10.2)
Thanks to Marius Tomaschewski for the patch.
- fix missing functionality: ruleset(){} could not specify ruleset queue
The "queue.xxx" parameter set was not supported, and legacy ruleset
config statements did not work (by intention). The fix introduces the
"queue.xxx" parameter set. It has some regression potential, but only
for the new functionality. Note that using that interface it is possible
to specify duplicate queue file names, which will cause trouble. This
will be solved in v7.3, because there is a too-large regression
potential for the v7.2 stable branch.
- imklog: added KeepKernelTimestamp parameter (import from 5.10.2)
Thanks to Marius Tomaschewski for the patch.
- bugfix: imklog mistakenly took kernel timestamp subseconds as nanoseconds
... actually, they are microseconds. So the fractional part of the
timestamp was not properly formatted. (import from 5.10.2)
Thanks to Marius Tomaschewski for the bug report and the patch idea.
- bugfix: supportoctetcountedframing parameter did not work in imptcp
- bugfix: modules not (yet) supporting new conf format were not properly
registered. This lead to a "module not found" error message instead of
the to-be-expected "module does not support new style" error message.
That invalid error message could be quite misleading and actually stop
people from addressing the real problem (aka "go nuts" ;))
- bugfix: template "type" parameter is mandatory (but was not)
- bugfix: some message properties could be garbled due to race condition
This happened only on very high volume systems, if the same message was
being processed by two different actions. This was a regression caused
by the new config processor, which did no longer properly enable msg
locking in multithreaded cases. The bugfix is actually a refactoring of
the msg locking code - we no longer do unlocked operations, as the use
case for it has mostly gone away. It is potentially possible only at
very low-end systems, and there the small additional overhead of doing
the locking does not really hurt. Instead, the removal of that
capability can actually slightly improve performance in common cases,
as the code path is smaller and requires slightly less memory writes.
That probably outperforms the extra locking overhead (which in the
low-end case always happens in user space, without need for kernel
support as we can always directly acquire the lock - there is no
contention at all).
----------------------------------------------------------------------------
Version 7.2.3 [v7-stable] 2012-10-21
- regression fix: rsyslogd terminated when wild-card $IncludeConfig did not
find actual include files. For example, if this directive is present:
$IncludeConfig /etc/rsyslog.d/*.conf
and there are no *.conf files in /etc/rsyslog.d (but rsyslog.d exists),
rsyslogd will emit an error message and terminate. Previous (and expected)
behavior is that an empty file set is no problem. HOWEVER, if the
directory itself does not exist, this is flagged as an error and will
load to termination (no startup).
Unfortunately, this is often the case by default in many distros, so this
actually prevents rsyslog startup.
----------------------------------------------------------------------------
Version 7.2.2 [v7-stable] 2012-10-16
- doc improvements
- enabled to build without libuuid, at loss of uuid functionality
this enables smoother builds on older systems that do not support
libuuid. Loss of functionality should usually not matter too much as
uuid support has only recently been added and is very seldom used.
- bugfix: omfwd did not properly support "template" parameter
- bugfix: potential segfault when re_match() function was used
Thanks to oxpa for the patch.
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=371
- bugfix: potential abort of imtcp on rsyslogd shutdown
- bugfix: imzmq3 segfault with PULL subscription
Thanks to Martin Nilsson for the patch.
- bugfix: improper handling of backslash in string-type template()s
- bugfix: leading quote (") in string-type template() lead to tight loop
on startup
- bugfix: no error msg on invalid field option in legacy/string template
- bugfix: potential segfault due to invalid param handling in comparisons
This could happen in RainerScript comparisons (like contains); in some
cases an uninitialized variable was accessed, which could lead to an
invalid free and in turn to a segfault.
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=372
Thanks to Georgi Georgiev for reporting this bug and his great help
in solving it.
- bugfix: no error msg on unreadable $IncludeConfig path
- bugfix: $IncludeConfig did not correctly process directories
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=376
The testbench was also enhanced to check for these cases.
Thanks to Georgi Georgiev for the bug report.
- bugfix: make rsyslog compile on kfreebsd again
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=380
Thanks to Guillem Jover for the patch.
- bugfix: garbled message if field name was used with jsonf property option
The length for the field name was invalidly computed, resulting in either
truncated field names or including extra random data. If the random data
contained NULs, the rest of the message became unreadable.
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=374
- bugfix: potential segfault at startup with property-based filter
If the property name was followed by a space before the comma, rsyslogd
aborted on startup. Note that no segfault could happen if the initial
startup went well (this was a problem with the config parser).
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=381
- bugfix: imfile discarded some file parts
File lines that were incomplete (LF missing) *at the time imfile polled
the file* were partially discarded. That part of the line that was read
without the LF was discarded, and the rest of the line was submitted in
the next polling cycle. This is now changed so that the partial content
is saved until the complete line is read. Note that the patch affects
only read mode 0.
Thanks to Milan Bartos for providing the base idea for the solution.
----------------------------------------------------------------------------
Version 7.2.1 [v7-stable] 2012-10-29
- bugfix: ruleset()-object did only support a single statement
- added -D rsyslogd option to enable config parser debug mode
- improved syntax error messages by outputting the error token
- the rsyslog core now suspends actions after 10 failures in a row
This was former the case after 1,000 failures and could cause rsyslog
to be spammed/resources misused. See the v6 compatibility doc for more
details.
- ommongodb rate-limits error messages to prevent spamming the syslog
closes (for v7.2): http://bugzilla.adiscon.com/show_bug.cgi?id=366
----------------------------------------------------------------------------
Version 7.2.0 [v7-stable] 2012-10-22
This starts a new stable branch based on 7.1.12 plus the following changes:
- bugfix: imuxsock did not properly honor $LocalHostIPIF
- omruleset/omdiscard do no longer issue "deprecated" warnings, as 7.1
grammar does not permit to use the replacements under all circumstances
----------------------------------------------------------------------------
Version 7.1.12 [beta] 2012-10-18
- minor updates to better support newer systemd developments
Thanks to Michael Biebl for the patches.
- build system cleanup
Thanks to Michael Biebl for the patch series.
- cleanup: removed remains of -c option (compatibility mode)
both from code & doc and emitted warning message if still used
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=361
Thanks to Michael Biebl for reporting & suggestions
- bugfix: imklog truncated head of received message
This happened only under some circumstances. Thanks to Marius
Tomaschewski and Florian Piekert for their help in solving this issue.
----------------------------------------------------------------------------
Version 7.1.11 [beta] 2012-10-16
- bugfix: imuxsock truncated head of received message
This happened only under some circumstances. Thanks to Marius
Tomaschewski, Florian Piekert and Milan Bartos for their help in
solving this issue.
- bugfix: do not crash if set statement is used with date field
Thanks to Miloslav Trmač for the patch.
- change lumberjack cookie to "@cee:" from "@cee: "
CEE originally specified the cookie with SP, whereas other lumberjack
tools used it without space. In order to keep interop with lumberjack,
we now use the cookie without space as well. I hope this can be changed
in CEE as well when it is released at a later time.
Thanks to Miloslav Trmač for pointing this out and a similar v7 patch.
- added deprecated note to omruleset (plus clue to use "call")
- added deprecated note to discard action (plus clue to use "stop")
---------------------------------------------------------------------------
Version 7.1.10 [beta] 2012-10-11
- bugfix: m4 directory was not present in release tarball
- bugfix: small memory leak with string-type templates
- bugfix: small memory leak when template was specified in omfile
- bugfix: some config processing warning messages were treated as errors
- bugfix: small memory leak when processing action() statements
- bugfix: unknown action() parameters were not reported
---------------------------------------------------------------------------
Version 7.1.9 [beta] 2012-10-09
- bugfix: comments inside objects (e.g. action()) were not properly handled
- bugfix: in (non)equal comparisons the position of arrays influenced result
This behavior is OK for "contains"-type of comparisons (which have quite
different semantics), but not for == and <>, which shall be commutative.
This has been fixed now, so there is no difference any longer if the
constant string array is the left or right hand operand. We solved this
via the optimizer, as it keeps the actual script execution code small.
---------------------------------------------------------------------------
Version 7.1.8 [beta] 2012-10-02
- bugfix: ruleset(){} directive erroneously changed default ruleset
much like the $ruleset legacy conf statement. This potentially lead
to statements being assigned to the wrong ruleset.
- improved module doc
- added "parser" parameter to ruleset(), so that parser chain can be
configured
- implemented "continue" RainerScript statement
---------------------------------------------------------------------------
Version 7.1.7 [devel] 2012-10-01
- implemented RainerScript "call" statement
- implemented RainerScript array-based string comparison operations
- implemented imtcp "permittedPeers" module-global parameter
- imudp: support for specifying multiple ports via array added
---------------------------------------------------------------------------
Version 7.1.6 [devel] 2012-09-28
- implemented RainerScript input() statement, including support for it
in major input plugins
- implemented RainerScript ruleset() statement
---------------------------------------------------------------------------
Version 7.1.5 [devel] 2012-09-25
- implemented RainerScript prifield() function
- implemented RainerScript field() function
- added new module imkmsg to process structured kernel log
Thanks to Milan Bartos for contributing this module
- implemented basic RainerScript optimizer, which will speed up script
operations
- bugfix: invalid free if function re_match() was incorrectly used
if the config file parser detected that param 2 was not constant, some
data fields were not initialized. The destructor did not care about that.
This bug happened only if rsyslog startup was unclean.
---------------------------------------------------------------------------
Version 7.1.4 [devel] 2012-09-19
- implemented ability for CEE-based properties to be stored in disk queues
- implemented string concatenation in expressions via &-operator
- implemented json subtree copy in variable assignment
- implemented full JSON support for variable manipulation
- introduced "subtree"-type templates
- bugfix: omfile action did not respect "template" parameter
... and used default template in all cases
- bugfix: MsgDup() did not copy CEE structure
This function was called at various places, most importantly during
"last messages repeated n times" processing and omruleset. If CEE(JSON)
data was present, it was lost as part of the copy process.
- bugfix: debug output indicated improper queue type
---------------------------------------------------------------------------
Version 7.1.3 [devel] 2012-09-17
- introduced "set" and "unset" config statements
- bugfix: missing support for escape sequences in RainerScript
only \' was supported. Now the usual set is supported. Note that v5
used \x as escape where x was any character (e.g. "\n" meant "n" and NOT
LF). This also means there is some incompatibility to v5 for well-know
sequences. Better break it now than later.
- bugfix: invalid property name in property-filter could cause abort
if action chaining (& operator) was used
http://bugzilla.adiscon.com/show_bug.cgi?id=355
Thanks to pilou@gmx.com for the bug report
---------------------------------------------------------------------------
Version 7.1.2 [devel] 2012-09-12
- bugfix: messages were duplicated, sometimes massively
regression from new code in 7.1.1 and reason for early release
- bugfix: remove invalid socket option call from imuxsock
Thanks to Cristian Ionescu-Idbohrn and Jonny Törnbom
- bugfix: abort when invalid property name was configured
in property-based filter
- bugfix: multiple rulesets did no longer work correctly (7.1.1 regression)
---------------------------------------------------------------------------
Version 7.1.1 [devel] 2012-09-11
- MAJOR NEW FEATURE: ruleengine now fully supports nesting
including if ... then ... else ... constructs. This is a big change
and it obviously has a lot of bug potential.
- BSD-style (filter) blocks are no longer supported
see https://www.rsyslog.com/g/BSD for details and solution
- imuxsock now stores trusted properties by default in the CEE root
This was done in order to keep compatible with other implementations of
the lumberjack schema
Thanks to Miloslav Trmač for pointing to this.
- bugfix: string-generating templates caused abort if CEE field could not
be found
---------------------------------------------------------------------------
Version 7.1.0 [devel] 2012-09-06
- added support for hierarchical properties (CEE/lumberjack)
- added pure JSON output plugin parameter passing mode
- ommongodb now supports templates
- bugfix: imtcp could abort on exit due to invalid free()
- imported bugfixes from 6.4.1
---------------------------------------------------------------------------
Version 6.6.1 [v6-stable] 2012-10-??
- bugfix: build problems on some platforms
- bugfix: misaddressing of $mmnormalizeuserawmsg parameter
On many platforms, this has no effect at all. At some, it may cause
a segfault. The problem occurs only during config phase, no segfault
happens when rsyslog has fully started.
- fix API "glitch" in some plugins
This did not affect users, but could have caused trouble in the future
for developers.
- bugfix: no error msg on invalid field option in legacy/string template
- bugfix: no error msg on unreadable $IncludeConfig path
- bugfix: $IncludeConfig did not correctly process directories
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=376
The testbench was also enhanced to check for these cases.
Thanks to Georgi Georgiev for the bug report.
- bugfix: spurios error messages from imuxsock about (non-error) EAGAIN
Thanks to Marius Tomaschewski for the patch.
- imklog: added $klogParseKernelTimestamp option
When enabled, kernel message [timestamp] is converted for message time.
Default is to use receive time as in 5.8.x and before, because the clock
used to create the timestamp is not supposed to be as accurate as the
monotonic clock (depends on hardware and kernel) resulting in differences
between kernel and system messages which occurred at same time.
Thanks to Marius Tomaschewski for the patch.
- imklog: added $klogKeepKernelTimestamp option
When enabled, the kernel [timestamp] remains at begin of
each message, even it is used for the message time too.
Thanks to Marius Tomaschewski for the patch.
- bugfix: imklog mistakenly took kernel timestamp subseconds as nanoseconds
... actually, they are microseconds. So the fractional part of the
timestamp was not properly formatted.
Thanks to Marius Tomaschewski for the bug report and the patch idea.
- bugfix: hostname set in rsyslog.conf was not picked up until HUP
which could also mean "never" or "not for a very long time".
Thanks to oxpa for providing analysis and a patch
- bugfix: some message properties could be garbled due to race condition
This happened only on very high volume systems, if the same message was
being processed by two different actions. This was a regression caused
by the new config processor, which did no longer properly enable msg
locking in multithreaded cases. The bugfix is actually a refactoring of
the msg locking code - we no longer do unlocked operations, as the use
case for it has mostly gone away. It is potentially possible only at
very low-end systems, and there the small additional overhead of doing
the locking does not really hurt. Instead, the removal of that
capability can actually slightly improve performance in common cases,
as the code path is smaller and requires slightly less memory writes.
That probably outperforms the extra locking overhead (which in the
low-end case always happens in user space, without need for kernel
support as we can always directly acquire the lock - there is no
contention at all).
- bugfix: invalid DST handling under Solaris
Thanks to Scott Severtson for the patch.
---------------------------------------------------------------------------
Version 6.6.0 [v6-stable] 2012-10-22
This starts a new stable branch, based on the 6.5.x series, plus:
- bugfix: imuxsock did not properly honor $LocalHostIPIF
---------------------------------------------------------------------------
Version 6.5.1 [beta] 2012-10-11
- added tool "logctl" to handle lumberjack logs in MongoDB
- imfile ported to new v6 config interface
- imfile now supports config parameter for maximum number of submits
which is a fine-tuning parameter in regard to input batching
- added pure JSON output plugin parameter passing mode
- ommongodb now supports templates
- bugfix: imtcp could abort on exit due to invalid free()
- bugfix: remove invalid socket option call from imuxsock
Thanks to Cristian Ionescu-Idbohrn and Jonny Törnbom
- added pure JSON output plugin parameter passing mode
- ommongodb now supports templates
- bugfix: imtcp could abort on exit due to invalid free()
- bugfix: missing support for escape sequences in RainerScript
only \' was supported. Now the usual set is supported. Note that v5
used \x as escape where x was any character (e.g. "\n" meant "n" and NOT
LF). This also means there is some incompatibility to v5 for well-know
sequences. Better break it now than later.
- bugfix: small memory leaks in template() statements
these were one-time memory leaks during startup, so they did NOT grow
during runtime
- bugfix: config validation run did not always return correct return state
- bugfix: config errors did not always cause statement to fail
This could lead to startup with invalid parameters.
---------------------------------------------------------------------------
Version 6.5.0 [devel] 2012-08-28
- imrelp now supports non-cancel thread termination
(but now requires at least librelp 1.0.1)
- implemented freeCnf() module interface
This was actually not present in older versions, even though some modules
already used it. The implementation was now done, and not in 6.3/6.4
because the resulting memory leak was ultra-slim and the new interface
handling has some potential to seriously break things. Not the kind of
thing you want to add in late beta state, if avoidable.
- added --enable-debugless configure option for very high demanding envs
This actually at compile time disables a lot of debug code, resulting
in some speedup (but serious loss of debugging capabilities)
- added new 0mq plugins (via czmq lib)
Thanks to David Kelly for contributing these modules
- bugfix: omhdfs did no longer compile
- bugfix: SystemLogSocketAnnotate did not work correctly
Thanks to Miloslav Trmač for the patch
- $SystemLogParseTrusted config file option
Thanks to Milan Bartos for the patch
- added template config directive
- added new uuid message property
Thanks to Jérôme Renard for the idea and patches.
Note: patches were released under ASL 2.0, see
http://bugzilla.adiscon.com/show_bug.cgi?id=353
---------------------------------------------------------------------------
Version 6.4.3 [V6-STABLE/NEVER RELEASED] 2012-??-??
This version was never released as 6.6.0 came quickly enough. Note that
all these patches here are present in 6.6.0.
- cleanup: removed remains of -c option (compatibility mode)
both from code & doc and emitted warning message if still used
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=361
Thanks to Michael Biebl for reporting & suggestions
- bugfix: imuxsock and imklog truncated head of received message
This happened only under some circumstances. Thanks to Marius
Tomaschewski, Florian Piekert and Milan Bartos for their help in
solving this issue.
- change lumberjack cookie to "@cee:" from "@cee: "
CEE originally specified the cookie with SP, whereas other lumberjack
tools used it without space. In order to keep interop with lumberjack,
we now use the cookie without space as well. I hope this can be changed
in CEE as well when it is released at a later time.
Thanks to Miloslav Trmač for pointing this out and a similar v7 patch.
- bugfix: comments inside objects (e.g. action()) were not properly handled
- bugfix: sysklogd-emulating standard template was no longer present in v6
This was obviously lost during the transition to the new config format.
Thanks to Milan Bartos for alerting us and a patch!
- bugfix: some valid legacy PRI filters were flagged as erroneous
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=358
This happened to filters of the style "local0,local1.*", where the
multiple facilities were comma-separated.
- bugfix: imuxsock did not properly honor $LocalHostIPIF
---------------------------------------------------------------------------
Version 6.4.2 [V6-STABLE] 2012-09-20
- bugfix: potential abort, if action queue could not be properly started
This most importantly could happen due to configuration errors.
- bugfix: remove invalid socket option call from imuxsock
Thanks to Cristian Ionescu-Idbohrn and Jonny Törnbom
- bugfix: missing support for escape sequences in RainerScript
only \' was supported. Now the usual set is supported. Note that v5
used \x as escape where x was any character (e.g. "\n" meant "n" and NOT
LF). This also means there is some incompatibility to v5 for well-know
sequences. Better break it now than later.
- bugfix: config validation run did not always return correct return state
---------------------------------------------------------------------------
Version 6.4.1 [V6-STABLE] 2012-09-06
- bugfix: multiple main queues with same queue file name were not detected
This lead to queue file corruption. While the root cause is a config
error, it is a bug that this important and hard to find config error
was not detected by rsyslog.
- bugfix: "jsonf" property replacer option did generate invalid JSON
in JSON, we have "fieldname":"value", but the option emitted
"fieldname"="value". Interestingly, this was accepted by a couple
of sinks, most importantly elasticsearch. Now the correct format is
emitted, which causes a remote chance that some things that relied on
the wrong format will break.
Thanks to Miloslav Trmač for the patch
- change $!all-json did emit an empty (thus non-JSON) string if no libee
data was present. It now emits {} and thus valid JSON. There is a
small risk that this may break some things that relied on the previous
inconsistency.
Thanks to Miloslav Trmač for the patch
- bugfix: omusrmsg incorrect return state & config warning handling
During config file processing, Omusrmsg often incorrectly returned a
warning status, even when no warning was present (caused by
uninitialized variable). Also, the core handled warning messages
incorrectly, and treated them as errors. As a result, omusrmsg
(most often) could not properly be loaded. Note that this only
occurs with legacy config action syntax. This was a regression
caused by an incorrect merge in to the 6.3.x codebase.
Thanks to Stefano Mason for alerting us of this bug.
- bugfix: Fixed TCP CheckConnection handling in omfwd.c. Interface needed
to be changed in lower stream classes. Syslog TCP Sending is now resumed
properly. Unfixed, that lead to non-detection of downstate of remote
hosts.
---------------------------------------------------------------------------
Version 6.4.0 [V6-STABLE] 2012-08-20
- THIS IS THE FIRST VERSION OF THE 6.4.x STABLE BRANCH
It includes all enhancements made in 6.3.x plus what is written in the
ChangeLog below.
- omelasticsearch: support for parameters parent & dynparent added
- bugfix: imtcp aborted when more than 2 connections were used.
Incremented pthread stack size to 4MB for imtcp, imptcp and imttcp
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=342
- bugfix: imptcp aborted when $InputPTCPServerBindRuleset was used
- bugfix: problem with cutting first 16 characters from message with
bAnnotate
Thanks to Milan Bartos for the patch.
---------------------------------------------------------------------------
Version 6.3.12 [BETA] 2012-07-02
- support for elasticsearch via omelasticsearch added
Note that this module has been tested quite well by a number of folks,
and this is why we merge in new functionality in a late beta stage.
Even if problems would exist, only users of omelasticsearch would
experience them, making it a pretty safe addition.
- bugfix: $ActionName was not properly honored
Thanks to Abby Edwards for alerting us
---------------------------------------------------------------------------
Version 6.3.11 [BETA] 2012-06-18
- bugfix: expression-based filters with AND/OR could segfault
due to a problem with boolean shortcut operations. From the user's
perspective, the segfault is almost non-deterministic (it occurs when
a shortcut is used).
Thanks to Lars Peterson for providing the initial bug report and his
support in solving it.
- bugfix: "last message repeated n times" message was missing hostname
Thanks to Zdenek Salvet for finding this bug and to Bodik for reporting
---------------------------------------------------------------------------
Version 6.3.10 [BETA] 2012-06-04
- bugfix: delayable source could block action queue, even if there was
a disk queue associated with it. The root cause of this problem was
that it makes no sense to delay messages once they arrive in the
action queue - the "input" that is being held in that case is the main
queue worker, what makes no sense.
Thanks to Marcin for alerting us on this problem and providing
instructions to reproduce it.
- bugfix: invalid free in imptcp could lead to abort during startup
- bugfix: if debug message could end up in log file when forking
if rsyslog was set to auto-background (thus fork, the default) and debug
mode to stdout was enabled, debug messages ended up in the first log file
opened. Currently, stdout logging is completely disabled in forking mode
(but writing to the debug log file is still possible). This is a change
in behavior, which is under review. If it causes problems to you,
please let us know.
Thanks to Tomas Heinrich for the patch.
- bugfix: --enable-smcustbindcdr configure directive did not work
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=330
Thanks to Ultrabug for the patch.
- bugfix: made rsyslog compile when libestr ist not installed in /usr
Thanks to Miloslav Trmač for providing patches and suggestions
---------------------------------------------------------------------------
Version 6.3.9 [BETA] 2012-05-22
- bugfix: imtcp could cause hang during reception
this also applied to other users of core file tcpsrv.c, but imtcp was
by far the most prominent and widely-used, the rest rather exotic
(like imdiag)
- added capability to specify substrings for field extraction mode
- added the "jsonf" property replacer option (and fieldname)
- bugfix: omudpspoof did not work correctly if no spoof hostname was
configured
- bugfix: property replacer option "json" could lead to content loss
message was truncated if escaping was necessary
- bugfix: assigned ruleset was lost when using disk queues
This looked quite hard to diagnose for disk-assisted queues, as the
pure memory part worked well, but ruleset info was lost for messages
stored inside the disk queue.
- bugfix/imuxsock: solving abort if hostname was not set; configured
hostname was not used (both merge regressions)
-bugfix/omfile: template action parameter was not accepted
(and template name set to "??" if the parameter was used)
Thanks to Brian Knox for alerting us on this bug.
- bugfix: ommysql did not properly init/exit the mysql runtime library
this could lead to segfaults. Triggering condition: multiple action
instances using ommysql. Thanks to Tomas Heinrich for reporting this
problem and providing an initial patch (which my solution is based on,
I need to add more code to clean the mess up).
- bugfix: rsyslog did not terminate when delayable inputs were blocked
due to unavailable sources. Fixes:
http://bugzilla.adiscon.com/show_bug.cgi?id=299
Thanks to Marcin M for bringing up this problem and Andre Lorbach
for helping to reproduce and fix it.
- added capability to specify substrings for field extraction mode
- bugfix: disk queue was not persisted on shutdown, regression of fix to
http://bugzilla.adiscon.com/show_bug.cgi?id=299
The new code also handles the case of shutdown of blocking light and
full delayable sources somewhat smarter and permits, assuming sufficient
timeouts, to persist message up to the max queue capacity. Also some nits
in debug instrumentation have been fixed.
---------------------------------------------------------------------------
Version 6.3.8 [DEVEL] 2012-04-16
- added $PStatJSON directive to permit stats records in JSON format
- added "date-unixtimestamp" property replacer option to format as a
unix timestamp (seconds since epoch)
- added "json" property replacer option to support JSON encoding on a
per-property basis
- added omhiredis (contributed module)
- added mmjsonparse to support recognizing and parsing JSON enhanced syslog
messages
- upgraded more plugins to support the new v6 config format:
- ommysql
- omlibdbi
- omsnmp
- added configuration directives to customize queue light delay marks
$MainMsgQueueLightDelayMark, $ActionQueueLightDelayMark; both
specify number of messages starting at which a delay happens.
- added message property parsesuccess to indicate if the last run
higher-level parser could successfully parse the message or not
(see property replacer html doc for details)
- bugfix: abort during startup when rsyslog.conf v6+ format was used in
a certain way
- bugfix: property $!all-json made rsyslog abort if no normalized data
was available
- bugfix: memory leak in array passing output module mode
- added configuration directives to customize queue light delay marks
- permit size modifiers (k,m,g,...) in integer config parameters
Thanks to Jo Rhett for the suggestion.
- bugfix: hostname was not requeried on HUP
Thanks to Per Jessen for reporting this bug and Marius Tomaschewski for
his help in testing the fix.
- bugfix: imklog invalidly computed facility and severity
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=313
- added configuration directive to disable octet-counted framing
for imtcp, directive is $InputTCPServerSupportOctetCountedFraming
for imptcp, directive is $InputPTCPServerSupportOctetCountedFraming
- added capability to use a local interface IP address as fromhost-ip for
locally originating messages. New directive $LocalHostIPIF
---------------------------------------------------------------------------
Version 6.3.7 [DEVEL] 2012-02-02
- imported refactored v5.9.6 imklog linux driver, now combined with BSD
driver
- removed imtemplate/omtemplate template modules, as this was waste of time
The actual input/output modules are better copy templates. Instead, the
now-removed modules cost time for maintenance AND often caused confusion
on what their role was.
- added a couple of new stats objects
- improved support for new v6 config system. The build-in output modules
now all support the new config language
- bugfix: facility local<x> was not correctly interpreted in legacy filters
Was only accepted if it was the first PRI in a multi-filter PRI.
Thanks to forum user Mark for bringing this to our attention.
- bugfix: potential abort after reading invalid X.509 certificate
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=290
Thanks to Tomas Heinrich for the patch
- bugfix: legacy parsing of some filters did not work correctly
- bugfix: rsyslog aborted during startup if there is an error in loading
an action and legacy configuration mode is used
- bugfix: bsd klog driver did no longer compile
- relicensed larger parts of the code under Apache (ASL) 2.0
---------------------------------------------------------------------------
Version 6.3.6 [DEVEL] 2011-09-19
- added $InputRELPServerBindRuleset directive to specify rulesets for RELP
- bugfix: config parser did not support properties with dashes in them
inside property-based filters. Thanks to Gerrit Seré for reporting this.
---------------------------------------------------------------------------
Version 6.3.5 [DEVEL] (rgerhards/al), 2011-09-01
- bugfix/security: off-by-two bug in legacy syslog parser, CVE-2011-3200
- bugfix: mark message processing did not work correctly
- imudp&imtcp now report error if no listener at all was defined
Thanks to Marcin for suggesting this error message.
- bugfix: potential misaddressing in property replacer
---------------------------------------------------------------------------
Version 6.3.4 [DEVEL] (rgerhards), 2011-08-02
- added support for action() config object
* in rsyslog core engine
* in omfile
* in omusrmsg
- bugfix: omusrmsg format usr1,usr2 was no longer supported
- bugfix: misaddressing in config handler
In theory, can cause segfault, in practice this is extremely unlikely
Thanks to Marcin for alerting me.
---------------------------------------------------------------------------
Version 6.3.3 [DEVEL] (rgerhards), 2011-07-13
- rsyslog.conf format: now parsed by RainerScript parser
this provides the necessary base for future enhancements as well as some
minor immediate ones. For details see:
http://blog.gerhards.net/2011/07/rsyslog-633-config-format-improvements.html
- performance of script-based filters notably increased
- removed compatibility mode as we expect people have adjusted their
confs by now
- added support for the ":omfile:" syntax for actions
---------------------------------------------------------------------------
Version 6.3.2 [DEVEL] (rgerhards), 2011-07-06
- added support for the ":omusrmsg:" syntax in configuring user messages
- systemd support: set stdout/stderr to null - thx to Lennart for the patch
- added support for obtaining timestamp for kernel message from message
If the kernel time-stamps messages, time is now take from that
timestamp instead of the system time when the message was read. This
provides much better accuracy. Thanks to Lennart Poettering for
suggesting this feature and his help during implementation.
- added support for obtaining timestamp from system for imuxsock
This permits to read the time a message was submitted to the system
log socket. Most importantly, this is provided in microsecond resolution.
So we are able to obtain high precision timestampis even for messages
that were - as is usual - not formatted with them. This also simplifies
things in regard to local time calculation in chroot environments.
Many thanks to Lennart Poettering for suggesting this feature,
providing some guidance on implementing it and coordinating getting the
necessary support into the Linux kernel.
- bugfix: timestamp was incorrectly calculated for timezones with minute
offset
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=271
- bugfix: memory leak in imtcp & subsystems under some circumstances
This leak is tied to error conditions which lead to incorrect cleanup
of some data structures.
---------------------------------------------------------------------------
Version 6.3.1 [DEVEL] (rgerhards), 2011-06-07
- added a first implementation of a DNS name cache
this still has a couple of weaknesses, like no expiration of entries,
suboptimal algorithms -- but it should perform much better than
what we had previously. Implementation will be improved based on
feedback during the next couple of releases
---------------------------------------------------------------------------
Version 6.3.0 [DEVEL] (rgerhards), 2011-06-01
- introduced new config system
http://blog.gerhards.net/2011/06/new-rsyslog-config-system-materializes.html
---------------------------------------------------------------------------
Version 6.2.2 [v6-stable], 2012-06-13
- build system improvements and spec file templates
Thanks to Abby Edwards for providing these enhancements
- bugfix: disk queue was not persisted on shutdown, regression of fix to
http://bugzilla.adiscon.com/show_bug.cgi?id=299
The new code also handles the case of shutdown of blocking light and
full delayable sources somewhat smarter and permits, assuming sufficient
timeouts, to persist message up to the max queue capacity. Also some nits
in debug instrumentation have been fixed.
- bugfix: --enable-smcustbindcdr configure directive did not work
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=330
Thanks to Ultrabug for the patch.
- add small delay (50ms) after sending shutdown message
There seem to be cases where the shutdown message is otherwise not
processed, not even on an idle system. Thanks to Marcin for
bringing this problem up.
- support for resolving huge groups
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=310
Thanks to Alec Warner for the patch
- bugfix: potential hang due to mutex deadlock
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=316
Thanks to Andreas Piesk for reporting&analyzing this bug as well as
providing patches and other help in resolving it.
- bugfix: property PROCID empty instead of proper nilvalue if not present
If it is not present, it must have the nilvalue "-" as of RFC5424
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=332
Thanks to John N for reporting this issue.
- bugfix: did not compile under solaris due to $uptime property code
For the time being, $uptime is not supported on Solaris
- bugfix: "last message repeated n times" message was missing hostname
Thanks to Zdenek Salvet for finding this bug and to Bodik for reporting
---------------------------------------------------------------------------
Version 6.2.1 [v6-stable], 2012-05-10
- change plugin config interface to be compatible with pre-v6.2 system
The functionality was already removed (because it is superseded by the
v6.3+ config language), but code was still present. I have now removed
those parts that affect interface. Full removal will happen in v6.3, in
order to limit potential regressions. However, it was considered useful
enough to do the interface change in v6-stable; this also eases merging
branches!
- re-licensed larger parts of the codebase under the Apache license 2.0
- bugfix: omprog made rsyslog abort on startup if not binary to
execute was configured
- bugfix: imklog invalidly computed facility and severity
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=313
- bugfix: stopped DA queue was never processed after a restart due to a
regression from statistics module
- bugfix: memory leak in array passing output module mode
- bugfix: ommysql did not properly init/exit the mysql runtime library
this could lead to segfaults. Triggering condition: multiple action
instances using ommysql. Thanks to Tomas Heinrich for reporting this
problem and providing an initial patch (which my solution is based on,
I need to add more code to clean the mess up).
- bugfix: rsyslog did not terminate when delayable inputs were blocked
due to unavailable sources. Fixes:
http://bugzilla.adiscon.com/show_bug.cgi?id=299
Thanks to Marcin M for bringing up this problem and Andre Lorbach
for helping to reproduce and fix it.
- bugfix/tcpflood: sending small test files did not work correctly
---------------------------------------------------------------------------
Version 6.2.0 [v6-stable], 2012-01-09
- bugfix (kind of): removed numerical part from pri-text
see v6 compatibility document for reasons
- bugfix: race condition when extracting program name, APPNAME, structured
data and PROCID (RFC5424 fields) could lead to invalid characters e.g.
in dynamic file names or during forwarding (general malfunction of these
fields in templates, mostly under heavy load)
- bugfix: imuxsock did no longer ignore message-provided timestamp, if
so configured (the *default*). Lead to no longer sub-second timestamps.
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=281
- bugfix: omfile returns fatal error code for things that go really wrong
previously, RS_RET_RESUME was returned, which lead to a loop inside the
rule engine as omfile could not really recover.
- bugfix: potential abort after reading invalid X.509 certificate
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=290
Thanks to Tomas Heinrich for the patch
- enhanced module loader to not rely on PATH_MAX
- imuxsock: added capability to "annotate" messages with "trusted
information", which contains some properties obtained from the system
and as such sure to not be faked. This is inspired by the similar idea
introduced in systemd.
---------------------------------------------------------------------------
Version 6.1.12 [BETA], 2011-09-01
- bugfix/security: off-by-two bug in legacy syslog parser, CVE-2011-3200
- bugfix: mark message processing did not work correctly
- bugfix: potential misaddressing in property replacer
- bugfix: memcpy overflow can occur in allowed sender checking
if a name is resolved to IPv4-mapped-on-IPv6 address
Found by Ismail Dönmez at suse
- bugfix: The NUL-Byte for the syslogtag was not copied in MsgDup (msg.c)
- bugfix: fixed incorrect state handling for Discard Action (transactions)
Note: This caused all messages in a batch to be set to COMMITTED,
even if they were discarded.
---------------------------------------------------------------------------
Version 6.1.11 [BETA] (rgerhards), 2011-07-11
- systemd support: set stdout/stderr to null - thx to Lennart for the patch
- added support for the ":omusrmsg:" syntax in configuring user messages
- added support for the ":omfile:" syntax in configuring user messages
---------------------------------------------------------------------------
Version 6.1.10 [BETA] (rgerhards), 2011-06-22
- bugfix: problems in failover action handling
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=270
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=254
- bugfix: mutex was invalidly left unlocked during action processing
At least one case where this can occur is during thread shutdown, which
may be initiated by lower activity. In most cases, this is quite
unlikely to happen. However, if it does, data structures may be
corrupted which could lead to fatal failure and segfault. I detected
this via a testbench test, not a user report. But I assume that some
users may have had unreproducable aborts that were cause by this bug.
---------------------------------------------------------------------------
Version 6.1.9 [BETA] (rgerhards), 2011-06-14
- bugfix: problems in failover action handling
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=270
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=254
- bugfix: mutex was invalidly left unlocked during action processing
At least one case where this can occur is during thread shutdown, which
may be initiated by lower activity. In most cases, this is quite
unlikely to happen. However, if it does, data structures may be
corrupted which could lead to fatal failure and segfault. I detected
this via a testbench test, not a user report. But I assume that some
users may have had unreproducable aborts that were cause by this bug.
- bugfix/improvement:$WorkDirectory now gracefully handles trailing slashes
- bugfix: memory leak in imtcp & subsystems under some circumstances
This leak is tied to error conditions which lead to incorrect cleanup
of some data structures. [backport from v6.3]
- bugfix: $ActionFileDefaultTemplate did not work
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=262
---------------------------------------------------------------------------
Version 6.1.8 [BETA] (rgerhards), 2011-05-20
- official new beta version (note that in a sense 6.1.7 was already beta,
so we may release the first stable v6 earlier than usual)
- new module mmsnmptrapd, a sample message modification module
- import of minor bug fixes from v4 & v5
---------------------------------------------------------------------------
Version 6.1.7 [DEVEL] (rgerhards), 2011-04-15
- added log classification capabilities (via mmnormalize & tags)
- speeded up tcp forwarding by reducing number of API calls
this especially speeds up TLS processing
- somewhat improved documentation index
- bugfix: enhanced imudp config processing code disabled due to wrong
merge (affected UDP realtime capabilities)
- bugfix (kind of): memory leak with tcp reception epoll handler
This was an extremely unlikely leak and, if it happened, quite small.
Still it is better to handle this border case.
- bugfix: IPv6-address could not be specified in omrelp
this was due to improper parsing of ":"
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=250
- bugfix: do not open files with full privileges, if privs will be dropped
This make the privilege drop code more bulletproof, but breaks Ubuntu's
work-around for log files created by external programs with the wrong
user and/or group. Note that it was long said that this "functionality"
would break once we go for serious privilege drop code, so hopefully
nobody still depends on it (and, if so, they lost...).
- bugfix: pipes not opened in full priv mode when privs are to be dropped
---------------------------------------------------------------------------
Version 6.1.6 [DEVEL] (rgerhards), 2011-03-14
- enhanced omhdfs to support batching mode. This permits to increase
performance, as we now call the HDFS API with much larger message
sizes and far more infrequently
- improved testbench
among others, life tests for ommysql (against a test database) have
been added, valgrind-based testing enhanced, ...
- bugfix: minor memory leak in omlibdbi (< 1k per instance and run)
- bugfix: (regression) omhdfs did no longer compile
- bugfix: omlibdbi did not use password from rsyslog.con
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=203
- systemd support somewhat improved (can now take over existing log sockt)
- bugfix: discard action did not work under some circumstances
fixes: http://bugzilla.adiscon.com/show_bug.cgi?id=217
- bugfix: file descriptor leak in gnutls netstream driver
fixes: http://bugzilla.adiscon.com/show_bug.cgi?id=222
- fixed compile problem in imtemplate
fixes: http://bugzilla.adiscon.com/show_bug.cgi?id=235
---------------------------------------------------------------------------
Version 6.1.5 [DEVEL] (rgerhards), 2011-03-04
- improved testbench
- enhanced imtcp to use a pool of worker threads to process incoming
messages. This enables higher processing rates, especially in the TLS
case (where more CPU is needed for the crypto functions)
- added support for TLS (in anon mode) to tcpflood
- improved TLS error reporting
- improved TLS startup (Diffie-Hellman bits do not need to be generated,
as we do not support full anon key exchange -- we always need certs)
- bugfix: fixed a memory leak and potential abort condition
this could happen if multiple rulesets were used and some output batches
contained messages belonging to more than one ruleset.
fixes: http://bugzilla.adiscon.com/show_bug.cgi?id=226
fixes: http://bugzilla.adiscon.com/show_bug.cgi?id=218
- bugfix: memory leak when $RepeatedMsgReduction on was used
bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=225
- bugfix: potential abort condition when $RepeatedMsgReduction set to on
as well as potentially in a number of other places where MsgDup() was
used. This only happened when the imudp input module was used and it
depended on name resolution not yet had taken place. In other words,
this was a strange problem that could lead to hard to diagnose
instability. So if you experience instability, chances are good that
this fix will help.
---------------------------------------------------------------------------
Version 6.1.4 [DEVEL] (rgerhards), 2011-02-18
- bugfix/omhdfs: directive $OMHDFSFileName rendered unusable
due to a search and replace-induced bug ;)
- bugfix: minor race condition in action.c - considered cosmetic
This is considered cosmetic as multiple threads tried to write exactly
the same value into the same memory location without sync. The method
has been changed so this can no longer happen.
- added pmsnare parser module (written by David Lang)
- enhanced imfile to support non-cancel input termination
- improved systemd socket activation thanks to Marius Tomaschewski
- improved error reporting for $WorkDirectory
non-existence and other detectable problems are now reported,
and the work directory is NOT set in this case
- bugfix: pmsnare caused abort under some conditions
- bugfix: abort if imfile reads file line of more than 64KiB
Thanks to Peter Eisentraut for reporting and analyzing this problem.
bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=221
- bugfix: queue engine did not properly slow down inputs in FULL_DELAY mode
when in disk-assisted mode. This especially affected imfile, which
created unnecessarily queue files if a large set of input file data was
to process.
- bugfix: very long running actions could prevent shutdown under some
circumstances. This has now been solved, at least for common
situations.
- bugfix: fixed compile problem due to empty structs
this occurred only on some platforms/compilers. thanks to Dražen Kačar
for the fix
---------------------------------------------------------------------------
Version 6.1.3 [DEVEL] (rgerhards), 2011-02-01
- experimental support for mongodb added
- added $IMUDPSchedulingPolicy and $IMUDPSchedulingPriority config settings
- added $LocalHostName config directive
- improved tcpsrv performance by enabling multiple-entry epoll
so far, we always pulled a single event from the epoll interface.
Now 128, what should result in performance improvement (less API
calls) on busy systems. Most importantly affects imtcp.
- imptcp now supports non-cancel termination mode, a plus in stability
- imptcp speedup: multiple worker threads can now be used to read data
- new directive $InputIMPTcpHelperThreads added
- bugfix: fixed build problems on some platforms
namely those that have 32bit atomic operations but not 64 bit ones
- bugfix: local hostname was pulled too-early, so that some config
directives (namely FQDN settings) did not have any effect
- enhanced tcpflood to support multiple sender threads
this is required for some high-throughput scenarios (and necessary to
run some performance tests, because otherwise the sender is too slow).
- added some new custom parsers (snare, aix, some Cisco "specialities")
thanks to David Lang
---------------------------------------------------------------------------
Version 6.1.2 [DEVEL] (rgerhards), 2010-12-16
- added experimental support for log normalization (via liblognorm)
support for normalizing log messages has been added in the form of
mmnormalize. The core engine (property replacer, filter engine) has
been enhanced to support properties from normalized events.
Note: this is EXPERIMENTAL code. It is currently know that
there are issues if the functionality is used with
- disk-based queues
- asynchronous action queues
You can not use the new functionality together with these features.
This limitation will be removed in later releases. However, we
preferred to release early, so that one can experiment with the new
feature set and accepted the price that this means the full set of
functionality is not yet available. If not used together with
these features, log normalizing should be pretty stable.
- enhanced testing tool tcpflood
now supports sending via UDP and the capability to run multiple
iterations and generate statistics data records
- bugfix: potential abort when output modules with different parameter
passing modes were used in configured output modules
---------------------------------------------------------------------------
Version 6.1.1 [DEVEL] (rgerhards), 2010-11-30
- bugfix(important): problem in TLS handling could cause rsyslog to loop
in a tight loop, effectively disabling functionality and bearing the
risk of unresponsiveness of the whole system.
Bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=194
- support for omhdfs officially added (import from 5.7.1)
- merged imuxsock improvements from 5.7.1 (see there)
- support for systemd officially added (import from 5.7.0)
- bugfix: a couple of problems that imfile had on some platforms, namely
Ubuntu (not their fault, but occurred there)
- bugfix: imfile utilizes 32 bit to track offset. Most importantly,
this problem can not experienced on Fedora 64 bit OS (which has
64 bit long's!)
- a number of other bugfixes from older versions imported
---------------------------------------------------------------------------
Version 6.1.0 [DEVEL] (rgerhards), 2010-08-12
*********************************** NOTE **********************************
The v6 versions of rsyslog feature a greatly redesigned config system
which, among others, supports scoping. However, the initial version does
not contain the whole new system. Rather it will evolve. So it is
expected that interfaces, even new ones, break during the initial
6.x.y releases.
*********************************** NOTE **********************************
- added $Begin, $End and $ScriptScoping config scope statements
(at this time for actions only).
- added imptcp, a simplified, Linux-specific and potentially fast
syslog plain tcp input plugin (NOT supporting TLS!)
[ported from v4]
---------------------------------------------------------------------------
Version 5.10.2 [V5-STABLE], 201?-??-??
- bugfix: queue file size was not correctly processed
this could lead to using one queue file per message for sizes >2GiB
Thanks to Tomas Heinrich for the patch.
- updated systemd files to match current systemd source
- bugfix: spurios error messages from imuxsock about (non-error) EAGAIN
Thanks to Marius Tomaschewski for the patch.
- imklog: added $klogParseKernelTimestamp option
When enabled, kernel message [timestamp] is converted for message time.
Default is to use receive time as in 5.8.x and before, because the clock
used to create the timestamp is not supposed to be as accurate as the
monotonic clock (depends on hardware and kernel) resulting in differences
between kernel and system messages which occurred at same time.
Thanks to Marius Tomaschewski for the patch.
- imklog: added $klogKeepKernelTimestamp option
When enabled, the kernel [timestamp] remains at begin of
each message, even it is used for the message time too.
Thanks to Marius Tomaschewski for the patch.
- bugfix: imklog mistakenly took kernel timestamp subseconds as nanoseconds
... actually, they are microseconds. So the fractional part of the
timestamp was not properly formatted.
Thanks to Marius Tomaschewski for the bug report and the patch idea.
- imklog: added $klogKeepKernelTimestamp option
When enabled, the kernel [timestamp] remains at begin of
each message, even it is used for the message time too.
Thanks to Marius Tomaschewski for the patch.
- bugfix: imklog mistakenly took kernel timestamp subseconds as nanoseconds
... actually, they are microseconds. So the fractional part of the
timestamp was not properly formatted.
Thanks to Marius Tomaschewski for the bug report and the patch idea.
- bugfix: invalid DST handling under Solaris
Thanks to Scott Severtson for the patch.
- bugfix: invalid decrement in pm5424 could lead to log truncation
Thanks to Tomas Heinrich for the patch.
- bugfix[kind of]: omudpspoof discarded messages >1472 bytes (MTU size)
it now truncates these message, but ensures they are sent. Note that
7.3.5+ will switch to fragmented UDP messages instead (up to 64K)
---------------------------------------------------------------------------
Version 5.10.1 [V5-STABLE], 2012-10-17
- bugfix: imuxsock and imklog truncated head of received message
This happened only under some circumstances. Thanks to Marius
Tomaschewski, Florian Piekert and Milan Bartos for their help in
solving this issue.
- enable DNS resolution in imrelp
Thanks to Apollon Oikonomopoulos for the patch
- bugfix: invalid property name in property-filter could cause abort
if action chaining (& operator) was used
http://bugzilla.adiscon.com/show_bug.cgi?id=355
Thanks to pilou@gmx.com for the bug report
- bugfix: remove invalid socket option call from imuxsock
Thanks to Cristian Ionescu-Idbohrn and Jonny Törnbom
- bugfix: fixed wrong bufferlength for snprintf in tcpflood.c when using
the -f (dynafiles) option.
- fixed issues in build system (namely related to cust1 dummy plugin)
---------------------------------------------------------------------------
Version 5.10.0 [V5-STABLE], 2012-08-23
NOTE: this is the new rsyslog v5-stable, incorporating all changes from the
5.9.x series. In addition to that, it contains the fixes and
enhancements listed below in this entry.
- bugfix: delayable source could block action queue, even if there was
a disk queue associated with it. The root cause of this problem was
that it makes no sense to delay messages once they arrive in the
action queue - the "input" that is being held in that case is the main
queue worker, what makes no sense.
Thanks to Marcin for alerting us on this problem and providing
instructions to reproduce it.
- bugfix: disk queue was not persisted on shutdown, regression of fix to
http://bugzilla.adiscon.com/show_bug.cgi?id=299
The new code also handles the case of shutdown of blocking light and
full delayable sources somewhat smarter and permits, assuming sufficient
timeouts, to persist message up to the max queue capacity. Also some nits
in debug instrumentation have been fixed.
- add small delay (50ms) after sending shutdown message
There seem to be cases where the shutdown message is otherwise not
processed, not even on an idle system. Thanks to Marcin for
bringing this problem up.
- support for resolving huge groups
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=310
Thanks to Alec Warner for the patch
- bugfix: potential hang due to mutex deadlock
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=316
Thanks to Andreas Piesk for reporting&analyzing this bug as well as
providing patches and other help in resolving it.
- bugfix: property PROCID empty instead of proper nilvalue if not present
If it is not present, it must have the nilvalue "-" as of RFC5424
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=332
Thanks to John N for reporting this issue.
- bugfix: "last message repeated n times" message was missing hostname
Thanks to Zdenek Salvet for finding this bug and to Bodik for reporting
- bugfix: multiple main queues with same queue file name was not detected
This lead to queue file corruption. While the root cause is a config
error, it is a bug that this important and hard to find config error
was not detected by rsyslog.
---------------------------------------------------------------------------
Version 5.9.7 [V5-BETA], 2012-05-10
- added capability to specify substrings for field extraction mode
- bugfix: ommysql did not properly init/exit the mysql runtime library
this could lead to segfaults. Triggering condition: multiple action
instances using ommysql. Thanks to Tomas Heinrich for reporting this
problem and providing an initial patch (which my solution is based on,
I need to add more code to clean the mess up).
- bugfix: rsyslog did not terminate when delayable inputs were blocked
due to unavailable sources. Fixes:
http://bugzilla.adiscon.com/show_bug.cgi?id=299
Thanks to Marcin M for bringing up this problem and Andre Lorbach
for helping to reproduce and fix it.
- bugfix/tcpflood: sending small test files did not work correctly
---------------------------------------------------------------------------
Version 5.9.6 [V5-BETA], 2012-04-12
- added configuration directives to customize queue light delay marks
- permit size modifiers (k,m,g,...) in integer config parameters
Thanks to Jo Rhett for the suggestion.
- bugfix: hostname was not requeried on HUP
Thanks to Per Jessen for reporting this bug and Marius Tomaschewski for
his help in testing the fix.
- bugfix: imklog invalidly computed facility and severity
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=313
- bugfix: imptcp input name could not be set
config directive was accepted, but had no effect
- added configuration directive to disable octet-counted framing
for imtcp, directive is $InputTCPServerSupportOctetCountedFraming
for imptcp, directive is $InputPTCPServerSupportOctetCountedFraming
- added capability to use a local interface IP address as fromhost-ip for
locally originating messages. New directive $LocalHostIPIF
- added configuration directives to customize queue light delay marks
$MainMsgQueueLightDelayMark, $ActionQueueLightDelayMark; both
specify number of messages starting at which a delay happens.
---------------------------------------------------------------------------
Version 5.9.5 [V5-DEVEL], 2012-01-27
- improved impstats subsystem, added many new counters
- enhanced module loader to not rely on PATH_MAX
- refactored imklog linux driver, now combined with BSD driver
The Linux driver no longer supports outdated kernel symbol resolution,
which was disabled by default for very long. Also overall cleanup,
resulting in much smaller code. Linux and BSD are now covered by a
single small driver.
- $IMUXSockRateLimitInterval DEFAULT CHANGED, was 5, now 0
The new default turns off rate limiting. This was chosen as people
experienced problems with rate-limiting activated by default. Now it
needs an explicit opt-in by setting this parameter.
Thanks to Chris Gaffney for suggesting to make it opt-in; thanks to
many unnamed others who already had complained at the time Chris made
the suggestion ;-)
---------------------------------------------------------------------------
Version 5.9.4 [V5-DEVEL], 2011-11-29
- imuxsock: added capability to "annotate" messages with "trusted
information", which contains some properties obtained from the system
and as such sure to not be faked. This is inspired by the similar idea
introduced in systemd.
- removed dependency on gcrypt for recently-enough GnuTLS
see: http://bugzilla.adiscon.com/show_bug.cgi?id=289
- bugfix: imuxsock did no longer ignore message-provided timestamp, if
so configured (the *default*). Lead to no longer sub-second timestamps.
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=281
- bugfix: omfile returns fatal error code for things that go really wrong
previously, RS_RET_RESUME was returned, which lead to a loop inside the
rule engine as omfile could not really recover.
- bugfix: rsyslogd -v always said 64 atomics were not present
thanks to mono_matsuko for the patch
---------------------------------------------------------------------------
Version 5.9.3 [V5-DEVEL], 2011-09-01
- bugfix/security: off-by-two bug in legacy syslog parser, CVE-2011-3200
- bugfix: mark message processing did not work correctly
- added capability to emit config error location info for warnings
otherwise, omusrmsg's warning about new config format was not
accompanied by problem location.
- bugfix: potential misaddressing in property replacer
- bugfix: MSGID corruption in RFC5424 parser under some circumstances
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=275
- bugfix: The NUL-Byte for the syslogtag was not copied in MsgDup (msg.c)
---------------------------------------------------------------------------
Version 5.9.2 [V5-DEVEL] (rgerhards), 2011-07-11
- systemd support: set stdout/stderr to null - thx to Lennart for the patch
- added support for the ":omusrmsg:" syntax in configuring user messages
- added support for the ":omfile:" syntax for actions
---------------------------------------------------------------------------
Version 5.9.1 [V5-DEVEL] (rgerhards), 2011-06-30
- added support for obtaining timestamp for kernel message from message
If the kernel time-stamps messages, time is now take from that
timestamp instead of the system time when the message was read. This
provides much better accuracy. Thanks to Lennart Poettering for
suggesting this feature and his help during implementation.
- added support for obtaining timestamp from system for imuxsock
This permits to read the time a message was submitted to the system
log socket. Most importantly, this is provided in microsecond resolution.
So we are able to obtain high precision timestampis even for messages
that were - as is usual - not formatted with them. This also simplifies
things in regard to local time calculation in chroot environments.
Many thanks to Lennart Poettering for suggesting this feature,
providing some guidance on implementing it and coordinating getting the
necessary support into the Linux kernel.
- bugfix: timestamp was incorrectly calculated for timezones with minute
offset
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=271
- bugfix: problems in failover action handling
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=270
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=254
- bugfix: mutex was invalidly left unlocked during action processing
At least one case where this can occur is during thread shutdown, which
may be initiated by lower activity. In most cases, this is quite
unlikely to happen. However, if it does, data structures may be
corrupted which could lead to fatal failure and segfault. I detected
this via a testbench test, not a user report. But I assume that some
users may have had unreproducable aborts that were cause by this bug.
- bugfix: memory leak in imtcp & subsystems under some circumstances
This leak is tied to error conditions which lead to incorrect cleanup
of some data structures. [backport from v6]
- bugfix/improvement:$WorkDirectory now gracefully handles trailing slashes
---------------------------------------------------------------------------
Version 5.9.0 [V5-DEVEL] (rgerhards), 2011-06-08
- imfile: added $InputFileMaxLinesAtOnce directive
- enhanced imfile to support input batching
- added capability for imtcp and imptcp to activate keep-alive packets
at the socket layer. This has not been added to imttcp, as the latter is
only an experimental module, and one which did not prove to be useful.
reference: http://kb.monitorware.com/post20791.html
- added support to control KEEPALIVE settings in imptcp
this has not yet been added to imtcp, but could be done on request.
- $ActionName is now also used for naming of queues in impstats
as well as in the debug output
- bugfix: do not open files with full privileges, if privs will be dropped
This make the privilege drop code more bulletproof, but breaks Ubuntu's
work-around for log files created by external programs with the wrong
user and/or group. Note that it was long said that this "functionality"
would break once we go for serious privilege drop code, so hopefully
nobody still depends on it (and, if so, they lost...).
- bugfix: pipes not opened in full priv mode when privs are to be dropped
- this begins a new devel branch for v5
- better handling of queue i/o errors in disk queues. This is kind of a
bugfix, but a very intrusive one, this it goes into the devel version
first. Right now, "file not found" is handled and leads to the new
emergency mode, in which disk action is stopped and the queue run
in direct mode. An error message is emited if this happens.
- added support for user-level PRI provided via systemd
- added new config directive $InputTCPFlowControl to select if tcp
received messages shall be flagged as light delayable or not.
- enhanced omhdfs to support batching mode. This permits to increase
performance, as we now call the HDFS API with much larger message
sizes and far more infrequently
- bugfix: failover did not work correctly if repeated msg reduction was on
affected directive was: $ActionExecOnlyWhenPreviousIsSuspended on
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=236
---------------------------------------------------------------------------
Version 5.8.13 [V5-stable] 2012-08-22
- bugfix: DA queue could cause abort
- bugfix: "last message repeated n times" message was missing hostname
Thanks to Zdenek Salvet for finding this bug and to Bodik for reporting
- bugfix "$PreserveFQDN on" was not honored in some modules
Thanks to bodik for reporting this bug.
- bugfix: randomized IP option header in omudpspoof caused problems
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=327
Thanks to Rick Brown for helping to test out the patch.
- bugfix: potential abort if output plugin logged message during shutdown
note that none of the rsyslog-provided plugins does this
Thanks to bodik and Rohit Prasad for alerting us on this bug and
analyzing it.
fixes: http://bugzilla.adiscon.com/show_bug.cgi?id=347
- bugfix: multiple main queues with same queue file name was not detected
This lead to queue file corruption. While the root cause is a config
error, it is a bug that this important and hard to find config error
was not detected by rsyslog.
---------------------------------------------------------------------------
Version 5.8.12 [V5-stable] 2012-06-06
- add small delay (50ms) after sending shutdown message
There seem to be cases where the shutdown message is otherwise not
processed, not even on an idle system. Thanks to Marcin for
bringing this problem up.
- support for resolving huge groups
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=310
Thanks to Alec Warner for the patch
- bugfix: delayable source could block action queue, even if there was
a disk queue associated with it. The root cause of this problem was
that it makes no sense to delay messages once they arrive in the
action queue - the "input" that is being held in that case is the main
queue worker, what makes no sense.
Thanks to Marcin for alerting us on this problem and providing
instructions to reproduce it.
- bugfix: disk queue was not persisted on shutdown, regression of fix to
http://bugzilla.adiscon.com/show_bug.cgi?id=299
The new code also handles the case of shutdown of blocking light and
full delayable sources somewhat smarter and permits, assuming sufficient
timeouts, to persist message up to the max queue capacity. Also some nits
in debug instrumentation have been fixed.
- bugfix/omudpspoof: problems, including abort, happened when run on
multiple threads. Root cause is that libnet is not thread-safe.
omudpspoof now guards libnet calls with their own mutex.
- bugfix: if debug message could end up in log file when forking
if rsyslog was set to auto-background (thus fork, the default) and debug
mode to stdout was enabled, debug messages ended up in the first log file
opened. Currently, stdout logging is completely disabled in forking mode
(but writing to the debug log file is still possible). This is a change
in behavior, which is under review. If it causes problems to you,
please let us know.
Thanks to Tomas Heinrich for the patch.
- bugfix/tcpflood: sending small test files did not work correctly
- bugfix: potential hang due to mutex deadlock
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=316
Thanks to Andreas Piesk for reporting&analyzing this bug as well as
providing patches and other help in resolving it.
- bugfix: property PROCID empty instead of proper nilvalue if not present
If it is not present, it must have the nilvalue "-" as of RFC5424
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=332
Thanks to John N for reporting this issue.
---------------------------------------------------------------------------
Version 5.8.11 [V5-stable] 2012-05-03
- bugfix: ommysql did not properly init/exit the mysql runtime library
this could lead to segfaults. Triggering condition: multiple action
instances using ommysql. Thanks to Tomas Heinrich for reporting this
problem and providing an initial patch (which my solution is based on,
I need to add more code to clean the mess up).
- bugfix: rsyslog did not terminate when delayable inputs were blocked
due to unavailable sources. Fixes:
http://bugzilla.adiscon.com/show_bug.cgi?id=299
Thanks to Marcin M for bringing up this problem and Andre Lorbach
for helping to reproduce and fix it.
- bugfix: active input in "light delay state" could block rsyslog
termination, at least for prolonged period of time
- bugfix: imptcp input name could not be set
config directive was accepted, but had no effect
- bugfix: assigned ruleset was lost when using disk queues
This looked quite hard to diagnose for disk-assisted queues, as the
pure memory part worked well, but ruleset info was lost for messages
stored inside the disk queue.
- bugfix: hostname was not requeried on HUP
Thanks to Per Jessen for reporting this bug and Marius Tomaschewski for
his help in testing the fix.
- bugfix: inside queue.c, some thread cancel states were not correctly
reset. While this is a bug, we assume it did have no practical effect
because the reset as it was done was set to the state the code actually
had at this point. But better fix this...
---------------------------------------------------------------------------
Version 5.8.10 [V5-stable] 2012-04-05
- bugfix: segfault on startup if $actionqueuefilename was missing for disk
queue config
Thanks to Tomas Heinrich for the patch.
- bugfix: segfault if disk-queue was started up with old queue file
Thanks to Tomas Heinrich for the patch.
- bugfix: memory leak in array passing output module mode
---------------------------------------------------------------------------
Version 5.8.9 [V5-stable] 2012-03-15
- added tool to recover disk queue if .qi file is missing (recover_qi.pl)
Thanks to Kaiwang Chen for contributing this tool
- bugfix: stopped DA queue was never processed after a restart due to a
regression from statistics module
- added better doc for statsobj interface
Thanks to Kaiwang Chen for his suggestions and analysis in regard to the
stats subsystem.
---------------------------------------------------------------------------
Version 5.8.8 [V5-stable] 2012-03-05
- added capability to use a local interface IP address as fromhost-ip for
imuxsock imklog
new config directives: $IMUXSockLocalIPIF, $klogLocalIPIF
- added configuration directives to customize queue light delay marks
$MainMsgQueueLightDelayMark, $ActionQueueLightDelayMark; both
specify number of messages starting at which a delay happens.
- bugfix: omprog made rsyslog abort on startup if not binary to
execute was configured
- bugfix: imklog invalidly computed facility and severity
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=313
---------------------------------------------------------------------------
Version 5.8.7 [V5-stable] 2012-01-17
- bugfix: instabilities when using RFC5424 header fields
Thanks to Kaiwang Chen for the patch
- bugfix: imuxsock did truncate part of received message if it did not
contain a proper date. The truncation occurred because we removed that
part of the messages that was expected to be the date.
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=295
- bugfix: potential abort after reading invalid X.509 certificate
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=290
Thanks to Tomas Heinrich for the patch
- bugfix: stats counter were not properly initialized on creation
- FQDN hostname for multihomed host was not always set to the correct name
if multiple aliases existed. Thanks to Tomas Heinreich for the patch.
- re-licensed larger parts of the codebase under the Apache license 2.0
---------------------------------------------------------------------------
Version 5.8.6 [V5-stable] 2011-10-21
- bugfix: missing whitespace after property-based filter was not detected
- bugfix: $OMFileFlushInterval period was doubled - now using correct value
- bugfix: ActionQueue could malfunction due to index error
Thanks to Vlad Grigorescu for the patch
- bugfix: $ActionExecOnlyOnce interval did not work properly
Thanks to Tomas Heinrich for the patch
- bugfix: race condition when extracting program name, APPNAME, structured
data and PROCID (RFC5424 fields) could lead to invalid characters e.g.
in dynamic file names or during forwarding (general malfunction of these
fields in templates, mostly under heavy load)
- bugfix: imuxsock did no longer ignore message-provided timestamp, if
so configured (the *default*). Lead to no longer sub-second timestamps.
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=281
- bugfix: omfile returns fatal error code for things that go really wrong
previously, RS_RET_RESUME was returned, which lead to a loop inside the
rule engine as omfile could not really recover.
- bugfix: imfile did invalid system call under some circumstances
when a file that was to be monitored did not exist BUT the state file
actually existed. Mostly a cosmetic issue. Root cause was incomplete
error checking in stream.c; so patch may affect other code areas.
- bugfix: rsyslogd -v always said 64 atomics were not present
thanks to mono_matsuko for the patch
---------------------------------------------------------------------------
Version 5.8.5 [V5-stable] (rgerhards/al), 2011-09-01
- bugfix/security: off-by-two bug in legacy syslog parser, CVE-2011-3200
- bugfix: mark message processing did not work correctly
- bugfix: potential hang condition during tag emulation
- bugfix: too-early string termination during tag emulation
- bugfix: The NUL-Byte for the syslogtag was not copied in MsgDup (msg.c)
- bugfix: fixed incorrect state handling for Discard Action (transactions)
Note: This caused all messages in a batch to be set to COMMITTED,
even if they were discarded.
---------------------------------------------------------------------------
Version 5.8.4 [V5-stable] (al), 2011-08-10
- bugfix: potential misaddressing in property replacer
- bugfix: memcpy overflow can occur in allowed sender checking
if a name is resolved to IPv4-mapped-on-IPv6 address
Found by Ismail Dönmez at suse
- bugfix: potential misaddressing in property replacer
- bugfix: MSGID corruption in RFC5424 parser under some circumstances
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=275
---------------------------------------------------------------------------
Version 5.8.3 [V5-stable] (rgerhards), 2011-07-11
- systemd support: set stdout/stderr to null - thx to Lennart for the patch
- added support for the ":omusrmsg:" syntax in configuring user messages
- added support for the ":omfile:" syntax for actions
Note: previous outchannel syntax will generate a warning message. This
may be surprising to some users, but it is quite urgent to alert them
of the new syntax as v6 can no longer support the previous one.
---------------------------------------------------------------------------
Version 5.8.2 [V5-stable] (rgerhards), 2011-06-21
- bugfix: problems in failover action handling
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=270
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=254
- bugfix: mutex was invalidly left unlocked during action processing
At least one case where this can occur is during thread shutdown, which
may be initiated by lower activity. In most cases, this is quite
unlikely to happen. However, if it does, data structures may be
corrupted which could lead to fatal failure and segfault. I detected
this via a testbench test, not a user report. But I assume that some
users may have had unreproducable aborts that were cause by this bug.
- bugfix: memory leak in imtcp & subsystems under some circumstances
This leak is tied to error conditions which lead to incorrect cleanup
of some data structures. [backport from v6]
- bugfix/improvement:$WorkDirectory now gracefully handles trailing slashes
---------------------------------------------------------------------------
Version 5.8.1 [V5-stable] (rgerhards), 2011-05-19
- bugfix: invalid processing in QUEUE_FULL condition
If the the multi-submit interface was used and a QUEUE_FULL condition
occurred, the failed message was properly destructed. However, the
rest of the input batch, if it existed, was not processed. So this
lead to potential loss of messages and a memory leak. The potential
loss of messages was IMHO minor, because they would have been dropped
in most cases due to the queue remaining full, but very few lucky ones
from the batch may have made it. Anyhow, this has now been changed so
that the rest of the batch is properly tried to be enqueued and, if
not possible, destructed.
- new module mmsnmptrapd, a sample message modification module
This can be useful to reformat snmptrapd messages and also serves as
a sample for how to write message modification modules using the
output module interface. Note that we introduced this new
functionality directly into the stable release, as it does not
modify the core and as such cannot have any side-effects if it is
not used (and thus the risk is solely on users requiring that
functionality).
- bugfix: rate-limiting inside imuxsock did not work 100% correct
reason was that a global config variable was invalidly accessed where a
listener variable should have been used.
Also performance-improved the case when rate limiting is turned off (this
is a very unintrusive change, thus done directly to the stable version).
- bugfix: $myhostname not available in RainerScript (and no error message)
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=233
- bugfix: memory and file descriptor leak in stream processing
Leaks could occur under some circumstances if the file stream handler
errored out during the open call. Among others, this could cause very
big memory leaks if there were a problem with unreadable disk queue
files. In regard to the memory leak, this
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=256
- bugfix: doc for impstats had wrong config statements
also, config statements were named a bit inconsistent, resolved that
problem by introducing an alias and only documenting the consistent
statements
Thanks to Marcin for bringing up this problem.
- bugfix: IPv6-address could not be specified in omrelp
this was due to improper parsing of ":"
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=250
- bugfix: TCP connection invalidly aborted when messages needed to be
discarded (due to QUEUE_FULL or similar problem)
- bugfix: $LocalHostName was not honored under all circumstances
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=258
- bugfix(minor): improper template function call in syslogd.c
---------------------------------------------------------------------------
Version 5.8.0 [V5-stable] (rgerhards), 2011-04-12
This is the new v5-stable branch, importing all feature from the 5.7.x
versions. To see what has changed in regard to the previous v5-stable,
check the Changelog for 5.7.x below.
- bugfix: race condition in deferred name resolution
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=238
Special thanks to Marcin for his persistence in helping to solve this
bug.
- bugfix: DA queue was never shutdown once it was started
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=241
---------------------------------------------------------------------------
Version 5.7.10 [V5-BETA] (rgerhards), 2011-03-29
- bugfix: ompgsql did not work properly with ANSI SQL strings
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=229
- bugfix: rsyslog did not build with --disable-regexp configure option
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=243
- bugfix: PRI was invalid on Solaris for message from local log socket
- enhance: added $BOM system property to ease writing byte order masks
- bugfix: RFC5424 parser confused by empty structured data
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=237
- bugfix: error return from strgen caused abort, now causes action to be
ignored (just like a failed filter)
- new sample plugin for a strgen to generate sql statement consumable
by a database plugin
- bugfix: strgen could not be used together with database outputs
because the sql/stdsql option could not be specified. This has been
solved by permitting the strgen to include the opton inside its name.
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=195
---------------------------------------------------------------------------
Version 5.7.9 [V5-BETA] (rgerhards), 2011-03-16
- improved testbench
among others, life tests for ommysql (against a test database) have
been added, valgrind-based testing enhanced, ...
- enhance: fallback *at runtime* to epoll_create if epoll_create1 is not
available. Thanks to Michael Biebl for analysis and patch!
- bugfix: failover did not work correctly if repeated msg reduction was on
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=236
affected directive was: $ActionExecOnlyWhenPreviousIsSuspended on
- bugfix: minor memory leak in omlibdbi (< 1k per instance and run)
- bugfix: (regression) omhdfs did no longer compile
- bugfix: omlibdbi did not use password from rsyslog.conf
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=203
---------------------------------------------------------------------------
Version 5.7.8 [V5-BETA] (rgerhards), 2011-03-09
- systemd support somewhat improved (can now take over existing log sockt)
- bugfix: discard action did not work under some circumstances
fixes: http://bugzilla.adiscon.com/show_bug.cgi?id=217
- bugfix: file descriptor leak in gnutls netstream driver
fixes: http://bugzilla.adiscon.com/show_bug.cgi?id=222
---------------------------------------------------------------------------
Version 5.7.7 [V5-BETA] (rgerhards), 2011-03-02
- bugfix: potential abort condition when $RepeatedMsgReduction set to on
as well as potentially in a number of other places where MsgDup() was
used. This only happened when the imudp input module was used and it
depended on name resolution not yet had taken place. In other words,
this was a strange problem that could lead to hard to diagnose
instability. So if you experience instability, chances are good that
this fix will help.
---------------------------------------------------------------------------
Version 5.7.6 [V5-BETA] (rgerhards), 2011-02-25
- bugfix: fixed a memory leak and potential abort condition
this could happen if multiple rulesets were used and some output batches
contained messages belonging to more than one ruleset.
fixes: http://bugzilla.adiscon.com/show_bug.cgi?id=226
fixes: http://bugzilla.adiscon.com/show_bug.cgi?id=218
- bugfix: memory leak when $RepeatedMsgReduction on was used
bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=225
---------------------------------------------------------------------------
Version 5.7.5 [V5-BETA] (rgerhards), 2011-02-23
- enhance: imfile did not yet support multiple rulesets, now added
we do this directly in the beta because a) it does not affect existing
functionality and b) one may argue that this missing functionality is
close to a bug.
- improved testbench, added tests for imuxsock
- bugfix: imuxsock did no longer sanitize received messages
This was a regression from the imuxsock partial rewrite. Happened
because the message is no longer run through the standard parsers.
bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=224
- bugfix: minor race condition in action.c - considered cosmetic
This is considered cosmetic as multiple threads tried to write exactly
the same value into the same memory location without sync. The method
has been changed so this can no longer happen.
---------------------------------------------------------------------------
Version 5.7.4 [V5-BETA] (rgerhards), 2011-02-17
- added pmsnare parser module (written by David Lang)
- enhanced imfile to support non-cancel input termination
- improved systemd socket activation thanks to Marius Tomaschewski
- improved error reporting for $WorkDirectory
non-existence and other detectable problems are now reported,
and the work directory is NOT set in this case
- bugfix: pmsnare caused abort under some conditions
- bugfix: abort if imfile reads file line of more than 64KiB
Thanks to Peter Eisentraut for reporting and analyzing this problem.
bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=221
- bugfix: queue engine did not properly slow down inputs in FULL_DELAY mode
when in disk-assisted mode. This especially affected imfile, which
created unnecessarily queue files if a large set of input file data was
to process.
- bugfix: very long running actions could prevent shutdown under some
circumstances. This has now been solved, at least for common
situations.
- bugfix: fixed compile problem due to empty structs
this occurred only on some platforms/compilers. thanks to Dražen Kačar
for the fix
---------------------------------------------------------------------------
Version 5.7.3 [V5-BETA] (rgerhards), 2011-02-07
- added support for processing multi-line messages in imfile
- added $IMUDPSchedulingPolicy and $IMUDPSchedulingPriority config settings
- added $LocalHostName config directive
- bugfix: fixed build problems on some platforms
namely those that have 32bit atomic operations but not 64 bit ones
- bugfix: local hostname was pulled too-early, so that some config
directives (namely FQDN settings) did not have any effect
- bugfix: imfile did duplicate messages under some circumstances
- added $OMMySQLConfigFile config directive
- added $OMMySQLConfigSection config directive
---------------------------------------------------------------------------
Version 5.7.2 [V5-DEVEL] (rgerhards), 2010-11-26
- bugfix(important): problem in TLS handling could cause rsyslog to loop
in a tight loop, effectively disabling functionality and bearing the
risk of unresponsiveness of the whole system.
Bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=194
- bugfix: imfile state file was not written when relative file name
for it was specified
- bugfix: compile failed on systems without epoll_create1()
Thanks to David Hill for providing a fix.
- bugfix: atomic increment for msg object may not work correct on all
platforms. Thanks to Chris Metcalf for the patch
- bugfix: replacements for atomic operations for non-int sized types had
problems. At least one instance of that problem could potentially lead
to abort (inside omfile).
---------------------------------------------------------------------------
Version 5.7.1 [V5-DEVEL] (rgerhards), 2010-10-05
- support for Hadoop's HDFS added (via omhdfs)
- imuxsock now optionally use SCM_CREDENTIALS to pull the pid from the log
socket itself
(thanks to Lennart Poettering for the suggesting this feature)
- imuxsock now optionally uses per-process input rate limiting, guarding the
user against processes spamming the system log
(thanks to Lennart Poettering for suggesting this feature)
- added new config statements
* $InputUnixListenSocketUsePIDFromSystem
* $SystemLogUsePIDFromSystem
* $SystemLogRateLimitInterval
* $SystemLogRateLimitBurst
* $SystemLogRateLimitSeverity
* $IMUxSockRateLimitInterval
* $IMUxSockRateLimitBurst
* $IMUxSockRateLimitSeverity
- imuxsock now supports up to 50 different sockets for input
- some code cleanup in imuxsock (consider this a release a major
modification, especially if problems show up)
- bugfix: /dev/log was unlinked even when passed in from systemd
in which case it should be preserved as systemd owns it
---------------------------------------------------------------------------
Version 5.7.0 [V5-DEVEL] (rgerhards), 2010-09-16
- added module impstat to emit periodic statistics on rsyslog counters
- support for systemd officially added
* acquire /dev/log socket optionally from systemd
thanks to Lennart Poettering for this patch
* sd-systemd API added as part of rsyslog runtime library
---------------------------------------------------------------------------
Version 5.6.5 [V5-STABLE] (rgerhards), 2011-03-22
- bugfix: failover did not work correctly if repeated msg reduction was on
affected directive was: $ActionExecOnlyWhenPreviousIsSuspended on
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=236
- bugfix: omlibdbi did not use password from rsyslog.con
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=203
- bugfix(kind of): tell users that config graph can currently not be
generated
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=232
- bugfix: discard action did not work under some circumstances
fixes: http://bugzilla.adiscon.com/show_bug.cgi?id=217
(backport from 5.7.8)
---------------------------------------------------------------------------
Version 5.6.4 [V5-STABLE] (rgerhards), 2011-03-03
- bugfix: potential abort condition when $RepeatedMsgReduction set to on
as well as potentially in a number of other places where MsgDup() was
used. This only happened when the imudp input module was used and it
depended on name resolution not yet had taken place. In other words,
this was a strange problem that could lead to hard to diagnose
instability. So if you experience instability, chances are good that
this fix will help.
- bugfix: fixed a memory leak and potential abort condition
this could happen if multiple rulesets were used and some output batches
contained messages belonging to more than one ruleset.
fixes: http://bugzilla.adiscon.com/show_bug.cgi?id=226
fixes: http://bugzilla.adiscon.com/show_bug.cgi?id=218
- bugfix: memory leak when $RepeatedMsgReduction on was used
bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=225
---------------------------------------------------------------------------
Version 5.6.3 [V5-STABLE] (rgerhards), 2011-01-26
- bugfix: action processor released memory too early, resulting in
potential issue in retry cases (but very unlikely due to another
bug, which I also fixed -- only after the fix this problem here
became actually visible).
- bugfix: batch processing flagged invalid message as "bad" under some
circumstances
- bugfix: uninitialized variable could cause issues under extreme conditions
plus some minor nits. This was found after a clang static code analyzer
analysis (great tool, and special thanks to Marcin for telling me about
it!)
- bugfix: batches which had actions in error were not properly retried in
all cases
- bugfix: imfile did duplicate messages under some circumstances
- bugfix: testbench was not activated if no Java was present on system
... what actually was a left-over. Java is no longer required.
---------------------------------------------------------------------------
Version 5.6.2 [V5-STABLE] (rgerhards), 2010-11-30
- bugfix: compile failed on systems without epoll_create1()
Thanks to David Hill for providing a fix.
- bugfix: atomic increment for msg object may not work correct on all
platforms. Thanks to Chris Metcalf for the patch
- bugfix: replacements for atomic operations for non-int sized types had
problems. At least one instance of that problem could potentially lead
to abort (inside omfile).
- added the $InputFilePersistStateInterval config directive to imfile
- changed imfile so that the state file is never deleted (makes imfile
more robust in regard to fatal failures)
- bugfix: a slightly more informative error message when a TCP
connections is aborted
---------------------------------------------------------------------------
Version 5.6.1 [V5-STABLE] (rgerhards), 2010-11-24
- bugfix(important): problem in TLS handling could cause rsyslog to loop
in a tight loop, effectively disabling functionality and bearing the
risk of unresponsiveness of the whole system.
Bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=194
- permitted imptcp to work on systems which support epoll(), but not
epoll_create().
Bug: http://bugzilla.adiscon.com/show_bug.cgi?id=204
Thanks to Nicholas Brink for reporting this problem.
- bugfix: testbench failed if imptcp was not enabled
- bugfix: segfault when an *empty* template was used
Bug: http://bugzilla.adiscon.com/show_bug.cgi?id=206
Thanks to David Hill for alerting us.
- bugfix: compile failed with --enable-unlimited-select
thanks varmojfekoj for the patch
---------------------------------------------------------------------------
Version 5.6.0 [V5-STABLE] (rgerhards), 2010-10-19
This release brings all changes and enhancements of the 5.5.x series
to the v5-stable branch.
- bugfix: a couple of problems that imfile had on some platforms, namely
Ubuntu (not their fault, but occurred there)
- bugfix: imfile utilizes 32 bit to track offset. Most importantly,
this problem can not experienced on Fedora 64 bit OS (which has
64 bit long's!)
---------------------------------------------------------------------------
Version 5.5.7 [V5-BETA] (rgerhards), 2010-08-09
- changed omudpspoof default spoof address to simplify typical use case
thanks to David Lang for suggesting this
- doc bugfix: pmlastmsg doc samples had errors
- bugfix[minor]: pmrfc3164sd had invalid name (resided in rsyslog name
space, what should not be the case for a contributed module)
- added omuxsock, which permits to write message to local Unix sockets
this is the counterpart to imuxsock, enabling fast local forwarding
---------------------------------------------------------------------------
Version 5.5.6 [DEVEL] (rgerhards), 2010-07-21
- added parser modules
* pmlastmsg, which supports the notoriously malformed "last message
repeated n times" messages from some syslogd's (namely sysklogd)
* pmrfc3164sd (contributed), supports RFC5424 structured data in
RFC3164 messages [untested]
- added new module type "string generator", used to speed up output
processing. Expected speedup for (typical) rsyslog processing is
roughly 5 to 6 percent compared to using string-based templates.
They may also be used to do more complex formatting with custom
C code, what provided greater flexibility and probably far higher
speed, for example if using multiple regular expressions within a
template.
- added 4 string generators for
* RSYSLOG_FileFormat
* RSYSLOG_TraditionalFileFormat
* RSYSLOG_ForwardFormat
* RSYSLOG_TraditionalForwardFormat
- bugfix: mutexes used to simulate atomic instructions were not destructed
- bugfix: regression caused more locking action in msg.c than necessary
- bugfix: "$ActionExecOnlyWhenPreviousIsSuspended on" was broken
- bugfix: segfault on HUP when "HUPIsRestart" was set to "on"
thanks varmojfekoj for the patch
- bugfix: default for $OMFileFlushOnTXEnd was wrong ("off").
This, in default mode, caused buffered writing to be used, what
means that it looked like no output were written or partial
lines. Thanks to Michael Biebl for pointing out this bug.
- bugfix: programname filter in ! configuration can not be reset
Thanks to Kiss Gabor for the patch.
---------------------------------------------------------------------------
Version 5.5.5 [DEVEL] (rgerhards), 2010-05-20
- added new cancel-reduced action thread termination method
We now manage to cancel threads that block inside a retry loop to
terminate without the need to cancel the thread. Avoiding cancellation
helps keep the system complexity minimal and thus provides for better
stability. This also solves some issues with improper shutdown when
inside an action retry loop.
---------------------------------------------------------------------------
Version 5.5.4 [DEVEL] (rgerhards), 2010-05-03
- This version offers full support for Solaris on Intel and Sparc
- bugfix: problems with atomic operations emulation
replaced atomic operation emulation with new code. The previous code
seemed to have some issue and also limited concurrency severely. The
whole atomic operation emulation has been rewritten.
- bugfix: netstream ptcp support class was not correctly build on systems
without epoll() support
- bugfix: segfault on Solaris/Sparc
---------------------------------------------------------------------------
Version 5.5.3 [DEVEL] (rgerhards), 2010-04-09
- added basic but functional support for Solaris
- imported many bugfixes from 3.6.2/4.6.1 (see ChangeLog below!)
- added new property replacer option "date-rfc3164-buggyday" primarily
to ease migration from syslog-ng. See property replacer doc for
details.
- added capability to turn off standard LF delimiter in TCP server
via new directive "$InputTCPServerDisableLFDelimiter on"
- bugfix: failed to compile on systems without epoll support
- bugfix: comment char ('#') in literal terminated script parsing
and thus could not be used.
but tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=119
[merged in from v3.22.2]
- imported patches from 4.6.0:
* improved testbench to contain samples for totally malformed messages
which miss parts of the message content
* bugfix: some malformed messages could lead to a missing LF inside files
or some other missing parts of the template content.
* bugfix: if a message ended immediately with a hostname, the hostname
was mistakenly interpreted as TAG, and localhost be used as hostname
---------------------------------------------------------------------------
Version 5.5.2 [DEVEL] (rgerhards), 2010-02-05
- applied patches that make rsyslog compile under Apple OS X.
Thanks to trey for providing these.
- replaced data type "bool" by "sbool" because this created some
portability issues.
- added $Escape8BitCharactersOnReceive directive
Thanks to David Lang for suggesting it.
- worked around an issue where omfile failed to compile on 32 bit platforms
under some circumstances (this smells like a gcc problem, but a simple
solution was available). Thanks to Kenneth Marshall for some advice.
- extended testbench
---------------------------------------------------------------------------
Version 5.5.1 [DEVEL] (rgerhards), 2009-11-27
- introduced the ability for netstream drivers to utilize an epoll interface
This offers increased performance and removes the select() FDSET size
limit from imtcp. Note that we fall back to select() if there is no
epoll netstream drivers. So far, an epoll driver has only been
implemented for plain tcp syslog, the rest will follow once the code
proves well in practice AND there is demand.
- re-implemented $EscapeControlCharacterTab config directive
Based on Jonathan Bond-Caron's patch for v4. This now also includes some
automated tests.
- bugfix: enabling GSSServer crashes rsyslog startup
Thanks to Tomas Kubina for the patch [imgssapi]
- bugfix (kind of): check if TCP connection is still alive if using TLS
Thanks to Jonathan Bond-Caron for the patch.
---------------------------------------------------------------------------
Version 5.5.0 [DEVEL] (rgerhards), 2009-11-18
- moved DNS resolution code out of imudp and into the backend processing
Most importantly, DNS resolution now never happens if the resolved name
is not required. Note that this applies to imudp - for the other inputs,
DNS resolution almost comes for free, so we do not do it there. However,
the new method has been implemented in a generic way and as such may
also be used by other modules in the future.
- added option to use unlimited-size select() calls
Thanks to varmojfekoj for the patch
This is not done in imudp, as it natively supports epoll().
- doc: improved description of what loadable modules can do
---------------------------------------------------------------------------
Version 5.4.2 [v5-stable] (rgerhards), 2010-03-??
- bugfix(kind of): output plugin retry behavior could cause engine to loop
The rsyslog engine did not guard itself against output modules that do
not properly convey back the tryResume() behavior. This then leads to
what looks like an endless loop. I consider this to be a bug of the
engine not only because it should be hardened against plugin misbehavior,
but also because plugins may not be totally able to avoid this situation
(depending on the type of and processing done by the plugin).
- bugfix: testbench failed when not executed in UTC+1 timezone
accidentally, the time zone information was kept inside some
to-be-checked-for responses
- temporary bugfix replaced by permanent one for
message-induced off-by-one error (potential segfault) (see 4.6.2)
The analysis has been completed and a better fix been crafted and
integrated.
- bugfix(minor): status variable was uninitialized
However, this would have caused harm only if NO parser modules at
all were loaded, which would lead to a defunctional configuration
at all. And, even more important, this is impossible as two parser
modules are built-in and thus can not be "not loaded", so we always
have a minimum of two.
---------------------------------------------------------------------------
Version 5.4.1 [v5-stable] (rgerhards), 2010-03-??
- added new property replacer option "date-rfc3164-buggyday" primarily
to ease migration from syslog-ng. See property replacer doc for
details. [backport from 5.5.3 because urgently needed by some]
- imported all bugfixes vom 4.6.2 (see below)
---------------------------------------------------------------------------
Version 5.4.0 [v5-stable] (rgerhards), 2010-03-08
***************************************************************************
* This is a new stable v5 version. It contains all fixes and enhancements *
* made during the 5.3.x phase as well as those listed below. *
* Note that the 5.2.x series was quite buggy and as such all users are *
* strongly advised to upgrade to 5.4.0. *
***************************************************************************
- bugfix: omruleset failed to work in many cases
bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=179
Thanks to Ryan B. Lynch for reporting this issue.
- bugfix: comment char ('#') in literal terminated script parsing
and thus could not be used.
but tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=119
[merged in from v3.22.2]
---------------------------------------------------------------------------
Version 5.3.7 [BETA] (rgerhards), 2010-01-27
- bugfix: queues in direct mode could case a segfault, especially if an
action failed for action queues. The issue was an invalid increment of
a stack-based pointer which lead to destruction of the stack frame and
thus a segfault on function return.
Thanks to Michael Biebl for alerting us on this problem.
- bugfix: hostname accidentally set to IP address for some message sources,
for example imudp. Thanks to Anton for reporting this bug. [imported v4]
- bugfix: ompgsql had problems with transaction support, what actually
rendered it unusable. Thanks to forum user "horhe" for alerting me
on this bug and helping to debug/fix it! [imported from 5.3.6]
- bugfix: $CreateDirs variable not properly initialized, default thus
was random (but most often "on") [imported from v3]
- bugfix: potential segfaults during queue shutdown
(bugs require certain non-standard settings to appear)
Thanks to varmojfekoj for the patch [imported from 4.5.8]
[backport from 5.5.2]
- bugfix: wrong memory assignment for a config variable (probably
without causing any harm) [backport from 5.2.2]
- bugfix: rsyslog hangs when writing to a named pipe which nobody was
reading. Thanks to Michael Biebl for reporting this bug.
Bugzilla entry: http://bugzilla.adiscon.com/show_bug.cgi?id=169
[imported from 4.5.8]
---------------------------------------------------------------------------
Version 5.3.6 [BETA] (rgerhards), 2010-01-13
- bugfix: ompgsql did not properly check the server connection in
tryResume(), which could lead to rsyslog running in a tight loop
- bugfix: suspension during beginTransaction() was not properly handled
by rsyslog core
- bugfix: omfile output was only written when buffer was full, not at
end of transaction
- bugfix: commit transaction was not properly conveyed to message layer,
potentially resulting in non-message destruction and thus hangs
- bugfix: enabling GSSServer crashes rsyslog startup
Thanks to Tomas Kubina for the patch [imgssapi]
- bugfix (kind of): check if TCP connection is still alive if using TLS
Thanks to Jonathan Bond-Caron for the patch.
- bugfix: $CreateDirs variable not properly initialized, default thus
was random (but most often "on") [imported from v3]
- bugfix: ompgsql had problems with transaction support, what actually
rendered it unusable. Thanks to forum user "horhe" for alerting me
on this bug and helping to debug/fix it!
- bugfix: memory leak when sending messages in zip-compressed format
Thanks to Naoya Nakazawa for analyzing this issue and providing a patch.
- worked around an issue where omfile failed to compile on 32 bit platforms
under some circumstances (this smells like a gcc problem, but a simple
solution was available). Thanks to Kenneth Marshall for some advice.
[backported from 5.5.x branch]
---------------------------------------------------------------------------
Version 5.3.5 [BETA] (rgerhards), 2009-11-13
- some light performance enhancement by replacing time() call with much
faster (at least under linux) gettimeofday() calls.
- some improvement of omfile performance with dynafiles
saved costly time() calls by employing a logical clock, which is
sufficient for the use case
- bugfix: omudpspoof miscalculated source and destination ports
while this was probably not noticed for source ports, it resulted in
almost all destination ports being wrong, except for the default port
of 514, which by virtue of its binary representation was calculated
correct (and probably thus the bug not earlier detected).
- bugfixes imported from earlier releases
* bugfix: named pipes did no longer work (they always got an open error)
this was a regression from the omfile rewrite in 4.5.0
* bugfix(testbench): sequence check was not always performed correctly,
that could result in tests reporting success when they actually failed
- improved testbench: added tests for UDP forwarding and omudpspoof
- doc bugfix: omudpspoof had wrong config command names ("om" missing)
- bugfix [imported from 4.4.3]: $ActionExecOnlyOnceEveryInterval did
not work.
- [inport v4] improved testbench, contains now tcp and gzip test cases
- [import v4] added a so-called "On Demand Debug" mode, in which debug
output can be generated only after the process has started, but not right
from the beginning. This is assumed to be useful for hard-to-find bugs.
Also improved the doc on the debug system.
- bugfix: segfault on startup when -q or -Q option was given
[imported from v3-stable]
---------------------------------------------------------------------------
Version 5.3.4 [DEVEL] (rgerhards), 2009-11-04
- added the ability to create custom message parsers
- added $RulesetParser config directive that permits to bind specific
parsers to specific rulesets
- added omruleset output module, which provides great flexibility in
action processing. THIS IS A VERY IMPORTANT ADDITION, see its doc
for why.
- added the capability to have ruleset-specific main message queues
This offers considerable additional flexibility AND superior performance
(in cases where multiple inputs now can avoid lock contention)
- bugfix: correct default for escape ('#') character restored
This was accidentally changed to '\\', thanks to David Lang for reporting
- bugfix(testbench): testcase did not properly wait for rsyslogd shutdown
thus some unpredictable behavior and a false negative test result
could occur.
---------------------------------------------------------------------------
Version 5.3.3 [DEVEL] (rgerhards), 2009-10-27
- simplified and thus speeded up the queue engine, also fixed some
potential race conditions (in very unusual shutdown conditions)
along the way. The threading model has seriously changes, so there may
be some regressions.
- enhanced test environment (including testbench): support for enhancing
probability of memory addressing failure by using non-NULL default
value for malloced memory (optional, only if requested by configure
option). This helps to track down some otherwise undetected issues
within the testbench.
- bugfix: potential abort if inputname property was not set
primarily a problem of imdiag
- bugfix: message processing states were not set correctly in all cases
however, this had no negative effect, as the message processing state
was not evaluated when a batch was deleted, and that was the only case
where the state could be wrong.
---------------------------------------------------------------------------
Version 5.3.2 [DEVEL] (rgerhards), 2009-10-21
- enhanced omfile to support transactional interface. This will increase
performance in many cases.
- added multi-ruleset support to imudp
- re-enabled input thread termination handling that does avoid thread
cancellation where possible. This provides a more reliable mode of
rsyslogd termination (canceling threads my result in not properly
freed resources and potential later hangs, even though we perform
proper cancel handling in our code). This is part of an effort to
reduce thread cancellation as much as possible in rsyslog.
NOTE: the code previously written code for this functionality had a
subtle race condition. The new code solves that.
- enhanced immark to support non-cancel input module termination
- improved imudp so that epoll can be used in more environments,
fixed potential compile time problem if EPOLL_CLOEXEC is not available.
- some cleanup/slight improvement:
* changed imuxsock to no longer use deprecated submitAndParseMsg() IF
* changed submitAndParseMsg() interface to be a wrapper around the new
way of message creation/submission. This enables older plugins to be
used together with the new interface. The removal also enables us to
drop a lot of duplicate code, reducing complexity and increasing
maintainability.
- bugfix: segfault when starting up with an invalid .qi file for a disk queue
Failed for both pure disk as well as DA queues. Now, we emit an error
message and disable disk queueing facility.
- bugfix: potential segfault on messages with empty MSG part. This was a
recently introduced regression.
- bugfix: debug string larger than 1K were improperly displayed. Max size
is now 32K, and if a string is even longer it is meaningfully truncated.
---------------------------------------------------------------------------
Version 5.3.1 [DEVEL] (rgerhards), 2009-10-05
- added $AbortOnUncleanConfig directive - permits to prevent startup when
there are problems with the configuration file. See it's doc for
details.
- included some important fixes from v4-stable:
* bugfix: invalid handling of zero-sized messages
* bugfix: zero-sized UDP messages are no longer processed
* bugfix: random data could be appended to message
* bugfix: reverse lookup reduction logic in imudp do DNS queries too often
- bugfixes imported from 4.5.4:
* bugfix: potential segfault in stream writer on destruction
* bugfix: potential race in object loader (obj.c) during use/release
* bugfixes: potential problems in out file zip writer
---------------------------------------------------------------------------
Version 5.3.0 [DEVEL] (rgerhards), 2009-09-14
- begun to add simple GUI programs to gain insight into running rsyslogd
instances and help setup and troubleshooting (active via the
--enable-gui ./configure switch)
- changed imudp to utilize epoll(), where available. This shall provide
slightly better performance (just slightly because we called select()
rather infrequently on a busy system)
---------------------------------------------------------------------------
Version 5.2.2 [v5-stable] (rgerhards), 2009-11-??
- bugfix: enabling GSSServer crashes rsyslog startup
Thanks to Tomas Kubina for the patch [imgssapi]
---------------------------------------------------------------------------
Version 5.2.1 [v5-stable] (rgerhards), 2009-11-02
- bugfix [imported from 4.4.3]: $ActionExecOnlyOnceEveryInterval did
not work.
- bugfix: segfault on startup when -q or -Q option was given
[imported from v3-stable]
---------------------------------------------------------------------------
Version 5.2.0 [v5-stable] (rgerhards), 2009-11-02
This is a re-release of version 5.1.6 as stable after we did not get any bug
reports during the whole beta phase. Still, this first v5-stable may not be
as stable as one hopes for, I am not sure if we did not get bug reports
just because nobody tried it. Anyhow, we need to go forward and so we
have the initial v5-stable.
---------------------------------------------------------------------------
Version 5.1.6 [v5-beta] (rgerhards), 2009-10-15
- feature imports from v4.5.6
- bugfix: potential race condition when queue worker threads were
terminated
- bugfix: solved potential (temporary) stall of messages when the queue was
almost empty and few new data added (caused testbench to sometimes hang!)
- fixed some race condition in testbench
- added more elaborate diagnostics to parts of the testbench
- bugfixes imported from 4.5.4:
* bugfix: potential segfault in stream writer on destruction
* bugfix: potential race in object loader (obj.c) during use/release
* bugfixes: potential problems in out file zip writer
- included some important fixes from 4.4.2:
* bugfix: invalid handling of zero-sized messages
* bugfix: zero-sized UDP messages are no longer processed
* bugfix: random data could be appended to message
* bugfix: reverse lookup reduction logic in imudp do DNS queries too often
---------------------------------------------------------------------------
Version 5.1.5 [v5-beta] (rgerhards), 2009-09-11
- added new config option $ActionWriteAllMarkMessages
this option permits to process mark messages under all circumstances,
even if an action was recently called. This can be useful to use mark
messages as a kind of heartbeat.
- added new config option $InputUnixListenSocketCreatePath
to permit the auto-creation of paths to additional log sockets. This
turns out to be useful if they reside on temporary file systems and
rsyslogd starts up before the daemons that create these sockets
(rsyslogd always creates the socket itself if it does not exist).
- added $LogRSyslogStatusMessages configuration directive
permitting to turn off rsyslog start/stop/HUP messages. See Debian
ticket http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463793
- bugfix: hostnames with dashes in them were incorrectly treated as
malformed, thus causing them to be treated as TAG (this was a regression
introduced from the "rfc3164 strict" change in 4.5.0). Testbench has been
updated to include a sample message with a hostname containing a dash.
- bugfix: strings improperly reused, resulting in some message properties
be populated with strings from previous messages. This was caused by
an improper predicate check.
- added new config directive $omfileForceChown [import from 4.7.0]
---------------------------------------------------------------------------
Version 5.1.4 [DEVEL] (rgerhards), 2009-08-20
- legacy syslog parser changed so that it now accepts date stamps in
wrong case. Some devices seem to create them and I do not see any harm
in supporting that.
- added $InputTCPMaxListeners directive - permits to specify how many
TCP servers shall be possible (default is 20).
- bugfix: memory leak with some input modules. Those inputs that
use parseAndSubmitMsg() leak two small memory blocks with every message.
Typically, those process only relatively few messages, so the issue
does most probably not have any effect in practice.
- bugfix: if tcp listen port could not be created, no error message was
emitted
- bugfix: discard action did not work (did not discard messages)
- bugfix: discard action caused segfault
- bugfix: potential segfault in output file writer (omfile)
In async write mode, we use modular arithmetic to index the output
buffer array. However, the counter variables accidentally were signed,
thus resulting in negative indices after integer overflow. That in turn
could lead to segfaults, but was depending on the memory layout of
the instance in question (which in turn depended on a number of
variables, like compile settings but also configuration). The counters
are now unsigned (as they always should have been) and so the dangling
mis-indexing does no longer happen. This bug potentially affected all
installations, even if only some may actually have seen a segfault.
---------------------------------------------------------------------------
Version 5.1.3 [DEVEL] (rgerhards), 2009-07-28
- architecture change: queue now always has at least one worker thread
if not running in direct mode. Previous versions could run without
any active workers. This simplifies the code at a very small expense.
See v5 compatibility note document for more in-depth discussion.
- enhance: UDP spoofing supported via new output module omudpspoof
See the omudpspoof documentation for details and samples
- bugfix: message could be truncated after TAG, often when forwarding
This was a result of an internal processing error if maximum field
sizes had been specified in the property replacer.
- bugfix: minor static memory leak while reading configuration
did NOT leak based on message volume
- internal: added ability to terminate input modules not via pthread_cancel
but an alternate approach via pthread_kill. This is somewhat safer as we
do not need to think about the cancel-safeness of all libraries we use.
However, not all inputs can easily supported, so this now is a feature
that can be requested by the input module (the most important ones
request it).
---------------------------------------------------------------------------
Version 5.1.2 [DEVEL] (rgerhards), 2009-07-08
- bugfix: properties inputname, fromhost, fromhost-ip, msg were lost when
working with disk queues
- some performance enhancements
- bugfix: abort condition when RecvFrom was not set and message reduction
was on. Happened e.g. with imuxsock.
- added $klogConsoleLogLevel directive which permits to set a new
console log level while rsyslog is active
- some internal code cleanup
---------------------------------------------------------------------------
Version 5.1.1 [DEVEL] (rgerhards), 2009-07-03
- bugfix: huge memory leak in queue engine (made rsyslogd unusable in
production). Occurred if at least one queue was in direct mode
(the default for action queues)
- imported many performance optimizations from v4-devel (4.5.0)
- bugfix: subtle (and usually irrelevant) issue in timeout processing
timeout could be one second too early if nanoseconds wrapped
- set a more sensible timeout for shutdown, now 1.5 seconds to complete
processing (this also removes those cases where the shutdown message
was not written because the termination happened before it)
---------------------------------------------------------------------------
Version 5.1.0 [DEVEL] (rgerhards), 2009-05-29
*********************************** NOTE **********************************
The v5 versions of rsyslog feature a greatly redesigned queue engine. The
major theme for the v5 release is twofold:
a) greatly improved performance
b) enable audit-grade processing
Here, audit-grade processing means that rsyslog, if used together with
audit-grade transports and configured correctly, will never lose messages
that already have been acknowledged, not even in fatal failure cases like
sudden loss of power.
Note that large parts of rsyslog's important core components have been
restructured to support these design goals. As such, early versions of
the engine will probably be less stable than the v3/v4 engine.
Also note that the initial versions do not cover all and everything. As
usual, the code will evolve toward the final goal as version numbers
increase.
*********************************** NOTE **********************************
- redesigned queue engine so that it supports ultra-reliable operations
This resulted in a rewrite of large parts. The new capability can be
used to build audit-grade systems on the basis of rsyslog.
- added $MainMsgQueueDequeueBatchSize and $ActionQueueDequeueBatchSize
configuration directives
- implemented a new transactional output module interface which provides
superior performance (for databases potentially far superior performance)
- increased ompgsql performance by adapting to new transactional
output module interface
---------------------------------------------------------------------------
Version 4.8.1 [v4-stable], 2011-09-??
- increased max config file line size to 64k
We now also emit an error message if even 64k is not enough (not
doing so previously may rightfully be considered as a bug)
- bugfix: omprog made rsyslog abort on startup if not binary to
execute was configured
- bugfix: $ActionExecOnlyOnce interval did not work properly
Thanks to Tomas Heinrich for the patch
- bugfix: potential abort if ultra-large file io buffers are used and
dynafile cache exhausts address space (primarily a problem on 32 bit
platforms)
- bugfix: potential abort after reading invalid X.509 certificate
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=290
Thanks to Tomas Heinrich for the patch.
- bugfix: potential fatal abort in omgssapi
Thanks to Tomas Heinrich for the patch.
- added doc for omprog
- FQDN hostname for multihomed host was not always set to the correct name
if multiple aliases existed. Thanks to Tomas Heinreich for the patch.
- re-licensed larger parts of the codebase under the Apache license 2.0
---------------------------------------------------------------------------
Version 4.8.0 [v4-stable] (rgerhards), 2011-09-07
***************************************************************************
* This is a new stable v4 version. It contains all fixes and enhancements *
* made during the 4.7.x phase as well as those listed below. *
* Note: major new development to v4 is concluded and will only be done *
* for custom projects. *
***************************************************************************
There are no changes compared to 4.7.5, just a re-release with the new
version number as new v4-stable. The most important new feature is Solaris
support.
---------------------------------------------------------------------------
Version 4.7.5 [v4-beta], 2011-09-01
- bugfix/security: off-by-two bug in legacy syslog parser, CVE-2011-3200
- bugfix: potential misaddressing in property replacer
- bugfix: The NUL-Byte for the syslogtag was not copied in MsgDup (msg.c)
---------------------------------------------------------------------------
Version 4.7.4 [v4-beta] (rgerhards), 2011-07-11
- added support for the ":omusrmsg:" syntax in configuring user messages
- added support for the ":omfile:" syntax in configuring user messages
- added $LocalHostName config directive
- bugfix: PRI was invalid on Solaris for message from local log socket
Version 4.7.3 [v4-devel] (rgerhards), 2010-11-25
- added omuxsock, which permits to write message to local Unix sockets
this is the counterpart to imuxsock, enabling fast local forwarding
- added imptcp, a simplified, Linux-specific and potentially fast
syslog plain tcp input plugin (NOT supporting TLS!)
- bugfix: a couple of problems that imfile had on some platforms, namely
Ubuntu (not their fault, but occurred there)
- bugfix: imfile utilizes 32 bit to track offset. Most importantly,
this problem can not experienced on Fedora 64 bit OS (which has
64 bit long's!)
- added the $InputFilePersistStateInterval config directive to imfile
- changed imfile so that the state file is never deleted (makes imfile
more robust in regard to fatal failures)
---------------------------------------------------------------------------
Version 4.7.2 [v4-devel] (rgerhards), 2010-05-03
- bugfix: problems with atomic operations emulation
replaced atomic operation emulation with new code. The previous code
seemed to have some issue and also limited concurrency severely. The
whole atomic operation emulation has been rewritten.
- added new $Sleep directive to hold processing for a couple of seconds
during startup
- bugfix: programname filter in ! configuration can not be reset
Thanks to Kiss Gabor for the patch.
---------------------------------------------------------------------------
Version 4.7.1 [v4-devel] (rgerhards), 2010-04-22
- Solaris support much improved -- was not truly usable in 4.7.0
Solaris is no longer supported in imklog, but rather there is a new
plugin imsolaris, which is used to pull local log sources on a Solaris
machine.
- testbench improvement: Java is no longer needed for testing tool creation
---------------------------------------------------------------------------
Version 4.7.0 [v4-devel] (rgerhards), 2010-04-14
- new: support for Solaris added (but not yet the Solaris door API)
- added function getenv() to RainerScript
- added new config option $InputUnixListenSocketCreatePath
to permit the auto-creation of paths to additional log sockets. This
turns out to be useful if they reside on temporary file systems and
rsyslogd starts up before the daemons that create these sockets
(rsyslogd always creates the socket itself if it does not exist).
- added $LogRSyslogStatusMessages configuration directive
permitting to turn off rsyslog start/stop/HUP messages. See Debian
ticket http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463793
- added new config directive $omfileForceChown to (try to) fix some broken
system configs.
See ticket for details: http://bugzilla.adiscon.com/show_bug.cgi?id=150
- added $EscapeControlCharacterTab config directive
Thanks to Jonathan Bond-Caron for the patch.
- added option to use unlimited-size select() calls
Thanks to varmojfekoj for the patch
- debugondemand mode caused backgrounding to fail - close to a bug, but I'd
consider the ability to background in this mode a new feature...
- bugfix (kind of): check if TCP connection is still alive if using TLS
Thanks to Jonathan Bond-Caron for the patch.
- imported changes from 4.5.7 and below
- bugfix: potential segfault when -p command line option was used
Thanks for varmojfekoj for pointing me at this bug.
- imported changes from 4.5.6 and below
---------------------------------------------------------------------------
Version 4.6.8 [v4-stable] (rgerhards), 2011-09-01
- bugfix/security: off-by-two bug in legacy syslog parser, CVE-2011-3200
- bugfix: potential misaddressing in property replacer
- bugfix: memcpy overflow can occur in allowed sender checking
if a name is resolved to IPv4-mapped-on-IPv6 address
Found by Ismail Dönmez at suse
- bugfix: The NUL-Byte for the syslogtag was not copied in MsgDup (msg.c)
---------------------------------------------------------------------------
Version 4.6.7 [v4-stable] (rgerhards), 2011-07-11
- added support for the ":omusrmsg:" syntax in configuring user messages
- added support for the ":omfile:" syntax for actions
---------------------------------------------------------------------------
Version 4.6.6 [v4-stable] (rgerhards), 2011-06-24
- bugfix: memory leak in imtcp & subsystems under some circumstances
This leak is tied to error conditions which lead to incorrect cleanup
of some data structures. [backport from v6, limited testing under v4]
- bugfix: invalid processing in QUEUE_FULL condition
If the the multi-submit interface was used and a QUEUE_FULL condition
occurred, the failed message was properly destructed. However, the
rest of the input batch, if it existed, was not processed. So this
lead to potential loss of messages and a memory leak. The potential
loss of messages was IMHO minor, because they would have been dropped
in most cases due to the queue remaining full, but very few lucky ones
from the batch may have made it. Anyhow, this has now been changed so
that the rest of the batch is properly tried to be enqueued and, if
not possible, destructed.
- bugfix: invalid storage type for config variables
- bugfix: stream driver mode was not correctly set on tcp output on big
endian systems.
thanks varmojfekoj for the patch
- bugfix: IPv6-address could not be specified in omrelp
this was due to improper parsing of ":"
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=250
- bugfix: memory and file descriptor leak in stream processing
Leaks could occur under some circumstances if the file stream handler
errored out during the open call. Among others, this could cause very
big memory leaks if there were a problem with unreadable disk queue
files. In regard to the memory leak, this
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=256
- bugfix: imfile potentially duplicates lines
This can happen when 0 bytes are read from the input file, and some
writer appends data to the file BEFORE we check if a rollover happens.
The check for rollover uses the inode and size as a criterion. So far,
we checked for equality of sizes, which is not given in this scenario,
but that does not indicate a rollover. From the source code comments:
Note that when we check the size, we MUST NOT check for equality.
The reason is that the file may have been written right after we
did try to read (so the file size has increased). That is NOT in
indicator of a rollover (this is an actual bug scenario we
experienced). So we need to check if the new size is smaller than
what we already have seen!
Also, under some circumstances an invalid truncation was detected. This
code has now been removed, a file change (and thus resent) is only
detected if the inode number changes.
- bugfix: a couple of problems that imfile had on some platforms, namely
Ubuntu (not their fault, but occurred there)
- bugfix: imfile utilizes 32 bit to track offset. Most importantly,
this problem can not experienced on Fedora 64 bit OS (which has
64 bit long's!)
- bugfix: abort if imfile reads file line of more than 64KiB
Thanks to Peter Eisentraut for reporting and analyzing this problem.
bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=221
- bugfix: omlibdbi did not use password from rsyslog.con
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=203
- bugfix: TCP connection invalidly aborted when messages needed to be
discarded (due to QUEUE_FULL or similar problem)
- bugfix: a slightly more informative error message when a TCP
connections is aborted
- bugfix: timestamp was incorrectly calculated for timezones with minute
offset
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=271
- some improvements thanks to clang's static code analyzer
o overall cleanup (mostly unnecessary writes and otherwise unused stuff)
o bugfix: fixed a very remote problem in msg.c which could occur when
running under extremely low memory conditions
---------------------------------------------------------------------------
Version 4.6.5 [v4-stable] (rgerhards), 2010-11-24
- bugfix(important): problem in TLS handling could cause rsyslog to loop
in a tight loop, effectively disabling functionality and bearing the
risk of unresponsiveness of the whole system.
Bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=194
---------------------------------------------------------------------------
Version 4.6.4 [v4-stable] (rgerhards), 2010-08-05
- bugfix: zero-sized (empty) messages were processed by imtcp
they are now dropped as they always should have been
- bugfix: programname filter in ! configuration can not be reset
Thanks to Kiss Gabor for the patch.
---------------------------------------------------------------------------
Version 4.6.3 [v4-stable] (rgerhards), 2010-07-07
- improved testbench
- added test with truly random data received via syslog to test
robustness
- added new configure option that permits to disable and enable an
extended testbench
- bugfix: segfault on HUP when "HUPIsRestart" was set to "on"
thanks varmojfekoj for the patch
- bugfix: default for $OMFileFlushOnTXEnd was wrong ("off").
This, in default mode, caused buffered writing to be used, what
means that it looked like no output were written or partial
lines. Thanks to Michael Biebl for pointing out this bug.
- bugfix: testbench failed when not executed in UTC+1 timezone
accidentally, the time zone information was kept inside some
to-be-checked-for responses
- temporary bugfix replaced by permanent one for
message-induced off-by-one error (potential segfault) (see 4.6.2)
The analysis has been completed and a better fix been crafted and
integrated.
- bugfix: the T/P/E config size specifiers did not work properly under
all 32-bit platforms
- bugfix: local unix system log socket was deleted even when it was
not configured
- some doc fixes; incorrect config samples could cause confusion
thanks to Anthony Edwards for pointing the problems out
---------------------------------------------------------------------------
Version 4.6.2 [v4-stable] (rgerhards), 2010-03-26
- new feature: "." action type added to support writing files to relative
paths (this is primarily meant as a debug aid)
- added replacements for atomic instructions on systems that do not
support them. [backport of Stefen Sledz' patch for v5)
- new feature: $OMFileAsyncWriting directive added
it permits to specify if asynchronous writing should be done or not
- bugfix(temporary): message-induced off-by-one error (potential segfault)
Some types of malformed messages could trigger an off-by-one error
(for example, \0 or \n as the last character, and generally control
character escaption is questionable). This is due to not strictly
following a the \0 or string counted string paradigm (during the last
optimization on the cstring class). As a temporary fix, we have
introduced a proper recalculation of the size. However, a final
patch is expected in the future. See bug tracker for further details
and when the final patch will be available:
http://bugzilla.adiscon.com/show_bug.cgi?id=184
Note that the current patch is considered sufficient to solve the
situation, but it requires a bit more runtime than desirable.
- bugfix: potential segfault in dynafile cache
This bug was triggered by an open failure. The the cache was full and
a new entry needed to be placed inside it, a victim for eviction was
selected. That victim was freed, then the open of the new file tried. If
the open failed, the victim entry was still freed, and the function
exited. However, on next invocation and cache search, the victim entry
was used as if it were populated, most probably resulting in a segfault.
- bugfix: race condition during directory creation
If multiple files try to create a directory at (almost) the same time,
some of them may fail. This is a data race and also exists with other
processes that may create the same directory. We do now check for this
condition and gracefully handle it.
- bugfix: potential re-use of free()ed file stream object in omfile
when dynaCache is enabled, the cache is full, a new entry needs to
be allocated, thus the LRU discarded, then a new entry is opend and that
fails. In that case, it looks like the discarded stream may be reused
improperly (based on code analysis, test case and confirmation pending)
- added new property replacer option "date-rfc3164-buggyday" primarily
to ease migration from syslog-ng. See property replacer doc for
details. [backport from 5.5.3 because urgently needed by some]
- improved testbench
- bugfix: invalid buffer write in (file) stream class
currently being accessed buffer could be overwritten with new data.
While this probably did not cause access violations, it could case loss
and/or duplication of some data (definitely a race with no deterministic
outcome)
- bugfix: potential hang condition during filestream close
predicate was not properly checked when waiting for the background file
writer
- bugfix: improper synchronization when "$OMFileFlushOnTXEnd on" was used
Internal data structures were not properly protected due to missing
mutex calls.
- bugfix: potential data loss during file stream shutdown
- bugfix: potential problems during file stream shutdown
The shutdown/close sequence was not clean, what potentially (but
unlikely) could lead to some issues. We have not been able to describe
any fatal cases, but there was some bug potential. Sequence has now
been straighted out.
- bugfix: potential problem (loop, abort) when file write error occurred
When a write error occurred in stream.c, variable iWritten had the error
code but this was handled as if it were the actual number of bytes
written. That was used in pointer arithmetic later on, and thus could
lead to all sorts of problems. However, this could only happen if the
error was EINTR or the file in question was a tty. All other cases were
handled properly. Now, iWritten is reset to zero in such cases, resulting
in proper retries.
- bugfix: $omfileFlushOnTXEnd was turned on when set to off and vice
versa due to an invalid check
- bugfix: recent patch to fix small memory leak could cause invalid free.
This could only happen during config file parsing.
- bugfix(minor): handling of extremely large strings in dbgprintf() fixed
Previously, it could lead to garbage output and, in extreme cases, also
to segfaults. Note: this was a problem only when debug output was
actually enabled, so it caused no problem in production use.
- bugfix(minor): BSD_SO_COMPAT query function had some global vars not
properly initialized. However, in practice the loader initializes them
with zero, the desired value, so there were no actual issue in almost
all cases.
---------------------------------------------------------------------------
Version 4.6.1 [v4-stable] (rgerhards), 2010-03-04
- re-enabled old pipe output (using new module ompipe, built-in) after
some problems with pipes (and especially in regard to xconsole) were
discovered. Thanks to Michael Biebl for reporting the issues.
- bugfix: potential problems with large file support could cause segfault
... and other weird problems. This seemed to affect 32bit-platforms
only, but I can not totally outrule there were issues on other
platforms as well. The previous code could cause system data types
to be defined inconsistently, and that could lead to various
troubles. Special thanks go to the Mandriva team for identifying
an initial problem, help discussing it and ultimately a fix they
contributed.
- bugfix: fixed problem that caused compilation on FreeBSD 9.0 to fail.
bugtracker: http://bugzilla.adiscon.com/show_bug.cgi?id=181
Thanks to Christiano for reporting.
- bugfix: potential segfault in omfile when a dynafile open failed
In that case, a partial cache entry was written, and some internal
pointers (iCurrElt) not correctly updated. In the next iteration, that
could lead to a segfault, especially if iCurrElt then points to the
then-partial record. Not very likely, but could happen in practice.
- bugfix (theoretical): potential segfault in omfile under low memory
condition. This is only a theoretical bug, because it would only
happen when strdup() fails to allocate memory - which is highly
unlikely and will probably lead to all other sorts of errors.
- bugfix: comment char ('#') in literal terminated script parsing
and thus could not be used.
but tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=119
[merged in from v3.22.2]
---------------------------------------------------------------------------
Version 4.6.0 [v4-stable] (rgerhards), 2010-02-24
***************************************************************************
* This is a new stable v4 version. It contains all fixes and enhancements *
* made during the 4.5.x phase as well as those listed below. *
* Note: this version is scheduled to conclude the v4 development process. *
* Do not expect any more new developments in v4. The focus is now *
* on v5 (what also means we have a single devel branch again). *
* ("development" means new feature development, bug fixes are of *
* course provided for v4-stable) *
***************************************************************************
- improved testbench to contain samples for totally malformed messages
which miss parts of the message content
- bugfix: some malformed messages could lead to a missing LF inside files
or some other missing parts of the template content.
- bugfix: if a message ended immediately with a hostname, the hostname
was mistakenly interpreted as TAG, and localhost be used as hostname
- bugfix: message without MSG part could case a segfault
[backported from v5 commit 98d1ed504ec001728955a5bcd7916f64cd85f39f]
This actually was a "recent" regression, but I did not realize that it
was introduced by the performance optimization in v4-devel. Shame on
me for having two devel versions at the same time...
---------------------------------------------------------------------------
Version 4.5.8 [v4-beta] (rgerhards), 2010-02-10
- enhanced doc for using PostgreSQL
Thanks to Marc Schiffbauer for the new/updated doc
- bugfix: property replacer returned invalid parameters under some (unusual)
conditions. In extreme cases, this could lead to garbled logs and/or
a system failure.
- bugfix: invalid length returned (often) when using regular expressions
inside the property replacer
- bugfix: submatch regex in property replacer did not honor "return 0 on
no match" config case
- bugfix: imuxsock incorrectly stated inputname "imudp"
Thanks to Ryan Lynch for reporting this.
- (slightly) enhanced support for FreeBSD by setting _PATH_MODDIR to
the correct value on FreeBSD.
Thanks to Cristiano for the patch.
- bugfix: -d did not enable display of debug messages
regression from introduction of "debug on demand" mode
Thanks to Michael Biebl for reporting this bug
- bugfix: blanks inside file names did not terminate file name parsing.
This could result in the whole rest of a line (including comments)
to be treated as file name in "write to file" actions.
Thanks to Jack for reporting this issue.
- bugfix: rsyslog hang when writing to a named pipe which nobody was
reading. Thanks to Michael Biebl for reporting this bug.
Bugzilla entry: http://bugzilla.adiscon.com/show_bug.cgi?id=169
- bugfix: potential segfaults during queue shutdown
(bugs require certain non-standard settings to appear)
Thanks to varmojfekoj for the patch
---------------------------------------------------------------------------
Version 4.5.7 [v4-beta] (rgerhards), 2009-11-18
- added a so-called "On Demand Debug" mode, in which debug output can
be generated only after the process has started, but not right from
the beginning. This is assumed to be useful for hard-to-find bugs.
Also improved the doc on the debug system.
- bugfix (kind of): check if TCP connection is still alive if using TLS
Thanks to Jonathan Bond-Caron for the patch.
- bugfix: hostname accidentally set to IP address for some message sources,
for example imudp. Thanks to Anton for reporting this bug.
- bugfix [imported from 4.4.3]: $ActionExecOnlyOnceEveryInterval did
not work.
---------------------------------------------------------------------------
Version 4.5.6 [v4-beta] (rgerhards), 2009-11-05
- bugfix: named pipes did no longer work (they always got an open error)
this was a regression from the omfile rewrite in 4.5.0
- bugfix(minor): diag function returned wrong queue member count
for the main queue if an active DA queue existed. This had no relevance
to real deployments (assuming they are not running the debug/diagnostic
module...), but sometimes caused grief and false alerts in the
testbench.
- included some important fixes from v4-stable:
* bugfix: invalid handling of zero-sized messages
* bugfix: zero-sized UDP messages are no longer processed
* bugfix: random data could be appended to message
* bugfix: reverse lookup reduction logic in imudp do DNS queries too often
- bugfix(testbench): testcase did not properly wait for rsyslog shutdown
thus some unpredictable behavior and a false negative test result
could occur. [BACKPORTED from v5]
- bugfix(testbench): sequence check was not always performed correctly,
that could result in tests reporting success when they actually failed
---------------------------------------------------------------------------
Version 4.5.5 [v4-beta] (rgerhards), 2009-10-21
- added $InputTCPServerNotifyOnConnectionClose config directive
see doc for details
- bugfix: debug string larger than 1K were improperly displayed. Max size
is now 32K
- bugfix: invalid storage class selected for some size config parameters.
This resulted in wrong values. The most prominent victim was the
directory creation mode, which was set to zero in some cases. For
details, see related blog post:
http://blog.gerhards.net/2009/10/another-note-on-hard-to-find-bugs.html
---------------------------------------------------------------------------
Version 4.5.4 [v4-beta] (rgerhards), 2009-09-29
- bugfix: potential segfault in stream writer on destruction
Most severely affected omfile. The problem was that some buffers were
freed before the asynchronous writer thread was shut down. So the
writer thread accessed invalid data, which may even already be
overwritten. Symptoms (with omfile) were segfaults, garbled data
and files with random names placed around the file system (most
prominently into the root directory). Special thanks to Aaron for
helping to track this down.
- bugfix: potential race in object loader (obj.c) during use/release
of object interface
- bugfixes: potential problems in out file zip writer. Problems could
lead to abort and/or memory leak. The module is now hardened in a very
conservative way, which is sub-optimal from a performance point of view.
This should be improved if it has proven reliable in practice.
---------------------------------------------------------------------------
Version 4.5.3 [v4-beta] (rgerhards), 2009-09-17
- bugfix: repeated messages were incorrectly processed
this could lead to loss of the repeated message content. As a side-
effect, it could probably also be possible that some segfault occurs
(quite unlikely). The root cause was that some counters introduced
during the malloc optimizations were not properly duplicated in
MsgDup(). Note that repeated message processing is not enabled
by default.
- bugfix: message sanitation had some issues:
- control character DEL was not properly escaped
- NUL and LF characters were not properly stripped if no control
character replacement was to be done
- NUL characters in the message body were silently dropped (this was
a regression introduced by some of the recent optimizations)
- bugfix: strings improperly reused, resulting in some message properties
be populated with strings from previous messages. This was caused by
an improper predicate check. [backported from v5]
- fixed some minor portability issues
- bugfix: reverse lookup reduction logic in imudp do DNS queries too often
[imported from 4.4.2]
---------------------------------------------------------------------------
Version 4.5.2 [v4-beta] (rgerhards), 2009-08-21
- legacy syslog parser changed so that it now accepts date stamps in
wrong case. Some devices seem to create them and I do not see any harm
in supporting that.
- added $InputTCPMaxListeners directive - permits to specify how many
TCP servers shall be possible (default is 20).
- bugfix: memory leak with some input modules. Those inputs that
use parseAndSubmitMsg() leak two small memory blocks with every message.
Typically, those process only relatively few messages, so the issue
does most probably not have any effect in practice.
- bugfix: if tcp listen port could not be created, no error message was
emitted
- bugfix: potential segfault in output file writer (omfile)
In async write mode, we use modular arithmetic to index the output
buffer array. However, the counter variables accidentally were signed,
thus resulting in negative indices after integer overflow. That in turn
could lead to segfaults, but was depending on the memory layout of
the instance in question (which in turn depended on a number of
variables, like compile settings but also configuration). The counters
are now unsigned (as they always should have been) and so the dangling
mis-indexing does no longer happen. This bug potentially affected all
installations, even if only some may actually have seen a segfault.
- bugfix: hostnames with dashes in them were incorrectly treated as
malformed, thus causing them to be treated as TAG (this was a regression
introduced from the "rfc3164 strict" change in 4.5.0).
---------------------------------------------------------------------------
Version 4.5.1 [DEVEL] (rgerhards), 2009-07-15
- CONFIG CHANGE: $HUPisRestart default is now "off". We are doing this
to support removal of restart-type HUP in v5.
- bugfix: fromhost-ip was sometimes truncated
- bugfix: potential segfault when zip-compressed syslog records were
received (double free)
- bugfix: properties inputname, fromhost, fromhost-ip, msg were lost when
working with disk queues
- performance enhancement: much faster, up to twice as fast (depending
on configuration)
- bugfix: abort condition when RecvFrom was not set and message reduction
was on. Happened e.g. with imuxsock.
- added $klogConsoleLogLevel directive which permits to set a new
console log level while rsyslog is active
- bugfix: message could be truncated after TAG, often when forwarding
This was a result of an internal processing error if maximum field
sizes had been specified in the property replacer.
- added ability for the TCP output action to "rebind" its send socket after
sending n messages (actually, it re-opens the connection, the name is
used because this is a concept very similar to $ActionUDPRebindInterval).
New config directive $ActionSendTCPRebindInterval added for the purpose.
By default, rebinding is disabled. This is considered useful for load
balancers.
- testbench improvements
---------------------------------------------------------------------------
Version 4.5.0 [DEVEL] (rgerhards), 2009-07-02
- activation order of inputs changed, they are now activated only after
privileges are dropped. Thanks to Michael Terry for the patch.
- greatly improved performance
- greatly reduced memory requirements of msg object
to around half of the previous demand. This means that more messages can
be stored in core! Due to fewer cache misses, this also means some
performance improvement.
- improved config error messages: now contain a copy of the config line
that (most likely) caused the error
- reduced max value for $DynaFileCacheSize to 1,000 (the former maximum
of 10,000 really made no sense, even 1,000 is very high, but we like
to keep the user in control ;)).
- added capability to fsync() queue disk files for enhanced reliability
(also add's speed, because you do no longer need to run the whole file
system in sync mode)
- more strict parsing of the hostname in rfc3164 mode, hopefully
removes false positives (but may cause some trouble with hostname
parsing). For details, see this bug tracker:
http://bugzilla.adiscon.com/show_bug.cgi?id=126
- omfile rewrite to natively support zip files (includes large extension
of the stream class)
- added configuration commands (see doc for explanations)
* $OMFileZipLevel
* $OMFileIOBufferSize
* $OMFileFlushOnTXEnd
* $MainMsgQueueSyncQueueFiles
* $ActionQueueSyncQueueFiles
- done some memory accesses explicitly atomic
- bugfix: subtle (and usually irrelevant) issue in timeout processing
timeout could be one second too early if nanoseconds wrapped
- set a more sensible timeout for shutdown, now 1.5 seconds to complete
processing (this also removes those cases where the shutdown message
was not written because the termination happened before it)
- internal bugfix: object pointer was only reset to NULL when an object
was actually destructed. This most likely had no effect to existing code,
but it may also have caused trouble in remote cases. Similarly, the fix
may also cause trouble...
- bugfix: missing initialization during timestamp creation
This could lead to timestamps written in the wrong format, but not to
an abort
---------------------------------------------------------------------------
Version 4.4.3 [v4-stable] (rgerhards), 2009-10-??
- bugfix: several smaller bugs resolved after flexelint review
Thanks to varmojfekoj for the patch.
- bugfix: $ActionExecOnlyOnceEveryInterval did not work.
This was a regression from the time() optimizations done in v4.
Bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=143
Thanks to Klaus Tachtler for reporting this bug.
- bugfix: potential segfault on queue shutdown
Thanks to varmojfekoj for the patch.
- bugfix: potential hang condition on queue shutdown
[imported from v3-stable]
- bugfix: segfault on startup when -q or -Q option was given
[imported from v3-stable]
---------------------------------------------------------------------------
Version 4.4.2 [v4-stable] (rgerhards), 2009-10-09
- bugfix: invalid handling of zero-sized messages, could lead to mis-
addressing and potential memory corruption/segfault
- bugfix: zero-sized UDP messages are no longer processed
until now, they were forwarded to processing, but this makes no sense
Also, it looks like the system seems to provide a zero return code
on a UDP recvfrom() from time to time for some internal reasons. These
"receives" are now silently ignored.
- bugfix: random data could be appended to message, possibly causing
segfaults
- bugfix: reverse lookup reduction logic in imudp do DNS queries too often
A comparison was done between the current and the former source address.
However, this was done on the full sockaddr_storage structure and not
on the host address only. This has now been changed for IPv4 and IPv6.
The end result of this bug could be a higher UDP message loss rate than
necessary (note that UDP message loss can not totally be avoided due
to the UDP spec)
---------------------------------------------------------------------------
Version 4.4.1 [v4-stable] (rgerhards), 2009-09-02
- features requiring Java are automatically disabled if Java is not
present (thanks to Michael Biebl for his help!)
- bugfix: invalid double-quoted PRI, among others in outgoing messages
This causes grief with all receivers.
Bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=147
- bugfix: Java testing tools were required, even if testbench was disabled
This resulted in build errors if no Java was present on the build system,
even though none of the selected option actually required Java.
(I forgot to backport a similar fix to newer releases).
- bugfix (backport): omfwd segfault
Note that the original (higher version) patch states this happens only
when debugging mode is turned on. That statement is wrong: if debug
mode is turned off, the message is not being emitted, but the division
by zero in the actual parameters still happens.
---------------------------------------------------------------------------
Version 4.4.0 [v4-stable] (rgerhards), 2009-08-21
- bugfix: stderr/stdout were not closed to be able to emit error messages,
but this caused ssh sessions to hang. Now we close them after the
initial initialization. See forum thread:
http://kb.monitorware.com/controlling-terminal-issues-t9875.html
- bugfix: sending syslog messages with zip compression did not work
---------------------------------------------------------------------------
Version 4.3.2 [v4-beta] (rgerhards), 2009-06-24
- removed long-obsoleted property UxTradMsg
- added a generic network stream server (in addition to rather specific
syslog tcp server)
- added ability for the UDP output action to rebind its send socket after
sending n messages. New config directive $ActionSendUDPRebindInterval
added for the purpose. By default, rebinding is disabled. This is
considered useful for load balancers.
- bugfix: imdiag/imtcp had a race condition
- improved testbench (now much better code design and reuse)
- added config switch --enable-testbench=no to turn off testbench
---------------------------------------------------------------------------
Version 4.3.1 [DEVEL] (rgerhards), 2009-05-25
- added capability to run multiple tcp listeners (on different ports)
- performance enhancement: imtcp calls parser no longer on input thread
but rather inside on of the potentially many main msg queue worker
threads (an enhancement scheduled for all input plugins where this is
possible)
- added $GenerateConfigGraph configuration command which can be used
to generate nice-looking (and very informative) rsyslog configuration
graphs.
- added $ActionName configuration directive (currently only used for
graph generation, but may find other uses)
- improved doc
* added (hopefully) easier to grasp queue explanation
- improved testbench
* added tests for queue disk-only mode (checks disk queue logic)
- bugfix: light and full delay watermarks had invalid values, badly
affecting performance for delayable inputs
- build system improvements - thanks to Michael Biebl
- added new testing module imdiag, which enables to talk to the
rsyslog core at runtime. The current implementation is only a
beginning, but can be expanded over time
---------------------------------------------------------------------------
Version 4.3.0 [DEVEL] (rgerhards), 2009-04-17
- new feature: new output plugin omprog, which permits to start program
and feed it (via its stdin) with syslog messages. If the program
terminates, it is restarted.
- improved internal handling of RainerScript functions, building the
necessary plumbing to support more functions with decent runtime
performance. This is also necessary towards the long-term goal
of loadable library modules.
- added new RainerScript function "tolower"
- improved testbench
* added tests for tcp-based reception
* added tcp-load test (1000 connections, 20,000 messages)
- added $MaxOpenFiles configuration directive
- bugfix: solved potential memory leak in msg processing, could manifest
itself in imtcp
- bugfix: ompgsql did not detect problems in sql command execution
this could cause loss of messages. The handling was correct if the
connection broke, but not if there was a problem with statement
execution. The most probable case for such a case would be invalid
sql inside the template, and this is now much easier to diagnose.
---------------------------------------------------------------------------
Version 4.2.0 [v4-stable] (rgerhards), 2009-06-23
- bugfix: light and full delay watermarks had invalid values, badly
affecting performance for delayable inputs
- imported all patches from 3.22.1 as of today (see below)
- bugfix: compile problems in im3195
---------------------------------------------------------------------------
Version 4.1.7 [BETA] (rgerhards), 2009-04-22
- bugfix: $InputTCPMaxSessions config directive was accepted, but not
honored. This resulted in a fixed upper limit of 200 connections.
- bugfix: the default for $DirCreateMode was 0644, and as such wrong.
It has now been changed to 0700. For some background, please see
http://lists.adiscon.net/pipermail/rsyslog/2009-April/001986.html
- bugfix: ompgsql did not detect problems in sql command execution
this could cause loss of messages. The handling was correct if the
connection broke, but not if there was a problem with statement
execution. The most probable case for such a case would be invalid
sql inside the template, and this is now much easier to diagnose.
---------------------------------------------------------------------------
Version 4.1.6 [DEVEL] (rgerhards), 2009-04-07
- added new "csv" property replacer options to enable simple creation
of CSV-formatted outputs (format from RFC4180 is used)
- implemented function support in RainerScript. That means the engine
parses and compile functions, as well as executes a few build-in
ones. Dynamic loading and registration of functions is not yet
supported - but we now have a good foundation to do that later on.
- implemented the strlen() RainerScript function
- added a template output module
- added -T rsyslogd command line option, enables to specify a directory
where to chroot() into on startup. This is NOT a security feature but
introduced to support testing. Thus, -T does not make sure chroot()
is used in a secure way. (may be removed later)
- added omstdout module for testing purposes. Spits out all messages to
stdout - no config option, no other features
- added a parser testing suite (still needs to be extended, but a good
start)
- modified $ModLoad statement so that for modules whom's name starts with
a dot, no path is prepended (this enables relative-paths and should
not break any valid current config)
- fixed a bug that caused action retries not to work correctly
situation was only cleared by a restart
- bugfix: closed dynafile was potentially never written until another
dynafile name was generated - potential loss of messages
- improved omfile so that it properly suspends itself if there is an
i/o or file name generation error. This enables it to be used with
the full high availability features of rsyslog's engine
- bugfix: fixed some segfaults on Solaris, where vsprintf() does not
check for NULL pointers
- improved performance of regexp-based filters
Thanks to Arnaud Cornet for providing the idea and initial patch.
- added a new way how output plugins may be passed parameters. This is
more efficient for some outputs. They new can receive fields not only
as a single string but rather in an array where each string is separated.
- added (some) developer documentation for output plugin interface
- bugfix: potential abort with DA queue after high watermark is reached
There exists a race condition that can lead to a segfault. Thanks
go to vbernetr, who performed the analysis and provided patch, which
I only tweaked a very little bit.
- bugfix: imtcp did incorrectly parse hostname/tag
Thanks to Luis Fernando Muñoz Mejías for the patch.
---------------------------------------------------------------------------
Version 4.1.5 [DEVEL] (rgerhards), 2009-03-11
- bugfix: parser did not correctly parse fields in UDP-received messages
- added ERE support in filter conditions
new comparison operation "ereregex"
- added new config directive $RepeatedMsgContainsOriginalMsg so that the
"last message repeated n times" messages, if generated, may
have an alternate format that contains the message that is being repeated
---------------------------------------------------------------------------
Version 4.1.4 [DEVEL] (rgerhards), 2009-01-29
- bugfix: inconsistent use of mutex/atomic operations could cause segfault
details are too many, for full analysis see blog post at:
http://blog.gerhards.net/2009/01/rsyslog-data-race-analysis.html
- bugfix: uninitialized mutex was used in msg.c:getPRI
This was subtle, because getPRI is called as part of the debugging code
(always executed) in syslogd.c:logmsg.
- bugfix: $PreserveFQDN was not properly handled for locally emitted
messages
---------------------------------------------------------------------------
Version 4.1.3 [DEVEL] (rgerhards), 2008-12-17
- added $InputTCPServerAddtlFrameDelimiter config directive, which
enables to specify an additional, non-standard message delimiter
for processing plain tcp syslog. This is primarily a fix for the invalid
framing used in Juniper's NetScreen products. Credit to forum user
Arv for suggesting this solution.
- added $InputTCPServerInputName property, which enables a name to be
specified that will be available during message processing in the
inputname property. This is considered useful for logic that treats
messages differently depending on which input received them.
- added $PreserveFQDN config file directive
Enables to use FQDNs in sender names where the legacy default
would have stripped the domain part.
Thanks to BlinkMind, Inc. http://www.blinkmind.com for sponsoring this
development.
- bugfix: imudp went into an endless loop under some circumstances
(but could also leave it under some other circumstances...)
Thanks to David Lang and speedfox for reporting this issue.
---------------------------------------------------------------------------
Version 4.1.2 [DEVEL] (rgerhards), 2008-12-04
- bugfix: code did not compile without zlib
- security bugfix: $AllowedSender was not honored, all senders were
permitted instead (see https://www.rsyslog.com/Article322.phtml)
- security fix: imudp emitted a message when a non-permitted sender
tried to send a message to it. This behavior is operator-configurable.
If enabled, a message was emitted each time. That way an attacker could
effectively fill the disk via this facility. The message is now
emitted only once in a minute (this currently is a hard-coded limit,
if someone comes up with a good reason to make it configurable, we
will probably do that).
- doc bugfix: typo in v3 compatibility document directive syntax
thanks to Andrej for reporting
- imported other changes from 3.21.8 and 3.20.1 (see there)
---------------------------------------------------------------------------
Version 4.1.1 [DEVEL] (rgerhards), 2008-11-26
- added $PrivDropToGroup, $PrivDropToUser, $PrivDropToGroupID,
$PrivDropToUserID config directives to enable dropping privileges.
This is an effort to provide a security enhancement. For the limits of this
approach, see http://wiki.rsyslog.com/index.php/Security
- re-enabled imklog to compile on FreeBSD (brought in from beta)
---------------------------------------------------------------------------
Version 4.1.0 [DEVEL] (rgerhards), 2008-11-18
********************************* WARNING *********************************
This version has a slightly different on-disk format for message entries.
As a consequence, old queue files being read by this version may have
an invalid output timestamp, which could result to some malfunction inside
the output driver. It is recommended to drain queues with the previous
version before switching to this one.
********************************* WARNING *********************************
- greatly enhanced performance when compared to v3.
- added configuration directive "HUPisRestart" which enables to configure
HUP to be either a full restart or "just" a lightweight way to
close open files.
- enhanced legacy syslog parser to detect year if part of the timestamp
the format is based on what Cisco devices seem to emit.
- added a setting "$OptimizeForUniprocessor" to enable users to turn off
pthread_yield calls which are counter-productive on multiprocessor
machines (but have been shown to be useful on uniprocessors)
- reordered imudp processing. Message parsing is now done as part of main
message queue worker processing (was part of the input thread)
This should also improve performance, as potentially more work is
done in parallel.
- bugfix: compressed syslog messages could be slightly mis-uncompressed
if the last byte of the compressed record was a NUL
- added $UDPServerTimeRequery option which enables to work with
less accurate timestamps in favor of performance. This enables querying
of the time only every n-th time if imudp is running in the tight
receive loop (aka receiving messages at a high rate)
- doc bugfix: queue doc had wrong parameter name for setting controlling
worker thread shutdown period
- restructured rsyslog.conf documentation
- bugfix: memory leak in ompgsql
Thanks to Ken for providing the patch
---------------------------------------------------------------------------
Version 3.22.4 [v3-stable] (rgerhards), 2010-??-??
- bugfix: action resume interval incorrectly handled, thus took longer to
resume
- bugfix: cosmetic: proper constant used instead of number in open call
- bugfix: timestamp was incorrectly calculated for timezones with minute
offset
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=271
- improved some code based on clang static analyzer results
- bugfix: potential misaddressing in property replacer
- bugfix: improper handling of invalid PRI values
references: CVE-2014-3634
---------------------------------------------------------------------------
Version 3.22.3 [v3-stable] (rgerhards), 2010-11-24
- bugfix(important): problem in TLS handling could cause rsyslog to loop
in a tight loop, effectively disabling functionality and bearing the
risk of unresponsiveness of the whole system.
Bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=194
---------------------------------------------------------------------------
Version 3.22.2 [v3-stable] (rgerhards), 2010-08-05
- bugfix: comment char ('#') in literal terminated script parsing
and thus could not be used.
but tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=119
- enhance: imrelp now also provides remote peer's IP address
[if librelp != 1.0.0 is used]
- bugfix: sending syslog messages with zip compression did not work
- bugfix: potential hang condition on queue shutdown
- bugfix: segfault on startup when -q or -Q option was given
bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=157
Thanks to Jonas Nogueira for reporting this bug.
- clarified use of $ActionsSendStreamDriver[AuthMode/PermittedPeers]
in doc set (require TLS drivers)
- bugfix: $CreateDirs variable not properly initialized, default thus
was random (but most often "on")
- bugfix: potential segfault when -p command line option was used
thanks to varmojfekoj for pointing me at this bug
- bugfix: programname filter in ! configuration can not be reset
Thanks to Kiss Gabor for the patch.
---------------------------------------------------------------------------
Version 3.22.1 [v3-stable] (rgerhards), 2009-07-02
- bugfix: invalid error message issued if $includeConfig was on an empty
set of files (e.g. *.conf, where none such files existed)
thanks to Michael Biebl for reporting this bug
- bugfix: when run in foreground (but not in debug mode), a
debug message ("DoDie called") was emitted at shutdown. Removed.
thanks to Michael Biebl for reporting this bug
- bugfix: some garbage was emitted to stderr on shutdown. This
garbage consisted of file names, which were written during
startup (key point: not a pointer error)
thanks to Michael Biebl for reporting this bug
- bugfix: startup and shutdown message were emitted to stdout
thanks to Michael Biebl for reporting this bug
- bugfix: error messages were not emitted to stderr in forked mode
(stderr and stdo are now kept open across forks)
- bugfix: internal messages were emitted to whatever file had fd2 when
rsyslogd ran in forked mode (as usual!)
Thanks to varmojfekoj for the patch
- small enhancement: config validation run now exits with code 1 if an
error is detected. This change is considered important but small enough
to apply it directly to the stable version. [But it is a border case,
the change requires more code than I had hoped. Thus I have NOT tried
to actually catch all cases, this is left for the current devel
releases, if necessary]
- bugfix: light and full delay watermarks had invalid values, badly
affecting performance for delayable inputs
- bugfix: potential segfault issue when multiple $UDPServerRun directives
are specified. Thanks to Michael Biebl for helping to debug this one.
- relaxed GnuTLS version requirement to 1.4.0 after confirmation from the
field that this version is sufficient
- bugfix: parser did not properly handle empty structured data
- bugfix: invalid mutex release in msg.c (detected under thread debugger,
seems not to have any impact on actual deployments)
---------------------------------------------------------------------------
Version 3.22.0 [v3-stable] (rgerhards), 2009-04-21
This is the first stable release that includes the full functionality
of the 3.21.x version tree.
- bugfix: $InputTCPMaxSessions config directive was accepted, but not
honored. This resulted in a fixed upper limit of 200 connections.
- bugfix: the default for $DirCreateMode was 0644, and as such wrong.
It has now been changed to 0700. For some background, please see
http://lists.adiscon.net/pipermail/rsyslog/2009-April/001986.html
- bugfix: ompgsql did not detect problems in sql command execution
this could cause loss of messages. The handling was correct if the
connection broke, but not if there was a problem with statement
execution. The most probable case for such a case would be invalid
sql inside the template, and this is now much easier to diagnose.
---------------------------------------------------------------------------
Version 3.21.11 [BETA] (rgerhards), 2009-04-03
- build system improvements contributed by Michael Biebl - thx!
- all patches from 3.20.5 incorporated (see it's ChangeLog entry)
---------------------------------------------------------------------------
Version 3.21.10 [BETA] (rgerhards), 2009-02-02
- bugfix: inconsistent use of mutex/atomic operations could cause segfault
details are too many, for full analysis see blog post at:
http://blog.gerhards.net/2009/01/rsyslog-data-race-analysis.html
- the string "Do Die" was accidentally emited upon exit in non-debug mode
This has now been corrected. Thanks to varmojfekoj for the patch.
- some legacy options were not correctly processed.
Thanks to varmojfekoj for the patch.
- doc bugfix: v3-compatibility document had typo in config directive
thanks to Andrej for reporting this
---------------------------------------------------------------------------
Version 3.21.9 [BETA] (rgerhards), 2008-12-04
- re-release of 3.21.8 with an additional fix, that could also lead
to DoS; 3.21.8 has been removed from the official download archives
- security fix: imudp emitted a message when a non-permitted sender
tried to send a message to it. This behavior is operator-configurable.
If enabled, a message was emitted each time. That way an attacker could
effectively fill the disk via this facility. The message is now
emitted only once in a minute (this currently is a hard-coded limit,
if someone comes up with a good reason to make it configurable, we
will probably do that).
---------------------------------------------------------------------------
Version 3.21.8 [BETA] (rgerhards), 2008-12-04
- bugfix: imklog did not compile on FreeBSD
- security bugfix: $AllowedSender was not honored, all senders were
permitted instead (see https://www.rsyslog.com/Article322.phtml)
- merged in all other changes from 3.20.1 (see there)
---------------------------------------------------------------------------
Version 3.21.7 [BETA] (rgerhards), 2008-11-11
- this is the new beta branch, based on the former 3.21.6 devel
- new functionality: ZERO property replacer nomatch option (from v3-stable)
---------------------------------------------------------------------------
Version 3.21.6 [DEVEL] (rgerhards), 2008-10-22
- consolidated time calls during msg object creation, improves performance
and consistency
- bugfix: solved a segfault condition
- bugfix: subsecond time properties generated by imfile, imklog and
internal messages could be slightly inconsistent
- bugfix: (potentially big) memory leak on HUP if queues could not be
drained before timeout - thanks to David Lang for pointing this out
- added capability to support multiple module search paths. Thank
to Marius Tomaschewski for providing the patch.
- bugfix: im3195 did no longer compile
- improved "make distcheck" by ensuring everything relevant is recompiled
---------------------------------------------------------------------------
Version 3.21.5 [DEVEL] (rgerhards), 2008-09-30
- performance optimization: unnecessary time() calls during message
parsing removed - thanks to David Lang for his excellent performance
analysis
- added new capability to property replacer: multiple immediately
successive field delimiters are treated as a single one.
Thanks to Zhuang Yuyao for the patch.
- added message property "inputname", which contains the name of the
input (module) that generated it. Presence is depending on support in
each input module (else it is blank).
- added system property "$myhostname", which contains the name of the
local host as it knows itself.
- imported a number of fixes and enhancements from the stable and
devel branches, including a fix to a potential segfault on HUP
when using UDP listeners
- re-enabled gcc builtin atomic operations and added a proper
./configure check
- bugfix: potential race condition when adding messages to queue
There was a wrong order of mutex lock operations. It is hard to
believe that really caused problems, but in theory it could and with
threading we often see that theory becomes practice if something is only
used long enough on a fast enough machine with enough CPUs ;)
- cleaned up internal debug system code and made it behave better
in regard to multi-threading
---------------------------------------------------------------------------
Version 3.21.4 [DEVEL] (rgerhards), 2008-09-04
- removed compile time fixed message size limit (was 2K), limit can now
be set via $MaxMessageSize global config directive (finally gotten rid
of MAXLINE ;))
- enhanced doc for $ActionExecOnlyEveryNthTimeTimeout
- integrated a number of patches from 3.18.4, namely
- bugfix: order-of magnitude issue with base-10 size definitions
in config file parser. Could lead to invalid sizes, constraints
etc for e.g. queue files and any other object whose size was specified
in base-10 entities. Did not apply to binary entities. Thanks to
RB for finding this bug and providing a patch.
- bugfix: action was not called when system time was set backwards
(until the previous time was reached again). There are still some
side-effects when time is rolled back (A time rollback is really a bad
thing to do, ideally the OS should issue pseudo time (like NetWare did)
when the user tries to roll back time). Thanks to varmojfekoj for this
patch.
- doc bugfix: rsyslog.conf man page improved and minor nit fixed
thanks to Lukas Kuklinek for the patch.
---------------------------------------------------------------------------
Version 3.21.3 [DEVEL] (rgerhards), 2008-08-13
- added ability to specify flow control mode for imuxsock
- added ability to execute actions only after the n-th call of the action
This also lead to the addition of two new config directives:
$ActionExecOnlyEveryNthTime and $ActionExecOnlyEveryNthTimeTimeout
This feature is useful, for example, for alerting: it permits you to
send an alert only after at least n occurrences of a specific message
have been seen by rsyslogd. This protects against false positives
due to waiting for additional confirmation.
- bugfix: IPv6 addresses could not be specified in forwarding actions
New syntax @[addr]:port introduced to enable that. Root problem was IPv6
addresses contain colons.
- somewhat enhanced debugging messages
- imported from 3.18.3:
- enhanced ommysql to support custom port to connect to server
Port can be set via new $ActionOmmysqlServerPort config directive
Note: this was a very minor change and thus deemed appropriate to be
done in the stable release.
- bugfix: misspelled config directive, previously was
$MainMsgQueueWorkeTimeoutrThreadShutdown, is now
$MainMsgQueueWorkerTimeoutThreadShutdown. Note that the misspelled
directive is not preserved - if the misspelled directive was used
(which I consider highly unlikely), the config file must be changed.
Thanks to lperr for reporting the bug.
---------------------------------------------------------------------------
Version 3.21.2 [DEVEL] (rgerhards), 2008-08-04
- added $InputUnixListenSocketHostName config directive, which permits to
override the hostname being used on a local unix socket. This is useful
for differentiating "hosts" running in several jails. Feature was
suggested by David Darville, thanks for the suggestion.
- enhanced ommail to support multiple email recipients. This is done by
specifying $ActionMailTo multiple times. Note that this introduces a
small incompatibility to previous config file syntax: the recipient
list is now reset for each action (we honestly believe that will
not cause any problem - apologies if it does).
- enhanced troubleshooting documentation
---------------------------------------------------------------------------
Version 3.21.1 [DEVEL] (rgerhards), 2008-07-30
- bugfix: no error was reported if the target of a $IncludeConfig
could not be accessed.
- added testbed for common config errors
- added doc for -u option to rsyslogd man page
- enhanced config file checking - no active actions are detected
- added -N rsyslogd command line option for a config validation run
(which does not execute actual syslogd code and does not interfere
with a running instance)
- somewhat improved emergency configuration. It is now also selected
if the config contains no active actions
- rsyslogd error messages are now reported to stderr by default. can be
turned off by the new "$ErrorMessagesToStderr off" directive
Thanks to HKS for suggesting the new features.
---------------------------------------------------------------------------
Version 3.21.0 [DEVEL] (rgerhards), 2008-07-18
- starts a new devel branch
- added a generic test driver for RainerScript plus some test cases
to the testbench
- added a small diagnostic tool to obtain result of gethostname() API
- imported all changes from 3.18.1 until today (some quite important,
see below)
---------------------------------------------------------------------------
Version 3.20.6 [v3-stable] (rgerhards), 2009-04-16
- this is the last v3-stable for the 3.20.x series
- bugfix: $InputTCPMaxSessions config directive was accepted, but not
honored. This resulted in a fixed upper limit of 200 connections.
- bugfix: the default for $DirCreateMode was 0644, and as such wrong.
It has now been changed to 0700. For some background, please see
http://lists.adiscon.net/pipermail/rsyslog/2009-April/001986.html
---------------------------------------------------------------------------
Version 3.20.5 [v3-stable] (rgerhards), 2009-04-02
- bugfix: potential abort with DA queue after high watermark is reached
There exists a race condition that can lead to a segfault. Thanks
go to vbernetr, who performed the analysis and provided patch, which
I only tweaked a very little bit.
- fixed bugs in RainerScript:
o when converting a number and a string to a common type, both were
actually converted to the other variable's type.
o the value of rsCStrConvertToNumber() was miscalculated.
Thanks to varmojfekoj for the patch
- fixed a bug in configure.ac which resulted in problems with
environment detection - thanks to Michael Biebl for the patch
- fixed a potential segfault problem in gssapi code
thanks to varmojfekoj for the patch
- doc enhance: provide standard template for MySQL module and instructions
on how to modify schema
---------------------------------------------------------------------------
Version 3.20.4 [v3-stable] (rgerhards), 2009-02-09
- bugfix: inconsistent use of mutex/atomic operations could cause segfault
details are too many, for full analysis see blog post at:
http://blog.gerhards.net/2009/01/rsyslog-data-race-analysis.html
- bugfix: invalid ./configure settings for RFC3195
thanks to Michael Biebl for the patch
- bugfix: invalid mutex access in msg.c
- doc bugfix: dist tarball missed 2 files, had one extra file that no
longer belongs into it. Thanks to Michael Biebl for pointing this out.
---------------------------------------------------------------------------
Version 3.20.3 [v3-stable] (rgerhards), 2009-01-19
- doc bugfix: v3-compatibility document had typo in config directive
thanks to Andrej for reporting this
- fixed a potential segfault condition with $AllowedSender directive
On HUP, the root pointers were not properly cleaned up. Thanks to
Michael Biebl, olgoat, and Juha Koho for reporting and analyzing
the bug.
---------------------------------------------------------------------------
Version 3.20.2 [v3-stable] (rgerhards), 2008-12-04
- re-release of 3.20.1 with an additional fix, that could also lead
to DoS; 3.20.1 has been removed from the official download archives
- security fix: imudp emitted a message when a non-permitted sender
tried to send a message to it. This behavior is operator-configurable.
If enabled, a message was emitted each time. That way an attacker could
effectively fill the disk via this facility. The message is now
emitted only once in a minute (this currently is a hard-coded limit,
if someone comes up with a good reason to make it configurable, we
will probably do that).
---------------------------------------------------------------------------
Version 3.20.1 [v3-stable] (rgerhards), 2008-12-04
- security bugfix: $AllowedSender was not honored, all senders were
permitted instead
- enhance: regex nomatch option "ZERO" has been added
This allows one to return the string 0 if a regular expression is
not found. This is probably useful for storing numerical values into
database columns.
- bugfix: memory leak in gtls netstream driver fixed
memory was lost each time a TLS session was torn down. This could
result in a considerable memory leak if it happened quite frequently
(potential system crash condition)
- doc update: documented how to specify multiple property replacer
options + link to new online regex generator tool added
- minor bugfix: very small memory leak in gtls netstream driver
around a handful of bytes (< 20) for each HUP
- improved debug output for regular expressions inside property replacer
RE's seem to be a big trouble spot and I would like to have more
information inside the debug log. So I decided to add some additional
debug strings permanently.
---------------------------------------------------------------------------
Version 3.20.0 [v3-stable] (rgerhards), 2008-11-05
- this is the initial release of the 3.19.x branch as a stable release
- bugfix: double-free in pctp netstream driver. Thank to varmojfekoj
for the patch
---------------------------------------------------------------------------
Version 3.19.12 [BETA] (rgerhards), 2008-10-16
- bugfix: subseconds where not correctly extracted from a timestamp
if that timestamp did not contain any subsecond information (the
resulting string was garbage but should have been "0", what it
now is).
- increased maximum size of a configuration statement to 4K (was 1K)
- imported all fixes from the stable branch (quite a lot)
- bugfix: (potentially big) memory leak on HUP if queues could not be
drained before timeout - thanks to David Lang for pointing this out
---------------------------------------------------------------------------
Version 3.19.11 [BETA] (rgerhards), 2008-08-25
This is a refresh of the beta. No beta-specific fixes have been added.
- included fixes from v3-stable (most importantly 3.18.3)
---------------------------------------------------------------------------
Version 3.19.10 [BETA] (rgerhards), 2008-07-15
- start of a new beta branch based on former 3.19 devel branch
- bugfix: bad memory leak in disk-based queue modes
- bugfix: UDP syslog forwarding did not work on all platforms
the ai_socktype was incorrectly set to 1. On some platforms, this
lead to failing name resolution (e.g. FreeBSD 7). Thanks to HKS for
reporting the bug.
- bugfix: priority was incorrectly calculated on FreeBSD 7,
because the LOG_MAKEPRI() C macro has a different meaning there (it
is just a simple addition of facility and severity). I have changed
this to use own, consistent, code for PRI calculation. Thank to HKS
for reporting this bug.
- bugfix (cosmetical): authorization was not checked when gtls handshake
completed immediately. While this sounds scary, the situation can not
happen in practice. We use non-blocking IO only for server-based gtls
session setup. As TLS requires the exchange of multiple frames before
the handshake completes, it simply is impossible to do this in one
step. However, it is useful to have the code path correct even for
this case - otherwise, we may run into problems if the code is changed
some time later (e.g. to use blocking sockets). Thanks to varmojfekoj
for providing the patch.
- important queue bugfix from 3.18.1 imported (see below)
- cleanup of some debug messages
---------------------------------------------------------------------------
Version 3.19.9 (rgerhards), 2008-07-07
- added tutorial for creating a TLS-secured syslog infrastructure
- rewritten omusrmsg to no longer fork() a new process for sending messages
this caused some problems with the threading model, e.g. zombies. Also,
it was far less optimal than it is now.
- bugfix: machine certificate was required for client even in TLS anon mode
Reference: http://bugzilla.adiscon.com/show_bug.cgi?id=85
The fix also slightly improves performance by not storing certificates in
client sessions when there is no need to do so.
- bugfix: RainerScript syntax error was not always detected
---------------------------------------------------------------------------
Version 3.19.8 (rgerhards), 2008-07-01
- bugfix: gtls module did not correctly handle EGAIN (and similar) recv()
states. This has been fixed by introducing a new abstraction layer inside
gtls.
- added (internal) error codes to error messages; added redirector to
web description of error codes
closes bug http://bugzilla.adiscon.com/show_bug.cgi?id=20
- disabled compile warnings caused by third-party libraries
- reduced number of compile warnings in gcc's -pedantic mode
- some minor documentation improvements
- included all fixes from beta 3.17.5
---------------------------------------------------------------------------
Version 3.19.7 (rgerhards), 2008-06-11
- added new property replacer option "date-subseconds" that enables
to query just the subsecond part of a high-precision timestamp
- somewhat improved plain tcp syslog reliability by doing a connection
check before sending. Credits to Martin Schuette for providing the
idea. Details are available at
http://blog.gerhards.net/2008/06/reliable-plain-tcp-syslog-once-again.html
- made rsyslog tickless in the (usual and default) case that repeated
message reduction is turned off. More info:
http://blog.gerhards.net/2008/06/coding-to-save-environment.html
- some build system cleanup, thanks to Michael Biebl
- bugfix: compile under (Free)BSD failed due to some invalid library
definitions - this is fixed now. Thanks to Michael Biebl for the patch.
---------------------------------------------------------------------------
Version 3.19.6 (rgerhards), 2008-06-06
- enhanced property replacer to support multiple regex matches
- bugfix: part of permittedPeer structure was not correctly initialized
thanks to varmojfekoj for spotting this
- bugfix: off-by-one bug during certificate check
- bugfix: removed some memory leaks in TLS code
---------------------------------------------------------------------------
Version 3.19.5 (rgerhards), 2008-05-30
- enabled Posix ERE expressions inside the property replacer
(previously BRE was permitted only)
- provided ability to specify that a regular expression submatch shall
be used inside the property replacer
- implemented in property replacer: if a regular expression does not match,
it can now either return "**NO MATCH** (default, as before), a blank
property or the full original property text
- enhanced property replacer to support multiple regex matches
---------------------------------------------------------------------------
Version 3.19.4 (rgerhards), 2008-05-27
- implemented x509/certvalid gtls auth mode
- implemented x509/name gtls auth mode (including wildcards)
- changed fingerprint gtls auth mode to new format fingerprint
- protected gtls error string function by a mutex. Without it, we
could have a race condition in extreme cases. This was very remote,
but now can no longer happen.
- changed config directive name to reflect different use
$ActionSendStreamDriverCertFingerprint is now
$ActionSendStreamDriverPermittedPeer and can be used both for
fingerprint and name authentication (similar to the input side)
- bugfix: sender information (fromhost et al) was missing in imudp
thanks to sandiso for reporting this bug
- this release fully implements IETF's syslog-transport-tls-12 plus
the latest text changes Joe Salowey provided via email. Not included
is ipAddress subjectAltName authentication, which I think will be
dropped from the draft. I don't think there is any real need for it.
This release also includes all bug fix up to today from the beta
and stable branches. Most importantly, this means the bugfix for
100% CPU utilization by imklog.
---------------------------------------------------------------------------
Version 3.19.3 (rgerhards), 2008-05-21
- added ability to authenticate the server against its certificate
fingerprint
- added ability for client to provide its fingerprint
- added ability for server to obtain client cert's fingerprint
- bugfix: small mem leak in omfwd on exit (strmdriver name was not freed)
- bugfix: $ActionSendStreamDriver had no effect
- bugfix: default syslog port was no longer used if none was
configured. Thanks to varmojfekoj for the patch
- bugfix: missing linker options caused build to fail on some
systems. Thanks to Tiziano Mueller for the patch.
---------------------------------------------------------------------------
Version 3.19.2 (rgerhards), 2008-05-16
- bugfix: TCP input modules did incorrectly set fromhost property
(always blank)
- bugfix: imklog did not set fromhost property
- added "fromhost-ip" property
Note that adding this property changes the on-disk format for messages.
However, that should not have any bad effect on existing spool files.
But you will run into trouble if you create a spool file with this
version and then try to process it with an older one (after a downgrade).
Don't do that ;)
- added "RSYSLOG_DebugFormat" canned template
- bugfix: hostname and fromhost were swapped when a persisted message
(in queued mode) was read in
- bugfix: lmtcpclt, lmtcpsrv and lmgssutil did all link to the static
runtime library, resulting in a large size increase (and potential
"interesting" effects). Thanks to Michael Biebl for reporting the size
issue.
- bugfix: TLS server went into an endless loop in some situations.
Thanks to Michael Biebl for reporting the problem.
- fixed potential segfault due to invalid call to cfsysline
thanks to varmojfekoj for the patch
---------------------------------------------------------------------------
Version 3.19.1 (rgerhards), 2008-05-07
- configure help for --enable-gnutls wrong - said default is "yes" but
default actually is "no" - thanks to darix for pointing this out
- file dirty.h was missing - thanks to darix for pointing this out
- bugfix: man files were not properly distributed - thanks to
darix for reporting and to Michael Biebl for help with the fix
- some minor cleanup
---------------------------------------------------------------------------
Version 3.19.0 (rgerhards), 2008-05-06
- begins new devel branch version
- implemented TLS for plain tcp syslog (this is also the world's first
implementation of IETF's upcoming syslog-transport-tls draft)
- partly rewritten and improved omfwd among others, now loads TCP
code only if this is actually necessary
- split of a "runtime library" for rsyslog - this is not yet a clean
model, because some modularization is still outstanding. In theory,
this shall enable other utilities but rsyslogd to use the same
runtime
- implemented im3195, the RFC3195 input as a plugin
- changed directory structure, files are now better organized
- a lot of cleanup in regard to modularization
- -c option no longer must be the first option - thanks to varmojfekoj
for the patch
---------------------------------------------------------------------------
Version 3.18.7 (rgerhards), 2008-12-??
- bugfix: the default for $DirCreateMode was 0644, and as such wrong.
It has now been changed to 0700. For some background, please see
http://lists.adiscon.net/pipermail/rsyslog/2009-April/001986.html
- fixed a potential segfault condition with $AllowedSender directive
On HUP, the root pointers were not properly cleaned up. Thanks to
Michael Biebl, olgoat, and Juha Koho for reporting and analyzing
the bug.
- some legacy options were not correctly processed.
Thanks to varmojfekoj for the patch.
- doc bugfix: some spelling errors in man pages corrected. Thanks to
Geoff Simmons for the patch.
---------------------------------------------------------------------------
Version 3.18.6 (rgerhards), 2008-12-08
- security bugfix: $AllowedSender was not honored, all senders were
permitted instead (see https://www.rsyslog.com/Article322.phtml)
(backport from v3-stable, v3.20.9)
- minor bugfix: dual close() call on tcp session closure
---------------------------------------------------------------------------
Version 3.18.5 (rgerhards), 2008-10-09
- bugfix: imudp input module could cause segfault on HUP
It did not properly de-init a variable acting as a linked list head.
That resulted in trying to access freed memory blocks after the HUP.
- bugfix: rsyslogd could hang on HUP
because getnameinfo() is not cancel-safe, but was not guarded against
being cancelled. pthread_cancel() is routinely being called during
HUP processing.
- bugfix[minor]: if queue size reached light_delay mark, enqueuing
could potentially be blocked for a longer period of time, which
was not the behavior desired.
- doc bugfix: $ActionExecOnlyWhenPreviousIsSuspended was still misspelled
as $...OnlyIfPrev... in some parts of the documentation. Thanks to
Lorenzo M. Catucci for reporting this bug.
- added doc on malformed messages, cause and how to work-around, to the
doc set
- added doc on how to build from source repository
---------------------------------------------------------------------------
Version 3.18.4 (rgerhards), 2008-09-18
- bugfix: order-of magnitude issue with base-10 size definitions
in config file parser. Could lead to invalid sizes, constraints
etc for e.g. queue files and any other object whose size was specified
in base-10 entities. Did not apply to binary entities. Thanks to
RB for finding this bug and providing a patch.
- bugfix: action was not called when system time was set backwards
(until the previous time was reached again). There are still some
side-effects when time is rolled back (A time rollback is really a bad
thing to do, ideally the OS should issue pseudo time (like NetWare did)
when the user tries to roll back time). Thanks to varmojfekoj for this
patch.
- doc bugfix: rsyslog.conf man page improved and minor nit fixed
thanks to Lukas Kuklinek for the patch.
- bugfix: error code -2025 was used for two different errors. queue full
is now -2074 and -2025 is unique again. (did cause no real problem
except for troubleshooting)
- bugfix: default discard severity was incorrectly set to 4, which lead
to discard-on-queue-full to be enabled by default. That could cause
message loss where non was expected. The default has now been changed
to the correct value of 8, which disables the functionality. This
problem applied both to the main message queue and the action queues.
Thanks to Raoul Bhatia for pointing out this problem.
- bugfix: option value for legacy -a option could not be specified,
resulting in strange operations. Thanks to Marius Tomaschewski
for the patch.
- bugfix: colon after date should be ignored, but was not. This has
now been corrected. Required change to the internal ParseTIMESTAMP3164()
interface.
---------------------------------------------------------------------------
Version 3.18.3 (rgerhards), 2008-08-18
- bugfix: imfile could cause a segfault upon rsyslogd HUP and termination
Thanks to lperr for an excellent bug report that helped detect this
problem.
- enhanced ommysql to support custom port to connect to server
Port can be set via new $ActionOmmysqlServerPort config directive
Note: this was a very minor change and thus deemed appropriate to be
done in the stable release.
- bugfix: misspelled config directive, previously was
$MainMsgQueueWorkeTimeoutrThreadShutdown, is now
$MainMsgQueueWorkerTimeoutThreadShutdown. Note that the misspelled
directive is not preserved - if the misspelled directive was used
(which I consider highly unlikely), the config file must be changed.
Thanks to lperr for reporting the bug.
- disabled flow control for imuxsock, as it could cause system hangs
under some circumstances. The devel (3.21.3 and above) will
re-enable it and provide enhanced configurability to overcome the
problems if they occur.
---------------------------------------------------------------------------
Version 3.18.2 (rgerhards), 2008-08-08
- merged in IPv6 forwarding address bugfix from v2-stable
---------------------------------------------------------------------------
Version 3.18.1 (rgerhards), 2008-07-21
- bugfix: potential segfault in creating message mutex in non-direct queue
mode. rsyslogd segfaults on freeBSD 7.0 (an potentially other platforms)
if an action queue is running in any other mode than non-direct. The
same problem can potentially be triggered by some main message queue
settings. In any case, it will manifest during rsyslog's startup. It is
unlikely to happen after a successful startup (the only window of
exposure may be a relatively seldom executed action running in queued
mode). This has been corrected. Thank to HKS for point out the problem.
- bugfix: priority was incorrectly calculated on FreeBSD 7,
because the LOG_MAKEPRI() C macro has a different meaning there (it
is just a simple addition of facility and severity). I have changed
this to use own, consistent, code for PRI calculation. [Backport from
3.19.10]
- bugfix: remove PRI part from kernel message if it is present
Thanks to Michael Biebl for reporting this bug
- bugfix: mark messages were not correctly written to text log files
the markmessageinterval was not correctly propagated to all places
where it was needed. This resulted in rsyslog using the default
(20 minutes) in some code paths, what looked to the user like mark
messages were never written.
- added a new property replacer option "sp-if-no-1st-sp" to cover
a problem with RFC 3164 based interpretation of tag separation. While
it is a generic approach, it fixes a format problem introduced in
3.18.0, where kernel messages no longer had a space after the tag.
This is done by a modification of the default templates.
Please note that this may affect some messages where there intentionally
is no space between the tag and the first character of the message
content. If so, this needs to be worked around via a specific
template. However, we consider this scenario to be quite remote and,
even if it exists, it is not expected that it will actually cause
problems with log parsers (instead, we assume the new default template
behavior may fix previous problems with log parsers due to the
missing space).
- bugfix: imklog module was not correctly compiled for GNU/kFreeBSD.
Thanks to Petr Salinger for the patch
- doc bugfix: property replacer options secpath-replace and
secpath-drop were not documented
- doc bugfix: fixed some typos in rsyslog.conf man page
- fixed typo in source comment - thanks to Rio Fujita
- some general cleanup (thanks to Michael Biebl)
---------------------------------------------------------------------------
Version 3.18.0 (rgerhards), 2008-07-11
- begun a new v3-stable based on former 3.17.4 beta plus patches to
previous v3-stable
- bugfix in RainerScript: syntax error was not always detected
---------------------------------------------------------------------------
Version 3.17.5 (rgerhards), 2008-06-27
- added doc: howto set up a reliable connection to remote server via
queued mode (and plain tcp protocol)
- bugfix: comments after actions were not properly treated. For some
actions (e.g. forwarding), this could also lead to invalid configuration
---------------------------------------------------------------------------
Version 3.17.4 (rgerhards), 2008-06-16
- changed default for $KlogSymbolLookup to "off". The directive is
also scheduled for removal in a later version. This was necessary
because on kernels >= 2.6, the kernel does the symbol lookup itself. The
imklog lookup logic then breaks the log message and makes it unusable.
---------------------------------------------------------------------------
Version 3.17.3 (rgerhards), 2008-05-28
- bugfix: imklog went into an endless loop if a PRI value was inside
a kernel log message (unusual case under Linux, frequent under BSD)
---------------------------------------------------------------------------
Version 3.17.2 (rgerhards), 2008-05-04
- this version is the new beta, based on 3.17.1 devel feature set
- merged in imklog bug fix from v3-stable (3.16.1)
---------------------------------------------------------------------------
Version 3.17.1 (rgerhards), 2008-04-15
- removed dependency on MAXHOSTNAMELEN as much as it made sense.
GNU/Hurd does not define it (because it has no limit), and we have taken
care for cases where it is undefined now. However, some very few places
remain where IMHO it currently is not worth fixing the code. If it is
not defined, we have used a generous value of 1K, which is above IETF
RFC's on hostname length at all. The memory consumption is no issue, as
there are only a handful of this buffers allocated *per run* -- that's
also the main reason why we consider it not worth to be fixed any further.
- enhanced legacy syslog parser to handle slightly malformed messages
(with a space in front of the timestamp) - at least HP procurve is
known to do that and I won't outrule that others also do it. The
change looks quite unintrusive and so we added it to the parser.
- implemented klogd functionality for BSD
- implemented high precision timestamps for the kernel log. Thanks to
Michael Biebl for pointing out that the kernel log did not have them.
- provided ability to discard non-kernel messages if they are present
in the kernel log (seems to happen on BSD)
- implemented $KLogInternalMsgFacility config directive
- implemented $KLogPermitNonKernelFacility config directive
Plus a number of bugfixes that were applied to v3-stable and beta
branches (not mentioned here in detail).
---------------------------------------------------------------------------
Version 3.17.0 (rgerhards), 2008-04-08
- added native ability to send mail messages
- removed no longer needed file relputil.c/.h
- added $ActionExecOnlyOnceEveryInterval config directive
- bugfix: memory leaks in script engine
- bugfix: zero-length strings were not supported in object
deserializer
- properties are now case-insensitive everywhere (script, filters,
templates)
- added the capability to specify a processing (actually dequeue)
timeframe with queues - so things can be configured to be done
at off-peak hours
- We have removed the 32 character size limit (from RFC3164) on the
tag. This had bad effects on existing environments, as sysklogd didn't
obey it either (probably another bug in RFC3164...). We now receive
the full size, but will modify the outputs so that only 32 characters
max are used by default. If you need large tags in the output, you need
to provide custom templates.
- changed command line processing. -v, -M, -c options are now parsed
and processed before all other options. Inter-option dependencies
have been relieved. Among others, permits to specify initial module
load path via -M only (not the environment) which makes it much
easier to work with non-standard module library locations. Thanks
to varmojfekoj for suggesting this change. Matches bugzilla bug 55.
- bugfix: some messages were emited without hostname
Plus a number of bugfixes that were applied to v3-stable and beta
branches (not mentioned here in detail).
---------------------------------------------------------------------------
Version 3.16.3 (rgerhards), 2008-07-11
- updated information on rsyslog packages
- bugfix: memory leak in disk-based queue modes
---------------------------------------------------------------------------
Version 3.16.2 (rgerhards), 2008-06-25
- fixed potential segfault due to invalid call to cfsysline
thanks to varmojfekoj for the patch
- bugfix: some whitespaces where incorrectly not ignored when parsing
the config file. This is now corrected. Thanks to Michael Biebl for
pointing out the problem.
---------------------------------------------------------------------------
Version 3.16.1 (rgerhards), 2008-05-02
- fixed a bug in imklog which lead to startup problems (including
segfault) on some platforms under some circumstances. Thanks to
Vieri for reporting this bug and helping to troubleshoot it.
---------------------------------------------------------------------------
Version 3.16.0 (rgerhards), 2008-04-24
- new v3-stable (3.16.x) based on beta 3.15.x (RELP support)
- bugfix: omsnmp had a too-small sized buffer for hostname+port. This
could not lead to a segfault, as snprintf() was used, but could cause
some trouble with extensively long hostnames.
- applied patch from Tiziano Müller to remove some compiler warnings
- added gssapi overview/howto thanks to Peter Vrabec
- changed some files to grant LGPLv3 extended permissions on top of GPLv3
this also is the first sign of something that will evolve into a
well-defined "rsyslog runtime library"
---------------------------------------------------------------------------
Version 3.15.1 (rgerhards), 2008-04-11
- bugfix: some messages were emited without hostname
- disabled atomic operations for the time being because they introduce some
cross-platform trouble - need to see how to fix this in the best
possible way
- bugfix: zero-length strings were not supported in object
deserializer
- added librelp check via PKG_CHECK thanks to Michael Biebl's patch
- file relputil.c deleted, is not actually needed
- added more meaningful error messages to rsyslogd (when some errors
happens during startup)
- bugfix: memory leaks in script engine
- bugfix: $hostname and $fromhost in RainerScript did not work
This release also includes all changes applied to the stable versions
up to today.
---------------------------------------------------------------------------
Version 3.15.0 (rgerhards), 2008-04-01
- major new feature: imrelp/omrelp support reliable delivery of syslog
messages via the RELP protocol and librelp (http://www.librelp.com).
Plain tcp syslog, so far the best reliability solution, can lose
messages when something goes wrong or a peer goes down. With RELP,
this can no longer happen. See imrelp.html for more details.
- bugfix: rsyslogd was no longer build by default; man pages are
only installed if corresponding option is selected. Thanks to
Michael Biebl for pointing these problems out.
---------------------------------------------------------------------------
Version 3.14.2 (rgerhards), 2008-04-09
- bugfix: segfault with expression-based filters
- bugfix: omsnmp did not deref errmsg object on exit (no bad effects caused)
- some cleanup
- bugfix: imklog did not work well with kernel 2.6+. Thanks to Peter
Vrabec for patching it based on the development in sysklogd - and thanks
to the sysklogd project for upgrading klogd to support the new
functionality
- some cleanup in imklog
- bugfix: potential segfault in imklog when kernel is compiled without
/proc/kallsyms and the file System.map is missing. Thanks to
Andrea Morandi for pointing it out and suggesting a fix.
- bugfixes, credits to varmojfekoj:
* reset errno before printing a warning message
* misspelled directive name in code processing legacy options
- bugfix: some legacy options not correctly interpreted - thanks to
varmojfekoj for the patch
- improved detection of modules being loaded more than once
thanks to varmojfekoj for the patch
---------------------------------------------------------------------------
Version 3.14.1 (rgerhards), 2008-04-04
- bugfix: some messages were emited without hostname
- bugfix: rsyslogd was no longer build by default; man pages are
only installed if corresponding option is selected. Thanks to
Michael Biebl for pointing these problems out.
- bugfix: zero-length strings were not supported in object
deserializer
- disabled atomic operations for this stable build as it caused
platform problems
- bugfix: memory leaks in script engine
- bugfix: $hostname and $fromhost in RainerScript did not work
- bugfix: some memory leak when queue is running in disk mode
- man pages improved thanks to varmojfekoj and Peter Vrabec
- We have removed the 32 character size limit (from RFC3164) on the
tag. This had bad effects on existing environments, as sysklogd didn't
obey it either (probably another bug in RFC3164...). We now receive
the full size, but will modify the outputs so that only 32 characters
max are used by default. If you need large tags in the output, you need
to provide custom templates.
- bugfix: some memory leak when queue is running in disk mode
---------------------------------------------------------------------------
Version 3.14.0 (rgerhards), 2008-04-02
An interim version was accidentally released to the web. It was named 3.14.0.
To avoid confusion, we have not assigned this version number to any
official release. If you happen to use 3.14.0, please update to 3.14.1.
---------------------------------------------------------------------------
Version 3.13.0-dev0 (rgerhards), 2008-03-31
- bugfix: accidentally set debug option in 3.12.5 reset to production
This option prevented dlclose() to be called. It had no real bad effects,
as the modules were otherwise correctly deinitialized and dlopen()
supports multiple opens of the same module without any memory footprint.
- removed --enable-mudflap, added --enable-valgrind ./configure setting
- bugfix: tcp receiver could segfault due to uninitialized variable
- docfix: queue doc had a wrong directive name that prevented max worker
threads to be correctly set
- worked a bit on atomic memory operations to support problem-free
threading (only at non-intrusive places)
- added a --enable/disable-rsyslogd configure option so that
source-based packaging systems can build plugins without the need
to compile rsyslogd
- some cleanup
- test of potential new version number scheme
---------------------------------------------------------------------------
Version 3.12.5 (rgerhards), 2008-03-28
- changed default for "last message repeated n times", which is now
off by default
- implemented backward compatibility commandline option parsing
- automatically generated compatibility config lines are now also
logged so that a user can diagnose problems with them
- added compatibility mode for -a, -o and -p options
- compatibility mode processing finished
- changed default file output format to include high-precision timestamps
- added a built-in template for previous syslogd file format
- added new $ActionFileDefaultTemplate directive
- added support for high-precision timestamps when receiving legacy
syslog messages
- added new $ActionForwardDefaultTemplate directive
- added new $ActionGSSForwardDefaultTemplate directive
- added build-in templates for easier configuration
- bugfix: fixed small memory leak in tcpclt.c
- bugfix: fixed small memory leak in template regular expressions
- bugfix: regular expressions inside property replacer did not work
properly
- bugfix: QHOUR and HHOUR properties were wrongly calculated
- bugfix: fixed memory leaks in stream class and imfile
- bugfix: $ModDir did invalid bounds checking, potential overflow in
dbgprintf() - thanks to varmojfekoj for the patch
- bugfix: -t and -g legacy options max number of sessions had a wrong
and much too high value
---------------------------------------------------------------------------
Version 3.12.4 (rgerhards), 2008-03-25
- Greatly enhanced rsyslogd's file write performance by disabling
file syncing capability of output modules by default. This
feature is usually not required, not useful and an extreme performance
hit (both to rsyslogd as well as the system at large). Unfortunately,
most users enable it by default, because it was most intuitive to enable
it in plain old sysklogd syslog.conf format. There is now the
$ActionFileEnableSync config setting which must be enabled in order to
support syncing. By default it is off. So even if the old-format config
lines request syncing, it is not done unless explicitly enabled. I am
sure this is a very useful change and not a risk at all. I need to think
if I undo it under compatibility mode, but currently this does not
happen (I fear a lot of lazy users will run rsyslogd in compatibility
mode, again bringing up this performance problem...).
- added flow control options to other input sources
- added $HHOUR and $QHOUR system properties - can be used for half- and
quarter-hour logfile rotation
- changed queue's discard severities default value to 8 (do not discard)
to prevent unintentional message loss
- removed a no-longer needed callback from the output module
interface. Results in reduced code complexity.
- bugfix/doc: removed no longer supported -h option from man page
- bugfix: imklog leaked several hundred KB on each HUP. Thanks to
varmojfekoj for the patch
- bugfix: potential segfault on module unload. Thanks to varmojfekoj for
the patch
- bugfix: fixed some minor memory leaks
- bugfix: fixed some slightly invalid memory accesses
- bugfix: internally generated messages had "FROMHOST" property not set
---------------------------------------------------------------------------
Version 3.12.3 (rgerhards), 2008-03-18
- added advanced flow control for congestion cases (mode depending on message
source and its capability to be delayed without bad side effects)
- bugfix: $ModDir should not be reset on $ResetConfig - this can cause a lot
of confusion and there is no real good reason to do so. Also conflicts with
the new -M option and environment setting.
- bugfix: TCP and GSSAPI framing mode variable was uninitialized, leading to
wrong framing (caused, among others, interop problems)
- bugfix: TCP (and GSSAPI) octet-counted frame did not work correctly in all
situations. If the header was split across two packet reads, it was invalidly
processed, causing loss or modification of messages.
- bugfix: memory leak in imfile
- bugfix: duplicate public symbol in omfwd and omgssapi could lead to
segfault. thanks to varmojfekoj for the patch.
- bugfix: rsyslogd aborted on sighup - thanks to varmojfekoj for the patch
- some more internal cleanup ;)
- begun relp modules, but these are not functional yet
- Greatly enhanced rsyslogd's file write performance by disabling
file syncing capability of output modules by default. This
feature is usually not required, not useful and an extreme performance
hit (both to rsyslogd as well as the system at large). Unfortunately,
most users enable it by default, because it was most intuitive to enable
it in plain old sysklogd syslog.conf format. There is now a new config
setting which must be enabled in order to support syncing. By default it
is off. So even if the old-format config lines request syncing, it is
not done unless explicitly enabled. I am sure this is a very useful
change and not a risk at all. I need to think if I undo it under
compatibility mode, but currently this does not happen (I fear a lot of
lazy users will run rsyslogd in compatibility mode, again bringing up
this performance problem...).
---------------------------------------------------------------------------
Version 3.12.2 (rgerhards), 2008-03-13
- added RSYSLOGD_MODDIR environment variable
- added -M rsyslogd option (allows one to specify module directory location)
- converted net.c into a loadable library plugin
- bugfix: debug module now survives unload of loadable module when
printing out function call data
- bugfix: not properly initialized data could cause several segfaults if
there were errors in the config file - thanks to varmojfekoj for the patch
- bugfix: rsyslogd segfaulted when imfile read an empty line - thanks
to Johnny Tan for an excellent bug report
- implemented dynamic module unload capability (not visible to end user)
- some more internal cleanup
- bugfix: imgssapi segfaulted under some conditions; this fix is actually
not just a fix but a change in the object model. Thanks to varmojfekoj
for providing the bug report, an initial fix and lots of good discussion
that lead to where we finally ended up.
- improved session recovery when outbound tcp connection breaks, reduces
probability of message loss at the price of a highly unlikely potential
(single) message duplication
---------------------------------------------------------------------------
Version 3.12.1 (rgerhards), 2008-03-06
- added library plugins, which can be automatically loaded
- bugfix: actions were not correctly retried; caused message loss
- changed module loader to automatically add ".so" suffix if not
specified (over time, this shall also ease portability of config
files)
- improved debugging support; debug runtime options can now be set via
an environment variable
- bugfix: removed debugging code that I forgot to remove before releasing
3.12.0 (does not cause harm and happened only during startup)
- added support for the MonitorWare syslog MIB to omsnmp
- internal code improvements (more code converted into classes)
- internal code reworking of the imtcp/imgssapi module
- added capability to ignore client-provided timestamp on unix sockets and
made this mode the default; this was needed, as some programs (e.g. sshd)
log with inconsistent timezone information, what messes up the local
logs (which by default don't even contain time zone information). This
seems to be consistent with what sysklogd did for the past four years.
Alternate behavior may be desirable if gateway-like processes send
messages via the local log slot - in this case, it can be enabled
via the $InputUnixListenSocketIgnoreMsgTimestamp and
$SystemLogSocketIgnoreMsgTimestamp config directives
- added ability to compile on HP UX; verified that imudp worked on HP UX;
however, we are still in need of people trying out rsyslogd on HP UX,
so it can not yet be assumed it runs there
- improved session recovery when outbound tcp connection breaks, reduces
probability of message loss at the price of a highly unlikely potential
(single) message duplication
---------------------------------------------------------------------------
Version 3.12.0 (rgerhards), 2008-02-28
- added full expression support for filters; filters can now contain
arbitrary complex boolean, string and arithmetic expressions
---------------------------------------------------------------------------
Version 3.11.6 (rgerhards), 2008-02-27
- bugfix: gssapi libraries were still linked to rsyslog core, what should
no longer be necessary. Applied fix by Michael Biebl to solve this.
- enabled imgssapi to be loaded side-by-side with imtcp
- added InputGSSServerPermitPlainTCP config directive
- split imgssapi source code somewhat from imtcp
- bugfix: queue cancel cleanup handler could be called with
invalid pointer if dequeue failed
- bugfix: rsyslogd segfaulted on second SIGHUP
tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=38
- improved stability of queue engine
- bugfix: queue disk file were not properly persisted when
immediately after closing an output file rsyslog was stopped
or huped (the new output file open must NOT have happened at
that point) - this lead to a sparse and invalid queue file
which could cause several problems to the engine (unpredictable
results). This situation should have happened only in very
rare cases. tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=40
- bugfix: during queue shutdown, an assert invalidly triggered when
the primary queue's DA worker was terminated while the DA queue's
regular worker was still executing. This could result in a segfault
during shutdown.
tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=41
- bugfix: queue properties sizeOnDisk, bytesRead were persisted to
disk with wrong data type (long instead of int64) - could cause
problems on 32 bit machines
- bugfix: queue aborted when it was shut down, DA-enabled, DA mode
was just initiated but not fully initialized (a race condition)
- bugfix: imfile could abort under extreme stress conditions
(when it was terminated before it could open all of its
to be monitored files)
- applied patch from varmojfekoj to fix an issue with compatibility
mode and default module directories (many thanks!):
I've also noticed a bug in the compatibility code; the problem is that
options are parsed before configuration file so options which need a
module to be loaded will currently ignore any $moddir directive. This
can be fixed by moving legacyOptsHook() after config file parsing.
(see the attached patch) This goes against the logical order of
processing, but the legacy options are only few and it doesn't seem to
be a problem.
- bugfix: object property deserializer did not handle negative numbers
---------------------------------------------------------------------------
Version 3.11.5 (rgerhards), 2008-02-25
- new imgssapi module, changed imtcp module - this enables to load/package
GSSAPI support separately - thanks to varmojfekoj for the patch
- compatibility mode (the -c option series) is now at least partly
completed - thanks to varmojfekoj for the patch
- documentation for imgssapi and imtcp added
- duplicate $ModLoad's for the same module are now detected and
rejected -- thanks to varmojfekoj for the patch
---------------------------------------------------------------------------
Version 3.11.4 (rgerhards), 2008-02-21
- bugfix: debug.html was missing from release tarball - thanks to Michael
Biebl for bringing this to my attention
- some internal cleanup on the stringbuf object calling interface
- general code cleanup and further modularization
- $MainMessageQueueDiscardSeverity can now also handle textual severities
(previously only integers)
- bugfix: message object was not properly synchronized when the
main queue had a single thread and non-direct action queues were used
- some documentation improvements
---------------------------------------------------------------------------
Version 3.11.3 (rgerhards), 2008-02-18
- fixed a bug in imklog which lead to duplicate message content in
kernel logs
- added support for better plugin handling in libdbi (we contributed
a patch to do that, we just now need to wait for the next libdbi
version)
- bugfix: fixed abort when invalid template was provided to an action
bug http://bugzilla.adiscon.com/show_bug.cgi?id=4
- re-instantiated SIGUSR1 function; added SIGUSR2 to generate debug
status output
- added some documentation on runtime-debug settings
- slightly improved man pages for novice users
---------------------------------------------------------------------------
Version 3.11.2 (rgerhards), 2008-02-15
- added the capability to monitor text files and process their content
as syslog messages (including forwarding)
- added support for libdbi, a database abstraction layer. rsyslog now
also supports the following databases via dbi drivers:
* Firebird/Interbase
* FreeTDS (access to MS SQL Server and Sybase)
* SQLite/SQLite3
* Ingres (experimental)
* mSQL (experimental)
* Oracle (experimental)
Additional drivers may be provided by the libdbi-drivers project, which
can be used by rsyslog as soon as they become available.
- removed some left-over unnecessary dbgprintf's (cluttered screen,
cosmetic)
- doc bugfix: html documentation for omsnmp was missing
---------------------------------------------------------------------------
Version 3.11.1 (rgerhards), 2008-02-12
- SNMP trap sender added thanks to Andre Lorbach (omsnmp)
- added input-plugin interface specification in form of a (copy) template
input module
- applied documentation fix by Michael Biebl -- many thanks!
- bugfix: immark did not have MARK flags set...
- added x-info field to rsyslogd startup/shutdown message. Hopefully
points users to right location for further info (many don't even know
they run rsyslog ;))
- bugfix: trailing ":" of tag was lost while parsing legacy syslog messages
without timestamp - thanks to Anders Blomdell for providing a patch!
- fixed a bug in stringbuf.c related to STRINGBUF_TRIM_ALLOCSIZE, which
wasn't supposed to be used with rsyslog. Put a warning message up that
tells this feature is not tested and probably not worth the effort.
Thanks to Anders Blomdell fro bringing this to our attention
- somewhat improved performance of string buffers
- fixed bug that caused invalid treatment of tabs (HT) in rsyslog.conf
- bugfix: setting for $EscapeControlCharactersOnReceive was not
properly initialized
- clarified usage of space-cc property replacer option
- improved abort diagnostic handler
- some initial effort for malloc/free runtime debugging support
- bugfix: using dynafile actions caused rsyslogd abort
- fixed minor man errors thanks to Michael Biebl
---------------------------------------------------------------------------
Version 3.11.0 (rgerhards), 2008-01-31
- implemented queued actions
- implemented simple rate limiting for actions
- implemented deliberate discarding of lower priority messages over higher
priority ones when a queue runs out of space
- implemented disk quotas for disk queues
- implemented the $ActionResumeRetryCount config directive
- added $ActionQueueFilename config directive
- added $ActionQueueSize config directive
- added $ActionQueueHighWaterMark config directive
- added $ActionQueueLowWaterMark config directive
- added $ActionQueueDiscardMark config directive
- added $ActionQueueDiscardSeverity config directive
- added $ActionQueueCheckpointInterval config directive
- added $ActionQueueType config directive
- added $ActionQueueWorkerThreads config directive
- added $ActionQueueTimeoutshutdown config directive
- added $ActionQueueTimeoutActionCompletion config directive
- added $ActionQueueTimeoutenQueue config directive
- added $ActionQueueTimeoutworkerThreadShutdown config directive
- added $ActionQueueWorkerThreadMinimumMessages config directive
- added $ActionQueueMaxFileSize config directive
- added $ActionQueueSaveonShutdown config directive
- addded $ActionQueueDequeueSlowdown config directive
- addded $MainMsgQueueDequeueSlowdown config directive
- bugfix: added forgotten docs to package
- improved debugging support
- fixed a bug that caused $MainMsgQueueCheckpointInterval to work incorrectly
- when a long-running action needs to be cancelled on shutdown, the message
that was processed by it is now preserved. This finishes support for
guaranteed delivery of messages (if the output supports it, of course)
- fixed bug in output module interface, see
http://sourceforge.net/tracker/index.php?func=detail&aid=1881008&group_id=123448&atid=696552
- changed the ommysql output plugin so that the (lengthy) connection
initialization now takes place in message processing. This works much
better with the new queued action mode (fast startup)
- fixed a bug that caused a potential hang in file and fwd output module
varmojfekoj provided the patch - many thanks!
- bugfixed stream class offset handling on 32bit platforms
---------------------------------------------------------------------------
Version 3.10.3 (rgerhards), 2008-01-28
- fixed a bug with standard template definitions (not a big deal) - thanks
to varmojfekoj for spotting it
- run-time instrumentation added
- implemented disk-assisted queue mode, which enables on-demand disk
spooling if the queue's in-memory queue is exhausted
- implemented a dynamic worker thread pool for processing incoming
messages; workers are started and shut down as need arises
- implemented a run-time instrumentation debug package
- implemented the $MainMsgQueueSaveOnShutdown config directive
- implemented the $MainMsgQueueWorkerThreadMinimumMessages config directive
- implemented the $MainMsgQueueTimeoutWorkerThreadShutdown config directive
---------------------------------------------------------------------------
Version 3.10.2 (rgerhards), 2008-01-14
- added the ability to keep stop rsyslogd without the need to drain
the main message queue. In disk queue mode, rsyslog continues to
run from the point where it stopped. In case of a system failure, it
continues to process messages from the last checkpoint.
- fixed a bug that caused a segfault on startup when no $WorkDir directive
was specified in rsyslog.conf
- provided more fine-grain control over shutdown timeouts and added a
way to specify the enqueue timeout when the main message queue is full
- implemented $MainMsgQueueCheckpointInterval config directive
- implemented $MainMsgQueueTimeoutActionCompletion config directive
- implemented $MainMsgQueueTimeoutEnqueue config directive
- implemented $MainMsgQueueTimeoutShutdown config directive
---------------------------------------------------------------------------
Version 3.10.1 (rgerhards), 2008-01-10
- implemented the "disk" queue mode. However, it currently is of very
limited use, because it does not support persistence over rsyslogd
runs. So when rsyslogd is stopped, the queue is drained just as with
the in-memory queue modes. Persistent queues will be a feature of
the next release.
- performance-optimized string class, should bring an overall improvement
- fixed a memory leak in imudp -- thanks to varmojfekoj for the patch
- fixed a race condition that could lead to a rsyslogd hang when during
HUP or termination
- done some doc updates
- added $WorkDirectory config directive
- added $MainMsgQueueFileName config directive
- added $MainMsgQueueMaxFileSize config directive
---------------------------------------------------------------------------
Version 3.10.0 (rgerhards), 2008-01-07
- implemented input module interface and initial input modules
- enhanced threading for input modules (each on its own thread now)
- ability to bind UDP listeners to specific local interfaces/ports and
ability to run multiple of them concurrently
- added ability to specify listen IP address for UDP syslog server
- license changed to GPLv3
- mark messages are now provided by loadble module immark
- rklogd is no longer provided. Its functionality has now been taken over
by imklog, a loadable input module. This offers a much better integration
into rsyslogd and makes sure that the kernel logger process is brought
up and down at the appropriate times
- enhanced $IncludeConfig directive to support wildcard characters
(thanks to Michael Biebl)
- all inputs are now implemented as loadable plugins
- enhanced threading model: each input module now runs on its own thread
- enhanced message queue which now supports different queueing methods
(among others, this can be used for performance fine-tuning)
- added a large number of new configuration directives for the new
input modules
- enhanced multi-threading utilizing a worker thread pool for the
main message queue
- compilation without pthreads is no longer supported
- much cleaner code due to new objects and removal of single-threading
mode
---------------------------------------------------------------------------
Version 2.0.8 V2-STABLE (rgerhards), 2008-??-??
- bugfix: ompgsql did not detect problems in sql command execution
this could cause loss of messages. The handling was correct if the
connection broke, but not if there was a problem with statement
execution. The most probable case for such a case would be invalid
sql inside the template, and this is now much easier to diagnose.
- doc bugfix: default for $DirCreateMode incorrectly stated
---------------------------------------------------------------------------
Version 2.0.7 V2-STABLE (rgerhards), 2008-04-14
- bugfix: the default for $DirCreateMode was 0644, and as such wrong.
It has now been changed to 0700. For some background, please see
http://lists.adiscon.net/pipermail/rsyslog/2009-April/001986.html
- bugfix: "$CreateDirs off" also disabled file creation
Thanks to William Tisater for analyzing this bug and providing a patch.
The actual code change is heavily based on William's patch.
- bugfix: memory leak in ompgsql
Thanks to Ken for providing the patch
- bugfix: potential memory leak in msg.c
This one did not surface yet and the issue was actually found due to
a problem in v4 - but better fix it here, too
---------------------------------------------------------------------------
Version 2.0.6 V2-STABLE (rgerhards), 2008-08-07
- bugfix: memory leaks in rsyslogd, primarily in singlethread mode
Thanks to Frederico Nunez for providing the fix
- bugfix: copy&paste error lead to dangling if - this caused a very minor
issue with re-formatting a RFC3164 date when the message was invalidly
formatted and had a colon immediately after the date. This was in the
code for some years (even v1 had it) and I think it never had any
effect at all in practice. Though, it should be fixed - but definitely
nothing to worry about.
---------------------------------------------------------------------------
Version 2.0.6 V2-STABLE (rgerhards), 2008-08-07
- bugfix: IPv6 addresses could not be specified in forwarding actions
New syntax @[addr]:port introduced to enable that. Root problem was IPv6
addresses contain colons. (backport from 3.21.3)
---------------------------------------------------------------------------
Version 2.0.5 STABLE (rgerhards), 2008-05-15
- bugfix: regular expressions inside property replacer did not work
properly
- adapted to liblogging 0.7.1+
---------------------------------------------------------------------------
Version 2.0.4 STABLE (rgerhards), 2008-03-27
- bugfix: internally generated messages had "FROMHOST" property not set
- bugfix: continue parsing if tag is oversize (discard oversize part) - thanks
to mclaughlin77@gmail.com for the patch
- added $HHOUR and $QHOUR system properties - can be used for half- and
quarter-hour logfile rotation
---------------------------------------------------------------------------
Version 2.0.3 STABLE (rgerhards), 2008-03-12
- bugfix: setting for $EscapeControlCharactersOnReceive was not
properly initialized
- bugfix: resolved potential segfault condition on HUP (extremely
unlikely to happen in practice), for details see tracker:
http://bugzilla.adiscon.com/show_bug.cgi?id=38
- improved the man pages a bit - thanks to Michael Biebl for the patch
- bugfix: not properly initialized data could cause several segfaults if
there were errors in the config file - thanks to varmojfekoj for the patch
---------------------------------------------------------------------------
Version 2.0.2 STABLE (rgerhards), 2008-02-12
- fixed a bug that could cause invalid string handling via strerror_r
varmojfekoj provided the patch - many thanks!
- added x-info field to rsyslogd startup/shutdown message. Hopefully
points users to right location for further info (many don't even know
they run rsyslog ;))
- bugfix: suspended actions were not always properly resumed
varmojfekoj provided the patch - many thanks!
- bugfix: errno could be changed during mark processing, leading to
invalid error messages when processing inputs. Thank to varmojfekoj for
pointing out this problem.
- bugfix: trailing ":" of tag was lost while parsing legacy syslog messages
without timestamp - thanks to Anders Blomdell for providing a patch!
- bugfix (doc): misspelled config directive, invalid signal info
- applied some doc fixes from Michel Biebl and cleaned up some no longer
needed files suggested by him
- cleaned up stringbuf.c to fix an annoyance reported by Anders Blomdell
- fixed bug that caused invalid treatment of tabs (HT) in rsyslog.conf
---------------------------------------------------------------------------
Version 2.0.1 STABLE (rgerhards), 2008-01-24
- fixed a bug in integer conversion - but this function was never called,
so it is not really a useful bug fix ;)
- fixed a bug with standard template definitions (not a big deal) - thanks
to varmojfekoj for spotting it
- fixed a bug that caused a potential hang in file and fwd output module
varmojfekoj provided the patch - many thanks!
---------------------------------------------------------------------------
Version 2.0.0 STABLE (rgerhards), 2008-01-02
- re-release of 1.21.2 as STABLE with no modifications except some
doc updates
---------------------------------------------------------------------------
Version 1.21.2 (rgerhards), 2007-12-28
- created a gss-api output module. This keeps GSS-API code and
TCP/UDP code separated. It is also important for forward-
compatibility with v3. Please note that this change breaks compatibility
with config files created for 1.21.0 and 1.21.1 - this was considered
acceptable.
- fixed an error in forwarding retry code (could lead to message corruption
but surfaced very seldom)
- increased portability for older platforms (AI_NUMERICSERV moved)
- removed socket leak in omfwd.c
- cross-platform patch for GSS-API compile problem on some platforms
thanks to darix for the patch!
---------------------------------------------------------------------------
Version 1.21.1 (rgerhards), 2007-12-23
- small doc fix for $IncludeConfig
- fixed a bug in llDestroy()
- bugfix: fixing memory leak when message queue is full and during
parsing. Thanks to varmojfekoj for the patch.
- bugfix: when compiled without network support, unix sockets were
not properly closed
- bugfix: memory leak in cfsysline.c/doGetWord() fixed
---------------------------------------------------------------------------
Version 1.21.0 (rgerhards), 2007-12-19
- GSS-API support for syslog/TCP connections was added. Thanks to
varmojfekoj for providing the patch with this functionality
- code cleanup
- enhanced $IncludeConfig directive to support wildcard filenames
- changed some multithreading synchronization
---------------------------------------------------------------------------
Version 1.20.1 (rgerhards), 2007-12-12
- corrected a debug setting that survived release. Caused TCP connections
to be retried unnecessarily often.
- When a hostname ACL was provided and DNS resolution for that name failed,
ACL processing was stopped at that point. Thanks to mildew for the patch.
Fedora Bugzilla: http://bugzilla.redhat.com/show_bug.cgi?id=395911
- fixed a potential race condition, see link for details:
http://rgerhards.blogspot.com/2007/12/rsyslog-race-condition.html
Note that the probability of problems from this bug was very remote
- fixed a memory leak that happened when PostgreSQL date formats were
used
---------------------------------------------------------------------------
Version 1.20.0 (rgerhards), 2007-12-07
- an output module for postgres databases has been added. Thanks to
sur5r for contributing this code
- unloading dynamic modules has been cleaned up, we now have a
real implementation and not just a dummy "good enough for the time
being".
- enhanced platform independence - thanks to Bartosz Kuzma and Michael
Biebl for their very useful contributions
- some general code cleanup (including warnings on 64 platforms, only)
---------------------------------------------------------------------------
Version 1.19.12 (rgerhards), 2007-12-03
- cleaned up the build system (thanks to Michael Biebl for the patch)
- fixed a bug where ommysql was still not compiled with -pthread option
---------------------------------------------------------------------------
Version 1.19.11 (rgerhards), 2007-11-29
- applied -pthread option to build when building for multi-threading mode
hopefully solves an issue with segfaulting
---------------------------------------------------------------------------
Version 1.19.10 (rgerhards), 2007-10-19
- introduced the new ":modulename:" syntax for calling module actions
in selector lines; modified ommysql to support it. This is primarily
an aid for further modules and a prerequisite to actually allow third
party modules to be created.
- minor fix in slackware startup script, "-r 0" is now "-r0"
- updated rsyslogd doc set man page; now in html format
- undid creation of a separate thread for the main loop -- this did not
turn out to be needed or useful, so reduce complexity once again.
- added doc fixes provided by Michael Biebl - thanks
---------------------------------------------------------------------------
Version 1.19.9 (rgerhards), 2007-10-12
- now packaging system which again contains all components in a single
tarball
- modularized main() a bit more, resulting in less complex code
- experimentally added an additional thread - will see if that affects
the segfault bug we experience on some platforms. Note that this change
is scheduled to be removed again later.
---------------------------------------------------------------------------
Version 1.19.8 (rgerhards), 2007-09-27
- improved repeated message processing
- applied patch provided by varmojfekoj to support building ommysql
in its own way (now also resides in a plugin subdirectory);
ommysql is now a separate package
- fixed a bug in cvthname() that lead to message loss if part
of the source hostname would have been dropped
- created some support for distributing ommysql together with the
main rsyslog package. I need to re-think it in the future, but
for the time being the current mode is best. I now simply include
one additional tarball for ommysql inside the main distribution.
I look forward to user feedback on how this should be done best. In the
long term, a separate project should be spawend for ommysql, but I'd
like to do that only after the plugin interface is fully stable (what
it is not yet).
---------------------------------------------------------------------------
Version 1.19.7 (rgerhards), 2007-09-25
- added code to handle situations where senders send us messages ending with
a NUL character. It is now simply removed. This also caused trailing LF
reduction to fail, when it was followed by such a NUL. This is now also
handled.
- replaced some non-thread-safe function calls by their thread-safe
counterparts
- fixed a minor memory leak that occurred when the %APPNAME% property was
used (I think nobody used that in practice)
- fixed a bug that caused signal handlers in cvthname() not to be restored when
a malicious pointer record was detected and processing of the message been
stopped for that reason (this should be really rare and can not be related
to the segfault bug we are hunting).
- fixed a bug in cvthname that lead to passing a wrong parameter - in
practice, this had no impact.
- general code cleanup (e.g. compiler warnings, comments)
---------------------------------------------------------------------------
Version 1.19.6 (rgerhards), 2007-09-11
- applied patch by varmojfekoj to change signal handling to the new
sigaction API set (replacing the depreciated signal() calls and its
friends.
- fixed a bug that in --enable-debug mode caused an assertion when the
discard action was used
- cleaned up compiler warnings
- applied patch by varmojfekoj to FIX a bug that could cause
segfaults if empty properties were processed using modifying
options (e.g. space-cc, drop-cc)
- fixed man bug: rsyslogd supports -l option
---------------------------------------------------------------------------
Version 1.19.5 (rgerhards), 2007-09-07
- changed part of the CStr interface so that better error tracking
is provided and the calling sequence is more intuitive (there were
invalid calls based on a too-weird interface)
- (hopefully) fixed some remaining bugs rooted in wrong use of
the CStr class. These could lead to program abort.
- applied patch by varmojfekoj two fix two potential segfault situations
- added $ModDir config directive
- modified $ModLoad so that an absolute path may be specified as
module name (e.g. /rsyslog/ommysql.so)
---------------------------------------------------------------------------
Version 1.19.4 (rgerhards/varmojfekoj), 2007-09-04
- fixed a number of small memory leaks - thanks varmojfekoj for patching
- fixed an issue with CString class that could lead to rsyslog abort
in tplToString() - thanks varmojfekoj for patching
- added a man-version of the config file documentation - thanks to Michel
Samia for providing the man file
- fixed bug: a template like this causes an infinite loop:
$template opts,"%programname:::a,b%"
thanks varmojfekoj for the patch
- fixed bug: case changing options crash freeing the string pointer
because they modify it: $template opts2,"%programname::1:lowercase%"
thanks varmojfekoj for the patch
---------------------------------------------------------------------------
Version 1.19.3 (mmeckelein/varmojfekoj), 2007-08-31
- small mem leak fixed (after calling parseSelectorAct) - Thx varmojfekoj
- documentation section "Regular File" und "Blocks" updated
- solved an issue with dynamic file generation - Once again many thanks
to varmojfekoj
- the negative selector for program name filter (Blocks) does not work as
expected - Thanks varmojfekoj for patching
- added forwarding information to sysklogd (requires special template)
to config doc
---------------------------------------------------------------------------
Version 1.19.2 (mmeckelein/varmojfekoj), 2007-08-28
- a specifically formed message caused a segfault - Many thanks varmojfekoj
for providing a patch
- a typo and a weird condition are fixed in msg.c - Thanks again
varmojfekoj
- on file creation the file was always owned by root:root. This is fixed
now - Thanks ypsa for solving this issue
---------------------------------------------------------------------------
Version 1.19.1 (mmeckelein), 2007-08-22
- a bug that caused a high load when a TCP/UDP connection was closed is
fixed now - Thanks mildew for solving this issue
- fixed a bug which caused a segfault on reinit - Thx varmojfekoj for the
patch
- changed the hardcoded module path "/lib/rsyslog" to $(pkglibdir) in order
to avoid trouble e.g. on 64 bit platforms (/lib64) - many thanks Peter
Vrabec and darix, both provided a patch for solving this issue
- enhanced the unloading of modules - thanks again varmojfekoj
- applied a patch from varmojfekoj which fixes various little things in
MySQL output module
---------------------------------------------------------------------------
Version 1.19.0 (varmojfekoj/rgerhards), 2007-08-16
- integrated patch from varmojfekoj to make the mysql module a loadable one
many thanks for the patch, MUCH appreciated
---------------------------------------------------------------------------
Version 1.18.2 (rgerhards), 2007-08-13
- fixed a bug in outchannel code that caused templates to be incorrectly
parsed
- fixed a bug in ommysql that caused a wrong ";template" missing message
- added some code for unloading modules; not yet fully complete (and we do
not yet have loadable modules, so this is no problem)
- removed debian subdirectory by request of a debian packager (this is a special
subdir for debian and there is also no point in maintaining it when there
is a debian package available - so I gladly did this) in some cases
- improved overall doc quality (some pages were quite old) and linked to
more of the online resources.
- improved /contrib/delete_mysql script by adding a host option and some
other minor modifications
---------------------------------------------------------------------------
Version 1.18.1 (rgerhards), 2007-08-08
- applied a patch from varmojfekoj which solved a potential segfault
of rsyslogd on HUP
- applied patch from Michel Samia to fix compilation when the pthreads
feature is disabled
- some code cleanup (moved action object to its own file set)
- add config directive $MainMsgQueueSize, which now allows one to configure the
queue size dynamically
- all compile-time settings are now shown in rsyslogd -v, not just the
active ones
- enhanced performance a little bit more
- added config file directive $ActionResumeInterval
- fixed a bug that prevented compilation under debian sid
- added a contrib directory for user-contributed useful things
---------------------------------------------------------------------------
Version 1.18.0 (rgerhards), 2007-08-03
- rsyslog now supports fallback actions when an action did not work. This
is a great feature e.g. for backup database servers or backup syslog
servers
- modified rklogd to only change the console log level if -c is specified
- added feature to use multiple actions inside a single selector
- implemented $ActionExecOnlyWhenPreviousIsSuspended config directive
- error messages during startup are now spit out to the configured log
destinations
---------------------------------------------------------------------------
Version 1.17.6 (rgerhards), 2007-08-01
- continued to work on output module modularization - basic stage of
this work is now FINISHED
- fixed bug in OMSRcreate() - always returned SR_RET_OK
- fixed a bug that caused ommysql to always complain about missing
templates
- fixed a mem leak in OMSRdestruct - freeing the object itself was
forgotten - thanks to varmojfekoj for the patch
- fixed a memory leak in syslogd/init() that happened when the config
file could not be read - thanks to varmojfekoj for the patch
- fixed insufficient memory allocation in addAction() and its helpers.
The initial fix and idea was developed by mildew, I fine-tuned
it a bit. Thanks a lot for the fix, I'd probably had pulled out my
hair to find the bug...
- added output of config file line number when a parsing error occurred
- fixed bug in objomsr.c that caused program to abort in debug mode with
an invalid assertion (in some cases)
- fixed a typo that caused the default template for MySQL to be wrong.
thanks to mildew for catching this.
- added configuration file command $DebugPrintModuleList and
$DebugPrintCfSysLineHandlerList
- fixed an invalid value for the MARK timer - unfortunately, there was
a testing aid left in place. This resulted in quite frequent MARK messages
- added $IncludeConfig config directive
- applied a patch from mildew to prevent rsyslogd from freezing under heavy
load. This could happen when the queue was full. Now, we drop messages
but rsyslogd remains active.
---------------------------------------------------------------------------
Version 1.17.5 (rgerhards), 2007-07-30
- continued to work on output module modularization
- fixed a missing file bug - thanks to Andrea Montanari for reporting
this problem
- fixed a problem with shutting down the worker thread and freeing the
selector_t list - this caused messages to be lost, because the
message queue was not properly drained before the selectors got
destroyed.
---------------------------------------------------------------------------
Version 1.17.4 (rgerhards), 2007-07-27
- continued to work on output module modularization
- fixed a situation where rsyslogd could create zombie processes
thanks to mildew for the patch
- applied patch from Michel Samia to fix compilation when NOT
compiled for pthreads
---------------------------------------------------------------------------
Version 1.17.3 (rgerhards), 2007-07-25
- continued working on output module modularization
- fixed a bug that caused rsyslogd to segfault on exit (and
probably also on HUP), when there was an unsent message in a selector
that required forwarding and the dns lookup failed for that selector
(yes, it was pretty unlikely to happen;))
thanks to varmojfekoj <varmojfekoj@gmail.com> for the patch
- fixed a memory leak in config file parsing and die()
thanks to varmojfekoj <varmojfekoj@gmail.com> for the patch
- rsyslogd now checks on startup if it is capable to perform any work
at all. If it cant, it complains and terminates
thanks to Michel Samia for providing the patch!
- fixed a small memory leak when HUPing syslogd. The allowed sender
list now gets freed. thanks to mildew for the patch.
- changed the way error messages in early startup are logged. They
now do no longer use the syslogd code directly but are rather
send to stderr.
---------------------------------------------------------------------------
Version 1.17.2 (rgerhards), 2007-07-23
- made the port part of the -r option optional. Needed for backward
compatibility with sysklogd
- replaced system() calls with something more reasonable. Please note that
this might break compatibility with some existing configuration files.
We accept this in favor of the gained security.
- removed a memory leak that could occur if timegenerated was used in
RFC 3164 format in templates
- did some preparation in msg.c for advanced multithreading - placed the
hooks, but not yet any active code
- worked further on modularization
- added $ModLoad MySQL (dummy) config directive
- added DropTrailingLFOnReception config directive
---------------------------------------------------------------------------
Version 1.17.1 (rgerhards), 2007-07-20
- fixed a bug that caused make install to install rsyslogd and rklogd under
the wrong names
- fixed bug that caused $AllowedSenders to handle IPv6 scopes incorrectly;
also fixed but that could garble $AllowedSender wildcards. Thanks to
mildew@gmail.com for the patch
- minor code cleanup - thanks to Peter Vrabec for the patch
- fixed minimal memory leak on HUP (caused by templates)
thanks to varmojfekoj <varmojfekoj@gmail.com> for the patch
- fixed another memory leak on HUPing and on exiting rsyslogd
again thanks to varmojfekoj <varmojfekoj@gmail.com> for the patch
- code cleanup (removed compiler warnings)
- fixed portability bug in configure.ac - thanks to Bartosz Kuźma for patch
- moved msg object into its own file set
- added the capability to continue trying to write log files when the
file system is full. Functionality based on patch by Martin Schulze
to sysklogd package.
---------------------------------------------------------------------------
Version 1.17.0 (RGer), 2007-07-17
- added $RepeatedLineReduction config parameter
- added $EscapeControlCharactersOnReceive config parameter
- added $ControlCharacterEscapePrefix config parameter
- added $DirCreateMode config parameter
- added $CreateDirs config parameter
- added $DebugPrintTemplateList config parameter
- added $ResetConfigVariables config parameter
- added $FileOwner config parameter
- added $FileGroup config parameter
- added $DirOwner config parameter
- added $DirGroup config parameter
- added $FailOnChownFailure config parameter
- added regular expression support to the filter engine
thanks to Michel Samia for providing the patch!
- enhanced $AllowedSender functionality. Credits to mildew@gmail.com for
the patch doing that
- added IPv6 support
- allowed DNS hostnames
- allowed DNS wildcard names
- added new option $DropMsgsWithMaliciousDnsPTRRecords
- added autoconf so that rfc3195d, rsyslogd and klogd are stored to /sbin
- added capability to auto-create directories with dynaFiles
---------------------------------------------------------------------------
Version 1.16.0 (RGer/Peter Vrabec), 2007-07-13 - The Friday, 13th Release ;)
- build system switched to autotools
- removed SYSV preprocessor macro use, replaced with autotools equivalents
- fixed a bug that caused rsyslogd to segfault when TCP listening was
disabled and it terminated
- added new properties "syslogfacility-text" and "syslogseverity-text"
thanks to varmojfekoj <varmojfekoj@gmail.com> for the patch
- added the -x option to disable hostname dns resolution
thanks to varmojfekoj <varmojfekoj@gmail.com> for the patch
- begun to better modularize syslogd.c - this is an ongoing project; moved
type definitions to a separate file
- removed some now-unused fields from struct filed
- move file size limit fields in struct field to the "right spot" (the file
writing part of the union - f_un.f_file)
- subdirectories linux and solaris are no longer part of the distribution
package. This is not because we cease support for them, but there are no
longer any files in them after the move to autotools
---------------------------------------------------------------------------
Version 1.15.1 (RGer), 2007-07-10
- fixed a bug that caused a dynaFile selector to stall when there was
an open error with one file
- improved template processing for dynaFiles; templates are now only
looked up during initialization - speeds up processing
- optimized memory layout in struct filed when compiled with MySQL
support
- fixed a bug that caused compilation without SYSLOG_INET to fail
- re-enabled the "last message repeated n times" feature. This
feature was not taken care of while rsyslogd evolved from sysklogd
and it was more or less defunct. Now it is fully functional again.
- added system properties: $NOW, $YEAR, $MONTH, $DAY, $HOUR, $MINUTE
- fixed a bug in iovAsString() that caused a memory leak under stress
conditions (most probably memory shortage). This was unlikely to
ever happen, but it doesn't hurt doing it right
- cosmetic: defined type "uchar", change all unsigned chars to uchar
---------------------------------------------------------------------------
Version 1.15.0 (RGer), 2007-07-05
- added ability to dynamically generate file names based on templates
and thus properties. This was a much-requested feature. It makes
life easy when it e.g. comes to splitting files based on the sender
address.
- added $umask and $FileCreateMode config file directives
- applied a patch from Bartosz Kuzma to compile cleanly under NetBSD
- checks for extra (unexpected) characters in system config file lines
have been added
- added IPv6 documentation - was accidentally missing from CVS
- begun to change char to unsigned char
---------------------------------------------------------------------------
Version 1.14.2 (RGer), 2007-07-03
** this release fixes all known nits with IPv6 **
- restored capability to do /etc/service lookup for "syslog"
service when -r 0 was given
- documented IPv6 handling of syslog messages
- integrate patch from Bartosz Kuźma to make rsyslog compile under
Solaris again (the patch replaced a strndup() call, which is not
available under Solaris
- improved debug logging when waiting on select
- updated rsyslogd man page with new options (-46A)
---------------------------------------------------------------------------
Version 1.14.1 (RGer/Peter Vrabec), 2007-06-29
- added Peter Vrabec's patch for IPv6 TCP
- prefixed all messages send to stderr in rsyslogd with "rsyslogd: "
---------------------------------------------------------------------------
Version 1.14.0 (RGer/Peter Vrabec), 2007-06-28
- Peter Vrabec provided IPv6 for rsyslog, so we are now IPv6 enabled
IPv6 Support is currently for UDP only, TCP is to come soon.
AllowedSender configuration does not yet work for IPv6.
- fixed code in iovCreate() that broke C's strict aliasing rules
- fixed some char/unsigned char differences that forced the compiler
to spit out warning messages
- updated the Red Hat init script to fix a known issue (thanks to
Peter Vrabec)
---------------------------------------------------------------------------
Version 1.13.5 (RGer), 2007-06-22
- made the TCP session limit configurable via command line switch
now -t <port>,<max sessions>
- added man page for rklogd(8) (basically a copy from klogd, but now
there is one...)
- fixed a bug that caused internal messages (e.g. rsyslogd startup) to
appear without a tag.
- removed a minor memory leak that occurred when TAG processing requalified
a HOSTNAME to be a TAG (and a TAG already was set).
- removed potential small memory leaks in MsgSet***() functions. There
would be a leak if a property was re-set, something that happened
extremely seldom.
---------------------------------------------------------------------------
Version 1.13.4 (RGer), 2007-06-18
- added a new property "PRI-text", which holds the PRI field in
textual form (e.g. "syslog.info")
- added alias "syslogseverity" for "syslogpriority", which is a
misleading property name that needs to stay for historical
reasons (and backward-compatibility)
- added doc on how to record PRI value in log file
- enhanced signal handling in klogd, including removal of an unsafe
call to the logging system during signal handling
---------------------------------------------------------------------------
Version 1.13.3 (RGer), 2007-06-15
- create a version of syslog.c from scratch. This is now
- highly optimized for rsyslog
- removes an incompatible license problem as the original
version had a BSD license with advertising clause
- fixed in the regard that rklogd will continue to work when
rsyslogd has been restarted (the original version, as well
as sysklogd, will remain silent then)
- solved an issue with an extra NUL char at message end that the
original version had
- applied some changes to klogd to care for the new interface
- fixed a bug in syslogd.c which prevented compiling under debian
---------------------------------------------------------------------------
Version 1.13.2 (RGer), 2007-06-13
- lib order in makefile patched to facilitate static linking - thanks
to Bennett Todd for providing the patch
- Integrated a patch from Peter Vrabec (pvrabec@redhat.com):
- added klogd under the name of rklogd (remove dependency on
original sysklogd package
- createDB.sql now in UTF
- added additional config files for use on Red Hat
---------------------------------------------------------------------------
Version 1.13.1 (RGer), 2007-02-05
- changed the listen backlog limit to a more reasonable value based on
the maximum number of TCP connections configured (10% + 5) - thanks to Guy
Standen for the hint (actually, the limit was 5 and that was a
left-over from early testing).
- fixed a bug in makefile which caused DB-support to be disabled when
NETZIP support was enabled
- added the -e option to allow transmission of every message to remote
hosts (effectively turns off duplicate message suppression)
- (somewhat) improved memory consumption when compiled with MySQL support
- looks like we fixed an incompatibility with MySQL 5.x and above software
At least in one case, the remote server name was destroyed, leading to
a connection failure. The new, improved code does not have this issue and
so we see this as solved (the new code is generally somewhat better, so
there is a good chance we fixed this incompatibility).
---------------------------------------------------------------------------
Version 1.13.0 (RGer), 2006-12-19
- added '$' as ToPos property replacer specifier - means "up to the
end of the string"
- property replacer option "escape-cc", "drop-cc" and "space-cc" added
- changed the handling of \0 characters inside syslog messages. We now
consistently escape them to "#000". This is somewhat recommended in
the draft-ietf-syslog-protocol-19 draft. While the real recommendation
is to not escape any characters at all, we can not do this without
considerable modification of the code. So we escape it to "#000", which
is consistent with a sample found in the Internet-draft.
- removed message glue logic (see printchopped() comment for details)
Also caused removal of parts table and thus some improvements in
memory usage.
- changed the default MAXLINE to 2048 to take care of recent syslog
standardization efforts (can easily be changed in syslogd.c)
- added support for byte-counted TCP syslog messages (much like
syslog-transport-tls-05 Internet Draft). This was necessary to
support compression over TCP.
- added support for receiving compressed syslog messages
- added support for sending compressed syslog messages
- fixed a bug where the last message in a syslog/tcp stream was
lost if it was not properly terminated by a LF character
---------------------------------------------------------------------------
Version 1.12.3 (RGer), 2006-10-04
- implemented some changes to support Solaris (but support is not
yet complete)
- commented out (via #if 0) some methods that are currently not being use
but should be kept for further us
- added (interim) -u 1 option to turn off hostname and tag parsing
- done some modifications to better support Fedora
- made the field delimiter inside property replace configurable via
template
- fixed a bug in property replacer: if fields were used, the delimitor
became part of the field. Up until now, this was barely noticeable as
the delimiter as TAB only and thus invisible to a human. With other
delimiters available now, it quickly showed up. This bug fix might cause
some grief to existing installations if they used the extra TAB for
whatever reasons - sorry folks... Anyhow, a solution is easy: just add
a TAB character constant into your template. Thus, there has no attempt
been made to do this in a backwards-compatible way.
---------------------------------------------------------------------------
Version 1.12.2 (RGer), 2006-02-15
- fixed a bug in the RFC 3339 date formatter. An extra space was added
after the actual timestamp
- added support for providing high-precision RFC3339 timestamps for
(rsyslogd-)internally-generated messages
- very (!) experimental support for syslog-protocol internet draft
added (the draft is experimental, the code is solid ;))
- added support for field-extracting in the property replacer
- enhanced the legacy-syslog parser so that it can interpret messages
that do not contain a TIMESTAMP
- fixed a bug that caused the default socket (usually /dev/log) to be
opened even when -o command line option was given
- fixed a bug in the Debian sample startup script - it caused rsyslogd
to listen to remote requests, which it shouldn't by default
---------------------------------------------------------------------------
Version 1.12.1 (RGer), 2005-11-23
- made multithreading work with BSD. Some signal-handling needed to be
restructured. Also, there might be a slight delay of up to 10 seconds
when huping and terminating rsyslogd under BSD
- fixed a bug where a NULL-pointer was passed to printf() in logmsg().
- fixed a bug during "make install" where rc3195d was not installed
Thanks to Bennett Todd for spotting this.
- fixed a bug where rsyslogd dumped core when no TAG was found in the
received message
- enhanced message parser so that it can deal with missing hostnames
in many cases (may not be totally fail-safe)
- fixed a bug where internally-generated messages did not have the correct
TAG
---------------------------------------------------------------------------
Version 1.12.0 (RGer), 2005-10-26
- moved to a multi-threaded design. single-threading is still optionally
available. Multi-threading is experimental!
- fixed a potential race condition. In the original code, marking was done
by an alarm handler, which could lead to all sorts of bad things. This
has been changed now. See comments in syslogd.c/domark() for details.
- improved debug output for property-based filters
- not a code change, but: I have checked all exit()s to make sure that
none occurs once rsyslogd has started up. Even in unusual conditions
(like low-memory conditions) rsyslogd somehow remains active. Of course,
it might loose a message or two, but at least it does not abort and it
can also recover when the condition no longer persists.
- fixed a bug that could cause loss of the last message received
immediately before rsyslogd was terminated.
- added comments on thread-safety of global variables in syslogd.c
- fixed a small bug: spurios printf() when TCP syslog was used
- fixed a bug that causes rsyslogd to dump core on termination when one
of the selector lines did not receive a message during the run (very
unlikely)
- fixed an one-too-low memory allocation in the TCP sender. Could result
in rsyslogd dumping core.
- fixed a bug with regular expression support (thanks to Andres Riancho)
- a little bit of code restructuring (especially main(), which was
horribly large)
---------------------------------------------------------------------------
Version 1.11.1 (RGer), 2005-10-19
- support for BSD-style program name and host blocks
- added a new property "programname" that can be used in templates
- added ability to specify listen port for rfc3195d
- fixed a bug that rendered the "startswith" comparison operation
unusable.
- changed more functions to "static" storage class to help compiler
optimize (should have been static in the first place...)
- fixed a potential memory leak in the string buffer class destructor.
As the destructor was previously never called, the leak did not actually
appear.
- some internal restructuring in anticipation/preparation of minimal
multi-threading support
- rsyslogd still shares some code with the sysklogd project. Some patches
for this shared code have been brought over from the sysklogd CVS.
---------------------------------------------------------------------------
Version 1.11.0 (RGer), 2005-10-12
- support for receiving messages via RFC 3195; added rfc3195d for that
purpose
- added an additional guard to prevent rsyslogd from aborting when the
2gb file size limit is hit. While a user can configure rsyslogd to
handle such situations, it would abort if that was not done AND large
file support was not enabled (ok, this is hopefully an unlikely scenario)
- fixed a bug that caused additional Unix domain sockets to be incorrectly
processed - could lead to message loss in extreme cases
---------------------------------------------------------------------------
Version 1.10.2 (RGer), 2005-09-27
- added comparison operations in property-based filters:
* isequal
* startswith
- added ability to negate all property-based filter comparison operations
by adding a !-sign right in front of the operation name
- added the ability to specify remote senders for UDP and TCP
received messages. Allows to block all but well-known hosts
- changed the $-config line directives to be case-INsensitive
- new command line option -w added: "do not display warnings if messages
from disallowed senders are received"
- fixed a bug that caused rsyslogd to dump core when the compare value
was not quoted in property-based filters
- fixed a bug in the new CStr compare function which lead to invalid
results (fortunately, this function was not yet used widely)
- added better support for "debugging" rsyslog.conf property filters
(only if -d switch is given)
- changed some function definitions to static, which eventually enables
some compiler optimizations
- fixed a bug in MySQL code; when a SQL error occurred, rsyslogd could
run in a tight loop. This was due to invalid sequence of error reporting
and is now fixed.
---------------------------------------------------------------------------
Version 1.10.1 (RGer), 2005-09-23
- added the ability to execute a shell script as an action.
Thanks to Bjoern Kalkbrenner for providing the code!
- fixed a bug in the MySQL code; due to the bug the automatic one-time
retry after an error did not happen - this lead to error message in
cases where none should be seen (e.g. after a MySQL restart)
- fixed a security issue with SQL-escaping in conjunction with
non-(SQL-)standard MySQL features.
---------------------------------------------------------------------------
Version 1.10.0 (RGer), 2005-09-20
REMINDER: 1.10 is the first unstable version if the 1.x series!
- added the capability to filter on any property in selector lines
(not just facility and priority)
- changed stringbuf into a new counted string class
- added support for a "discard" action. If a selector line with
discard (~ character) is found, no selector lines *after* that
line will be processed.
- thanks to Andres Riancho, regular expression support has been
added to the template engine
- added the FROMHOST property in the template processor, which could
previously not be obtained. Thanks to Cristian Testa for pointing
this out and even providing a fix.
- added display of compile-time options to -v output
- performance improvement for production build - made some checks
to happen only during debug mode
- fixed a problem with compiling on SUSE and - while doing so - removed
the socket call to set SO_BSDCOMPAT in cases where it is obsolete.
---------------------------------------------------------------------------
Version 1.0.4 (RGer), 2006-02-01
- a small but important fix: the tcp receiver had two forgotten printf's
in it that caused a lot of unnecessary output to stdout. This was
important enough to justify a new release
---------------------------------------------------------------------------
Version 1.0.3 (RGer), 2005-11-14
- added an additional guard to prevent rsyslogd from aborting when the
2gb file size limit is hit. While a user can configure rsyslogd to
handle such situations, it would abort if that was not done AND large
file support was not enabled (ok, this is hopefully an unlikely scenario)
- fixed a bug that caused additional Unix domain sockets to be incorrectly
processed - could lead to message loss in extreme cases
- applied some patches available from the sysklogd project to code
shared from there
- fixed a bug that causes rsyslogd to dump core on termination when one
of the selector lines did not receive a message during the run (very
unlikely)
- fixed an one-too-low memory allocation in the TCP sender. Could result
in rsyslogd dumping core.
- fixed a bug in the TCP sender that caused the retry logic to fail
after an error or receiver overrun
- fixed a bug in init() that could lead to dumping core
- fixed a bug that could lead to dumping core when no HOSTNAME or no TAG
was present in the syslog message
---------------------------------------------------------------------------
Version 1.0.2 (RGer), 2005-10-05
- fixed an issue with MySQL error reporting. When an error occurred,
the MySQL driver went into an endless loop (at least in most cases).
---------------------------------------------------------------------------
Version 1.0.1 (RGer), 2005-09-23
- fixed a security issue with SQL-escaping in conjunction with
non-(SQL-)standard MySQL features.
---------------------------------------------------------------------------
Version 1.0.0 (RGer), 2005-09-12
- changed install doc to cover daily cron scripts - a trouble source
- added rc script for slackware (provided by Chris Elvidge - thanks!)
- fixed a really minor bug in usage() - the -r option was still
reported as without the port parameter
---------------------------------------------------------------------------
Version 0.9.8 (RGer), 2005-09-05
- made startup and shutdown message more consistent and included the
pid, so that they can be easier correlated. Used syslog-protocol
structured data format for this purpose.
- improved config info in startup message, now tells not only
if it is listening remote on udp, but also for tcp. Also includes
the port numbers. The previous startup message was misleading, because
it did not say "remote reception" if rsyslogd was only listening via
tcp (but not via udp).
- added a "how can you help" document to the doc set
---------------------------------------------------------------------------
Version 0.9.7 (RGer), 2005-08-15
- some of the previous doc files (like INSTALL) did not properly
reflect the changes to the build process and the new doc. Fixed
that.
- changed syslogd.c so that when compiled without database support,
an error message is displayed when a database action is detected
in the config file (previously this was used as an user rule ;))
- fixed a bug in the os-specific Makefiles which caused MySQL
support to not be compiled, even if selected
---------------------------------------------------------------------------
Version 0.9.6 (RGer), 2005-08-09
- greatly enhanced documentation. Now available in html format in
the "doc" folder and FreeBSD. Finally includes an install howto.
- improved MySQL error messages a little - they now show up as log
messages, too (formerly only in debug mode)
- added the ability to specify the listen port for udp syslog.
WARNING: This introduces an incompatibility. Formerly, udp
syslog was enabled by the -r command line option. Now, it is
"-r [port]", which is consistent with the tcp listener. However,
just -r will now return an error message.
- added sample startup scripts for Debian and FreeBSD
- added support for easy feature selection in the makefile. Un-
fortunately, this also means I needed to spilt the make file
for different OS and distros. There are some really bad syntax
differences between FreeBSD and Linux make.
---------------------------------------------------------------------------
Version 0.9.5 (RGer), 2005-08-01
- the "semicolon bug" was actually not (fully) solved in 0.9.4. One
part of the bug was solved, but another still existed. This one
is fixed now, too.
- the "semicolon bug" actually turned out to be a more generic bug.
It appeared whenever an invalid template name was given. With some
selector actions, rsyslogd dumped core, with other it "just" had
a small resource leak with others all worked well. These anomalies
are now fixed. Note that they only appeared during system initialization
once the system was running, nothing bad happened.
- improved error reporting for template errors on startup. They are now
shown on the console and the start-up tty. Formerly, they were only
visible in debug mode.
- support for multiple instances of rsyslogd on a single machine added
- added new option "-o" --> omit local unix domain socket. This option
enables rsyslogd NOT to listen to the local socket. This is most
helpful when multiple instances of rsyslogd (or rsyslogd and another
syslogd) shall run on a single system.
- added new option "-i <pidfile>" which allows one to specify the pidfile.
This is needed when multiple instances of rsyslogd are to be run.
- the new project home page is now online at www.rsyslog.com
---------------------------------------------------------------------------
Version 0.9.4 (RGer), 2005-07-25
- finally added the TCP sender. It now supports non-blocking mode, no
longer disabling message reception during connect. As it is now, it
is usable in production. The code could be more sophisticated, but
I've kept it short in anticipation of the move to liblogging, which
will lead to the removal of the code just written ;)
- the "exiting on signal..." message still had the "syslogd" name in
it. Changed this to "rsyslogd", as we do not have a large user base
yet, this should pose no problem.
- fixed "the semicolon" bug. rsyslogd dumped core if a write-db action
was specified but no semicolon was given after the password (an empty
template was ok, but the semicolon needed to be present).
- changed a default for traditional output format. During testing, it
was seen that the timestamp written to file in default format was
the time of message reception, not the time specified in the TIMESTAMP
field of the message itself. Traditionally, the message TIMESTAMP is
used and this has been changed now.
---------------------------------------------------------------------------
Version 0.9.3 (RGer), 2005-07-19
- fixed a bug in the message parser. In June, the RFC 3164 timestamp
was not correctly parsed (yes, only in June and some other months,
see the code comment to learn why...)
- added the ability to specify the destination port when forwarding
syslog messages (both for TCP and UDP)
- added an very experimental TCP sender (activated by
@@machine:port in config). This is not yet for production use. If
the receiver is not alive, rsyslogd will wait quite some time until
the connection request times out, which most probably leads to
loss of incoming messages.
---------------------------------------------------------------------------
Version 0.9.2 (RGer), around 2005-07-06
- I intended to change the maxsupported message size to 32k to
support IHE - but given the memory inefficiency in the usual use
cases, I have not done this. I have, however, included very
specific instructions on how to do this in the source code. I have
also done some testing with 32k messages, so you can change the
max size without taking too much risk.
- added a syslog/tcp receiver; we now can receive messages via
plain tcp, but we can still send only via UDP. The syslog/tcp
receiver is the primary enhancement of this release.
- slightly changed some error messages that contained a spurios \n at
the end of the line (which gives empty lines in your log...)
---------------------------------------------------------------------------
Version 0.9.1 (RGer)
- fixed code so that it compiles without errors under FreeBSD
- removed now unused function "allocate_log()" from syslogd.c
- changed the make file so that it contains more defines for
different environments (in the long term, we need a better
system for disabling/enabling features...)
- changed some printf's printing off_t types to %lld and
explicit (long long) casts. I tried to figure out the exact type,
but did not succeed in this. In the worst case, ultra-large peta-
byte files will now display funny informational messages on rollover,
something I think we can live with for the neersion 3.11.2 (rgerhards), 2008-02-??
---------------------------------------------------------------------------
Version 3.11.1 (rgerhards), 2008-02-12
- SNMP trap sender added thanks to Andre Lorbach (omsnmp)
- added input-plugin interface specification in form of a (copy) template
input module
- applied documentation fix by Michael Biebl -- many thanks!
- bugfix: immark did not have MARK flags set...
- added x-info field to rsyslogd startup/shutdown message. Hopefully
points users to right location for further info (many don't even know
they run rsyslog ;))
- bugfix: trailing ":" of tag was lost while parsing legacy syslog messages
without timestamp - thanks to Anders Blomdell for providing a patch!
- fixed a bug in stringbuf.c related to STRINGBUF_TRIM_ALLOCSIZE, which
wasn't supposed to be used with rsyslog. Put a warning message up that
tells this feature is not tested and probably not worth the effort.
Thanks to Anders Blomdell fro bringing this to our attention
- somewhat improved performance of string buffers
- fixed bug that caused invalid treatment of tabs (HT) in rsyslog.conf
- bugfix: setting for $EscapeControlCharactersOnReceive was not
properly initialized
- clarified usage of space-cc property replacer option
- improved abort diagnostic handler
- some initial effort for malloc/free runtime debugging support
- bugfix: using dynafile actions caused rsyslogd abort
- fixed minor man errors thanks to Michael Biebl
---------------------------------------------------------------------------
Version 3.11.0 (rgerhards), 2008-01-31
- implemented queued actions
- implemented simple rate limiting for actions
- implemented deliberate discarding of lower priority messages over higher
priority ones when a queue runs out of space
- implemented disk quotas for disk queues
- implemented the $ActionResumeRetryCount config directive
- added $ActionQueueFilename config directive
- added $ActionQueueSize config directive
- added $ActionQueueHighWaterMark config directive
- added $ActionQueueLowWaterMark config directive
- added $ActionQueueDiscardMark config directive
- added $ActionQueueDiscardSeverity config directive
- added $ActionQueueCheckpointInterval config directive
- added $ActionQueueType config directive
- added $ActionQueueWorkerThreads config directive
- added $ActionQueueTimeoutshutdown config directive
- added $ActionQueueTimeoutActionCompletion config directive
- added $ActionQueueTimeoutenQueue config directive
- added $ActionQueueTimeoutworkerThreadShutdown config directive
- added $ActionQueueWorkerThreadMinimumMessages config directive
- added $ActionQueueMaxFileSize config directive
- added $ActionQueueSaveonShutdown config directive
- addded $ActionQueueDequeueSlowdown config directive
- addded $MainMsgQueueDequeueSlowdown config directive
- bugfix: added forgotten docs to package
- improved debugging support
- fixed a bug that caused $MainMsgQueueCheckpointInterval to work incorrectly
- when a long-running action needs to be cancelled on shutdown, the message
that was processed by it is now preserved. This finishes support for
guaranteed delivery of messages (if the output supports it, of course)
- fixed bug in output module interface, see
http://sourceforge.net/tracker/index.php?func=detail&aid=1881008&group_id=123448&atid=696552
- changed the ommysql output plugin so that the (lengthy) connection
initialization now takes place in message processing. This works much
better with the new queued action mode (fast startup)
- fixed a bug that caused a potential hang in file and fwd output module
varmojfekoj provided the patch - many thanks!
- bugfixed stream class offset handling on 32bit platforms
---------------------------------------------------------------------------
Version 3.10.3 (rgerhards), 2008-01-28
- fixed a bug with standard template definitions (not a big deal) - thanks
to varmojfekoj for spotting it
- run-time instrumentation added
- implemented disk-assisted queue mode, which enables on-demand disk
spooling if the queue's in-memory queue is exhausted
- implemented a dynamic worker thread pool for processing incoming
messages; workers are started and shut down as need arises
- implemented a run-time instrumentation debug package
- implemented the $MainMsgQueueSaveOnShutdown config directive
- implemented the $MainMsgQueueWorkerThreadMinimumMessages config directive
- implemented the $MainMsgQueueTimeoutWorkerThreadShutdown config directive
---------------------------------------------------------------------------
Version 3.10.2 (rgerhards), 2008-01-14
- added the ability to keep stop rsyslogd without the need to drain
the main message queue. In disk queue mode, rsyslog continues to
run from the point where it stopped. In case of a system failure, it
continues to process messages from the last checkpoint.
- fixed a bug that caused a segfault on startup when no $WorkDir directive
was specified in rsyslog.conf
- provided more fine-grain control over shutdown timeouts and added a
way to specify the enqueue timeout when the main message queue is full
- implemented $MainMsgQueueCheckpointInterval config directive
- implemented $MainMsgQueueTimeoutActionCompletion config directive
- implemented $MainMsgQueueTimeoutEnqueue config directive
- implemented $MainMsgQueueTimeoutShutdown config directive
---------------------------------------------------------------------------
Version 3.10.1 (rgerhards), 2008-01-10
- implemented the "disk" queue mode. However, it currently is of very
limited use, because it does not support persistence over rsyslogd
runs. So when rsyslogd is stopped, the queue is drained just as with
the in-memory queue modes. Persistent queues will be a feature of
the next release.
- performance-optimized string class, should bring an overall improvement
- fixed a memory leak in imudp -- thanks to varmojfekoj for the patch
- fixed a race condition that could lead to a rsyslogd hang when during
HUP or termination
- done some doc updates
- added $WorkDirectory config directive
- added $MainMsgQueueFileName config directive
- added $MainMsgQueueMaxFileSize config directive
---------------------------------------------------------------------------
Version 3.10.0 (rgerhards), 2008-01-07
- implemented input module interface and initial input modules
- enhanced threading for input modules (each on its own thread now)
- ability to bind UDP listeners to specific local interfaces/ports and
ability to run multiple of them concurrently
- added ability to specify listen IP address for UDP syslog server
- license changed to GPLv3
- mark messages are now provided by loadble module immark
- rklogd is no longer provided. Its functionality has now been taken over
by imklog, a loadable input module. This offers a much better integration
into rsyslogd and makes sure that the kernel logger process is brought
up and down at the appropriate times
- enhanced $IncludeConfig directive to support wildcard characters
(thanks to Michael Biebl)
- all inputs are now implemented as loadable plugins
- enhanced threading model: each input module now runs on its own thread
- enhanced message queue which now supports different queueing methods
(among others, this can be used for performance fine-tuning)
- added a large number of new configuration directives for the new
input modules
- enhanced multi-threading utilizing a worker thread pool for the
main message queue
- compilation without pthreads is no longer supported
- much cleaner code due to new objects and removal of single-threading
mode
---------------------------------------------------------------------------
Version 2.0.1 STABLE (rgerhards), 2008-01-24
- fixed a bug in integer conversion - but this function was never called,
so it is not really a useful bug fix ;)
- fixed a bug with standard template definitions (not a big deal) - thanks
to varmojfekoj for spotting it
- fixed a bug that caused a potential hang in file and fwd output module
varmojfekoj provided the patch - many thanks!
---------------------------------------------------------------------------
Version 2.0.0 STABLE (rgerhards), 2008-01-02
- re-release of 1.21.2 as STABLE with no modifications except some
doc updates
---------------------------------------------------------------------------
Version 1.21.2 (rgerhards), 2007-12-28
- created a gss-api output module. This keeps GSS-API code and
TCP/UDP code separated. It is also important for forward-
compatibility with v3. Please note that this change breaks compatibility
with config files created for 1.21.0 and 1.21.1 - this was considered
acceptable.
- fixed an error in forwarding retry code (could lead to message corruption
but surfaced very seldom)
- increased portability for older platforms (AI_NUMERICSERV moved)
- removed socket leak in omfwd.c
- cross-platform patch for GSS-API compile problem on some platforms
thanks to darix for the patch!
---------------------------------------------------------------------------
Version 1.21.1 (rgerhards), 2007-12-23
- small doc fix for $IncludeConfig
- fixed a bug in llDestroy()
- bugfix: fixing memory leak when message queue is full and during
parsing. Thanks to varmojfekoj for the patch.
- bugfix: when compiled without network support, unix sockets were
not properly closed
- bugfix: memory leak in cfsysline.c/doGetWord() fixed
---------------------------------------------------------------------------
Version 1.21.0 (rgerhards), 2007-12-19
- GSS-API support for syslog/TCP connections was added. Thanks to
varmojfekoj for providing the patch with this functionality
- code cleanup
- enhanced $IncludeConfig directive to support wildcard filenames
- changed some multithreading synchronization
---------------------------------------------------------------------------
Version 1.20.1 (rgerhards), 2007-12-12
- corrected a debug setting that survived release. Caused TCP connections
to be retried unnecessarily often.
- When a hostname ACL was provided and DNS resolution for that name failed,
ACL processing was stopped at that point. Thanks to mildew for the patch.
Fedora Bugzilla: http://bugzilla.redhat.com/show_bug.cgi?id=395911
- fixed a potential race condition, see link for details:
http://rgerhards.blogspot.com/2007/12/rsyslog-race-condition.html
Note that the probability of problems from this bug was very remote
- fixed a memory leak that happened when PostgreSQL date formats were
used
---------------------------------------------------------------------------
Version 1.20.0 (rgerhards), 2007-12-07
- an output module for postgres databases has been added. Thanks to
sur5r for contributing this code
- unloading dynamic modules has been cleaned up, we now have a
real implementation and not just a dummy "good enough for the time
being".
- enhanced platform independence - thanks to Bartosz Kuzma and Michael
Biebl for their very useful contributions
- some general code cleanup (including warnings on 64 platforms, only)
---------------------------------------------------------------------------
Version 1.19.12 (rgerhards), 2007-12-03
- cleaned up the build system (thanks to Michael Biebl for the patch)
- fixed a bug where ommysql was still not compiled with -pthread option
---------------------------------------------------------------------------
Version 1.19.11 (rgerhards), 2007-11-29
- applied -pthread option to build when building for multi-threading mode
hopefully solves an issue with segfaulting
---------------------------------------------------------------------------
Version 1.19.10 (rgerhards), 2007-10-19
- introduced the new ":modulename:" syntax for calling module actions
in selector lines; modified ommysql to support it. This is primarily
an aid for further modules and a prerequisite to actually allow third
party modules to be created.
- minor fix in slackware startup script, "-r 0" is now "-r0"
- updated rsyslogd doc set man page; now in html format
- undid creation of a separate thread for the main loop -- this did not
turn out to be needed or useful, so reduce complexity once again.
- added doc fixes provided by Michael Biebl - thanks
---------------------------------------------------------------------------
Version 1.19.9 (rgerhards), 2007-10-12
- now packaging system which again contains all components in a single
tarball
- modularized main() a bit more, resulting in less complex code
- experimentally added an additional thread - will see if that affects
the segfault bug we experience on some platforms. Note that this change
is scheduled to be removed again later.
---------------------------------------------------------------------------
Version 1.19.8 (rgerhards), 2007-09-27
- improved repeated message processing
- applied patch provided by varmojfekoj to support building ommysql
in its own way (now also resides in a plugin subdirectory);
ommysql is now a separate package
- fixed a bug in cvthname() that lead to message loss if part
of the source hostname would have been dropped
- created some support for distributing ommysql together with the
main rsyslog package. I need to re-think it in the future, but
for the time being the current mode is best. I now simply include
one additional tarball for ommysql inside the main distribution.
I look forward to user feedback on how this should be done best. In the
long term, a separate project should be spawend for ommysql, but I'd
like to do that only after the plugin interface is fully stable (what
it is not yet).
---------------------------------------------------------------------------
Version 1.19.7 (rgerhards), 2007-09-25
- added code to handle situations where senders send us messages ending with
a NUL character. It is now simply removed. This also caused trailing LF
reduction to fail, when it was followed by such a NUL. This is now also
handled.
- replaced some non-thread-safe function calls by their thread-safe
counterparts
- fixed a minor memory leak that occurred when the %APPNAME% property was
used (I think nobody used that in practice)
- fixed a bug that caused signal handlers in cvthname() not to be restored when
a malicious pointer record was detected and processing of the message been
stopped for that reason (this should be really rare and can not be related
to the segfault bug we are hunting).
- fixed a bug in cvthname that lead to passing a wrong parameter - in
practice, this had no impact.
- general code cleanup (e.g. compiler warnings, comments)
---------------------------------------------------------------------------
Version 1.19.6 (rgerhards), 2007-09-11
- applied patch by varmojfekoj to change signal handling to the new
sigaction API set (replacing the depreciated signal() calls and its
friends.
- fixed a bug that in --enable-debug mode caused an assertion when the
discard action was used
- cleaned up compiler warnings
- applied patch by varmojfekoj to FIX a bug that could cause
segfaults if empty properties were processed using modifying
options (e.g. space-cc, drop-cc)
- fixed man bug: rsyslogd supports -l option
---------------------------------------------------------------------------
Version 1.19.5 (rgerhards), 2007-09-07
- changed part of the CStr interface so that better error tracking
is provided and the calling sequence is more intuitive (there were
invalid calls based on a too-weird interface)
- (hopefully) fixed some remaining bugs rooted in wrong use of
the CStr class. These could lead to program abort.
- applied patch by varmojfekoj two fix two potential segfault situations
- added $ModDir config directive
- modified $ModLoad so that an absolute path may be specified as
module name (e.g. /rsyslog/ommysql.so)
---------------------------------------------------------------------------
Version 1.19.4 (rgerhards/varmojfekoj), 2007-09-04
- fixed a number of small memory leaks - thanks varmojfekoj for patching
- fixed an issue with CString class that could lead to rsyslog abort
in tplToString() - thanks varmojfekoj for patching
- added a man-version of the config file documentation - thanks to Michel
Samia for providing the man file
- fixed bug: a template like this causes an infinite loop:
$template opts,"%programname:::a,b%"
thanks varmojfekoj for the patch
- fixed bug: case changing options crash freeing the string pointer
because they modify it: $template opts2,"%programname::1:lowercase%"
thanks varmojfekoj for the patch
---------------------------------------------------------------------------
Version 1.19.3 (mmeckelein/varmojfekoj), 2007-08-31
- small mem leak fixed (after calling parseSelectorAct) - Thx varmojfekoj
- documentation section "Regular File" und "Blocks" updated
- solved an issue with dynamic file generation - Once again many thanks
to varmojfekoj
- the negative selector for program name filter (Blocks) does not work as
expected - Thanks varmojfekoj for patching
- added forwarding information to sysklogd (requires special template)
to config doc
---------------------------------------------------------------------------
Version 1.19.2 (mmeckelein/varmojfekoj), 2007-08-28
- a specifically formed message caused a segfault - Many thanks varmojfekoj
for providing a patch
- a typo and a weird condition are fixed in msg.c - Thanks again
varmojfekoj
- on file creation the file was always owned by root:root. This is fixed
now - Thanks ypsa for solving this issue
---------------------------------------------------------------------------
Version 1.19.1 (mmeckelein), 2007-08-22
- a bug that caused a high load when a TCP/UDP connection was closed is
fixed now - Thanks mildew for solving this issue
- fixed a bug which caused a segfault on reinit - Thx varmojfekoj for the
patch
- changed the hardcoded module path "/lib/rsyslog" to $(pkglibdir) in order
to avoid trouble e.g. on 64 bit platforms (/lib64) - many thanks Peter
Vrabec and darix, both provided a patch for solving this issue
- enhanced the unloading of modules - thanks again varmojfekoj
- applied a patch from varmojfekoj which fixes various little things in
MySQL output module
---------------------------------------------------------------------------
Version 1.19.0 (varmojfekoj/rgerhards), 2007-08-16
- integrated patch from varmojfekoj to make the mysql module a loadable one
many thanks for the patch, MUCH appreciated
---------------------------------------------------------------------------
Version 1.18.2 (rgerhards), 2007-08-13
- fixed a bug in outchannel code that caused templates to be incorrectly
parsed
- fixed a bug in ommysql that caused a wrong ";template" missing message
- added some code for unloading modules; not yet fully complete (and we do
not yet have loadable modules, so this is no problem)
- removed debian subdirectory by request of a debian packager (this is a special
subdir for debian and there is also no point in maintaining it when there
is a debian package available - so I gladly did this) in some cases
- improved overall doc quality (some pages were quite old) and linked to
more of the online resources.
- improved /contrib/delete_mysql script by adding a host option and some
other minor modifications
---------------------------------------------------------------------------
Version 1.18.1 (rgerhards), 2007-08-08
- applied a patch from varmojfekoj which solved a potential segfault
of rsyslogd on HUP
- applied patch from Michel Samia to fix compilation when the pthreads
feature is disabled
- some code cleanup (moved action object to its own file set)
- add config directive $MainMsgQueueSize, which now allows one to configure the
queue size dynamically
- all compile-time settings are now shown in rsyslogd -v, not just the
active ones
- enhanced performance a little bit more
- added config file directive $ActionResumeInterval
- fixed a bug that prevented compilation under debian sid
- added a contrib directory for user-contributed useful things
---------------------------------------------------------------------------
Version 1.18.0 (rgerhards), 2007-08-03
- rsyslog now supports fallback actions when an action did not work. This
is a great feature e.g. for backup database servers or backup syslog
servers
- modified rklogd to only change the console log level if -c is specified
- added feature to use multiple actions inside a single selector
- implemented $ActionExecOnlyWhenPreviousIsSuspended config directive
- error messages during startup are now spit out to the configured log
destinations
---------------------------------------------------------------------------
Version 1.17.6 (rgerhards), 2007-08-01
- continued to work on output module modularization - basic stage of
this work is now FINISHED
- fixed bug in OMSRcreate() - always returned SR_RET_OK
- fixed a bug that caused ommysql to always complain about missing
templates
- fixed a mem leak in OMSRdestruct - freeing the object itself was
forgotten - thanks to varmojfekoj for the patch
- fixed a memory leak in syslogd/init() that happened when the config
file could not be read - thanks to varmojfekoj for the patch
- fixed insufficient memory allocation in addAction() and its helpers.
The initial fix and idea was developed by mildew, I fine-tuned
it a bit. Thanks a lot for the fix, I'd probably had pulled out my
hair to find the bug...
- added output of config file line number when a parsing error occurred
- fixed bug in objomsr.c that caused program to abort in debug mode with
an invalid assertion (in some cases)
- fixed a typo that caused the default template for MySQL to be wrong.
thanks to mildew for catching this.
- added configuration file command $DebugPrintModuleList and
$DebugPrintCfSysLineHandlerList
- fixed an invalid value for the MARK timer - unfortunately, there was
a testing aid left in place. This resulted in quite frequent MARK messages
- added $IncludeConfig config directive
- applied a patch from mildew to prevent rsyslogd from freezing under heavy
load. This could happen when the queue was full. Now, we drop messages
but rsyslogd remains active.
---------------------------------------------------------------------------
Version 1.17.5 (rgerhards), 2007-07-30
- continued to work on output module modularization
- fixed a missing file bug - thanks to Andrea Montanari for reporting
this problem
- fixed a problem with shutting down the worker thread and freeing the
selector_t list - this caused messages to be lost, because the
message queue was not properly drained before the selectors got
destroyed.
---------------------------------------------------------------------------
Version 1.17.4 (rgerhards), 2007-07-27
- continued to work on output module modularization
- fixed a situation where rsyslogd could create zombie processes
thanks to mildew for the patch
- applied patch from Michel Samia to fix compilation when NOT
compiled for pthreads
---------------------------------------------------------------------------
Version 1.17.3 (rgerhards), 2007-07-25
- continued working on output module modularization
- fixed a bug that caused rsyslogd to segfault on exit (and
probably also on HUP), when there was an unsent message in a selector
that required forwarding and the dns lookup failed for that selector
(yes, it was pretty unlikely to happen;))
thanks to varmojfekoj <varmojfekoj@gmail.com> for the patch
- fixed a memory leak in config file parsing and die()
thanks to varmojfekoj <varmojfekoj@gmail.com> for the patch
- rsyslogd now checks on startup if it is capable to perform any work
at all. If it cant, it complains and terminates
thanks to Michel Samia for providing the patch!
- fixed a small memory leak when HUPing syslogd. The allowed sender
list now gets freed. thanks to mildew for the patch.
- changed the way error messages in early startup are logged. They
now do no longer use the syslogd code directly but are rather
send to stderr.
---------------------------------------------------------------------------
Version 1.17.2 (rgerhards), 2007-07-23
- made the port part of the -r option optional. Needed for backward
compatibility with sysklogd
- replaced system() calls with something more reasonable. Please note that
this might break compatibility with some existing configuration files.
We accept this in favor of the gained security.
- removed a memory leak that could occur if timegenerated was used in
RFC 3164 format in templates
- did some preparation in msg.c for advanced multithreading - placed the
hooks, but not yet any active code
- worked further on modularization
- added $ModLoad MySQL (dummy) config directive
- added DropTrailingLFOnReception config directive
---------------------------------------------------------------------------
Version 1.17.1 (rgerhards), 2007-07-20
- fixed a bug that caused make install to install rsyslogd and rklogd under
the wrong names
- fixed bug that caused $AllowedSenders to handle IPv6 scopes incorrectly;
also fixed but that could garble $AllowedSender wildcards. Thanks to
mildew@gmail.com for the patch
- minor code cleanup - thanks to Peter Vrabec for the patch
- fixed minimal memory leak on HUP (caused by templates)
thanks to varmojfekoj <varmojfekoj@gmail.com> for the patch
- fixed another memory leak on HUPing and on exiting rsyslogd
again thanks to varmojfekoj <varmojfekoj@gmail.com> for the patch
- code cleanup (removed compiler warnings)
- fixed portability bug in configure.ac - thanks to Bartosz Kuźma for patch
- moved msg object into its own file set
- added the capability to continue trying to write log files when the
file system is full. Functionality based on patch by Martin Schulze
to sysklogd package.
---------------------------------------------------------------------------
Version 1.17.0 (RGer), 2007-07-17
- added $RepeatedLineReduction config parameter
- added $EscapeControlCharactersOnReceive config parameter
- added $ControlCharacterEscapePrefix config parameter
- added $DirCreateMode config parameter
- added $CreateDirs config parameter
- added $DebugPrintTemplateList config parameter
- added $ResetConfigVariables config parameter
- added $FileOwner config parameter
- added $FileGroup config parameter
- added $DirOwner config parameter
- added $DirGroup config parameter
- added $FailOnChownFailure config parameter
- added regular expression support to the filter engine
thanks to Michel Samia for providing the patch!
- enhanced $AllowedSender functionality. Credits to mildew@gmail.com for
the patch doing that
- added IPv6 support
- allowed DNS hostnames
- allowed DNS wildcard names
- added new option $DropMsgsWithMaliciousDnsPTRRecords
- added autoconf so that rfc3195d, rsyslogd and klogd are stored to /sbin
- added capability to auto-create directories with dynaFiles
---------------------------------------------------------------------------
Version 1.16.0 (RGer/Peter Vrabec), 2007-07-13 - The Friday, 13th Release ;)
- build system switched to autotools
- removed SYSV preprocessor macro use, replaced with autotools equivalents
- fixed a bug that caused rsyslogd to segfault when TCP listening was
disabled and it terminated
- added new properties "syslogfacility-text" and "syslogseverity-text"
thanks to varmojfekoj <varmojfekoj@gmail.com> for the patch
- added the -x option to disable hostname dns resolution
thanks to varmojfekoj <varmojfekoj@gmail.com> for the patch
- begun to better modularize syslogd.c - this is an ongoing project; moved
type definitions to a separate file
- removed some now-unused fields from struct filed
- move file size limit fields in struct field to the "right spot" (the file
writing part of the union - f_un.f_file)
- subdirectories linux and solaris are no longer part of the distribution
package. This is not because we cease support for them, but there are no
longer any files in them after the move to autotools
---------------------------------------------------------------------------
Version 1.15.1 (RGer), 2007-07-10
- fixed a bug that caused a dynaFile selector to stall when there was
an open error with one file
- improved template processing for dynaFiles; templates are now only
looked up during initialization - speeds up processing
- optimized memory layout in struct filed when compiled with MySQL
support
- fixed a bug that caused compilation without SYSLOG_INET to fail
- re-enabled the "last message repeated n times" feature. This
feature was not taken care of while rsyslogd evolved from sysklogd
and it was more or less defunct. Now it is fully functional again.
- added system properties: $NOW, $YEAR, $MONTH, $DAY, $HOUR, $MINUTE
- fixed a bug in iovAsString() that caused a memory leak under stress
conditions (most probably memory shortage). This was unlikely to
ever happen, but it doesn't hurt doing it right
- cosmetic: defined type "uchar", change all unsigned chars to uchar
---------------------------------------------------------------------------
Version 1.15.0 (RGer), 2007-07-05
- added ability to dynamically generate file names based on templates
and thus properties. This was a much-requested feature. It makes
life easy when it e.g. comes to splitting files based on the sender
address.
- added $umask and $FileCreateMode config file directives
- applied a patch from Bartosz Kuzma to compile cleanly under NetBSD
- checks for extra (unexpected) characters in system config file lines
have been added
- added IPv6 documentation - was accidentally missing from CVS
- begun to change char to unsigned char
---------------------------------------------------------------------------
Version 1.14.2 (RGer), 2007-07-03
** this release fixes all known nits with IPv6 **
- restored capability to do /etc/service lookup for "syslog"
service when -r 0 was given
- documented IPv6 handling of syslog messages
- integrate patch from Bartosz Kuźma to make rsyslog compile under
Solaris again (the patch replaced a strndup() call, which is not
available under Solaris
- improved debug logging when waiting on select
- updated rsyslogd man page with new options (-46A)
---------------------------------------------------------------------------
Version 1.14.1 (RGer/Peter Vrabec), 2007-06-29
- added Peter Vrabec's patch for IPv6 TCP
- prefixed all messages send to stderr in rsyslogd with "rsyslogd: "
---------------------------------------------------------------------------
Version 1.14.0 (RGer/Peter Vrabec), 2007-06-28
- Peter Vrabec provided IPv6 for rsyslog, so we are now IPv6 enabled
IPv6 Support is currently for UDP only, TCP is to come soon.
AllowedSender configuration does not yet work for IPv6.
- fixed code in iovCreate() that broke C's strict aliasing rules
- fixed some char/unsigned char differences that forced the compiler
to spit out warning messages
- updated the Red Hat init script to fix a known issue (thanks to
Peter Vrabec)
---------------------------------------------------------------------------
Version 1.13.5 (RGer), 2007-06-22
- made the TCP session limit configurable via command line switch
now -t <port>,<max sessions>
- added man page for rklogd(8) (basically a copy from klogd, but now
there is one...)
- fixed a bug that caused internal messages (e.g. rsyslogd startup) to
appear without a tag.
- removed a minor memory leak that occurred when TAG processing requalified
a HOSTNAME to be a TAG (and a TAG already was set).
- removed potential small memory leaks in MsgSet***() functions. There
would be a leak if a property was re-set, something that happened
extremely seldom.
---------------------------------------------------------------------------
Version 1.13.4 (RGer), 2007-06-18
- added a new property "PRI-text", which holds the PRI field in
textual form (e.g. "syslog.info")
- added alias "syslogseverity" for "syslogpriority", which is a
misleading property name that needs to stay for historical
reasons (and backward-compatibility)
- added doc on how to record PRI value in log file
- enhanced signal handling in klogd, including removal of an unsafe
call to the logging system during signal handling
---------------------------------------------------------------------------
Version 1.13.3 (RGer), 2007-06-15
- create a version of syslog.c from scratch. This is now
- highly optimized for rsyslog
- removes an incompatible license problem as the original
version had a BSD license with advertising clause
- fixed in the regard that rklogd will continue to work when
rsyslogd has been restarted (the original version, as well
as sysklogd, will remain silent then)
- solved an issue with an extra NUL char at message end that the
original version had
- applied some changes to klogd to care for the new interface
- fixed a bug in syslogd.c which prevented compiling under debian
---------------------------------------------------------------------------
Version 1.13.2 (RGer), 2007-06-13
- lib order in makefile patched to facilitate static linking - thanks
to Bennett Todd for providing the patch
- Integrated a patch from Peter Vrabec (pvrabec@redhat.com):
- added klogd under the name of rklogd (remove dependency on
original sysklogd package
- createDB.sql now in UTF
- added additional config files for use on Red Hat
---------------------------------------------------------------------------
Version 1.13.1 (RGer), 2007-02-05
- changed the listen backlog limit to a more reasonable value based on
the maximum number of TCP connections configured (10% + 5) - thanks to Guy
Standen for the hint (actually, the limit was 5 and that was a
left-over from early testing).
- fixed a bug in makefile which caused DB-support to be disabled when
NETZIP support was enabled
- added the -e option to allow transmission of every message to remote
hosts (effectively turns off duplicate message suppression)
- (somewhat) improved memory consumption when compiled with MySQL support
- looks like we fixed an incompatibility with MySQL 5.x and above software
At least in one case, the remote server name was destroyed, leading to
a connection failure. The new, improved code does not have this issue and
so we see this as solved (the new code is generally somewhat better, so
there is a good chance we fixed this incompatibility).
---------------------------------------------------------------------------
Version 1.13.0 (RGer), 2006-12-19
- added '$' as ToPos property replacer specifier - means "up to the
end of the string"
- property replacer option "escape-cc", "drop-cc" and "space-cc" added
- changed the handling of \0 characters inside syslog messages. We now
consistently escape them to "#000". This is somewhat recommended in
the draft-ietf-syslog-protocol-19 draft. While the real recommendation
is to not escape any characters at all, we can not do this without
considerable modification of the code. So we escape it to "#000", which
is consistent with a sample found in the Internet-draft.
- removed message glue logic (see printchopped() comment for details)
Also caused removal of parts table and thus some improvements in
memory usage.
- changed the default MAXLINE to 2048 to take care of recent syslog
standardization efforts (can easily be changed in syslogd.c)
- added support for byte-counted TCP syslog messages (much like
syslog-transport-tls-05 Internet Draft). This was necessary to
support compression over TCP.
- added support for receiving compressed syslog messages
- added support for sending compressed syslog messages
- fixed a bug where the last message in a syslog/tcp stream was
lost if it was not properly terminated by a LF character
---------------------------------------------------------------------------
Version 1.12.3 (RGer), 2006-10-04
- implemented some changes to support Solaris (but support is not
yet complete)
- commented out (via #if 0) some methods that are currently not being use
but should be kept for further us
- added (interim) -u 1 option to turn off hostname and tag parsing
- done some modifications to better support Fedora
- made the field delimiter inside property replace configurable via
template
- fixed a bug in property replacer: if fields were used, the delimitor
became part of the field. Up until now, this was barely noticeable as
the delimiter as TAB only and thus invisible to a human. With other
delimiters available now, it quickly showed up. This bug fix might cause
some grief to existing installations if they used the extra TAB for
whatever reasons - sorry folks... Anyhow, a solution is easy: just add
a TAB character constant into your template. Thus, there has no attempt
been made to do this in a backwards-compatible way.
---------------------------------------------------------------------------
Version 1.12.2 (RGer), 2006-02-15
- fixed a bug in the RFC 3339 date formatter. An extra space was added
after the actual timestamp
- added support for providing high-precision RFC3339 timestamps for
(rsyslogd-)internally-generated messages
- very (!) experimental support for syslog-protocol internet draft
added (the draft is experimental, the code is solid ;))
- added support for field-extracting in the property replacer
- enhanced the legacy-syslog parser so that it can interpret messages
that do not contain a TIMESTAMP
- fixed a bug that caused the default socket (usually /dev/log) to be
opened even when -o command line option was given
- fixed a bug in the Debian sample startup script - it caused rsyslogd
to listen to remote requests, which it shouldn't by default
---------------------------------------------------------------------------
Version 1.12.1 (RGer), 2005-11-23
- made multithreading work with BSD. Some signal-handling needed to be
restructured. Also, there might be a slight delay of up to 10 seconds
when huping and terminating rsyslogd under BSD
- fixed a bug where a NULL-pointer was passed to printf() in logmsg().
- fixed a bug during "make install" where rc3195d was not installed
Thanks to Bennett Todd for spotting this.
- fixed a bug where rsyslogd dumped core when no TAG was found in the
received message
- enhanced message parser so that it can deal with missing hostnames
in many cases (may not be totally fail-safe)
- fixed a bug where internally-generated messages did not have the correct
TAG
---------------------------------------------------------------------------
Version 1.12.0 (RGer), 2005-10-26
- moved to a multi-threaded design. single-threading is still optionally
available. Multi-threading is experimental!
- fixed a potential race condition. In the original code, marking was done
by an alarm handler, which could lead to all sorts of bad things. This
has been changed now. See comments in syslogd.c/domark() for details.
- improved debug output for property-based filters
- not a code change, but: I have checked all exit()s to make sure that
none occurs once rsyslogd has started up. Even in unusual conditions
(like low-memory conditions) rsyslogd somehow remains active. Of course,
it might loose a message or two, but at least it does not abort and it
can also recover when the condition no longer persists.
- fixed a bug that could cause loss of the last message received
immediately before rsyslogd was terminated.
- added comments on thread-safety of global variables in syslogd.c
- fixed a small bug: spurios printf() when TCP syslog was used
- fixed a bug that causes rsyslogd to dump core on termination when one
of the selector lines did not receive a message during the run (very
unlikely)
- fixed an one-too-low memory allocation in the TCP sender. Could result
in rsyslogd dumping core.
- fixed a bug with regular expression support (thanks to Andres Riancho)
- a little bit of code restructuring (especially main(), which was
horribly large)
---------------------------------------------------------------------------
Version 1.11.1 (RGer), 2005-10-19
- support for BSD-style program name and host blocks
- added a new property "programname" that can be used in templates
- added ability to specify listen port for rfc3195d
- fixed a bug that rendered the "startswith" comparison operation
unusable.
- changed more functions to "static" storage class to help compiler
optimize (should have been static in the first place...)
- fixed a potential memory leak in the string buffer class destructor.
As the destructor was previously never called, the leak did not actually
appear.
- some internal restructuring in anticipation/preparation of minimal
multi-threading support
- rsyslogd still shares some code with the sysklogd project. Some patches
for this shared code have been brought over from the sysklogd CVS.
---------------------------------------------------------------------------
Version 1.11.0 (RGer), 2005-10-12
- support for receiving messages via RFC 3195; added rfc3195d for that
purpose
- added an additional guard to prevent rsyslogd from aborting when the
2gb file size limit is hit. While a user can configure rsyslogd to
handle such situations, it would abort if that was not done AND large
file support was not enabled (ok, this is hopefully an unlikely scenario)
- fixed a bug that caused additional Unix domain sockets to be incorrectly
processed - could lead to message loss in extreme cases
---------------------------------------------------------------------------
Version 1.10.2 (RGer), 2005-09-27
- added comparison operations in property-based filters:
* isequal
* startswith
- added ability to negate all property-based filter comparison operations
by adding a !-sign right in front of the operation name
- added the ability to specify remote senders for UDP and TCP
received messages. Allows to block all but well-known hosts
- changed the $-config line directives to be case-INsensitive
- new command line option -w added: "do not display warnings if messages
from disallowed senders are received"
- fixed a bug that caused rsyslogd to dump core when the compare value
was not quoted in property-based filters
- fixed a bug in the new CStr compare function which lead to invalid
results (fortunately, this function was not yet used widely)
- added better support for "debugging" rsyslog.conf property filters
(only if -d switch is given)
- changed some function definitions to static, which eventually enables
some compiler optimizations
- fixed a bug in MySQL code; when a SQL error occurred, rsyslogd could
run in a tight loop. This was due to invalid sequence of error reporting
and is now fixed.
---------------------------------------------------------------------------
Version 1.10.1 (RGer), 2005-09-23
- added the ability to execute a shell script as an action.
Thanks to Bjoern Kalkbrenner for providing the code!
- fixed a bug in the MySQL code; due to the bug the automatic one-time
retry after an error did not happen - this lead to error message in
cases where none should be seen (e.g. after a MySQL restart)
- fixed a security issue with SQL-escaping in conjunction with
non-(SQL-)standard MySQL features.
---------------------------------------------------------------------------
Version 1.10.0 (RGer), 2005-09-20
REMINDER: 1.10 is the first unstable version if the 1.x series!
- added the capability to filter on any property in selector lines
(not just facility and priority)
- changed stringbuf into a new counted string class
- added support for a "discard" action. If a selector line with
discard (~ character) is found, no selector lines *after* that
line will be processed.
- thanks to Andres Riancho, regular expression support has been
added to the template engine
- added the FROMHOST property in the template processor, which could
previously not be obtained. Thanks to Cristian Testa for pointing
this out and even providing a fix.
- added display of compile-time options to -v output
- performance improvement for production build - made some checks
to happen only during debug mode
- fixed a problem with compiling on SUSE and - while doing so - removed
the socket call to set SO_BSDCOMPAT in cases where it is obsolete.
---------------------------------------------------------------------------
Version 1.0.4 (RGer), 2006-02-01
- a small but important fix: the tcp receiver had two forgotten printf's
in it that caused a lot of unnecessary output to stdout. This was
important enough to justify a new release
---------------------------------------------------------------------------
Version 1.0.3 (RGer), 2005-11-14
- added an additional guard to prevent rsyslogd from aborting when the
2gb file size limit is hit. While a user can configure rsyslogd to
handle such situations, it would abort if that was not done AND large
file support was not enabled (ok, this is hopefully an unlikely scenario)
- fixed a bug that caused additional Unix domain sockets to be incorrectly
processed - could lead to message loss in extreme cases
- applied some patches available from the sysklogd project to code
shared from there
- fixed a bug that causes rsyslogd to dump core on termination when one
of the selector lines did not receive a message during the run (very
unlikely)
- fixed an one-too-low memory allocation in the TCP sender. Could result
in rsyslogd dumping core.
- fixed a bug in the TCP sender that caused the retry logic to fail
after an error or receiver overrun
- fixed a bug in init() that could lead to dumping core
- fixed a bug that could lead to dumping core when no HOSTNAME or no TAG
was present in the syslog message
---------------------------------------------------------------------------
Version 1.0.2 (RGer), 2005-10-05
- fixed an issue with MySQL error reporting. When an error occurred,
the MySQL driver went into an endless loop (at least in most cases).
---------------------------------------------------------------------------
Version 1.0.1 (RGer), 2005-09-23
- fixed a security issue with SQL-escaping in conjunction with
non-(SQL-)standard MySQL features.
---------------------------------------------------------------------------
Version 1.0.0 (RGer), 2005-09-12
- changed install doc to cover daily cron scripts - a trouble source
- added rc script for slackware (provided by Chris Elvidge - thanks!)
- fixed a really minor bug in usage() - the -r option was still
reported as without the port parameter
---------------------------------------------------------------------------
Version 0.9.8 (RGer), 2005-09-05
- made startup and shutdown message more consistent and included the
pid, so that they can be easier correlated. Used syslog-protocol
structured data format for this purpose.
- improved config info in startup message, now tells not only
if it is listening remote on udp, but also for tcp. Also includes
the port numbers. The previous startup message was misleading, because
it did not say "remote reception" if rsyslogd was only listening via
tcp (but not via udp).
- added a "how can you help" document to the doc set
---------------------------------------------------------------------------
Version 0.9.7 (RGer), 2005-08-15
- some of the previous doc files (like INSTALL) did not properly
reflect the changes to the build process and the new doc. Fixed
that.
- changed syslogd.c so that when compiled without database support,
an error message is displayed when a database action is detected
in the config file (previously this was used as an user rule ;))
- fixed a bug in the os-specific Makefiles which caused MySQL
support to not be compiled, even if selected
---------------------------------------------------------------------------
Version 0.9.6 (RGer), 2005-08-09
- greatly enhanced documentation. Now available in html format in
the "doc" folder and FreeBSD. Finally includes an install howto.
- improved MySQL error messages a little - they now show up as log
messages, too (formerly only in debug mode)
- added the ability to specify the listen port for udp syslog.
WARNING: This introduces an incompatibility. Formerly, udp
syslog was enabled by the -r command line option. Now, it is
"-r [port]", which is consistent with the tcp listener. However,
just -r will now return an error message.
- added sample startup scripts for Debian and FreeBSD
- added support for easy feature selection in the makefile. Un-
fortunately, this also means I needed to spilt the make file
for different OS and distros. There are some really bad syntax
differences between FreeBSD and Linux make.
---------------------------------------------------------------------------
Version 0.9.5 (RGer), 2005-08-01
- the "semicolon bug" was actually not (fully) solved in 0.9.4. One
part of the bug was solved, but another still existed. This one
is fixed now, too.
- the "semicolon bug" actually turned out to be a more generic bug.
It appeared whenever an invalid template name was given. With some
selector actions, rsyslogd dumped core, with other it "just" had
a small resource leak with others all worked well. These anomalies
are now fixed. Note that they only appeared during system initialization
once the system was running, nothing bad happened.
- improved error reporting for template errors on startup. They are now
shown on the console and the start-up tty. Formerly, they were only
visible in debug mode.
- support for multiple instances of rsyslogd on a single machine added
- added new option "-o" --> omit local unix domain socket. This option
enables rsyslogd NOT to listen to the local socket. This is most
helpful when multiple instances of rsyslogd (or rsyslogd and another
syslogd) shall run on a single system.
- added new option "-i <pidfile>" which allows one to specify the pidfile.
This is needed when multiple instances of rsyslogd are to be run.
- the new project home page is now online at www.rsyslog.com
---------------------------------------------------------------------------
Version 0.9.4 (RGer), 2005-07-25
- finally added the TCP sender. It now supports non-blocking mode, no
longer disabling message reception during connect. As it is now, it
is usable in production. The code could be more sophisticated, but
I've kept it short in anticipation of the move to liblogging, which
will lead to the removal of the code just written ;)
- the "exiting on signal..." message still had the "syslogd" name in
it. Changed this to "rsyslogd", as we do not have a large user base
yet, this should pose no problem.
- fixed "the semicolon" bug. rsyslogd dumped core if a write-db action
was specified but no semicolon was given after the password (an empty
template was ok, but the semicolon needed to be present).
- changed a default for traditional output format. During testing, it
was seen that the timestamp written to file in default format was
the time of message reception, not the time specified in the TIMESTAMP
field of the message itself. Traditionally, the message TIMESTAMP is
used and this has been changed now.
---------------------------------------------------------------------------
Version 0.9.3 (RGer), 2005-07-19
- fixed a bug in the message parser. In June, the RFC 3164 timestamp
was not correctly parsed (yes, only in June and some other months,
see the code comment to learn why...)
- added the ability to specify the destination port when forwarding
syslog messages (both for TCP and UDP)
- added an very experimental TCP sender (activated by
@@machine:port in config). This is not yet for production use. If
the receiver is not alive, rsyslogd will wait quite some time until
the connection request times out, which most probably leads to
loss of incoming messages.
---------------------------------------------------------------------------
Version 0.9.2 (RGer), around 2005-07-06
- I intended to change the maxsupported message size to 32k to
support IHE - but given the memory inefficiency in the usual use
cases, I have not done this. I have, however, included very
specific instructions on how to do this in the source code. I have
also done some testing with 32k messages, so you can change the
max size without taking too much risk.
- added a syslog/tcp receiver; we now can receive messages via
plain tcp, but we can still send only via UDP. The syslog/tcp
receiver is the primary enhancement of this release.
- slightly changed some error messages that contained a spurios \n at
the end of the line (which gives empty lines in your log...)
---------------------------------------------------------------------------
Version 0.9.1 (RGer)
- fixed code so that it compiles without errors under FreeBSD
- removed now unused function "allocate_log()" from syslogd.c
- changed the make file so that it contains more defines for
different environments (in the long term, we need a better
system for disabling/enabling features...)
- changed some printf's printing off_t types to %lld and
explicit (long long) casts. I tried to figure out the exact type,
but did not succeed in this. In the worst case, ultra-large peta-
byte files will now display funny informational messages on rollover,
something I think we can live with for the neersion 3.11.2 (rgerhards), 2008-02-??
---------------------------------------------------------------------------
Version 3.11.1 (rgerhards), 2008-02-12
- SNMP trap sender added thanks to Andre Lorbach (omsnmp)
- added input-plugin interface specification in form of a (copy) template
input module
- applied documentation fix by Michael Biebl -- many thanks!
- bugfix: immark did not have MARK flags set...
- added x-info field to rsyslogd startup/shutdown message. Hopefully
points users to right location for further info (many don't even know
they run rsyslog ;))
- bugfix: trailing ":" of tag was lost while parsing legacy syslog messages
without timestamp - thanks to Anders Blomdell for providing a patch!
- fixed a bug in stringbuf.c related to STRINGBUF_TRIM_ALLOCSIZE, which
wasn't supposed to be used with rsyslog. Put a warning message up that
tells this feature is not tested and probably not worth the effort.
Thanks to Anders Blomdell fro bringing this to our attention
- somewhat improved performance of string buffers
- fixed bug that caused invalid treatment of tabs (HT) in rsyslog.conf
- bugfix: setting for $EscapeControlCharactersOnReceive was not
properly initialized
- clarified usage of space-cc property replacer option
- improved abort diagnostic handler
- some initial effort for malloc/free runtime debugging support
- bugfix: using dynafile actions caused rsyslogd abort
- fixed minor man errors thanks to Michael Biebl
---------------------------------------------------------------------------
Version 3.11.0 (rgerhards), 2008-01-31
- implemented queued actions
- implemented simple rate limiting for actions
- implemented deliberate discarding of lower priority messages over higher
priority ones when a queue runs out of space
- implemented disk quotas for disk queues
- implemented the $ActionResumeRetryCount config directive
- added $ActionQueueFilename config directive
- added $ActionQueueSize config directive
- added $ActionQueueHighWaterMark config directive
- added $ActionQueueLowWaterMark config directive
- added $ActionQueueDiscardMark config directive
- added $ActionQueueDiscardSeverity config directive
- added $ActionQueueCheckpointInterval config directive
- added $ActionQueueType config directive
- added $ActionQueueWorkerThreads config directive
- added $ActionQueueTimeoutshutdown config directive
- added $ActionQueueTimeoutActionCompletion config directive
- added $ActionQueueTimeoutenQueue config directive
- added $ActionQueueTimeoutworkerThreadShutdown config directive
- added $ActionQueueWorkerThreadMinimumMessages config directive
- added $ActionQueueMaxFileSize config directive
- added $ActionQueueSaveonShutdown config directive
- addded $ActionQueueDequeueSlowdown config directive
- addded $MainMsgQueueDequeueSlowdown config directive
- bugfix: added forgotten docs to package
- improved debugging support
- fixed a bug that caused $MainMsgQueueCheckpointInterval to work incorrectly
- when a long-running action needs to be cancelled on shutdown, the message
that was processed by it is now preserved. This finishes support for
guaranteed delivery of messages (if the output supports it, of course)
- fixed bug in output module interface, see
http://sourceforge.net/tracker/index.php?func=detail&aid=1881008&group_id=123448&atid=696552
- changed the ommysql output plugin so that the (lengthy) connection
initialization now takes place in message processing. This works much
better with the new queued action mode (fast startup)
- fixed a bug that caused a potential hang in file and fwd output module
varmojfekoj provided the patch - many thanks!
- bugfixed stream class offset handling on 32bit platforms
---------------------------------------------------------------------------
Version 3.10.3 (rgerhards), 2008-01-28
- fixed a bug with standard template definitions (not a big deal) - thanks
to varmojfekoj for spotting it
- run-time instrumentation added
- implemented disk-assisted queue mode, which enables on-demand disk
spooling if the queue's in-memory queue is exhausted
- implemented a dynamic worker thread pool for processing incoming
messages; workers are started and shut down as need arises
- implemented a run-time instrumentation debug package
- implemented the $MainMsgQueueSaveOnShutdown config directive
- implemented the $MainMsgQueueWorkerThreadMinimumMessages config directive
- implemented the $MainMsgQueueTimeoutWorkerThreadShutdown config directive
---------------------------------------------------------------------------
Version 3.10.2 (rgerhards), 2008-01-14
- added the ability to keep stop rsyslogd without the need to drain
the main message queue. In disk queue mode, rsyslog continues to
run from the point where it stopped. In case of a system failure, it
continues to process messages from the last checkpoint.
- fixed a bug that caused a segfault on startup when no $WorkDir directive
was specified in rsyslog.conf
- provided more fine-grain control over shutdown timeouts and added a
way to specify the enqueue timeout when the main message queue is full
- implemented $MainMsgQueueCheckpointInterval config directive
- implemented $MainMsgQueueTimeoutActionCompletion config directive
- implemented $MainMsgQueueTimeoutEnqueue config directive
- implemented $MainMsgQueueTimeoutShutdown config directive
---------------------------------------------------------------------------
Version 3.10.1 (rgerhards), 2008-01-10
- implemented the "disk" queue mode. However, it currently is of very
limited use, because it does not support persistence over rsyslogd
runs. So when rsyslogd is stopped, the queue is drained just as with
the in-memory queue modes. Persistent queues will be a feature of
the next release.
- performance-optimized string class, should bring an overall improvement
- fixed a memory leak in imudp -- thanks to varmojfekoj for the patch
- fixed a race condition that could lead to a rsyslogd hang when during
HUP or termination
- done some doc updates
- added $WorkDirectory config directive
- added $MainMsgQueueFileName config directive
- added $MainMsgQueueMaxFileSize config directive
---------------------------------------------------------------------------
Version 3.10.0 (rgerhards), 2008-01-07
- implemented input module interface and initial input modules
- enhanced threading for input modules (each on its own thread now)
- ability to bind UDP listeners to specific local interfaces/ports and
ability to run multiple of them concurrently
- added ability to specify listen IP address for UDP syslog server
- license changed to GPLv3
- mark messages are now provided by loadble module immark
- rklogd is no longer provided. Its functionality has now been taken over
by imklog, a loadable input module. This offers a much better integration
into rsyslogd and makes sure that the kernel logger process is brought
up and down at the appropriate times
- enhanced $IncludeConfig directive to support wildcard characters
(thanks to Michael Biebl)
- all inputs are now implemented as loadable plugins
- enhanced threading model: each input module now runs on its own thread
- enhanced message queue which now supports different queueing methods
(among others, this can be used for performance fine-tuning)
- added a large number of new configuration directives for the new
input modules
- enhanced multi-threading utilizing a worker thread pool for the
main message queue
- compilation without pthreads is no longer supported
- much cleaner code due to new objects and removal of single-threading
mode
---------------------------------------------------------------------------
Version 2.0.1 STABLE (rgerhards), 2008-01-24
- fixed a bug in integer conversion - but this function was never called,
so it is not really a useful bug fix ;)
- fixed a bug with standard template definitions (not a big deal) - thanks
to varmojfekoj for spotting it
- fixed a bug that caused a potential hang in file and fwd output module
varmojfekoj provided the patch - many thanks!
---------------------------------------------------------------------------
Version 2.0.0 STABLE (rgerhards), 2008-01-02
- re-release of 1.21.2 as STABLE with no modifications except some
doc updates
---------------------------------------------------------------------------
Version 1.21.2 (rgerhards), 2007-12-28
- created a gss-api output module. This keeps GSS-API code and
TCP/UDP code separated. It is also important for forward-
compatibility with v3. Please note that this change breaks compatibility
with config files created for 1.21.0 and 1.21.1 - this was considered
acceptable.
- fixed an error in forwarding retry code (could lead to message corruption
but surfaced very seldom)
- increased portability for older platforms (AI_NUMERICSERV moved)
- removed socket leak in omfwd.c
- cross-platform patch for GSS-API compile problem on some platforms
thanks to darix for the patch!
---------------------------------------------------------------------------
Version 1.21.1 (rgerhards), 2007-12-23
- small doc fix for $IncludeConfig
- fixed a bug in llDestroy()
- bugfix: fixing memory leak when message queue is full and during
parsing. Thanks to varmojfekoj for the patch.
- bugfix: when compiled without network support, unix sockets were
not properly closed
- bugfix: memory leak in cfsysline.c/doGetWord() fixed
---------------------------------------------------------------------------
Version 1.21.0 (rgerhards), 2007-12-19
- GSS-API support for syslog/TCP connections was added. Thanks to
varmojfekoj for providing the patch with this functionality
- code cleanup
- enhanced $IncludeConfig directive to support wildcard filenames
- changed some multithreading synchronization
---------------------------------------------------------------------------
Version 1.20.1 (rgerhards), 2007-12-12
- corrected a debug setting that survived release. Caused TCP connections
to be retried unnecessarily often.
- When a hostname ACL was provided and DNS resolution for that name failed,
ACL processing was stopped at that point. Thanks to mildew for the patch.
Fedora Bugzilla: http://bugzilla.redhat.com/show_bug.cgi?id=395911
- fixed a potential race condition, see link for details:
http://rgerhards.blogspot.com/2007/12/rsyslog-race-condition.html
Note that the probability of problems from this bug was very remote
- fixed a memory leak that happened when PostgreSQL date formats were
used
---------------------------------------------------------------------------
Version 1.20.0 (rgerhards), 2007-12-07
- an output module for postgres databases has been added. Thanks to
sur5r for contributing this code
- unloading dynamic modules has been cleaned up, we now have a
real implementation and not just a dummy "good enough for the time
being".
- enhanced platform independence - thanks to Bartosz Kuzma and Michael
Biebl for their very useful contributions
- some general code cleanup (including warnings on 64 platforms, only)
---------------------------------------------------------------------------
Version 1.19.12 (rgerhards), 2007-12-03
- cleaned up the build system (thanks to Michael Biebl for the patch)
- fixed a bug where ommysql was still not compiled with -pthread option
---------------------------------------------------------------------------
Version 1.19.11 (rgerhards), 2007-11-29
- applied -pthread option to build when building for multi-threading mode
hopefully solves an issue with segfaulting
---------------------------------------------------------------------------
Version 1.19.10 (rgerhards), 2007-10-19
- introduced the new ":modulename:" syntax for calling module actions
in selector lines; modified ommysql to support it. This is primarily
an aid for further modules and a prerequisite to actually allow third
party modules to be created.
- minor fix in slackware startup script, "-r 0" is now "-r0"
- updated rsyslogd doc set man page; now in html format
- undid creation of a separate thread for the main loop -- this did not
turn out to be needed or useful, so reduce complexity once again.
- added doc fixes provided by Michael Biebl - thanks
---------------------------------------------------------------------------
Version 1.19.9 (rgerhards), 2007-10-12
- now packaging system which again contains all components in a single
tarball
- modularized main() a bit more, resulting in less complex code
- experimentally added an additional thread - will see if that affects
the segfault bug we experience on some platforms. Note that this change
is scheduled to be removed again later.
---------------------------------------------------------------------------
Version 1.19.8 (rgerhards), 2007-09-27
- improved repeated message processing
- applied patch provided by varmojfekoj to support building ommysql
in its own way (now also resides in a plugin subdirectory);
ommysql is now a separate package
- fixed a bug in cvthname() that lead to message loss if part
of the source hostname would have been dropped
- created some support for distributing ommysql together with the
main rsyslog package. I need to re-think it in the future, but
for the time being the current mode is best. I now simply include
one additional tarball for ommysql inside the main distribution.
I look forward to user feedback on how this should be done best. In the
long term, a separate project should be spawend for ommysql, but I'd
like to do that only after the plugin interface is fully stable (what
it is not yet).
---------------------------------------------------------------------------
Version 1.19.7 (rgerhards), 2007-09-25
- added code to handle situations where senders send us messages ending with
a NUL character. It is now simply removed. This also caused trailing LF
reduction to fail, when it was followed by such a NUL. This is now also
handled.
- replaced some non-thread-safe function calls by their thread-safe
counterparts
- fixed a minor memory leak that occurred when the %APPNAME% property was
used (I think nobody used that in practice)
- fixed a bug that caused signal handlers in cvthname() not to be restored when
a malicious pointer record was detected and processing of the message been
stopped for that reason (this should be really rare and can not be related
to the segfault bug we are hunting).
- fixed a bug in cvthname that lead to passing a wrong parameter - in
practice, this had no impact.
- general code cleanup (e.g. compiler warnings, comments)
---------------------------------------------------------------------------
Version 1.19.6 (rgerhards), 2007-09-11
- applied patch by varmojfekoj to change signal handling to the new
sigaction API set (replacing the depreciated signal() calls and its
friends.
- fixed a bug that in --enable-debug mode caused an assertion when the
discard action was used
- cleaned up compiler warnings
- applied patch by varmojfekoj to FIX a bug that could cause
segfaults if empty properties were processed using modifying
options (e.g. space-cc, drop-cc)
- fixed man bug: rsyslogd supports -l option
---------------------------------------------------------------------------
Version 1.19.5 (rgerhards), 2007-09-07
- changed part of the CStr interface so that better error tracking
is provided and the calling sequence is more intuitive (there were
invalid calls based on a too-weird interface)
- (hopefully) fixed some remaining bugs rooted in wrong use of
the CStr class. These could lead to program abort.
- applied patch by varmojfekoj two fix two potential segfault situations
- added $ModDir config directive
- modified $ModLoad so that an absolute path may be specified as
module name (e.g. /rsyslog/ommysql.so)
---------------------------------------------------------------------------
Version 1.19.4 (rgerhards/varmojfekoj), 2007-09-04
- fixed a number of small memory leaks - thanks varmojfekoj for patching
- fixed an issue with CString class that could lead to rsyslog abort
in tplToString() - thanks varmojfekoj for patching
- added a man-version of the config file documentation - thanks to Michel
Samia for providing the man file
- fixed bug: a template like this causes an infinite loop:
$template opts,"%programname:::a,b%"
thanks varmojfekoj for the patch
- fixed bug: case changing options crash freeing the string pointer
because they modify it: $template opts2,"%programname::1:lowercase%"
thanks varmojfekoj for the patch
---------------------------------------------------------------------------
Version 1.19.3 (mmeckelein/varmojfekoj), 2007-08-31
- small mem leak fixed (after calling parseSelectorAct) - Thx varmojfekoj
- documentation section "Regular File" und "Blocks" updated
- solved an issue with dynamic file generation - Once again many thanks
to varmojfekoj
- the negative selector for program name filter (Blocks) does not work as
expected - Thanks varmojfekoj for patching
- added forwarding information to sysklogd (requires special template)
to config doc
---------------------------------------------------------------------------
Version 1.19.2 (mmeckelein/varmojfekoj), 2007-08-28
- a specifically formed message caused a segfault - Many thanks varmojfekoj
for providing a patch
- a typo and a weird condition are fixed in msg.c - Thanks again
varmojfekoj
- on file creation the file was always owned by root:root. This is fixed
now - Thanks ypsa for solving this issue
---------------------------------------------------------------------------
Version 1.19.1 (mmeckelein), 2007-08-22
- a bug that caused a high load when a TCP/UDP connection was closed is
fixed now - Thanks mildew for solving this issue
- fixed a bug which caused a segfault on reinit - Thx varmojfekoj for the
patch
- changed the hardcoded module path "/lib/rsyslog" to $(pkglibdir) in order
to avoid trouble e.g. on 64 bit platforms (/lib64) - many thanks Peter
Vrabec and darix, both provided a patch for solving this issue
- enhanced the unloading of modules - thanks again varmojfekoj
- applied a patch from varmojfekoj which fixes various little things in
MySQL output module
---------------------------------------------------------------------------
Version 1.19.0 (varmojfekoj/rgerhards), 2007-08-16
- integrated patch from varmojfekoj to make the mysql module a loadable one
many thanks for the patch, MUCH appreciated
---------------------------------------------------------------------------
Version 1.18.2 (rgerhards), 2007-08-13
- fixed a bug in outchannel code that caused templates to be incorrectly
parsed
- fixed a bug in ommysql that caused a wrong ";template" missing message
- added some code for unloading modules; not yet fully complete (and we do
not yet have loadable modules, so this is no problem)
- removed debian subdirectory by request of a debian packager (this is a special
subdir for debian and there is also no point in maintaining it when there
is a debian package available - so I gladly did this) in some cases
- improved overall doc quality (some pages were quite old) and linked to
more of the online resources.
- improved /contrib/delete_mysql script by adding a host option and some
other minor modifications
---------------------------------------------------------------------------
Version 1.18.1 (rgerhards), 2007-08-08
- applied a patch from varmojfekoj which solved a potential segfault
of rsyslogd on HUP
- applied patch from Michel Samia to fix compilation when the pthreads
feature is disabled
- some code cleanup (moved action object to its own file set)
- add config directive $MainMsgQueueSize, which now allows one to configure the
queue size dynamically
- all compile-time settings are now shown in rsyslogd -v, not just the
active ones
- enhanced performance a little bit more
- added config file directive $ActionResumeInterval
- fixed a bug that prevented compilation under debian sid
- added a contrib directory for user-contributed useful things
---------------------------------------------------------------------------
Version 1.18.0 (rgerhards), 2007-08-03
- rsyslog now supports fallback actions when an action did not work. This
is a great feature e.g. for backup database servers or backup syslog
servers
- modified rklogd to only change the console log level if -c is specified
- added feature to use multiple actions inside a single selector
- implemented $ActionExecOnlyWhenPreviousIsSuspended config directive
- error messages during startup are now spit out to the configured log
destinations
---------------------------------------------------------------------------
Version 1.17.6 (rgerhards), 2007-08-01
- continued to work on output module modularization - basic stage of
this work is now FINISHED
- fixed bug in OMSRcreate() - always returned SR_RET_OK
- fixed a bug that caused ommysql to always complain about missing
templates
- fixed a mem leak in OMSRdestruct - freeing the object itself was
forgotten - thanks to varmojfekoj for the patch
- fixed a memory leak in syslogd/init() that happened when the config
file could not be read - thanks to varmojfekoj for the patch
- fixed insufficient memory allocation in addAction() and its helpers.
The initial fix and idea was developed by mildew, I fine-tuned
it a bit. Thanks a lot for the fix, I'd probably had pulled out my
hair to find the bug...
- added output of config file line number when a parsing error occurred
- fixed bug in objomsr.c that caused program to abort in debug mode with
an invalid assertion (in some cases)
- fixed a typo that caused the default template for MySQL to be wrong.
thanks to mildew for catching this.
- added configuration file command $DebugPrintModuleList and
$DebugPrintCfSysLineHandlerList
- fixed an invalid value for the MARK timer - unfortunately, there was
a testing aid left in place. This resulted in quite frequent MARK messages
- added $IncludeConfig config directive
- applied a patch from mildew to prevent rsyslogd from freezing under heavy
load. This could happen when the queue was full. Now, we drop messages
but rsyslogd remains active.
---------------------------------------------------------------------------
Version 1.17.5 (rgerhards), 2007-07-30
- continued to work on output module modularization
- fixed a missing file bug - thanks to Andrea Montanari for reporting
this problem
- fixed a problem with shutting down the worker thread and freeing the
selector_t list - this caused messages to be lost, because the
message queue was not properly drained before the selectors got
destroyed.
---------------------------------------------------------------------------
Version 1.17.4 (rgerhards), 2007-07-27
- continued to work on output module modularization
- fixed a situation where rsyslogd could create zombie processes
thanks to mildew for the patch
- applied patch from Michel Samia to fix compilation when NOT
compiled for pthreads
---------------------------------------------------------------------------
Version 1.17.3 (rgerhards), 2007-07-25
- continued working on output module modularization
- fixed a bug that caused rsyslogd to segfault on exit (and
probably also on HUP), when there was an unsent message in a selector
that required forwarding and the dns lookup failed for that selector
(yes, it was pretty unlikely to happen;))
thanks to varmojfekoj <varmojfekoj@gmail.com> for the patch
- fixed a memory leak in config file parsing and die()
thanks to varmojfekoj <varmojfekoj@gmail.com> for the patch
- rsyslogd now checks on startup if it is capable to perform any work
at all. If it cant, it complains and terminates
thanks to Michel Samia for providing the patch!
- fixed a small memory leak when HUPing syslogd. The allowed sender
list now gets freed. thanks to mildew for the patch.
- changed the way error messages in early startup are logged. They
now do no longer use the syslogd code directly but are rather
send to stderr.
---------------------------------------------------------------------------
Version 1.17.2 (rgerhards), 2007-07-23
- made the port part of the -r option optional. Needed for backward
compatibility with sysklogd
- replaced system() calls with something more reasonable. Please note that
this might break compatibility with some existing configuration files.
We accept this in favor of the gained security.
- removed a memory leak that could occur if timegenerated was used in
RFC 3164 format in templates
- did some preparation in msg.c for advanced multithreading - placed the
hooks, but not yet any active code
- worked further on modularization
- added $ModLoad MySQL (dummy) config directive
- added DropTrailingLFOnReception config directive
---------------------------------------------------------------------------
Version 1.17.1 (rgerhards), 2007-07-20
- fixed a bug that caused make install to install rsyslogd and rklogd under
the wrong names
- fixed bug that caused $AllowedSenders to handle IPv6 scopes incorrectly;
also fixed but that could garble $AllowedSender wildcards. Thanks to
mildew@gmail.com for the patch
- minor code cleanup - thanks to Peter Vrabec for the patch
- fixed minimal memory leak on HUP (caused by templates)
thanks to varmojfekoj <varmojfekoj@gmail.com> for the patch
- fixed another memory leak on HUPing and on exiting rsyslogd
again thanks to varmojfekoj <varmojfekoj@gmail.com> for the patch
- code cleanup (removed compiler warnings)
- fixed portability bug in configure.ac - thanks to Bartosz Kuźma for patch
- moved msg object into its own file set
- added the capability to continue trying to write log files when the
file system is full. Functionality based on patch by Martin Schulze
to sysklogd package.
---------------------------------------------------------------------------
Version 1.17.0 (RGer), 2007-07-17
- added $RepeatedLineReduction config parameter
- added $EscapeControlCharactersOnReceive config parameter
- added $ControlCharacterEscapePrefix config parameter
- added $DirCreateMode config parameter
- added $CreateDirs config parameter
- added $DebugPrintTemplateList config parameter
- added $ResetConfigVariables config parameter
- added $FileOwner config parameter
- added $FileGroup config parameter
- added $DirOwner config parameter
- added $DirGroup config parameter
- added $FailOnChownFailure config parameter
- added regular expression support to the filter engine
thanks to Michel Samia for providing the patch!
- enhanced $AllowedSender functionality. Credits to mildew@gmail.com for
the patch doing that
- added IPv6 support
- allowed DNS hostnames
- allowed DNS wildcard names
- added new option $DropMsgsWithMaliciousDnsPTRRecords
- added autoconf so that rfc3195d, rsyslogd and klogd are stored to /sbin
- added capability to auto-create directories with dynaFiles
---------------------------------------------------------------------------
Version 1.16.0 (RGer/Peter Vrabec), 2007-07-13 - The Friday, 13th Release ;)
- build system switched to autotools
- removed SYSV preprocessor macro use, replaced with autotools equivalents
- fixed a bug that caused rsyslogd to segfault when TCP listening was
disabled and it terminated
- added new properties "syslogfacility-text" and "syslogseverity-text"
thanks to varmojfekoj <varmojfekoj@gmail.com> for the patch
- added the -x option to disable hostname dns resolution
thanks to varmojfekoj <varmojfekoj@gmail.com> for the patch
- begun to better modularize syslogd.c - this is an ongoing project; moved
type definitions to a separate file
- removed some now-unused fields from struct filed
- move file size limit fields in struct field to the "right spot" (the file
writing part of the union - f_un.f_file)
- subdirectories linux and solaris are no longer part of the distribution
package. This is not because we cease support for them, but there are no
longer any files in them after the move to autotools
---------------------------------------------------------------------------
Version 1.15.1 (RGer), 2007-07-10
- fixed a bug that caused a dynaFile selector to stall when there was
an open error with one file
- improved template processing for dynaFiles; templates are now only
looked up during initialization - speeds up processing
- optimized memory layout in struct filed when compiled with MySQL
support
- fixed a bug that caused compilation without SYSLOG_INET to fail
- re-enabled the "last message repeated n times" feature. This
feature was not taken care of while rsyslogd evolved from sysklogd
and it was more or less defunct. Now it is fully functional again.
- added system properties: $NOW, $YEAR, $MONTH, $DAY, $HOUR, $MINUTE
- fixed a bug in iovAsString() that caused a memory leak under stress
conditions (most probably memory shortage). This was unlikely to
ever happen, but it doesn't hurt doing it right
- cosmetic: defined type "uchar", change all unsigned chars to uchar
---------------------------------------------------------------------------
Version 1.15.0 (RGer), 2007-07-05
- added ability to dynamically generate file names based on templates
and thus properties. This was a much-requested feature. It makes
life easy when it e.g. comes to splitting files based on the sender
address.
- added $umask and $FileCreateMode config file directives
- applied a patch from Bartosz Kuzma to compile cleanly under NetBSD
- checks for extra (unexpected) characters in system config file lines
have been added
- added IPv6 documentation - was accidentally missing from CVS
- begun to change char to unsigned char
---------------------------------------------------------------------------
Version 1.14.2 (RGer), 2007-07-03
** this release fixes all known nits with IPv6 **
- restored capability to do /etc/service lookup for "syslog"
service when -r 0 was given
- documented IPv6 handling of syslog messages
- integrate patch from Bartosz Kuźma to make rsyslog compile under
Solaris again (the patch replaced a strndup() call, which is not
available under Solaris
- improved debug logging when waiting on select
- updated rsyslogd man page with new options (-46A)
---------------------------------------------------------------------------
Version 1.14.1 (RGer/Peter Vrabec), 2007-06-29
- added Peter Vrabec's patch for IPv6 TCP
- prefixed all messages send to stderr in rsyslogd with "rsyslogd: "
---------------------------------------------------------------------------
Version 1.14.0 (RGer/Peter Vrabec), 2007-06-28
- Peter Vrabec provided IPv6 for rsyslog, so we are now IPv6 enabled
IPv6 Support is currently for UDP only, TCP is to come soon.
AllowedSender configuration does not yet work for IPv6.
- fixed code in iovCreate() that broke C's strict aliasing rules
- fixed some char/unsigned char differences that forced the compiler
to spit out warning messages
- updated the Red Hat init script to fix a known issue (thanks to
Peter Vrabec)
---------------------------------------------------------------------------
Version 1.13.5 (RGer), 2007-06-22
- made the TCP session limit configurable via command line switch
now -t <port>,<max sessions>
- added man page for rklogd(8) (basically a copy from klogd, but now
there is one...)
- fixed a bug that caused internal messages (e.g. rsyslogd startup) to
appear without a tag.
- removed a minor memory leak that occurred when TAG processing requalified
a HOSTNAME to be a TAG (and a TAG already was set).
- removed potential small memory leaks in MsgSet***() functions. There
would be a leak if a property was re-set, something that happened
extremely seldom.
---------------------------------------------------------------------------
Version 1.13.4 (RGer), 2007-06-18
- added a new property "PRI-text", which holds the PRI field in
textual form (e.g. "syslog.info")
- added alias "syslogseverity" for "syslogpriority", which is a
misleading property name that needs to stay for historical
reasons (and backward-compatibility)
- added doc on how to record PRI value in log file
- enhanced signal handling in klogd, including removal of an unsafe
call to the logging system during signal handling
---------------------------------------------------------------------------
Version 1.13.3 (RGer), 2007-06-15
- create a version of syslog.c from scratch. This is now
- highly optimized for rsyslog
- removes an incompatible license problem as the original
version had a BSD license with advertising clause
- fixed in the regard that rklogd will continue to work when
rsyslogd has been restarted (the original version, as well
as sysklogd, will remain silent then)
- solved an issue with an extra NUL char at message end that the
original version had
- applied some changes to klogd to care for the new interface
- fixed a bug in syslogd.c which prevented compiling under debian
---------------------------------------------------------------------------
Version 1.13.2 (RGer), 2007-06-13
- lib order in makefile patched to facilitate static linking - thanks
to Bennett Todd for providing the patch
- Integrated a patch from Peter Vrabec (pvrabec@redhat.com):
- added klogd under the name of rklogd (remove dependency on
original sysklogd package
- createDB.sql now in UTF
- added additional config files for use on Red Hat
---------------------------------------------------------------------------
Version 1.13.1 (RGer), 2007-02-05
- changed the listen backlog limit to a more reasonable value based on
the maximum number of TCP connections configured (10% + 5) - thanks to Guy
Standen for the hint (actually, the limit was 5 and that was a
left-over from early testing).
- fixed a bug in makefile which caused DB-support to be disabled when
NETZIP support was enabled
- added the -e option to allow transmission of every message to remote
hosts (effectively turns off duplicate message suppression)
- (somewhat) improved memory consumption when compiled with MySQL support
- looks like we fixed an incompatibility with MySQL 5.x and above software
At least in one case, the remote server name was destroyed, leading to
a connection failure. The new, improved code does not have this issue and
so we see this as solved (the new code is generally somewhat better, so
there is a good chance we fixed this incompatibility).
---------------------------------------------------------------------------
Version 1.13.0 (RGer), 2006-12-19
- added '$' as ToPos property replacer specifier - means "up to the
end of the string"
- property replacer option "escape-cc", "drop-cc" and "space-cc" added
- changed the handling of \0 characters inside syslog messages. We now
consistently escape them to "#000". This is somewhat recommended in
the draft-ietf-syslog-protocol-19 draft. While the real recommendation
is to not escape any characters at all, we can not do this without
considerable modification of the code. So we escape it to "#000", which
is consistent with a sample found in the Internet-draft.
- removed message glue logic (see printchopped() comment for details)
Also caused removal of parts table and thus some improvements in
memory usage.
- changed the default MAXLINE to 2048 to take care of recent syslog
standardization efforts (can easily be changed in syslogd.c)
- added support for byte-counted TCP syslog messages (much like
syslog-transport-tls-05 Internet Draft). This was necessary to
support compression over TCP.
- added support for receiving compressed syslog messages
- added support for sending compressed syslog messages
- fixed a bug where the last message in a syslog/tcp stream was
lost if it was not properly terminated by a LF character
---------------------------------------------------------------------------
Version 1.12.3 (RGer), 2006-10-04
- implemented some changes to support Solaris (but support is not
yet complete)
- commented out (via #if 0) some methods that are currently not being use
but should be kept for further us
- added (interim) -u 1 option to turn off hostname and tag parsing
- done some modifications to better support Fedora
- made the field delimiter inside property replace configurable via
template
- fixed a bug in property replacer: if fields were used, the delimitor
became part of the field. Up until now, this was barely noticeable as
the delimiter as TAB only and thus invisible to a human. With other
delimiters available now, it quickly showed up. This bug fix might cause
some grief to existing installations if they used the extra TAB for
whatever reasons - sorry folks... Anyhow, a solution is easy: just add
a TAB character constant into your template. Thus, there has no attempt
been made to do this in a backwards-compatible way.
---------------------------------------------------------------------------
Version 1.12.2 (RGer), 2006-02-15
- fixed a bug in the RFC 3339 date formatter. An extra space was added
after the actual timestamp
- added support for providing high-precision RFC3339 timestamps for
(rsyslogd-)internally-generated messages
- very (!) experimental support for syslog-protocol internet draft
added (the draft is experimental, the code is solid ;))
- added support for field-extracting in the property replacer
- enhanced the legacy-syslog parser so that it can interpret messages
that do not contain a TIMESTAMP
- fixed a bug that caused the default socket (usually /dev/log) to be
opened even when -o command line option was given
- fixed a bug in the Debian sample startup script - it caused rsyslogd
to listen to remote requests, which it shouldn't by default
---------------------------------------------------------------------------
Version 1.12.1 (RGer), 2005-11-23
- made multithreading work with BSD. Some signal-handling needed to be
restructured. Also, there might be a slight delay of up to 10 seconds
when huping and terminating rsyslogd under BSD
- fixed a bug where a NULL-pointer was passed to printf() in logmsg().
- fixed a bug during "make install" where rc3195d was not installed
Thanks to Bennett Todd for spotting this.
- fixed a bug where rsyslogd dumped core when no TAG was found in the
received message
- enhanced message parser so that it can deal with missing hostnames
in many cases (may not be totally fail-safe)
- fixed a bug where internally-generated messages did not have the correct
TAG
---------------------------------------------------------------------------
Version 1.12.0 (RGer), 2005-10-26
- moved to a multi-threaded design. single-threading is still optionally
available. Multi-threading is experimental!
- fixed a potential race condition. In the original code, marking was done
by an alarm handler, which could lead to all sorts of bad things. This
has been changed now. See comments in syslogd.c/domark() for details.
- improved debug output for property-based filters
- not a code change, but: I have checked all exit()s to make sure that
none occurs once rsyslogd has started up. Even in unusual conditions
(like low-memory conditions) rsyslogd somehow remains active. Of course,
it might loose a message or two, but at least it does not abort and it
can also recover when the condition no longer persists.
- fixed a bug that could cause loss of the last message received
immediately before rsyslogd was terminated.
- added comments on thread-safety of global variables in syslogd.c
- fixed a small bug: spurios printf() when TCP syslog was used
- fixed a bug that causes rsyslogd to dump core on termination when one
of the selector lines did not receive a message during the run (very
unlikely)
- fixed an one-too-low memory allocation in the TCP sender. Could result
in rsyslogd dumping core.
- fixed a bug with regular expression support (thanks to Andres Riancho)
- a little bit of code restructuring (especially main(), which was
horribly large)
---------------------------------------------------------------------------
Version 1.11.1 (RGer), 2005-10-19
- support for BSD-style program name and host blocks
- added a new property "programname" that can be used in templates
- added ability to specify listen port for rfc3195d
- fixed a bug that rendered the "startswith" comparison operation
unusable.
- changed more functions to "static" storage class to help compiler
optimize (should have been static in the first place...)
- fixed a potential memory leak in the string buffer class destructor.
As the destructor was previously never called, the leak did not actually
appear.
- some internal restructuring in anticipation/preparation of minimal
multi-threading support
- rsyslogd still shares some code with the sysklogd project. Some patches
for this shared code have been brought over from the sysklogd CVS.
---------------------------------------------------------------------------
Version 1.11.0 (RGer), 2005-10-12
- support for receiving messages via RFC 3195; added rfc3195d for that
purpose
- added an additional guard to prevent rsyslogd from aborting when the
2gb file size limit is hit. While a user can configure rsyslogd to
handle such situations, it would abort if that was not done AND large
file support was not enabled (ok, this is hopefully an unlikely scenario)
- fixed a bug that caused additional Unix domain sockets to be incorrectly
processed - could lead to message loss in extreme cases
---------------------------------------------------------------------------
Version 1.10.2 (RGer), 2005-09-27
- added comparison operations in property-based filters:
* isequal
* startswith
- added ability to negate all property-based filter comparison operations
by adding a !-sign right in front of the operation name
- added the ability to specify remote senders for UDP and TCP
received messages. Allows to block all but well-known hosts
- changed the $-config line directives to be case-INsensitive
- new command line option -w added: "do not display warnings if messages
from disallowed senders are received"
- fixed a bug that caused rsyslogd to dump core when the compare value
was not quoted in property-based filters
- fixed a bug in the new CStr compare function which lead to invalid
results (fortunately, this function was not yet used widely)
- added better support for "debugging" rsyslog.conf property filters
(only if -d switch is given)
- changed some function definitions to static, which eventually enables
some compiler optimizations
- fixed a bug in MySQL code; when a SQL error occurred, rsyslogd could
run in a tight loop. This was due to invalid sequence of error reporting
and is now fixed.
---------------------------------------------------------------------------
Version 1.10.1 (RGer), 2005-09-23
- added the ability to execute a shell script as an action.
Thanks to Bjoern Kalkbrenner for providing the code!
- fixed a bug in the MySQL code; due to the bug the automatic one-time
retry after an error did not happen - this lead to error message in
cases where none should be seen (e.g. after a MySQL restart)
- fixed a security issue with SQL-escaping in conjunction with
non-(SQL-)standard MySQL features.
---------------------------------------------------------------------------
Version 1.10.0 (RGer), 2005-09-20
REMINDER: 1.10 is the first unstable version if the 1.x series!
- added the capability to filter on any property in selector lines
(not just facility and priority)
- changed stringbuf into a new counted string class
- added support for a "discard" action. If a selector line with
discard (~ character) is found, no selector lines *after* that
line will be processed.
- thanks to Andres Riancho, regular expression support has been
added to the template engine
- added the FROMHOST property in the template processor, which could
previously not be obtained. Thanks to Cristian Testa for pointing
this out and even providing a fix.
- added display of compile-time options to -v output
- performance improvement for production build - made some checks
to happen only during debug mode
- fixed a problem with compiling on SUSE and - while doing so - removed
the socket call to set SO_BSDCOMPAT in cases where it is obsolete.
---------------------------------------------------------------------------
Version 1.0.4 (RGer), 2006-02-01
- a small but important fix: the tcp receiver had two forgotten printf's
in it that caused a lot of unnecessary output to stdout. This was
important enough to justify a new release
---------------------------------------------------------------------------
Version 1.0.3 (RGer), 2005-11-14
- added an additional guard to prevent rsyslogd from aborting when the
2gb file size limit is hit. While a user can configure rsyslogd to
handle such situations, it would abort if that was not done AND large
file support was not enabled (ok, this is hopefully an unlikely scenario)
- fixed a bug that caused additional Unix domain sockets to be incorrectly
processed - could lead to message loss in extreme cases
- applied some patches available from the sysklogd project to code
shared from there
- fixed a bug that causes rsyslogd to dump core on termination when one
of the selector lines did not receive a message during the run (very
unlikely)
- fixed an one-too-low memory allocation in the TCP sender. Could result
in rsyslogd dumping core.
- fixed a bug in the TCP sender that caused the retry logic to fail
after an error or receiver overrun
- fixed a bug in init() that could lead to dumping core
- fixed a bug that could lead to dumping core when no HOSTNAME or no TAG
was present in the syslog message
---------------------------------------------------------------------------
Version 1.0.2 (RGer), 2005-10-05
- fixed an issue with MySQL error reporting. When an error occurred,
the MySQL driver went into an endless loop (at least in most cases).
---------------------------------------------------------------------------
Version 1.0.1 (RGer), 2005-09-23
- fixed a security issue with SQL-escaping in conjunction with
non-(SQL-)standard MySQL features.
---------------------------------------------------------------------------
Version 1.0.0 (RGer), 2005-09-12
- changed install doc to cover daily cron scripts - a trouble source
- added rc script for slackware (provided by Chris Elvidge - thanks!)
- fixed a really minor bug in usage() - the -r option was still
reported as without the port parameter
---------------------------------------------------------------------------
Version 0.9.8 (RGer), 2005-09-05
- made startup and shutdown message more consistent and included the
pid, so that they can be easier correlated. Used syslog-protocol
structured data format for this purpose.
- improved config info in startup message, now tells not only
if it is listening remote on udp, but also for tcp. Also includes
the port numbers. The previous startup message was misleading, because
it did not say "remote reception" if rsyslogd was only listening via
tcp (but not via udp).
- added a "how can you help" document to the doc set
---------------------------------------------------------------------------
Version 0.9.7 (RGer), 2005-08-15
- some of the previous doc files (like INSTALL) did not properly
reflect the changes to the build process and the new doc. Fixed
that.
- changed syslogd.c so that when compiled without database support,
an error message is displayed when a database action is detected
in the config file (previously this was used as an user rule ;))
- fixed a bug in the os-specific Makefiles which caused MySQL
support to not be compiled, even if selected
---------------------------------------------------------------------------
Version 0.9.6 (RGer), 2005-08-09
- greatly enhanced documentation. Now available in html format in
the "doc" folder and FreeBSD. Finally includes an install howto.
- improved MySQL error messages a little - they now show up as log
messages, too (formerly only in debug mode)
- added the ability to specify the listen port for udp syslog.
WARNING: This introduces an incompatibility. Formerly, udp
syslog was enabled by the -r command line option. Now, it is
"-r [port]", which is consistent with the tcp listener. However,
just -r will now return an error message.
- added sample startup scripts for Debian and FreeBSD
- added support for easy feature selection in the makefile. Un-
fortunately, this also means I needed to spilt the make file
for different OS and distros. There are some really bad syntax
differences between FreeBSD and Linux make.
---------------------------------------------------------------------------
Version 0.9.5 (RGer), 2005-08-01
- the "semicolon bug" was actually not (fully) solved in 0.9.4. One
part of the bug was solved, but another still existed. This one
is fixed now, too.
- the "semicolon bug" actually turned out to be a more generic bug.
It appeared whenever an invalid template name was given. With some
selector actions, rsyslogd dumped core, with other it "just" had
a small resource leak with others all worked well. These anomalies
are now fixed. Note that they only appeared during system initialization
once the system was running, nothing bad happened.
- improved error reporting for template errors on startup. They are now
shown on the console and the start-up tty. Formerly, they were only
visible in debug mode.
- support for multiple instances of rsyslogd on a single machine added
- added new option "-o" --> omit local unix domain socket. This option
enables rsyslogd NOT to listen to the local socket. This is most
helpful when multiple instances of rsyslogd (or rsyslogd and another
syslogd) shall run on a single system.
- added new option "-i <pidfile>" which allows one to specify the pidfile.
This is needed when multiple instances of rsyslogd are to be run.
- the new project home page is now online at www.rsyslog.com
---------------------------------------------------------------------------
Version 0.9.4 (RGer), 2005-07-25
- finally added the TCP sender. It now supports non-blocking mode, no
longer disabling message reception during connect. As it is now, it
is usable in production. The code could be more sophisticated, but
I've kept it short in anticipation of the move to liblogging, which
will lead to the removal of the code just written ;)
- the "exiting on signal..." message still had the "syslogd" name in
it. Changed this to "rsyslogd", as we do not have a large user base
yet, this should pose no problem.
- fixed "the semicolon" bug. rsyslogd dumped core if a write-db action
was specified but no semicolon was given after the password (an empty
template was ok, but the semicolon needed to be present).
- changed a default for traditional output format. During testing, it
was seen that the timestamp written to file in default format was
the time of message reception, not the time specified in the TIMESTAMP
field of the message itself. Traditionally, the message TIMESTAMP is
used and this has been changed now.
---------------------------------------------------------------------------
Version 0.9.3 (RGer), 2005-07-19
- fixed a bug in the message parser. In June, the RFC 3164 timestamp
was not correctly parsed (yes, only in June and some other months,
see the code comment to learn why...)
- added the ability to specify the destination port when forwarding
syslog messages (both for TCP and UDP)
- added an very experimental TCP sender (activated by
@@machine:port in config). This is not yet for production use. If
the receiver is not alive, rsyslogd will wait quite some time until
the connection request times out, which most probably leads to
loss of incoming messages.
---------------------------------------------------------------------------
Version 0.9.2 (RGer), around 2005-07-06
- I intended to change the maxsupported message size to 32k to
support IHE - but given the memory inefficiency in the usual use
cases, I have not done this. I have, however, included very
specific instructions on how to do this in the source code. I have
also done some testing with 32k messages, so you can change the
max size without taking too much risk.
- added a syslog/tcp receiver; we now can receive messages via
plain tcp, but we can still send only via UDP. The syslog/tcp
receiver is the primary enhancement of this release.
- slightly changed some error messages that contained a spurios \n at
the end of the line (which gives empty lines in your log...)
---------------------------------------------------------------------------
Version 0.9.1 (RGer)
- fixed code so that it compiles without errors under FreeBSD
- removed now unused function "allocate_log()" from syslogd.c
- changed the make file so that it contains more defines for
different environments (in the long term, we need a better
system for disabling/enabling features...)
- changed some printf's printing off_t types to %lld and
explicit (long long) casts. I tried to figure out the exact type,
but did not succeed in this. In the worst case, ultra-large peta-
byte files will now display funny informational messages on rollover,
something I think we can live with for the next 10 years or so...
---------------------------------------------------------------------------
Version 0.9.0 (RGer)
- changed the filed structure to be a linked list. Previously, it
was a table - well, for non-SYSV it was defined as linked list,
but from what I see that code did no longer work after my
modifications. I am now using a linked list in general because
that is needed for other upcoming modifications.
- fixed a bug that caused rsyslogd not to listen to anything if
the configuration file could not be read
- previous versions disabled network logging (send/receive) if
syslog/udp port was not in /etc/services. Now defaulting to
port 514 in this case.
- internal error messages are now supported up to 256 bytes
- error message seen during config file read are now also displayed
to the attached tty and not only the console
- changed some error messages during init to be sent to the console
and/or emergency log. Previously, they were only seen if the
-d (debug) option was present on the command line.
- fixed the "2gb file issue on 32bit systems". If a file grew to
more than 2gb, the syslogd was aborted with "file size exceeded".
Now, defines have been added according to
http://www.daimi.au.dk/~kasperd/comp.os.linux.development.faq.html#LARGEFILE
Testing revealed that they work ;)
HOWEVER, if your file system, glibc, kernel, whatever does not
support files larger 2gb, you need to set a file size limit with
the new output channel mechanism.
- updated man pages to reflect the changes
---------------------------------------------------------------------------
Version 0.8.4
- improved -d debug output (removed developer-only content)
- now compiles under FreeBSD and NetBSD (only quick testing done on NetBSD)
---------------------------------------------------------------------------
Version 0.8.3
- security model in "make install" changed
- minor doc updates
---------------------------------------------------------------------------
Version 0.8.2
- added man page for rsyslog.conf and rsyslogd
- gave up on the concept of rsyslog being a "drop in" replacement
for syslogd. Now, the user installs rsyslogd and also needs to
adjust his system settings to this specifically. This also lead
to these changes:
* changed Makefile so that install now installs rsyslogd instead
of dealing with syslogd
* changed the default config file name to rsyslog.conf
---------------------------------------------------------------------------
Version 0.8.1
- fixed a nasty memory leak (probably not the last one with this release)
- some enhancements to Makefile as suggested by Bennett Todd
- syslogd-internal messages (like restart) were missing the hostname
this has been corrected
---------------------------------------------------------------------------
Version 0.8.0
Initial testing release. Based on the sysklogd package. Thanks to the
sysklogd maintainers for all their good work!
---------------------------------------------------------------------------
----------------------------------------------------------------------
The following comments were left in the syslogd source. While they provide
not too much detail, the help to date when Rainer started work on the
project (which was 2003, now even surprising for Rainer himself ;)).
* \author Rainer Gerhards <rgerhards@adiscon.com>
* \date 2003-10-17
* Some initial modifications on the sysklogd package to support
* liblogging. These have actually not yet been merged to the
* source you see currently (but they hopefully will)
*
* \date 2004-10-28
* Restarted the modifications of sysklogd. This time, we
* focus on a simpler approach first. The initial goal is to
* provide MySQL database support (so that syslogd can log
* to the database).
----------------------------------------------------------------------
The following comments are from the stock syslogd.c source. They provide
some insight into what happened to the source before we forked
rsyslogd. However, much of the code already has been replaced and more
is to be replaced. So over time, these comments become less valuable.
I have moved them out of the syslogd.c file to shrink it, especially
as a lot of them do no longer apply. For historical reasons and
understanding of how the daemon evolved, they are probably still
helpful.
* Author: Eric Allman
* extensive changes by Ralph Campbell
* more extensive changes by Eric Allman (again)
*
* Steve Lord: Fix UNIX domain socket code, added linux kernel logging
* change defines to
* SYSLOG_INET - listen on a UDP socket
* SYSLOG_UNIXAF - listen on unix domain socket
* SYSLOG_KERNEL - listen to linux kernel
*
* Mon Feb 22 09:55:42 CST 1993: Dr. Wettstein
* Additional modifications to the source. Changed priority scheme
* to increase the level of configurability. In its stock configuration
* syslogd no longer logs all messages of a certain priority and above
* to a log file. The * wildcard is supported to specify all priorities.
* Note that this is a departure from the BSD standard.
*
* Syslogd will now listen to both the inetd and the unixd socket. The
* strategy is to allow all local programs to direct their output to
* syslogd through the unixd socket while the program listens to the
* inetd socket to get messages forwarded from other hosts.
*
* Fri Mar 12 16:55:33 CST 1993: Dr. Wettstein
* Thanks to Stephen Tweedie (dcs.ed.ac.uk!sct) for helpful bug-fixes
* and an enlightened commentary on the prioritization problem.
*
* Changed the priority scheme so that the default behavior mimics the
* standard BSD. In this scenario all messages of a specified priority
* and above are logged.
*
* Add the ability to specify a wildcard (=) as the first character
* of the priority name. Doing this specifies that ONLY messages with
* this level of priority are to be logged. For example:
*
* *.=debug /usr/adm/debug
*
* Would log only messages with a priority of debug to the /usr/adm/debug
* file.
*
* Providing an * as the priority specifies that all messages are to be
* logged. Note that this case is degenerate with specifying a priority
* level of debug. The wildcard * was retained because I believe that
* this is more intuitive.
*
* Thu Jun 24 11:34:13 CDT 1993: Dr. Wettstein
* Modified sources to incorporate changes in libc4.4. Messages from
* syslog are now null-terminated, syslogd code now parses messages
* based on this termination scheme. Linux as of libc4.4 supports the
* fsync system call. Modified code to fsync after all writes to
* log files.
*
* Sat Dec 11 11:59:43 CST 1993: Dr. Wettstein
* Extensive changes to the source code to allow compilation with no
* complaints with -Wall.
*
* Reorganized the facility and priority name arrays so that they
* compatible with the syslog.h source found in /usr/include/syslog.h.
* NOTE that this should really be changed. The reason I do not
* allow the use of the values defined in syslog.h is on account of
* the extensions made to allow the wildcard character in the
* priority field. To fix this properly one should malloc an array,
* copy the contents of the array defined by syslog.h and then
* make whatever modifications that are desired. Next round.
*
* Thu Jan 6 12:07:36 CST 1994: Dr. Wettstein
* Added support for proper decomposition and re-assembly of
* fragment messages on UNIX domain sockets. Lack of this capability
* was causing 'partial' messages to be output. Since facility and
* priority information is encoded as a leader on the messages this
* was causing lines to be placed in erroneous files.
*
* Also added a patch from Shane Alderton (shane@ion.apana.org.au) to
* correct a problem with syslogd dumping core when an attempt was made
* to write log messages to a logged-on user. Thank you.
*
* Many thanks to Juha Virtanen (jiivee@hut.fi) for a series of
* interchanges which lead to the fixing of problems with messages set
* to priorities of none and emerg. Also thanks to Juha for a patch
* to exclude users with a class of LOGIN from receiving messages.
*
* Shane Alderton provided an additional patch to fix zombies which
* were conceived when messages were written to multiple users.
*
* Mon Feb 6 09:57:10 CST 1995: Dr. Wettstein
* Patch to properly reset the single priority message flag. Thanks
* to Christopher Gori for spotting this bug and forwarding a patch.
*
* Wed Feb 22 15:38:31 CST 1995: Dr. Wettstein
* Added version information to startup messages.
*
* Added defines so that paths to important files are taken from
* the definitions in paths.h. Hopefully this will insure that
* everything follows the FSSTND standards. Thanks to Chris Metcalf
* for a set of patches to provide this functionality. Also thanks
* Elias Levy for prompting me to get these into the sources.
*
* Wed Jul 26 18:57:23 MET DST 1995: Martin Schulze
* Linux' gethostname only returns the hostname and not the fqdn as
* expected in the code. But if you call hostname with an fqdn then
* gethostname will return an fqdn, so we have to mention that. This
* has been changed.
*
* The 'LocalDomain' and the hostname of a remote machine is
* converted to lower case, because the original caused some
* inconsistency, because the (at least my) nameserver did respond an
* fqdn containing of upper- _and_ lowercase letters while
* 'LocalDomain' consisted only of lowercase letters and that didn't
* match.
*
* Sat Aug 5 18:59:15 MET DST 1995: Martin Schulze
* Now no messages that were received from any remote host are sent
* out to another. At my domain this missing feature caused ugly
* syslog-loops, sometimes.
*
* Remember that no message is sent out. I can't figure out any
* scenario where it might be useful to change this behavior and to
* send out messages to other hosts than the one from which we
* received the message, but I might be shortsighted. :-/
*
* Thu Aug 10 19:01:08 MET DST 1995: Martin Schulze
* Added my pidfile.[ch] to it to perform a better handling with
* pidfiles. Now both, syslogd and klogd, can only be started
* once. They check the pidfile.
*
* Sun Aug 13 19:01:41 MET DST 1995: Martin Schulze
* Add an addition to syslog.conf's interpretation. If a priority
* begins with an exclamation mark ('!') the normal interpretation
* of the priority is inverted: ".!*" is the same as ".none", ".!=info"
* don't logs the info priority, ".!crit" won't log any message with
* the priority crit or higher. For example:
*
* mail.*;mail.!=info /usr/adm/mail
*
* Would log all messages of the facility mail except those with
* the priority info to /usr/adm/mail. This makes the syslogd
* much more flexible.
*
* Defined TABLE_ALLPRI=255 and changed some occurrences.
*
* Sat Aug 19 21:40:13 MET DST 1995: Martin Schulze
* Making the table of facilities and priorities while in debug
* mode more readable.
*
* If debugging is turned on, printing the whole table of
* facilities and priorities every hexadecimal or 'X' entry is
* now 2 characters wide.
*
* The number of the entry is prepended to each line of
* facilities and priorities, and F_UNUSED lines are not shown
* anymore.
*
* Corrected some #ifdef SYSV's.
*
* Mon Aug 21 22:10:35 MET DST 1995: Martin Schulze
* Corrected a strange behavior during parsing of configuration
* file. The original BSD syslogd doesn't understand spaces as
* separators between specifier and action. This syslogd now
* understands them. The old behavior caused some confusion over
* the Linux community.
*
* Thu Oct 19 00:02:07 MET 1995: Martin Schulze
* The default behavior has changed for security reasons. The
* syslogd will not receive any remote message unless you turn
* reception on with the "-r" option.
*
* Not defining SYSLOG_INET will result in not doing any network
* activity, i.e. not sending or receiving messages. I changed
* this because the old idea is implemented with the "-r" option
* and the old thing didn't work anyway.
*
* Thu Oct 26 13:14:06 MET 1995: Martin Schulze
* Added another logfile type F_FORW_UNKN. The problem I ran into
* was a name server that runs on my machine and a forwarder of
* kern.crit to another host. The hosts address can only be
* fetched using the nameserver. But named is started after
* syslogd, so syslogd complained.
*
* This logfile type will retry to get the address of the
* hostname ten times and then complain. This should be enough to
* get the named up and running during boot sequence.
*
* Fri Oct 27 14:08:15 1995: Dr. Wettstein
* Changed static array of logfiles to a dynamic array. This
* can grow during process.
*
* Fri Nov 10 23:08:18 1995: Martin Schulze
* Inserted a new tabular sys_h_errlist that contains plain text
* for error codes that are returned from the net subsystem and
* stored in h_errno. I have also changed some wrong lookups to
* sys_errlist.
*
* Wed Nov 22 22:32:55 1995: Martin Schulze
* Added the fabulous strip-domain feature that allows us to
* strip off (several) domain names from the fqdn and only log
* the simple hostname. This is useful if you're in a LAN that
* has a central log server and also different domains.
*
* I have also also added the -l switch do define hosts as
* local. These will get logged with their simple hostname, too.
*
* Thu Nov 23 19:02:56 MET DST 1995: Martin Schulze
* Added the possibility to omit fsyncing of logfiles after every
* write. This will give some performance back if you have
* programs that log in a very verbose manner (like innd or
* smartlist). Thanks to Stephen R. van den Berg <srb@cuci.nl>
* for the idea.
*
* Thu Jan 18 11:14:36 CST 1996: Dr. Wettstein
* Added patch from beta-testers to stop compile error. Also
* added removal of pid file as part of termination cleanup.
*
* Wed Feb 14 12:42:09 CST 1996: Dr. Wettstein
* Allowed forwarding of messages received from remote hosts to
* be controlled by a command-line switch. Specifying -h allows
* forwarding. The default behavior is to disable forwarding of
* messages which were received from a remote host.
*
* Parent process of syslogd does not exit until child process has
* finished initialization process. This allows rc.* startup to
* pause until syslogd facility is up and operating.
*
* Re-arranged the select code to move UNIX domain socket accepts
* to be processed later. This was a contributed change which
* has been proposed to correct the delays sometimes encountered
* when syslogd starts up.
*
* Minor code cleanups.
*
* Thu May 2 15:15:33 CDT 1996: Dr. Wettstein
* Fixed bug in init function which resulted in file descriptors
* being orphaned when syslogd process was re-initialized with SIGHUP
* signal. Thanks to Edvard Tuinder
* (Edvard.Tuinder@praseodymium.cistron.nl) for putting me on the
* trail of this bug. I am amazed that we didn't catch this one
* before now.
*
* Tue May 14 00:03:35 MET DST 1996: Martin Schulze
* Corrected a mistake that causes the syslogd to stop logging at
* some virtual consoles under Linux. This was caused by checking
* the wrong error code. Thanks to Michael Nonweiler
* <mrn20@hermes.cam.ac.uk> for sending me a patch.
*
* Mon May 20 13:29:32 MET DST 1996: Miquel van Smoorenburg <miquels@cistron.nl>
* Added continuation line supported and fixed a bug in
* the init() code.
*
* Tue May 28 00:58:45 MET DST 1996: Martin Schulze
* Corrected behavior of blocking pipes - i.e. the whole system
* hung. Michael Nonweiler <mrn20@hermes.cam.ac.uk> has sent us
* a patch to correct this. A new logfile type F_PIPE has been
* introduced.
*
* Mon Feb 3 10:12:15 MET DST 1997: Martin Schulze
* Corrected behavior of logfiles if the file can't be opened.
* There was a bug that causes syslogd to try to log into non
* existing files which ate cpu power.
*
* Sun Feb 9 03:22:12 MET DST 1997: Martin Schulze
* Modified syslogd.c to not kill itself which confuses bash 2.0.
*
* Mon Feb 10 00:09:11 MET DST 1997: Martin Schulze
* Improved debug code to decode the numeric facility/priority
* pair into textual information.
*
* Tue Jun 10 12:35:10 MET DST 1997: Martin Schulze
* Corrected freeing of logfiles. Thanks to Jos Vos <jos@xos.nl>
* for reporting the bug and sending an idea to fix the problem.
*
* Tue Jun 10 12:51:41 MET DST 1997: Martin Schulze
* Removed sleep(10) from parent process. This has caused a slow
* startup in former times - and I don't see any reason for this.
*
* Sun Jun 15 16:23:29 MET DST 1997: Michael Alan Dorman
* Some more glibc patches made by <mdorman@debian.org>.
*
* Thu Jan 1 16:04:52 CET 1998: Martin Schulze <joey@infodrom.north.de
* Applied patch from Herbert Thielen <Herbert.Thielen@lpr.e-technik.tu-muenchen.de>.
* This included some balance parentheses for emacs and a bug in
* the exclamation mark handling.
*
* Fixed small bug which caused syslogd to write messages to the
* wrong logfile under some very rare conditions. Thanks to
* Herbert Xu <herbert@gondor.apana.org.au> for fiddling this out.
*
* Thu Jan 8 22:46:35 CET 1998: Martin Schulze <joey@infodrom.north.de>
* Reworked one line of the above patch as it prevented syslogd
* from binding the socket with the result that no messages were
* forwarded to other hosts.
*
* Sat Jan 10 01:33:06 CET 1998: Martin Schulze <joey@infodrom.north.de>
* Fixed small bugs in F_FORW_UNKN mechanism. Thanks to Torsten
* Neumann <torsten@londo.rhein-main.de> for pointing me to it.
*
* Mon Jan 12 19:50:58 CET 1998: Martin Schulze <joey@infodrom.north.de>
* Modified debug output concerning remote reception.
*
* Mon Feb 23 23:32:35 CET 1998: Topi Miettinen <Topi.Miettinen@ml.tele.fi>
* Re-worked handling of Unix and UDP sockets to support closing /
* opening of them in order to have it open only if it is needed
* either for forwarding to a remote host or by reception from
* the network.
*
* Wed Feb 25 10:54:09 CET 1998: Martin Schulze <joey@infodrom.north.de>
* Fixed little comparison mistake that prevented the MARK
* feature to work properly.
*
* Wed Feb 25 13:21:44 CET 1998: Martin Schulze <joey@infodrom.north.de>
* Corrected Topi's patch as it prevented forwarding during
* startup due to an unknown LogPort.
*
* Sat Oct 10 20:01:48 CEST 1998: Martin Schulze <joey@infodrom.north.de>
* Added support for TESTING define which will turn syslogd into
* stdio-mode used for debugging.
*
* Sun Oct 11 20:16:59 CEST 1998: Martin Schulze <joey@infodrom.north.de>
* Reworked the initialization/fork code. Now the parent
* process activates a signal handler which the daughter process
* will raise if it is initialized. Only after that one the
* parent process may exit. Otherwise klogd might try to flush
* its log cache while syslogd can't receive the messages yet.
*
* Mon Oct 12 13:30:35 CEST 1998: Martin Schulze <joey@infodrom.north.de>
* Redirected some error output with regard to argument parsing to
* stderr.
*
* Mon Oct 12 14:02:51 CEST 1998: Martin Schulze <joey@infodrom.north.de>
* Applied patch provided vom Topi Miettinen with regard to the
* people from OpenBSD. This provides the additional '-a'
* argument used for specifying additional UNIX domain sockets to
* listen to. This is been used with chroot()'ed named's for
* example. See for http://www.psionic.com/papers/dns.html
*
* Mon Oct 12 18:29:44 CEST 1998: Martin Schulze <joey@infodrom.north.de>
* Added `ftp' facility which was introduced in glibc version 2.
* It's #ifdef'ed so won't harm with older libraries.
*
* Mon Oct 12 19:59:21 MET DST 1998: Martin Schulze <joey@infodrom.north.de>
* Code cleanups with regard to bsd -> posix transition and
* stronger security (buffer length checking). Thanks to Topi
* Miettinen <tom@medialab.sonera.net>
* . index() --> strchr()
* . sprintf() --> snprintf()
* . bcopy() --> memcpy()
* . bzero() --> memset()
* . UNAMESZ --> UT_NAMESIZE
* . sys_errlist --> strerror()
*
* Mon Oct 12 20:22:59 CEST 1998: Martin Schulze <joey@infodrom.north.de>
* Added support for setutent()/getutent()/endutent() instead of
* binary reading the UTMP file. This is the the most portable
* way. This allows /var/run/utmp format to change, even to a
* real database or utmp daemon. Also if utmp file locking is
* implemented in libc, syslog will use it immediately. Thanks
* to Topi Miettinen <tom@medialab.sonera.net>.
*
* Mon Oct 12 20:49:18 MET DST 1998: Martin Schulze <joey@infodrom.north.de>
* Avoid logging of SIGCHLD when syslogd is in the process of
* exiting and closing its files. Again thanks to Topi.
*
* Mon Oct 12 22:18:34 CEST 1998: Martin Schulze <joey@infodrom.north.de>
* Modified printline() to support 8bit characters - such as
* russian letters. Thanks to Vladas Lapinskas <lapinskas@mail.iae.lt>.
*
* Sat Nov 14 02:29:37 CET 1998: Martin Schulze <joey@infodrom.north.de>
* ``-m 0'' now turns of MARK logging entirely.
*
* Tue Jan 19 01:04:18 MET 1999: Martin Schulze <joey@infodrom.north.de>
* Finally fixed an error with `-a' processing, thanks to Topi
* Miettinen <tom@medialab.sonera.net>.
*
* Sun May 23 10:08:53 CEST 1999: Martin Schulze <joey@infodrom.north.de>
* Removed superfluous call to utmpname(). The path to the utmp
* file is defined in the used libc and should not be hardcoded
* into the syslogd binary referring the system it was compiled on.
*
* Sun Sep 17 20:45:33 CEST 2000: Martin Schulze <joey@infodrom.ffis.de>
* Fixed some bugs in printline() code that did not escape
* control characters '\177' through '\237' and contained a
* single-byte buffer overflow. Thanks to Solar Designer
* <solar@false.com>.
*
* Sun Sep 17 21:26:16 CEST 2000: Martin Schulze <joey@infodrom.ffis.de>
* Don't close open sockets upon reload. Thanks to Bill
* Nottingham.
*
* Mon Sep 18 09:10:47 CEST 2000: Martin Schulze <joey@infodrom.ffis.de>
* Fixed bug in printchopped() that caused syslogd to emit
* kern.emerg messages when splitting long lines. Thanks to
* Daniel Jacobowitz <dan@debian.org> for the fix.
*
* Mon Sep 18 15:33:26 CEST 2000: Martin Schulze <joey@infodrom.ffis.de>
* Removed unixm/unix domain sockets and switch to Datagram Unix
* Sockets. This should remove one possibility to play DoS with
* syslogd. Thanks to Olaf Kirch <okir@caldera.de> for the patch.
*
* Sun Mar 11 20:23:44 CET 2001: Martin Schulze <joey@infodrom.ffis.de>
* Don't return a closed fd if `-a' is called with a wrong path.
* Thanks to Bill Nottingham <notting@redhat.com> for providing
* a patch.
Reference in New Issue View Git Blame Copy Permalink