diff options
Diffstat (limited to 'ChangeLog')
-rw-r--r-- | ChangeLog | 16389 |
1 files changed, 16389 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog new file mode 100644 index 0000000..f4d9a77 --- /dev/null +++ b/ChangeLog @@ -0,0 +1,16389 @@ +---------------------------------------------------------------------------------------- +Scheduled Release 8.2402.0 (aka 2024.02) 2024-02-27 +- 2024-02-26: add DTLS support + This version comes with the initial implementation of imdtls and omdtls. + These modules permit secure message exchange over UDP. +- 2024-02-26: testbench: make omusrmsg-noabort test more reliable + The previous test did not always detect an abort of rsyslog/omusrmsg. + The detection method has now been improved, so it is far more + probable that an abort is detected. + While doing this, we noticed that the omusrmsg-noabort-legacy test was + now a 100% duplicate. There is no need any longer to check pure legacy + syntax, and so that test has been removed. + We also added a valgrind-based test ofr omusrmsg-noabort, which furthers + strengthens bug detection. Most importantly, it helps us to detect + potentially new memory leaks on all CI platforms (in case the lib + behaves differently depending on os/distro). + see also https://github.com/rsyslog/rsyslog/issues/5294 +- 2024-02-26: omusrmsg bugfix: potential double free, which can cause segfault + omusrmsg frees a string which points to OS/system library memory. When + the os/libs clean up, it frees the memory as well. This results in a + double free. This bug interestingly seems to go unnoticed in many cases. + But it can cause a segfault or hard-to-trace memory corruptions which + could lead to other problems later on. The outcome of this bug most + probably depdns on os/library versions. + closes https://github.com/rsyslog/rsyslog/issues/5294 +- 2024-02-26: ommysql bugfix: potential segfault on database error + Due to an invalid code path, ommysql may cause a segfault if database + transactions fail into a specific way. The main trigger is a totally + irrecoverrable database error which can lead to premature connection + close, which is not checked for in all recover code. + This was detected in a setting where a stored procedure is called that + rolls back a transaction in itself. + This patch fixes the issue. + closes https://github.com/rsyslog/rsyslog/issues/5288 +- 2024-02-26: omfile: do not carry out actual action when writing to /dev/null + In some use cases omfile is configured to write to /dev/null. This seems + primarily be done because of statistics gathering but maybe some other + scenarios. We now add conditional logic to not do any actual omfile + action when the target file is /dev/null. + Note: this check only works on static file names. When /dev/null is + evaluated as part of dynafile, it will be handled just in the regular + case like before this patch. +---------------------------------------------------------------------------------------- +Scheduled Release 8.2312.0 (aka 2023.12) 2023-12-12 +- 2023-12-11: imjournal: Add new input module parameter 'defaulttag' + The DefaultTag option specifies the default value for the tag field. + In imjournal, this can happen when one of the following is missing: + * identifier string provided by the application (SYSLOG_IDENTIFIER) + * name of the process the journal entry originates from (_COMM) + Thanks to Attila Lakatos for the patch. +- 2023-12-08: core bugfix: rsyslog messages may not always have FQDN + Even if hostname FQDN is configured, rsyslog internal messages generated + after rsyslog startup and before the first HUP will not necessarily have + FQDN but instead only the shortname of the local host. This commit + fixes the situation. + Special thanks to github user eciii for doing a great bug analysis + and helping us considerably to fix the issue. + closes https://github.com/rsyslog/rsyslog/issues/5218 +- 2023-12-08: omlibdbi regression fix: database path was not properly used + Commit 4a072d6c93015a63716c49a6c7756df22750086a caused a regression that made + the database path unreliable to use. Depending on platform/libc version the + basename was improperly extracted, which made access to the database of sqllite + impossible. + Thanks to Flávio Tapajós for the patch. + closes: https://github.com/rsyslog/rsyslog/issues/5282 +- 2023-12-06: mazureeventhubs: Corrected handling of transport closed failures + - Added test for connection interrupts (requires root) + - Corrected handling of PN_TRANSPORT_CLOSED. + - Make sure Connection is being reestablished trough tryResume + - Enhanced Debug log output + closes: https://github.com/rsyslog/rsyslog/issues/5269 +- 2023-11-24: imkmsg: add params "readMode" and "expectedBootCompleteSeconds" + These parameters permit to control when imkmsg reads the full + kernel log upon startup. + Parameter "readMode" provides the following options: + * full-boot - (default) read full klog, but only "immediately" after + boot. "Immediately" is hereby meant in seconds of system + uptime given in "expectedBootCompleteSeconds" + * full-always - read full klog on every rsyslog startup. Most + probably causes messag duplication + * new-only - never emit existing kernel log message, read only + new ones. + Note that some message loss can happen if rsyslog is stopped + in "full-boot" and "new-only" read mode. The longer rsyslog is + inactive, the higher the message loss probability and potential + number of messages lost. For typical restart scenarios, this + should be minimal. On HUP, no message loss occurs as rsyslog + is not actually stopped. + The default value for "expectedBootCompleteSeconds" is 90. + see also https://github.com/rsyslog/rsyslog/issues/5161 +- 2023-11-10: imkmsg: add module param parseKernelTimestamp + The parameter permits to select whether or not and when kernel + timestamps shall parsed, that is be used as the actual time a + log message occurs. + This permits to work around problems with the way kernel + timestamps are represented. The reasoning is given in a sysklogd + commit by Joachim Wiberg, which we reproduce below ("QUOTE") to + have a stable reference. + The commit itself can be found for example at: + https://github.com/troglobit/sysklogd/commit/9f6fbb3301e571d8af95f8d771469291384e9e95 + The new parameter parseKernelTimestamp has three possible modes: + "startup" - uses the kernel time stamp during the initial read + loop of /dev/kmsg, but replaced it later ignores it for later reads. + This is the DEFAULT setting. + "on" - kernel timestamps are always used and no correction is tried + "off" - kernel timestamps are never used, system time is used instead + Note that there this is a slightly breaking change. Previously, imkmsg + reported similar to "off" mode, now it reports by default in "startup" + mode. We consider this acceptable, as "off" mode timestamps are not + correct for startup. After startup, the behaviour is correct. All in + all, the new default is kind of a bugfix. + ============== QUOTE =============== + The spec[1] says the /dev/kmsg timestamp is a monotonic clock and in + microseconds. After a while you realize it's also relative to the boot + of the system, that fact was probably too obvious to be put in the spec. + However, what's *not* in the spec, and what takes a while to realize, is + that this monotonic time is *not* adjusted for suspend/resume cycles ... + On a frequently used laptop this can manifest itself as follows. The + kernel is stuck on Nov 15, and for the life of me I cannot find any to + adjust for this offset: + $ dmesg -T |tail -1; date + [Mon Nov 15 01:42:08 2021] wlan0: Limiting TX power to 23 (23 - 0) dBm as advertised by 18:e8:29:55:b0:62 + Tue 23 Nov 2021 05:20:53 PM CET + Hence this patch. After initial "emptying" of /dev/kmsg when syslogd + starts up, we raise a flag (denoting done with backlog), and after this + point we ignore the kernel's idea of time and replace it with the actual + time we have now, the same that userspace messages are logged with. + Sure, there will be occasions where there's a LOT of kernel messages to + read and we won't be able to keep track. Yet, this patch is better than + the current state (where we log Nov 15). + [1]: https://www.kernel.org/doc/Documentation/ABI/testing/dev-kmsg + ===========END QUOTE =============== + closes https://github.com/rsyslog/rsyslog/issues/4561 + closes https://github.com/rsyslog/rsyslog/issues/5161 +- 2023-11-07: imfile bugfix: remove state file on file delete + The state file would remain in the working directory + after shutdown, even though deleteStateOnfileDelete is + set to "on" and the monitored file was removed. + closes https://github.com/rsyslog/rsyslog/issues/5258 + Thanks to Attila Lakatos for the patch. +- 2023-10-31: TLS subsystem: fix small memory leak on startup + This was a one-time leak of the file name that hapened if a certificate file + was not accessible. It had no operational issues, but could confuse automatted + testing. As not only a side-effect, certificate load failures are now somewhat + more verbosely reported, which we consider helpful to the user. + Thanks to Attila Lakatos for the patch. +- 2023-10-31: imklog bugfix: keepKernelTimestamp=off config param did not work + ... at least not as expected. It was only honored for kernel-level + messages and only when parseKernelTimestamp was "on". Otherwise, the + kernel timestamp was always kept inside the message. + closes https://github.com/rsyslog/rsyslog/issues/5160 +- 2023-10-26: TLS subsystem: add remote hostname to error reporting + This provides richer and easier to process logs for error and warning + cases. One goal is to enable automatic operations without the need + to consolidate multiple message to a single information. + This improves one situation in gtls driver and provides a more + generic approach in ossl driver for OpenSSL error reporting. + There is probably still room for improvement, however this patch + is at least a good starting point for further work. Please + provide feedback if you need more! + closes https://github.com/rsyslog/rsyslog/issues/5244 +- 2023-10-24: imjournal: add the ability to run multiple journal inputs + This may be useful to de-couple journal processing. + Thanks to Willy Tu for the patch. +- 2023-10-24: regression fix: forking rsyslogd on BSD did not work + Actually, this was an issue for all platforms that do not provide open file handle + detection via the /proc file system. + Tech details: After fork if the child process uses close_range to close open file + descriptors it has no way to exempt the parentPipeFD causing a failure to signal + successful startup to the parent process. This causes failures on all systems that + aren't Linux that implement close_range. + Thanks to Nathan Huff for the patch. +- 2023-10-24: omusrmsg: use logind instead of utmp for wall messages with systemd + Future SUSE versions will get rid of utmp due to a 32bit time_t counter + overflow in 2038. + See details at: + https://github.com/thkukuk/utmpx/blob/main/Y2038.md + On systemd based systems logind is an alternative to utmp. + Thanks to github user tblume for the patch. +- 2023-10-24: cleanup: rm no longer used --with-systemdsystemunitdir configure switch + This is a clean up following the removal of the service unit in + cfd07503ba055100a84d75d1a78a5c6cceb9fdab +- 2023-10-23: testbench: bump zookeeper version to match current offering + Older version can no longer be downloaded. It also makes sense to + test with mainstream version. +---------------------------------------------------------------------------------------- +Scheduled Release 8.2310.0 (aka 2023.10) 2023-10-10 +- 2023-10-04: Add CAP_NET_RAW capability due to the omudpspoof module + The CAP_NET_RAW ensures the use of RAW and PACKET sockets, + which is utilized by the omudpspoof module, more precisely + the libnet_init function. + Thanks to Attila Lakatos for the patch. +- 2023-10-04: Add new global config option "libcapng.enable" + Defines whether rsyslog should drop capabilities at startup or not. + By default, it is set to "on". Until this point, if the project was + compiled with --enable-libcap-ng option, capabilities were + automatically dropped. This is configurable now. + Thanks to Attila Lakatos for the patch. +- 2023-10-04: tcp net subsystem: handle data race gracefully + It may happen that a socket file descriptor has been closed either + while setting up poll() et al or while being inside the system call. + This was previously treated as error and caused abort in debug + builds. However, it was essentially ignored in production builds. + This has now been fixed and now is always gracefully ignored. This + most importantly fixes some flakes in CI runs (which were caused + by this situation). +- 2023-09-29: imrelp bufgifx: avoid crash on restart in imrelp SIGTTIN handler + While existing, if at specific time rsyslog receives a SIGTTIN, it + crashes due to 2 issues. + 1. debug.unloadModules="off" a double free of pRelpEngine + 2. debug.unloadModules="on" it crashes because the signal handler has + been unmapped from memory. + This patch covers both issues. + Thanks to Ali Abdallah for the patch. +- 2023-09-28: fix startup issue on modern systemd systems + When we startup AND are told to auto-background ourselfs, we must + close all unneeded file descriptors. Not doing this has some + security implications. Traditionally, we do this by iterating + over all possible file descriptor values. This is fairly compatible, + because we need no OS-specific method. However, modern systemd configs + tend to not limit the number of fds, so there are potentially 2^30(*) + fds to close. While this is OKish, it takes some time and makes + systemd think that rsyslog did not properly start up. + We have now solved this by using the /proc filesystem to obtain our + currently open fds. This works for Linux, as well as Cygwin, NetBSD, + FreeBDS and MacOS. Where not available,and close_range() is available + on the (build) platform, we try to use it. If that fails as well, we + fall back to the traditional method. In our opionion, this fallback + is unproblematic, as on these platforms there is no systemd and in + almost all cases a decent number of fds to close. + Very special thanks go out to Brennan Kinney, who clearly described + the issue to us on github and also provided ample ways to solve it. + What we did is just implement what we think is the best fit from + rsyslog's PoV. + (*) Some details below on the number of potentially to close fds. + This is directly from a github posting from Brennan Kinney. + Just to clarify, by default since systemd v240 (2018Q4), that + should be `1024:524288` limit. As in the soft limit is the expected + `1024`. + The problem is other software shipping misconfiguration in systemd + services that overrides this to something silly like + `LimitNOFILE=infinity`. + - Which will map to the sysctl `fs.nr_open` (_a value systemd + v240 also raises from `2^20` to 2^30`, some distro like Debian are + known to opt-out via patch for the `fs.nr_open` change_). + - With the biggest issue there being that the soft limit was also + set to `infinity` instead of their software requesting to raise + the soft limit to a higher value that the hard limit permits. + `infinity` isn't at all sane though. + - The known source of this misconfiguration is container software such + as Docker and `containerd` (_which would often sync with the + systemd `.service` config from the Docker daemon `dockerd.service`_). + closes https://github.com/rsyslog/rsyslog/issues/5158 +- 2023-09-13: Add the 'batchsize' parameter to imhiredis + Parameter set to allow configuring the amount of entries imhiredis debatches at once. + Default value of '10' has been kept to avoid any side effect on existing + configurations. + Thanks to Jérémie Jourdin for the patch. +- 2023-09-13: omprog bugfix: Add CAP_DAC_OVERRIDE to the bounding set + The omprog module uses the execve() function to execute + a third party program. Some required capabilities were not + preserved in the bounding set [1]. This caused problems, e.g. + the program could not write to files even if rsyslog was + executed as root and privileges were not dropped. As of now, + only the CAP_DAC_OVERRIDE capability is added to the bounding + set. Others could be added later, if there is justification + behind that. + [1] The capability bounding set is a security mechanism that + can be used to limit the capabilities that can be gained + during an execve(2). During an execve, the capability + bounding set is ANDed with the file permitted capability + set, and the result of this operation is assigned to the + thread's permitted capability set. The capability + bounding set thus places a limit on the permitted + capabilities that may be granted by an executable file. + Thanks to Attila Lakatos for the patch. +- 2023-09-13: tcpflood bugfix: plain tcp send error not properly reported + The error code when plain tcp sending failed was improperly returned, + resulting in no meaningful error message. + Note: tcpflood is a testbench tool, not part of production rsyslog. +---------------------------------------------------------------------------------------- +Scheduled Release 8.2308.0 (aka 2023.08) 2023-08-15 +- 2023-08-07: crypto subsystem bugfix: potential undefined behaviour + The is some potential undefined behaviour when initializting the IV for locally + encrypting log files. The issue cancels itself out, but at least causes + some confusion when using undefined behaviour sanitizer (UBSAN). However, + UBSAN seems not to detect the issue on all platforms and/or in all versions + (we were not able to reproduce this issue in our CI). + Please also note that the functionality where this can happen is extremely + rarely being used. + Thanks to Jeffrey Walton for providing the patch. +- 2023-08-02: lookup tables: fix static analyzer issue + If something goes really wrong, a lookup table's name would not + be set. That could lead to a NULL pointer access. HOWEVER, this + would require serious bugs in config parameter parsing, as the + lookup table name is a required parameter and the parser will + error out if not set. + So the bug is mostly cosmetic - but it does not hurt to handle + this case, of course. +- 2023-08-02: lookup tables bugfix: reload on HUP did not work when backgrounded + Lookup tables were only reloaded on HUP if the -n option was given + and rsyslog no backgrounded. This patch fixes the issue. + closes: https://github.com/rsyslog/rsyslog/issues/4813 +- 2023-07-30: testbench: make test more reliable + There was a race between tcpflood and rsyslog in imptpc_maxsessions.sh. + We now use the new -A tcpflood option to make the timing more + predictable, hopefully fixing test flakiness. + Note: if that does not help, we need to introduce a wait on the number + of error messages and maybe a delay before tcpflood termination. The + theory behind the latter is that rsyslog possibly does not fully + iniaitlize session which are quickly aborted before rsyslog receives + the related OS notification! We just record this info in case we + need it and are positive that this change will fix the situation. +- 2023-07-28: openssl: make connection setup more reliable by use of newer lib feature + Replaced depreceated method SSLv23_method with TLS_method. + In OpenSSL 1.1.0 and higher, SSLv23_method causes some errors + in TLS handshake from time to time. As this method is depreceated + since 1.1.0, I have replaced it with the follow up method + TLS_method which is the most generic one. + It fixes the random test failures in tests like + - sndrcv_tls_ossl_anon_rebind.sh + Also added some debug output in OpenSSL error handling, which is + useful when analysing debug files. + closes: https://github.com/rsyslog/rsyslog/issues/5201 +- 2023-07-28: testbench improvement: define state file directories for imfile tests + Not all imfile tests have state file directories or a global working + directory defined. This results in usage of the default location. + While state file names should be sufficiently different, there is still + some riks of using the same name in different tests. That becomes + problematic if tests are run in parallel (and they are run in + parallel inside the regular CI). + NOTE: NOT YET COMPLETED FOR ALL TESTS! We are considering if it makes + sense to deliberately keep some as-is. +- 2023-07-28: tcpflood bugfix: TCP sending was not implemented properly + Note: tcpflood is a testbench tool. This bug could lead to testbench + false positives. No way it can affect production deployments. + The tcpflood tool did improperly assume that a TCP sendto() call + would send messages of any size in a single shot. This is not the + case. It has now been corrected to proper behavior. + As a side-activity, some int variables which acutally needed to be + size_t have been fixed as well. +- 2023-07-28: testbench: make waiting for HUP processing more reliable + The previous approach was more or less delay based. We have now + changed the code to enable imdiag to detect if HUP is underway + and wait until it is completed. The new method still employs some + kind of timeout, but is now quite reliable. Most importantly, + it works great with long-running HUP processing, which can happen + e.g. when querying the system name takes long or some actions need + longer time to persist their HUP processing. + The new approach will most likely reduce CI flakes and also speed + up testbench runs. The speedup happens from not having to wait a + full delay in cases where we detect HUP is completed (plus reduced + timeout when we cannot clearly detect this - see code comments why + the new method is still considered more reliable than the old one). + Code note: we needed to slightly re-structure the way actual HUP + processing and the "HUP mutex" is handled. After best analysis, + this does not affect the reliability or speed in production + settings. + closes https://github.com/rsyslog/rsyslog/issues/5192 +- 2023-07-27: build system: make rsyslogd execute when --disable-inet is configured + This option is mostly useless, as network functionality depends on the + modules loaded by the config. The only real, and important, effect it + has is to control auto-load of omfwd - a feature almost all installations + depend in (backward compatibility). + This has been clarified in ./configure -help + Also, when --disable-inet is given, rsyslog now executes successfully. + The reason for the abort was that previously building of the lmnet + component was prevented, but that component is also needed by rsyslog + startup itself to query its own (correct) hostname. + Note that --disable-inet still does not compile some networking + libraries. So do not use it if you intend to load standard networking + modules like omfwd, imtcp or imudp. + closes https://github.com/rsyslog/rsyslog/issues/5188 +- 2023-07-26: testbench/CI: update zookeper download to newer version + Old version is no longer available. +- 2023-07-24: openssl: add support for new-version init function +- 2023-07-07: add CRL support for network (TLS) drivers + Thanks to Darren J Moffat for implementing the OpenSSL part. +- 2023-07-07: omazureeventhubs: Initial implementation of new output module + The output module uses Apache "Qpid Proton C API" which is a solid + AMQP protocol library implementation that can be integrated + very well into the rsyslog dev environment. + - Implemented Delivery with submitted and accepted state checking + - saving of failed messages in a failed list with support of saving + and restoring. + - Add testcases (requires ENV variables) to testbench + - Using application/octect-stream (binary) to send messages based on + Microsoft Code Sample: + https://docs.microsoft.com/en-us/azure/event-hubs/event-hubs-c-getstarted-send + * Note original Microsoft Samplecode is not working anymore, we are using + * QPID Proton Proactor based on + https://github.com/apache/qpid-proton/blob/main/c/examples/send.c + - requires QPID-PROTON Version 0.13 or higher because of the proactor API + - Add EventProperties configuration parameters + - Slow down when sender credit reaches zero (10ns). + - Add support for static library linking of qpid-proton + This is needed to build the module from source and remove + library package dependencies. + - adjusted valgrind suppressions +- 2023-07-04: core bugfix: action.resumeintervalmax parameter was not respected + Unfortunately, defining action.resumeintervalmax in the configration + did not have any effect at all. Instead, the default value was used, + which is 1800. This was caused by not having all the letters in + lower-case. + Fixes https://github.com/rsyslog/rsyslog/issues/5132 + Thanks to Attila Lakatos for the patch. +- 2023-06-29: core bugfix: do not try to drop capabilities when we don't have any + In case the process does not have any capabilities, e.g. running as regular user then + we do not have to force capability dropping. The capng_have_capabilities() returns + none if that's the case. + Fixes https://github.com/rsyslog/rsyslog/issues/5091 + Thanks to Attila Lakatos for the patch. +- 2023-06-29: imhiredis bugfix: Restore compatiblity with hiredis < v1.0.0 + RESP3 protocol wasn't implemented yet, some types weren't + available (REDIS_REPLY_DOUBLE) + Thanks to Théo Bertin (frikilax) for the patch. +- 2023-06-23: testbench: use newer zookeeper version in tests +- 2023-06-23: build system: more precise error message on too-old lib + When libcap-ng was enabled, the lib was present but did not meet the minimum version + dependency during configure, it was reported as "missing". We now emit a message + telling that it is present, but the version too old. +---------------------------------------------------------------------------------------- +Scheduled Release 8.2306.0 (aka 2023.06) 2023-06-20 +- 2023-06-19: mmnormalize bugfix: if msg cannot be parsed, parser chain is stopped + When an parser is not able to parse a message, it should indicate this + to rsyslog core, which then activates the next parser(s) inside the + configured parser chain. + Unfortunatley, mmnormalize always tells core "success", and so no + other parsers are activated. + closes https://github.com/rsyslog/rsyslog/issues/5148 +- 2023-06-19: [i/o]mhiredis: various fixes and enhancements + please see the change log for details. Among others, suspending of the modules + has been fixed. Also a new "stream" mode has been added. + Thanks to Théo Bertin (frikilax) for the patch. +- 2023-06-19: testbench/bug: mmexternal-SegFault-empty-jroot-vg.sh fails due to typo + Fix the typo that makes the test fail. + Thanks to Paul Fertser for the patch. +- 2023-06-16: imjournal: Add FileCreateMode module parameter + FileCreateMode allows to set the default file mode bits + when creating new files. As of now, it has only impact on the state file. + Add test suite as well. + Minor indentation fix in run_journal.yml + Thanks to Attila Lakatos for the patch. +- 2023-06-16: core bugfix: potential segfault on busy systems + This was discovered by Konstantin J. Chernov in a practicaly deployment. + Here, msg object tag processing caused sporadic segfaults. We did not + hear from similiar cases, but there clearly is potential for problems + because a mutex lock had insufficient range, thus leading to a potential + race. + The patch is directly from Konstantin J. Chernov, thanks for that. + Please note that the mutex lock could be minimized as it is not strictly + needed for the pM == NULL case, but this cause is extremely exotic + and the resulting code would be harder to understand. Thus we opt + to do the locking on funtion level (as usual). + Descriptiond edited by Rainer Gerhards + closes: https://github.com/rsyslog/rsyslog/issues/5110 +- 2023-06-16: Add new global config option "libcapng.default" + Defines how rsyslog should behave in case something went wrong + when capabilities were to be dropped. Default value is "on", + in which case rsyslog exits on a libcapng related error. + Thanks to Attila Lakatos for the patch. + Closes https://github.com/rsyslog/rsyslog/issues/5096 +- 2023-06-05: imfile bugfix: file handle leak, primarily in kubernetes context + At this point there is a code imfile.c#L919 that adds an inotify observer to the + parent of the symbolic link target. But there is no such code that removes this + observer in the case when inotify events do not occur in the directory tree above. + This may be if the directory tree of the symbolic link target and the directory tree + of the symbolic link itself are divided into different subtrees somewhere at the levels + above. + For example, in the rsyslog configuration, an imfile with the + template /var/log/containers/*.log is configured and there is the following directory + tree: + /var/log/pods/pod-1/a/0.log + /var/log/containers/pod-1-a-0.log -> /var/log/pods/pod-1/a/0.log + In this example, kubernetes cron jobs will permanently delete directories at the + /var/log/pods/pod-* level. And thus, inotify observer on the parent object of the + symbolic link target (/var/log/pods/pod-1/a/0.log) looking at the directory + /var/log/pods/pod-1/a will constantly leak. + This is due to the fact that the list of active objects in the edge with path + /var/log/containers, where the parent object of the target symbolic link is added, + is not checked. Verification and deletion will occur only in the case of an inotify + event in the upper nodes of the directory tree, in /var/log and above. + Thanks to Sergey Kacheev for the patch! +- 2023-06-05: GNUTls Driver: Fix memory leaks in gtlsInitCred + Missing CA Certificate or multiple Connections caused + a memory leak in pThis->xcred as it was allocated each time in + gtlsInitCred by gnutls_certificate_allocate_credentials + closes: https://github.com/rsyslog/rsyslog/issues/5135 +- 2023-05-24: CI: update base ubuntu image for github actions +---------------------------------------------------------------------------------------- +Scheduled Release 8.2304.0 (aka 2023.04) 2023-04-18 +- 2023-04-17: imptcp bugfix: spam log on oversize message + If an oversize message was received by imptcp, imptcp reported + one error message for EACH oversize character. This could + result in a potentially very large number of similar (and + useless) messages. + This is a regression from commit f052717178. + closes https://github.com/rsyslog/rsyslog/issues/5078 +- 2023-04-17: core/bugfix: using $uuid msg prop can deadlock rsyslog on shutdown + This problem can occur if a large number of threads is used and rsyslog + cannot shut down all queues etc within the regular time interval. In this + case, it cancels some threads. That can leave the mutex guarding libuuid + calls locked and thus prevents other, not yet cancelled threads from + progressing. Assuming pthread_mutex_lock() is not a cancellation point, + this will case these other threads to hang forever and thus create a + deadlock situation. + closes https://github.com/rsyslog/rsyslog/issues/5104 +- 2023-04-17: Do not preserve capabilities when changing credentials + In configurations where $PrivDropToGroup or $PrivDropToUser are used, + rsyslogd changes uid/gid to a non-privileged user. As part of that + change, all capabilities should be lost. However, if rsyslog is + compiled with --enable-libcap-ng option, some capabilities are + preserved due to using capng_change_id() instead of setgid()and + setuid(). https://linux.die.net/man/3/capng_change_id: + This function preserves capabilities while changing uid/gid, causing + rsyslogd to run as non-root user, but with some root capabilities. + Unfortunately, rsyslogd will run with higher privileges than before. + The patch also removes CAP_SETPCAP, because the capability set does + not need to be altered at a later phase. + Thanks to Attila Lakatos for the patch. +---------------------------------------------------------------------------------------- +Scheduled Release 8.2302.0 (aka 2023.02) 2023-02-21 +- 2023-01-27: core/template: implement negative position.to + This will easily permit to drop the last n characters from a property + without the need to know the exact length of the string. This is + especially useful as the exact length is most often not known + beforehand. +- 2023-01-18: Introduce --enable-libcap-ng configure option + The option allows to drop the capabilities to only + the necessary set, to minimize security exposure in + case there was ever a mistake in a networking + plugin or some other input resource. Moreover, it adds + ability to change uid and gid while retaining the + previously specified capabilities. + Add ability to change uid and gid while retaining the + capabilities previously specified. + closes https://github.com/rsyslog/rsyslog/issues/4986 + Thanks to Attila Lakatos for the patch. +- 2023-01-16: + - omfile: add action parameters "rotation.*" + Add new action parameters + - rotation.sizeLimit + - rotation.sizeLimitCommand + provide automatic output file rotation functionality feature-wise + equivalent to legacy $outchannel. This finally permits to use + this feature set in rscript. + - core substring function: enhancement and hardening + Now, length can have a negative value -n to denote that the + substring should be build between startpos and the character + -n chars from the end. This is a shortcut for stripping charactes + on "both ends" of the string. See doc for details on the enhanced + semantics. + Also, some hardening against invalid startpos and length has + been added. + - core bugfix: wrong type conversion in internal string class could lead to segfault + This could only happen with very unusually large strings + Thanks to Flos Lonicerae for the patch. + - QA: changed to CodeQL scanning on github as LGTM replacement + - bugfix: wrong version number on daily stable builds + - CI: use newer version of zookeeper (needed modernization) + - ffaup bugfix : memory corruption with concurrent workers + The ffaup function fails to work properly when it is used with multiple workers. + The faup_handler_t struct is not supposed to be shared between threads. + This may have caused memory corruptions and race conditions when used + inside of actions. + Thanks to Thibaud Cartegnie for the fix. + - openssl bugfix: undefined reference error on OpenSSL 1.1 or higher. + This could have prevented ossl components from being loaded/used. +- 2023-01-02: core bugfix: template system may generate invalid json + When + - a list template + - is created with option.jsonf="on" + - and the last list element is a property with onEmpty="skip" + - and that property is actually empty + invalid JSON is generated. + The JSON string in this case ends with ", " instead of "}\n". This + patch fixes the issue. + closes https://github.com/rsyslog/rsyslog/issues/5050 +---------------------------------------------------------------------------------------- +Scheduled Release 8.2212.0 (aka 2022.12) 2022-12-06 +- 2022-12-05: testbench: make python http server based tests more reliable + Harden them against races during server port assignment. Prevents + testbench flakes. +- 2022-12-05: omprog bugfix: invalid status handling at called program startup + There is a bug when external program *startup* does not return "OK". This + can also lead to a misadressing with potentially a segfault (very unlikely). + Note that no problem exists once the initializiation phase of the external + program is finished and regular message transfer runs. + The problem basically is that for a startup failure, the control data for + that external program instance is freed on error. Unfortunately, that state + data is needed later on to detect a suspended instance. We now keep the control + data even on init failure (as we then need to do normal control options). + closes https://github.com/rsyslog/rsyslog/issues/4967 +- 2022-11-29: testbench bugfix: wrong message injection object of instance 1 + In some client-server test cases, messages are supposed to be injected into + the instance 2(client), but they are actually injected into instance 1(server), + which may lead to false negative results. This patch fixed it by replacing + 'injectmsg' with 'injectmsg2', and dealt with some minor issues. + Thanks to Guodong Zhu for the patch. +- 2022-11-21: rsyslog.conf man page bugfix: description of selectors + Document historic difference to BSD syslog selectors. +- 2022-11-18: imtcp bugfix: legacy config directives did no longer work + Many "$InputTCPServer..." config directives did no longer work + and were completely ignored (e.g. "$InputTCPServerStreamDriverMode"). + This was a regression from a08591be5d9 (May, 5th 2021). + closes https://github.com/rsyslog/rsyslog/issues/5021 +- 2022-11-16: ksi bugfix: sending of too many signing requests fixed. + As there is a bug in libksi where too many signing requests may have bene sent + out the amount of signing requests will be limited by KSI module until the fix + is implemented. + Thanks to Taavi Valjaots for the patch. +- 2022-11-14: bugfix: prevent potential segfault when switchung to queue emergency mode + When switching to Disk queue emergency mode, we destructed the in-memory + queue object. Practice has shown that this MAY cause races during + destruction which themselfs can lead to segfault. For that reason, we + now keep the disk queueu object. This will keep some ressources, + including disk space, allocated. But we prefer that over a segfault. + After all, it only happens after a serious queue error when we are + already at the edge of hard problems. + see also: https://github.com/rsyslog/rsyslog/issues/4963 +- 2022-11-08: ksi bugfix: Segmentation fault in async mode fixed + Thanks to Taavi Valjaots for the patch. +- 2022-11-02: imjournal: add second fallback to _COMM + If SYSLOG_IDENTIFIER is not present in the journal message, + then lookup the _COMM field, which stands for the name + of the process the journal entry originates from. This is + needed in order to be in compliance with the journalctl + output. + Thanks to Attila Lakatos for the patch. +- 2022-10-25: core bugfix: local hostname invalid if no global() config object given + The local hostname is invalidly set to "[localhost]" on rsyslog startup + if no global() config object is present in rsyslog.conf. Sending a HUP + corrects the hostname. + This is a regression from ba00a9f25293f + closes https://github.com/rsyslog/rsyslog/issues/4975 + closes https://github.com/rsyslog/rsyslog/issues/4825 +- 2022-10-25: testbench bugfix: fixed timing issue that sometimes lead to test failure + Timing caused a race in test tool sync and could lead to premature termination of + tools, which in turn caused test failure +---------------------------------------------------------------------------------------- +Scheduled Release 8.2210.0 (aka 2022.10) 2022-10-18 +- 2022-10-13: fix NetBSD build issue + On NetBSD, time_t has for a long time now been __int64_t. + On 32-bit CPUs, the compiler is not obliged to define + __sync_bool_compare_and_swap_8, so instead this ends up + as an undefined symbol when linking rsyslog. This makes + the code fall back to the pthread / locking method on these + systems, but at least lets the program build. + Thanks to Havard Eidnes for the patch. +- 2022-10-12: omrabbitmq: Add TLS support + Thanks to github user 21stcavenan for the patch. +- 2022-09-14: config: add "abortOnFailedQueueStartup" global config parameter + similiar to "abortONUncleanConfig", this parameter aborts rsyslog + when a queue has problems during startup. Some users perfer rsyslog + to terminate in this case. By default, nothing changes. + closes https://github.com/rsyslog/rsyslog/issues/4902 +- 2022-09-07: cor bugfix: leak in helper function SetString + A part of rsyslog runtime, SetString(), had a small memory leak when a value was + assigned multiple times. While this could potentially consume larger amounts of + memory, this did not happen in practice. The reason is that multiple assignments + to the same object occur very seldom. + Thanks to github user seuzw930 for the patch. + closes: https://github.com/rsyslog/rsyslog/issues/4961 +- 2022-09-07: core bugfix: correct local host name after config processing + rsyslog.conf may affect the host's local name. These changes were + so far only activated after the first HUP. This patch now ensures + that the configured local host name is applied correctly throughout + all processing, including early startup. + This patch causes a slight change of behaviour. However, the behaviour + was inconsitent before. Now it is consistent and according to the config. + Please note: this patch also exposes a global entry point via "regular" + dynamic loading as this makes things much easier to do. This is in-line + with ongoing simplification effort. + Finally, we also remove a CI test that we do no longer need because + the problem covered is now addressed differently and the original issue + can no longer occur. + closes https://github.com/rsyslog/rsyslog/issues/4975 +- 2022-08-31: imtcp: add option notifyonconnectionopen + Add this both as module an input parameter. Complements already-existing + config param notifyonconnectionclose and mirrors the similar feature from + imptcp. + The module parameter acts as default, similarly to notifyonconnectionclose. + Note that in contrast to imptcp, we emit IP addresses and not host + names. This sticks with the traditional semantics of imtcp. + Note that we also fixed a mislading error message in the case when a + disallowed sender tried to connect. + Thanks to John Chivian for suggesting the addition. +- 2022-08-26: openssl TLS driver: add mechanism to include extra CA files parameter + This change allows to include extra CA files so that no "unable to get issuer + certificates" issue is obtained when using chained cert files. New parameter name is + "NetstreamDriverCAExtraFiles". + Thanks to Sergio Arroutbi for the patch. + closes: https://github.com/rsyslog/rsyslog/issues/4851 +- 2022-08-19: fix compile issue with older gcc compilers + Thanks to Julien Thomas for the contribution. +---------------------------------------------------------------------------------------- +Scheduled Release 8.2208.0 (aka 2022.08) 2022-08-09 +- 2022-08-09: ksi bugfix: request cache size and send timeout issue fixed. + Async service send timeout is not configurable and request cache size is too + small to handle large amount of signing requests with small amount of permitted + requests per aggregation round. For example user with max_requests = 4 results + cache size 5 * max_requests or at least 256. When signing 300 log files cache + will be too small resulting several unsigned blocks. When signing 200 log file + cache will be adequate, but with rate of 4 signatures per second, it is only + possible to sign 4 * 10 blocks before all requests that are not sent out will + timeout. + Fix for the issue is to make send timeout configurable and make the size of the + cache depend on the value of send timeout. New configuration value + sig.block.signtimeout="time, s" introduced that defines the time window wherein + the block has to be signed. The size of the request cache is increased to + 3 * max_requests * sign_timeout or at least 256. + Thanks to Taavi Valjaots for the patch. +- 2022-08-09: imjournal bugfix: segmentation fault in close journal + Thanks to github user t-feng for the patch. +- 2022-08-09: net subsystem: support sha256 for StreamDriverAuthMode="x509/fingerprint" + Thanks to github user codemaker219 for the patch. +- 2022-08-05: imfile bugfix: message loss/duplication when monitored file is rotated + When a to-be-monitored file is being rotated, some messages may be lost or + duplicated. In case of duplication, many file lines may be duplicated + depending on actual timing. The whole bug was primarily timing depenedent + in general. It most often was visible in practice when the monitored + file was very frequently rotated (we had some report with every few + seconds). + Note that while we try hard to not lose any messages, input file + rotation always has some loss potential. This is inevitable if + the monitored file is being truncated. + Also note that this bugfix affects imfile, only. It has nothing to do + and no relation to rsyslog output files being rotated on HUP. + closes: https://github.com/rsyslog/rsyslog/issues/4797 +- 2022-08-05: ksi bugfix: optimize processing of signer queue to fix delays. + There is a worker queue where rsyslog KSI module collects events and signing + requests. When queue is processed thread is periodically put to sleep. Previous + implementation handles signature requests well but sleeps every time after + handling new file open / close event. When several log files are opened or + closed simultaneously process is significantly slowed down. Another issue is + that thread always sleeps 1000ms that may be 2x longer than aggregation round. + This slows down overall signing process. + Fix for the issue is to simply not sleep after file open / close event if there + are next items to be processed. To speed up the signing process, rsyslog uses + KSI aggregator conf. to obtain the aggregation period that is used for the sleep + time configuration. + Thanks to Taavi Valjaots for the patch. +- 2022-08-04: ksi bugfix: possible crash fixed when several log files are opened. + KSI module in async mode used to request aggregator conf. every time a log + file was opened. When several log files were opened simultaneously + corresponding amount of pointless concurrent conf. requests were posted. + Concurrent conf. requests lead to a bug in libksi, where internal count of + pending requests was not decremented correctly causing system to crash. + Fix for the issue is to optimize the frequency of conf. requests so that only + one conf. requests is handled at once. Instead of checking conf. every time + log file is opened, conf is requested periodically after conf timeout. This will + affect both sync and async mode. + New option for KSI module introduced - sig.confinterval="time, s". + Thanks to Taavi Valjaots for the patch. +- 2022-08-04: openssl: add support to split tls commands by semicolon + - Add support to split tls commands by semicolon. + - Changed one test with multiple tls commands to use semicolon as + separator instead of newline. + closes: https://github.com/rsyslog/rsyslog/issues/4852 +- 2022-08-04: openssl subsystem bugfix: build issue on Solaris + Needed header file was added. Platforms other than Solaris did not actually need it, + so this bug was discovered late. + Thanks to Jakub Kulík for the patch. + Import <strings.h> when index() is used. +- 2022-08-04: openssl: add more details to error messages + - Avoid LogMsg outputs osslEndSess on successfull terminated + connection. Only LogMsg if the connection was terminated + unsuccessfully. + - Handle SSL_ERROR_SYSCALL in both Send / osslRecordRecv, + do not log as error if underlaying socket was terminated + (ECONNRESET). Log as information instead. + closes: https://github.com/rsyslog/rsyslog/issues/4946 +- 2022-08-04: omclickhouse: capture additional exceptions + - DB::NetException + - DB::ParsingExceptions + Thanks to Victor Kustov for the patch. +- 2022-08-04: mmanon bugfix: Simplified and fixed IPv4 digit detection. + - Fixed an issue with numbers above int64 in syntax_ipv4. + Numbers that were up to 256 above the max of an int64 + could incorrectly be detected as valid ipv4 digit. + - Simplified the IPv4 digit detection function and renamed + to isPosByte. + - added testcasse for malformed IPvc4 addresses + closes: https://github.com/rsyslog/rsyslog/issues/4940 +- 2022-07-21: imptcp: slight tuning + - reduce indirect addressing to obtain more speed + - also a fix for an annoying typo + - minor other optimizations + - modernization of one test +- 2022-07-20: template procesing/json: performance optimization +- 2022-07-19: core bugfix: memory leak when free action worker data table + During free action worker data table when action destruct, worker instance in worker + data table were not null. It resulted in memory leak. + Thanks to github user seuzw930 for the patch. +- 2022-07-13: omfile: support for zstd compression + The zstd library provides better and faster compression than zlib. + This patch integrates zstd as a dynamically-loadable functionality. + As such, no further dependencies need to be added to the rsyslog + base package. + Due to the increased performance, usage of zstd is highly recommended + for high-volume use cases. + This patch also refactor zlib compression in order to unify handling + in both compression cases. +- 2022-07-07: stream cleanup: move error message to debug log, only + This error message is most probably rooted in a kernel problem. At + least knowbody knows how it can happen. It's definitely not a + rsyslog issue. We also can recover from it for a long time now + so there is no reason to irritate users by emitteing this + "error" message. +- 2022-07-04: mmdblookup bugfix: Don't crash Rsyslog on mmdb file errors + Thanks to Théo Bertin (frikilax) for the patch. +- 2022-06-28: build error fix: libbson requires out-of-date language constructs +- 2022-06-27: OpenSSL: fix depreacted API issues for OpenSSL 3.x + - OpenSSL error strings are loaded automatically now + - Debug Callback has changed + - See for more: + https://www.openssl.org/docs/manmaster/man7/migration_guide.html + closes: https://github.com/rsyslog/rsyslog/issues/4912 +---------------------------------------------------------------------------------------- +Scheduled Release 8.2206.0 (aka 2022.06) 2022-06-14 +- 2022-05-25: omelastisearch: allow omitting _type field + Allow omitting the _type field by setting it to an empty string. + Setting this field has been deprecated since 6.0, and support will + be removed in 8.0 + Also add testbench test for empty searchType with ES 7.0 + This checks for messages in the deprecation log and also provides + avoids deprecation messages from usage of transport.tcp.port in the + test configuration + Thanks to Jarkko Oranen for the patch. +- 2022-05-18: tcpsrv/imtcp: slight performance improvements + This change slightly improves performance for tcpsrv-based servers. + This affects imtcp and imgssapi as well as some helpers. + No other functional change is included in this change. +- 2022-05-12: imptcp bugfix: worker thread starvation on extreme traffic + When connectes were totally busy, without any pause, the assigened worker + did never terminate its reading loop. As such, it could not service any + other conenctions. If this happened multiple time and to all configured + workers, all other connections could not be processed at all. This extreme + scenario is very unlikely, as the whole issue is relatively unlikely. + In practice, the issue could lead to somewhat degraded performance and + resolved itself after some time (in practice no connection is 100% busy + for an extended period of time). + Note that this patch sets a fixed limit of 16 iterations for very busy + connections. This sounds like a good compromise between non-starvation + and performance. The exact number may be made configurable if there + is really need to. +- 2022-05-11: omelasticsearch: several support option for ElasticSearch 8 + - config params searchIndex and documentType can be empty + - support for Data Stream API + Thanks to github user EHerzog76 for these changes. + - new config param esVersion.major +- 2022-05-09: tcp receiver bugfix: delay/potential hang on some error conditions + Error were not correctly handled in some cases for imtcp and imgssapi. This could + lead to a temporary stall of some connections. For ultry-low traffic systems, this + stall could stay for a long period of time. In most cases, it was resolved very quickly. + Note that imptcp was not affected. + Thanks to Iwan Timmer for the fix. +- 2022-05-05: net bugfix: potential buffer overrun + there is heap buffer overflow vulnerability in rsyslog tcp reception components. + This can only happen in octet-counted mode, which is enabled by default. + Affected components: imtcp, imptcp, imhttp, imgssapi, imdiag when octet-counted + framing was enabled. + If the receiver ports are exposed to the public Internet AND are used + without authentication, this can lead to remote DoS and potentially to + remote code execution. It is unclear if remote code execution is + actually possible. If so, it needs a very sophisticated attack. + When syslog best practices with proper firewalling and authentication + is used, thean attack can only be carried out from within the Intranet + and authorized systems. This limits the severity of the vulnerability + considerably (it would obviously require an attacker already to be + present inside the internal network). + Credits to Peter Agten for initially reporting the issue and working + with us on the resolution. + fixes CVE-2022-24903 + Advisory: + https://github.com/rsyslog/rsyslog/security/advisories/GHSA-ggw7-xr6h-mmr8#advisory-comment-72243 +- 2022-05-05: imptcp: set OS worker thread name + We now set the worker thread names to "imptcp/<thrd nbr>" where + <thrd nbr> is the numerical index (0, 1, ...) of the worker thread. + This enables to distinguish individual worker threads in OS tools like + htop. That is useful for performance testing and system monitoring. + The choosen name format is consistant with other similar thread + names inside rsyslog. For imptcp, worker threads were not yet + given individual names. + Note: "in:imptcp" is imptcp's "main" thread, which also is used + as a worker in some scenarios. This name was not modified. +- 2022-04-26: mmanon bugfix: shortened IPv6 form not always anonymized + If the IPv6 is in non-recommended form followed by a 5 digit port number, it + is not anonymized. + A reproducer for this is: 1a00:c820:1180:c84c::ad3f:d991:ec2e:49255 + closes https://github.com/rsyslog/rsyslog/issues/4856 +- 2022-04-22: mmdblookup fix: wrong copy of buffer + ...following parse of libmaxminddb's return after a successful search sometimes + failed to return specific field from data. + Thanks to Théo Bertin for the patch. +- 2022-04-22: mmdblookup: several enhancements + - support arrays in MMDB entry + - support escaped quotes '"' in MMDB entry + - support '<' characters in MMDB entry, when in a field + - support '}' characters in MMDB entry, when in a field + Thanks to Théo Bertin for the patch. +---------------------------------------------------------------------------------------- +Scheduled Release 8.2204.1 (aka 2022.04) 2021-05-05 +- security bugfix: potential buffer overrun in imptcp, imtcp, imgssapi and others + This addresses CVE-2022-24903 + see also https://github.com/rsyslog/rsyslog/security/advisories/GHSA-ggw7-xr6h-mmr8 +---------------------------------------------------------------------------------------- +Scheduled Release 8.2204.0 (aka 2022.04) 2021-04-19 +- 2022-04-18: gnutls bugfix: possibility of infinite loop + There was a rare possibility that the E_AGAIN/E_INTERRUPT handling + could cause an infinite loop (100% CPU Usage), for example when a TLS + handshake is interrupted at a certain stage. + * After gnutls_record_recv is called, and E_AGAIN/E_INTERRUPT error + occurs, we need to do additional read/write direction handling + with gnutls_record_get_direction. + * After the second call of gnutls_record_recv (Expand buffer) + we needed to also check the eror codes for E_AGAIN/E_INTERRUPT + to do propper errorhandling. + * Add extra debug output based on ossl driver. + * Potential fix for 100% CPU Loop Receiveloop after gtlsRecordRecv + in doRetry call. + closes https://github.com/rsyslog/rsyslog/issues/4834 + closes https://github.com/rsyslog/rsyslog/issues/4818 + closes https://github.com/rsyslog/rsyslog/issues/4638 +- 2022-04-17: core/bugfix: errorfile could grow over max configures size + When action.errorfile.maxsize configuration option is enabled and error file + already has a certain size smaller than max size configured, it is increasing + higher than configured max size as the error file is considered to be zero in code. + This fix reads current error file size and limits the size to the maximum + size configured. + Thanks to Sergio Arroutbi for the patch. + fixes https://github.com/rsyslog/rsyslog/issues/4821 +- 2022-04-17: omkafka bugfix: potential misadressing + The `failedmsg_entry` expects a null-terminated string in `key`, but + here we allocate with malloc and copy a string-with-length-n into only + the first n bytes. If the final byte is null, this is by coincidence + only. + This was observed by means of seeing random binary data appended to + keys submitted to kafka apparently at random. This could also result + in more severe problems, inclusing a segfault. + Thanks to David Buckley for the patch. +- 2022-04-06: added new "FullJSONFmt" standard template (with addtl fields) + This comes handy for a number of use cases, especially with ElasticSearch. + Thanks to Art O Cathain for the patch. +- 2022-04-04: imfile: potential processing delay + This was mentioned by Mikko Kortelainen without exact details on what exactly + this could cause in practice. But we were confident enough that it is worth + merging (though it does not look like something that brought real problems in + practice, as we do not know any related reports). + see also: https://github.com/rsyslog/rsyslog/pull/4445 + Thanks to Mikko Kortelainen for the patch. +- 2022-04-04: bugfix: cosmetic data races + there was a more or less cosmetic data race which could happen when children + processes died in quick sequence. Even then, no real harm happened, as all + children were reaped eventually. + A similar data race exists for HUP processing. + However, these races polluted TSAN test runs, and so we fixed them +- 2022-04-01: add property options to support ISO week/year number + Thanks to Mattia Barbon for the patch. +- 2022-04-01: core bugfix: "action suspended" message was emitted even when turned off + Most messages were diasabled, but there was one part of the code that ignored the + user configuration. + Thanks to Deyneko Aleksey for the patch. +- 2022-03-31: testbench: add more tests for rscript comparison operations +- 2022-03-31: core bugfix: make internal logs emitted during HUP procesing appear quicker + After call doHUP(), probably there is a internal log in the list. However, it + will not be wrote out immediately, because the mainloop will be blocked at + pselect in wait_timeout() until a long timeout or next message occur. + More deadly, the log may be lost if the deamon exits unexpectedly. + We might as well put processImInternal() after doHUP(), so that the message + will be flushed out immediately. + Fixes: 723f6fdfa6(rsyslogd: Fix race between signals and main loop timeout) + Thanks to Yun Zhou for the patch. +- 2022-03-20: refactor: Move the parser directive to the main config + Thanks to Attila Lakatos for the patch. +- 2022-03-16: refactor: ake the main message queue part of the config + The intent of this patch is to make the main message queue part of the main config. + It will help us to proceed towards dynamic configuration reload. +- regression bugfix: rsyslog may segfault during startup + glblGetMaxLine() might be called even before the main configuration file exists + resulting unexpected behavior, most probably segmentation fault. This is addressed + by re-introducing the old default of 8KiB. The problem was introduced earlier in + 2022. +- regression fix: script string comparison did not work correctly + In rscript, comparison operations on strings did not work correctly + and returned false results. This is cause by a regression in commit + 5cec5dd634e0. While it fixed number comparisons, it introduced new + problems in string comparisons, which were not present before. Note + that most items in rsyslog are strings, so this can actually cause + some problems. +---------------------------------------------------------------------------------------- +Scheduled Release 8.2202.0 (aka 2022.02) 2022-02-15 +- 2022-02-14: imfile bugfix: remove cause for "internal error message" (not causing harm) + When any message is output into a renamed input file, rsyslogd output the following: + message. + imfile: internal error? inotify provided watch descriptor 7 which we could not find + in our tables - ignored + When rsyslogd detects the inode change, it deletes the entry from wdmap[]. But, + the watch descriptor is not removed. Some application like sssd outputs some messages + (like "HUP signal was received!!") after HUP signal is received and before switching + into the new log file. And, the above messages can be output every log rotation. + This situation is now resolved. + Thanks to Masahiro Matsuya for the patch. +- 2022-02-04: rscript bugfix: literal numbers were not compared correctly + This problem occurred when numbers were used in rsyslog.conf in + the set statement, e.g. + set $nbr = 1234; + In this case, during comparisons, the number was actually interpreted + as a string with digits. Thus numerical comparisons lead to unexpected + results. Even more so, as in other places of the code they were + treated as native numbers. + This is now fixed. We cannot outrule that this causes, in border cases, + change of behavior to existing configs. But it is unlikely and the + previous behaviour was a clear bug and very unintuitive. This in our + opinion it is justified to risk a breaking change for an expected + very minor subset of installations, if any such exists at all. + closes https://github.com/rsyslog/rsyslog/issues/4770 +- 2022-02-04: omelasticsearch bugfix: indexSuccess impstats counter in bulkmode wrong + When bulkmode is enabled, and a batch was processed without any + failures (errors is false), the code that increments the indexSuccess + impstats counter was never reached. + closes: https://github.com/rsyslog/rsyslog/issues/4794 +- 2022-01-17: imkmsg bugfix: effectively disabled input on error reading kmsg + Due to a program bug, imkmsg could not recover from an kmsg read error. + Note that recovering is possible and was intended. + Thanks to Kailash Sethuraman for the patch. +- 2022-01-17: imtcp bugfix: worker threads were not properly terminated + Graceful shutdown of Rsyslog could lead to segmentation faults when + multiple imtcp inputs were being used. That is because the rest of the + tcpsrv threads are left behind running, while their underlying objects + are being disposed by the main thread as part of the module + de-initialization. + closes: https://github.com/rsyslog/rsyslog/issues/4776 + Thanks to Gabor Orosz <goro@goro.io> for the analysis and patch. +- 2022-01-07: omlibdbi bugfix: use-after-free bug + This occurred in when sqllite driver was used. Depending on circumstances, this had + no visible issues (often) up to rsyslog segfault. The busier rsyslog is, the more + likely a bad outcome. +- 2022-01-06: omhttp bugfix: memory leak in lokirest batchmode + A JSON object was created (valueObj) but not used and also not released causing a + memory leak. Over time, this could lead to memory overcomittent. + closes: https://github.com/rsyslog/rsyslog/issues/4766 +---------------------------------------------------------------------------------------- +Scheduled Release 8.2112.0 (aka 2021.12) 2021-12-16 +- 2021-12-14: refactor:Deallocate outchannel resources in rsconf destructor + Thanks to Attila Lakatos for the patch. +- 2021-12-14: refactor: use runConf instead of loadConf in ratelimiting during runtime + Thanks to Attila Lakatos for the patch. +- 2021-11-22: new contribtion: URL parser module function using libfa + Thanks to Théo Bertin for the patch. +- 2021-11-18: mmanon: relax IPv6 detection - improve anonymization + We so far tried to ensure a value is really an IPv6 address, in order + to avoid to mangle with just similar-looking information elements. + However, this lead to misdetection for unusual formats, e.g. when a + port is appended to a numerical IPv6 adress given without braces []. + This has been changed now. In a sense, we now prefer to err on the + side of privacy. + BEHAVIOR CHANGE: + Previously, a suspect value was not anonymized, and thus some other + elements (like some MAC addresses) preserved. Now the opposite is + true, and we anonymize anything that looks close enough to be an + IPv6 address. This improves anonymization. + closes https://github.com/rsyslog/rsyslog/issues/4725 +- 2021-11-10: ruleset bugfix: ruleset queue was incorrectly named + The ruleset was incorrectly and unusably named. This was a regeression + from 4a63f8e9629c3c9481a8b6f9d7787e3b3304320b. + Many thanks to github user digirati82 for alerting us. + closes https://github.com/rsyslog/rsyslog/issues/4730 +- 2021-11-10: omsnmp: update module to current IP best practices + The omsnmp module uses the inet_addr() function to convert the Internet host address + from IPv4 numbers-and-dots notation into binary data in network byte order. If the input + is invalid, INADDR_NONE (usually -1) is returned. Use of this function is problematic + because -1 is a valid address (255.255.255.255). We should avoid its use in favor of + inet_aton(), inet_pton(3), or getaddrinfo(3), which provide a cleaner way to indicate + error return [1]. + This is just a request to satisfy covscan, so no error is reported at all. + Thanks to Attila Lakatos for the patch. +- 2021-10-27: ommysql: fix threading bug + When the MariaDB connection was (re)established, old or NULL handle + could be used. This is fixed now. + We need to synchronize access to the mysql handle, because multiple threads + use it and we may need to (re)init it during processing. This could lead to + races with potentially wrong addresses or NULL accesses. If this really + matters mostly depends on the MariaDB/MySQL client library. It looks like + they guard against fatal failuers. Anyhow, logging errors inside rsyslog + could happen in any case. +- 2021-10-25: testbench: false positive when impstats was not built + Test omfwd_fast_imuxsock failed when impstats was not built. This + has been corrected, test is now only executed when impstats is + present. +- 2021-10-25: imtcp: add support for permittedPeers setting at input() level + The permittedPeers settig was actually forgotten during the refactoring + of TLS input() level settings. This functionality is now added. + closes: https://github.com/rsyslog/rsyslog/issues/4706 +---------------------------------------------------------------------------------------- +Scheduled Release 8.2110.0 (aka 2021.10) 2021-10-19 +- 2021-10-13: config bugfix: global(security.abortonidresolutionfail=) did not work + when used with rscript based configuration, it was not checked. +- 2021-10-13: config bugfix: global param $privDropToUser did not work correctly + The parameter was not implemented for rscript based configuration and + did not properly apply to legacy configuration. In essence, it almost always + did not work as expected. + see also: https://github.com/rsyslog/rsyslog/issues/4642 + see also: https://github.com/rsyslog/rsyslog/commit/cbcaf2c7e5b67e5465e47bc7cc67af2eae47bd31 +- 2021-10-12: rscript bugfix: ruleset called async when ruleset had queue.type="direct" + The call rscript statement is able to call a rule set either synchronously or + asynchronously. We did this, because practice showed that both modes + are needed. For various reasons we decided to make async + calls if the ruleset has a queue assigned and sync if not. + To know if a "queue is assigned" we just checked if queue parameters were + given. It was overlookeded the case of someone explicitly specifying a + "direct queue", aka "no queue". As such, queue="direct" triggered async + calls. That in turn meant that when a write operation to a variable was + made inside that rule set, other rulesets could or could not see the + write. While if was often not seen, this was a data race where the + change could also be seen by the outside. + This is now fixed. No matter if queue.type="direct" is specified or + left out, the call will always by synchronous. Any values written to + variables will also be seen by the "outside world" in later processing + stages. + Note that this has some potential to BREAK EXISTING CONFIGURATIONS. + We deem this acceptable because: + 1. this was racy at all, so unexpected behaviour could alwas occur + 2. it is actually unlikely that someone used the triggering conditions + in practice. But we can not outrule this, especially when the + configuration was auto-generated. + Potential compatibility issues can be solved by defining a small + array-memory queue on the ruleset in question instead of specifying + direct type. + Again, we expect that almost all users will never experience any + problems. If you do, however, please let us know: we may add an + option to re-enable the bug. +- 2021-10-12: ksi bugfix: locking bug fixed in rsksiCtxOpenFile + Thanks to Taavi Valjaots for the patch. +- 2021-10-11: core bugfix: fix typo in error message + Thanks to github user jkschulz for the patch. +- 2021-10-11: tcpsrv bugfix: compilation without exceptions + tcpsrv.c:992:1: error: label at end of compound statement + finalize_it: + ^~~~~~~~~~~ + Quoting from pthread.h: + pthread_cleanup_push and pthread_cleanup_pop are macros and must always + be used in matching pairs at the same nesting level of braces. + Amends commit bcdd220142ec9eb106550195ba331fd114adb0bd. + Thanks to Orgad Shaneh for the patch. +- 2021-10-11: mkubernetes bugfix: no connection retry to kubernetes APP + When connection to the kubernates API was not possible, mmkubernetes + did not retry. This does now happen via regular rsyslog retry + mechanism. + Thanks to github user jayme-github for the analysis and patch. + closes https://github.com/rsyslog/rsyslog/issues/4669 +- 2021-10-11: openssl bugfix: Correct gnutlsPriorityString (custom ciphers) behaviour + - Only apply default anon ciphers if gnutlsPriorityString is NULL and + Authentication Mode is set to anon. Otherwise we do not set them + as they overwrite custom Ciphers. + - Added two tests for custom cipher configuration (anon/certvalid mode). + - Add call for applyGnutlsPriorityString if gnutlsPriorityString changes. + - Merged openssl init code from Connect into osslInitSession + closes: https://github.com/rsyslog/rsyslog/issues/4686 +- 2021-10-11: build issue: handle undefined MAXPATHLEN, PATH_MAX + While we handled missing PATH_MAX, we did not handle missing MAXPATHLEN. + This happens under GNU/Hurd, because there is no official limit. However, + extremely long pathes are extremely uncommon, so we do not want to + use slow dynamic alloc each time we need to build pathes. So we + impose a limit of 4KiB, which should be fairly enough. Note that + this obviously increases stack requirements in GNU/Hurd. + As suggested by Michael Biebl, we have now implemented a generic + approach to handle this via autoconf. +- 2021-09-12: openssl: extended output information on connection failure + Now includes the remote client/server IP address in the log output. +- 2021-09-12: imhttp enhancements - query parameter ingestion & basic auth support + - Basic Authentication support & tests + * configured via imhttp option "basicAuthFile". This option should be configured + to point to your htpasswd file generated via a standard htpasswd tool. + tests: + * imhttp-post-payload-basic-auth.sh + * imhttp-post-payload-basic-auth-vg.sh + - Query parameter ingestion capability & tests + use t `addmetadata` option to inject query parameters into + metadata for imhttp input. + DISTRO PACKAGERS BEWARE: NEW DEPENDENCY FOR IMHTTP: + libaprutil (libaprutil1-dev on debian'ish, apr-util-devel on Red Hat) + Thanks to Nelson Yen for the patch. +- 2021-09-07: testbench bugfix: privdrop tests under root user did not work + When running under root, the privdrop tests did not properly work. This + patch fixes the issue and skips test where necessary. + This also includes some modernization of the related tests. + closes https://github.com/rsyslog/rsyslog/issues/4619 +- 2021-09-07: core/ratelimiting: fix rate limiting for already parsed messages + Rate limiting may not have worked if the considered message had already + been parsed (not having NEEDS_PARSING in msgFlags). + This affects also imuxsock in its default configuration + (useSpecialParser="true" and ratelimit.severity="1") +- 2021-09-07: core bugfix: use of property $wday terminates string + When $wday is used inside a template, all template parts after it + are ignored. For exmaple: + template(name="json_filename" type="string" string="/var/log/%$wday%.log") + would generate something like "/var/log/0" - the ".log" part would be + missing. For the same reason, $wday can not reliably checked in script + filters. + Thanks to Alain Thivillon for reporting the bug and providing an + excellent analysis, which essentiellay was exactly this fix here. + closes https://github.com/rsyslog/rsyslog/issues/4670 +- 2021-09-07: core/queue bugfix: potential misadressing when queue discarded messages + When a discard mark was set, the queue was very busy and discarded messages, a + NULL pointer access could happen. Depending on circumstances, several problems + could occur, including a SEGFAULT. This is now fixed. + closes: https://github.com/rsyslog/rsyslog/issues/4437 +- 2021-09-07: imdiga bugfix: iOverallQueueSize calculation could be incorrect + This issue only affects testbench and rsyslog development debugging. The active + messages counter, used for synchronizing test steps, went wrong when the queue + discarded messages on it's consumer thread. Now fixed. +- 2021-09-06: gnutls driver: SAN priority did not work correctly on server side + PrioritizeSAN was not propagated when accepting a new connection, this is now fixed. + Thanks to Attila Lakatos for the patch. +- 2021-08-24: config: implement script-equavalent for $PrivDrop* statements + closes https://github.com/rsyslog/rsyslog/issues/891 +---------------------------------------------------------------------------------------- +Scheduled Release 8.2108.0 (aka 2021.08) 2021-08-17 +- 2021-08-16: openssl tls: Improved error message output on tls failures. + closes: https://github.com/rsyslog/rsyslog/issues/4645 +- 2021-08-16: impstats: add percentile metrics tracking functionality + Brief overview: + TO configure tracking percentile metrics in rainerscript: + User would need to define: + - which percentile to track, such as [p50, p99, etc.] + - window size - note, this correlates directly with memory usage to + track the percentiles. + To track a value, user would call built-in function `percentile_observe()` in their configurations to + record an integer value, and percentile metrics would be emitted every + impstats interval. + Thanks to Nelson Yen for the patch. +- 2021-08-12: imfile: add parameter "ignoreolderthanoption" + instructs imfile not to ingest a file that has not been modified in the + specified number of seconds. + Thanks to github user yanjunli76 for the patch (submitted from Nelson Yen) +- 2021-08-10: imklog bugfix: invalid memory adressing, could cause abort + This is a regeression from commit 94c4a87. It introduced a free() call + using an object that was no longer valid (the main pointer to the + to-be-freed object) was already freed at time of use. This could + cause various issues, including a segfault. + Note: this bug was triggerred only during late phase of rsyslog + shutdown, so it did not affect regular operation. + Special thanks to github user wxiaoguang for analyzing the issue + and providing a draft fix proposal, on which this patch builds. + see also https://github.com/rsyslog/rsyslog/pull/4629 + closes https://github.com/rsyslog/rsyslog/issues/4625 +- 2021-08-09: imfile bugfix: deleteStateOnFileDelete missed some state files + When the log file is deleted, imfile would attempt to delete the statefile but it + was missing the file_id part of the statefile name. This means the statefiles were + only removed in the log file was less than 512 characters, because for very small + files the file ID hash is not created. This lead to some state files not being + deleted. + Thanks to pearseimperva for the patch. +- 2021-08-09: imfile bugfix: hash char invalidly added in readmode != 0 + If imfile is ingesting log files with readMode set to 2 or 1, the resulting + messages all have a '#' character at the end. This patch corrects the behaviour. + Note: if some external script "supported" the bug of extra hash character at + the end of line, it may be necessary to update them. + closes https://github.com/rsyslog/rsyslog/issues/4491 +- 2021-08-09: omelasticsearch bugfix: errorFile mutex was not consistently locked + Lock the file during SIGHUPs to avoid issues with concurrent accesses by + writeDataError(). + Thanks to François Poirotte for the patch. +- 2021-08-09: imudp: add socket type (IPv4 vs. 6) to input name + Most importantly, the input name is used for stats counter names as + well. Previously, the same name was used for IPv4 and IPv6, so we had + two counters with an equal name. That left users puzzled. + Unfortunately, this change can potentially require changes to existing + analysis scripts, as the name is now slightly different. + closes https://github.com/rsyslog/rsyslog/issues/4364 +- 2021-08-06: omfwd: add capability for action-specific TLS certificate settings + This permits to override the global definitions for TLS certificates + at the action() level. +- 2021-08-06: imfile bugfix: file handle leak if "freshStartTail" was turned on +- 2021-08-05: imtcp: permit to use different certificate files per input/action + This completes the ability to override global/default TLS settings at the imtcp + input() level. Support for using multiple CAs/Certs per Connection is now provided. +- 2021-08-04: imptcp bugfix: keep alive interval was incorrectly set + The interval was accidentally set to keep alive interval. This has been + corrected. + closes https://github.com/rsyslog/rsyslog/issues/4609 +- 2021-07-08: openssl network driver bugfix: small memory leak + Fixes a static, non-growing memory leak which existed when parameter + "GnutTLSPriorityString" was used. This was primarily a cosmetic issue, + but caused some grief during development in regard to memory leak + detectors. + Note: yes, this is for openssl -- the parameter name is historical. +- 2021-07-07: psrv bugfix: abort if no listener could be started + Modules (like imtcp and imdiag) which use tcpsrv could abort or + otherwise malfunction if no listener for a specific input could + be started. + Found during implementing a new feature, no report from practice. + But could very well happen. +- 2021-07-07: mmkubernetes bugfix: apiserver error handling + - Added graceful handling of apiserver errors with unexpected responses, + i.e., anything other than 200, 404, or 429. Idea is that apiserver + transient error state will recover. We don't want mmkubernetes to miss + metadata resolution for containers that don't have cached metadata. + During these transient error states, mmkubernetes will provide basic + container file path based resolution of namespace and pod metadata for + new pods whose metadata is not yet cached. After this error state + recovers, mmkubernetes is expected to resume its metadata resolution as + expected. + - Added a unit test case for apiserver return 500 with changes to mock server + - Fixed existing unit test that was failing due to missing expected results file + - Added mmkubernetes unit tests to testbench + Thanks to Abdul Waheed for the patch (submitted from Nelson Yen). +- 2021-07-07: ommongodb bugfixes + - Fix Segmentation fault when server is down + - Add server connexion check while resuming + Thanks to Kevin Guillemot for the patch. +- 2021-06-28: omkafka improvements + - drain librdkafka queues and retry later during rsyslog restart or hup. This + re-injects messages into rsyslog's native queues. + - add statsname on per kafka instance for better visibility + - omkafka - count errors related ssl as "errors_ssl" + Thanks to Nelson Yen for the patch. +- 2021-06-23: some CI/QA improvements, Travis-CI disabled + For the time being, Travis CI is disabled because it was outdated and Travis also + changed their system. We will re-evaluate if we re-enable it. Since quite a while + the Travits tests were redundant with the rest of CI, so this does not reduce + coverage. +- 2021-06-23: omhttp bugfix: dynrestpath param in batch mode invalid + When batchmode was used, the templates could not be used to + expand dynrestpath. We are now storing the restpath param + within the batch data if we are in batch mode. + When we are in batch mode, and the restpath value changes, the + batch is submitted and reinitialized + closes: https://github.com/rsyslog/rsyslog/issues/4567 +- 2021-06-17: add predefined template RSYSLOG_SyslogRFC5424Format + This is essentially the same as RSYSLOG_SyslogProtocol23Format with + a better name and a fix to remove the unnecessary LF at the end of + the message. + The different name also enables us to fix the LF issue without + any concern about backwards compatibility. + closes https://github.com/rsyslog/rsyslog/issues/4384 +- 2021-06-17: impstats/bugfix: _sender_stats reports integer counter as string + Note that this introduces a small backwards incompatibility: in previous output + the field was of string type, now it is integer (as intended). We discussed this + on the mailing list and the overwhelming thought was that this is not a problem + because almost all analysis backends are able to cover that format change. This made + the bugfix essentially costmetic. + HOWEVER, if you still experience issues, please let us know. We can add an option + to provide the previous format, and just spared to do so because there was no + evidence it was needed. +---------------------------------------------------------------------------------------- +Scheduled Release 8.2106.0 (aka 2021.06) 2021-06-15 +NOTE: the prime new feature is support for TLS and non-TLS connections +via imtcp in parallel. Furthermore, most TLS parameters can now be overriden +at the input() level. The notable exceptions are certificate files, something +that is due to be implemented as next step. +- 2021-06-14: new global option "parser.supportCompressionExtension" + This permits to turn off rsyslog's single-message compression extension + when it interferes with non-syslog message processing (the parser + subsystem expects syslog messages, not generic text) + closes https://github.com/rsyslog/rsyslog/issues/4598 +- 2021-05-12: imtcp: add more override config params to input() + It is now possible to override all module parameters at the input() level. Module + parameters serve as defaults. Existing configs need no modification. +- 2021-05-06: imtcp: add stream driver parameter to input() configuration + This permits to have different inputs use different stream drivers + and stream driver parameters. + closes https://github.com/rsyslog/rsyslog/issues/3727 +- 2021-04-29: imtcp: permit to run multiple inputs in parallel + Previously, a single server was used to run all imtcp inputs. This + had a couple of drawsbacks. First and foremost, we could not use + different stream drivers in the varios inputs. This patch now + provides a baseline to do that, but does still not implement the + capability (in this sense it is a staging patch). + Secondly, we now ensure that each input has at least one exclusive + thread for processing, untangling the performance of multiple + inputs from each other. + see also: https://github.com/rsyslog/rsyslog/issues/3727 +- 2021-04-27: tcpsrv bugfix: potential sluggishnes and hang on shutdown + tcpsrv is used by multiple other modules (imtcp, imdiag, imgssapi, and, + in theory, also others - even ones we do not know about). However, the + internal synchornization did not properly take multiple tcpsrv users + in consideration. + As such, a single user could hang under some circumstances. This was + caused by improperly awaking all users from a pthread condition wait. + That in turn could lead to some sluggish behaviour and, in rare cases, + a hang at shutdown. + Note: it was highly unlikely to experience real problems with the + officially provided modules. +- 2021-04-22: refactoring of syslog/tcp driver parameter passing + This has now been generalized to a parameter block, which makes it much cleaner and + also easier to add new parameters in the future. +- 2021-04-22: config script: add re_match_i() and re_extract_i() functions + This provides case-insensitive regex functionality. + closes https://github.com/rsyslog/rsyslog/issues/4429 +---------------------------------------------------------------------------------------- +Scheduled Release 8.2104.0 (aka 2021.04) 2021-04-20 +- 2021-04-19: new contributed module imhiredis + Thanks to Théo Bertin (frikilax) for the patch. +- 2021-04-19: new built-in function get_property() to access property vars + Provides ability to evaluate a rsyslog variable using dynamically + evaluated parameters. + 1st param is the rsyslog param, 2nd param is a key, can be an array + index or key string. + Useful for accessing json sub-objects, where a key + needs to be evaluated at runtime. Can be used to access arrays as well. + Thanks to Nelson Yen for contributing this module. +- 2021-04-19: mmdblookup: add support for mmdb DB reload on HUP + Thanks to Théo Bertin (frikilax) for the patch. +- 2021-04-19: script bugfix: empty array in foreach() improperly handled + When running a foreach() loop inside a ruleset, if the json array/object iterated + over is empty but valid, the foreach will make the message processing in the + ruleset abort operation, no following operation (such as actions) will be + executed after this. + Thanks to Théo Bertin (frikilax) for the patch. +- 2021-04-19: imjournal bugfixes (handle leak, empty file) + Flush the FILE* buffer before rename & fsync in order + to not end up syncing an empty file. + Also, close WorkDir on fsync in order to prevent + file descriptor leakage. + Thanks to github user gerd-rausch for the fix. +- 2021-04-06: new contributed function module fmunflatten + This commit adds a new rainerscript function to unflatten keys in a JSON tree. It + provides a way to expand dot separated fields. + <result> = unflatten(<source-tree>, <key-separator-character>); + It allows for instance to produce this: { "source": { "ip": "1.2.3.4", "port": 443 } } + from this source data: { "source.ip": "1.2.3.4", "source.port": 443 } + Thanks to Julien Thomas for the contribution. +- 2021-02-22: test bugfix: some tests did not work with newer TLS library versions + Newer versions provide TLS versions that cannot be disabled in older versions as they + are unknown there. This is solved by setting restrictions in multiple steps. For + older library versions, the final step will error out, but the other one be applied. + This permits to achieve proper test results. + closes: https://github.com/rsyslog/rsyslog/issues/4534 +- some improvements to project CI +---------------------------------------------------------------------------------------- +Scheduled Release 8.2102.0 (aka 2021.02) 2021-02-16 +- 2021-02-15: omfwd: add stats counter for sent bytes + Thanks to John Chivian for suggesting this feature. +- 2021-02-15: omfwd: add error reporting configuration option + RSyslog on a plain TCP cannot guarantee the message delivery + without using RELP protocol. Besides that the logs may be + flooded with connection errors making the rest of messages + difficult to find. To alleviate the problem (see issue 3910), + this patch adds a configuration option that enables to reduce + the number of network errors logged and reported. + For example, if each 10th network error message should be logged, + the rsyslog configuration has to be updated as follows. + action(type="omfwd" Target="<IP_ADDR>" Port="<PORT>" Protocol="tcp" ConErrSkip="10") + Thanks to Libor Bukata for the patch. +- 2021-02-15: action stats counter bugfix: failure count was not properly incremented + In some cases the counter was not incremented, most notably with transaction-enabled + actions. + Thanks to github user thinkst-marco for the patch. +- 2021-02-15: action stats counter bugfix: resume count was not incremented + And so it always stayed at zero. + Thanks to github user thinkst-marco for the patch. +- 2021-02-15: omfwd bugfix: segfault or error if port not given + If omfwd is configured via RainerScript config format and the "port" + parameter is not given, a segfault will most likely happen on + connection establishment for TCP connections. For UDP, this is + usually not the case. + Alternatively, in any case, errors may happen. + Note that the segfault will usually happen right on restart so this + was easy to detect. + We did not receive reports from practice. Instead, we found the bug + while conducting other work. +- 2021-01-29: lookup table bugfix: data race on lookup table reload + A data race could happen when a lookup table was reloaded. We found + this while moving to newer version of TSAN, but have no matching + report from practice. However, there is a potential for this to cause + a segfault under "bad circumstances". +- 2021-01-18: testbench modernization + Bump dependency versions, use newer distro versions for some tests. + Make kafka distcheck separate to help diagnose flaky kafka tests. +- 2021-01-16: testbench: fix invalid sequence of kafka tests runs + kafka tests can not run well in parallel (mostly due to ressource + constraints on CI machines). Accidentally, this was not enforced for + one of the tests. That could lead to random failures and false positives. +- 2021-01-14: testbench: fix kafkacat issues + The kafkacat tool has an upper limit of how many messages it can send + at once. Going over that limit causes messages loss. The exact limit + seems to depend on the environment. This causes testbench false positives. + This commit fixes two related issues: + - errors during kafkacat run were not detected - this has been added + - we now have a "max messages at once" setting, after which kafkacat + is restarted for the next batch of messages. It currently is set + to 25,000 msgs per incarnation. All tests loop now to send the + required number of messages. This has been fixed at the testbench + framework level, so no need to adjust individual tests. +- 2021-01-14: testbench: fix year-dependendt clickhouse test + A test had the year value hardcoded and as such failed whenever the + year changed. This patch corrects that. +---------------------------------------------------------------------------------------- +Scheduled Release 8.2012.0 (aka 2020.12) 2020-12-08 +- 2020-12-07: testbench bugfix: some tests did not work in make distcheck + - certificate file missing in dist tarball + - some test cases did not properly specify path to cert file + Thanks to Michael Biebl for alerting us and providing part of + the fix. + closes https://github.com/rsyslog/rsyslog/issues/4446 +- 2020-12-07: immark: rewrite with many improvements + - mark message text can now be specified + - support for rulesets + - support for using syslog API vs. regular internal interface + - support for output template system + - ability to specify is mark message flag can be set + - minor changes and improvements +- 2020-11-30: usability: re-phrase error message to help users better understand cause + see also https://github.com/rsyslog/rsyslog/issues/3910 +- 2020-11-10: add new system property $now-unixtimestamp + Among others, this may be used as a monotonic counter + for doing load-balancing and other things. + Thanks to Nicholas Brown for suggesting this feature. +- 2020-11-04: omfwd: add new rate limit option + Adding new rate limit option to omfwd for rate limiting + syslog messages sent to the remote server + ratelimit.interval: + Specifies the rate-limiting interval in seconds. + Default value is 0, which turns off rate limiting. + ratelimit.burst + Specifies the rate-limiting burst in number of messages. + closes https://github.com/rsyslog/rsyslog/issues/4423 + Thanks to Dinesh-Ramakrishnan for the patch. +- 2020-11-03: omfwd bug: param "StreamDriver.PermitExpiredCerts" is not "off" by default + The default behaviour of expired certificates of stream driver in TLS mode, should + have been that the see tcp transmission is closed due to expired certificates, and + error messages emited in rsyslog status. This was not the case. That in turn could + lead to permitting sessions which should not be permitted. + Thanks to Vincent Zhu for alerting us and providing a great problem analysis + closes: https://github.com/rsyslog/rsyslog/issues/4425 +---------------------------------------------------------------------------------------- +Scheduled Release 8.2010.0 (aka 2020.10) 2020-10-20 +- 2020-10-13: gnutls TLS subsystem bugfix: handshake error handling + If the tls handshake does not immediatelly finish, gnutls_handShake is called in + doRetry handler again. However the error handling was not + complete in the doRetry handler. A failed gnutls_handShake call + did not abort the connection and properly caused unexpected + problems like in issues: + https://github.com/rsyslog/rsyslog/issues/4270 + https://github.com/rsyslog/rsyslog/issues/4288 +- 2020-10-13: core/msg bugfix: memory leak + There is a missing call to json_object_put(json) if the call to + jsonPathFindParent() failed. It's leaking memory. Depending on workload and config, + this leak can potentially grow large (albeit we did not see reports from practice). + Thanks to Julien Thomas for the patch. +- 2020-10-13: core/msg bugfix: segfault in jsonPathFindNext() when <root> not an object + The segfault gets happens when <bCreate> is 1 and when the <root> + container where to insert the <namebuf> key is not an object. + Here is simple reproducible test case: + // ensure we start fresh + // unnecessary if there was no previous set + unset $!; + set $! = ""; + set $!event!created = 123; + Thanks to Julien Thomas for the patch. +- 2020-10-13: openssl TLS subsystem: improvments of error and status messages + Adding error logs at the ssl handshake failure scenarios. + Adding the header "nsd_ossl:" tag to these logs to identify + the origin module from which logs are generated. + Thanks to Anusha Pai G for the patch. +- 2020-10-06: add 'exists()' script function to check if variable exists + This implements a way to check if rsyslog variables (e.g. '$!path!var') is + currently set of not. + Sample: if exists($!somevar) then ... + closes https://github.com/rsyslog/rsyslog/issues/4385 +- 2020-10-03: core bugfix: do not create empty JSON objects on non-existent key access + Performing a condition (eg: check for an empty string) on a subtree key that do not + exists (depth > 1 from the root container), creates an empty "parent" object. + Depending on your context, you may end up with (kind of...) annoying garbage when + producing object documents (for instance to index in ES). + Also fixes a hypothetical hang condition with an almost (?) unused plugin parameter + passing mode, for details see + https://github.com/rsyslog/rsyslog/issues/4436 + closes https://github.com/rsyslog/rsyslog/issues/4430 + Thanks to Julien Thomas for the patch. +- 2020-09-28: gnutls subsysem bugfix: potential hang on session closure + Some TLS servers don't reply to graceful shutdown requests "for + optimization". This results in rsyslog's omfwd+gtls client to wait + forever for a reply of the TLS server which never comes, due to shutting + down the connection with gnutls_bye(GNUTLS_SHUT_RDWR). + On systemd systems, commands such as "systemctl restart rsyslog" just + hang for 1m30 and rsyslogd gets killed upon timeout by systemd. + This is fixed by replacing the call to gnutls_bye(GNUTLS_SHUT_RDWR) by calls to + gnutls_bye(GNUTLS_SHUT_WR) which is sufficient and doesn't wait for a + server reply. + As an example, Kiwi Syslog server is known to cause this issue. + Thanks to Renaud Métrich for the patch. +- 2020-09-23: core/network bugfix: obey net.enableDNS=off when querying local hostname + Local hostname resolution used DNS queries even if the enableDNS was set to off, and + this could cause unexpected delays in the HUP signal handling if the DNS server was + not responsive. + Thanks to Samu Nuutamo for the fix. +- 2020-09-14: core bugfix: potential segfault on query of PROGRAMNAME property + A data race can happen on variable iLenProgram as it is not guarded + by the message mutex at time of query. This can lead to it being + non -1 while the buffer has not yet properly set up. + Thanks to Leo Fang for alerting us and a related + patch proposal. + replaces https://github.com/rsyslog/rsyslog/pull/4300 +- 2020-09-14: imtcp bugfix: broken connection not necessariy detected + Due to an invalid return code check, broken TCP sessions could not + necessarily be detected "right in time". This can result is the loss + of one message. + closes https://github.com/rsyslog/rsyslog/issues/4227 + Thanks to Leo Fang for the patch. +- 2020-09-14: new module: imhttp - http input + permits to receive log data via HTTP. + uses http library to provide http input. + user would need to configure an 'endpoint' as input, along + with a ruleset, defining how the input should be routed in + rsyslog. + Thanks to Nelson Yen for contributing this module. +- 2020-09-11: mmdarwin bugfix: potential zero uuid when reusing existing one + - fix a use-after-free variable during darwin uuid message extraction + - improve debug/output by logging uuid parse errors + Thanks to github user frikilax for the patch. +- 2020-09-10: imdocker bugfix: build issue on some platforms + An invalid variable type was used, leading to compile errors at least on + all platform that use gcc 10 and above. Otherwise, however, it looks like the + issue caused no real harm. +- 2020-09-07: omudpspoof bugfix: make compatbile with Solaris build + Thanks to Dagobert Michelsen for the patch. +- 2020-09-03: testbench fix: python 3 incompatibility +- 2020-09-02: core bugfix: segfault if disk-queue file cannot be created + When using Disk Queue and a queue.filename that can not be created + by rsyslog, the service does not switch to another queue type as + supposed to and crashes at a later step. + closes: https://github.com/rsyslog/rsyslog/issues/4282 +- 2020-08-26: cosmetic: fix dummy module name in debug output + When we have optional components (like imjournal) a dummy module + is used. It's sole purpose is to emit "this module is not available". + During init, the module emitted an invalid module name into the debug + log. This has now been replaced by the generic term "dummy". + Note: it is highly unlikely that someone will ever see that message + at all, as it is unlikely for the dummy modules to be build. + see also: https://github.com/rsyslog/rsyslog/commit/84a7e3d80b80106dcc86c273ed8cf78a6c11c722#r41782830 + Thanks to Thomas D. (whissi) for the patch. +- 2020-08-26: config bugfix: intended warning emitted as error + When there are actions configured after a STOP, a warning should be + emitted. In fact, an error message is generated. This prevents the + construct, which may have some legit uses in exotic settings. It + may also break older configs, but as the message is an error + for so long now, this should be no longer of concern. +---------------------------------------------------------------------------------------- +Scheduled Release 8.2008.0 (aka 2020.08) 2020-08-25 +- 2020-08-25: imdocker bugfix: error reporting not always correct + A wrong function to obtain the error code was used. This + could lead to invalid error messages. + Thanks to Steve Grubb for the bug report and fix proposal. + closes https://github.com/rsyslog/rsyslog/issues/4381 +- 2020-08-25: imptcp: add max sessions config parameter + The max is per-instance, not global across all instances. + There is also a bugfix where if epoll failed I think we could leave a + session linked in the list of sessions, this code unlinks it. + Thank to Alfred Perlstein for the patch. +- 2020-08-24: omelasticsearch bugfix: reply buffer reset after health check + The issue happens when more than one server is defined on the + action. On that condition a health check is made through + checkConn() before sending the POST. The replyLen should be + set back to 0 after the health check, otherwise the response + data received from the POST gets appended to the end of the + last health check. + Thanks to Julien Thomas for the patch. +- 2020-08-14: omfile: do no longer limit dynafile cache size in legacy format + When using obsolete legacy config format, omfile had a hard limit of + 1,000 dynafile cache entries. This does not play well with very + large installation. This limit is now removed and converted into + a warning if cache size > 25,000 is specified. + Note: the problem can easily be worked-around by using modern + config format (RainerScript). + closes: https://github.com/rsyslog/rsyslog/issues/4241 +- 2020-08-13: imudp: fix very small, static memory leak + When ruleset support was used, the ruleset name was not freed upon rsyslog + termination. While this has no consequences for regular runs, it generates + leak errors under memory debuggers and as such makes debugging harder than + necessary. + Thanks to github user frikilax for the patch. +- 2020-08-13: omelasticsearch: add parameter skipPipelineIfEmpty + When POST'ing a document, Elasticsearch does not allow an empty pipeline + parameter value. This patch introduces boolean option skipPipelineIfEmpty + to the omelasticsearch action. When set to true, the pipeline parameter + won't be posted. Default is false so we do not modify current behavior. + Thanks to Julien Thomas for the patch. +- 2020-08-12: systemd service file removed from project + This was done as distros nowadays have very different service files and it no + longer is useful to provide a "generic" (sic) example. + see also: https://github.com/rsyslog/rsyslog/issues/4333 +- 2020-08-11: gnutls TLS driver bugfix: EKU check not done properly + When the server accepted a new connection, it did not properly set the + dataTypeCheck field based on the listening socket. That resulted in + skipping ExtendedKeyUsage (EKU) check on the client. + Thanks to Daiki Ueno for the patch. +- 2020-08-06: MMDARWIN:: improve configuration flexibility and UUID fix + -t pu now able to get fields from local variables ($.) + - now able to configure a custom root container for mmdarwin fields + - now able to put nested keys ($!key1!key2) + - don't regenerate a UUID each time, but instead check if one exists before + creating it (allow successive calls without losing previous UUID) + Thanks to github user frikilax for the contribution. +- 2020-08-06: add --enable-imjournal=optional ./configure option +- 2020-08-06: IMPCAP::Fixes: segfault, memory and build corrections + * fix bug in ethernet packets parsing + * fix removes build error with gcc10: 'multiple definition of...' + * resolve memory leak during interface init failure (device not freed after post-create error) + * add test 'impcap_bug_ether' to prove ethernet parser fix is working + Thanks to github user frikilax for the contribution. + closes https://github.com/rsyslog/rsyslog/issues/4332 +- 2020-07-14: CI: add support for github actions +- 2020-07-14: imklog: add ruleset support + see also: https://github.com/rsyslog/rsyslog/issues/4344#issuecomment-658001854 + see also: https://github.com/rsyslog/rsyslog/issues/106 +- 2020-07-06: config system fix: ChkDisabled method to make config.enabled work + There was wrong negation in the method so it returned 0/1 in reverse + and also it did not mark the node to not be reported as unknown at all + times which is needed after all. + Thanks to Jiri Vymazal for the patch. +---------------------------------------------------------------------------------------- +Scheduled Release 8.2006.0 (aka 2020.06) 2020-06-23 +- 2020-06-22: queue: permit ability to double size at shutdown + This prevents message loss due to "queue full" when re-enqueueing data + under quite exotic settings. + see also https://github.com/rsyslog/rsyslog/issues/3941#issuecomment-549765813 + closes https://github.com/rsyslog/rsyslog/issues/4020 +- 2020-06-22:Fixing imfile segfaulting on selinux denial + If imfile is denied access to file watched trough symlink there is + unchecked condition resulting in access to not initialized memory. +- 2020-06-22: openssl: Fixed memory leak when tls handshake failed. + closes: https://github.com/rsyslog/rsyslog/issues/4319 +- 2020-06-22: change systemd service file to wait for network + now that rsyslog is usually only installed for real syslog servers, + we should assume that some network listening or forwarding happens + on start. As such we need to start a bit later, after the network. + This poses no problem as systemd nowadays comes with journal which + is in almost all cases configured to buffer log data while + rsyslog is not yet running. + see also https://github.com/rsyslog/rsyslog-pkg-rhel-centos/issues/72 +- 2020-06-22: NEW INPUT MODULE:: impcap, network packets input parser + Thanks to github user frikilax for the contribution. +- 2020-06-22: ksi bugfix: Optimized code in KSI module initialization fixed. + KSI module initialization will not stuck in infinite loop when code is + built with optimization -O2. +- 2020-06-05: operatingstatefile bugfix: month was given too low + The month was printed with the range 0 (January) to 11 (December). + This has now been corrected. + closes https://github.com/rsyslog/rsyslog/issues/4292 +- 2020-06-05: build system: add "optional" build functionality to some components + Nameley: + --enable-libdbi=optional + --enable-mmdblookup=optional + --enable-imkafka=optional + --enable-omkafka=optional + If used, builds a dummy module which just emits a "module not supported + on this platform" error message when loaded. + Primary use case for this system is Debian-ish builds on SUSE OBS, + where we prefer to have a single package definition for all versions + (else things get much more complicated). +- 2020-05-23: config system bugfix: backticks cat segfault if file cannot be opened + when a `cat <filename>` construct is used in rsyslog.conf and <filename> can not + be accessed (does not exist, no permissions, ...), rsyslog segfaults. + Thanks to Michael Skeffington for notifying us and providing root cause analysis. + closes https://github.com/rsyslog/rsyslog/issues/4290 +- 2020-05-15: imtcp bugfix: octet framing/stuffing problem with discardTruncatedMsg on + When "discardTruncatedMsg" was enabled in imtcp, messages were incorrectly + skipped if the last character before the truncation was the LFdelimiter. + Also adds two testbench tests for this case. + closes: https://github.com/rsyslog/rsyslog/issues/4281 +- 2020-05-12: ompipe bugfix: race during HUP + When HUP was received, the write mutex was not acquired. This could + lead to unexpected invalidation of the output file descriptor. + Thanks to Julien Thomas for alerting us on this issue. + see also https://github.com/rsyslog/rsyslog/pull/4136#issuecomment-578326278 +- 2020-05-12: ompipe: add action parameter tryResumeReopen + Sometimes we need to reopen a pipe after an ompipe action gets + suspended. Sending an HUP signal to rsyslog does the job but requires + an interraction with rsyslog. The patch adds support for a new boolean + option, tryResumeReopen, for the ompipe action. It mimics what an HUP + signal would do. + Thanks to Julien Thomas for the patch. +- 2020-05-12: imjournal: remove strcat call + Thanks to Jeff Marckel for the patch. +- 2020-05-12: build system: libzcmq version requirement needs to be bumped + Thanks to Thomas Deutschmann for pointing this out. + closes https://github.com/rsyslog/rsyslog/issues/3957 +- 2020-05-12: testbench: download ElasticSearch binaries from rsyslog.com + The official ElasticSearch download site sometimes denies the download. +- 2020-05-11: openssl netstream driver bugfix: context leak + The context object was not properly freed. + Thanks to Michael Zimmermann for the fix. +- 2020-05-11: omhttp: Add support for multiple http headers + Allows the inclusion of multiple http headers on the REST call. + Thanks to callmegar for the patch. +- 2020-04-29: core bugfix: group id could not be obtained for very large groups + Thanks to github user emilbart for the patch. +- 2020-04-29: testbench additions (relp broken connection test) +- 2020-04-29: omudpspoof bugfix: issues with oversized messages + First issue was an incorrect packet length in UDP Header. It has to be the FULL UDP Packet + regardless of the MTU Setting. As a result regardless of IP fragmentation, the MTU setting + also limited the siizmax size of the UDP message. + The second issue was incorrect calculation of the UDP Checksum with libnet if + IP fragmentation was used (Based on MTU Setting). As a result, the network packets were + dropped by the tcp stack before they even could reach there target. The workarround for this + problem is, that we set the UDP Checksum to 0x0000 which allows skipping of the checksum + test. Fixing the problem by calculating the correct UDP Checksum would require some + code changes in the libnet. + Also fixed the omudpspoof bigmsg test and increased the testing size to 16KB. +- 2020-04-29: omprog: fix assert failed on HUP with output flag + If the 'output' setting of omprog was used and rsyslog received a HUP + signal just after starting (and before the omprog action received the + first log to process), an internal assertion could fail, causing + rsyslog to terminate. The failure message was "rsyslogd: omprog.c:660: + closeOutputFile: Assertion `pCtx->bIsRunning' failed." + The failure could also occur if rsyslog received a HUP signal during + the shutdown sequence. + This bug was introduced in v8.2004 by PR https://github.com/rsyslog/rsyslog/pull/4255 + Although a test already existed that checked the interaction of HUPs + with the 'output' setting, it didn't always fail in this particular case + due to timing conditions. The test has been improved to cover this case + more reliably. + Thanks to Joan Sala Isern for the patch. +---------------------------------------------------------------------------------------- +Scheduled Release 8.2004.0 (aka 2020.04) 2020-04-28 +- 2020-04-28: ksi bugfix: When KSI module is suddenly closed, files are finalized + In async. mode all pending signature requests are closed immediately and + unsigned block marker is attached with message about sudden closure. + Similar approach is used for blocks that already contain some records. + Empty blocks are just closed without any metadata. + Thanks to Taavi Väljaots for the patch. +- 2020-04-28: ksi bugfix: Signer thread initialization is verified before usage. + When signer thread is created in rsksiInitModule thread successful + initialization is verified before returning the function. This will + prevent adding records to not initialized module and in case of an + error signature files opened will contain only magic bytes. + Thread flags replaced with thread state. + When init module fails, module is disabled. + Thanks to Taavi Väljaots for the patch. +- 2020-04-28: ksi bugfix: Hardcoded default hash algorithm replaced with 'default' + Instead of hardcoded SHA-256 KSI_getHashAlgorithmByName("default") + is used to get default hash function. + Function rsksiSetHashFunction and SetCnfParam updated. + Thanks to Taavi Väljaots for the patch. +- 2020-04-28: imfile bugfix: poential segfault in stream object on file read + - if cstrLen(pThis->prevMsgSegment) > maxMsgSize then len calculation + become negative if cstrLen(thisLine) < cstrLen(pThis->prevMsgSegment) + This causes illegal access to memory location and thus causing segfault. + - assigning len = 0 if cstrLen(pThis->prevMsgSegment) > maxMsgSize so that + it access the correct memory location. + Thanks to github user jaankit +- 2020-04-28: openssl TLS drivers: made more reliable for older openssl versions + OpenSSL can retry some failed operations, but older versions need an explicit + opt-in to do so. This is now done. +- 2020-04-28: omprog: fix bad fd errors in daemon mode + When omprog was used with the 'forceSingleInstance=on' option, and/or + the 'output' setting, "bad file descriptor" errors occurred, which + prevented the external program to be executed and/or the program output + to be correctly captured. The bug could also manifest as "resource + temporarily unavailable" errors, or other errors related to the use of + invalid/reassigned file descriptors. These errors only happened when + rsyslog ran in daemon mode (i.e. they didn't happen if rsyslogd was + run with the '-n' option). + The cause of the bug was that omprog opened the pipe fds needed by + these flags during the configuration load phase (in the 'newActInst' + module entrypoint). This is a bad place since the fork of the daemon + occurs after this phase, and all fds are closed when the daemon process + is started (see 'initAll' in rsyslogd.c), hence invalidating the + previously opened fds. + To correct this, the single child process and the output capture thread + are now started later, when the first log message is received by the + first worker thread. (Note: the 'activateCnf' module entrypoint, despite + being invoked after the fork, cannot be used for this purpose, since it + is invoked per module, not per action instance.) + Currently no automated test exists for this use case since the testbench + always runs rsyslog in non-daemon mode. + Affected versions: v8.38 and later + closes: https://github.com/rsyslog/rsyslog/issues/4247 + Thanks to Joan Sala Isern for the patch. +- 2020-04-28: omfile bugfix: $outchannel split log lines at rotation time +- 2020-04-17: openssl: add support for libreSSL + Disable use of "@SECLEVEL" in default cipher string and + avoid SSL_CONF_CTX_set_flags() API when LIBRESSL is used. + This means tlscommands will not work. + closes: https://github.com/rsyslog/rsyslog/issues/4210 +- 2020-03-04: imudp bugfix: build problems on some Linux kernel versions + Thanks to Wen Yang for the patch. +- 2020-03-02: conf output bugfix: -o produces missing space between call and rulename + Thanks to Tetiana Ohnieva for the patch. + closes https://github.com/rsyslog/rsyslog/issues/3761 +---------------------------------------------------------------------------------------- +Scheduled Release 8.2002.0 (aka 2020.02) 2020-02-25 +- 2020-02-25: imfile: add per minute rate limiting + Add MaxBytesPerMinute and MaxLinesPerMinute options. + These take integer values and, respectively, limit the number + of bytes or lines that may be sent in a minute. + This can be used to put a limit on the count or volume of logs + that may be sent for an imfile. + Thanks to Greg Farrell for the patch. +- 2020-02-24: core: add global parameter "security.abortOnIDResolutionFail" + This parameter controls whether or not rsyslog aborts when a name ID + lookup fails (for user and group names). This is necessary as a security + measure, as otherwise the wrong permissions can be assigned or privileges + are not dropped. + CHANGE OF BEHAVIOR + The default for this parameter is "on". In previous versions, the default + was "off" (by virtue of this parameter not existing). As such, existing + configurations may now error out. + We have decided to accept this change of behavior because of the potential + security implications. + closes https://github.com/rsyslog/rsyslog/issues/4164 +- 2020-02-24: openssl TLS driver bugfix: chained certificates were not accepted + This was supported since always inside GnuTLS driver, but was missing for openssl one. +- 2020-02-24: core bugfix: too early parsing of incoming messages + In theory, rsyslog should call parsers on the queue worker threads whenever + possible. This enables the parsers to be executed in parallel. There are + some cases where parsers needs to be called earlier, namely when parsed + data is needed for rate-limiting. + The logic to do this previously did not work correctly and was fixed six + years ago (!) by b51dd22. Unfortunately, b51dd22 was overly agressive: + it actually makes the early parser call now mandatory, effectively moving + parsing to the input side where there is no to little concurrency. + We still do not need to call the parser when all messages, regardless of + severity, need to be rate-limited. This is the default and very frequent + case. This patch introduces support for this and as such makes parsers + able to run in parallel in the frequent case again. + closes https://github.com/rsyslog/rsyslog/issues/4187 +- 2020-02-20: testbench bugfix: two minor issues in omkafkadynakey.sh test + lead to false positives during test runs (depending on circumstances) + closes: https://github.com/rsyslog/rsyslog/issues/4134 +- 2020-02-20: testbench: set max extra data length for tcpflood from 200 to 512KiB + Added a imrelp test for big messages (256KB). + closes: https://github.com/rsyslog/rsyslog/issues/4158 +- 2020-02-20: config system bugfix: 'config.enabled' directive oddities + Previously the directive was processed way too late which caused false + errors whenever it was set to 'off' and possibly other problems. + Thanks to Jiri Vymazal for the patch. +- 2020-02-09: imfile bugfix: timeout did not work on very busy system + The timeout feature was soley based on timeouts of the poll() + system call. On a very busy system, this would probably happen + very seldomly. Moreover, the timeout could occur later than + expected on any system with high load. + The issue was not reported from practice but discovered during + CI system improvements. +- 2020-01-30: build system: change --enable-imfile-tests default to "yes" + This was accidentally set to "no" some time ago (actual commit unknown). Tests for + imfile should by default run when imfile is enabled. + see also https://github.com/rsyslog/rsyslog/issues/4120 +- 2020-01-27: build system: add option --enable-gnutls-tests + This enables us to build GNUtls support but not necessarily + test it in CI. This is useful for some specialised subcomponent + test. The default is enabled if gnutls is enabled and disabled if not. +- 2020-01-26: testbench: new test for loadbalancing via global vars + This is a popular functionality which had not been routinely tested + in the past. +- 2020-01-26: mmdblookup bugfix: invalid data returned when no entry found + Since the upgrade of the package libmaxminddb on FreeBSD (1.3.2_2 -> 1.4.2), + the module mmdblookup returns the first entry of the mmdb database even if the entry + is not found. After some debug, I found the solution in the official maxminddb + repository : to check if the entry is in database, we must check the found_entry + attribute, otherwise the function MMDB_get_entry_data_list will return the first + entry of the database if the entry is not found in it. + Thanks to Kevin Guillemot for the patch. +- 2020-01-23: oversize message log bugfix: do not close fd -1 + The oversize message log fd is always closed on HUP, even if it never + was opened (and thus has -1 value). This patch corrects the issue. + The bug had no know-bad effect in practice other than getting an + (ignored) error status from close(). However, it introduced warnings + in test runs (e.g. when running under valgrind). +- 2020-01-22: imfile bugfix: saving of old file_id for statefiles + Previously we saved old file_id unconditionally, which led to not + deleting old statefiles if files changes without rsyslog running. + Now it should work correctly. + Thanks to Jiri Vymazal for the patch. +- 2020-01-22: imfile bugfix: misadressing and potential segfault + Commit 3f72e8c introduced an invalid memory allocation size. This lead to + too-short alloc and thus to overwrite of non-owned memory. That in turn + could lead to segfaults or other hard to find problems. + The issue was detected by our upgraded CI system. We did not receive + any problem reports in practice. Nevertheless, the problem is real and + people should update affected versions to patched ones. + The bug was present in scheduled stable release 8.1911.0 and 8.2001.0. + see also: https://github.com/rsyslog/rsyslog/issues/4120 + see also: https://github.com/rsyslog/rsyslog/pull/4141 +- 2020-01-20: core bugfix: potential race during HUP + when rsyslog is HUPed immediately after startup and before it is fully + initialized, there is a potential race with the list of loaded modules. + This patch ensures no bad things can happen in that case. + Detected by LLVM TSAN, not seen in practice. +- 2020-01-20: testbench improvements and fixes + modernize tests, reduce robustness against slow machines, provide some + test framework functional enhancements, and optimize some tests. + Also includes some code changes to C testing components. Among others, + tests have slightly been speeded up by reducing the wait time at queue + shutdown. This is possible because of better overall completion checks. +---------------------------------------------------------------------------------------- +Scheduled Release 8.2001.0 (aka 2020.01) 2020-01-14 +- 2020-01-12: core bugfix: race condition related to libfastjson when using DA queue + Rsyslogd aborts when writing to disk queue from multiple workers simultaneously. + It is assumed that libfastjson is not thread-safe. + Resolve libfastjson race condition when writing to disk queue. + see also https://github.com/rsyslog/rsyslog/issues/4041 + Thanks to MIZUTA Takeshi for the fix. +- 2020-01-12: omfwd bugfix: parameter streamdriver.permitexpiredcerts did not work + closes https://github.com/rsyslog/rsyslog/issues/4098 +- 2020-01-11: Bugfix: KSI module + dynafile in asynchronous mode fixed + Thanks to Taavi Valjaots for the patch +- 2020-01-08: tls driver: add support to configure certificate verify depth + Support added in omfwd as instance parameter: + streamdriver.TlsVerifyDepth + Support added in imtcp as module parameter: + streamdriver.TlsVerifyDepth + Can be 2 or higher. + Support added into ossl driver + Support added into gtls driver + Added testcases for both drivers. + closes: https://github.com/rsyslog/rsyslog/issues/4035 +- 2020-01-08: modernization of testbench + moved some tests to newer standards, hardened them against slow testbench machines, + kafka component download improvements, and prevent dangling left-over test tool + instances from aborted tests +- 2020-01-07: tls subsystem bugfix: default for permitExpiredCerts was invalidly "on" + The problem occurred with commit 3d9b8df in December 2018 and went into + scheduled stable 8.1901.0. Unfortunately, the change in default was not detected + until a year later. This commit re-enables the previous default ("off"), which is + also the only sensible default from a security PoV. Unfortunately, new 2019 + deployments may begin to see connection rejection when usin expired certs. As + expired certs should not be used, this hopefully will not cause problems in + practice. + Thanks to Jiri Vymazal for the patch. +- 2020-01-01: testbench: improve ElasticSearch test speed + We now support re-using suitable running ES instances, which reduces the + number of restarts. +- 2019-12-31: omelasticsearch: improve curl reply buffer handling + The curl reply buffer (pWrkrData->reply) was allocated, realloced and freed with + each request. This has now been reduced to once per module, slightly increasing + overall performance. + closes https://github.com/rsyslog/rsyslog/issues/1964 +- 2019-12-31: config system: emit proper error message on $ in double-quoted string + closes https://github.com/rsyslog/rsyslog/issues/2869 +- 2019-12-30: core bugfix: rsyslog aborts when config parse error is detected + In defaut settings, rsyslog tries to continue to run, but some data + structures are not properly initialized due to the config parsing error. + This causes a segfault. + In the following tracker, this is the root cause of the abort: + see also https://github.com/rsyslog/rsyslog/issues/2869 +- 2019-12-30: fix some alignment issues + So far, this worked everywhere (for years). But it may still have + caused issues on some platforms. + closes https://github.com/rsyslog/rsyslog/issues/2608 +- 2019-12-27: core bugfix: APP-NAME fields could become empty + RFC 5424 specifies that an empty APP-NAME needs to be indicated by + "-". Instead, the field could become empty under certain conditions. + If so, outgoing 5424 messages were invalidly formatted. + This happened under quite unusual conditions, but could be seen + in practice. + closes https://github.com/rsyslog/rsyslog/issues/4043 +- 2019-12-27: core bugfix: reopen /dev/urandom file descriptor after fork on Linux + This patch updates prepareBackground() in tools/rsyslogd.c to reopen any file + descriptors used for random number generation in the child process. This fixes + an issue on Linux systems where the file descriptor obtained for /dev/urandom + by seedRandomNumber() in runtime/srutils.c was left closed after the fork. This + could be observed in procfs, where /proc/fd/ would show no open descriptors to + /dev/urandom in the forked process. /dev/urandom is reopened as the child may be + be operating in a jail, and so should not continue to use file descriptors from + outside the jail (i.e. inherited from the parent process). + I found that this issue led to rsyslog intermittently hanging during seedIV() + in runtime/libgcry.c. After the fork, the closed file descriptor number tended + to get re-assigned. randomNumber() would then read from an incorrect (although + still valid) file descriptor, and could block (depending on the state of that + file descriptor). This gave rise to the intermittent hang that I observed. + Thanks to Simon Haggett for the patch. +- 2019-12-20: imdocker bugfix: did not compile without atomic operations +- 2019-12-20: omclickhouse: new parameter "timeout" + Thanks to Pavlo Bashynskiy for the patch. +- 2019-12-20: omhiredis: add 'set' mode plus some fixes + - new mode 'set' to send SET/SETEX commands + - new parameter 'expiration' to send SETEX instead of SET commands (only applicable to 'set' mode) + - fixes to missing frees + Thanks to github user frikilax for the patch. +- 2019-12-18: relp: Add support setting openssl configuration commands. + Add new configuration parameter tls.tlscfgcmd to omrelp and imrelp. + (Using relpSrvSetTlsConfigCmd and relpCltSetTlsConfigCmd) + OpenSSL Version 1.0.2 or higher is required for this feature. + A list of possible commands and their valid values can be found in the + documentation: https://www.openssl.org/docs/man1.0.2/man3/SSL_CONF_cmd.html + The setting can be single or multiline, each configuration command is + separated by linefeed (n). Command and value are separated by + equal sign (=). Here are a few samples: + tls.tlscfgcmd="Protocol=ALL,-SSLv2,-SSLv3,-TLSv1,-TLSv1.2" + tls.tlscfgcmd="Protocol=ALL,-SSLv2,-SSLv3,-TLSv1 + MinProtocol=TLSv1.2" + Add to new testcases for librelp and tlscfgcmd. + closes https://github.com/rsyslog/rsyslog/issues/3959 +- 2019-12-18: bugfix core: potential segfault in template engine + under some circumstances (not entirely clear right now), memory + was freed but later re-used as state-tracking structures were not + properly maintained. Github issue mentioned below has full details. + Thanks to github user snaix for analyzing this issue and providing + a patch. I am committing as myself as snaix did not disclose his or + her identity. + closes https://github.com/rsyslog/rsyslog/issues/3019 + closes https://github.com/rsyslog/rsyslog/issues/4040 +- 2019-12-18: fixed some minor issues detected by clang static analyzer 9 +- 2019-12-10: core/config bugfix: false error msg when config.enabled="on" is used + When the 'config.enabled="on"' config parameter an invalid error message + was emitted that this parameter is not supported. However, it was still + applied properly. This commit removes the invalid error message. + closes https://github.com/rsyslog/rsyslog/issues/4011 +- 2019-12-03: omsnmp bugfix: "traptype" parameter invalidly rejected value 6 + "Traptype" needs to support values 0 to 6. + However, if value 6(ENTERPRISESPECIFIC) was set, an invalid error message + was emitted. Otherwise processing was correct. + This could lead to problems with automatic config deployment, + as valid configurations were invalidly reported as incorrect. + That in turn could make a deployment fail. + closes https://github.com/rsyslog/rsyslog/issues/3973 +- 2019-12-03: omsnmp: add new parameter "snmpv1dynsource" + If set, the source field from SNMPv1 trap can be overwritten + with a template, default is "%fromhost-ip%". The content should be a + valid IPv4 Address that can be passed to inet_addr(). If the content + is not a valid IPv4 Address, the source will not be set. + closes: https://github.com/rsyslog/rsyslog/issues/3991 +- 2019-12-02: imfile bugfix: state file renaming sometimes did not work properly + Now checking if file-id changes and renaming - cleaning state file + accordingly and always checking and cleaning old inode-only style + state files. + Thanks to Jiri Vymazal for the patch. +- 2019-12-02: ratelimit: increase rate limit interval parameter max value + The burst parameter in the ratelimit was increased to an unsigned int + but the interval remained an unsigned short. While it may be unusual, + there is possibly a chance to need to represent an interval longer than + about 3/4 of a day. + While here, go through and normalize all the various incarnations of + rate limiting to be explicitly unsigned int for the burst and interval. + Thanks to github user frikilax for the patch. +- 2019-12-02: ommongodb: Add other supported formats for 'time' and 'date' fields + Thanks to github user frikilax for the patch. +- 2019-12-02: imjournal bugfix: too many messages in error case + Under certain error conditions, `ignorePreviousMessages="on"` could be ignored + an existing messages be processed. + Thanks to github user 3chas3 for the patch. +- 2019-11-27: core bugfix: action on retry mangles messages + When a failed action goes into retry, template content is rendered + invalid if the action uses more than 1 template. + closes https://github.com/rsyslog/rsyslog/issues/3898 + Thanks to Mikko Kortelainen for the patch. +- 2019-11-27: testbench: improve mysql testing support + tests can now run in parallel and are hardened against several glitches +- 2019-11-22: omhttp: add basic support for Loki Rest + Loki is a new message indexer and querier from Grafana Labs. See + https://github.com/grafana/loki for details on Loki. + This change provides the initial message structure to send bulk message + payloads to the Loki Rest endpoint. omhttp, received a new bulk message + format called lokirest. Additionally, the plugin relies on the user to + provide the correct "stream" read message format. + A loki template must be json compatible and include a "stream" key of + key value tags, and a values key of an array of 2 element arrays, where + each 2 element array is the unix epoch in nanoseconds followed by an + unstructured message. + An example: + template(name="array_loki" type="string" string="{\"stream\":{\"host\":\"%HOSTNAME%\",\"facility\":\"%syslogfacility-text%\",\"priority\":\"%syslogpriority-text%\",\"syslogtag\":\"%syslogtag%\"},\"values\": [[ \"%timegenerated:::date-unixtimestamp%000000000\", \"%msg%\" ]]}") +- 2019-11-22: testbench: obtain python binary path via AM_PATH_PYTHON + see also https://github.com/rsyslog/rsyslog/issues/3853 +- 2019-11-22: omprog: detect violation of interface protocol + The spec for the omprog interaction with the program it calls specifies + that the program receives one message via one line. In other words: + it must be a string terminated by LF. + However, omprog does currently rely on a proper template to fulfill this + requirement, If the template does not provide for the LF, it is never + written. For the called program, this looks like it does not receive any + input at all. Even if it finally reads data (e.g. due to full buffer), + it will not properly be able to discern the messages. + This handling is improved with this commit. + We cannot just check the template, because at the end of the template + may by a non-constant value. As such, we do not know at config load + time if there is this problem or not. + So the correct approach is to, during runtime, check if each message + is properly terminated. For those that are not: + * we append a LF, because anything else makes matters worse + * log a warning message, at least for a sample of the messages + The warning is useful in the (expected most often) case that the template + is simply missing the LF. While appending works, it slows down processing. + As such the user should be given a chance to correct the config bug. + To avoid clutter, the warning is emitted at most once every 30 seconds. + This value is hardcoded as we do not envision a need to adjust it. Usually + users should quickly fix the template. + closes https://github.com/rsyslog/rsyslog/issues/3975 +- 2019-11-19: core queue: emit warning if parameters are set for direct queue + Direct queues do not apply queue parameters because they are actually + no physical queue. As such, any parameter set is ignored. This can + lead to unintentional results. + The new code detects this case and warns the user. + closes https://github.com/rsyslog/rsyslog/issues/77 +- 2019-11-19: imjournal bugfix: do not wait too long on recovery try + When trying to recover journal errors, imjournal waited a hardcoded + period of 10s between tries. This was pretty long and could lead to + loss of journal data. + This commit adjust it to 100ms, which should still be fully sufficient + to prevent the journal from "hammering" the CPU. + It may be worth considering to make this setting configurable - but + let's first see if there is real demand to actually do that. + closes https://github.com/rsyslog/rsyslog/issues/3969 +- 2019-11-19: mmutf8fix: enhance handling of incorrect UTF-8 sequences + 1. Invalid utf8 detection didn't handle 3 and 4-byte overlong encodings (2 + byte overlong encodings were handled explicitly by rejection E0 and E1 + start bytes). Unified checks for overlong encodings. + 2. Surrogates U+D800..U+DFFF are not valid codepoints (Unicode Standard, D92) + 3. Replacement of characters in invalid 3 or 4-bytes encodings was too + eager. It must not replace bytes which are valid UTF-8 sequences. For + example, in [0xE0 0xC2 0xA7] sequence the 0xC2 is invalid as a continuation + byte, but it starts a valid UTF8 symbol [0xC2 0xA7]. That is, with current + code processing the sequence will result in "???" but the correct result is "?§" + (provided that the replacement character is "?"). + 4. Various tests for UTF-8 invalid/valid sequences. + Thanks to Sergei Turchanov for the patch. +- 2019-11-14: imfile: add new input parameter escapeLF.replacement + The new parameter permits to specify a replacement to be configured + when "escapeLF" is set to "on". Previously, a fixed replacement string + was used ("#012"/"\n") depending on circumstances. If the parameter is + set to an empty string, the LF is simply discarded. + closes https://github.com/rsyslog/rsyslog/issues/3889 +---------------------------------------------------------------------------------------- +Scheduled Release 8.1911.0 (aka 2019.11) 2019-11-12 +- 2019-11-12: core queue: add config param "queue.takeFlowCtlFromMsg" + This is a fine-tuning option which permits to control whether or not + rsyslog shall alays take the flow control setting from the message. If + so, non-primary queues may also block when reaching high water mark. + This permits to add some synchronous processing to rsyslog core engine. + However, it is dangerous, as improper use may make the core engine + stall. As such, enabling this option requires very careful planning + of the rsyslog configuration and deep understanding of the consequences. + Note that the option is applied to individual queues, so a configuration + with a large number of queues can (and must if use) be fine-tuned to + the exact use case. + The rsyslog team strongly recommends to let the option turned off, + which is the default setting. + see also https://github.com/rsyslog/rsyslog/issues/3941 +- 2019-11-12: imrelp: add new config parameter "flowcontrol" + This permits to fine-tune the flowControl parameter. Possible values are + "no", "light", and "full". With light being the default and previously + only value. + Changing the flow control setting may be useful for some rare applications, + but be sure to know exactly what you are doing when changing this setting. + Most importantly, whole rsyslog may block and become unresponsive if you + change flowcontrol to "full". While this may be a desired effect when + intentionally trying to make it most unlikely that rsyslog needs to + lose/discard messages, usually this is not what you want. + see also https://github.com/rsyslog/rsyslog/issues/3941 +- 2019-11-11: imrelp: remove unsafe debug instrumentation + dbgprintf, which is not signal safe, was called from a signal handler + to get better understanding during debugging. While this usually works, + it can occasionally (5%) lead to a hang during shutdown. We have now + removed that debug info as it is no longer vital. + Note: this could only happen during debug runs. Production mode was + not affected. As such, this fix is only relevant to developers. + However, it caused some confusion in the following issue tracker. + see also https://github.com/rsyslog/rsyslog/issues/3941 +- 2019-11-06: ossl driver bugfix: fix wrong OpenSSL Version check + Fix OpenSSL Version check in: + - SetGnutlsPriorityString function in nsd_ossl.c + - initTLS() function tcpflood.c + See https://www.openssl.org/docs/man1.1.0/man3/OPENSSL_VERSION_NUMBER.html + for more. + This bug lead to not enabling some functionality correctly. + Removed "MinProtocol=TLSv1.1" from two testcases because MinProtocol + is only supported by OpenSSl 1.1.0 or higher and was not really + necessary for the testcases. + closes https://github.com/rsyslog/rsyslog/issues/3939 +- 2019-11-05: mmdarwin: Optimizations, new parameters, update to protocol header + - use permanent worker-dependent buffers to avoid malloc/free for each entry + - move socket structures to worker data, remove global mutex + - add log lines for parameters and general workflow + - don't send body if empty/incomplete (see new parameters) + - don't close/reopen socket every time -> let session open or create new every X + entry (see new parameters) + - clean up code + - added 'send_partial', to let mmdarwin send body if not all fields were + retrieved, or not; default false = only send complete bodies + - added 'socket_max_use' to open new session every X packet, useful for + some versions of Darwin (prior to 1.1) + default is 0 = do not open new session/keep only one + - added 'evt_id' to the darwin header (Darwin v1+ compatibility) + Note: mmdarwin is a contributed module + Thanks to github user frikilax for the patch. +- 2019-11-01: mmkubernetes bugfix: improper use of realloc() + could cause problems under extreme memory shortage - very unlikely + credits to LGTM.COM for detecting this +- 2019-10-31: imjournal: set the journal data threshold to MaxMessageSize + When data is read from the journal using sd_journal_get_data it may be + truncated to a certain threshold (64K by default). + If the rsyslog MaxMessageSize is larger than the threshold, there is a + chance rsyslog will receive incomplete messages from the journal. + Empirically, this appears to happen reliably when XZ compression is + used by journald. Systems where journald uses LZ4 compression do not + appear to suffer this issue reliably--if at all. + This change sets the threshold to the MaxMessageSize when the + journal is opened. + Thanks to Robert Winslow Dalpe for the patch. +- 2019-10-30: improg bugfix: allow improg to handle multi-line inputs + miscellaneous bug fixes in improg: + * properly truncate string after an input event is submitted + * set msgoffset to 0. + * tests added to check above fixes + Thanks to Nelson Yen for the fix. +- 2019-10-30: mmdblookup bugfix: missing space in city name + This fixes the issue that spaces in city names are dropped. However, the + fix is more or less a work-around. As it turns out, the libmaxminddb API + is not correctly used. In the somewhat longer term, we should fix this. + see also https://github.com/maxmind/libmaxminddb/issues/218 + closes https://github.com/rsyslog/rsyslog/issues/1650 +- 2019-10-30: core/queue: provide ability to run diskqueue on multiple threads + Up until this release, disk queues could only use a single thread, + what limited their performance with outputs like ElasticSearch. + Now disk queues can utilize multiple threads just like any other + queue type. Most importantly, the disk queue part of a DA queue + now inherits the max number of threads from its memory queue + counterpart. + NOTE: the new multi-threaded DA disk queue is actually a change of + behavior. We have not guarded it by a new config switch as we + assume the new behavior is most often exactly within user + expectations. In any case, we cannot see any harm from running + the disk queue on multiple threads. + see also https://github.com/rsyslog/rsyslog/issues/3543 + closes https://github.com/rsyslog/rsyslog/issues/3833 +- 2019-10-25: omfile bugfix: file handle leak + The stream class does not close re-opened file descriptors. + This lead to leaking file handles and ultimately to the inability + to open any files/sockets/etc as rsyslog ran out of handles. + The bug was depending on timing. This involved different OS + thread scheduler timing as well as workload. The bug was more + common under the following conditions: + - async writing of files + - dynafiles + - not committing file data at end of transaction + However it could be triggered under other conditions as well. + The refactoring done in 8.1908 increased the likelihood of + experiencing this bug. But it was not a real regression, the new + code was valid, but changed the timing so that the race was more + likely. + Thanks to Michael Biebl for reporting this bug and helping to + analyze it. + closes https://github.com/rsyslog/rsyslog/issues/3885 +- 2019-10-22: imfile bugfix: improper use of calloc() + could cause problems under extreme memory shortage - very unlikely + credits to LGTM.COM for detecting this +- 2019-10-22: TLS driver bugfix: improper use of calloc() + can cause problems under extreme memory shortage - very unlikely + credits to LGTM.COM for detecting this +- 2019-10-22: imuxsock bugfix: improper use of calloc() + can cause problems under extreme memory shortage - very unlikely + credits to LGTM.COM for detecting this +- 2019-10-17: build system bugfix: incorrect default in ./configure help text + closes https://github.com/rsyslog/rsyslog/issues/3904 + Thanks to Michael Biebl for pointing this out. +- 2019-10-17: mmkubernetes bugfix: improper use of calloc() + can cause problems under extreme memory shortage - very unlikely + credits to LGTM.COM for detecting this +- 2019-10-16: core queue bugfix: propagate batch size to DA queue + This was a long-standing bug where the DA queue always had a fixed small batch + size because the setting was not propagated from the memory queue. This also + removes a needless and counter-productive "debug aid" which seemed to be in + the code for quite some while. It did not cause harm because of the batch + size issue. +- 2019-10-16: testbench: fix unreliable gzipwrite test + The test was timing-sensitive as we did not properly check all data + was output to the output file - we just relied on sleep periods. + This has been changed. Also, we made some changes to the testing + framework to fully support sequence checking of multiple ZIP files. +- 2019-10-16: core queue bugfix: handle multi-queue-file delete correctly + Rsyslog may leave some dangling disk queue files under the following + conditions: + - batch sizes and/or messages are large + - queue files are comparatively small + - a batch spans more than two queue files (from n to n+m with m>1) + In this case, queue files n+1 to (n+m-1) are not deleted. This can + lead to problems when the queue is re-opened again. In extreme cases + this can also lead to stalled processing when the max disk space is + used up by such left-over queue files. + Using defaults this scenario is very unlikely, but it can happen, + especially when large messages are being processed. +- 2019-10-16: imjournal: fix regression from yesterday's patch + commit 78976a9bc059 introduced a regression that caused writing + the journal state file to fail. This happens when the state file + is given as relative file name and the working directory is also + a relative path. This situation is very uncommon. So most deployments + will never experience it. We discovered the issue during CI runs + where the trigger condition is given. Note that it also takes + multiple times of loading the journal to actually see the bug. + see also https://github.com/rsyslog/rsyslog/pull/3878 +- 2019-10-15: imjournal plugin code restructuring, added remote option + Decomposed ReadJournal() a bit, also now coupling journald + variables in one struct, added few warning messages and debug + prints to help with bug hunts in future, also got rid of two + needless journald calls. WorkAroundJournalBug now deprecated. + Added option to pull journald records from outside local machine. + Thanks to Jiri Vymazal for the patch. +- 2019-10-11: core bugfix: potential abort on very long action name + The action name is stored in modified form for the debug header and + some messages. If it is extremely long, a buffer can be overrun, + resulting in misaddressing and potential segfault for rsyslog. This + can also happen if the action is NOT named, but a custom path to + the output module is given and that path is very long. This triggers + the same issue because by default the module load path is included + in the action name. + This patch corrects the problem and truncates overly long names + when being used for name generation. + The problem was detected during testbench work. We did never receive + a bug report from practice. +- 2019-10-10: testbench: add test for mmpstrucdata with RFC5424 escape sequences +---------------------------------------------------------------------------------------- +Scheduled Release 8.1910.0 (aka 2019.10) 2019-10-01 +- 2019-10-01: core bugfix: incorrect error message on duplicate module load + A Null-pointer was passed to printf instead of the module name. + On some platforms this may lead to a segfault. On most platforms + printf check's for NULL pointers and uses the string "(null)" + instead. In any case, the module name is missing from the error message. +- 2019-10-01: imczmq nitfix: potential NULL ptr in printf on out-of-memory condition + very unlikely to happen but if it does without any real issue on most platforms. +- 2019-10-01: work around some compiler warning messages induced by pthreads API +- 2019-10-01: core ratelimiting: more verbose message when rate-limiting happens + When messages are rate-limited, the error message now also contains the + rate limiter setting. This enables the user to more quickly understand what + the problem is (especially if default values apply). + Thanks to Jiri Vymazal for the patch. +- 2019-10-01: openssl TLS driver: do not emit unnecessary error message + On older openssl versions, an API was missing to set user-defined parameters. If we + had such an older version, rsyslog emitted an error message even if the user did + not configure such parameters. This has been corrected, so that a message is only + emitted if there really is a problem. Based on user feedback the severity has also + been downgraded to "warning". +- 2019-10-01: pmcisconames (contributed module) bugfix: potential misaddressing +- 2019-09-30: pmaixforwardedfrom (contributed module) bugfix: potential misaddressing +- 2019-09-30: pmdb2diag (contributed module) bugfix: Out of bounds issue + Add a new sanity check after determining the level len. + Thanks to Philippe Duveau for the patch. + see also: https://nvd.nist.gov/vuln/detail/CVE-2019-17040 +- 2019-09-02: ability to set stricter TLS operation modes + - checking of extendedKeyUsage certificate field + - stricter checking of certificate name/addresses + Thanks to Jiri Vymazal for the patch. +- 2019-08-21: testbench: add basic test for immark +- 2019-08-20: core: do not unnecessarily set hostname on each HUP +- 2019-08-20: build system: support cross-platform build for mysql/mariadb + rsyslog fails to cross build from source, because it uses mysql_config + and mysql_config is unfixably broken for cross compilation. It would be + better to use pkg-config. The attached patch makes rsyslog try + pkg-config first and fall back to mysql_config. + Thanks to Helmut Grohne for providing a base patch. +- 2019-08-20: core/tcpsrv: potential race on startup/shutdown + if the tcpsrv component is started and quickly terminated, it may hang + for a short period of time. Also a very small amount of memory is leaked + immediately before shutdown. While this leak is irrelevant in practice + (the OS clean up the process anyways), it leads to CI failures. The hang, + however, can lead to longer than expected shutdown times for rsyslog. + The problem can be experienced via imtcp, imgssapi and imdiag (users + of affected core component). +---------------------------------------------------------------------------------------- +Scheduled Release 8.1908.0 (aka 2019.08) 2019-08-20 +- 2019-08-19: testbench: add test for $allowedSender functionality +- 2019-08-19: testbench: harden some tests against very slow CI machines +- 2019-08-16: testbench: make most tests use a port file and assign listen port 0 + This makes the test much more robust against heavily loaded test systems. +- 2019-08-16: core/action: guard action.externalstate.file content against whitespace + remove trailing whitespace before checking the status string. This is + most important as a line usually ends with \n, which is considered + trailing whitespace. Accepting this increases usability. +- 2019-08-16: imtcp bugfix: multiple listenerPortFile parameter did not work + ... because they were treated as module-global. If we had multiple imtcp + listeners with multiple port files, only the last filename was always used. + closes https://github.com/rsyslog/rsyslog/issues/3817 +- 2019-08-16: testbench: improve testbench plumbing for gzip and fail cases + We have added new capabilities to the testbench plumbing to automatically + deal with gzip-compressed files. This also permits to use the wait_seq_check + function to work for gzip tests as well. The known-timing-sensitive + gzipwr_large test now makes use of the new capabilities. This enables us + to more reliably detect when we can savely shutdown the tested instance. + This commit also adds an ability to "abort" the full testbench run on + first test failure. This is especially useful during CI. +- 2019-08-13: testbench: add test for imuxsock legacy format + This was never tested. Ensures we don't accidentally break existing + configurations. +- 2019-08-13: omelasticsearch bugfix: segfault on unknown retryRuleset + omelasticsearch does some "interesting tricks" for an output module. + This causes a segfault if the retryRuleset is now known. + The action module interface currently expects that all config errors + be detected during instance creation. Instead omelasticsearch defers + the retry ruleset check to a later state. The reason is that it wants + to support the use the same rulesetname it is defined in - and this + is not yet available at action parsing. + We fix this by ensuring that any deleted instance is properly unlinked + from the instance list. One may argue the module interface should get + upgrade for such cases, but this is a longer-term approach. + closes https://github.com/rsyslog/rsyslog/pull/3796 +- 2019-08-12: imptcp bugfix: port="0" parameter did not work as expected + when multiple interfaces and/or protocols could be bound, each of + them used a different listener ports were assigned. While this is + basically correct, it makes things unusable, especially as + listenPortFileName will only contain the port number used for + the latest listener. + This patch now follows the model of nsd_ptcp.c to assign only + the first port randomly and then use that port consistently. +- 2019-08-10: omelasticsearch bugfix: potential resource leak with "rebindinterval" + If the "rebindInterval" parameter was used connections could be linked. This + was especially the case with small intervals (such as "2"). This is fixed by + forcing libcurl to close the connection on rebind. + Thanks to Noriko Hosoi for providing the patch. +- 2019-08-10: imjournal bugfix: state file close with fsync() was incorrect + This lead to fsync() now always applied where expected. + Thanks to Jiri Vymazal for the patch. +- 2019-08-10: testbench: add addtl test for multithreading and HUP +- 2019-08-10: imptcp bugfix: received bytes counter improperly maintained + imptcp counts the number of bytes received. However, receives + happen on different worker thread. The access to the counter + was not synchronized, which can cause loss of updates. Also, + thread debuggers validly flag this as an error, which creates + problems under CI. + This commit fixes the situation via atomic operations and + falls back to mutex calls if they are not available. + Detected by LLVM thread sanitizer. + closes https://github.com/rsyslog/rsyslog/issues/3798 +- 2019-08-07: testbench: add basic tests for omusrmsg +- 2019-08-05: omhttp bugfix: enable checkpath configuration parameter + omhttp, 'checkpath' option, was not configurable in the past. + - add 'checkpath' to the cnfparamdescr table. + - fix issue with checkpath passing extra garbage characters in string. + - add 'checkpath' into unit test - omhttp-retry.sh + Thanks to Nelson Yen for the fix. +- 2019-08-05: testbench bugfix: some tests were executed when req module was missing + In actual case if --enable-impstats was not given some other tests failed. +- 2019-08-03: iminternal bugfix: race on termination + This could in theory lead to loss of shutdown messages, but was mostly a + cosmetic issues. We primarily fixed it to get TSAN-clean so that we can + utilize LLVM TSAN in CI. +- 2019-08-02: testbench: new test for omfile outchannel functionality +- 2019-08-02: core/janitor bugfix: properly maintain dynafile cache + When the janitor cleans out timed-out files, it does not + properly indicate the entry is gone. Especially when running + in async mode this can lead to use-after-free and thus + memory corruption or segfault. + see also https://github.com/rsyslog/rsyslog/issues/3756 +- 2019-08-01: omfile bugfix: race file when async writing is enabled + This seems to be a long-standing bug, introduced around 7 years ago. + It became more visible by properly closing files during HUP, which + was done in 8.1905.0 (and was another bugfix). Note that due to this + race a memory corruption can occur under bad circumstances. As such, + this may have also caused segfaults or system hangs (mutexes could + have been affected). + closes https://github.com/rsyslog/rsyslog/issues/3772 +- 2019-08-01: testbench: additional tests for HUP +- 2019-07-31: imrelp bugfix: hang after HUP + termination condition was not properly checked; this lead to + premature termination after patch 1c8712415b9 was applied. + It is open to debate if patch 1c8712415b9 changed the module + interface. Actually it looks like this was previously not + well thought out. + closes https://github.com/rsyslog/rsyslog/issues/3760 +- 2019-07-24: mmdarwin: add new module + This is a contributed module. For details see doc. + Thanks to the Advens team for contributing it. +- 2019-07-23 iminternal bugfix: suppress mutex double-unlock + If there is a burst of log messages during a time when rsyslog is unable + to output (either during log rotation, an out-of-space condition, or + some other similar condition), rsyslog can SEGFAULT due to a mutex + double-unlock. +- 2019-07-23 imtcp: enable listenPortFileName parameter + this parameter was added, but it had no effect as it was not + passed down to the driver layer. This has been fixed. That also + now enables us to use dynamically-assigned port, which are + very useful for further testbench stabilization. Quite some + false positives occurred because the pre-selected port was + already in use again when rsyslog started. +- 2019-07-19 imtcp: enable listenPortFileName parameter + this parameter was added, but it had no effect as it was not + passed down to the driver layer. This has been fixed. That also + now enables us to use dynamically-assigned port, which are + very useful for further testbench stabilization. Quite some + false positives occurred because the pre-selected port was + already in use again when rsyslog started. +- 2019-07-18 core/action: no error file written if act suspended on TX commit + when an action was already disabled while the action was tried to be + committed, no error file was written. Note that this state is highly + unlikely to happen. Most probably, it can only happen if parameter + action.externalstate.file is used. +---------------------------------------------------------------------------------------- +Version 8.1907.0 (aka 2019.07) 2019-07-09 +NOTE TO MAINTAINERS: libee is not used by rsyslog for quite some while. +However, we never included this info into the changelog. So if you still +make rsyslog depend on libee (some do this), you should stop doing so now. +Libee is dead and no longer been maintained nor hosted by us. Old versions +can still be found at github for those in need. + +GENERAL NOTE: during 8.1907 scheduled release timeframe we changed the ChangeLog +format to include the date a change went into master branch. This is to provide +an easy way to identify which changes went into the respective daily stable. + +- 2019-07-05 imuxsock: support FreeBSD 12 out of the box + FreeBSD 12 uses RFC5424 on the system log socket by default. This + format is not supported by the special parser used in imuxsock. + Thus for FreeBSD the default needs to be changed to use the + regular parser chain by default. That is all this commit does. + closes https://github.com/rsyslog/rsyslog/issues/3694 +- 2019-07-05 function bugfix: "ipv42num" misspelled as "ip42mum" (without "v") + To fix the issue but keep compatible with existing deployments + both function names are now supported. + closes https://github.com/rsyslog/rsyslog/issues/3676 +- 2019-07-04 fix leading double space in rsyslog startup messages + see also https://github.com/rsyslog/rsyslog/issues/2979 +- omamqp1: port to latest api, add tests + This brings omamqp1 up-to-date with the latest qpid-proton-c + api version. This also adds a test for the plugin, to test + the basic functionality. The test requires the user to + install qdrouterd and the python qpid-proton library in order + to use the simple_recv.py test program. + Thanks to Richard Megginson for the patch. +- omclickhouse bugfix: potential segfault on omclickhouse batchmode + segfault happened when the template did not contain the string + "VALUES". + Thanks to github user wdjwxh for the fix. +- core bugfix: message duplication copied incorrect timestamp + MsgDup() placed timereported into timegenerated property, resulting + in invalid property values. Original timegenerated was lost. This + occurred always when a message needed to be duplicated. Most + importantly this is the case when queues are used. + closes https://github.com/rsyslog/rsyslog/issues/3716 +- core bugfix: segfault on startup depending on queue file names + rsyslog will segfault on startup when a main queue file name has + been set and at least on other queue contains a file name. This + was cased by too-early freeing config error-detection data + structures. It is a regression caused by commit e22fb205a3. + Thanks to Wade Simmons for reporting this issue and providing + detailed analysis. That greatly helps fixing it quickly. + closes https://github.com/rsyslog/rsyslog/issues/3681 +- core "bugfix": alignment issue + This was not a hard error on current platforms, but a + to-be-considered compiler warning regarding invalid alignment. + While it works well on current platforms, alignment issues may + turn into real issues in future platforms. So we try to fix them + if possible. As not only a side-effect this resolves compiler + warnings even on current platforms. + This fix has some regression potential. If so, the problems + may occur during IP address resolution. + see also https://github.com/rsyslog/rsyslog/issues/2608 +- omfile bugfix: potential hang/segfault on HUP of dynafile action + when omfile was HUPed it did not sufficiently clear all dynafile + cache maintenance data structures. This usually lead to misaddressing + and could result in various issues, including a hang of rsyslog + processing or segfaults. It could also have "no effect" by pure + luck of not hitting anything important. This actually seems to + have been the most frequent case. + This seems to be a long-standing bug, but the likelihood of its + appearance seems to have been increased by commit 62fbef7 + introduced in 8.1905. Note: the commit itself has no regression, + just increases the likelihood to trigger the pre-existing bug. + special thanks to Alexandre Guédon for his help in analyzing + the issue - without him, we would probably still not know + what actually went wrong. + closes https://github.com/rsyslog/rsyslog/issues/3686 +- imjournal bugfix: potential message duplication + When journal was preloaded from previously saved cursor it was not advanced + to next entry so reading begun from last message which was therefore + duplicated. + Thanks to Jiri Vymazal for the patch. +- rfc5424 parser bugfix: leading space sometimes lost + if structured data is present a leading space in MSG field is lost +- queue subsystem bugfix: oversize queue warning message shown as error + The warning message was emitted as an error message, which is misleading + and may also break some automated procedures. +- core bugfix: HUP did not work reliable on all platforms + most notably not on FreeBSD, maybe others. The reason was obviously + different handling of signals in respect to multiple threads. +- build system bugfix: missing files in distribution tarball +- testbench + * fixed "make distcheck" settings which were missing some modules + This lead to incomplete "make distcheck" run; some errors were not + detected due to that. + * testbench framework: use ip tool instead of outdated ifconfig + The framework now first checks if "ip" is available and falls back + to "ifconfig" only if this is not the case. + Thanks to Michael Biebl for the suggestion. + closes https://github.com/rsyslog/rsyslog/issues/3682 +------------------------------------------------------------------------------ +Version 8.1905.0 (aka 2019.05) 2019-05-28 +- templates: add datatype template option for JSON generation + The new "datatype" and "onEmpty" template options permits to + generate non-string data rather easily. It works together with + jsonf formatting, which is what people should use nowadays. + closes https://github.com/rsyslog/rsyslog/issues/2827 +- config processing: check disk queue file is unique + If the same name is specified for multiple queues, the queue files + will become corrupted. This commit adds a check during config parsing. + If duplicate names are detected the config parser errors out and the + related object is not created. + Note: this may look to a change-of-behavior to some users. However, + this never worked and it was pure luck that these users did not run + into big problems (e.g. DA queues were never going to disk at the + same time). So it is acceptable to error out in this hard error case. + closes https://github.com/rsyslog/rsyslog/issues/1385 +- global config: new parameters for ruleset queue defaults + specifically: + * default.ruleset.queue.timeoutshutdown + * default.ruleset.queue.timeoutactioncompletion + * default.ruleset.queue.timeoutenqueue + * default.ruleset.queue.timeoutworkerthreadshutdown + closes https://github.com/rsyslog/rsyslog/issues/3656 +- add capability to write full config file (-o cmdline option) + Introduces the capability to create an output config file that explodes + all "includes" into a single file. This provides a much better overview + of how exactly the configuration is crafted. That could often be a great + troubleshooting aid. + This commit also contains some slight not-really-related cleanup. + closes https://github.com/rsyslog/rsyslog/issues/3634 +- queue subsystem: permit to disable "light delay mark" + New semantic: if lightDelayMark is 0, it is set to the max queue + size, effectively disabling the "light delay" functionality. + Thanks to Yury Bushmelev to mentioning issues related to light + delay mark and proposing the solution (which actually is what + this commit does). + closes https://github.com/rsyslog/rsyslog/issues/1778 +- queue subsystem: provide better user status messages + The queue subsystem now provides additional information messages which + may help a regular user to maintain system health. Most importantly, + DA queues now output when they persist queue data at end of run and + when they restart the queue based on persisted data. +- core: emit a warning message for ultra-large queue size definitions + We see error reports from users who have configured excessively large queues + and receive an OOM condition or other problems. + With that patch we generate a warning message if a queue is configured very + large. "Very large" is defined to be in excess of 500000 messages. + see also https://github.com/rsyslog/rsyslog/issues/3314 + closes https://github.com/rsyslog/rsyslog/issues/3334 +- new global config parameter "internalmsg.severity" + permits to specify a severity filter for internal message. Only + messages with this severity level or more severe are logged. + Originally this was done in rsyslog.conf as usual: you can filter + rsyslog messages on severity, just like any other. But with systemd, + we now emit primarily to the journal, and this is outside of rsyslog's + rule engine and so regular filters do not apply (at least in regard + to the journal). Logging to journal is good, because finally + folks begin to see the messages (traditional distro configs discard + them, for whatever is the reason). + This commit implements a global setting for a severity-based filter + for internal messages, before submitted to journal. So it's not 100% + of what rsyslog can do, but at least some way to customize. + see also https://github.com/rsyslog/rsyslog/issues/3639 +- config processing bugfix: error messages if config.enabled="off" is used + Using config.enabled="off" could lead to error messages on + "parameter xxx not known", which were invalid. They occurred + because the config handler expected them to be used, which + was not the case due to being disabled. + This commit fixes that issue. + closes https://github.com/rsyslog/rsyslog/issues/2520 +- core portability bugfix: harden shutdown processing on FreeBSD + On FreeBSD, rsyslog does not always terminate immediately on SIGTERM. + Root cause seems to be that SIGTERM is delivered differently under + FreeBSD. This causes the main thread to not be awaken, and so it + takes until the next janitor interval to come back to life - which + can be far too long. Fixed this bug explicitly awaking the main + thread. +- imtcp bugfix: oversize message truncation causes log to be garbled + The actual problem is in the tcpserver component. However, the prime user + is imtcp and so users will likely experience this as imtcp problem. + When a too-long message is truncated, the byte after the truncation + position becomes the first byte of the next message. This will garble + the next messages and in almost all cases render it is syslog-noncompliant. + The same problem does NOT occur when the message is split. + This commit fixes the issue. It also includes a testbench fix. + Unfortunately the test for exactly this feature was not properly + crafted and so could not detect the problem. + closes https://github.com/rsyslog/rsyslog/issues/3580 +- omfile bugfix: FlushOnTXEnd does not work reliably with dynafiles + The flush was only done to the last dynafile in use at end of + transactions. Dynafiles that were also modified during the + transaction were not flushed. + Special thanks to Duy Nguyen for pointing us to the bug and + suggesting a solution. + This commit also contains a bit of cosmetic cleanup inside + the file stream class. + closes https://github.com/rsyslog/rsyslog/issues/2502 +- lmcry_gcry build bugfix: was not always properly build + Due to an invalid definition in build system this seems to have not + been correctly build on at least some platforms (but it worked on + others as it passed CI testing). This has now been corrected. + Thanks to Remi Locherer for the patch. +- dnscache bugfix: very unlikely memory leak + This fixes a memory leak that can only occur under OOM conditions. + Detected by Coverity Scan, CID 203717 +- testbench bugfix: wrong parameter check in diag.sh (tcpflood()) + When first parameter is check_only, the tcpflood funtion shall not + abort the test itself (The fail is intended if this option is set). + closes issue #3625 +- testbench bugfix: imfile-symlink test failed w/ parallel test run + The test sometimes failed. It used a symlink to a hardcoded name + rsyslog-link.*.log. This symlink was created but then disappears. + The reason is that upon (every!) test exit, rsyslog-link.*.log is + deleted. So a parallel test running the exit procedure just at the + "right" time can removed that file. + The bug is that the file name should be created using the tests's + dynamic name. This is done now. + closes https://github.com/rsyslog/rsyslog/issues/3550 +------------------------------------------------------------------------------ +Version 8.1904.0 (aka 2019.04) 2019-04-16 +- omfile: provide more helpful error message on file write errors + now contains actual file name plus a link to probable causes for this type + of problem +- imfile: emit error on startup if no working directory is set + When the work directory has not been set or is invalid, state files + are created in the root of the file system. This is neither expected + nor desirable. We now complain loudly about this fact. For backwards + compatibility reasons, we still need to support running imfile in + this case. + closes https://github.com/rsyslog/rsyslog/issues/1296 +- dnscache: add global parameter dnscache.default.ttl + This permits to control default TTL for cache entries. If set + to 0, the DNS cache is effectively disabled. + closes https://github.com/rsyslog/rsyslog/issues/49 + closes https://github.com/rsyslog/rsyslog/issues/1487 +- omelasticsearch: new parameter rebindinterval + Thanks to Richard Megginson for the patch. +- omelasticsearch: new parameter skipverifyhost + Add ability to specify the libcurl CURLOPT_SSL_VERIFYHOST + option to skip verification of the hostname in the peer cert. + WARNING: This option is insecure, and should only be used + for testing. The default value is off, meaning, the hostname + will be verified by default. + Thanks to Richard Megginson for the patch. +- omelasticsearch: set rawmsg to data from original request + Previously, when constructing the message to submit for a retry + for an original request, if the original request did not contain + the field `message`, the system property `rawmsg` was set to + the entire metadata + data from the original request. This was + causing problems with Elasticsearch. This patch changes + the code so that the `rawmsg` will be set to only the data part + of the original request if there is no `message` field. + closes https://github.com/rsyslog/rsyslog/issues/3573 + Thanks to Richard Megginson for the patch. +- mmkubernetes - support for metadata cache expiration + New parameters for mmkubernetes (module and action): + * `cacheexpireinterval` + If `cacheexpireinterval` is -1, then do not check for cache expiration. + If `cacheexpireinterval` is 0, then check for cache expiration. + If `cacheexpireinterval` is greater than 0, check for cache expiration + if the last time we checked was more than this many seconds ago. + * `cacheentryttl` - maximum age in seconds for cache entries + New statistics counters: + * `podcachenumentries` - the number of entries in the pod metadata cache. + * `namespacecachenumentries` - the number of entries in the namespace + metadata cache. + * `podcachehits` - the number of times a requested entry was found in the + pod metadata cache. + * `namespacecachehits` - the number of times a requested entry was found + in the namespace metadata cache. + * `podcachemisses` - the number of times a requested entry was not found + in the pod metadata cache, and had to be requested from Kubernetes. + * `namespacecachemisses` - the number of times a requested entry was not + found in the namespace metadata cache, and had to be requested from + Kubernetes. +- imdocker: new contributed module + imdocker will get (docker) container logs from a host as well as filling + out some basic container metadata as id, name, image, labels. + Thanks to Nelson Yen for the contribution. +- mmtaghostname: new contributed module + This module allows one to force hostname after parsing to the localhostname of + rsyslog and/or add a tag to messages received from input modules without + tag parameter. + Thanks to Philippe Duveau for the contribution. +- imbatchreport: new contributed input module + This input module manage batches' reports : complete file as a single log. + Thanks to Philippe Duveau for the contribution. +- imtuxedolog: new contributed input module for Tuxedo ULOG + Thanks to Philippe Duveau for the contribution. +- openssl network driver: Added support setting openssl configcommands + We are using the gnutlsPriorityString setting variable, to pass + configuration commands to openssl. + closes: https://github.com/rsyslog/rsyslog/issues/3605 +- omkafka: drop messages rejected due to being too large + Drop messages that were rejected due to + 'RD_KAFKA_RESP_ERR_MSG_SIZE_TOO_LARGE' error + Thanks to Nelson Yen for the patch +- core/action: implement capability to resume/suspend via external file + It has been reported that some TCP receivers exists that accept syslog tcp + messages at any rate, even if they do not manage to actually process them. + Instead, they silently drop the message. This behavior is not configurable. + All in all, it can lead to considerate message loss. + To support such use cases, we need to provide an ability to externally + trigger actions suspension and resumption. + We do this via a configured file which contains the status of the action. + Rsyslog periodically reads the file and if it contains "SUSPEND", it + suspend the action (and likewise for resume). + closes https://github.com/rsyslog/rsyslog/issues/2924 +- improg bugfix: some memory leaks + Thanks to Philippe Duveau for the contribution. +- msg object bugfix: regression from 1255a67 + closes https://github.com/rsyslog/rsyslog/issues/3570 +- pmnormalize: fix memory leaks, improve tests + This patch fixes a set of problems plus provides more and enhanced + tests for the module. + Most important problem was a memory leak that occurred when a message + could not be passed at all. For each message that could not be parsed + memory of at least the size the message is leaked. Depending on + traffic pattern this can quickly lead to OOM. Note, however, that + this leak was never reported - it was discovered as part of code + review. + closes https://github.com/rsyslog/rsyslog/issues/2007 +- omkafka bugfix: build failure due to inconsistent type + fails depending on platform and settings; was somehow undetected by CI +- imjournal bugfix: potential segfault on some API failure returns + In one case there was possibility of free()'d value of journal + cursor not being reset, causing double-free and crash later on. + closes https://github.com/rsyslog/rsyslog/issues/3537 +- openssl subsystem bugfix: better error handling + Handling of SSL_ERROR_SYSCALL has been hardened. + Handling for SSL_Shutdown errors has been corrected. + Also fixed SSL Shutdown handling in tcpflood (openssl code). + If SSL_Shutdown returns error, we call SSL_read as described in + the documentation to do a bidirectional shutdown. + Closes https://github.com/rsyslog/rsyslog/issues/3561 +- imjournal bugfix: Fetching journal cursor only for valid journal + The sd_journal_get_cursor() got called regardless of previous + retcodes from other journal calls which flooded logs with journald + errors. Now skipping the call in case of previous journal call + non-zero result. Fixed success checking of get_cursor() call + to eliminate double-free possibility. + Also, making WorkAroundJournalBug true by default, as there were no + confirmed performance regressions for a quite long time. + Thanks to Jiri Vymazal for the patch. +- omamqp: fix build errors + They occur on some, newer, platforms. We do not really fix them, but rather + make the compiler ignore them. This is not really good, but the module is + contributed and so that's for now the best thing we can do. +- testbench: change manytcp.sh to use a larger connection count again + not sure why it was reduced, maybe related to + https://github.com/rsyslog/rsyslog/issues/1108 + also, modernize this and another test +- tcpflood bugfix: make soft connection limit work again + It looks like the soft limit became defunct when tcpflood was enhanced to + request more open file handles from OS. + closes https://github.com/rsyslog/rsyslog/issues/1108 +- testbench bugfix: omhttp tests were not run during "make distcheck" +- build system bugfix: omhttp test files were not included in dist tarball + Thanks to Thomas D. (whissi) for the patch. +------------------------------------------------------------------------------ +Version 8.1903.0 (aka 2019.03) 2019-03-05 +- omrabbitmq: add features (RabbitMQ HA management, templatize routing_key, + populate amqp message headers, delivery_mode and expiration parameters) +- improg: create input module to use external program as input datas +- imtuxedoulog: create input module to consume Tuxedo ULOG files +- omhttp: rewritten with large feature enhancements + Many thanks to Gabriel Intrator for this work. Gabriel also has adopted the + module and plans to support it in the future. +- pmdb2diag: create parser module for DB2 diag logs +- TLS subsystem: add support for certless communication + both openssl and GnuTLS drivers have been updated to support certless + communications. In this case e.g. Diffie-Helman is used. + NOTE: this is an insecure mode, as it does NOT guard against + man-in-the-middle attacks. We implemented it because of the large demand, + not because we think it makes sense to use this mode. We strongly recommend + against it. + closes https://github.com/rsyslog/rsyslog/issues/1068 +- imrelp/omrelp: add capability to specify tlslib for librelp + closes https://github.com/rsyslog/rsyslog/issues/3451 +- build system: introduce a better way to handle compiler pragmas + we now use macros and _Pragma(). This requires less code lines and is more + portable. +- omkafka: add support for dynamic keys + A new configuration property "dynaKey" is added that, when "on", changes the + value of property "key" to a template names instead of a constant value. + This is similar in approach to the DynaTopic implementation. + Thanks to Ludo Brands for the patch. +- AIX port: add AIX linking extensions on many plugins and contributions to + allow building them on this os. +- template: add Time-Related System Property $wday which is the day of week + This allows one to get a week based rotation of log as AIX does. +- ksi subsystem: add high availability mode + Note: ksi subsystem now REQUIRES libksi 3.19.0 or above + Thanks to Allan Park for the patch. + closes https://github.com/rsyslog/rsyslog/issues/3338 +- imfile bugfix: file reader could get stuck + State file handling was invalid. When a file was moved and re-created + rsyslog could use the file_id if the new file to write the old files' + state file. This could make the file reader stuck until it reached the + previous offset. Depending on file sizes this could never happen AND + would cause large message loss. This situation was timing dependent + (a race) and most frequently occurred under log rotation. In polling + mode the bug was less likely, but could also occur. + closes: https://github.com/rsyslog/rsyslog/issues/3465 + closes: https://github.com/rsyslog/rsyslog/issues/3468 +- imfile bugfix: potential segfault when working with directories or symlinks + see also https://github.com/rsyslog/rsyslog/pull/3496 + Thanks to Nelson Yen for the patch +- omhttp bugfix: header items could not have spaces in them + Thanks to Nathan Brown for the patch. +- core bugfix: enlarged msg offset types for bigger structured messages + using a large enough (dozens of kBs) structured message + it is possible to overflow the signed short type which leads + to rsyslog crash. (applies to msg.c, the message object) + Thanks to Jiri Vymazal for the patch. +- core bugfix for AIX: timeval2syslogTime now handle the bias according to + local time zone as documented by IBM. +- imfile feature: add configuration parameter to force parsing of read logs +- imczmq bugfix: + Release zframe following read from socket + Make the 0MQ frame pointer local to the receive loop and destroy the + frame as soon as the contents have been copied. This avoids: + * a memory leak should the receive loop execute more than once + * referencing an un-initialized value during cleanup (finalize_it) + Thanks to Mark Gillott for the patch. +- omclickhouse bugfix: default template unusable + STDSQL option added to the default template used in output module of clickhouse + Thanks to gagandeep trivedi for the patch. +- omclickhouse "bugfix": work-around failed error detection + omclickhouse uses a questionable method to check if a request generated + an error. We have seen the method to fail when we slightly upgraded clickhouse + server in CI testing. + This commit makes the method a bit more reliable without really fixing it. + But it's at least a short-term solution. + This should be changed to a proper status check. I assume such is possible. + see also https://github.com/rsyslog/rsyslog/issues/3485 +- imptcp bugfix: overly long socket bind path can lead to segfault + if the `path` input parameter is overly long (e.g. more than 108 + characters on some platforms) a non-terminated string is generated + and then passed to OS API. This can lead to all sorts of problems + including segfault. + We detected that based on gcc-8 warnings during code inspection. + No real-world problem case is known. +- ommongodb bugfix: improper stpncpy() calls +- testbench tcpflood: add new transport option relp-tls + Tcpflood can now send messages via relp with tls support. + closes https://github.com/rsyslog/rsyslog/issues/3448 +- testbench: mmdb valgrind tests failed is srcdir env was not set +- testbench: add omclickhouse tests +- testbench bugfix: some long-running tests had too low runtime allowance + closes https://github.com/rsyslog/rsyslog/issues/3493 +- testbench bugfix: daqueue-dirty-shutdown test + This test occasionally failed with left-over spool files. As far as we + have analyzed, this is due to the use of an invalid shutdown timeout + (very short) in the second phase of the test. It looks like this is + actually a copy&paste error from phase one. Behavior of rsyslog was + correct, but the test itself created a false positive. + We have corrected the timeout now and also modernized the test + a bit. + closes https://github.com/rsyslog/rsyslog/issues/2122 +- testbench bugfix: some omhttp tests had compatibility issues with Python 3 + Thanks to Thomas D. (whissi) for the patch. +------------------------------------------------------------------------------ +Version 8.1901.0 (aka 2019.01) 2019-01-22 +- new version scheme: 8.yymm.0 - version now depends on release date + see also https://rainer.gerhards.net/2018/12/rsyslog-version-numbering-change.html +- queue: add support for minimum batch sizes + closes https://github.com/rsyslog/rsyslog/issues/495 +- change queue.timeoutshutdown default to 10 for action queues + The previous default of 0 gave action queues no real chance to + shutdown - at the time they were applied, they were usually already + expired (computing the absolute timeout took a small amount of time). + So we change this now to 10ms, which still is very quick but gives + the queue at least a chance to shutdown itself. That in turn + smoothes the whole shutdown process. + If a very large number of action queues is used this may lead + to a very slightly longer shutdown time, albeit this is very + improbable. +- omclickhouse: new output module for clickhouse + This output module adds the possibility to send + INSERT querys to a Clickhouse database. See doc for details. + The messages are sent via a REST interface. + This commit also adds support of the testbench + for clickhouse tests, as well as various tests. + Closes https://github.com/rsyslog/rsyslog/issues/2272 +- omkafka: Add ability to dump librdkafka statistics to a file + Use statsFile to specify statistics output file; also requires + setting statistics.interval.ms confparam to a non-zero value. + Thanks to github user pcullen65 for the contribution. +- tls(ossl/gtls): add new Option "StreamDriver.PermitExpiredCerts" + The new Option can have one of the following values: + on = Expired certificates are allowed + off = Expired certificates are not allowed + warn = Expired certificates are allowed but warning will be logged (Default) + Includes necessary tests to validate new code. + closes https://github.com/rsyslog/rsyslog/issues/3364 +- action: add "action.resumeIntervalMax" parameter + This parameter permits to set an upper limit on the growth of the + retry interval. This is most useful when a target has extended + outage, in which case retries can happen very infrequently. + closes https://github.com/rsyslog/rsyslog/issues/3401 +- report child process exit status according to config parameter + Add new global setting 'reportChildProcessExits' with possible values + 'none|errors|all' (default 'errors'), and new global function + 'glblReportChildProcessExit' to report the exit status of a child + process according to the setting. + Invoke the report function whenever rsyslog reaps a child, namely in: + - rsyslogd.c (SIGCHLD signal handler) + - omprog + - mmexternal + - srutils.c (execProg function, invoked from stream.c and omshell) + Remove redundant "reaped by main loop" info log in omprog. + Promote debug message in mmexternal indicating that the child has + terminated prematurely to a warning log, like in omprog. + closes https://github.com/rsyslog/rsyslog/issues/3281 + Thanks to Joan Sala for contributing this. +- build system: add capability to turn off helgrind tests + we add configure switch --enable-helgrind. We need to turn helgrind off + when we use clang coverage instrumentation. The instrumentation injects + mt-unsafe counter updates which we seem to be unable to suppress. + Note: for gcc this was possible, because they all occurred in a utility + function. For clang, they are inlined so we get many -and changing- violations. + see also https://github.com/rsyslog/rsyslog/issues/3361#issuecomment-450502569 +- imzmq3/omzmq3: remove modules + according to @brianknox (their author) these modules are outdated: + https://twitter.com/taotetek/status/931860786959540224 + They are replaced by imczmq/omczmq and are no longer maintained. We put a + depreciation notice into the modules a year ago, and now it finally is time + to remove them. They do NOT build in any case, except if very old versions + of the 0mq ecosystem are used. + see also https://github.com/rsyslog/rsyslog/issues/2100 + closes https://github.com/rsyslog/rsyslog/issues/2103 +- bugfix omusrmsg: don't overwrite previous set _PATH_DEV value + Since commit 56ace5e418d149af27586c7c1264fccfbc6badf1, omusrmsg was broken + because "memcpy()" is not a suitable substitute for "strncat()" in this + context, it is actually replacing the previous added content. + Bug: https://bugs.gentoo.org/673004 + Closes: https://github.com/rsyslog/rsyslog/issues/3346 + Thanks to Thomas D. (whissi) for the patch. +- bugfix ossl TLS driver: fixed authentication mode anon + authentication mode "anon" was not properly supported in ossl TLS + driver; if selected, did still require a full certificate. + closes: https://github.com/rsyslog/rsyslog/issues/3037 +- bugfix tls subsystem: Receiver hang due to insufficient TLS buffersize. + gtls and ossl driver used a default buffersize of 8KiB to store received + TLS packets. When tls read returned more than buffersize, the additional + buffer was not processed until new data arrived on the socket again. + TLS RFCs require up to 16KiB+1 buffer size for a single TLS record. + closes https://github.com/rsyslog/rsyslog/issues/3325 +- bugfix pmpanngfw: build issue due to non-matching data types in comparison + Thanks to Narasimha Datta for the patch. +- omfile: work-around for "Bad file descriptor" errors + This works-around an issue we can reproduce e.g. via the + imtcp-tls-ossl-x509fingerprint.sh test. Here, omfile gets a write + error with reason EBADF. So far, I was not able to see an actual + coding error. However I traced this down to a multithreaded race + on open and close calls. I am very surprised to see this type + of issue, as I think the kernel guarantees that it does not happen. + Here is what I see in strace -f: + openssl accepts a socket: + [pid 66386] accept(4, {sa_family=AF_INET, sin_port=htons(59054), sin_addr=inet_addr("127.0.0.1")}, [128->16]) = 10 + then, it works a bit with that socket, detects a failure and shuts it down. Sometimes, at the very same instant omfile on another thread tries to open on output file. Then the following happens: + [pid 66386] close(10) = 0 + [pid 66389] openat(AT_FDCWD, "./rstb_356100_31fa9d20.out.log", O_WRONLY|O_CREAT|O_NOCTTY|O_APPEND|O_CLOEXEC, 0644 <unfinished ...> + [pid 66386] close(10 <unfinished ...> + [pid 66389] <... openat resumed> ) = 10 + [pid 66386] <... close resumed> ) = 0 + [pid 66386] poll([{fd=4, events=POLLIN}, {fd=5, events=POLLIN}], 2, -1 <unfinished ...> + [pid 66389] write(2, "file './rstb_356100_31fa9d20.out"..., 66file './rstb_356100_31fa9d20.out.log' opened as #10 with mode 420 + ) = 66 + [pid 66389] ioctl(10, TCGETS, 0x7f59aeb89540) = -1 EBADF (Bad file descriptor) + This is **literally** from the log, without deleting or reordering + lines. I read it so that there is a race between `open` and `close` + where fd 10 is reused, but seemingly closed - resulting in the `EBADF` + While it smells like a kernel issue, it may be a well-hidden program + bug - if so, one I currently do not find. HOWEVER, this commit + works around the issue by reopening the file when we receive EBADF. + That's the best thing to do in that case, especially if it really is + a kernel bug. Data loss should not occur, as the previous writes + succeeded in that case. + The backdraw of this work-around is that it only "fixes" omfile. In + theory every part of rsyslog can be affected by this issues (queue + files, for example). So this is not to be considered a final solution + of the root issues (but a big step forward for known problem cases). + see also https://github.com/rsyslog/rsyslog/issues/3404 +- omhttp bugfix: segfault due to NULL pointer access + many thanks to Gerardo Puerta for the patch +- omkafka bugfix: segfault when running in debug mode using dynamic topics + This should only affect test environments, as debug mode is not + suitable for production (and really does not work when running for + extended period of time). +- testbench bugfix: TLS syslog tests for "anon" mode were broken + They did not detect when "anon" mode was not properly supported by the + drivers. +- test tooling bugfix: correct tcpflood error messages + it looks like tcpflood's openssl code stems partly back to tcpdump, at + least the error messages indicate this. Thankfully tcpdump is BSD licensed, + so this should not be a big issue. Nevertheless, the incorrect program name + in error messages needs to be corrected, and this is what this commit does. +- tcpflood bugfix: tool did not terminate on certificate error + when tcpflood detected a certificate error, it reported an + error message but did not abort. This could make errors undetectable + during CI runs. + also fix tests which did not properly provide CA cert (which than + caused the error). +- testbench: fix issues with journal testing + The configure/Makefile checks were not correct, leading to the + build of journal components when not necessary, even if not + supported by the platform. Thus lead to invalid build and test + failures. +- testbench: add tests for "certless" tcp/tls + This adds a test to ensure that a client without certificate can + connect to a server with certificates. So it is not exactly + "certless". + The prime intent of this test is to match config suggestions given + by log hosting companies (like loggly) and so ensure that we do + not accidentally break them. This is especially important as the + capability for certless clients was not properly documented and + also become forgotten by the rsyslog team. + see also https://github.com/rsyslog/rsyslog/issues/3413 +- CI + - further improve testbench robustness against slow machines + - testbench: add tests for parser.EscapeControlCharacterTab global option + - testbench: Updated all expired x.509 certs + Closes https://github.com/rsyslog/rsyslog/issues/3348 + - fix a potential race in CI debug mode which can lead to segfault + only when instructed to do so, rsyslog may emit a "final worker thread shutdown" + messages. This is usually only enabled in CI and/or other testing. If enabled, + the code has a race on the pWti object which can lead to segfault or abort. + Only system which explicitly enable this CI aid are affected (running in debug + mode alone is NOT sufficient). + This is a regression from 8.40.0. + - testbench: improve robustness against slow CI, gen. improvements + * add an overall timeout value for tests - if running longer, + testbench framework tries to FAIL and end test. Note that + this is not bullet-proof and not intended to be so. + * guard against hanging rsyslog instances via a new imdiag + feature to abort after n number of seconds; among others, + this guards as against timeout-cancel in CI, which is always + pretty hard to diagnose - now we see these errors in test-suite.log + * fix a bug in tcp zip test, which actually did not use zip mode + * experimentally add debug output to better understand + shutdown_when_empty operation; goal is to improve understanding + and then remove that code again. + * improve shutdown predicate for a couple of tests + * made travis run make check with two parallel threads, for which + we seem ready now. Nevertheless, it's still experimental and we + may roll this back if required. + * testbench: disable omprog tests that hang under coverage instrumentation + When gcc coverage instrumentation is used, these tests hang. They work + with clang coverage instrumentation, but for some reason clang does not + give us full reports (at least not when used together with CodeCov.io). + We have tried to troubleshoot this for hours and hours - now is time to + give up until someone comes up with a bright idea. So we make the affected + tests skip themselves when they detect gcc with coverage instrumentation. + * testbench: add new test for imfile and logrotate in copytruncate mode + * testbench: add new omkafka tests for dynamic topics + * travis: do no longer run 0mq tests + This often causes trouble when the packages are rebuild by the 0mq project + (which happens frequently). We already do intensive testing of the 0mq + components in the buildbot infrastructure, where we use dedicated containers. + This is reliable, as the containers already contain everything needed and so + do not need to reach out to the 0mq package archives. In the light of this, + let's save us the trouble of Travis failures. The only downside is that + users cannot pre-test with their local Travis when modifying 0mq modules, + which is quite acceptable. +------------------------------------------------------------------------------ +Version 8.40.0 [v8-stable] 2018-12-11 +- mmkubernetes: add support for sslpartialchain for openssl + If `"on"`, this will set the OpenSSL certificate store flag + `X509_V_FLAG_PARTIAL_CHAIN`. This will allow you to verify the Kubernetes API + server cert with only an intermediate CA cert in your local trust store, rather + than having to have the entire intermediate CA + root CA chain in your local + trust store. See also `man s_client` - the `-partial_chain` flag. + This option is only available if rsyslog was built with support for OpenSSL and + only if the `X509_V_FLAG_PARTIAL_CHAIN` flag is available. If you attempt to + set this parameter on other platforms, you will get an `INFO` level log + message. This was done so that you could use the same configuration on + different platforms. +- openssl driver: improved error messages + also fixes misleading wording of some error messages + closes https://github.com/rsyslog/rsyslog/issues/3238 +- imfile: disable file vs directory error on symlinks + The file/directory node-object alignment now ignores symlinks. Previously + it reported error on each directory symlink spamming user error logs. + Thanks to Jiri Vymazal for the patch. +- cleanup: remove no longer needed --enable-rtinst code + configure option --enable-rtinst is gone-away since a while, but there were + still some supporting code left. It required careful analysis what could + actually be removed. This is now done and the code fully cleaned up. This + greatly simplifies the code and also makes it better readable for + developers which are not deep inside the rsyslog code base. + As a positive side effect, we could eliminate mutex calls inside + the debug system. This means we are more likely to reproduce race + conditions in runs with debugging enabled. + closes https://github.com/rsyslog/rsyslog/issues/2211 +- bugfix imfile: rsyslog re-sends data for files larger 2GiB + This occurs always if and only if + - reopenOnTruncate="on" is set + - file grows over 2GiB in size + Then, the data is continuously re-sent until the file becomes smaller + 2GiB (due to truncation) or is deleted. + It is a regression introduced by 2d15cbc8221e385c5aa821e4a851d7498ed81850 + closes https://github.com/rsyslog/rsyslog/issues/3249 +- config: fix segfault in backticks "echo" expansion of undefined variables + The bug was introduced in commit abe0434 (config: enhance backticks "echo" + capability). The getenv() result passed to strlen() and es_addBuf() may be + NULL if the environment variable does not exist, resulting in a segfault. + Thanks to Julien Thomas for the patch. + fixes https://github.com/rsyslog/rsyslog/issues/3006 +- bugfix imsolaris: message timestamps on Solaris + On Solaris messages don't have their time directly in the raw body but in + a separate log_ctl structure which is currently not used. + When message is logged and processed, rsyslogd gives it current time because + it ignores the actual one. That means that old messages (e.g. from system + reboot) get timestamp of processing instead of the reboot itself (it is + not a problem for live logging where now is used anyway). + Thanks to Jakub Kulik for the patch. +- bugfix build system: "make distcheck" did not work for mysql tests +- bugfix build system: don't link liblogging-stdlog when available but not enabled + When liblogging-stdlog was available but configure option "--disable-liblogging-stdlog" + was set, rsyslog was still linking against liblogging-stdlog. + This commit will ensure that rsyslog will only link against liblogging-stdlog when + "--enable-liblogging-stdlog" was set. + see also: https://bugs.gentoo.org/667836 +- bugfix RainerScript: abs() could return negative value, now in range [0..max] + Thanks to Harshvardhan Shrivastava for providing the patch +- bugfix debug output: date property options output wrongly + inside debug logging, the date property options were not all + properly converted into strings. Some of the newer ones were + invalidly flagged as "UNKNOWN". This is primarily a cosmetic + problem and has no effect other than puzzling folks looking at + the debug log. +- bugfix omhttp: did not compile on some platforms +- CI + * made mysql-based tests (ommysql and omlibdbi) work inside containers + * bugfix testbench: do not execute libgcrypt tests if disabled + closes https://github.com/rsyslog/rsyslog/issues/3228 + * testbench: grep failed when string starting with "-" was used + The search term was mistakenly interpreted as an option. + * testbench: support auto-start/-stop of mysqld + This is required to run mysql/mariadb tests inside containers. + closes https://github.com/rsyslog/rsyslog/issues/3223 + * improve bash coding style and fix a some bug in testbench + - duplicate diag.sh init call was not detected due to typo + - queue-persists test did not work correctly + - some general testbench framework improvements + issues found be shellcheck, fixes brought up other work to do + * testbench: improve journal tests and testbench framework + improving both style and reliability of journal tests; along that way + also improve testbench framework: + - do cleanup on error_exit and skip + - explicit skip handler (vs exit 77) + this permits us to do better cleanup + - new testbench functions for journal-specific functionality + reduce code duplication and make things easier to maintain in the + future + - provide a way to do valgrind and non-valgrind tests with a single + test file + see also https://github.com/rsyslog/rsyslog/issues/2564 + * testbench: improve framework, harden rscript http test + - the test now tries to detect unavailable http server, which + should not result in test failure + - equivalent valgrind test changed to new method, removing code + duplication + - testbench supports + * new exit code 177, which indicates environment error, makes + test SKIP but still reports the failure + * new exitcode, logurl stats reporting fields + * report buildbot builder (if provided) in failure report + * testbench: add test for mmjsonparse with unparsable data + * testbench: make es-bulk-retry test more reliable + We now no longer depend on a fixed 'sleep' command but rather + check the output file for what we expect. This is much more + robust on slow test machines. + We believe this closes the below-mentioned issue. If not, it + should be re-opened. + closes https://github.com/rsyslog/rsyslog/issues/3104 + * testbench: suppress valgrind error caused by pthreads lib + finally I give up and honestly think this is a problem in pthreads and + not in rsyslog code. See issue below and previous commit for more + information. + Unfortunately, this will also mask off cases where we do not properly + call pthread_join() albeit it is needed. Nevertheless, this bug is + causing so much CI grief that it is definitely worth it. + closes https://github.com/rsyslog/rsyslog/issues/2902 + * testbench: made a couple of (unnamed due to too many) test more robust + against slow (CI) machines +------------------------------------------------------------------------------ +Version 8.39.0 [v8-stable] 2018-10-30 +- imfile: improve truncation detection + previously, truncation was only detected at end of file. Especially with + busy files that could cause loss of data and possibly also stall imfile + reading. The new code now also checks during each read. Obviously, there + is some additional overhead associated with that, but this is unavoidable. + It still is highly recommended NOT to turn on "reopenOnTruncate" in imfile. + Note that there are also inherent reliability issues. There is no way to + "fix" these, as they are caused by races between the process(es) who truncate + and rsyslog reading the file. But with the new code, the "problem window" + should be much smaller and, more importantly, imfile should not stall. + see also https://github.com/rsyslog/rsyslog/issues/2659 + see also https://github.com/rsyslog/rsyslog/issues/1605 +- imjournal: work around journald excessive reloading behavior + This is workaround for possible imjournal interaction with systemd + where journal invalidate fix is not present. The code tries to + detect SD_JOURNAL_INVALIDATE loop and not reload after each call. + Thanks to Jiri Vymazal for the patch. +- errmsg: remove no longer needed code + refactored code (over a long time) so that object-ish style is no longer + needed and could now finally be removed; We also refactored the last + component (omhttp contrib module) that used the old interface. + closes https://github.com/rsyslog/rsyslog/issues/1684 +- queue bugfix: invalid error message on queue startup + due to some old regression (commit not exactly identified, but for + sure a regression, 9 years ago it was correct) an error message + is emitted when no .qi file exists on startup of the queue, which + is a normal condition. + Actually, the code should not have tried to open the .qi file in + the first place because it detected that it did not exist. That + (necessary) shortcut had been removed a while ago. + closes https://github.com/rsyslog/rsyslog/issues/3117 +- bugfix imrelp: regression with legacy configuration startup fail + Startup of a relp listener failed if legacy configuration was used. + caused by commit: 32b71daa8aadb8f16fe0ca2945e54d593f47a824 + closes https://github.com/rsyslog/rsyslog/issues/3106 +- bugfix imudp: stall of connection and/or potential segfault + There was a regression in 493279b790a8cdace8ccbc2c5136985e820dd2fa. + This regression may cause stop (or delay) of reception from some systems + and may also cause a segfault. Triggering condition is that at least + one listener could not be created. + Thanks to Jens Låås for the patch. +- bugfix gcry crypto driver: small memleak + If a crypto key is specified directly via the key="" parameter, + the storage for that key is not freed, causing a small memleak. + Note that the problem occurs only once per context, so this + should not cause real issues. Even more so, as specifying a + key directly is meant only for testing purposes and is strongly + discouraged for production use. + Detected by internal testing, no actual fail case known. +- fix potential misaddressing in encryption subsystem + could happen if e.g. disk queues were encrypted + not seen in practice but caught by testbench test +- ksi subsystem changes + * enhance debug logging + * disable unsafe SHA1 algorithm + Thanks to Allan Park for the patch. +- bugfix core: regex compile error messages could be incorrect +- bugfix core: potential hang on rsyslog termination + The root cause was a deadlock during worker startup. This could + happen for example when a DA queue needed to persist data during + shutdown. + Fail condition: + * startup request for a new worker + * initialization of that worker + * immediate detection that the worker can or must shutdown + * main thread waiting for worker running state, which it skips, + and so the main thread hangs inside a loop + closes https://github.com/rsyslog/rsyslog/issues/3094 +- bugfix imkafka: system hang when backgrounded + imkafka initializes librdkafka too early (before the fork). This leads + to hangs in various parts of the system - not only im imkafka but + other functions as well (e.g. getaddrinfo() calls). + closes https://github.com/rsyslog/rsyslog/issues/3180 +- bugfix imfile: file change was not reliably detected + A change in the inode was not detected under all circumstances, + most importantly not in some logrotate cases. + Includes new tests made by Andre Lorbach. They now use the + logrotate tool natively to reproduce the issue. + closes https://github.com/rsyslog/rsyslog/issues/2659 + closes https://github.com/rsyslog/rsyslog/issues/1605 +- bugfix imrelp: do not fail build if librelp does not have relpSrvSetLstnAddr + closes https://github.com/rsyslog/rsyslog/issues/2938 +- bugfix queue subsystem: DA queue did ignore encryption settings + closes https://github.com/rsyslog/rsyslog/issues/3066 + closes https://github.com/rsyslog/rsyslog/issues/2575 +- bugfix KSI: lmsig-ksils12 module skips signing the last block + Thanks to Allan Park for the patch. + closes https://github.com/rsyslog/rsyslog/issues/3105 +- bugfix fmhash: function hash64mod sometimes returned wrong result + Thanks to Harshvardhan Shrivastava for providing the patch + closes https://github.com/rsyslog/rsyslog/issues/3025 +- bugfix core/debug: data written to random fd 2 under some debug settings + This happens only during auto-backgrounding, where we cannot any longer + access stderr. Whatever is opened with fd2 receives some debug messages. + Note that the specific feature is usually turned on only in CI runs. +- cleanup: removed no longer needed code + Code that was unused for quite a while or did not really belong to the + project identified and removed. +- overall code cleanup + e.g. remove unused code, replace bad bash constructs, etc... +- CI: + * some small improvements in testbench plumbing + e.g. (`cmd` replaced by $(cmd), removed useless use of cat, ...) + * testbench: improve plumbing for kafka tests + - Removed all sleeps where possible. + - Moved all kafka start/stop/download logic into functions. + - Moved kafka/zookeeper stop into error_exit and exit_test. + - Kafka/Zookeeper cleanup only done on success now. + - Kafka/Zookeeper logfiles automatically dumped on error_exit only now. + - Added cleanup for Kafka/Zookeeper instances into CI/buildbot_cleanup.sh + - added new tests + * testbench: fix incompatibility of one omprog test with Python3 + Python3 writes to stderr immediately, and this caused the + captured output to differ with respect to Python2. Simplified + the test to do a single write to stderr. Also a cast to int + was needed when calculating 'numRepeats'. + closes https://github.com/rsyslog/rsyslog/issues/3030 + * testbench: fixed imfile parallel issues + - Fixed timing issues in some imfile wildcard/regex tests + - Added touch command in imfile wildcard tests to make sure directories + exist before files are created in it if IO is under stress. + - changed content checking in some tests to use "content_check_with_count" + with check timeouts instead of using fixed sleeptimes. + * testbench: new basic tests + These ensure that for some modules that did not have any tests at all + we have at least a minimal coverage (module loads, activates, is able + to emit error messages). Of course, further improvements would make + much sense. Modules: + - ommail + - testbench: new tests for disk queue encryption + - testbench: improved auto-diagnostics for hanging instance + - testbench: hardened kafka test against failing kafka subsystem, + not in 100% of the cases, but at least in some that frequently occur + - failing tests now report failure status so that we can get stats + on unreliable tests + - testbench tooling: fix incorrect tcpflood TLS parameter check + could lead to segfault when started + - bugfix testbench tooling: tcpflood invalid type in calloc (openssl mode) + It is unlikely that this has caused a real issue, as long as pointers + are all of the same size (what is highly probable). + detected by cppcheck via Codacy.com +------------------------------------------------------------------------------ +Version 8.38.0 [v8-stable] 2018-09-18 +- AIX: make basic modules work again +- make rsyslog build on AIX again + ... at least for a limited set of default modules +- imfile: support for endmsg.regex + This adds support for endmsg.regex. It is similar to + startmsg.regex except that it matches the line that denotes + the end of the message, rather than the start of the next message. + This is primarily for container log file use cases such as this: + date stdout P start of message + date stdout P middle of message + date stdout F end of message + The `F` means this is the line which contains the final part of + the message. The fully assembled message should be + `start of message middle of message end of message`. + `startmsg.regex="^[^ ]+ stdout F "` will match. + Thanks to Richard Megginson for the patch. +- imkafka: add parameter "parseHostName" + This enables imkafka to parse the hostname from log message. + Previously that was not possible. It was most likely a bug, but + one that users may count on. The new parameter "ParseHostName" + (default is off) controls this behavior. Default is to NOT + parse the hostname. + Thanks to github user snaix for the contribution. +- im[p]tcp: improve error message on connect failure + Now a message with the actual OS error is emitted, making things far + easier to troubleshoot. +- imkafka: implement multithreading support for kafka consumers. + Each consumer runs in it's own consumer thread now. New tests have also + been added for this. +- omelasticsearch: write all header metadata to $.omes for retries + Write all of the original request metadata fields to $.omes for + the retry, if present. This may include all of the following: + _index, _type, _id, _parent, pipeline + This is in addition to the fields from the response. If the same + field name exists in the request metadata and the response, the + field from the request will be used, in order to facilitate + retrying the exact same request. + Thanks to Richard Megginson for the patch. +- core: improve error message on module load fail + The error message now lists all dlopen() errors in depth. This is + especially useful if the error is due to missing symbols or file + format errors. +- core/queue: add error message if queue file cannot be accessed + When having a disk-assisted queue without permission to write to the specified + queue file an error will now be generated. + closes https://github.com/rsyslog/rsyslog/issues/323 +- imtcp/imudp: new option preservecase for managing the case of FROMHOST value + default is left at current behavior + see also https://github.com/rsyslog/rsyslog/pull/2774 + see also https://bugzilla.redhat.com/show_bug.cgi?id=1309698 +- omprog: add feedback timeout and keep-alive feature + - Restart the program if it does not respond within timeout. + - New setting 'confirmTimeout' (default 10 seconds). + - Allow the program to provide keep-alive feedback when a + message requires long-running processing. + - Improve efficiency when reading feedback line (use buffer). + Retry interrupted writes/reads to/from pipe. + - New setting 'reportFailures' for reporting error messages + from the program. + - Report child termination when writing to pipe. + - Minor refactor: renamed writePipe function to sendMessage, + renamed readPipe to readStatus. + Thanks to Joan Sala for contributing this. +- omprog: fix forceSingleInstance configuration option + The forceSingleInstance option did not work as intended. Even + if set multiple instances were spawned. This most probably + was a regression from 0453b1670fc34c96d31ee7c9a370f0f5ec24744a + The code was broken roughly 3.5yrs ago, so it looks like the + issue was little-noticed. This also means that potentially some users + may see the bugfix as change of behavior. If so, just remove + the option. + closes https://github.com/rsyslog/rsyslog/issues/2813 + closes https://github.com/rsyslog/rsyslog/issues/2468 + Thanks to Joan Sala for contributing this. +- imfile: implement file-id, used in state file + This ensures that files with the same inodes are not accidentally treated + as equal, at least within the limits of the file id hash (see doc for + details). + We use the siphash reference implementation to generate our non-cryptographic + hash. + closes https://github.com/rsyslog/rsyslog/issues/2530 + closes https://github.com/rsyslog/rsyslog/issues/2231 +- imfile: experimental input throttling feature + The new input parameter delay.message has been added. It specifies + a delay in microseconds after each line read. + closes https://github.com/rsyslog/rsyslog/issues/2960 +- core: emit TZ warning on startup not on Linux non-container + On Linux it seems common that the TZ variable is NOT properly set. + There are some concerns that the warning related to rsyslog correcting + this confuses users. It also seems that the corrective action rsyslog + takes is right, and so there is no hard need to inform users on that. + In Linux containers, however, the warning seems to be useful as the + timezone setup there seems to be frequently-enough different and + rsyslog's corrective action may not be correct. + So we now check if we are running under Linux and not within a container. + If so, we do not emit the warning. In all other case, we do. This is + based on the assumption that other unixoid systems still should have + TZ properly set. + closes https://github.com/rsyslog/rsyslog/issues/2994 +- omkafka: + * better debug information + * Fixed minor issue in omkafka producing wrong kafka timestamps when + msgTimestamp was NULL. + * Setting RD_KAFKA_V_KEY(NULL, 0) in rd_kafka_producev now when KEY is not + configured. + * Fixed minor issue when rsyslog is compiled with --enable-debug and + librdkafka is too old. +- omfile bugfix: errant error message when dynafile param needed + also fixes related message in contributed module omfile-hardened + closes https://github.com/rsyslog/rsyslog/issues/2975 + Thanks to Frank Bicknell for the patch +- omhttp: new contributed module + Thanks to Christian Tramnitz for contributing it. + Some more info at https://github.com/rsyslog/rsyslog/pull/2782 +- mmkubernetes: action fails preparation cycle if kubernetes API ... + ... destroys resource during bootup sequence + The plugin was not handling 404 Not Found correctly when looking + up pods and namespaces. In this case, we assume the pod/namespace + was deleted, annotate the record with whatever metadata we have, + and cache the fact that the pod/namespace is missing so we don't + attempt to look it up again. + In addition, the plugin was not handling error 429 Busy correctly. + In this case, it should also annotate the record with whatever + metadata it has, and _not_ cache anything. By default the plugin + will retry every 5 seconds to connect to Kubernetes. This + behavior is controlled by the new config param `busyretryinterval`. + This commit also adds impstats counters so that admins can + view the state of the plugin to see if the lookups are working + or are returning errors. The stats are reported per-instance + or per-action to facilitate using multiple different actions + for different Kubernetes servers. + This commit also adds support for client cert auth to + Kubernetes via the two new config params `tls.mycert` and + `tls.myprivkey`. + Thanks to Richard Megginson for the patch. +- bugfix pmnormalize/core: several memory leaks, invld property handling + - major memory leak which occurred once per message processed + So this could lead to OOM. Caused by improper free of json + structure + - another two major leaks of similar magnitude could occur if + "fromhost-ip" and/or "fromhost" properties were set + - minor leaks upon termination. these were unproblematic as + static and only occurred immediately before shutdown. + But they triggered memory debugger errors. + - fixed test which did not check for mem leaks albeit it should + - core invalid handling of the "fromhost" property, if set via + the MsgSetPropsViaJSON() call. This was primarily of concern + for pmnormalize and mmexternal, and only if these properties + were used by either the rulebase or the external program + response. + Actually, most of the leaks go back to rsyslog core, but that + core functionality was not used by other modules in the same + way. But if some other would have used it, the effects would + have been the same (so be aware if you wrote custom modules). +- bugfix imptcp: fixed pointers for session counting + imptcp open, failedopen, and closed pstats counters were assigned the wrong + name, thus pstats values did provide a totally wrong picture of what was + going on. + Thanks to github user jeverakes for the patch. +- bugfix omprog: invalid memory access on partial writes to pipe + When sending logs to the program, in case of a partial write to the pipe, + invalid data was sent, or an invalid memory access could occur. (A + partial write can occur if the syscall is interrupted or the pipe is full.) + Thanks to Joan Sala for contributing this. +- bugfix omprog: rsyslog's environment was not passed to script + closes https://github.com/rsyslog/rsyslog/issues/2921 +- bugfix omprog: severity of some log messages in waitForChild corrected + Log some messages related to child process termination as info/warn + instead of error. +- bugfix imfile: files which were loaded via symlink were not always followed + They were stopped watching after being rotated. + closes https://github.com/rsyslog/rsyslog/issues/2229 + Thanks to Jiri Vymazal for the patch. +- bugfix imfile: potential misaddressing when processing symlinks + Fixed parent name when processing symlinks. Detected during code review. + There was a garbage byte left before which could cause errors down the + road. + Thanks to Jiri Vymazal for the patch. +- bugfix ommongodb: build issue if mongo-c-driver is not compiled with TLS + Let ommongodb module works even if mongo-c-driver is not compiled with SSL support. + Thanks to Jérémie Jourdin for the patch. + closes https://github.com/rsyslog/rsyslog/issues/2907 +- CI: + * many changes with the goal to support parallel test execution, e.g. + use dynamic ports and file names, changes to testing tools, etc. + * kafka tests re-enabled, as they should now no longer be racy. However, + this has yet to be proven in practice. + * upgrading kafka server version to current + * Fixed server configuration issues holding the kafka tests back from working + * Fixed some config issues in all sndrcv kafka tests. + * Generating dynamically kafka topics now for each kafka test. + * Reenabled kafka_multi test which runs a test on 3 kafka/zookeeper instances +------------------------------------------------------------------------------ +Version 8.37.0 [v8-stable] 2018-08-07 +- build system: add --enable-default-tests ./configure option + This permits to control the "default tests" in testbench runs. These + are those tests that do not need a special configure option. There are + some situations where we really want to turn them of so that we can + run tests only for a specific component (e.g. ElasticSearch). + This commit also removes the --enable-testbench[12] configure switches, + which were introduced just to work-around travis runtime restrictions. + With the new CI setup and new options we could reduce the Travis runtime + dramatically and so we do not need them any longer. +- overall adaptation to gcc 8 which emits new warnings +- fix some build warnings on 32bit systems, namely armhf architecture +- ommail change of behavior: "enable.body" default now "on" + This was always documented to be "on", but actually was "off". Usually, we + fix the doc, but after long discussion the agreement was that in this + specific case it was actually better to change the default. + see also: https://github.com/rsyslog/rsyslog/pull/2791 +- core/omfile: race in async writing mode + mutex was not properly locked at all times when the async writing buffer + was flushed + Thanks to Radovan Sroka for the patch. +- core: provide a somewhat better default action name + We now include the module name (e.g. "omelasticsearch" or "builtin:omfile") + as part of the name. This is still not perfect, but hopefully a bit + easier to grasp. + see also https://github.com/rsyslog/rsyslog/issues/342 +- new global() parameter "abortOnUncleanConfig" + This provides a new-style alternative to $AbortOnUncleanConfig. + closes https://github.com/rsyslog/rsyslog/issues/2744 +- tcpflood no longer links with -lgrcypt + as this is no longer necessary for GnuTLS + Thanks to Michael Biebl for the patch. +- imjournal: add journal-specific impstats counters + these provide some additional insight into journal operations + Thanks to Abdul Waheed for the patch. +- imjournal: fixed startup on missing state file + When starting rsyslog with imjournal for first time it outputs + an error and plugin does not run because no state file exists yet. + Now it skips the loading and creates state file on first persist. + Thanks to Jiri Vymazal for the patch. +- imjournal: fetching cursor on readJournal() and simplified pollJournal() + Fetching journal cursor in persistJournal could cause us to save + invalid cursor leading to duplicating messages further on, when new + WorkAroundJournalBug option is set we are saving it on each + readJournal() where we now that the state is good. + pollJournal() is now cleaner and faster, correctly handles INVALIDATE + status from journald and is able to continue polling after journal + flush. Also reduced POLL_TIMEOUT a bit as it caused rsyslog to exit + with error in corner cases for some ppc when left at full second. + re-factored imjournal CI tests with journal_print tool to have more + detailed error reporting. + Thanks to Jiri Vymazal for the patch. +- config: enhance backticks "echo" capability + This is now more along the lines of what bash does. We now support + multiple environment variable expansions as well as constant text + between them. + example: + env SOMEPATH is set to "/var/log/custompath" + config is: param=`echo $SOMEPATH/myfile` + param than is expanded to "/var/log/custompath/myfile" + among others, this is also needed inside the testbench to properly + support "make distcheck". + Note: testbench tests follows via separate commit. There will be + no special test, as the testbench itself requires the functionality + at several places, so the coverage will be very good even without + a dedicated test. +- imrelp: add support for setting address to bind to (#894) + This adds a new optional `address` parameter to `imrelp` inputs in order + to specify an address to bind to. + Based on support added by rsyslog/librelp@96eb5be + Thanks to Simon Wachter for the patch. +- omrelp: permit all authmodes; updated tests + omrelp for some time limited authentication modes to those + that were known. While this was OK, it prevented the easy + introduction of new auth modes into librel. + This has now been changed; omrelp now checks the validity of + the authmode directly via librelp by doing some librelp calls + upon processing the configuration. + Also, some tests have been updated to check this feature and + also ensure that the new librelp mode "certvalid" works + (if it is available). +- regexp.c: reduce lock contention when using glibc. + When using glibc, we enable per-thread regex to avoid lock contention. + See: + - https://github.com/rsyslog/rsyslog/issues/2759 + - https://github.com/rsyslog/rsyslog/pull/2786 + - https://sourceware.org/bugzilla/show_bug.cgi?id=11159 + This should not affect BSD as they don't seem to take a lock in regexec. + NOTE: it is assumed that we can craft an even better solution than + this patch, but it improves the situation and we do not have time to + craft more. So we decided to merge. For details see + https://github.com/rsyslog/rsyslog/pull/2786 +- mmpstrucdata: better error message, support $! in var names + see also https://github.com/rsyslog/rsyslog/issues/1262#issuecomment-404773495 +- more explicit error msg with message modification mod on queue + Message modification modules do not work if used with a non-direct queue. + We now make this more explicit in the config parsing error message. + closes https://github.com/rsyslog/rsyslog/issues/1323 +- omrabbitmq: improve high-load performance + A different pthread mutex is created for each connection (action) + instead of a single one shared by all connections. This will + improve performance when using multiple concurrent connections + to a single (or multiple) RabbitMQ instance(s) (e.g. for load balancing) + Thanks to github user micoq for contributing the patch. +- imudp: replace select() calls by poll() + This improves reliability in extreme cases (more than 1024 fds open when + imudp begins to listen) and potentially improves performance a little. +- ommysql: support mysql unix domain socket: + via action(.. socket="/tmp/mysqld.sock" ..) + Thanks to JoungKyun Kim for contributing this. +- impstats: emit warning if log.syslog="off" and ruleset name given + With this config, "ruleset" is silently ignored, what probably is + not obvious to a user. + closes https://github.com/rsyslog/rsyslog/issues/2821 +- build system cleanup: remove no longer needed --enable-memcheck + This was used for a very old testing capability, no longer functional but + causes build to fail if enabled. Replaced by ASAN/valgrind. + Issue detected while testing some other CI settings. +- tools: Updated python based statslog analyzer sample scripts +- developer tools: make devcontainer tool more developer friendly + slight improvement for easy interactive use +- enable better testing via "make distcheck" + Also a couple of changes to testbench worth mentioning: + * use cp -f to ensure files can be overwritten in VBUILD + * fix issue of missing include test file in EXTRA_DIST + * new suppressions + * testbench: try to use local system dependency cache + avoid going to Internet repos if not absolutely necessary. For + development containers, they should be pre-populated with the + important dependencies. + * do not enable libfaketime if ASAN is selected + unfortunately, libfaketime does not work in that case + Note: for modules with non-standard dependencies (e.g. databases), + "make distcheck" only enables what on the original ./configure line + was enabled. This is done in order to ensure that "distcheck" adapts + to what is actually available on the system in question. Rsyslog's + own CI system installs the maximum set of possible dependencies and + so tries the maximum set "make distcheck" can support on a platform. + see also https://github.com/rsyslog/rsyslog/issues/174 +- add new global config parameter "inputs.timeout.shutdown" +- omusrmsg: do not fall back to max username length of 8 + This happens if utmp.h and friends are not available and stems back to + the original syslogd. Nowadas, 32 is more appropriate and now being used + in that (now very unlikely) case. The detection logic for UT_NAMESIZE has + also been streamlined. + closes https://github.com/rsyslog/rsyslog/issues/2834 +- bugfix build system: fix race in parallel builds + If libgcry.la is built later than lmcry_gcry.la, there is a failure: + [snip] + |../aarch64-wrs-linux-libtool --tag=CC --mode=link aarch64-wrs-linux-gcc + -o lmcry_gcry.la lmcry_gcry_la-lmcry_gcry.lo libgcry.la -lgcrypt + |aarch64-wrs-linux-libtool: error: cannot find the library 'libgcry.la' + or unhandled argument 'libgcry.la' + |Makefile:1049: recipe for target 'lmcry_gcry.la' failed + |make[2]: *** [lmcry_gcry.la] Error 1 + [snip] + The LIBADD of lmcry_gcry.la contains libgcry.la, we should also add libgcry.la + to lmcry_gcry.la's DEPENDENCIES. + Thanks to Hongxu Jia for the patch. +- bugfix imfile: memory leak upon shutdown (cosmetic) + When rsyslog shuts down and imfile is inside a change polling loop, + it does not properly free memory returned by glob(). This is a cosmetic + bug as the process terminates within the next few milliseconds. However, + it causes memory analyzer reports and thus makes CI fail. +- bugfix core msg: potential deadlock (and rsyslog hang) + can happen e.g. with headerless messages when app-name + property is used + closes https://github.com/rsyslog/rsyslog/issues/3135 +- bugfix core: do not abort startup on problems setting scheduling policy + rsyslog creates a default scheduling policy on startup. This code + invalidly used CHKiRet (our exception handler) to check pthreads + return codes, what this macro cannot do. This lead to hard to + diagnose startup problems in cases where there were problems + setting the scheduling defaults (e.g. when rsyslog is set to run + at idle priority). Even more so, this blocked startup altogether, + which is not the right thing to do. Actually, this can be considered + a regression from commit 7742b21. That commit was 8 years ago, so + in general this cannot be a big issues ;-) + The code now emits proper error messages (to stderr, as at this point + no other output is available as it is during the initial state of + rsyslog initialization) and continues the startup. + closes https://github.com/rsyslog/rsyslog/issues/2855 +- bugfix core: input shutdown timeout not properly applied + The timeout could be reduced by mutex wait time, which was not the + intended behavior and could lead the the input thread being + cancelled while it would have been perfectly legal to shut it down + cleanly. + Noticed during working on the CI system. May explain some testbench + instability and may have caused trouble with state files (not) + properly being written by inputs. +- bugfix config optimizer: error in constant folding + did not work properly if a string and a number were to be folded. + Detected by gcc 8. +- build: fix improper function casts + no real issue, but generated warnings under gcc 8 and thus + broke CI +- bugfix omlibdbi: fix potential small memory leak + detected by clang static analyzer +- bugfix ommysql: unsafe use of strncpy() + also now reports oversize names as user error vs. silent truncation + overly long names only could affect config load phase +- bugfix omhttpfs: fix insecure usage if strncmp() + consequences not evaluated as this is a contributed module. + Detected by gcc 8. +- bugfix mmgrok: cosmetic build issue - compiler warnings + caused build under gcc 7 to fail with warning +- bugfix mmkubernetes: stops working with non-kubernetes container names + When mmkubernetes encounters a record with a CONTAINER_NAME field, + but the value does not match the rulebase, mmkubernetes returns + an error, and mmkubernetes does not do any further processing + of any records. + The fix is to check the return value of ln_normalize to see if + it is a "hard" error or a "does not match" error. + This also adds a test for pod names with dots in them. + Thanks to Richard Megginson for the patch. +- bugfix mmkubernetes: potential NULL pointer access + If token file could not be opened, fclose() was passed a NULL pointer. + Thanks to github user jvymazal for finding and Richard Megginson + for fixing the issue. +- bugfix omsnmp: invalid traptype was not detected + this could leave config errors unreported and cause unexpected + behavior +- bugfix mmkubernetes: default rules use container_name_and_id + also include rulebase files in dist and fix rule so that dot inside + pod name is supported. + Thanks to Richard Megginson for fixing the issue. +- bugfix omelasticsearch: build regression + Commit 6d4635efbb13907bf651b1a6e5a545effe84d9d9 introduced some compile + problems, which were only detected on CentOS6, which unfortunately did + not compile omelasticsearch during CI runs +- bugfix ommongodb: do not force MongoDB to use "PLAIN" auth mechanism + ... which also seems not to be handled by current MongoDB. + Remove ?authMechanism=PLAIN URI part to let the mongo library chooses the + default mechanism. One can force a specific authentication mechanism by + adding ?authMechanism=XXX into the uristr argument of the module + Thanks to Jérémie Jourdin for the fix. + closes https://github.com/rsyslog/rsyslog/issues/2753 +- build system: do not disable tests via --disable-liblogging-stdlog + This setting controlled both the actual rsyslog functionality as well + as some testbench tests, which use liblogging-stdlog to provide some + specific functionality. This meant those tests were not run since + changing the default. Now untangling the dependency. +- CI: + * most test refactored to use newer testbench plumbing + while no functional change, this permits further enhancements + * ElasticSearch startup timeout in tests increased to care for + slower test systems + * imjournal: fixed tests to actually test plugin functionality + Thanks to Jiri Vymazal for the patch. + * new test for gnutls priority string in librelp + Thanks to github user jvymazal for the patch + * testbench: relax hanging instance detection + This does not work reliably if multiple instances of rsyslog + builds run on a single machine. We need to improve, but this + commit makes conflict less likely and provides some diagnostic + info to help guide us towards a final solution. + * testbench: fix tests that look awfully wrong + These tests indicated they terminate rsyslog forcefully without + draining the queues, but then checked if they were drained (all + messages processed). That does not make sense, and we cannot + envision why this was written the first place. So we assume some + copy&paste problem was the root of that. + * testbench: refactor tests which used "nettester" tool + Some old tests are carried out via the nettester tool. This was + our initial shot at a testbench a couple of years ago. While it + worked back then, the testbench framework has been much enhanced. + These old tests are nowadays very hard to handle, as they miss + debug support etc. So it is time to refactor them to new style. + As a side-activity, the testbench plumbing has been enhanced to + support some operations commonly needed by these tests. Contrary + to pre-existing plumbing, these new operations are now crafted + using bash functions, which we consider superior to the current + method. So this is also the start of converting the older-style + functionality into bash functions. We just did this now because + it was required and we entangled it into the test refactoring + because it was really needed. Else we had to write old-style + operations and convert them in another commit, which would + have been a waste of time. + Special thanks to Pascal Withopf for the initial step of taking + old tests and putting config as well as test data together into + the refactored tests, on which Rainer Gerhards than could build + to create the new tests and update testbench plumbing. + * testbench: ensure uxsock test leaves no dangling listener instances + ..in case the test aborts. We utilize the timeout utility for now + to prevent this. + * testbench: make port for imdiag dynamic + This is prep work to support parallel test runs +------------------------------------------------------------------------------ +Version 8.36.0 [v8-stable] 2018-06-26 +- build system change: + Liblogging-stdlog was introduced to provide a broader ability to send rsyslog + internal logs to different sources. However, most distros did not pick up + that capability and so instead we do a regular syslog() call. We assume that + the actual functionality is never used in practice, so we plan to retire it. + That makes building rsyslog from source easier. + The plan is to disable use of liblogging-stdlog by default during + configure. So users (and distros!) can still opt-in to have it enabled if + they desire. + A couple of releases later, we want to completely remove the functionality, + except if there has desire been shown in the meantime which justifies to keep + liblogging-stdlog. + This version disabled liblogging-stdlog by default. We now also + emit a warning message ("liblogging-stdlog will go away") so that users + know what is going on and my react. + closes https://github.com/rsyslog/rsyslog/issues/2705 + see also https://github.com/rsyslog/rsyslog/issues/2706 +- add openssl driver alongside GnuTLS one for TLS communication + The openssl driver is currently experimental. It will become the new preferred + driver as it permits us to provide much better end-user error message than + we could provide with GnuTLS. It is also less picky with certificate files + and provides specific error messages if there are certificate problems. + closes: https://github.com/rsyslog/rsyslog/issues/1390 + closes: https://github.com/rsyslog/rsyslog/issues/1840 + closes: https://github.com/rsyslog/rsyslog/issues/1352 + closes: https://github.com/rsyslog/rsyslog/issues/1702 + closes: https://github.com/rsyslog/rsyslog/issues/2547 +- GnuTLS TLS driver: support intermediate certificates + this is necessary for certificate chains + Thanks to Arne Nordmark for providing the patch. + closes https://github.com/rsyslog/rsyslog/issues/2762 +- omelasticsearch: write op types; bulk rejection retries + * Add support for a 'create' write operation type in addition to + the default 'index'. Using create allows specifying a unique id + for each record, and allows duplicate document detection. + * Add support for checking each record returned in a bulk index + request response. Allow specifying a ruleset to send each failed + record to. Add a local variable `omes` which contains the + information in the error response, so that users can control how + to handle responses e.g. retry, or send to an error file. + * Add support for response stats - count successes, duplicates, and + different types of failures. + * Add testing for bulk index rejections. + Thanks to Richard Megginson for the patch. +- lookup tables: reload message now with "info" severity (was "error") + thanks to Adam Chalkley for the patch +- imptcp: add support for regex-based framing + for complex multi-line messages (XML in particular), the multiLine method + does not work well. We now have a capability to specify via a regex when + a frame starts (and the previous thus ends). + adds imptcp input parameter "framing.delimiter.regex" +- imjournal: add statistics counter + following statistics counter are now supported by imjournal + - submitted = total number of messages submitted for processing + closes https://github.com/rsyslog/rsyslog/issues/2549 +- config: permit 4-digit file creation modes + permit 4-digit file creation modes (actually 5 with the leading zero) so + that the setgid bit can also be set (and anything else on that position. + closes https://github.com/rsyslog/rsyslog/issues/1092 +- ommongodb: add possibility to ignore some insertion error code + new config parameter "allowed_error_codes", which will be ignored if + they happen. For example, 11000 DuplicateKey in case of collection + containing a unique field. + Thanks to Hugo Soszynski for contributing this work +- omprog: simplify 'plugin-with-feedback.py' example + Make the skeleton easier to understand by removing transaction support. + Also, transaction failures did not work as explained in the skeleton, + because of issue #2420. In the future, a 'plugin-with-transactions.py' + example can be added, ideally once the issue is solved. + Thanks to Joan Sala for contributing this. +- core: misaddressing when writing disk queue files + when writing disk queue files during shutdown, access to freed + memory can occur under these circumstances: + - action A is processing data, but could not complete it + most importantly, the current in-process batch needs not to + be totally completed. Most probable cause for this scenario + is a suspended action in retry mode. + - action A is called from a ruleset RA which + - does not have a queue assigned + - where RA is called from a ruleset RO which is bound + to the input from which the message originated + - RO must be defined before RA inside the expanded config + - Disk queues (or the disk part of a DA queue) must be utilized by A + When re-injecting the unprocessed messages from A into the disk queue, the + name of ruleset RO is accessed (for persisting to disk). However, RO is + already destructed at this point in time. + The patch changes the shutdown processing of rulesets, so that all + shutdown processing is done before any ruleset data is destructed. This + ensures that all data items which potentially need to be accessed + remain valid as long as some part may potentially try to access them. + This follows a the approach used in + https://github.com/rsyslog/rsyslog/pull/1857 + where obviously that part of the problem was not noticed. + see also https://github.com/rsyslog/rsyslog/issues/1122 + closes https://github.com/rsyslog/rsyslog/issues/2742 +- core: fix message loss on target unavailability during shutdown + Triggering condition: + - action queue in disk mode (or DA) + - batch is being processed by failed action in retry mode + - rsyslog is shut down without resuming action + In these cases messages may be lost by not properly writing them + back to the disk queue. + closes https://github.com/rsyslog/rsyslog/issues/2760 +- imrelp bugfix: error message "librelp too old" is always emitted ... + ... even if librelp is current. The condition check was actually missing. + This commit adds it. + closes https://github.com/rsyslog/rsyslog/issues/2712 +- imrelp: segfault on startup when cert without priv key is configured + closes https://github.com/rsyslog/rsyslog/issues/2747 +- omrelp bugfix: segfault on first message sent when authmode was wrong + A segfault could occur if the authmode was configured to an invalid value. + This is now caught during config processing and an error is reported. + closes https://github.com/rsyslog/rsyslog/issues/2743 +- imfile bugfix: double-free on module shutdown + detected by code review, not seen in practice +- imfile/core bugfix: potential misaddressing in string copy routine + This can be exposed via imfile, as follows: + - use a regex to process multiline messages + - configure timeouts + - make sure imfile reads a partial message + - wait so that at least one timeout occurs + - add the message termination sequence + This leads to a misaddressing, which may have no obvious effects potentially + up to a segfault. + closes https://github.com/rsyslog/rsyslog/issues/2661 +- imfile bugfix: if freshStartTail is set some initial file lines missing + When the option is set and a new file is created after rsyslog startup, + freshStartTail is also applied to it. That is data written quickly to it + (before rsyslog can process it) will potentially be discarded. If so, + and how much, depends on the timing between rsyslog and the logging process. + This problem is most likely to be seen in polling mode, where a relatively + long time may be required for rsyslog to find the new file. + This is changed so that now freshStartTail only applies to files that + are already-existing during rsyslog's initial processing of the file + monitors. HOWEVER, depending on the number and location (network?) of + existing files, this initial startup processing may take some time as + well. If another process creates a new file at exactly the time of + startup processing and writes data to it, rsyslog might detect this + file and it's data as prexisting and may skip it. This race is inevitable. + So when freshStartTail is used, some risk of data loss exists. The same + holds true if between the last shutdown of rsyslog and its restart log + file content has been added. This is no rsyslog bug if it occurs. + As such, the rsyslog team advises against activating the freshStartTail + option. + closes https://github.com/rsyslog/rsyslog/issues/2464 +- core: fix undefined behavior (unsigned computation may lead to value < 0) + This was detected by LLVM UBSAN. On some platforms re-setting the rawmsg + inside the message object could lead to invalid computation due to the + fact the the computation was carried out as unsigned and only then + converted to integer. + No known problem in practice. +- CI/QA: + - improved Elasticsearch tests so they can now be run without system- + installed ES service; also enables us to specify specific ES versions + and should now make the tests executable inside a container +------------------------------------------------------------------------------ +Version 8.35.0 [v8-stable] 2018-05-15 +- imptcp: add ability to configure socket backlog + this can be useful under heavy load. + For a detailed discussion see https://github.com/rsyslog/rsyslog/pull/2561 + Thanks to Maxime Graff for implementing this. +- omfile: do not permit filename that only consists of whitespace +- fmhash: new hash function module + implements hash32() and hash64() functions + Thanks to Harshvardhan Shrivastava for implementing these +- some better error messages +- imklog: add ratelimiting capability + On Linux kernel logs are ratelimited only for messages using + printk_ratelimit(). Some logs do not use this facility, so + we ratelimit kernel ourselves. + Thanks to Berend De Schouwer for the patch. +- omkafka: added impstats counters for librdkafka returned statistics + Adds: + * statscallback counters + * librdkafka failure and error counters + * acked message counter + Thanks to Abdul Waheed for implementing this. +- imudp + * use rsyslog message rate-limiter instead of home-grown one + imudp introduced it's own (feature-limited) rate-limiting capability for + message on disallowed senders before we had central rate-limiters + inside rsyslog. Also, that code evolved from running on a single + thread to running on multiple threads, which introduced data races + and so made unreliable. + Now we removed the old rate-limiting capability and depend on the + system rate limiter for internal rsyslog messages. + closes https://github.com/rsyslog/rsyslog/issues/2467 + * add stats counter "disallowed" + counts the number of messages discarded due to being received from + disallowed senders + see also https://github.com/rsyslog/rsyslog/issues/2467 +- imrelp: add parameter "oversizeMode" + Permits to instruct librelp how to handle oversize messages. The new default + is to truncate messages. Previously, the connection was aborted, what often + lead to stuck messages at the sender side. Now, there are three options passed + down to librelp: + * abort - same behavior as previously, connection is aborted on error + * truncate - do not abort but instead truncate oversize message to + configured max size + * accept - accept all oversize messages (note: this can cause security issues, + see doc for details) + see also https://github.com/rsyslog/rsyslog/pull/1525#issuecomment-384179393 + see also https://github.com/rsyslog/rsyslog/issues/2190 + closes https://github.com/rsyslog/rsyslog/issues/2633 + closes https://github.com/rsyslog/rsyslog/issues/1741 + closes https://github.com/rsyslog/rsyslog/issues/1782 + closes https://github.com/rsyslog/rsyslog/issues/2496 +- core: consistent handling of oversize input messages + In the community we frequently discuss handling of oversize messages. + David Lang rightfully suggested to create a central capability inside + rsyslog core to handle them. + We need to make a distinction between input and output messages. Also, + input messages frequently need to have some size restrictions done at + a lower layer (e.g. protocol layer) for security reasons. Nevertheless, + we should have a central capability + * for cases where it need not be handled at a lower level + * as a safeguard when a module invalidly emits it (imfile is an example, + see https://github.com/rsyslog/rsyslog/pull/2632 for a try to fix it + on the module level - we will replace that with the new capability + described here). + The central capability works on message submission, and so cannot be + circumvented. It has these capabilities: + * oversize message handling modes: + - truncate message + - split message + this is of questionable use, but also often requested. In that mode, + the oversize message content is split into multiple messages. Usually, + this ends up with message segments where all but the first is lost + anyhow as the regular filter rules do not match the other fragments. + As it is requested, we still implemented it. + - accept message as is, even if oversize + This may be required for some cases. Most importantly, it makes + quite some sense when writing messages to file, where oversize + does not matter (accept from a DoS PoV). + * report message to a special "oversize message log file" (not via the + regular engine, as that would obviously cause another oversize message) + This commit, as the title says, handles oversize INPUT messages. + see also https://github.com/rsyslog/rsyslog/issues/2190 + closes https://github.com/rsyslog/rsyslog/issues/2681 + closes https://github.com/rsyslog/rsyslog/issues/498 + Note: this commit adds global parameters: + * "oversizemsg.errorfile", + is used to specify the location of the oversize message log file. + * "oversizemsg.report", + is used to control if an error shall be reported when an oversize + message is seen. The default it "on". + * add global parameter "oversizemsg.input.mode" + is used to specify the mode with which oversized messages will + be handled. +- omfwd: add support for bind-to-address for UDP + To allow the same source address to be used regardless of the egress + interface taken, an option is added for an address to bind the datagram + socket to. Similarly to imudp, it is necessary to add an ipfreebind + option which is set by default, so as to avoid an excess of errors at + startup before the network interface has come up. This enhancement + allows a usecase on networking devices, by which a source interface + that is typically a loopback is specified, on which an address to bind + to is configured. This is so that the same source address is used for + all packets from rsyslog. + Thanks to Mike Manning for the patch. +- template systemd service file proposes higher permitted file handle limit + Especially on busy systems the default are too low. Please keep in mind + that on a very busy system even the now-proposed setting may be too low. + Thanks to github user jvymazal for the patch. +- imuxsock: replace select() call by poll() + While extremely unlikely, imuxsock could abort if a file descriptor + > 1024 was received during the startup phase (never occurred in + practice, but theoretically could if imfile monitored a large number + of files and were loaded before imuxsock - and maybe other + strange cases). + see also https://github.com/rsyslog/rsyslog/issues/2615 +- nsdsel_ptcp: replace select() by poll() + This removes us of problems with fds > 1024. The performance will + probably also increase in most cases. + Note this is not a replacement for the epoll drivers, but a general + stability improvement when epoll() is not available for some reason. + see also https://github.com/rsyslog/rsyslog/issues/2615 + closes https://github.com/rsyslog/rsyslog/issues/1728 + closes https://github.com/rsyslog/rsyslog/issues/1459 +- omprog: refactor tests, fix child closing issues + Refactor omprog tests. Fix sync issues in these tests by + using the feedback mode (confirmMessages=on) to synchronize + the test with the external program. Closes #2403 (I hope) + Fix omprog not properly closing child process when + signalOnClose=on. Needed for the new tests. Closes #2599 + Fix omprog not waiting for the child process to terminate + when signalOnClose=off. Needed for the new tests. Closes #2600 + Close all fds before executing the child even when valgrind + is enabled (--enable-valgrind). Needed for the new tests. + Fix memory leak when the xxxTransactionMark parameters were + used. + Thanks to Joan Sala for the patch. +- core: config optimizer did not handle call_indirect + This also caused the emission of an "internal error" error message + closes https://github.com/rsyslog/rsyslog/issues/2665 +- debug support: add capability to print testbench-specific timeout reports + done by setting RSYSLOG_DEBUG_TIMEOUTS_TO_STDERR to "on" + this is by default activated inside the testbench +- mmgrok: fix potential segfault + The modules used strtok(), which is not thread-safe. So it will potentially + segfault when multiple instances are spawned (what e.g. happens on busy + systems). + This patch replaces strtok() with its thread-safe counterpart + strtok_r(). + see also https://github.com/rsyslog/rsyslog/issues/1359 +- imrelp bugfix: maxDataSize could be set lower than maxMessageSize + maxDataSize specifies the length which will still be accepted + It previously could be set to any value, including values lower than the + configured rsyslog max message size, which makes no sense. Now this is + checked an error message is emitted if the size is set too low. +- build system bugfix: build broken if liblogging-stdlog installed in custom path + Thanks to Dirk Hörner for the patch. +- core bugfix: segfault on queue shutdown + if a ruleset queue is in direct mode, a segfault can occur during + rsyslog shutdown. The root cause is that a direct queue does not + have an associated worker thread pool, but the ruleset destructor + does not anticipate that and tries to destruct the worker thread + pool. It needs to do this itself, as otherwise we get a race + between rulesets on shutdown. + This was a regression from + https://github.com/rsyslog/rsyslog/commit/3fbd901b3e6300010 + closes https://github.com/rsyslog/rsyslog/issues/2480 +- imfile bugfix: statefiles contain invalid JSON + When imfile rewrites state files, it does not truncate previous + content. If the new content is smaller than the existing one, the + existing part will not be overwritten, resulting in invalid json. + That in turn can lead to some other failures. + closes https://github.com/rsyslog/rsyslog/issues/2662 +- omfile bugfix: segfault if empty filename was given + closes https://github.com/rsyslog/rsyslog/issues/2417 +- fix build issues when atomic operations are not present + for details, see https://github.com/rsyslog/rsyslog/pull/2604 +- lmsig_ksils12 bugfix: build and static analyzer issues + The module had a couple of problems building as well as some potential + errors detected by clang static analyzer. These have been fixed. + Thanks to Allan Park for the patch. + closes https://github.com/rsyslog/rsyslog/issues/2517 +- impstats bugfix: segfault if bound to non-existing ruleset + segfault happens during shutdown; up until unload of impstats, + rsyslog works correctly, except that no pstats are emitted. This + can be considered to be expected, because the error message + indicates the default ruleset is used instead. This is what + now actually happens. + closes https://github.com/rsyslog/rsyslog/issues/2645 +- mmjsonparse bugfix: invalid container name was not detected + in debug builds, this will trigger an assertion. In production + builds, an rsyslog internal error is logged, but rsyslog + continues to run. + closes https://github.com/rsyslog/rsyslog/issues/2584 +- mmkubernetes bugfixes: fix lnrules, add defaults, add test + - Fix lnrules for CONTAINER_NAME + - Add pkg check for lognorm >= 2.0.3 so we can set the macro + to enable ln_loadSamplesFromString + - Add some reasonable default values for parameters, such as + kubernetesurl https://kubernetes.default.svc.cluster.local:443 + - Clean up sample.conf configuration file + Thanks to Richard Megginson for the patch set. +- build system bugfix: --enable-atomic-operations did not work + closes https://github.com/rsyslog/rsyslog/pull/2604 +- bugfix: rsyslog aborts on startup when specific config errors are made + The following errors must be made in rsyslog.conf: + * no action present + * a call statement is used on an undefined ruleset + In this case, rsyslog emits an error message on the missing actions and + then segfaults. Depending on memory layout, it may also continue to run + but do nothing except accepting messages as no action is configured. + This patch make rsyslog properly terminate after the error message. It + is a change in behavior, but there really is no reason why a defunct + instance should be kept running. + closes https://github.com/rsyslog/rsyslog/issues/2399 +- build system: remove no longer needed --enable-libcurl configure switch + The --enable-libcurl switch was added to be able to disable libcurl + functionality inside the rsyslog core, see 46f4f43. As libcurl is no + longer used inside the core (due to introducing function modules), + --enable-libcurl needs to be removed. + closes https://github.com/rsyslog/rsyslog/issues/2628 +- QA/CI + * fixed races in some tests; root cause was that default enq timeout was too + low - we may also see in the future that other tests also need adjustment + (note that this is not a code problem but rather slow CI environments, + so increasing the timeout to get to a stable test state is the absolutely + correct thing to do) + * enabled some additional useful compiler warnings + * new test for diskqueue hitting configured disk space limit + * new tests for omfile + * added tests for mmkubernetes + * added tests for some script functions that were missing them + * made far more test compatible with FreeBSD, so that we now have fuller + coverage there +------------------------------------------------------------------------------ +Version 8.34.0 [v8-stable] 2018-04-03 +- mmkubernetes: new module + Thanks to Richard Megginson and Peter Portante for contributing the module. +- rsyslog script: introduce loadable function modules + rsyslog scripting can now also be extended via loadable modules - they + provides functions (just like loadable input, output, ... modules) + see also http://jan.gerhards.net/2018/03/loadable-rainerscript-functions.html +- imfile: large refactoring of complete module + This commit greatly refactors imfile internal workings. It changes the + handling of inotify, FEN, and polling modes. Mostly unchanged is the + processing of the way a file is read and state files are kept. + This is about a 50% rewrite of the module. + Polling, inotify, and FEN modes now use greatly unified code. Some + differences still exists and may be changed with further commits. The + internal handling of wildcards and file detection has been completely + re-written from scratch. For example, previously when multi-level + wildcards were used these were not reliably detected. The code also + now provides much of the same functionality in all modes, most importantly + wildcards are now also supported in polling mode. + The refactoring sets ground for further enhancements and smaller + refactorings. This commit provides the same feature set that imfile + had previously and all existing CI tests pass, as do some newly + created tests. + Some specific changes: + - bugfix: module parameter "sortfiles" ignored + This parameter only works in Solaris FEN mode, but is otherwise + ignored. Most importantly it is ignored under Linux. + fixes https://github.com/rsyslog/rsyslog/issues/2528 + - bugfix: imfile did not pick up all files when not present + at startup + fixes https://github.com/rsyslog/rsyslog/issues/2241 + fixes https://github.com/rsyslog/rsyslog/issues/2230 + fixes https://github.com/rsyslog/rsyslog/issues/2354 + fixes https://github.com/rsyslog/rsyslog/issues/1716 + - bugfix: directories only support "*" wildcard, no others + fixes https://github.com/rsyslog/rsyslog/issues/2303 + - bugfix: parameter "sortfiles" did only work in FEN mode + fixes https://github.com/rsyslog/rsyslog/issues/2528 + - provides the ability to dynamically add and remove files via + multi-level wildcards + see also https://github.com/rsyslog/rsyslog/issues/1280 + - the state file name currently has been changed to inode number + This will further be worked on in upcoming PRs + see also https://github.com/rsyslog/rsyslog/issues/2231 + - some enhancements were also done to CI tests, most importantly + they were made more compatible with BSD + Note that most of the mentioned bug fixes cannot be applied to older + versions, as they fix design issues which are solved by the refactoring. + Thus there are not separate commits for them. + There are probably also a number of different issues fixed, which have + not yet been full confirmed. Especially anyone having troubles with imfile + and wildcards will benefit from the refactoring. + closes https://github.com/rsyslog/rsyslog/issues/2359 +- omelasticsearch: add support for CA cert, client cert auth + This allows omelasticsearch to perform client cert based authentication + to Elasticsearch. + adds parameters: tls.cacert, tls.mycert, tls.myprivkey + Thanks to Richard Megginson for the patch. +- omfile-hardening: new contributed module for "omfile hardened operations" + This extends omfile with features considered useful for hardening. Comes + at the expense of performance loss and changed semantics. + Thanks to Mikko Kortelainen for contributing this work. +- stream/bugfix: memory leak on stream open if filename as already generated + this can happen if imfile reads a state file. On each open, memory for the + file name can be lost. + We detected this while working on imfile refactoring, so there is no related + bug report. No specific test has been crafted, as the refactored imfile + tests catch it (as soon as they are merged). +- bugfix/omkafka: did not build on platforms without atomic operations + Thanks to github user bruce87en for the patch +- bugfix/core/ratelimiting: SystemLogRateLimitBurst was limited to 65535 + rsyslog uses unsigned short for configuration setting SystemLogRateLimitBurst. + Being just 16 bits, unsigned short cannot hold values bigger than 65535. in a + practical setting rsyslog misbehaved with SystemLogRateLimitBurst being bigger + than 65535. + Thanks to github user KaleviKolttonen for the patch. +- bugfix imfile: memory leak in readMode 0 + closes https://github.com/rsyslog/rsyslog/issues/2421 +- bugfix omfile: some error messages had parameters in wrong order + which made the message look strange, but still readable + Thanks to Hans Rakers for the patch. +- bugfix omprog: file handle leak + There was a fd leak in the feedback feature added in v8.31.0 (github PR #1753). + The leak occurred when omprog was used with the confirmMessages=on setting + and no output setting. One fd was leaked every time the external program was + started. + Thanks to Joan Sala for the patch. +- bugfix imuxsock: data alignment problems + gcc did rightly complain that the cred and ts pointers would cause + alignment problems, so they were converted to structs and the necessary + data was memcpy()'ed to them. + the aux[] buffer was also potentially misaligned, so making a union + out of it and struct cmsghdr insured it was properly aligned. + The problems were especially visible on alpha and ia64 machines. + Thanks to Jason Duerstock for the fix. +- bugfix testbench: some test were accidentally not executed + Thanks to Kasumi Hanazuki for the patch. +- bugfix tcp subsystem: keepalive settings mixed up + TCPKeepAliveIntvl and TPCKeepAliveTime were switched. This is now correct and + thus causes a CHANGE OF BeHAVIOR of these settings. We applied this change only + after careful consideration of the effect. The contributor Alexandre Pierret + explained the situation as such: + "From my side, I work with thousands of servers centralizing logs to rsyslog + servers in tcp. All of them are running RHEL 6 and 7. The default rsyslog settings + in RHEL is TCPKeepAlive off. Since there are thousands of connections on the + rsyslog servers, I had to turn the TCPKeepAlive on to setup an aggressive policy + regarding ghost connections (following firewall tcp-timeout issue). Basically, + I set up: intvl=10 - probe=5 - time=2 If intvl and time are switched, it won't + break anything. It will just send 5 more empty tcp packets for 10 seconds (5 + probe x 2 seconds), which is painless (any professional grade 100€ router can + send more than 1.000.000 PPS). For 3000 servers, it means 3000 pps for 5 + seconds (3000 servers x 2 back-and-forth / 2 seconds). Let's take another worst + example: intvl=3600 - probe=5 - time=1. It means one keepalive every hour and + a 5 retry every 1s after a network issue. If the time and intvl values are + switched, it will generate 1 keepalive every seconds, It's a LOT more, but + after 5 probe or packet, it will stop. To summarize, I think it won't + break anything: + * Keepalive is off by default is many linux distribution + * When we enable it, it's to set up an aggressive policy. And setting up a + 10-5-1, 60-5-2, 2-5-60 or 1-20-1 policy is almost the same. + Bonus: For people setting up their rsyslog from the documentation, it will + now work as expected." + This was convincing, and we actually think that the fast majority of users set + up keepalive based on the doc and did never verify it actually worked as + expected. So we think that in all those cases, rsyslog will finally work as + intended. So we consider it justified to "change the behavior" here. + full discussion in PR: https://github.com/rsyslog/rsyslog/pull/2367 + Thanks to Alexandre Pierret for analyzing the situation and providing the + patch. +- fix some cosmetic issues found by lgtm.com static code analyzer + e.g. header file guard not correctly set - if you really are interested in + details, check git log +- CI + * add build test without atomic operations - now catches missing mutex macros + * add lgtm.com static analyzer (automatically called via GitHub PR) + * improved stability of global-umask.sh test, which unnecessarily used + wildcards for test output file checking. + Thanks to Kasumi Hanazuki for the patch. + * added some test for omprog with transactional interface + Thanks to Joan Sala for the new tests. + * fixed some omjournal tests which did not properly check result +------------------------------------------------------------------------------ +Version 8.33.1 [v8-stable] 2018-03-06 +- 8.33.0 tarball release was actually pre-8.33.0 + ... and so did not contain all features. This alone made a re-release + necessary, which is what now happens with 8.33.1. + Note: the git 8.33.0 label was correctly applied, "just" the tarball + was wrong. +- devcontainer: use some more sensible defaults + and add ability to specify generic docker run options + this makes integration into CI (and other scripting) easier +- fix problems with make dist + make dist did not package everything that was needed for CI, thus + resulting in make check failures if build from tarball. + Thanks to Thomas D. (whissi), and Michael Biebl for alerting us on the + problem, providing advise and some of the patches. We also added addt'l + patches ourselves. The problem occurred as the CI check for tarball + completeness was more or less disabled a couple of weeks ago, which + unfortunately went unnoticed. We have also applied some more safeguards + to detect such problems in the future. +------------------------------------------------------------------------------ +Version 8.33.0 [v8-stable] 2018-02-20 +- auto-detect if running inside a container (as pid 1) + adjust defaults in this case to be more container-friendly +- config: add include() script object + This permits to include files (like legacy $IncludeConfig) via a + script object. Needless to say, the script object offers more + features: + - include files can now be + - required, with rsyslog aborting when not present + - required, with rsyslog emitting an error message but otherwise + continuing when not present + - optional, which means non-present include files will be + skipped without notice + This is controlled by the "mode" parameter. + - text can be included form e.g. an environment variable + --> ex: include(text=`echo $ENVVAR`) + This finally really obsoletes $IncludeConfig. + closes https://github.com/rsyslog/rsyslog/issues/2151 +- template: add option to generate json "container" + This enables easy JSON generation via template. + This commit also corrects an issue with the constant "jsonf" + format. That was recently added, and the implementation problem + only became visible when used inside a larger json object. No + officially released code is affected, thought - so it really + is just a side-note. + closes https://github.com/rsyslog/rsyslog/issues/2347 +- core/template: add format jsonf to constant template entries + closes https://github.com/rsyslog/rsyslog/issues/2348 +- config: add ability to disable config parameter ("config.enabled") + For auto-generated configs, it is useful to have the ability to disable some + config constructs even though they may be specified inside the config. This + can now be done via the ```config.enabled``` parameter, applicable to all + script objects. If set to ```on``` or not specified, the construct will be + used, if set to any other value, it will be ignored. This can be used + together with the backtick functionality to configure enable and disable + from either a file or environment variable. + closes https://github.com/rsyslog/rsyslog/issues/2431 +- script: permit to use environment variables during configuration + new constant string type "backticks", inspired by sh + (sample: `echo $VARNAME`). +- new global config parameter "shutdown.enable.ctlc" + permits to shutdown rsyslog via ctl-c; useful e.g. in containers +- config optimizer: detect totally empty "if" statements and optimize + them out +- template: constant entry can now also be formatted as json field + This enhancements permits to craft clean templates that generate JSON, + e.g. for ElasticSearch consumption (or any other REST API) +- omstdout: support for new-style configuration parameters added +- core: set TZ on startup if not already set + In theory, TZ should be set by the OS. Unfortunately, this seems + to be not the case any longer on many Linux distros. We now check + it and set it appropriate if not already given. + Thanks to github user JPvRiel for providing an excellent explanation + of the reasoning for this and how to work around it. + closes https://github.com/rsyslog/rsyslog/issues/2054 +- imjournal bugfix: file handle leak during journal rotation + Thanks to Peter Portante for the patch + see also: https://github.com/rsyslog/rsyslog/pull/2437 +- lmsig_ksils12 bugfix: dirOwner and dirGroup config was not respected +- script bugfix: replace() function worked incorrectly in some cases + If the end of the message was similar to the replacement string, parts + of the string could (not always) be missing. + Thanks to Yaroslav Bo for the patch. +- build system bugfix: --disable-libcurl did not work + Thanks to Dan Molik, Thomas D. (whissi), and Michael Biebl for the patches. +- fixed build issues on Alpine Linux +- core bugfix: misaddressing in external command parser + This parser is used whenever a module (e.g. omprog) needs to process + command lines. If command parameters were given, memory misaddressing + occurred. This could lead to a segfault. + This is a regression in 8.32.0. + closes https://github.com/rsyslog/rsyslog/issues/2408 +- core bugfix: small memory leak in external command parser + This parser is used whenever a module (e.g. omprog) needs to process + command lines. On each action definitions for actions that use the + parser a small amount of memory was leaked. It is an uncritical leak + as it only occurs during config parsing. So it leaks a couple of + KiB during startup but does not grow during actual message processing. + This is a regression in 8.32.0. +- core bugfix: string not properly terminated when RFC5424 MSGID is used + This could lead to misaddressing when the jsonmesg property was used. + closes https://github.com/rsyslog/rsyslog/issues/2396 +- bugfix: strndup() compatibility layer func copies too much + The function did not obey the upper limit, effectively becoming + a strdup(). This was only noticed when the compatibility layer + was required, most importantly on Solaris 10. +- CI system + - we now use well-defined containers for parts of the CI runs + - now also build test under Alpine Linux + - test added for omprog feedback feature +------------------------------------------------------------------------------ +Version 8.32.0 [v8-stable] 2018-01-09 +- NEW BUILD REQUIREMENTs: + * libfastjson 0.99.8 is now required; older versions lead to bugs in rsyslog + * libczmq >= 3.0.2 is now required for omczmq + This was actually required for quite some while, but not properly checked + during configure run. If the lib was older, build failed. Now configure + detects this and emits the appropriate error message. + * libcurl is now needed for rsyslog core + due to new script function http_request(). This can be turned off by the + new configure option --disable-libcurl. If so, http_request() is not + available. +- rsyslogd: add capability to specify that no pid file shall be written + Command line option -iNONE provides this capability. This utilizes the + pre-existing -i option, but uses the special name "NONE" to turn of the + pid file check feature. Turning off is useful for systems where this no + longer is needed (e.g. systemd based). + closes https://github.com/rsyslog/rsyslog/issues/2143 +- ompgsql: considerable enhancements + The PostgreSQL output module was woefully out-of-date the following + list is changes made to update the module to current Rsyslog standards. + * allow for v6 configuration syntax + * configurable ports + * support transactional interface + * push db connection into workers (libpq is threadsafe) + * enable module testing on travis + * ensure configuration syntax backwards compatibility + * formatting around postgres core templating + * use new test conventions + * add new configuration syntax test + * add valgrind tests for new and old syntax + * add threading tests + * add action queue long running tests + * add action queue valgrind test + Thanks to Dan Molik for contributing this great enhancement! +- build system: removed --enable-rtinst configure option + This was a historic debugging option which has been superseded by + newer tools like valgrind, helgrind, ASAN, TSAN, etc... +- pmrfc3164: support for headerless messages + pmrfc3164 now detects if the first non-SP, non-HT character is either + '{' or '[' and if so assume that no header (TAG, HOSTNAME, DATE) is + given. If so, it uses defaults for these values. The full message is + used as the MSG part in that case. Note that an initial PRI may still + be specified. + This follows the trend to send JSON messages via syslog without any + header. We use default header values in this case. + This right now is a bit experimental; we may roll it back if + problems show up in practice. + closes https://github.com/rsyslog/rsyslog/issues/2030 +- omhiredis: add option to use RPUSH instead of LPUSH + see also https://github.com/rsyslog/rsyslog/issues/1625 +- mmexternal improvements + * better error reporting if to-be-executed script cannot be executed + * some general cleanup + * better redirection of stdin/out/err for the executed script + * bugfix: argv[0] of the script was missing if command line parameters + were not specified +- omprog: refactored, code shared with mmexternal moved to common object +- logctl tool: refactor to support newer rsyslog standards + * Made the logctl usertool ISO C90 compliant. + * Made the logctl usertool use a homogeneous coding style. + Thanks to Hugo Soszynski for contributing this work (as well as + suggesting some workarounds related to libmongoc/libbson). +- imfile: added support for Solaris File Event notification (FEN) + also improves performance under Solaris, with FEN imfile provides + features equivalent to inotify mode +- core/action: new parameter "action.errorfile" + permits to write failed messages to an "error file" so that they + can be reviewed and potentially be reprocessed +- imfile: added new module parameter "sortFiles" + This permits to process newly created files in sorted order. +- imuxsock: improved status reporting: socket name received from systemd + Providing an indication of what we got from systemd facilitates problem + analysis. +- build system: added new testbench configure switches + now --enable-testbench1 and --enable-testbench2 exists which permit + to enable/disable parts of the testbench. By default, both are on + when --enable-testbench is given. For full testbench coverage, both + options must be given. These options are necessary because under + Travis we hit the max runtime for tests and needed to split tests + over multiple incarnations. +- mmpstrucdata: new parameter "sd_name.lowercase" + to permit preserving case for structured data identifiers + Special thanks to github user alanrobson for the initial commit that + preserves case (on which we based other work). +- omfile: add module-global option "dynafile.donotsuspend" + this permits to enable SUSPENDing dynafile actions. Traditionally, + SUSPEND mode was never entered for dynafiles as it would have blocked + overall processing flow. Default is not to suspend (and thus block). + closes https://github.com/rsyslog/rsyslog/issues/2236 +- testbench: add a capability to turn off libfaketime tests via configure + Unfortunately, libfaketime becomes more and more problematic in newer + versions and causes aborts on some platforms. This provides the ability + to turn it off via --disable-libfaketime. + In the longer term, we should consider writing our own replacement. +- testbench: name valgrind tests consistently + all valgrind tests now end in -vg.sh +- RainerScript: add function parse_json() +- RainerScript: add function substring() +- RainerScript: add function http_request() +- RainerScript: add function previous_is_suspended() + This function returns a boolean indicating if the previous action is + suspended (0 - no, 1 - yes). This is useful if arbitrary processing + (other than calling actions) should be made depending on that state. + A prime example for this is probably calling a ruleset. + closes https://github.com/rsyslog/rsyslog/issues/1939 +- Patches from BSD projects have been imported + ... as far as they still apply. Some patches that patched BSD-specific + code were broadened to be more generic. +- script bugfix: invalid function names were silently ignored + no error message was produced + thanks to Matt Ezell for providing the patch. +- rainerscript: add int2hex() function +- rainerscript: add is_time() function + Thanks to Stephen Workman for implementing this. +- RainerScript: add function script_error() and error-reporting support + This permits script functions that could fail to report errors back, so + that the user can handle them if desired. We use an errno-style of + interface. That means script_error() needs to be called after functions + that supports it. It will return either 0 (all OK) or something else + (an error condition). + The commit also modifies the parse_time() function to use the new + interface. First of all, this is useful for users, and secondly we + needed a capability to craft a testbench test. + closes https://github.com/rsyslog/rsyslog/issues/1978 +- testbench: fixed build problem of testbench tools under Alpine Linux +- added --enable-libsystemd configure option to enforce use of libsystemd + so we can fail the build on platforms where this is required +- core/glbl: remove long-unused option $optimizeforuniprocessor + This was still available, but had no effect (for ~10 years or so). The + plumbing is now removed. If someone tries to use the option, an + error message is generated. + closes https://github.com/rsyslog/rsyslog/issues/2280 +- core/queue: emit better status messages at rsyslog shutdown + this helps to diagnose issue - unfortunately we need more work to ensure + that the messages always make it to the user. This is a start and + hopefully useful at least for the testbench, possibly more. +- fixed a couple of build issues with gcc-7 (in less frequently used modules) +- fixed a couple of build issues on the arm platform (actually raspbian) +- impstats: fix invalid counter definitions for getrusage() reporting + some of the counters were defined as int (32 bit) vs. intctr_t (64 bit). + On some platforms "long" seems to be 64bit, and getrusage() provides + what we store as int via long. So this caused truncation and/or overflow. + This had undefined effects. Most often, everything worked fine + for values smaller than 2^31 but sometimes we got negative values. + closes https://github.com/rsyslog/rsyslog/issues/1517 +- imudp bugfix: potential segfault in ratelimiting + The rate-limiter inside imudp was not set to be thread safe, but was + used across multiple threads. This worked in default configuration, + but failed when RepeatedMsgReduction was set to "on". + Note that it in general is a bug to use a rate-limiter in + non-threadsafe mode across multiple threads. This also causes invalid + rate limiting counts in the default case. + closes https://github.com/rsyslog/rsyslog/issues/441 + fixes https://github.com/rsyslog/rsyslog/issues/2132 +- imptcp bugfix: access to free'ed memory + When notifyconnectionclose was on, a string buffer was accessed immediately + after it was freed (as part of the connection close operation). + Detected by LLVM ASAN. +- mmanon bugfix: fix wrong ipv6 embedded recognition + mmanon recognized IPv6 with embedded IPv4 that have too few (16 bit) fields. + example: 13:abd:45:0.0.0.0 + closes https://github.com/rsyslog/rsyslog/issues/2357 +- imfile bugfix: not detecting files in directory when wildcards are used. + When directories and files are created at the same time, + imfile may missed subdirs or file if the machine is on high load. + The handling has been enhanced to scan newly created directories ALWAYS for + matching files. + fixes https://github.com/rsyslog/rsyslog/issues/2271 + However there still exist problems with multilevel directory configurations. + Details are discussed in https://github.com/rsyslog/rsyslog/issues/2354 + Fixes for the remaining issues are expected for 8.33.0. +- script bugfix: improper string-to-number conversion for negative numbers +- core/action bugfix: 100% CPU utilization on suspension of output module + Triggering condition: + * output module using the legacy transaction interface + (e.g. omelasticsearch, omlibdbi) + * output module needs to suspend itself + In these cases, rsyslog enters a busy loop trying to resolve the + suspend condition. The bug is rooted in rsyslog core action code. + This patch fixes it by inserting a 1-second sleep during calls + to the resume handler. + Note: we cannot sleep exactly as long as tryResume needs. This + would require larger refactoring, which probably is not worth for + the legacy interface. The current solution is almost as good, as + the one second sleep has very little overhead on a real system. + Thus we have chosen that approach. + This patch now also ensures that failed messages are properly + handled and do not cause eternal hang. + closes https://github.com/rsyslog/rsyslog/issues/2113 +- core/variables bugfix: bare $! cannot be used in set statement + fixes https://github.com/rsyslog/rsyslog/issues/326 +- core bugfix: auto commit of actions improperly handled + The internal state variable bHadAutoCommit was handled in thread-unsafe way + and most probably caused (hard to see) issues when action instances were + run on multiple worker threads. It looks like the state variable was + forgotten to move over to worker state when action workers were introduced. + closes https://github.com/rsyslog/rsyslog/issues/2046 +- core bugfix: filename length limitation of 199 bytes + file names (including path names) longer than 199 bytes could not be + handled at many places. This has now been uplifted to 4KiB after careful + review for the largest size supported among all relevant platforms. +- core bugfix: undefined behavior due to integer overflow + when searching strings, we may have an (unsigned) integer overflow + which can lead to misaddressing. + Detected by clang ubsan. +- core bugfix: race on LocalHostIP property during startup + The way the default was set could lead to a race if e.g. two internal + messages were emitted at startup when the property was not yet set. This + has been seen to happen in practice. It had no bad effect except a very + small stationary memory leak, but made using thread analyzers unreliable + (as it was rightfully detected as a problem). + closes https://github.com/rsyslog/rsyslog/issues/2012 +- bugfix: potential segfault on startup + timezone info table was "sorted" even though it may be NULL. There is + no practical case known where this lead to an actual abort, but in + theory it would be possible. If so, it would happen immediately on + startup. + Detected by clang ubsan. +- omhiredis bugfix: rsyslog segfault on startup if no template is specified +- omprog bugfix: argv[0] not set when using binary without arguments + When using the omprog plugin with a binary without arguments, argv[0] (the + name of the binary) is not set, causing binaries that depend on this value + being set to crash or misbehave. + This patch also mildly refactors omprog argv[] creations, albeit some more + refactoring would be useful. + closes https://github.com/rsyslog/rsyslog/issues/1858 +- core: refactoring of rsyslog's cstr "class" + Function cstrGetSzStrNoNULL shall modified the string buffer on each call, + albeit it is considered a "read-only" function. It currently adds a '\0' + at the end. This is bad, especially when multiple threads access the same + string. As always the same data is written, it was not causing real issues + (except unnecessary cache writes), but it polluted the thread debugger and + as such prevent more elaborate automated tests. +- parent directory creation function refactored + This should not cause any change of behavior, but is worth noting in case + we see a regression not caught by the CI system. +- mmsnmptrapd bugfix: potential misaddressing + This only occurred in situations when the system was totally out of memory. +- imkafka: fix potential small resource leak + If rdkafka handle cannot fully populated, cleanup is added. Previously, we + could leak a handle if e.g. no brokers were available. Note that this was + a cosmetic leak, as proper processing is not possible in any case and the + leak is once per listener, so not growing. But we now also ensure that + proper error reporting and handling is done in any case. Previously, we + may have some misleading error messages if the defunct kafka handle was + used. + closes https://github.com/rsyslog/rsyslog/issues/2084 +- imkafka bugfix: do not emit error message on regular state + This was misunderstood as an error state and could spam the system + log considerably. Regression from 8.31.0. +- omkafka: expose operational status to user where useful + omkafka emits many useful operational status messages only to the debug + log. After careful review, we have exposed many of these as user error + and warning message (ex: librdkafka queue full, so user knows why we + suspend the plugin temporarily). This may have made the module too + chatty. If so, one can always filter out messages via configuration. And + if we really went overboard, we can undo those parts with the next + release. So it's better to give a bit more than less, as this definitely + eases troubleshooting for users. + closes https://github.com/rsyslog/rsyslog/pull/2334 +- omkafka bugfix: potential message duplication + If a message that already failed in librdkafka was resubmitted and that + resubmit also failed, it got duplicated. +- omkafka: fix multithreading + omkafka has several issue if multiple worker instances are used. This commit + actually make the module use a single worker thread at max. Reasoning: + Librdkafka creates background threads itself. So omkafka basically needs to move + memory buffers over to librdkafka, which then does the heavy hauling. As such, we + think that it is best to run max one wrkr instance of omkafka -- otherwise we just + get additional locking (contention) overhead without any real gain. As such, + we use a global mutex for doAction which ensures only one worker can be active + at any given time. That mutex is also used to guard utility functions (like + tryResume) which may also be accessed by multiple workers in parallel. + Note: shall this method be changed, the kafka connection/suspension handling needs + to be refactored. The current code assumes that all workers share state information + including librdkafka handles. + closes https://github.com/rsyslog/rsyslog/issues/2313 +- omkafka bugfix: potential misaddressing + The failed message list is improperly cleaned. This is a regression + from recent commit 4eae19e089b5a83da679fe29398c6b2c10003793, which + was introduced in 8.31.0. + This problem is more likely to happen under heavy load or bad + connectivity, when the local librdkafka queue overruns or message + delivery times out. + closes https://github.com/rsyslog/rsyslog/issues/2184 + closes https://github.com/rsyslog/rsyslog/issues/2067 +- omkafka bugfix: build fails with older versions of librdkafka + closes https://github.com/rsyslog/rsyslog/issues/2168 +- omgssapi bugfix: fix compiler warnings with gcc-7 + closes https://github.com/rsyslog/rsyslog/issues/2097 +- dnscache bugfix: entries were cached based on IP AND port number + That hash key which is used to find out already cached dns entry gets + incorrectly computed from the whole sockaddr_storage + (sockaddr_in/sockaddr_in6) structure including a sin_port (which doesn't + have a static value) instead of only an address, thus creating redundant + dns cache entries/consuming more space. This lead to potentially high memory + usage and ineffectiveness of the case. It could be considered a memory leak. + Thanks to Martin Osvald for the patch. + see also: https://github.com/rsyslog/rsyslog/pull/2160 +- omkafka bugfix: fixed memory leak + a memory leak occurred when librdkafka communicated error/status information + to omkafka. this seems to happen relatively frequently, so this leak + could be pretty problematic. +- mmdblookup bugfix: replace thread-unsafe strtok() by thread-safe counterpart + Many thanks to Will Storey (github user @horgh) for mentioning this and + his phantastic help in debugging this rsyslog problem! +- pmnormalize bugfix: remove unsave "strcat" implementation +- rainerscript bugfix: ltrim() and rtrim function misaddressing + This could lead to a segfault and was triggered by certain input data + schemes. For example, a ltrim(" a") could lead to the fault. +- imklog bugfix: local host IP was hardcoded to 127.0.0.1 + This is now taken from the global localHostIP setting, which is used + consistent across all modules. + Also, the removed (2012?) directive $klogLocalIPIF has been added + again but directly marked as removed. That way, an informative error + message is generated if someone tries to use it. + closes https://github.com/rsyslog/rsyslog/issues/2276 +- cleanup: remove obsolete pre-KSI GuardTime signature interface + this is no longer functional starting Jan 2018 as it reached end of life + closes https://github.com/rsyslog/rsyslog/issues/2128 +- cleanup: obsolete definition SOL_TCP replaced by newer IPPROTO_TCP + this should not have any effect at all except better portability, but is + worth mentioning in the ChangeLog nevertheless. +- lookup tables: fixed undefined behavior detected by UBSan +- CI testing + - ARM (via Raspberry PI) added to CI system + - Debian 9 added to CI system + - omgssapi and usertools components are now also tested in Travis + - test coverage on BSD has been enhanced +------------------------------------------------------------------------------ +Version 8.31.0 [v8-stable] 2017-11-28 +- NEW BUILD DEPENDENCY: ommongodb now requires libmongo-c + instead of deprecated libmongo-client. +- remove systemd embedded code, use libsystemd instead + Since the early days rsyslog used the original systemd embedded + interface code. This version now uses libsystemd where available. + If we do not find libsystemd, we assume the system does not use + systemd, which is a safe assumption nowadays. This ensures we use the + fresh interface code and also removes bloat from our project. + closes https://github.com/rsyslog/rsyslog/issues/1933 +- mmanon: add support for IPv6 addresses with embedded IPv4 address + While this format is uncommon, it may still be present in logs and as + such should be supported. It is configurable via individual settings, + though. Especially the number of bits to anonymize may be desired to + be different than in pure IPv6. +- ommongodb: big refactoring, more or less a feature-enhanced rewrite + New features are : + * Handle TLS connection to mongodb + * Handle MongoDB Replicasets + * Added the 'ssl_ca' and 'ssl_cert' directives to configure tls connection + * Added 'uristr' directive to configure the connection uri in the form + of 'mongodb://...' + Now uses the official mongo-c-driver library instead of the deprecated + mongo-client library + Special thanks to Hugo Soszynski and Jérémie Jourdin for there hard work + to make this a reality! + See also: https://github.com/rsyslog/rsyslog/pull/1917 +- rainerscript: add parse_time() function + Thanks to Stephen Workman for implementing this. +- omelasticsearch: add LF to every elastic response for error file + error file content was written without LF after each message, making + it hard to work with and monitor. + Thanks to Yaroslav Bo for the patch. +- omelasticsearch: add pipeline support + supports static and dynamic ElasticSearch pipeline parameter. + closes https://github.com/rsyslog/rsyslog/issues/1411 + Thanks to github users scibi and WaeCo for the implementation. +- lmsig_ksi_ls12: support asynchronous mode of libksi +- omprog: added error handling and transaction support for external plugins + This permits much better integration of external output modules. + Special thanks to Joan Sala for providing this work! +- imzmq3/omzmq3: marked as deprecated, modules will be remove in v8.41 + see also: https://github.com/rsyslog/rsyslog/issues/2100 +- imzmq3/omzmq3: fixed build issues with gcc-7 +- core: emit error message on abnormal input thread termination + This indicates a serious issue of which the user should be notified. + Was not done so far and caused grief when troubleshooting issues. +- core: refactored locking for json variable access + refactored the method so that it consistent in all functions and easier + to follow. Most importantly, now an as simple as possible locking paradigm + of lock ... unlock within the function. Hopefully easier to understand + both for humans and static code analyzers. +- core: refactored creation of UDP sockets + was very old, hard to follow code; streamlined that a bit +- core/dnscache: refactor locking + keep a simple lock ... unlock scheme within the function. That is + easier to follow for both humans as well as static analyzers. + Also removes Coverity scan CID 185419 +- rainerscript: use crypto-grade random number generator for random() function + We now use /dev/urandom if available. If not, we fall back to the weak PRNG. +- imkafka: improve error reporting and cleanup refactoring +- imkafka bugfix: segfault if "broker" parameter is not specified + Now emits warning message instead and uses hardcoded default + (which usually matches where the kafka broker can be found). + fixes https://github.com/rsyslog/rsyslog/issues/2085 +- omkafka: improve error reporting +- omkafka: slight speedup do to refactoring of LIST class + double-linked list was used for temporarily undeliverable message tracking + where singly-linked list was sufficient. Changed that. +- TCP syslog: support SNI when connecting as a client + This is done if a hostname is configured and turned off if an IP is used. + Thanks to Art O Cathain for the patch. + see also https://github.com/rsyslog/rsyslog/pull/1393 +- msg variable bugfix: potential segfault on variable access + A segfault is likely to happen if during processing a variable with + more than one path component is accessed (e.g. $!path!var) and NO + variables oft hat kind (local, message, global) are defined at all. + closes https://github.com/rsyslog/rsyslog/issues/1920 +- ratelimiting bugfix: data race in Linux-like ratelimiter + access to the Linux-like ratelimiter was not properly synchronized, and + the system rate-limiter was not using it in any case. + This could lead to the rate-limit settings not being properly + respected, but no "hard error". +- core/template bugfix: potential NULL pointer access at config load + could happen if the config was loaded and the parameters could not properly + be processed. If so, this occurred only during the startup phase. + Detected by Coverity scan, CID 185318 +- core/json var subsystem bugfix: segfault in MsgSetPropsViaJSON + Invalid libfastjson API use lead to double-free. This was most importantly + triggered by mmexternal (but could potentially be triggered by other + uses as well) + closes https://github.com/rsyslog/rsyslog/issues/1822 +- core/wrkr threads bugfix: race condition + During e.g. shutdown it could happen that a worker thread was started + and immediately be requested to terminate. In such situations there was + a race the prevented proper initialization. This could lead to follow-on + problems. + We believe (but could not proof) that this also could lead to a hang of + the termination process. Thus we claim to close an issue tracker down + here below, but are not 100% certain it really closes it (we hope for + user feedback on this). In any case, the thread debugger showed invalid + operations and this has been fixed, so it is useful in any case. + closes https://github.com/rsyslog/rsyslog/issues/1959 +- core/wtp: potential hang during shutdown + when the wtp worker is cancelled in the final stage of shutting down + while the mutex is locked and there is one worker left, the system + will hang. The reason is that the cancelled thread could not free the + mutex that the other needs in order to shut down orderly. + Detected with clang thread sanitizer. +- omfwd bugfix: generate error message on connection failure +- imtcp bugfix: "streamdriver.mode" parameter could not be set to 0 +- imjournal bugfix: module was defunctional + The open function was broken by commit 92ac801, resulting in + no data being ever read from the journal. + patch bases on the idea of Radovan Sroka given here: + https://github.com/rsyslog/rsyslog/issues/1895#issuecomment-339017357 + but follows the current imjournal-paradigm of having the journal + handle inside a global variable. + see also https://github.com/rsyslog/rsyslog/issues/1895 + closes https://github.com/rsyslog/rsyslog/issues/1897 +- imjournal: refactor error handling, fix error messages + imjournal did not try to recover from errors and used the error state + returned by journal functions incorrectly, resulting in misleading + error messages. Fixed this and also increased the number of error + messages so that it now is easier to diagnose problems with this module. + Also a little bit of internal brush-up. + -mmdblookup bugfix: fix potential segfault due to threading issues + libmaxminddb seems to have issues when running under multiple threads. As + a first measure, we prevent mmdblookup now from running on more than one + thread concurrently. + see also: https://github.com/rsyslog/rsyslog/issues/1885#issuecomment-344882616 +- omelasticsearch bugfix: operational error messages not passed to user + This lead to sometimes hard to diagnose problem. Note that for obvious + reasons the amount of messages from omelasticsearch has increased; this + is not a sign of a problem in itself -- but it may reveal problems that + existed before and went unnoticed. Also note that too-verbose messages + can be filtered out via regular rsyslog methods (e.g. message discarding + based on content). +- omkafka bugfixes + * statistics counter maxoutqsize could not be reset + Thanks to github user flisky for the patch. + * potential hang condition + omkafka did not release a mutex under some error conditions (most + notably out of memory on specific alloc calls). This lead to a hang + during actively processing messages or during shutdown (at latest). + This could happen only if dynamic topics were configured. + Detected by Coverity Scan, CID 185781 (originally 185721, detected + as a different issue by Coverity after code refactoring done in regard + to 185721 -- then the problem became more obvious). + * file handle leak, which could occur when local buffering + of messages was needed + * invalid load of failedmsg file on startup if disabled + error "rsyslogd: omkafka: could not load failed messages from " + "file (null) error -2027 - failed messages will not be resend." + occurs because, despite `keepFailedMessages="off"` as a default, + omkafka still tries to check for and load a `(none)` file which + triggers an IO error of sorts according to the 2027 link above. + Obviously, it probably shouldn't try load the file if + `keepFailedMessages` is not enabled. + Thanks to github user JPvRiel for a very good error report and + analysis. + closes https://github.com/rsyslog/rsyslog/issues/1765 + * various config parameters did not work + These were not even recognized when used and lead to a config startup + error message: + ~ closeTimeout + ~ reopenOnHup + ~ resubmitOnFailure + ~ keepFailedMessages + ~ failedMsgFile + closes https://github.com/rsyslog/rsyslog/issues/2052 + * considerable memory leak + Whenever a message could (temporarily) not be delivered to kafka, + a non-trivial amount of memory was leaked. This could sum up to + quite a big memory leak. + fixes https://github.com/rsyslog/rsyslog/issues/1991 + * some small memory leaks fixed + most of them cosmetic or a few bytes statically (not growing as + omkafka was used) -- thus we do not mention each one explicitly. + For more details, see git commit log or this pull request: + https://github.com/rsyslog/rsyslog/pull/2051 +- kafka bugfix: problem on invalid kafka configuration values + omkafka ended up in an endless loop and high cpu. + imkafka tried to subscribe to a not connected kafka server. + closes https://github.com/rsyslog/rsyslog/issues/1806 +- [io]mgssapi: fix build problems (regression from 8.30.0) +- [io]czmq: fix build problems on some platforms (namely gcc 7, clang 5) +- tcpsrv bugfix: potential hang during shutdown +- queue bugfix: potential hang during shutdown +- queue bugfix: NULL pointer dereference during config processing + If the queue parameters were incorrectly given, a NULL pointer dereference + could happen during config parsing. Once post that stage, no problem could + occur. + Detected by Coverity scan, CID 185339 +- imczmq bugfix: segfault + happened in a call to + 371: zcert_destroy(&serverCert) called from rcvData(). + Thanks to ~achiketa Prachanda for the patch. +- imfile: some small performance enhancements + Thanks to Peter Portante for the patch +- omfile: handle file open error via SUSPEND mode + For a while, an open file error lead to suspension as the error was + not detected by the rule engine. This has changed with fixes + in 8.30.0. I asked users what they prefer (and expect) and + everyone meant it should still be handled via suspension. See + github tracker below for more details. + closes https://github.com/rsyslog/rsyslog/issues/1832 +- omfile bugfix: race during directory creation can lead to loop + There was a race where two threads were competing for directory creation + which could lead to none succeeding and a flood of error message like this + "error during config processing: omfile: creating parent directories for + file". This has been solved. + Thanks to Niko Kortström for the patch. +- imudp: improve error reporting + When udp listener cannot be created, an error message containing + the ip-address and port is put out. + closes https://github.com/rsyslog/rsyslog/issues/1899 +- omrelp bugfix: incorrect error handling + if librelp with TLS but without Authentication was included, librelp + did not emit the correct error message due to invalid error code + check. It also did not err-out but instead suspended itself. + Detected by Coverity scan, CID 185362 +- [io]mrelp bugfix: segfault on startup if configured cert not readable + When the certificate file specified in the omrelp/imrelp configuration + can't be accessed, e.g. because it doesn't exist or you don't have + permission to do so, a Segmentation Fault will appear when you start + Rsyslog. This commit fixes that problem. + closes https://github.com/rsyslog/rsyslog/issues/1869 +- mmanon fix: make build under gcc 7 + Thanks to William Dauchy for the patch +- mmpstrucdata bugfix: formatting error of ']' char + This was invalidly formatted as '"'. Thanks to github user + wu3396 for the error report including the patch idea. + closes https://github.com/rsyslog/rsyslog/issues/1826 +- mmexternalb bugfix: memory leak +- core/stats bugfix: memory leak if sender stats or tracking are enabled +- core bugfix: potential segfault during startup + A NULL pointer could be accessed if there was a problem with the + timezone parameters. Affects only startup, once started, no problem + existed. + Detected by Coverity scan; CID 185414 +- core bugfix: potential race in variable handling + Root of variable tree is accessed prior to locking access to it. + This introduces a race that may result in various kinds of + misaddressing. + Found while reviewing code, no bug report exists. +- core bugfix: potential segfault when shutting down rsyslog + when rulesets are nested a segfault can occur when shutting down + rsyslog. the reason is that rule sets are destructed in load order, + which means a "later" ruleset may still be active when an "earlier" + one was already destructed. In these cases, a "call" can invalidly + call into the earlier ruleset, which is destructed and so leads to + invalid memory access. If a segfault actually happens depends on the + OS, but it is highly probable. + The cure is to split the queue shutdown sequence. In a first step, + all worker threads are terminated and the queue set to enqOnly. + While some are terminated, it is still possible that the others + enqueue messages into the queue (which are then just placed into the + queue, not processed). After this happens, a call can no longer + be issued (as there are no more workers). So then we can destruct + the rulesets in any order. + closes https://github.com/rsyslog/rsyslog/issues/1122 +- core/action bugfix: potential misaddressing when processing hard errors + For batches that did fail in an output module, the rsyslog core + tries to find offending messages that generate hard (non-recoverable) + errors. During this process, the action templates for each message + are copied into a temporary buffer. That copy was invalidly sized, + actually copying only the first template string. As such, outputs + that requested more template strings AND had errors in batch submission + received uninitialized pointers. This could lead to all sorts of + problems. + see also https://github.com/rsyslog/rsyslog/issues/1885 + closes https://github.com/rsyslog/rsyslog/issues/1906 +- template object bugfix: NULL pointer access on invalid parameters + could happen only during startup + Detected by Coverity scan, CID 185376 +- omjournal bugfix: NULL pointer access on invalid parameters + could happen only during startup +- omelasticsearch bugfix: configured credentials not used during health check + Authentication credentials were not applied during health check, + permission to use unsigned CERTS was not applied to regular data post. + closes https://github.com/rsyslog/rsyslog/issues/1949 +- omelasticsearch bugfix: abort on unavailable ES server + Depending on the state of unavailability (libcurl return code), + omelasticsearch tries to process a NULL return message, what + leads to a segfault. + This fixes the problem and introduces better error handling and + better error messages. + see also https://github.com/rsyslog/rsyslog/issues/1885 +- omelasticsearch: fix memory leak and potential misaddressing + Commit 96b5fce introduced regressions, leading to potential misaddressing + and a very probable memory leak. This commit fixes the issues and + hardens the module to better detect some error cases in the + future. + It also adds valgrind-based testbench tests which ensure that no + pointer errors exist. If they had been in place, the regressions + would never have been undetected. + Note that commit 96b5fce was introduced in 8.23.0 on Nov, 15th 2016. + Many thanks to Yaroslav Bo for alerting me on the root problem and + providing a very good analysis and guidance. + see also https://github.com/rsyslog/rsyslog/issues/1906 + see also https://github.com/rsyslog/rsyslog/issues/1964 + closes https://github.com/rsyslog/rsyslog/issues/1962 +- omelasticsearch bugfix: output from libcurl to stdout + omelasticsearch made libcurl output messages to stdout. This + commit fixes that. It also automatically enables libcurl verbose + mode during debug runs - it needs to be seen if this is smart or + not (previously, code needed to be commented in). + closes https://github.com/rsyslog/rsyslog/issues/1909 +- iczmq bugfix: potential memory leak +- imptcp bugfix: potential misaddressing + When during a connection request the remote peer could not be + identified, imptcp could misaddress memory if it is configured + to emit messages on connection open. + Detected by clang 5.0 static analyzer. +- imptcp: potential buffer overflow + if the local hostname or IP is larger than NI_MAXHOST-1, an internal + buffer is overflowed. This is irrespective of any input data. + Detected by Coverity scan, CID 185390 +- core/nsd_gtls: fix potential uninitialized data access + could occur during certificate check + found by clang 5.0 static analyzer +- stats bugfix: potential program hang + due to missing unlock. This could only occur if pstats was set to + CEE-format logging (very uncommon) AND if the system runs out of + memory (in which case other things go pretty bad as well). + found by Coverity scan +- omfwd bugfix: memory leak if network namespaces are used + very seldom used feature, occurs only during error case + found by Coverity scan. +- core: potential misaddressing when accessing JSON properties + When a JSON property is accessed in template processing, memory may + have been misaddressed or a double-free may occur while obtaining the + property. + This was detected by a Coverity scan. +- gcry crypto provider bugfixes: potential misaddressing and memory leak + If the config parameters were invalid, a misaddressing could occur. If so, + this happens only during startup. + Also, a memory leak existed when the crypto provider errored out. This could + build up if it were used in frequently-changing dynafiles. This was + detected by Coverity scan, CID 185360. +- core/file stream object bugfix: memory leak + If a multiline read errored out, a line buffer could be leaked. + Detected by Coverity scan, CID 185328 +- imdiag bugfix: double mutex unlock when working with stats + Note: while this could potentially lead to a program hang, it affected + only testbench execution as imdiag is a testbench-only tool. + Detected by Coverity scan, CID 185348 and 185350 +- fixed several minor and cosmetic issues found by Coverity scan + including false positives. For details see "$ git log". All noteworthy + issues are separately mentioned in this ChangeLog. The ones not mentioned + are for example problems that can only occur during out of memory + conditions, under which it is extremely likely tha the rsyslog process + will be killed in any case +- testbench: + * added compile-check for [io]mgssapi, mmcount + * harden tests against hanging previous instances + * re-enable RELP tests on Solaris + * added basic test for imjournal + * added threading tests via valgrind's helgrind tool + * added valgrind test for kafka modules + * added capability to run elasticsearch tests with + a) different ElasticSearch versions + b) independently from OS-installed version + This also sets base to enable more elaborate ES tests + * further relaxed timing of dynstats tests, as they tend to create + false positives on slow machines +- CI: improved test coverage on FreeBSD +- Travis: clang static analyzer 5.0 now run over all source files +- build: make compile warning-free under gcc 7 +------------------------------------------------------------------------------ +Version 8.30.0 [v8-stable] 2017-10-17 +- NEW BUILD REQUIREMENTS + * libfastjson 0.99.7 is now mandatory + the new version is required to support case-insensitive variable + comparisons, which are now the default + * when building imjournal, libsystemd-journal >= 234 is now recommended + This is to support the imjournal enhancement. Note that it is possible + to build with lower version, but this will degrade imjournal functionality. +- CHANGE OF BEHAVIOR: all variables are now case-insensitive by default + Formerly, JSON based variables ($!, $., $/) were case-sensitive. + Turn old default back on: global(variables.casesensitive="on") + See ChangeLog entry below for more details. +- core: handle (JSON) variables in case-insensitive way + The variable system inside rsyslog is JSON based (for easy consumption + of JSON input, the prime source of structured data). In JSON, keys + ("variable names") are case-sensitive. This causes constant problems + inside rsyslog configurations. A major nit is that case-insensitivity + option inside templates (even if turned on) does not work with JSON + keys because they of inner workings*1. + It is much more natural to treat keys in a case-INsensitive way (e.g. + "$!Key" and "$!key" are the same). We do not expect any real problems + out of this, as key names only differing in case is highly unlikely. + However, as it is possible we provide a way to enable case-sensitivity + via the global(variables.casesensitive="on") global config object. + Note that the default is to do case-insensitive matches. The reason + is that this is the right thing to do in almost all cases, and we do + not envision any problems at all in existing deployments. + *1 Note: case-insensitivity in rsyslog is achieved by converting all + names to lower case. So that the higher speed of strcmp() can be used. + The template option does actually that, convert the template keys to + lower case. Unfortunately, this does not work with JSON, as JSON keys + are NOT converted to lower case. + closes https://github.com/rsyslog/rsyslog/issues/1805 +- imjournal: made switching to persistent journal in runtime possible + with this patch imjournal can continue logging after switch to + persistent journal without need to restart rsyslog service + Thanks to github user jvymazal for the patch +- mmanon: complete refactor and enhancements + - add pseudonymization mode + - add address randomization mode + - add support for IPv6 (this also supports various replacement modes) + closes https://github.com/rsyslog/rsyslog/issues/1614 + also fixes bugs + - in IPv4 address recognition + closes https://github.com/rsyslog/rsyslog/issues/1720 + - in IPv4 simple mode to-be-anonymized bits can get wrong + closes https://github.com/rsyslog/rsyslog/issues/1717 +- imfile: add "fileoffset" metadata + This permits to send the offset from which the message was read together + with the message text. + Thanks to github user derekjsonar for the initial implementation which + we extended to use the message start offset. +- RainerScript: add ltrim and rtrim functions + closes https://github.com/rsyslog/rsyslog/issues/1711 +- core: report module name when suspending action + Thanks to Orion Poplawski for the patch. +- core: add ability to limit number of error messages going to stderr + This permits to put a hard limit on the number of messages that can + go to stderr. If for nothing else, this capability is helpful for the + testbench. It permits to reduce spamming the test log while still + providing the ability to see initial error messages. Might also be + useful for some practical deployments. + global parameter: global(errorMessagesToStderr.maxNumber) +- tcpsrv subsystem: improve clarity of some error messages + operating system error message are added to some messages, providing + better advise of what actually is the error cause +- imptcp: include module name in error msg +- imtcp: include module name in error msg +- tls improvement: better error message if certificate file cannot be read +- omfwd: slightly improved error messages during config parsing + They now contain config file/line number information where this was missing. +- ommysql improvements + * Return specific code for unrecoverable errors. This makes retry processing + more performant and robust. + * error messages improved + * Update to utilize native v8 transactional interface. Previously, it used + the v7 interface with v8 emulation. + * treat server and client-generated messages differently + Server-generated error messages are considered non-recoverable, while + client generated once point into connection problems (which simply can + be retried). This is part of the improvements towards better + message-induced errors. Previous commits did only handle SQL parsing + errors, now we aim to address all of the message-induced error. We assume + that all server-generated errors are such - mysql API unfortunately does + not provide a clear indication of what type if error this is and it is + out of question to check for hundreds of error codes. + closes https://github.com/rsyslog/rsyslog/issues/1830 +- ommysql bugfix: do not duplicate entries on failed transaction + If a multi-message batch contains data errors, messages may be + duplicated as connection close is implicit commit (not rollback). + This patch introduces a specific rollback request in those cases. + closes https://github.com/rsyslog/rsyslog/issues/1829 +- imtcp bugfix: parameter priorityString was ignored + defaults were always used +- template/bugfix: invalid template option conflict detection + This prevented "option.casesensitive" to be used with the SQL and JSON + options. +- core/actions: fix handling of data-induced errors + Rsyslog core should try to detect data-induced (unrecoverable) errors + during action processing. An example of such is invalid SQL statements. + If the action returns a data error, rsyslog shall retry individual + messages from a batch in an effort to log those without errors. The others + shall be dropped. + This logic was temporarily disabled after the switch to the new v8 + transaction interface. Now this bug is fixed and the testbench has been + amended to detect problems in the future. + closes https://github.com/rsyslog/rsyslog/issues/974 +- core/action bugfix: no "action suspended" message during retry processing + The action engine does not emit "action suspended" messages but "resumed" + ones in retry processing. This is wrong, as they are a strong indication + that something does not work correctly. Nevertheless, "resumed" messages + were emitted, which was very puzzling for the user. + This patch fixes it so that "suspend" messages are given during retry + processing. These do not contain a retry timestamp, providing evidence + that a retry is currently being tried. + closes https://github.com/rsyslog/rsyslog/issues/1069 +- core/ratelimit bugfix: race can lead to segfault + There was a race in iminternalAddMsg(), where the mutex is + released and after that the passed message object is accessed. + If the mainloop iterates in between, the msg may have already + been deleted by this time, resulting in a segfault. + Most importantly, there is no need to release the mutex lock + early, as suggested by current code. Inside mainloop the mutex + is acquired when it is time to do so, so at worst we'll have a + very slight wait there (which really does not matter at all). + This only happens if a large number of internal messages are emitted. + closes https://github.com/rsyslog/rsyslog/issues/1828 +- core bugfix: rsyslog aborts if errmsg is generated in early startup + Note that the segfault can occur only during early startup. Once + rsyslog has started, everything works reliably. This condition can + especially be triggered by specifying invalid TLS default certificates. + closes https://github.com/rsyslog/rsyslog/issues/1783 + closes https://github.com/rsyslog/rsyslog/issues/1786 +- core bugfix: informational messages was logged with error severity + When the main loop reaped a child process (a normal action), this was + reported as an error. This caused user confusion. Now it is reported as + an informational message. +- core bugfix: --enable-debugless build was broken + This was a regression from the v8.29.0 debug enhancements + Thanks to Stephen Workman for the patch. +- queue bugfix: file write error message was incorrect + when a queue was restarted from disk file, it almost always + emitted a message claiming + "file opened for non-append write, but already contains xxx bytes" + This message was wrong and did not indicate a real error condition. + The predicate check was incorrect. + closes https://github.com/rsyslog/rsyslog/issues/170 (kind of) +- omrelp bugfix: segfault when rebindinterval parameter is used +- imudp bugfix: UDP oversize message not properly handled + When a message larger than supported by the UDP stack is to be sent, + EMSGSIZE is returned, but not specifically handled. That in turn + will lead to action suspension. However, this does not make sense + because messages over the UDP max message size simply cannot be sent. + closes https://github.com/rsyslog/rsyslog/issues/1654 +- core bugfix: memory corruption during configuration parsing + when omfwd is used with the $streamdriverpermittedpeers legacy + parameter, a memory corruption can occur. This depends on the + length of the provided strings and probably the malloc subsystem. + Once config parsing succeeds, no problem can happen. + Thanks to Brent Douglas for initially reporting this issue and + providing great analysis. + Thanks to github user bwdoll for analyzing this bug and providing + a suggested fix (which is almost what this commit includes). + closes https://github.com/rsyslog/rsyslog/issues/1408 + closes https://github.com/rsyslog/rsyslog/issues/1474 +- core bugfix: race on worker thread termination during shutdown + The testbench got some occasionally failing tests. Review of + them brought up the idea that there is a race during worker + threat termination. Further investigation showed that this + might be a long-standing issue, but so far did not really + surface as the timing was almost always correct. However, + with the new functionality to emit a message on worker + shutdown (v8.29), the timing got more complex and now this + seemed to occasionally surface. + closes https://github.com/rsyslog/rsyslog/issues/1754 +- omelasticsearch: avoid ES5 warnings while sending json in bulkmode + do this by adding proper content type header to ES request + Thanks to William Dauchy for the patch +- omelasticsearch bugfix: incompatibility with newer ElasticSearch version + ElasticSearch changed its API in newer versions. When "bulkmode" is enabled + in omelasticsearch, rsyslog seems to consider all responses from Elasticsearch + as errors, even the successful ones. As a consequence, every single request + ends up being logged into the error file. + closes https://github.com/rsyslog/rsyslog/issues/1731 + Thanks to Vincent Quéméner for the patch. +- imptcp bugfix: invalid mutex addressing on some platforms + code did not compile on platforms without atomic instructions + Thanks to github user petiepooo for the patch +- imptcp bugfix: do not accept missing port in legacy listener definition + If legacy listener definition was used, a missing port was accepted during + the config read phase but errored out upon listener activation. This now + errors out directly when processing the config directive. +------------------------------------------------------------------------------ +Version 8.29.0 [v8-stable] 2017-08-08 +- imptcp: add experimental parameter "multiline" + This enables a heuristic to support multiline messages on raw tcp syslog + connections. +- imptcp: framing-related error messages now also indicate remote peer + This is the case e.g. for oversize messages. +- imtcp: framing-related error messages now also indicate remote peer + This is the case e.g. for oversize messages. +- imptcp: add session statistics counter + - session.opened + - session.openfailed + - session.closed +- imtcp: add ability to specify GnuTLS priority string + This permits to set cipher details on a very low level. +- impstats: add new resource counter "openfiles" +- pmnormalize: new parser module + Parser module that uses liblognorm to parse incoming messages. +- core/queue: provide informational messages on thread startup and shutdown + This provides better insight into operational state of rsyslog and is useful + in monitoring system health. Note that this causes the emission of messages + not previously seen. They are of syslog.informational priority. +- omfwd/udp: improve error reporting, deprecate maxerrormessages parameter + Generally improved udp-related error messages (e.g. they now contain the + socket number, which makes it easier to related them to errors reported by + net.c subsystem). + We also deprecated (removed) the "maxerrormessages" configuration parameters. + It provided some very rough rate-limiting capabilities and was introduced + before we had native rate-limiters. The default was that only the first 5 + error messages were actually reported. For long-running instances, that + meant that in many cases no errors were ever reported. We now use the default + internal message rate limiter, which works far better and ensures that also + long-running instances will be able to emit error messages after prolonged + runtime. In contrast, this also means that users will see more error + messages from rsyslog, but that should actually improve the end user + experience. +- core: add parameters debug.file and debug.whitelist + allows one to generate debug log output only of specific files + Background information available at: + https://www.linkedin.com/pulse/improving-rsyslog-debug-output-jan-gerhards +- core/net.c: improve UDP socket creation error messages +- omfwd/udp: add "udp.sendbuf" parameter +- core: make rsyslog internal message rate-limiter configurable + New parameters "internalmsg.ratelimit.interval" and "internalmsg.ratelimit.burst" + have been added. +- omelasticsearch bugfixes and changed ES5 API support: + * avoid 404 during health check + Omelasticsearch responds differently to HTTP HEAD and GET requests and + returns correct state only on GET requests. This patch works around + that ES bug and always does a GET request even when technically a HEAD + request would be sufficient. + * avoid ES5 warnings while sending json + ES5 is generating warnings when sending json without the proper header: + $ curl -i -H "Content-Type: text/json" -XGET 'http://elasticsearch5:9200/' \ + -d '{}\n' + HTTP/1.1 200 OK + Warning: 299 Elasticsearch-5.4.3-eed30a8 "Content type detection for rest + requests is deprecated. Specify the content type using the [Content-Type] + header." "Wed, 26 Jul 2017 14:33:28 GMT" + no issue on previous version. + Now, the header is set as application/json. It works for all versions + (tested on ES2 and ES5) we also handle the bulkmode where it should be + set to application/x-ndjson + closes https://github.com/rsyslog/rsyslog/issues/1546 + * bugfix for memory leak while writing error file + Thanks to William Dauchy for providing the patches +- imfile bugfix: wildcard detection issue on path wildcards + Wildcards mode was not properly detected when wildcards + were only used in a directory name on startup. + This caused imfile not to create a proper dynamic filewatch. + closes: https://github.com/rsyslog/rsyslog/issues/1672 +- omfwd bugfix: always give reason for suspension + In many cases, no error message were emitted when omfwd + went into action suspension, which was confusing for end + users. This patch enables explicit error messages in all + those cases. + closes https://github.com/rsyslog/rsyslog/issues/782 +- omfwd bugfix: configured compression level was not properly used + Thanks to Harshvardhan Shrivastava for the patch. +- imptcp bugfix: potential socket leak on session shutdown + imptcp first tries to remove a to-be-shut-down socket from the + epoll set, and errors out if that does not work. In that case, the + underlying socket will be leaked. + This patch refactors the code; most importantly, it is not necessary + to remove the socket from the epoll set, as this happens automatically + on close. As such, we simply remove that part of the code, which + also removes the root cause of the socket leak. +- omfwd/omudpspoof bugfix: switch udp client sockets to nonblocking mode + On very busy systems, we see "udp send error 11" inside the logs, and the requesting + action is being suspended (and later resumed). During the suspension period (in + default configuration), messages are lost. Error 11 translates to EAGAIN and the + cause of this problem is that the system is running out of UDP buffer space. This + can happen on very busy systems (with busy networks). + It is not an error per se. Doing a short wait will resolve the issue. The real root + cause of the issue is that omfwd uses a nonblocking socket for sending. If it were + blocking, the OS would block until the situation is resolved. The need for a + non-blocking sockets is a purely historical one. In the days of single-threaded + processing (pre v3), everything needed to be done by multiplexing, and blocking was + not permitted. Since then, the engine has dramatically changed. Actions now run on + their own thread(s). As such, there is no longer a hard need to use non-blocking i/o + for sending data. Many other output plugins also do blocking wait (e.g. omelasticsearch). + As such, the real root cause of the trouble is unnecessarily using non-blocking mode, + and consequently the right solution is to change that. + Note that using blocking i/o might change some timing inside rsyslog, especially + during shutdown. So theoretical there is regression potential in that area. However, + the core is designed to handle that situation (e.g. there is special shutdown code to + handle the blocking case), so this does not stand against the "proper" solution. + This patch applies the change on the rsyslog core level, within net.c. The only + users of the changed functionality are omfwd and omudpspoof. Imudp is unaffected as + it requests server sockets. + Note that according to the sendto() man page, there is a second cause for the EAGAIN + error, this is when the system temporarily runs out of ephemeral ports. It is not + 100% clear if this can also happen in the blocking case. However, if so, we can argue + this is a case where we really want the default retry logic. So for the time being, + it is appropriate to not handle EAGAIN in a special case any longer. + closes https://github.com/rsyslog/rsyslog/issues/1665 +- imklog: fix permitnonkernelfacility not working +- impstats bugfix: impstats does not handle HUP + If the parameter "log.file" is specified, impstats writes its own + log file. However, HUP is not handled for this file, which makes + the functionality unusable with log rotation. It is also counter- + intuitive for users. + This patch enables correct HUP processing. As a sideline, it also + introduces a generic HUP processing framework for non-action type + of loadable modules. + closes https://github.com/rsyslog/rsyslog/issues/1662 + closes https://github.com/rsyslog/rsyslog/issues/1663 +- core bugfix: segfault after configuration errors +- core/queue bugfixes: + * Fix behavior of PersistStateInterval + If PersistStateInterval=1, then each log line read should cause the state file + to be updated, but this was not happening because nRecords was being post-increment. + Thanks to Anthony Howe for the patch. + * potential problem during deserialization + if queue object deserialization fails, invalid memory blocks might be + free'ed. + For more information see https://github.com/rsyslog/rsyslog/pull/1647 + Thanks to Derek Smith for the patch. +- core bugfix: message garbled after message modification + The MsgDup() function will return a garbled message object under these + conditions: The message was originally created with message length equal or + larger to CONF_RAWMSG_BUFSIZE. This makes rsyslog store the message in + dynamically allocated buffer space. Then, a component reduces the message + size to a size lower than CONGF_RAWMSG_BUFSIZE. A frequent sample is the + parser removing a known-bad LF at the end of the messages. Then, MsgDup is + executed. It checks the message size and finds that it is below + CONF_RAWMSG_BUFSIZE, which make it copy the msg object internal buffer + instead of the dynamically allocated one. That buffer was not written to in + the first place, so uninitialized data is copied. Note that no segfault can + happen, as the copied location was properly allocated, just not used in + this processing flow. In the end result, the new message object contains + garbage data. Whenever the new object is used (e.g. in a async ruleset or + action) that garbage will be used. Whenever the old object is accessed, + correct data will be used. Both types of access can happen inside the + same processing flow, which makes the problem appear to be random. + closes https://github.com/rsyslog/rsyslog/issues/1658 +- lmsig_ksi: removed pre-KSI_LS12 components + As of GuardTime, the provider, these no longer work due to backend + changes. The lmsig_ksi_ls12 module shall be used instead. This is + available since 8.27.0. +- testbench bugfix: hang in tests if omstdout is not present + Many tests depend on omstdout. Given the fact that omstdout + is really only useful for the testbench (at least that's the intent), + we now require --enable-omstdout if --enable-testbench is given. + The alternative would have been to disable all those tests that + need it, which would have lead to considerable less testbench + coverage. + closes https://github.com/rsyslog/rsyslog/issues/1649 +------------------------------------------------------------------------------ +Version 8.28.0 [v8-stable] 2017-06-27 +- NEW BUILD REQUIREMENT: librelp 1.2.14 (to build relp components) + This was necessary because imrelp requires an API introduced in 1.2.14. +- omfwd: add parameter "tcp_frameDelimiter" +- omkafka: large refactor of kafka subsystem + This offers improvements and greatly increases reliability. + Closes https://github.com/rsyslog/rsyslog/issues/1559 + Closes https://github.com/rsyslog/rsyslog/issues/1584 + Closes https://github.com/rsyslog/rsyslog/issues/1515 + Closes https://github.com/rsyslog/rsyslog/issues/1052 + May fix https://github.com/rsyslog/rsyslog/issues/1230 +- imfile: improved handling of atomically renamed file (w/ wildcards) + if a file is atomically renamed, the state file is also being renamed, + so processing continues as if the original name were kept. + see also: https://github.com/rsyslog/rsyslog/issues/1417 +- imfile: add capability to truncate oversize messages or split into multiple + also in this case an error message is emitted. Both of these actions are + configurable. This also solves memory issues when an endregex does not + match for prolonged time. In that case, large parts of the file were + previously buffered, which could cause big problems in case e.g. the + endregex was simply wrong and never matched. For the later, see also + https://github.com/rsyslog/rsyslog/issues/1552 +- mmdblookup + * upgraded from "contrib" to "fully supported" state + * refactored and simplified code + * added ability to specify custom names for extracted fields + * added ability to specify container name for extracted fields + * bugfix: fixed multiple memory leaks +- imptcp: add new parameter "flowControl" +- imrelp: add "maxDataSize" config parameter + Thanks to Nathan Brown for the patch. +- multiple modules: gtls: improve error if certificate file can't be opened +- omsnare: allow different tab escapes + Thanks to Shane P. Lawrence for the patch. +- omelasticsearch: converted to use libfastjson instead of json-c + json-c was used for historical purposes, and it's source included + within the rsyslog source tree. We now use libfastjson inside all + components. +- imjournal: _PID fallback + * added fallback for _PID property when SYSLOG_PID is not available + * introduced new option "usepid" which sets which property should + rsyslog use, it has 3 states system|syslog|both, default is both + * deprecated "usepidfromsystem" option, still can be used + and override the "usepid" + * it is possible to revert previous default with usepid="syslog" + Thanks to Radovan Sroka for the patch +- multiple modules: add better error messages when regcomp is failing +- omhiredis: fix build warnings + Thanks to Brian Knox for the fix. +- imfile bugfix: files mv-ed in into directory were not handled + Thanks to Zachary M. Zhao for the patch. + see also https://github.com/rsyslog/rsyslog/issues/1588 +- omprog bugfix: execve() incorrectly called + this caused failures on some but not all platforms + Thanks to 張君天(Chun-Tien Chang) and Matthew Seaman for the patch. +- imfile bugfix: multiline timeout did not work if state file exists + The timeout feature for multiline reads does not correctly work for + files for which a state file existed. This is usually the case for files + that had been processed by a previous run and that still exist on the + new start. For all other files, especially those monitored by a + wildcard and newly created after the rsyslog start, timeout worked as + expected. + closes https://github.com/rsyslog/rsyslog/issues/1445 +- lmsig_ksi-ls12 bugfix: build problems on some platforms +- core bugfix: invalid object type assertion + This lead to aborts due to failing assertion. Note that this could only + happen during debugging runs which includes runtime instrumentation, + something that never should be done in a stable production build. + So this did not affect ordinary users, only developers in with + deep debugging settings. +- regression fix: local hostname was not always detected properly... + ... on early start (w/o network). Introduced in 8.27.0. + Thanks to github user jvymazal for the patch and whissi for + reporting and helping with the analysis. +- bugfix: format security issues in zmq3 modules + see also: https://github.com/rsyslog/rsyslog/pull/1565 + Thanks to Thomas D. (whissi) for the patch. +- bugfix build system: add libksi only to those binaries that need it + Thanks to Allan Park for the patch. +- bugfix KSI ls12 components: invalid tree height calculation + Thanks to Allan Park for the patch. +- testbench/CI enhancements + * re-enable and add kafka tests + Kafka tests were disabled in 8.27.0 (a regression from imkafka). + * better testbench coverage for mmdblookup + * lmsig_ksi-ls12 is now being built at least on Centos7 +------------------------------------------------------------------------------ +Version 8.27.0 [v8-stable] 2017-05-16 +- imkafka: add module +- imptcp enhancements: + * optionally emit an error message if incoming messages are truncated + * optionally emit connection tracking message (on connection create and + close) + * add "maxFrameSize" parameter to specify the maximum size permitted + in octet-counted mode + * add parameter "discardTruncatedMsg" to permit truncation of + oversize messages + * improve octect-counted mode detection: if the octet count is larger + then the set frame size (or overly large in general), it is now + assumed that octet-stuffing mode is used. This probably solves a + number of issues seen in real deployments. +- imtcp enhancements: + * add parameter "discardTruncatedMsg" to permit truncation of + oversize messages + * add "maxFrameSize" parameter to specify the maximum size permitted + in octet-counted mode +- imfile bugfix: "file not found error" repeatedly being reported + for configured non-existing file. In polling mode, this message + appeared once in each polling cycle, causing a potentially very large + amount of error messages. Note that they were usually emitted too + infrequently to trigger the error message rate limiter, albeit often + enough to be a major annoyance. +- imfile: in inotify mode, add error message if configured file cannot + be found +- imfile: add parameter "fileNotFoundError" to optionally disable + "file not found" error messages +- core: replaced gethostbyname() with getaddrinfo() call + Gethostbyname() is generally considered obsolete, is not reentrant and + cannot really work with IPv6. Changed the only place in rsyslog where + this call remained. + Thanks to github user jvymazal for the patch +- omkafka: add "origin" field to stats output + See also https://github.com/rsyslog/rsyslog/issues/1508 + Thanks to Yury Bushmelev for providing the patch. +- imuxsock: rate-limiting also uses process name + both for the actual limit processing as well as warning messages emitted + see also https://github.com/rsyslog/rsyslog/pull/1520 + Thanks to github user jvymazal for the patch +- Added new module: KSI log signing ver. 1.2 (lmsig_ksi_ls12) +- rsyslog base functionality now builds on osx (Mac) + Thanks to github user hdatma for his help in getting this done. +- build now works on solaris again +- imfile: fix cross-platform build issue + see also https://github.com/rsyslog/rsyslog/issues/1494 + Thanks to Felix Janda for bug report and solution suggestion. +- bugfix core: segfault when no parser could parse message + This could happen if the default parser chain was changed and the + RFC3164 parser was not included. Never seen in practice, just by + experimenting in lab. +- bugfix core: rate-limit internal messages when going to external log system + Rate-limiting was only applied to messages processed internally. + While the external logging system probably also applies rate-limiting, + it would be preferable that rsyslog applies the same policies on + internal messages, no matter where they go. This is now the case. +- bugfix core: when obtaining local hostname, a NULL pointer could be + accessed. This depends on many factors, among them that no local host + name is configured in rsyslog.conf AND the local system configuration + also is set to an empty hostname. + Thanks to github user jvymazal for the patch. +- bugfix core: on shutdown, stderr was written to, even if already closed + This lead to messages going to whatever was associated with file + descriptor two. + Thanks to Allan Park for the patch. +- bugfix core: perform MainqObj destruction only when not NULL already + This affects the config object; in theory may lead to misaddressing during + config parsing. + Thanks to github user jvymazal for the patch +- bugfix core: memory leak when internal messages not processed internally + In this case, the message object is not destructed, resulting in + a memory leak. Usually, this is no problem due to the low number + of internal message, but it can become an issue if a large number + of messages is emitted. + closes https://github.com/rsyslog/rsyslog/issues/1548 + closes https://github.com/rsyslog/rsyslog/issues/1531 +- bugfix imptcp: potential overflow in octet count computation + when a very large octet count was specified, the counter could overflow +------------------------------------------------------------------------------ +Version 8.26.0 [v8-stable] 2017-04-04 +- NEW BUILD REQUIREMENT: liblognorm 2.0.3 is required for mmnormalize + If mmnormalize is not built, the build requirements are unchanged. + The new version is necessary because it contains an enhanced API for a + new mmnormalize feature. +- enable internal error messages at all times + This is an important change to the design of the rsyslog core internal + error message system. Previous code could deadlock if internal messages were + issued inside queue processing code, which effectively limited error-reporting + capabilities. This change makes it possible to call error messages from any + part of the code at any time. + As a side-effect, this also fixes an issue where rsyslog could deadlock if + imuxsock submited messages to the system log socket when that socket blocked. + This was a rare race, albeit consistently reproducible and also seen in + practice. The work-around for this issue was to set + global(processInternalMessages="on") + in rsyslog.conf. With the new code, this race can never happen again. The new + code also sets stage for emitting better error messages, especially in places + where we previously refrained from doing so and messages went only to the + debug log. For some file output and queue subsystem related messages, this + is already done, but there is still further work required. + Note well: this is a redesign of an important core component. While intensely + tested, this may still have some larger regression potential than usual code + changes. +- core: added logging name of source of rate-limited messages + This adds the name to the rate-limiting message itself, making it easier + to identify the actual source of "spam" messages. + Thanks to github user jvymazal for the patch. +- omfwd: omfwd: add support for network namespaces + Thanks to Bastian Stender for the patch. +- imrelp: honor input name if provided when submitting to impstats + Thanks to Jon Henry for the patch. +- imptcp: add ability to set owner/group/access perms for uds + Thanks to Nathan Brown for implementing this feature. +- mmnormalize: add ability to load a rulebase from action() parameter + This is especially useful for small rulebases, as it avoids having + a separate rulebase file. + closes https://github.com/rsyslog/rsyslog/issues/625 +- pmrfc3164 improvements + - permit to ignore leading space in MSG + - permit to use at-sign in host names + - permit to require tag to end in colon + Thanks to github user bdolez for the contribution +- add new global parameter "umask" + This is equivalent to "$umask" and permits to convert that construct + to new-style config format. + closes https://github.com/rsyslog/rsyslog/issues/1382 +- core: make use of -T command line option more secure + When the -T option is used, a chdir is now done right after chroot. It must + be noted, though, that -T is a testing option and has no intent to provide + real security. So this change does not mean it actually is sufficiently + secure. + Thanks to github user jvymazal for the patch. +- omfile: add error if both file and dynafile are set +- bugfix: build problem on MacOS (not a supported platform) + Thanks to FX Coudert for the fix. +- regression fix: in 8.25, str2num() returned error on empty string + past behavior was to return 0 in this case; past behavior was reinstantiated + Thanks to github user jvymazal for the patch. +- bugfix omsnmp: improper handling of new-style configuration parameters + Thanks to Radovan Sroka for the patch. +- bugfix: rsyslog identifies itself as "liblogging-stdlog" in internal messages + This occurred when liblogging-stdlog was used, and was used by default (without + explicit configuration). This is a regression of the new default, which does + not correctly call stdlog_open() in the default case. + closes https://github.com/rsyslog/rsyslog/issues/1442 +- bugfix imfile: wrong files were monitored when using multiple imfile inputs + The bug was introduced by the changes for the multilevel wildcard feature + in 8.25.0. We have to handle FileCreate events different if the directory + watch is configured or added dynamically. + closes https://github.com/rsyslog/rsyslog/issues/1452 +- bugfix: setting net.aclResolveHostname/net.acladdhostnameonfail segfaults + When compiling using hardened gcc (gentoo), specifying net.aclResolveHostname + or net.acladdhostnameonfail results in rsyslogd segfaulting on startup. + Thanks to Radovan Sroka for the patch. +- bugfix: immark emitted error messages with text "imuxsock" + Thanks to Chris Pilkington for the patch. +- bugfix tcpflood: build failed if RELP was disabled +- fix gcc6 compiler warnings + This also fixes a small bug with incorrectly working deprecated -u + command line option. + Thanks to Nikola Pajkovsky for the patch. +- the output module array passing interface has been removed + It wasn't functional since the v8 update, and the only user was omoracle, + which is a contributed module that is no longer maintained. So we + removed that interface to streamline the code. Should it ever be needed + again, we could check the 8.25 code base. Note, though, that that code + still needs to be adjusted to the v8 engine. +- testbench: + * tcpflood now automatically enters silent mode during Travis CI testing + This reduces testbench output, which is limited under Travis. + * the libqpid-proton package is no longer available for Ubuntu trusty. As + such, we disabled its use in Travis on this platform. Right now, this + means omamqp1 module is no longer tested on trusty. +------------------------------------------------------------------------------ +Version 8.25.0 [v8-stable] 2017-02-21 +- imfile: add support for wildcards in directory names + This now permits to monitor newly created directories without altering + the configuration. +- add new global option "parser.PermitSlashInProgramname" +- mmdblookup: fix build issues, code cleanup + Thanks to Dan Molik for the patch. +- improved debug output for queue corruption cases +- an error message is now displayed when a directory owner cannot be set + This mostly happens with omfile and dynafile. The new messages + facilitates troubleshooting. +- rainerscript: + * add new function ipv42num + * add new function num2ipv4 +- bugfix: ratelimiter does not work correctly is time is set back + Thanks to github user hese10 for the patch. + see also https://github.com/rsyslog/rsyslog/issues/1354 +- core: fix potential message loss in old-style transactional interface + This was experienced for example by omrelp. Could loose one message per + broken connection, iff that message did not make it to the unacked list. +- bugfix queue subsystem: queue corrupted if certain msg props are used + The core issues was in the msg object deserializer, which had the wrong + deserialization sequence. That in turn lead to queue corruption issues. + Corruption of disk queue (or disk part of DA queue) always happens if + the "json" property (message variables) is present and "structured-data" + property is also present. This causes rsyslog to serialize to the + queue in wrong property sequence, which will lead to error -2308 on + deserialization. + Seems to be a long-standing bug. Depending on version used, some or + all messages in disk queue may be lost. + closes https://github.com/rsyslog/rsyslog/issues/1404 +- bugfix imjournal: fixed situation when time goes backwards + This is resolving the situation when system is after reboot and + boot_id doesn't match so cursor pointing into "future". + Usually sd_journal_next jump to head of journal due to journal + approximation, but when system time goes backwards and cursor is + still invalid, rsyslog stops logging. + We use sd_journal_get_cursor to validate our cursor. + When cursor is invalid we are trying to jump to the head of journal + This problem with time should not affect persistent journal, + but if cursor has been intentionally compromised it could stop + logging even with persistent journal. +- bugfix: bFlushOnTxEnd == 0 not honored when writing w/o async writer + If bFlushOnTXEnd is set, we need to flush on transaction end - in + any case. It is not relevant if this is using background writes + (which then become pretty slow) or not. And, similarly, no flush + happens when it is not set. + see also https://github.com/rsyslog/rsyslog/issues/1297 +- bugfix core: str2num mishandling empty strings + If str2num() receives an empty string, misaddressing happens. + This theoretically can lead to a segfault if a RainerScript function + is used inside the configuration which calls code that could trigger + this bug. + closes https://github.com/rsyslog/rsyslog/issues/1412 +- bugfix rainerscript: set/unset statement do not check variable name validity + Only JSON-based variables can be use with set and unset. Unfortunately, + this restriction is not checked. If an invalid variable is given + (e.g. $invalid), this is not detected upon config processing on + startup. During execution phase, this can lead to a segfault, a + memory leak or other types of problems. + Thanks to github user mostolog for reporting and helping to analyze + this issue. + see also https://github.com/rsyslog/rsyslog/issues/1376 + closes https://github.com/rsyslog/rsyslog/issues/1377 +- bugfix mmrm1stspace: last character of rawmsg property was doubled +- bugfix: rsyslog loops on freebsd when trying to write /dev/console + Rsyslog 8.23.0 loops on FreeBSD when trying to access a (now revoked) + /dev/console file descriptor, as per Alexandre's original bug report [1]. + The original patch fixes the problem when tryTTYRecover() sees errno 6 ENXIO. + Running FreeBSD 10-stable here and getting errno 5 EIO, same as Xavier gets + in his 2016 bug report [2]. + New patch [3] includes errno 5 to tryTTYRecover() in runtime/stream.c and + fixes the problem for me, on multiple machines. + [1] https://github.com/rsyslog/rsyslog/issues/371 + [2] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211033 + [3] https://bz-attachments.freebsd.org/attachment.cgi?id=178452 + closes https://github.com/rsyslog/rsyslog/issues/1351 + Thanks to Damien Fleuriot for the patch. +- bugfix imtcp: fix very small (cosmetic) memory leak + For each listener, the name of an assigned ruleset is not freed. This + is cosmetic, because it is a very small static leak AND it needs to + be kept until end of run anyways (and at end of run the OS frees it). + However, the leak breaks memleak checks in the testbench. +- fix build issues on some platforms (detected on newer Fedora) +------------------------------------------------------------------------------ +Version 8.24.0 [v8-stable] 2017-01-10 +- rsyslog now builds on AIX + see also: https://github.com/rsyslog/rsyslog/pull/1247 + Thanks to github user purnimam1 and the team at IBM + Note: the rsyslog project has no AIX platform to ensure that future versions + will remain buildable on AIX. If you would like to contribute resources, + please contact the rsyslog team. +- mmdblookup: new maxminddb lookup message modify plugin + Thanks to 饶琛琳 (github user chenryn) for the contribution +- mmrm1stspace: new module; removes first space in MSG if present +- KSI signature provider: file permissions can now be specified + This happens via parameters equal to those used by omfile itself. + Note that KSI files can have different permissions/owner than the log + files themself. + Thanks to Allan Park for the patch. +- omzmq: new features + Thanks to Brian Knox for the patch. +- change: when the hostname is empty, we now use "localhost-empty-hostname" + In 8.23.0, "localhost" was used in this case, but that could be misleading. + The new name makes the error condition (gethostname() should always return + a non-empty name) more obvious. +- omelasticsearch: remove "asyncrepl" config parameter + The _bulk index endpoint on ElasticSearch 5.0 no longer + ignores the ?replication=async query parameter. It was deprecated + since 1.5 and silently ignored in 2.x but passing it to a 5.x + instance breaks omelasticsearch with a 400 response. + closes https://github.com/rsyslog/rsyslog/issues/1250 +- omfwd: Add support for bind-to-device (see below on same for imudp) +- imudp: Add support for bind-to-device + Add support for bind-to-device option to omfwd and imudp modules. + Configured using device="name". Only new syntax format is supported. + e.g., + input(type="imudp" port=["10514"] device="eth0" name="udp") + Action(type="omfwd" Target="192.168.1.23" Port="10514" Device="eth0") + see also https://github.com/rsyslog/rsyslog/pull/1261 + Thanks to David Ahern for the patch. +- imudp: limit rcvbufsize parameter to max 1GiB +- rainerscript: implement new "call_indirect" statement +- bugfix imjournal: make state file handling more robust + There is a bug in rsyslog which is caused by not very atomic writes of + imjournal statefile. It's hardly reproducible but there is a way. + fscanf error appears only when rsyslog reads an empty statefile which + causes that imjournal is stopped so no logging from journal is + performed. When the statefile contains random bytes error appears + again but from journal and imjournal is stopped too. + In this patch Rsyslog writes imjournal statefile more atomically and + secure. Reading the statefile is more robust and doesn't affect + imjournal module so when corrupted statefile is read imjournal + ignores statefile, continues with logging and it doesn't stop. Logger + can be used as a test if it's logging or not. + Patch introduces a new option with both old and new config format + "IgnoreNonValidStateFile" which is "on" by default and it can turn + off ignorance of non valid statefile. + Thanks to github user tomassykora for the patch. +- bugfix core: lookup table reload was not properly integrated + The opcode was not handled, what lead to misleading messages + in debug log. Since we run debug builds more strictly, it also + causes an assertion to trigger, thus aborting the test +- bugfix core: potential deadlock on shutdown + could happen when rsyslog was started and quickly shut down OR when + coincidentally a new thread was spawend "with bad timing" around the time + of shutdown. + See also https://github.com/rsyslog/rsyslog/pull/1274 + Thanks to github user tomassykora for the final patch and Rado Sroka for + the analysis and an initial patch. +- bugfix ommongodb: did not work in v8 due to invalid indirection + Thanks to Benoit Dolez for the patch. +- bugfix ommongodb: fix tryResume handling + To make tryResume working, the connection to mongodb need to be closed. + Thus close it on "insert error". + Thanks to Benoit Dolez for the patch. +- bugfix omfwd: retry processing was not done correctly, could stall + see also https://github.com/rsyslog/rsyslog/pull/1261 + Thanks to David Ahern for the patch. +- bugfix imuxsock: segfault non shutdown when $OmitLocalLogging is on + Imuxsock tries to close socket on index 0 which ends with segfault. + Thanks to Tomas Sykora for the patch. +- testbench: + * empty-hostname test did not work correctly + * improve debugging by better output +------------------------------------------------------------------------------ +Version 8.23.0 [v8-stable] 2016-11-15 +- NEW BUILD REQUIREMENT: libfastjson 0.99.3 + This was introduced in 8.20.0 as a suggestion and has now become a hard + requirement. See 8.20.0 ChangeLog entry for more details. +- KSI signatures: removed SHA2-224 hash algorithm + This is considered insecure and no longer supported by the underlying + KSI library. If still used within a configuration, a descriptive error + message is emitted during config processing. + Thanks to Henri Lakk for the initial patch. +- imfile: new timeout feature for multi-line reads + When using startmsg.regex, messages are held until the next one is written. + We now provide a "readTimeout" parameter family (see doc) to timeout such + reads and ensure messages are not held for a very long time. + see also https://github.com/rsyslog/rsyslog/issues/1133 +- omfile: improve robustness against network file system failures + in case of failure, a close and re-open is tried, which often solves the + issue (and wasn't handle before this patch). + see also https://github.com/rsyslog/rsyslog/pull/1161 + Thanks to github user hese10 for the patch. +- pmaixforwardedfrom: support for AIX syslogd -s option + if syslog in AIX started with "-s" option, AIX syslog adds only "From " + instead of "Message forwarded from ". With this patch, both are now + detected. + Thanks to github user patelritesh for the patch. +- omelasticsearch: add ability to specify max http request size + This permits to keep batches below ES-configured limits. + Thanks to github user barakshechter for the patch. +- omelasticsearch: high availability addressing of ElasticSearch cluster + allow one to specify an array of servers, which is tried until a working + one is found (and given up only if none works). + Thanks to github user barakshechter for the patch. +- omelasticsearch: make compatible with ElasticSearch 2.x and 5.x + fixes omelasticsearch logs response from ElasticSearch 5.0 _bulk + endpoint as error + See also https://github.com/rsyslog/rsyslog/pull/1253 + Thanks to Christian Rodemeyer for the patch. +- omhiredis: add dynakey attribute. + If set to on, this causes omhiredis to treat the key attribute as the + name of a template so that you can build a dynamic redis queue name + or list key. + see also: https://github.com/rsyslog/rsyslog/pull/1218 + Thanks to github user bobthemighty for the patch +- omtcl: new contributed module + see also https://github.com/rsyslog/rsyslog/pull/1041 + Please note: contributed modules are not directly supported by the + project. You might want to contact the author for questions. + Thanks to Francisco Castro for contributing it. +- RainerScript: provide a capability to set environment variables + via 'global(environment="var=val")' config statement. + This is most importantly for things like HTTP_PROXY. + see also https://github.com/rsyslog/rsyslog/issues/1209 +- lookup tables: improved error checking + Thanks to Janmejay Singh for the patch. +- queue subsystem: add configuration parameter "queue.samplinginterval" + Supports sampling of messages (as often used in data transmission). + Thanks to Zachary M. Zhao for the patch. +- bugfix core: errmsg.LogError now switches to dfltErrLogger just before shutdown + Thanks to Janmejay Singh for the patches. +- bugfix core: fixed un-freed memory in non-transactional action using string-passing + closes https://github.com/rsyslog/rsyslog/issues/968 + Thanks to Janmejay Singh for the patches. +- rsgtutil: option to specify KSI publications file certificate constraints + see also https://github.com/rsyslog/rsyslog/issues/1207 +- omprog: bugfixes and enhancements + - omprog resource leak fix (fd leak) + - omprog got ability to force-kill process if it doesn't die in 5 seconds + (linux specific) + - child-process lifecycle debugging aid (in form of logs) (mainLoop and + omprog cleanup both log pid at child-death, mainLoop reaping is now + visible to user, as opposed to being a mystery, because omprog didn't + seem to anticipate it in terms of code) + Thanks to Janmejay Singh for the patches. + see also https://github.com/rsyslog/rsyslog/pull/1155 +- bugfix imfile: ReopenOnTruncate processing, file open processing + This fixes + * ReopenOnTruncate was only honored when a state file existed + see https://github.com/rsyslog/rsyslog/issues/1090 + * open processing could run into a loop + see https://github.com/rsyslog/rsyslog/issues/1174 + This is done via refactoring the open file handling, which provides + overall cleaner and easier-to-follow code. + Thanks to Owen Smith for analyzing the problem and providing a + prototype PR which greatly helped towards the final solution. +- bugfix omlibdbi: libdbi-driver-sqlite3/2 requires to provide a path to + database split into two strings: + * absolute path, where the database file sits + * database filename itself. + This was previously not done. + Thanks to github user aleek for the patch. +- bugfix RainerScript: issue in prifilt() function + Initialize func-data(and to-be-freed flag) correctly for prifilt + function-node + Thanks to Janmejay Singh for the patch. +- bugfix omrelp: invalid module name imrelp was used in some error messages + Thanks to Chris Pilkington for the patch. +- bugfix core: abort when persisting object state + This causes a segfault. It happens whenever an object state larger + than 4095 byte is persisted. Then, incorrectly a try to rollover to + a new state file is tried, which will lead to a division by zero + as the necessary variables for this operation are not set because we + are NOT in circular mode. + This problem can happen wherever state files are written. It has been + experienced with imfile and queue files. + Many thanks to github user mostolog for his help in reproducing the issue, + which was very important to finally nail down this long-standing bug. + closes https://github.com/rsyslog/rsyslog/issues/1239 + closes https://github.com/rsyslog/rsyslog/issues/1162 + closes https://github.com/rsyslog/rsyslog/issues/1074 +- bugfix: segfault if hostname is unset on system + happens when gethostname() returns empty string. This will cause + the createon of the localhostname prop_t to fail, which in turn + leads to a NULL pointer dereference when emitting local messages. + As we emit a startup message by default, this had usually lead + to a segfault on startup. + Thanks to Erik Potter and github user mostolog for their help + in analyzing this problem. + closes https://github.com/rsyslog/rsyslog/issues/1040 + closes https://github.com/rsyslog/rsyslog/issues/335 +- bugfix external module perl skeleton: did not work properly + Thanks to github user Igorjan666 for the patch. +- bugfix build system: Fix detection of pthread_setschedparam() on platforms + such as FreeBSD + see also https://github.com/rsyslog/rsyslog/pull/1147 + Thanks to Matthew Seaman for the patch. +- bugfix omelasticsearch: modifies constant memory under some circumstances + Function computeBaseUrl may modify its serverParam parameter, but + this may contain the constant string "localhost". Depending on the + platform, this can lead to a segfault. + Noticed while working on compiler warnings, not seen in practice. +- "bugfix": theoretical queue file corruption when more than MAX_INT files + closes https://github.com/rsyslog/rsyslog/issues/1202 +- bug fix/KSI: LOGSIG11 missing in the beginning of KSI log signature file + When logging with KSI is not working properly for whatever reason, an + empty .ksisig file is created (which by itself is not an issue). However, + later it looks like this file is re-used, but it is not checked whether it + already contains the magic LOGSIG11 in the beginning of the file. This leads + to a log signature file which has correct content but is missing the + LOGSIG11 magic in the beginning. +- bugfix template processor: missing escaping of backslash in json mode + Thanks to github user mostolog for providing the patch. +- build environment: --enable-debug now defaults to new "auto" mode + previously, DEBUG mode (and thus assert() macros) was disabled by default + and explicitly needed to be enabled by providing the --enable-debug + ./configure switch. Now, a new --enable-debug=auto mode has been added + and made the default. It enables DEBUG mode if we build from git and only + disables it when a release build is done (from the release tarball). This + aims at better error checking during testbench runs and developer testing. +- testbench improvements + * improved testbench file generation tool + Thanks to Pascal Withopf for the patch. + * added some plumbing for extended tests which work by overriding OS APIs + * imfile ReopenOnTruncate option is now being tested + * the CI environment now runs most tests in debug mode, but some in + release mode to cover potential release-mode races + * template json option is now being tested + * object state persisting received a basic test + * added test for empty hostnames + * added tests for omprog +------------------------------------------------------------------------------ +Version 8.22.0 [v8-stable] 2016-10-04 +- ompgsql: add template support + Thanks to Radu Gheorghe for implementing this. +- generate somewhat better error message on config file syntax error + a common case (object at invalid location) has received it's own error + message; for the rest we still rely on the generic flex/bison handler +- bugfix:omhiredis reconnects after failure + previously it could loose messages under such conditions. + Thanks to Bob Gregory for the patch. +- general cleanup and code improvement + mostly guided by compiler warnings induced by newer opensuse buildbot + environment +------------------------------------------------------------------------------ +Version 8.21.0 [v8-stable] 2016-08-23 +- CHANGE OF BEHAVIOR: + by default, internal messages are no longer logged via the internal + bridge to rsyslog but via the syslog() API call [either directly or + via liblogging). For the typical single-rsyslogd-instance installation this + is mostly unnoticeable (except for some additional latency). If multiple + instances are run, only the "main" (the one processing system log messages) + will see all messages. To return to the old behavior, do either of those + two: + 1) add in rsyslog.conf: + global(processInternalMessages="on") + 2) export the environment variable RSYSLOG_DFLT_LOG_INTERNAL=1 + This will set a new default - the value can still be overwritten via + rsyslog.conf (method 1). Note that the environment variable must be + set in your **startup script**. + For more information, please visit + https://www.rsyslog.com/rsyslog-error-reporting-improved/ +- slightly improved TLS syslog error messages +- queue subsystem: improved robustness + The .qi file is now persisted whenever an existing queue file is fully + written and a new file is begun. This helps with rsyslog aborts, including + the common case where the OS issues kill -9 because of insufficiently + configured termination timeout (this is an OS config error, but a frequent + one). Also, a situation where an orphaned empty file could be left in the + queue work directory has been fixed. We expect that this change causes + fewer permanent queue failures. +- bugfix: build failed on some platforms due to missing include files +------------------------------------------------------------------------------ +Version 8.20.0 [v8-stable] 2016-07-12 +- NEW BUILD REQUIREMENT: librelp, was 1.2.5, now is 1.2.12 + This is only needed if --enable-relp is used. The new version is needed + to support the new timeout parameter in omrelp. +- NEW BUILD SUGGESTION: libfastjson 0.99.3 + while not strictly necessary, previous versions of libfastjson have a bug + in unicode processing that can result in non US-ASCII characters to be + improperly encoded and may (very unlikely) also cause a segfault. + This version will become mandatory in rsyslog 8.23.0 +- omrelp: add configurable connection timeout + Thanks to Nathan Brown for implementing this feature. +- pmrfc3164: add support for slashes in hostname + added parameter "permit.slashesinhostname" to support this, off by default + [Note that the RFC5424 always supported this, as 5424 is a different + standard] +- bugfix omfile: handle chown() failure correctly + If the file creation succeeds, but chown() failed, the file was + still writen, even if the user requested that this should be treated + as a failure case. This is corrected now. + Also, some refactoring was done to create better error messages. +- omfile now better conveys status of unwritable files back to core +- config files recursively including themselves are now detected + and an error message is emitted in that case; Previously, this + misconfiguration resulted in rsyslog loop and abort during startup. + closes https://github.com/rsyslog/rsyslog/issues/1058 +- refactored code to not emit compiler warnings in "strict mode" + We changed the compiler warning settings to be rather strict and cleaned up + the code to work without generating any warning messages. + This results in an overall even more improved code quality, which will now + also be enforced via our CI systems. +- bugfix: fix some issues with action CommitTransaction() handling + An action that returns an error from CommitTransaction() caused a + loop in rsyslog action processing. Similarly, retry processing was not + properly handled in regard to CommitTransaction(). + This is a first shot at fixing the situation. It solves the + immediate problems, but does not implement the full desired + functionality (like error file). + see also https://github.com/rsyslog/rsyslog/issues/974 + see also https://github.com/rsyslog/rsyslog/issues/500 +- bugfix omqmqp1: connecting to the message bus fails on nonstandard port + Thanks to Ken Giusti for the patch. + see also: https://github.com/rsyslog/rsyslog/pull/1064 +- testbench/CI enhancements + * new tests for RELP components + * new tests for core action processing and retry + * travis tests now also run against all unstable versions of supporting + libraries. This helps to track interdependency problems early. + * new tests for hostname parsing + * new tests for RainerScript comparisons +------------------------------------------------------------------------------ +Version 8.19.0 [v8-stable] 2016-05-31 +- NEW BUILD REQUIREMENT: autoconf-archive +- omelasticsearch: add option to permit unsigned certs (experimentally) + This adds plumbing as suggested by Joerg Heinemann and Radu Gheorghe, + but is otherwise untested. Chances are good it works. If you use it, + please let us know your experience and most importantly any bug + reports you may have. + closes https://github.com/rsyslog/rsyslog/issues/89 +- imrelp: better error codes on unavailability of TLS options + Most importantly, we will tell the user in clear words if specific TLS + options are not available due to too-old GnuTLS. + closes https://github.com/rsyslog/rsyslog/issues/1019 +- default stack size for inputs has been explicitly set to 4MiB + for most platforms, this means a reduction from the default of 10MiB, however + it may mean an increase for micro-libc's (some may have as low as 80KiB by + default). +- testbench: We are now using libfaketime instead of faketime command line + tool. Make sure you have installed the library and not just the binary! +- refactor stringbuf + * use only a single string buffer + ... both for the internal representation as well as the C-String one. + The module originally tried to support embedded NUL characters, which + over time has proven to be not necessary. Rsyslog always encodes + NUL into escape sequences. + Also, the dual buffers were used inconsistently, which could lead to + subtle bugs. With the single buffer, this does no longer happen and + we also get some improved performance (should be noticeable) + and reduced memory use (a bit). + closes https://github.com/rsyslog/rsyslog/issues/1033 + * removed no longer used code + * internal API changes to reflect new needs + * performance improvements + * miscellaneous minor cleanup +- fix: potential misaddressing in template config processing + This could cause segfault on startup. Happens when template name shorter + than two chars and outname is not set. Once we are over startup, things + work reliably. +- bugfix omfile: async output file writing does not respect flushing + neither parameter flushInterval nor flushOnTXEnd="on" was respected. + closes https://github.com/rsyslog/rsyslog/issues/1054 +- bugfix imfile: corrupted multi-line message when state data was persisted + see also https://github.com/rsyslog/rsyslog/issues/874 + Thanks to Magnus Hyllander for the analysis and a patch suggestion. +- bugfix imfile: missing newline after first line of multiline message + see also https://github.com/rsyslog/rsyslog/issues/843 + Thanks to Magnus Hyllander for the patch. +- bugfix: dynstats unusedMetricTtl bug + Thanks to Janmejay Singh for fixing this. +- bugfix build system: build was broken on SunOS + Thanks to Filip Hajny for the patch. +- bugfix: afterRun entry point not correctly called + The entry point was called at the wrong spot, only when the thread + had not already terminated by itself. This could cause various + cleanup to not be done. This affected e.g. imjournal. + closes https://github.com/rsyslog/rsyslog/issues/882 +- bugfix dynstats: do not leak file handles + Thanks to Janmejay Singh for the patch. +- bugfix omelasticsearch: disable libCURL signal handling + previously, this could lead to segfaults on connection timeout + see also https://github.com/rsyslog/rsyslog/pull/1007 + Thanks to Sai Ke WANG for the patch. +- bugfix omelasticsearch: some regressions were fixed + * error file was no longer written + * fix for some potential misaddressings +- improved wording: gnutls error message points to potential cause + What GnutTLS returns us is very unspecific and somewhat misleading, so + we point to what it most probably is (broken connect). + see also https://github.com/rsyslog/rsyslog/issues/846 +- some general code improvements + * "fixed" cosmetic memory leaks at shutdown +- build system bugfix: configure can't find gss_acquire_cred on Solaris + Thanks to github user vlmarek for the patch. +- improvements to the CI environment + * improvements on the non-raciness of some tests + * imdiag: avoid races in detecting queue empty status + This resolves cases where the testbench terminated rsyslog too early, + resulting in potential message loss and test failure. + * omkafka has now dynamic tests + Thanks to Janmejay Singh for implementing them. + * try to merge PR to master and run tests; this guards against cross-PR + regressions and wasn't caught previously. Note that we skip this test + if we cannot successfully merge. So this is not a replacement for a + daily full "all-project integration test run". + * travis has finally enabled elasticsearch tests + ES was unfortunately not being regularly tested for quite a while due to + missing environment. This lead to some regressions becoming undetected. + These were now discovered thanks to the new support on travis. Also, this + guards against future regressions. + * imfile has now additional tests and overall better coverage + * omfile has now additional tests +------------------------------------------------------------------------------ +Version 8.18.0 [v8-stable] 2016-04-19 +- testbench: When running privdrop tests testbench tries to drop + user to "rsyslog", "syslog" or "daemon" when running as root and + you don't explicit set RSYSLOG_TESTUSER environment variable. + Make sure the unprivileged testuser can write into tests/ dir! +- templates: add option to convert timestamps to UTC + closes https://github.com/rsyslog/rsyslog/issues/730 +- omjournal: fix segfault (regression in 8.17.0) +- imptcp: added AF_UNIX support + Thanks to Nathan Brown for implementing this feature. +- new template options + * compressSpace + * date-utc +- redis: support for authentication + Thanks to Manohar Ht for the patch +- omkafka: makes kafka-producer on-HUP restart optional + As of now, omkafka kills and re-creates kafka-producer on HUP. This + is not always desirable. This change introduces an action param + (reopenOnHup="on|off") which allows user to control re-cycling of + kafka-producer. + It defaults to on (for backward compatibility). Off allows user to + ignore HUP as far as kafka-producer is concerned. + Thanks to Janmejay Singh for implementing this feature +- imfile: new "FreshStartTail" input parameter + Thanks to Curu Wong for implementing this. +- omjournal: fix libfastjson API issues + This module accessed private data members of libfastjson +- ommongodb: fix json API issues + This module accessed private data members of libfastjson +- testbench improvements (more tests and more thorough tests) + among others: + - tests for omjournal added + - tests for KSI subsystem + - tests for privilege drop statements + - basic test for RELP with TLS + - some previously disabled tests have been re-enabled +- dynamic stats subsystem: a couple of smaller changes + they also involve the format, which is slightly incompatible to + previous version. As this was out only very recently (last version), + we considered this as acceptable. + Thanks to Janmejay Singh for developing this. +- foreach loop: now also iterates over objects (not just arrays) + Thanks to Janmejay Singh for developing this. +- improvements to the CI environment +- enhancement: queue subsystem is more robst in regard to some corruptions + It is now detected if a .qi file states that the queue contains more + records than there are actually inside the queue files. Previously this + resulted in an emergency switch to direct mode, now the problem is only + reported but processing continues. +- enhancement: Allow rsyslog to bind UDP ports even w/out specific + interface being up at the moment. + Alternatively, rsyslog could be ordered after networking, however, + that might have some negative side effects. Also IP_FREEBIND is + recommended by systemd documentation. + Thanks to Nirmoy Das and Marius Tomaschewski for the patch. +- cleanup: removed no longer needed json-c compatibility layer + as we now always use libfastjson, we do not need to support old + versions of json-c (libfastjson was based on the newest json-c + version at the time of the fork, which is the newest in regard + to the compatibility layer) +- new External plugin for sending metrics to SPM Monitoring SaaS + Thanks to Radu Gheorghe for the patch. +- bugfix imfile: fix memory corruption bug when appending @cee + Thanks to Brian Knox for the patch. +- bugfix: memory misallocation if position.from and position.to is used + a negative amount of memory is tried to be allocated if position.from + is smaller than the buffer size (at least with json variables). This + usually leads to a segfault. + closes https://github.com/rsyslog/rsyslog/issues/915 +- bugfix: fix potential memleak in TCP allowed sender definition + depending on circumstances, a very small leak could happen on each + HUP. This was caused by an invalid macro definition which did not rule + out side effects. +- bugfix: $PrivDropToGroupID actually did a name lookup + ... instead of using the provided ID +- bugfix: small memory leak in imfile + Thanks to Tomas Heinrich for the patch. +- bugfix: double free in jsonmesg template + There has to be actual json data in the message (from mmjsonparse, + mmnormalize, imjournal, ...) to trigger the crash. + Thanks to Tomas Heinrich for the patch. +- bugfix: incorrect formatting of stats when CEE/Json format is used + This lead to ill-formed json being generated +- bugfix omfwd: new-style keepalive action parameters did not work + due to being inconsistently spelled inside the code. Note that legacy + parameters $keepalive... always worked + see also: https://github.com/rsyslog/rsyslog/issues/916 + Thanks to Devin Christensen for alerting us and an analysis of the + root cause. +- bugfix: memory leaks in logctl utility + Detected by clang static analyzer. Note that these leaks CAN happen in + practice and may even be pretty large. This was probably never detected + because the tool is not often used. +- bugfix omrelp: fix segfault if no port action parameter was given + closes https://github.com/rsyslog/rsyslog/issues/911 +- bugfix imtcp: Messages not terminated by a NL were discarded + ... upon connection termination. + Thanks to Tomas Heinrich for the patch. +------------------------------------------------------------------------------ +Version 8.17.0 [v8-stable] 2016-03-08 +- NEW REQUIREMENT: libfastjson + see also: + http://blog.gerhards.net/2015/12/rsyslog-and-liblognorm-will-switch-to.html +- new testbench requirement: faketime command line tool + This is used to generate a controlled environment for time-based tests; if + not available, tests will gracefully be skipped. +- improve json variable performance + We use libfastjson's alternative hash function, which has been + proven to be much faster than the default one (which stems + back to libjson-c). This should bring an overall performance + improvement for all operations involving variable processing. + closes https://github.com/rsyslog/rsyslog/issues/848 +- new experimental feature: lookup table support + Note that at this time, this is an experimental feature which is not yet + fully supported by the rsyslog team. It is introduced in order to gain + more feedback and to make it available as early as possible because many + people consider it useful. + Thanks to Janmejay Singh for implementing this feature +- new feature: dynamic statistics counters + which may be changed during rule processing + Thanks to Janmejay Singh for suggesting and implementing this feature +- new contributed plugin: omamqp1 for AMQP 1.0-compliant brokers + Thanks to Ken Giusti for this module +- new set of UTC-based $now family of variables ($now-utc, $year-utc, ...) +- simplified locking when accessing message and local variables + this simplifies the code and slightly increases performance if such + variables are heavily accessed. +- new global parameter "debug.unloadModules" + This permits to disable unloading of modules, e.g. to make valgrind + reports more useful (without a need to recompile). +- timestamp handling: guard against invalid dates + We do not permit dates outside of the year 1970..2100 + interval. Note that network-receivers do already guard + against this, so the new guard only guards against invalid + system time. +- imfile: add "trimlineoverbytes" input parameter + Thanks to github user JindongChen for the patch. +- ommongodb: add support for extended json format for dates + Thanks to Florian Bücklers for the patch. +- omjournal: add support for templates + see also: https://github.com/rsyslog/rsyslog/pull/770 + Thanks to github user bobthemighty for the patch +- imuxsock: add "ruleset" input parameter +- testbench: framework improvement: configs can be included in test file + they do no longer need to be in a separate file, which saves a bit + of work when working with them. This is supported for simple tests with + a single running rsyslog instance + Thanks to Janmejay Singh for inspiring me with a similar method in + liblognorm testbench. +- imptcp: performance improvements + Thanks to Janmejay Singh for implementing this improvement +- made build compile (almost) without warnings + still some warnings are suppressed where this is currently required +- improve interface definition in some modules, e.g. mmanon, mmsequence + This is more an internal cleanup and should have no actual affect to + the end user. +- solaris build: MAXHOSTNAMELEN properly detected +- build system improvement: ability to detect old hiredis libs + This permits to automatically build omhiredis on systems where the + hiredis libs do not provide a pkgconfig file. Previously, this + required manual configuration. + Thanks to github user jaymell for the patch. +- rsgtutil: dump mode improvements + * auto-detect signature file type + * ability to dump hash chains for log extraction files +- build system: fix build issues with clang + clang builds often failed with a missing external symbol + "rpl_malloc". This was caused by checks in configure.ac, + which checked for specific GNU semantics. As we do not need + them (we never ask malloc for zero bytes), we can safely + remove the macros. + Note that we routinely run clang static analyzer in CI and + it also detects such calls as invalid. + closes https://github.com/rsyslog/rsyslog/issues/834 +- bugfix: unixtimestamp date format was incorrectly computed + The problem happened in leap year from March til then end + of year and healed itself at the beginning of the next year. + During the problem period, the timestamp was 24 hours too low. + fixes https://github.com/rsyslog/rsyslog/issues/830 +- bugfix: date-ordinal date format was incorrectly computed + same root cause aus for unixtimestamp and same triggering + condition. During the affected perido, the ordinal was one + too less. +- bugfix: some race when shutting down input module threads + this had little, if at all, effect on real deployments as it resulted + in a small leak right before rsyslog termination. However, it caused + trouble with the testbench (and other QA tools). + Thanks to Peter Portante for the patch and both Peter and Janmejay + Singh for helping to analyze what was going on. +- bugfix tcpflood: did not handle connection drops correct in TLS case + note that tcpflood is a testbench too. The bug caused some testbench + instability, but had no effect on deployments. +- bugfix: abort if global parameter value was wrong + If so, the abort happened during startup. Once started, + all was stable. +- bugfix omkafka: fix potential NULL pointer addressing + this happened when the topic cache was full and an entry + needed to be evicted +- bugfix impstats: @cee cookie was prefixed to wrong format (json vs. cee) + Thanks to Volker Fröhlich for the fix. +- bugfix imfile: fix race during startup that could lead to some duplication + If a to-be-monitored file was created after inotify was initialized + but before startup was completed, the first chunk of data from this + file could be duplicated. This should have happened very rarely in + practice, but caused occasional testbench failures. + see also: https://github.com/rsyslog/rsyslog/issues/791 +- bugfix: potential loss of single message at queue shutdown + see also: https://github.com/rsyslog/rsyslog/issues/262 +- bugfix: potential deadlock with heavy variable access + When making heavy use of global, local and message variables, a deadlock + could occur. While it is extremely unlikely to happen, we have at least + seen one incarnation of this problem in practice. +- bugfix ommysql: on some platforms, serverport parameter had no effect + This was caused by an invalid code sequence which's outcome depends on + compiler settings. +- bugfix omelasticsearch: invalid pointer dereference + The actual practical impact is not clear. This came up when working + on compiler warnings. + Thanks to David Lang for the patch. +- bugfix omhiredis: serverport config parameter did not reliably work + depended on environment/compiler used to build +- bugfix rsgtutil: -h command line option did not work + Thanks to Henri Lakk for the patch. +- bugfix lexer: hex numbers were not properly represented + see: https://github.com/rsyslog/rsyslog/pull/771 + Thanks to Sam Hanes for the patch. +- bugfix TLS syslog: intermittent errors while sending data + Regression from commit 1394e0b. A symptom often seen was the message + "unexpected GnuTLS error -50 in nsd_gtls.c:530" +- bugfix imfile: abort on startup if no slash was present in file name param + Thanks to Brian Knox for the patch. +- bugfix rsgtutil: fixed abort when using short command line options + Thanks to Henri Lakk +- bugfix rsgtutil: invalid computation of log record extraction file + This caused verification to fail because the hash chain was actually + incorrect. Depended on the input data set. + closes https://github.com/rsyslog/rsyslog/issues/832 +- bugfix build system: KSI components could only be build if in default path +------------------------------------------------------------------------------ +Version 8.16.0 [v8-stable] 2016-01-26 +- rsgtutil: Added extraction support including loglines and hash chains. + More details on how to extract loglines can be found in the rsgtutil + manpage. See also: https://github.com/rsyslog/rsyslog/issues/561 +- clean up doAction output module interface + We started with char * pointers, but used different types of pointers + over time. This lead to alignment warnings. In practice, I think this + should never cause any problems (at least there have been no reports + in the 7 or so years we do this), but it is not clean. The interface is + now cleaned up. We do this in a way that does not require modifications + to modules that just use string parameters. For those with message + parameters, have a look at e.g. mmutf8fix to see how easy the + required change is. +- new system properties for $NOW properties based on UTC + This permits to express current system time in UTC. + See also https://github.com/rsyslog/rsyslog/issues/729 +- impstats: support broken ElasticSearch JSON implementation + ES 2.0 no longer supports valid JSON and disallows dots inside names. + This adds a new "json-elasticsearch" format option which replaces + those dots by the bang ("!") character. So "discarded.full" becomes + "discarded!full". + This is a workaround. A method that will provide more control over + replacements will be implemented some time in the future. For + details, see below-quoted issue tracker. + closes https://github.com/rsyslog/rsyslog/issues/713 +- omelasticsearch: craft better URLs + Elasticsearch is confused by url's ending in a bare '?' or '&'. While + this is valid, those are no longer produced. + Thanks to Benno Evers for the patch. +- imfile: add experimental "reopenOnTruncate" parameter + Thanks to Matthew Wang for the patch. +- bugfix imfile: proper handling of inotify initialization failure + Thanks to Zachary Zhao for the patch. +- bugfix imfile: potential segfault due to improper handling of ev var + This occurs in inotify mode, only. + Thanks to Zachary Zhao and Peter Portante for the patch. + closes https://github.com/rsyslog/rsyslog/issues/718 +- bugfix imfile: potential segfault under heavy load. + This occurs in inotify mode when using wildcards, only. + The root cause is dropped IN_IGNORED inotify events which be dropped + in circumstance of high input pressure and frequent rotation, and + according to wikipeida, they can also be dropped in other conditions. + Thanks to Zachary Zhao for the patch. + closes https://github.com/rsyslog/rsyslog/issues/723 +- bugfix ommail: invalid handling of server response + if that response was split into different read calls. Could lead to + error-termination of send operation. Problem is pretty unlikely to + occur in standard setups (requires slow connection to SMTP server). + Thank to github user haixingood for the patch. +- bugfix omelasticsearch: custom serverport was ignored on some platforms + Thanks to Benno Evers for the patch. +- bugfix: tarball did not include some testbench files + Thanks to Thomas D. (whissi) for the patch. +- bugfix: memory misaddressing during config parsing string template + This occurred if an (invalid) template option larger than 63 characters + was given. + Thanks to git hub user c6226 for the patch. +- bugfix imzmq: memory leak + Thanks to Jeremy Liang for the patch. +- bugfix imzmq: memory leak + Thanks to github user xushengping for the patch. +- bugfix omzmq: memory leak + Thanks to Jack Lin for the patch. +- some code improvement and cleanup +------------------------------------------------------------------------------ +Version 8.15.0 [v8-stable] 2015-12-15 +- KSI Lib: Updated code to run with libksi 3.4.0.5 + Also libksi 3.4.0.x is required to build rsyslog if ksi support + is enabled. New libpackages have been build as well. +- KSI utilities: Added option to ser publication url. + Since libksi 3.4.0.x, there is no default publication url anymore. + The publication url has to be set using the --publications-server + Parameter, otherwise the ksi signature cannot be verified. UserID + and UserKey can also be set by parameter now. + Closes https://github.com/rsyslog/rsyslog/issues/581 +- KSI Lib: Fixed wrong TLV container for KSI signatures from 0905 to 0906. + closes https://github.com/rsyslog/rsyslog/issues/587 +- KSI/GT Lib: Fixed multiple issues found using static analyzer +- performance improvement for configs with heavy use of JSON variables + Depending on the config, this can be a very big gain in performance. +- added pmpanngfw: contributed module for translating Palo Alto Networks logs. + see also: https://github.com/rsyslog/rsyslog/pull/573 + Thanks to Luigi Mori for the contribution. +- testbench: Changed valgrind option for imtcp-tls-basic-vg.sh + For details see: https://github.com/rsyslog/rsyslog/pull/569 +- pmciscoios: support for asterisk before timestamp added + thanks to github user c0by for the patch + see also: https://github.com/rsyslog/rsyslog/pull/583 +- solr external output plugin much enhanced + see also: https://github.com/rsyslog/rsyslog/pull/529 + Thanks to Radu Gheorghe for the patch. +- omrabbitmq: improvements + thanks to Luigi Mori for the patch + see also: https://github.com/rsyslog/rsyslog/pull/580 +- add support for libfastjson (as a replacement for json-c) +- KSI utilities: somewhat improved error messages + Thanks to Henri Lakk for the patch. + see also: https://github.com/rsyslog/rsyslog/pull/588 +- pmciscoios: support for some format variations + Thanks to github user c0by for the patch +- support grok via new contributed module mmgrok + Thanks to 饶琛琳 (github user chenryn) for the contribution. +- omkafka: new statistics counter "maxoutqsize" + Thanks to 饶琛琳 (github user chenryn) for the contribution. +- improvements for 0mq modules: + * omczmq - suspend / Retry handling - the output plugin can now recover + from some error states due to issues with plugin startup or message sending + * omczmq - refactored topic handling code for ZMQ_PUB output to be a little + more efficient + * omczmq - added ability to set a timeout for sends + * omczmq - set topics can be in separate frame (default) or part of message + frame (configurable) + * omczmq - code cleanup + * imczmq - code cleanup + * imczmq - fixed a couple of cases where vars could be used uninitialized + * imczmq - ZMQ_ROUTER support + * imczmq - Fix small memory leak from not freeing sockets when done with them + * allow creation of on demand ephemeral CurveZMQ certs for encryption. + Clients may specify clientcertpath="*" to indicate they want an on + demand generated cert. + Thanks to Brian Knox for the contributions. +- cleanup on code to unset a variable + under extreme cases (very, very unlikely), the old code could also lead + to erroneous processing +- omelasticsearch: build on FreeBSD + Thanks to github user c0by for the patch +- pmciscoios: fix some small issues clang static analyzer detected +- testbench: many improvements and some new tests + note that there still is a number of tests which are somewhat racy +- overall code improvements thanks to clang static analyzer +- gnutls fix: Added possible fix for gnutls issue #575 + see also: https://github.com/rsyslog/rsyslog/issues/575 + Thanks to Charles Southerland for the patch +- bugfix omkafka: restore ability to build on all platforms + Undo commit aea09800643343ab8b6aa205b0f10a4be676643b + because that lead to build failures on various important platforms. + This means it currently is not possible to configure the location + of librdkafka, but that will affect far fewer people. + closes: https://github.com/rsyslog/rsyslog/issues/596 +- bugfix omkafka: fix potentially negative partition number + Thanks to Tait Clarridge for providing a patch. +- bugfix: solve potential race in creation of additional action workers + Under extreme circumstances, this could lead to segfault. Note that we + detected this problem thanks to ASAN address sanitizer in combination + with a very extreme testbench test. We do not think that this issue + was ever reported in practice. +- bugfix: potential memory leak in config parsing + Thanks to github user linmujia for the patch +- bugfix: small memory leak in loading template config + This happened when a plugin was used inside the template. Then, the + memory for the template name was never freed. + Thanks to github user xushengping for the fix. +- bugfix: fix extra whitespace in property expansions + Address off-by-one issues introduced in f3bd7a2 resulting in extra + whitespace in property expansions + Thanks to Matthew Gabeler-Lee for the patch. +- bugfix: mmfields leaked memory if very large messages were processed + detected by clang static analyzer +- bugfix: mmfields could add garbage data to field + this happened when very large fields were to be processed. + Thanks to Peter Portante for reporting this. +- bugfix: omhttpfs now also compiles with older json-c lib +- bugfix: memory leak in (contributed) module omhttpfs + Thanks to git hub user c6226 for the patch. +- bugfix: parameter mismatch in error message for wrap() function +- bugfix: parameter mismatch in error message for random() function +- bugfix: divide by zero if max() function was provided zero +- bugfix: invalid mutex handling in omfile async write mode + could lead to segfault, even though highly unlikely (caught by + testbench on a single platform) +- bugfix: fix inconsistent number processing + Unfortunately, previous versions of the rule engine tried to + support oct and hex, but that wasn't really the case. + Everything based on JSON was just dec-converted. As this was/is + the norm, we fix that inconsistency by always using dec. + Luckily, oct and hex support was never documented and could + probably only have been activated by constant numbers. +- bugfix: timezone() object: fix NULL pointer dereference + This happened during startup when the offset or id parameter was not + given. Could lead to a segfault at startup. + Detected by clang static analyzer. +- bugfix omfile: memory addressing error if very long outchannel name used + Thanks to github user c6226 for the patch. +------------------------------------------------------------------------------ +Version 8.14.0 [v8-stable] 2015-11-03 +- Added possibility to customize librdkafka location + see also: https://github.com/rsyslog/rsyslog/pull/502 + Thanks to Matthew Wang for the patch. +- add property "rawmsg-after-pri" +- bugfix: potential misaddresseing in imfile + Could happen when wildcards were used. + see also https://github.com/rsyslog/rsyslog/issues/532 + see also https://github.com/rsyslog/rsyslog/issues/534 + Thanks to zhangdaoling for the bugfix. +- bugfix: re_extract RainerScript function did not work + Thanks to Janmejay Singh for the patch +------------------------------------------------------------------------------ +Version 8.13.0 [v8-stable] 2015-09-22 +- ZeroMQ enhancements: + * Added the ability to set a static publishing topic per action as an + alternative to constructing topics with templates + Contributor: Luca Bocassi + * ZMQ_PUB socket now defaults to bind and ZMQ_SUB socket now defaults to + connect - Contributor: Luca Bocassi +- Redis enhancements: + * Can now LPUSH to a Redis list in "queue" mode - Contributor: Brian Knox + * Can now PUBLISH to a Redis channel in "publish" mode + Contributor: Brian Knox +- build requirement for rsyslog/mmnormalize is now liblognorm 1.1.2 or above +- mmnormalize: liblognorm error messages are now emitted via regular + rsyslog error reporting mechanism (aka "are now logged") + This is possible due to a new API in liblognorm 1.1.2; + Note that the amount of error messages depends on the version of + liblognorm used. +- add support for TCP client side keep-alives + Thanks to github user tinselcity for the patch. +- bugfix: imtcp/TLS hangs on dropped packets + see also https://github.com/rsyslog/rsyslog/issues/318 + Thanks to github user tinselcity for the patch. +- bugfix testbench: some tests using imptcp are run if module is disabled + Thanks to Michael Biebl for reporting this + see also https://github.com/rsyslog/rsyslog/issues/524 +- bugfix omkafka: Fixes a bug not accepting new messages anymore. + see also: https://github.com/rsyslog/rsyslog/pull/472 + Thanks to Janmejay Singh +- bugfix: Parallel build issue "cannot find ../runtime/.libs/librsyslog.a: + No such file or directory" (#479) fixed. + Thanks to Thomas D. (Whissi) for the patch. +- bugfix: Added missing mmpstrucdata testfiles into makefile. + see also: https://github.com/rsyslog/rsyslog/issues/484 +- bugfix: Reverted FIX for issue #392 as it had unexpected side effects. + The new fix duplicates the Listener object for static files (like + done for dynamic files already), resolving issue #392 and #490. + see also https://github.com/rsyslog/rsyslog/pull/490 +- bugfix: issues in queue subsystem if syncqueuefiles was enabled + * Error 14 was generated on the .qi file directory handle. + As the .qi filestream does not have a directory set, fsync + was called on an empty directory causing a error 14 in debug log. + * When queue files existed on startup, the bSyncQueueFiles + strm property was not set to 1. This is now done in the + qqueueLoadPersStrmInfoFixup function. +- bugfix/testbench: tcpflood tool could abort when random data was added + see also: https://github.com/rsyslog/rsyslog/issues/506 + Thanks to Louis Bouchard for the fix +- rscryutil: Added support to decrypt a not closed log file. + Thanks to wizard1024 for the patch. +------------------------------------------------------------------------------ +Version 8.12.0 [v8-stable] 2015-08-11 +- Harmonize resetConfigVariables values and defaults + see also https://github.com/rsyslog/rsyslog/pull/413 + Thanks to Tomas Heinrich for the patch. +- GT/KSI: fix some issues in signature file format and add conversion tool + The file format is incompatible to previous format, but tools have been + upgraded to handle both and also an option been added to convert from + old to new format. +- bugfix: ommysql did not work when gnutls was enabled + as it turned out, this was due to a check for GnuTLS functions + with the side-effect that + AC_CHECK_LIB, by default, adds the lib to LIBS, if there is no + explicit action, what was the case here. So everything was now + linked against GnuTLS, which in turn made ommysql fail. + Thanks to Thomas D. (whissi) for the analysis of the ommysql/gnutls + problem and Thomas Heinrich for pointing out that AC_CHECK_LIB might + be the culprit. +- bugfix omfile: potential memory leak on file close + see also: https://github.com/rsyslog/rsyslog/pull/423 + Thanks to Robert Schiele for the patch. +- bugfix omfile: potential race in dynafile detection/creation + This could lead to a segfault. + Thanks to Tomas Heinrich for the patch. +- bugfix omfile: Fix race-condition detection in path-creation code + The affected code is used to detect a race condition in between + testing for the existence of a directory and creating it if it didn't + exist. The variable tracking the number of attempts wasn't reset for + subsequent elements in the path, thus limiting the number of + reattempts to one per the whole path, instead of one per each path + element. + This solution was provided by Martin Poole. +- bugfix parser subsystem: potential misaddressing in SanitizeMsg() + could lead to a segfault + Thanks to Tomas Heinrich for the patch. +- imfile: files moved outside of directory are now (properly) handled +- bugfix: imfile: segfault when using startmsg.regex if first log line + doesn't match + Thanks to Ciprian Hacman for the patch. +- bugfix imfile: file table was corrupted when on file deletion + This could happen when a file that was statically configured (not via an + wildcard) was deleted. +- bugfix ompgsql: transaction were improperly handled + now transaction support is solidly disabled until we have enough requests + to implement it again. Module still works fine in single insert mode. + closes https://github.com/rsyslog/rsyslog/issues/399 +- bugfix mmjsonparse: memory leak if non-cee-json message is processed + see also https://github.com/rsyslog/rsyslog/pull/383 + Thanks to Anton Matveenko for the patch +- testbench: remove raciness from UDP based tests +- testbench: added bash into all scripts making it mandatory +- bugfix testbench: Fixed problem building syslog_caller util when + liblogging-stdlog is not available. + Thanks to Louis Bouchard for the patch +- bugfix rscryutil.1: Added fix checking for generate_man_pages condition + Thanks to Radovan Sroka for the patch +- bugfix freebsd console: \n (NL) is prepended with \r (CR) in console + output on freebsd only. For more details see here: + https://github.com/rsyslog/rsyslog/issues/372 + Thanks to AlexandreFenyo for the patch +------------------------------------------------------------------------------ +Version 8.11.0 [v8-stable] 2015-06-30 +- new signature provider for Keyless Signature Infrastructure (KSI) added +- build system: re-enable use of "make distcheck" +- add new signature provider for Kesless Signature Infrastructure (KSI) + This has also been added to existing tooling; KSI is kind of v2 of + the Guardtime functionality and has been added in the appropriate + places. +- bugfix imfile: regex multiline mode ignored escapeLF option + Thanks to Ciprian Hacman for reporting the problem + closes https://github.com/rsyslog/rsyslog/issues/370 +- bugfix omkafka: fixed several concurrency issues, most of them related + to dynamic topics. + Thanks to Janmejay Singh for the patch. +- bugfix: execonlywhenpreviousissuspended did not work correctly + This especially caused problems when an action with this attribute was + configured with an action queue. +- bugfix core engine: ensured global variable atomicity + This could lead to problems in RainerScript, as well as probably in other + areas where global variables are used inside rsyslog. I wouldn't outrule + it could lead to segfaults. + Thanks to Janmejay Singh for the patch. +- bugfix imfile: segfault when using startmsg.regex because of empty log line + closes https://github.com/rsyslog/rsyslog/issues/357 + Thanks to Ciprian Hacman for the patch. +- bugfix: build problem on Solaris + Thanks to Dagobert Michelsen for reporting this and getting us up to + speed on the openCWS build farm. +- bugfix: build system strndup was used even if not present + now added compatibility function. This came up on Solaris builds. + Thanks to Dagobert Michelsen for reporting the problem. + closes https://github.com/rsyslog/rsyslog/issues/347 +- bugfix imjournal: do not pass empty messages to rsyslog core + this causes a crash of the daemon + see also https://github.com/rsyslog/rsyslog/pull/412 + Thanks to Tomas Heinrich for the patch. +- bugfix imjournal: cosmetic memory leak + very small and an shutdown only, so did not affect operations + see also https://github.com/rsyslog/rsyslog/pull/411 + Thanks to Tomas Heinrich for the patch. +------------------------------------------------------------------------------ +Version 8.10.0 [v8-stable] 2015-05-19 +- imfile: add capability to process multi-line messages based on regex + input parameter "endmsg.regex" was added for that purpose. The new + mode provides much more power in processing different multiline-formats. +- pmrfc3164: add new parameters + * "detect.yearAfterTimestamp" + This supports timestamps as generated e.g. by some Aruba Networks + equipment. + * "permit.squareBracesInHostname" + Permits to use "hostnames" in the form of "[127.0.0.1]"; also seen in + Aruba Networks equipment, but we strongly assume this can also happen + in other cases, especially with IPv6. +- supplementary groups are now set when dropping privileges + closes https://github.com/rsyslog/rsyslog/issues/296 + Thanks to Zach Lisinski for the patch. +- imfile: added brace glob expansion to wildcard + Thanks to Zach Lisinski for the patch. +- zmq: add the ability for zeromq input and outputs to advertise their + presence on UDP via the zbeacon API. + Thanks to Brian Knox for the contribution. +- added omhttpfs: contributed module for writing to HDFS via HTTP + Thanks to sskaje for the contribution. +- Configure option "--disable-debug-symbols" added which is disabled per + default. If you set the new option, configure won't set the appropriate + compiler flag to generate debug symbols anymore. +- When building from git source we now require rst2man and yacc (or a + replacement like bison). + That isn't any new requirement, we only added missing configure checks. +- Configure option "--enable-generate-man-pages" is now disabled for non git + source builds per default but enforced when building from git source. +- mmpstrucdata: some code cleanup + removed lots of early development debug outputs +- bugfix imuxsock: fix a memory leak that happened with large messages + ... when annotation was enabled. + Thanks to github user c6226 for the patch +- bugfix omhttpfs: memory leak + Thanks to github user c6226 for the patch +- bugfix imuxsock: fix a crash when setting a hostname + Setting a hostname via the legacy directive would lead to a crash + during shutdown caused by a double-free. + Thanks to Tomas Heinrich for the patch. +- bugfix: memory leak in mmpstrucdata + Thanks to Grégoire Seux for reporting this issue. + closes https://github.com/rsyslog/rsyslog/issues/310 +- bugfix (minor): default action name: assigned number was one off + see also https://github.com/rsyslog/rsyslog/pull/340 + Thanks to Tomas Heinrich for the patch. +- bugfix: memory leak in imfile + A small leak happened each time a new file was monitored based on + a wildcard. Depending on the rate of file creation, this could result + in a serious memory leak. +------------------------------------------------------------------------------ +Version 8.9.0 [v8-stable] 2015-04-07 +- omprog: add option "hup.forward" to forwards HUP to external plugins + This was suggested by David Lang so that external plugins (and other + programs) can also do HUP-specific processing. The default is not + to forward HUP, so no change of behavior by default. +- imuxsock: added capability to use regular parser chain + Previously, this was a fixed format, that was known to be spoken on + the system log socket. This also adds new parameters: + - sysSock.useSpecialParser module parameter + - sysSock.parseHostname module parameter + - useSpecialParser input parameter + - parseHostname input parameter +- 0mq: improvements in input and output modules + See module READMEs, part is to be considered experimental. + Thanks to Brian Knox for the contribution. +- imtcp: add support for ip based bind for imtcp -> param "address" + Thanks to github user crackytsi for the patch. +- bugfix: MsgDeserialize out of sync with MsgSerialize for StrucData + This lead to failure of disk queue processing when structured data was + present. Thanks to github user adrush for the fix. +- bugfix imfile: partial data loss, especially in readMode != 0 + closes https://github.com/rsyslog/rsyslog/issues/144 +- bugfix: potential large memory consumption with failed actions + see also https://github.com/rsyslog/rsyslog/issues/253 +- bugfix: omudpspoof: invalid default send template in RainerScript format + The file format template was used, which obviously does not work for + forwarding. Thanks to Christopher Racky for alerting us. + closes https://github.com/rsyslog/rsyslog/issues/268 +- bugfix: size-based legacy config statements did not work properly + on some platforms, they were incorrectly handled, resulting in all + sorts of "interesting" effects (up to segfault on startup) +- build system: added option --without-valgrind-testbench + ... which provides the capability to either enforce or turn off + valgrind use inside the testbench. Thanks to whissi for the patch. +- rsyslogd: fix misleading typos in error messages + Thanks to Ansgar Püster for the fixes. +------------------------------------------------------------------------------ +Version 8.8.0 [v8-stable] 2015-02-24 +- omkafka: add support for dynamic topics and auto partitioning + Thanks to Tait Clarridge for the patches. +- imtcp/imptcp: support for broken Cisco ASA TCP syslog framing +- omfwd: more detailed error messages in case of UDP send error +- TLS syslog: enable capability to turn on GnuTLS debug logging + This provides better diagnostics in hard-to-diagnose cases, + especially when GnuTLS is extra-picky about certificates. +- bugfix: $AbortOnUncleanConfig did not work +- improve rsyslogd -v output and error message with meta information + version number is now contained in error message and build platform in + version output. This helps to gets rid of the usual "which version" + question on mailing list, support forums, etc... +- bugfix imtcp: octet-counted framing cannot be turned off +- bugfix: build problems on Illuminos + Thanks to Andrew Stormont for the patch +- bugfix: invalid data size for iMaxLine global property + It was defined as int, but inside the config system it was declared as + size type, which uses int64_t. With legacy config statements, this could + lead to misaddressing, which usually meant the another config variable was + overwritten (depending on memory layout). + closes https://github.com/rsyslog/rsyslog/issues/205 +- bugfix: negative values for maxMessageSize global parameter were permitted +------------------------------------------------------------------------------ +Version 8.7.0 [v8-stable] 2015-01-13 +- add message metadata "system" to msg object + this permits to store metadata alongside the message +- imfile: add support for "filename" metadata + this is useful in cases where wildcards are used +- imptcp: make stats counter names consistent with what imudp, imtcp uses +- added new module "omkafka" to support writing to Apache Kafka +- omfwd: add new "udp.senddelay" parameter +- mmnormalize enhancements + Thanks to Janmejay Singh for the patch. +- RainerScript "foreach" iterator and array reading support + Thanks to Janmejay Singh for the patch. +- now requires liblognorm >= 1.0.2 +- add support for systemd >= 209 library names +- BSD "ntp" facility (value 12) is now also supported in filter + Thanks to Douglas K. Rand of Iteris, Inc. for the patch. + Note: this patch was released under ASL 2.0 (see email-conversation). +- bugfix: global(localHostName="xxx") was not respected in all modules +- bugfix: emit correct error message on config-file-not-found + closes https://github.com/rsyslog/rsyslog/issues/173 +- bugfix: impstats emitted invalid JSON format (if JSON was selected) +- bugfix: (small) memory leak in omfile's outchannel code + Thanks to Koral Ilgun for reporting this issue. +- bugfix: imuxsock did not deactivate some code not supported by platform + Among potential other problems, this caused build failure under Solaris. + Note that this build problem just made a broader problem appear that so + far always existed but was not visible. + closes https://github.com/rsyslog/rsyslog/issues/185 +------------------------------------------------------------------------------ +Version 8.6.0 [v8-stable] 2014-12-02 +NOTE: This version also incorporates all changes and enhancements made for +v8.5.0, but in a stable release. For details see immediately below. +- configuration-setting rsyslogd command line options deprecated + For most of them, there are now proper configuration objects. Some few + will be completely dropped if nobody insists on them. Additional info at + http://blog.gerhards.net/2014/11/phasing-out-legacy-command-line-options.html +- new and enhanced plugins for 0mq. These are currently experimental. + Thanks to Brian Knox who contributed the modules and is their author. +- empty rulesets have been permitted. They no longer raise a syntax error. +- add parameter -N3 to enable config check of partial config file + Use for config include files. Disables checking if any action exists at + all. +- rsyslogd -e option has finally been removed + It is deprecated since many years. +- testbench improvements + Testbench is now more robust and has additional tests. +- testbench is now by default disabled + To enable it, use --enable-testbench. This was done as the testbench now + does better checking if required modules are present and this in turn + would lead to configure error messages where non previously were if we + would leave --enable-testbench on by default. Thus we have turned it off. + This should not be an issue for those few testbench users. +- add new RainerScript functions warp() and replace() + Thanks to Singh Janmejay for the patch. +- mmnormalize can now also work on a variable + Thanks to Singh Janmejay for the patch. +- new property date options for day ordinal and week number + Thanks to github user arrjay for the patch +- remove --enable-zlib configure option, we always require it + It's hard to envision a system without zlib, so we turn this off + closes https://github.com/rsyslog/rsyslog/issues/76 +- slight source-tree restructuring: contributed modules are now in their + own ./contrib directory. The idea is to make it clearer to the end user + which plugins are supported by the rsyslog project (those in ./plugins). +- bugfix: imudp makes rsyslog hang on shutdown when more than 1 thread used + closes https://github.com/rsyslog/rsyslog/issues/126 +- bugfix: not all files closed on auto-backgrounding startup + This could happen when not running under systemd. Some low-numbered + fds were not closed in that case. +- bugfix: typo in queue configuration parameter + made parameter unusable + Thanks to Bojan Smojver for the patch. +- bugfix: uninitialized buffer off-by-one error in hostname generation + The DNS cache used uninitialized memory, which could lead to + invalid hostname generation. + Thanks to Jarrod Sayers for alerting us and providing analysis and + patch recommendations. +- bugfix imuxsock: possible segfault when SysSock.Use="off" + Thanks to alexjfisher for reporting this issue. + closes https://github.com/rsyslog/rsyslog/issues/140 +- bugfix: RainerScript: invalid ruleset names were accepted + during ruleset definition, but could of course not be used when + e.g. calling a ruleset. + IMPORTANT: this may cause existing configurations to error out on start, + as they invalid names could also be used e.g. when assigning rulesets. +- bugfix: some module entry points were not called for all modules + callbacks like endCnfLoad() were primarily being called for input + modules. This has been corrected. Note that this bugfix has some + regression potential. +- bugfix omlibdbi: connection was taken down in wrong thread + this could have consequences depending on the driver being used. In + general, it looks more like a cosmetic issue. For example, with + MySQL it lead to a small memory but also an annoying message about + a thread not properly torn down. +- imttcp was removed because it was an incomplete experimental module +- pmrfc3164sd because it was a custom module nobody used + We used to keep this as a sample inside the tree, but whoever wants + to look at it can check in older versions inside git. +- omoracle was removed because it was orphaned and did not build/work + for quite some years and nobody was interested in fixing it +--------------------------------------------------------------------------- +Version 8.5.0 [v8-stable] 2014-10-24 +- imfile greatly refactored and support for wildcards added +- PRI-handling code refactored for more clarity and robustness +- ommail: add support for RainerScript config system [action() object] + This finally adds support for the new config style. Also, we now permit + to set a constant subject text without the need to create a template for + it. +- refactored the auto-backgrounding method + The code is now more robust and also offers possibilities for enhanced + error reporting in the future. This is also assumed to fix some races + where a system startup script hang due to "hanging" rsyslogd. +- make gntls tcp syslog driver emit more error messages + Messages previously emitted only to the debug log are now emitted as + syslog error messages. It has shown that they contain information + helpful to the user for troubleshooting config issues. Note that this + change is a bit experimental, as we are not sure if there are situations + where large amounts of error messages may be emitted. +- bugfix: imfile did not complain if configured file did not exist + closes https://github.com/rsyslog/rsyslog/issues/137 +- bugfix: build failure on systems which don't have json_tokener_errors + Older versions of json-c need to use a different API (which don't exists + on newer versions, unfortunately...) + Thanks to Thomas D. for reporting this problem. +- imgssapi: log remote peer address in some error messages + Thanks to Bodik for the patch. +--------------------------------------------------------------------------- +Version 8.4.3 [v8-stable] 2014-10-?? +- ommail: minor bugfixes & improvements + * timestamps were 1 hour out when using daylight saving times when + viewing emails in most email clients due to incorrect date format + * X-Mailer header had a typo in it + * To: header was duplicated once per recipient (this is permitted, + but an address list is a better choice nowadays) + Thanks to github user cacheus for the patches. +- bugfix imkmsg: infinite loop on OpenVZ VMs + Thanks to github user PaulSD for the patch + closes https://github.com/rsyslog/rsyslog/pull/138 +- bugfix: typo in queue configuration parameter made parameter unusable + Thanks to Bojan Smojver for the patch. +- bugfix: uninitialized buffer off-by-one error in hostname generation + The DNS cache used uninitialized memory, which could lead to + invalid hostname generation. + Thanks to Jarrod Sayers for alerting us and providing analysis and + patch recommendations. +- bugfix imfile: segfault on startup in "inotify" mode + A segfault happened when more than one file was monitored. +- bugfix imfile: could make rsyslog exit in inotify mode +- bugfix: rsgtutil sometimes crashed in verify mode if file did not exist +- bugfix imklog: pri was miscalculated + actually, the pri was totally off the real value for PRIs > 9 +- bugfix imfile:file processing in inotify mode was stalled sometimes + closes https://github.com/rsyslog/rsyslog/issues/134 +- bugfix: imjournal did not build properly + The build succeeded, but the module did not load due to a type in + a support function name, which kept unresolved during load. +- bugfix: mmcount did no longer build + note that this is untested -- users of this module should file a bug if + the new (trivial) code is broken [if there are any users, thus I did not + invest time in testing...] + closes https://github.com/rsyslog/rsyslog/issues/129 +- bugfix imuxsock: possible segfault when SysSock.Use="off" + Thanks to alexjfisher for reporting this issue. + closes https://github.com/rsyslog/rsyslog/issues/140 +--------------------------------------------------------------------------- +Version 8.4.2 [v8-stable] 2014-10-02 +- bugfix: the fix for CVE-2014-3634 did not handle all cases + This is corrected now. + see also: CVE-2014-3683 +- fixed a build problem on some platforms + Thanks to Olaf for the patch +- behavior change: "msg" of messages with invalid PRI set to "rawmsg" + When the PRI is invalid, the rest of the header cannot be valid. So + we move all of it to MSG and do not try to parse it out. Note that + this is not directly related to the security issue but rather done + because it makes most sense. +--------------------------------------------------------------------------- +Version 8.4.1 [v8-stable] 2014-09-30 +- imudp: add for bracketing mode, which makes parsing stats easier +- permit at-sign in variable names + closes: https://github.com/rsyslog/rsyslog/issues/110 +- bugfix: fix syntax error in anon_cc_numbers.py script + Thanks to github user anthcourtney for the patch. + closes: https://github.com/rsyslog/rsyslog/issues/109 +- bugfix: ompgsql: don't loose uncommitted data on retry + Thanks to Jared Johnson and Axel Rau for the patch. +- bugfix: imfile: if a state file for a different file name was set, + that different file (name) was monitored instead of the configured + one. Now, the state file is deleted and the correct file monitored. + closes: https://github.com/rsyslog/rsyslog/issues/103 +- bugfix: omudpspoof: source port was invalid + Thanks to Pavel Levshin for the patch +- bugfix: build failure on systems which don't have json_tokener_errors + Older versions of json-c need to use a different API (which don't exists + on newer versions, unfortunately...) + Thanks to Thomas D. for reporting this problem. +- bugfix: omelasticsearch does not work with broken/changed ES 1.0+ API + closes: https://github.com/rsyslog/rsyslog/issues/104 +- bugfix: mmanon did not properly anonymize IP addresses starting with '9' + Thanks to defa-at-so36.net for reporting this problem. + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=529 +- bugfix: build problems on SuSe Linux + Thanks Andreas Stieger for the patch +- bugfix: omelasticsearch error file did not work correctly on ES 1.0+ + due to a breaking change in the ElasticSearch API. + see also: https://github.com/rsyslog/rsyslog/issues/104 +- bugfix: potential abort when a message with PRI > 191 was processed + if the "pri-text" property was used in active templates, this could + be abused to a remote denial of service from permitted senders + see also: CVE-2014-3634 +--------------------------------------------------------------------------- +Version 8.4.0 [v8-stable] 2014-08-18 +- this is the new stable branch, which incorporates all enhancements of + rsyslog 8.3. +--------------------------------------------------------------------------- +Version 8.3.5 [v8-devel] 2014-08-05 +- mmjsonparse: support selectable cookie and target containers + This permits to put different meanings into a json formatted syslog + message, e.g. the "traditional" cee or cim data. +- bugfix: mmjsonparse did not build with json-c < 0.10 + This was a regression introduced some time in the past in order to + support API changes in json-c. Now we check for the version and use + proper code. +- omprog: emit error message via syslog() if loading binary fails + This happens after forking, so omprog has no longer access to rsyslog's + regular error reporting functions. Previously, this meant any error + message was lost. Now it is emitted via regular syslog (which may end up + in a different instance, if multiple instances run...) +- couple of patches imported from v7-stable (7.6.4) +--------------------------------------------------------------------------- +Version 8.3.4 [v8-devel] 2014-07-11 +- new pmciscoios parser supporting various Cisco IOS formats +- RFC3164 timestamp parser now accepts timezones and subsecond resolution + ... at least for some common formats and where we could do so without + running risk of breaking proper formats (or introducing regressions) +- new parser config object -- permits to define custom parser definitions +- new tzinfo config object -- permits to define time zone offsets + This is a utility object that currently is being used by some parsers. +- bugfix: mishandling of input modules not supporting new input instances + If they did not support this, accidentally the output module part of the + module union was written, leading to unpredictable results. Note: all + core modules do support this interface, but some contributed or very + old ones do not. +- bugfix: double-free when ruleset() parser parameters were used + While unlikely, this could cause stability issues even after the + config phase. +--------------------------------------------------------------------------- +Version 8.3.3 [v8-devel] 2014-06-26 +- unify input object naming + imudp now supports "name" parameter, as other inputs do. "inputname" has + been deprecated, but can still be used. Same applies to "appendport" + subparameter". Thanks to "Nick Syslog" for the suggestion. +- made the missing (contributed) modules build under v8 [import from 8.2.2] + Modules: + * mmrfc5424addhmac + * omrabbitmq + * omgssapi + * omhdfs + * omzmq3 +- added a cleanup process (janitor); permits to close omfile files after a + timeout +- make omgssapi build under v8.3 [import vom v8.2] + note that we could do this to the stable, because there is NO regression + chance at all: only omgssapi was changed, and this module did NOT work + previously. +- removed obsolete --disable-fsstnd configure option + Thanks to Thomas D. for alerting us. + Closes: https://github.com/rsyslog/rsyslog/issues/72 +--------------------------------------------------------------------------- +Version 8.3.2 [v8-devel] 2014-05-02 +- new template options for date extraction: + - year + - month + - day + - wday + - hour + - minute + - second + - tzoffshour + - tzoffsmin + - tzoffsdirection + - wdayname + For string templates, these are property options and they are + prefixed with "date-" (e.g. "date-year", "date-month", ...) + see also: https://github.com/rsyslog/rsyslog/issues/65 +- bugfix: mmexternal remove framing char before processing JSON reply + This did not have any real bad effects, but caused unnecessary + processing, as empty replies were not properly detected. Otherwise, + the bug was not noticeable from the user's PoV. +- bugfix: mmexternal segfault due to invalid free in non-json input mode + closes: https://github.com/rsyslog/rsyslog/issues/70 +- bugfix: mmexternal segfault when external plugin sent invalid reply + ... or no reply at all. This happened if the reply was improper JSON. + Now, we emit an error message in those cases. + see also: https://github.com/rsyslog/rsyslog/issues/69 +- bugfix: mmexternal did potentially pass incomplete data to restarted + external plugin + This could happen if EPIPE was returned "too late", in which case the + beginning of the data could be lost. +- bugfix: mmexternal did not properly process messages over 4KiB + The data to be passed to the external plugin was truncated after 4KiB. + see: https://github.com/rsyslog/rsyslog/issues/64 +- imrelp: added support for per-listener ruleset and inputname + see: https://github.com/rsyslog/rsyslog/pull/63 + Thanks to bobthesecurityguy github user for the patch +--------------------------------------------------------------------------- +Version 8.3.1 [v8-devel] 2014-04-24 +- external message modification interface now support modifying message PRI +- "jsonmesg" property will include uuid only if one was previously generated + This is primarily a performance optimization. Whenever the message uuid + is gotten, it is generated when not already present. As we used the + regular setter, this means that always the uuid was generated, which is + quite time-consuming. This has now been changed so that it only is + generated if it already exists. That also matches more closely the + semantics, as "jsonmesg" should not make modifications to the message. + Note that the same applies to "fulljson" passing mode for external + plugins. +- added plugin to rewrite message facility and/or severity + Name: fac-sever-rewrite.py +- permits to build against json-c 0.12 + Unfortunately, json-c had an ABI breakage, so this is necessary. Note + that versions prior to 0.12 had security issues (CVE-2013-6370, + CVE-2013-6371) and so it is desirable to link against the new version. + Thanks to Thomas D. for the patch. Note that at least some distros + have fixed the security issue in older versions of json-c, so this + seems to apply mostly when building from sources. +- bugfix: using UUID property could cause segfault +- bugfix/mmexternal: memory leak +- bugfix: memory leak when using "jsonmesg" property +- bugfix: mmutf8fix did not detect two invalid sequences + Thanks to Axel Rau for the patch. +- bugfix: build problems with lexer.l on some platforms + For some reason, the strdup() prototype and others are missing. I admit + that I don't know why, as this happens only in 8.3.0+ and there is no + indication of changes to the affected files. In any case, we need to + fix this, and the current solution works at least as an interim one. +--------------------------------------------------------------------------- +Version 8.3.0 [v8-devel] 2014-04-10 +- new plugin for anonymizing credit card numbers + Thanks to Peter Slavov for providing the code. +- external message modification modules are now supported + They are bound via the new native module "mmexternal". Also, a sample + skeleton for an external python message modification module has been + added. +- new $jsonmesg property with JSON representation of whole message object + closes: https://github.com/rsyslog/rsyslog/issues/19 +- improved error message for invalid field extraction in string template + see also: + http://kb.monitorware.com/problem-with-field-based-extraction-t12299.html +- fix build problems on Solaris +- NOTE: a json-c API that we begun to use requires the compiler to be in + c99 mode. By default, we select it automatically. If you modify this and + use gcc, be sure to include "-std=c99" in your compiler flags. This seems + to be necessary only for older versions of gcc. +--------------------------------------------------------------------------- +Version 8.2.3 [v8-stable] 2014-??-?? +- bugfix: ommysql: handle/mem leak upon termination of worker thread + This could become bad if the (instance) worker threads are often + started and terminated. But it takes quite a while to show effect. +--------------------------------------------------------------------------- +Version 8.2.2 [v8-stable] 2014-06-02 +- made the missing (contributed) modules build under v8 + Note that we could do this to the stable, because there is NO regression + chance at all: only the modules themselves were changed, and they did + NOT work at all previously. Please also note that most of these modules + did not yet receive real testing. As we don't have the necessary + environments (easily enough available), we depend on users submitting + error reports and helping to iron out any issues that may arise. + Modules: + * mmrfc5424addhmac + * omrabbitmq + * omgssapi + * omhdfs + * omzmq3 +--------------------------------------------------------------------------- +Version 8.2.1 [v8-stable] 2014-04-17 +- permits to build against json-c 0.12 + Unfortunately, json-c had an ABI breakage, so this is necessary. Note + that versions prior to 0.12 had security issues (CVE-2013-6370, + CVE-2013-6371) and so it is desirable to link against the new version. + Thanks to Thomas D. for the patch. Note that at least some distros + have fixed the security issue in older versions of json-c, so this + seems to apply mostly when building from sources. +- doc is no longer shipped as part of the rsyslog tarball + Instead, the rsyslog-doc project creates its own tarball. This is the + result of a mailing list discussion after the 8.2.0 release with a + tarball-in-tarball approach, which was disliked by almost all distro + maintainers. This move also has the advantage of de-coupling the + release cycles of both projects a bit (which turned out to be a bit + problematic in practice). +- bugfix: mmutf8fix did not detect two invalid sequences + Thanks to Axel Rau for the patch. +--------------------------------------------------------------------------- +Version 8.2.0 [v8-stable] 2014-04-02 +This starts a new stable branch based on 8.1.6 plus the following changes: +- we now use doc from the rsyslog-doc project + As such, the ./doc subtree has been removed. Instead, a cache of the + rsyslog-doc project's files has been included in ./rsyslog-doc.tar.gz. + Note that the exact distribution mode for the doc is still under + discussion and may change in future releases. + This was agreed upon on the rsyslog mailing list. For doc issues + and corrections, be sure to work with the rsyslog-doc project. It is + currently hosted at https://github.com/rsyslog/rsyslog-doc +- add support for specifying the liblogging-stdlog channel spec + new global parameter "stdlog.channelspec" +- add "defaultnetstreamdrivercertfile" global variable to set a default + for the certfile. + Thanks to Radu Gheorghe for the patch. +- omelasticsearch: add new "usehttps" parameter for secured connections + Thanks to Radu Gheorghe for the patch. +- "action resumed" message now also specifies module type + which makes troubleshooting a bit easier. Note that we cannot output all + the config details (like destination etc) as this would require much more + elaborate code changes, which we at least do not like to do in the + stable version. +- add capability to override GnuTLS path in build process + Thanks to Clayton Shotwell for the patch +- better and more consistent action naming, action queues now always + contain the word "queue" after the action name +- bugfix: ompipe did resume itself even when it was still in error + See: https://github.com/rsyslog/rsyslog/issues/35 + Thanks to github user schplat for reporting +- bugfix: ompipe used invalid default template + This is a regression from an old change (didn't track it down precisely, + but over a year ago). It used the Forwarding template instead of + the file template (so we have a full syslog header). This fix corrects + it back to previous behavior, but new scripts that used the wrong + format may now need to have the RSYSLOG_ForwardingFormat template + explicitly be applied. + closes: https://github.com/rsyslog/rsyslog/issues/50 +--------------------------------------------------------------------------- +Version 8.1.6 [release candidate] 2014-02-20 +- omfile: permit to set global defaults for action parameters + Thanks to Nathan Brown for the patch. + See also: https://github.com/rsyslog/rsyslog/pull/23 +- add capability to escape control characters in the C way of doing it + adds new global parameter "parser.escapeControlCharactersCStyle" + Thanks to Nathan Brown for the patch. + See also: https://github.com/rsyslog/rsyslog/pull/13 +- parser global parameters can now be set using RainerScript global() + Thanks to Nathan Brown for the patch. + See also: https://github.com/rsyslog/rsyslog/pull/23 +- omprog: guard program-to-be-executed against CTL-C + This can frequently happen in debug mode, where rsyslog is terminated + by ctl-c. In any case, SIGINT is not meant to control the child process, + so it should be blocked. +- omprog bugfix: parameter "forceSingleInstance" is NOT mandatory +- add new jsonr property replacer option + Thanks to Nathan Brown for the patch. +- added external plugin interface +- ommongodb: add authentication support (untested) + Thanks to JT for the patch. + See also: https://github.com/rsyslog/rsyslog/pull/17 +- bugfix: json templates are improperly created + Strings miss the terminating NUL character, which obviously can lead + to all sorts of problems. + See also: https://github.com/rsyslog/rsyslog/issues/27 + Thanks to Alain for the analysis and the patch. +- ompgsql bugfix: improper handling of auto-backgrounding mode + If rsyslog was set to auto-background itself (default code behavior, but + many distros now turn it off for good reason), ompgsql could not + properly connect. This could even lead to a segfault. The core reason + was that a PG session handle was kept open over a fork, something that + is explicitly forbidden in the PG API. + Thanks to Alain for the analysis and the patch. +- bugfix: ommongodb's template parameter was mandatory but should have + been optional + Thanks to Alain for the analysis and the patch. +- bugfix: end of batch processing was not 100% correct. Could lead to + outputs not properly writing messages. At least omelasticsearch did not + write anything to the database due to this bug. + See: https://github.com/rsyslog/rsyslog/issues/10 + Thanks to Radu Gheorghe for reporting the issue. +--------------------------------------------------------------------------- +Version 8.1.5 [devel] 2014-01-24 +- omprog: ability to execute multiple program instances per action + It can now execute one program instance per worker thread. This is + generally a very good thing the have performance wise. Usually, this + should cause no problems with the invoked program. For that reason, + we have decided to make this the default mode of operation. If not + desired, it can be turned off via the 'forceSingleInstance="on"' + action parameter. + CHANGE OF BEHAVIOR: previous versions did always execute only one + instance per action, no matter how many workers were active. If + your program has special needs, you need to change your configuration. +- imfile now supports inotify (but must be explicitly turned on) +- imfile no longer has a limit on number of monitored files +- added ProcessInternalMessages global system parameter + This permits to inject rsyslog status messages into *another* main + syslogd or the journal. +- new dependency: liblogging-stdlog (for submitting to external logger) +- bugfix: imuxsock input parameters were not accepted + due to copy&paste error. Thanks to Andy Goldstein for the fix. +--------------------------------------------------------------------------- +Version 8.1.4 [devel] 2014-01-10 +- add exec_template() RainerScript function +- imrelp: support for TCP KEEPALIVE added +- bumped librelp dependency to 1.2.2 to support new KEEPALIVE feature +- Add directives for numerically specifying GIDs/UIDs + The already present directives (FileOwner, FileGroup, DirOwner, + DirGroup) translate names to numerical IDs, which depends on the user + information being available during rsyslog's startup. This can fail if + the information is obtained over a network or from a service such as + SSSD. The new directives provide a way to specify the numerical IDs + directly and bypass the lookup. + Thanks to Tomas Heinrich for the patch. +- bugfix: action commitTransaction() processing did not properly handle + suspended actions +- bugfix: omelasticsearch fail.es stats counter was improperly maintained +--------------------------------------------------------------------------- +Version 8.1.3 [devel] 2013-12-06 + +THIS VERSION CAN BE CONSIDERED A "NORMAL" DEVEL RELEASE. It's no longer +highly experimental. This assertion is based on real-world feedback. + +- changes to the strgen module interface +- new output module interface for transactional modules +- performance improvements + * reduced number of malloc/frees due to further changes to the + output module interface + * reduced number of malloc/frees during string template processing + We now re-use once allocated string template memory for as long + as the worker thread exists. This saves us from doing new memory + allocs (and their free counterpart) when the next message is + processed. The drawback is that the cache always is the size of + the so-far largest message processed. This is not considered a + problem, as in any case a single messages' memory footprint should + be far lower than that of a whole set of messages (especially on + busy servers). + * used variable qualifiers (const, __restrict__) to hopefully help + the compiler generate somewhat faster code +- failed action detection more precisely for a number of actions + If an action uses string parameter passing but is non-transactional + it can be executed immediately, giving a quicker indication of + action failure. +- bugfix: limiting queue disk space did not work properly + * queue.maxdiskspace actually initializes queue.maxfilesize + * total size of queue files was not checked against + queue.maxdiskspace for disk assisted queues. + Thanks to Karol Jurak for the patch. +--------------------------------------------------------------------------- +Version 8.1.2 [experimental] 2013-11-28 +- support for liblognorm1 added - results in performance improvements + Thanks to Pavel Levshin for his work in this regard. +- support for jemalloc added via --enable-jemalloc + Thanks to Pavel Levshin for suggesting jemalloc + Note that build system is experimental at this stage. +- queue defaults have changed + * high water mark is now dynamically 90% of queue size + * low water makr is now dynamically 70% of queue size + * queue.discardMark is now dynamically 98% of queue size + * queue.workerThreadMinimumMessage set to queue.size / num workers + For queues with very low queue.maxSize (< 100), "emergency" defaults + will be used. +- bugfix: disk queues created files in wrong working directory + if the $WorkDirectory was changed multiple times, all queues only + used the last value set. +- bugfix: legacy directive $ActionQueueWorkerThreads was not honored +- bugfix: mmrfc5424addhmac: "key" parameter was not properly processed +--------------------------------------------------------------------------- +Version 8.1.1 [experimental] 2013-11-19 +- bugfix: STOP/discard(~) was mostly NOT honored + This lead to execution of config code that was not meant to be executed. +- bugfix: memory leak on worker thread termination +- bugfix: potential segfault in omfile under heavy load + Thanks to Pavel Levshin for alerting us. +- bugfix: mmsequence: instance mode did not work + Thanks to Pavel Levshin for the patch +- bugfix: segfault on startup when certain script constructs are used + e.g. "if not $msg ..." +- omhiredis: now supports v8 output module interface and works again + Thanks to Pavel Levshin for the patch +- mmaudit: now supports v8 output module interface and work again +- bugfix: potential abort on startup in debug mode + This depends on template type being used. The root cause was a + non-necessary debug output, which were at the wrong spot (leftover from + initial testing). + Thanks to Pavel Levshin for alerting us and providing a patch + proposal. +--------------------------------------------------------------------------- +Version 8.1.0 [experimental] 2013-11-15 +- rewritten core engine for higher performance and new features + In detail: + * completely rewritten rule execution engine + * completely changed output module interface + * remodelled output module interface + * enabled important output modules to support full concurrent + operation + The core engine has been considerably changed and must be considered + experimental at this stage. Note that it does not yet include all + features planned for v8, but is close to this goal. In theory, the + engine should perform much better, especially on complex configurations + and busy servers. Most importantly, actions instances can now be called + concurrently from worker threads and many important output modules + support multiple concurrent action instances natively. +- module omruleset is no longer enabled by default. + Note that it has been deprecated in v7 and been replaced by the "call" + statement. Also, it can still be build without problems, the option must + just explicitly be given. +--------------------------------------------------------------------------- +Version 7.6.8 [v7.6-stable] 2014-10-?? +- bugfix: typo in queue configuration parameter made parameter unusable + Thanks to Bojan Smojver for the patch. +- bugfix imuxsock: possible segfault when SysSock.Use="off" + Thanks to alexjfisher for reporting this issue. + closes https://github.com/rsyslog/rsyslog/issues/140 +- bugfix: uninitialized buffer off-by-one error in hostname generation + The DNS cache used uninitialized memory, which could lead to + invalid hostname generation. + Thanks to Jarrod Sayers for alerting us and providing analysis and + patch recommendations. +- remove zpipe (a testing tool) from --enable-diagtools + This tool is no longer maintained and currently not used inside the + testbench. We keep it in the source tree for the time being in case that + it may be used in the future. +- bugfix: imjournal did not build properly + The build succeeded, but the module did not load due to a type in + a support function name, which kept unresolved during load. +- bugfix imklog: pri was miscalculated + actually, the pri was totally off the real value for PRIs > 9 +- bugfix rsgtutil: sometimes crashed in verify mode if file did not exist +- bugfix rsgtutil: some errors/problems at end of file were not reported + * The verification function in rsgtutil tool did not report deletion of + whole signed blocks of lines from the end of the log file. + * The verification function in rsgtutil tool did not report extra + (unsigned) lines at the end of the log file. + Thanks to Henri Lakk for the patch. +- bugfix: error: json_tokener_errors undeclared when overriding PKGCONFIG + If PKGCONFIG settings for json-c were overridden, presence of + json_tokener_errors was not properly detected. + closes: https://github.com/rsyslog/rsyslog/issues/143 + Thanks to Alex Fisher for alerting us and the patch. +--------------------------------------------------------------------------- +Version 7.6.7 [v7.6-stable] 2014-10-02 +- bugfix: the fix for CVE-2014-3634 did not handle all cases + This is corrected now. + see also: CVE-2014-3683 +- fixed a build problem on some platforms + Thanks to Olaf for the patch +- behavior change: "msg" of messages with invalid PRI set to "rawmsg" + When the PRI is invalid, the rest of the header cannot be valid. So + we move all of it to MSG and do not try to parse it out. Note that + this is not directly related to the security issue but rather done + because it makes most sense. +--------------------------------------------------------------------------- +Version 7.6.6 [v7.6-stable] 2014-09-30 +- bugfix: potential abort when a message with PRI > 191 was processed + if the "pri-text" property was used in active templates, this could + be abused to a remote denial of service from permitted senders + see also: CVE-2014-3634 +- bugfix: potential segfault on startup on 64 bit systems + This happened immediately on startup during config processing. Once + rsyslog got past this stage, it could not happen. +- bugfix: build problems on SuSe Linux + Thanks Andreas Stieger for the patch +--------------------------------------------------------------------------- +Version 7.6.5 [v7.6-stable] 2014-09-17 +- bugfix: in 7.6.4, pri-based filters did not work correctly + messages were distributed to the wrong bins. +- bugfix: build problems on systems without atomic instructions + e.g. RHEL 5; backport from v8 +--------------------------------------------------------------------------- +Version 7.6.4 [v7.6-stable] 2014-09-12 +- add --enable-generate-man-pages configure switch (default: enabled) + This forces generation of man pages, even if cached ones exists. This + "fixes" a typical release tarball nit. While it is hackish, the + benefit is clear given the history of failed tarball releases since + we changed the cached man page handling. It was just too easy to get + that wrong. +- removed obsolete --disable-fsstnd configure option + Thanks to Thomas D. for alerting us. + Closes: https://github.com/rsyslog/rsyslog/issues/72 +- permits to build against json-c 0.12 + Unfortunately, json-c had an ABI breakage, so this is necessary. Note + that versions prior to 0.12 had security issues (CVE-2013-6370, + CVE-2013-6371) and so it is desirable to link against the new version. + Thanks to Thomas D. for the patch. Note that at least some distros + have fixed the security issue in older versions of json-c, so this + seems to apply mostly when building from sources. +- new omfile default module parameters + * filecreatemode + * fileowner + * fileownernum + * filegroup + * filegroupnum + * dirowner + * dirownernum + * dirgroup + * dirgroupnum + Thanks to Karol Jurak for the patch. +- bugfix: memory leak in TCP TLS mode +- bugfix: imfile: if a state file for a different file name was set, + that different file (name) was monitored instead of the configured + one. Now, the state file is deleted and the correct file monitored. + closes: https://github.com/rsyslog/rsyslog/issues/103 +- bugfix: using UUID property could cause segfault +- bugfix: mmutf8fix did not detect two invalid sequences + Thanks to Axel Rau for the patch. +- bugfix: file descriptor leak with Guardtime signatures + When a .gtstate file is opened it is never closed. This is especially + bad when dynafiles frequently get evicted from dynafile cache and be + re-opened again. +- bugfix: busy loop in tcp listener when running out of file descriptors + Thanks to Susant Sahani for the patch. +- bugfix: mishandling of input modules not supporting new input instances + If they did not support this, accidentally the output module part of the + module union was written, leading to unpredictable results. Note: all + core modules do support this interface, but some contributed or very + old ones do not. +- bugfix: double-free when ruleset() parser parameters were used + While unlikely, this could cause stability issues even after the + config phase. +- bugfix: output modules with parameters with multiple passing modes + could caused strange behavior including aborts + This was due to the fact that the action module only preserved and + processed the last set passing mode. Note that this was not a problem + for the plugins provided by the rsyslog git: none of them uses different + passing modes. + Thanks to Tomas Heinrich for providing a very detailed bug report. +- various fixes after coverity scan + These do not address issues seen in practice but those seen by the tool. + Some of them may affect practical deployments. + Thanks to Tomas Heinrich for the patches. +- bugfix imuxsock: "Last message repeated..." was not emitted at shutdown + The "Last message repeated..." notice didn't get printed if rsyslog was + shut down before the repetition was broken. + Thanks to Tomas Heinrich for the patch. +- bugfix: make dist failed when GUARDTIME or LIBGCRYPT feature was disabled +- bugfix: mmjsonparse did not build with json-c < 0.10 + This was a regression introduced some time in the past in order to + support API changes in json-c. Now we check for the version and use + proper code. +- bugfix: mmanon did not properly anonymize IP addresses starting with '9' + Thanks to defa-at-so36.net for reporting this problem. + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=529 +--------------------------------------------------------------------------- +Version 7.6.3 [v7.6-stable] 2014-03-27 +- add capability to override GnuTLS path in build process + Thanks to Clayton Shotwell for the patch +- support for librelp 1.2.5 + Support new return states of librelp 1.2.5 to emit better error messages + For obvious reasons, librelp 1.2.5 is now required. +- bugfix: ompipe used invalid default template + This is a regression from an old change (didn't track it down precisely, + but over a year ago). It used the Forwarding template instead of + the file template (so we have a full syslog header). This fix corrects + it back to previous behavior, but new scripts that used the wrong + format may now need to have the RSYSLOG_ForwardingFormat template + explicitly be applied. + closes: https://github.com/rsyslog/rsyslog/issues/50 +- bugfix: ompipe did emit many suspension messages for /dev/xconsole + (hopefully now) closes: https://github.com/rsyslog/rsyslog/issues/35 + When it was present, but nobody reading from it. The problem + is the way the rsyslog v7 engine tries to resolve failures in outputs. + It does some retries, and along those lines some state information gets + lost and it is close to impossible to retain it. However, the actual + root problem is that ompipe does not reliably detect if it is able to + recover. The problem here is that it actually does not know this + before it does an actual write. These two things together mess up the + logic that suppresses invalid resumption/suspension messages + (actually, the plugin switches state really that often). + Nevertheless, the prime problem with /dev/xconsole (and probably + most other pipes as well) is that it gets full. So I have now added + code that checks, during resume processing, if the pipe is writable. + If it is not, resume is deferred. That should address the case. +--------------------------------------------------------------------------- +Version 7.6.2 [v7.6-stable] 2014-03-17 +- support for librelp 1.2.4 + This was necessary due to the problems with librelp 1.2.3 API stability. + We now use the new native 1.2.4 APIs to learn about the state of + librelp's TLS support. + For obvious reasons, librelp 1.2.4 is now required. +--------------------------------------------------------------------------- +Version 7.6.1 [v7.6-stable] 2014-03-13 +- added "action.reportSuspension" action parameter + This now permits to control handling on a per-action basis rather to + the previous "global setting only". +- "action resumed" message now also specifies module type + which makes troubleshooting a bit easier. Note that we cannot output all + the config details (like destination etc) as this would require much more + elaborate code changes, which we at least do not like to do in the + stable version. +- better and more consistent action naming, action queues now always + contain the word "queue" after the action name +- add support for "tls-less" librelp + we now require librelp 1.2.3, as we need the new error code definition + See also: https://github.com/rsyslog/librelp/issues/1 +- build system improvements + * autoconf subdir option + * support for newer json-c packages + Thanks to Michael Biebl for the patches. +- imjournal enhancements: + * log entries with empty message field are no longer ignored + * invalid facility and severity values are replaced by defaults + * new config parameters to set default facility and severity + Thanks to Tomas Heinrich for implementing this +- bugfix: ompipe did resume itself even when it was still in error + See: https://github.com/rsyslog/rsyslog/issues/35 + Thanks to github user schplat for reporting +- bugfix: "action xxx suspended" did report incorrect error code +- bugfix: ommongodb's template parameter was mandatory but should have + been optional + Thanks to Alain for the analysis and the patch. +- bugfix: only partial doc was put into distribution tarball + Thanks to Michael Biebl for alerting us. + see also: https://github.com/rsyslog/rsyslog/issues/31 +- bugfix: async ruleset did process already-deleted messages + Thanks to John Novotny for the patch. +--------------------------------------------------------------------------- +Version 7.6.0 [v7.6-stable] 2014-02-12 +This starts a new stable branch based on 7.5.8 plus the following changes: +- bugfix: imuxsock input parameters were not accepted + due to copy&paste error. Thanks to Andy Goldstein for the fix. +- added ProcessInternalMessages global system parameter + This permits to inject rsyslog status messages into *another* main + syslogd or the journal. +- new dependency: liblogging-stdlog (for submitting to external logger) +- bugfix: json templates are improperly created + Strings miss the terminating NUL character, which obviously can lead + to all sorts of problems. + See also: https://github.com/rsyslog/rsyslog/issues/27 + Thanks to Alain for the analysis and the patch. +- ompgsql bugfix: improper handling of auto-backgrounding mode + If rsyslog was set to auto-background itself (default code behavior, but + many distros now turn it off for good reason), ompgsql could not + properly connect. This could even lead to a segfault. The core reason + was that a PG session handle was kept open over a fork, something that + is explicitly forbidden in the PG API. + Thanks to Alain for the analysis and the patch. +--------------------------------------------------------------------------- +Version 7.5.8 [v7-release candidate] 2014-01-09 +- add exec_template() RainerScript function +- add debug.onShutdown and debug.logFile global parameters + These enable the new "debug on shutdown" mode, which can be used to + track hard to find problems that occur during system shutdown. +- Add directives for numerically specifying GIDs/UIDs + The already present directives (FileOwner, FileGroup, DirOwner, + DirGroup) translate names to numerical IDs, which depends on the user + information being available during rsyslog's startup. This can fail if + the information is obtained over a network or from a service such as + SSSD. The new directives provide a way to specify the numerical IDs + directly and bypass the lookup. + Thanks to Tomas Heinrich for the patch. +- actions now report if they suspend and resume themselves + this is by default on and controllable by the action.reportSuspension + global parameter +- bugfix: omelasticsearch fail.es stats counter was improperly maintained +- bugfix: mmrfc5424addhmac: "key" parameter was not properly processed +- add new impstats action counters: + * suspended + * suspended.duration + * resumed +--------------------------------------------------------------------------- +Version 7.5.7 [v7-devel] 2013-11-25 +- queue defaults have changed + * high water mark is now dynamically 90% of queue size + * low water makr is now dynamically 70% of queue size + * queue.discardMark is now dynamically 98% of queue size + * queue.workerThreadMinimumMessage set to queue.size / num workers + For queues with very low queue.maxSize (< 100), "emergency" defaults + will be used. +- worker thread pool handling has been improved + Among others, permits pool to actually shrink (was quite hard with + previous implementation. This will also improve performance and/or + lower system overhead on busy systems. + Thanks to Pavel Levshin for the enhancement. +- bugfix: mmpstrucdata generated inaccessible properties +- bugfix: RainerScript optimizer did not optimize PRI filters + things like "if $syslogfacility-text == "local3"" were not converted + to PRIFILT. This was a regression introduced in 7.5.6. +- bugfix: legacy directive $ActionQueueWorkerThreads was not honored +- bugfix: segfault on startup when certain script constructs are used + e.g. "if not $msg ..." +- bugfix: ommysql lost configfile/section parameters after first close + This means that when a connection was broken, it was probably + re-instantiated with different parameters than configured. +- bugfix: regression in template processing with subtrees in templates + Thanks to Pavel Levshin for the fix +- bugfix: regular worker threads are not properly (re)started if DA + mode is active. + This occurs only under rare conditions, but definitely is a bug that + needed to be addressed. It probably is present since version 4. + Note that this patch has not been applied to v7.4-stable, as it + is very unlikely to happen and the fix itself has some regression + potential (the fix looks very solid, but it addresses a core component). + Thanks to Pavel Levshin for the fix +- now emit warning message if om with msg passing mode uses action queue + These can modify the message, and this causes races. +- bugfix: $SystemLogUseSysTimeStamp/$SystemLogUsePIDFromSystem did not work + Thanks to Tomas Heinrich for the patch. +--------------------------------------------------------------------------- +Version 7.5.6 [devel] 2013-10-29 +- impstats: add capability to bind to a ruleset +- improved performance of RainerScript variable access + by refactoring the whole body of variable handling code. This also + solves some of the anomalies experienced in some versions of rsyslog. + All variable types are now handled in unified code, including + access via templates. +- RainerScript: make use of 64 bit for numbers where available + Thanks to Pavel Levshin for enhancement. +- slight performance optimization if GCC is used + We give branch prediction hints for the frequent RETiRet macro which is + used for error handling. Some slight performance gain is to be expected + from that. +- removed global variable support + The original idea was not well thought out and global variables, as + implemented, worked far different from what anybody would expect. As + such, we consider the current approach as an experiment that did not + work out and opt to removing it, clearing the way for a better future + solution. Note: global vars were introduced in 7.5.3 on Sept, 11th 2013. +- new module mmsequence, primarily used for action load balancing + Thanks to Pavel Levshin for contributing this module. +- bugfix: unset statement always worked on message var, even if local + var was given +- imudp: support for binding to ruleset added +- bugfix: segfault if variable was assigned to non-container subtree + Thanks to Pavel Levshin for the fix +- bugfix: imuxsock did not support addtl sockets if syssock was disabled + Thanks to Pavel Levshin for the fix +- bugfix: running imupd on multiple threads lead to segfault if recvmmsg + is available +- bugfix: imudp when using recvmmsg could report wrong sender IP +- bugfix: segfault if re_extract() function was used and no match found +- bugfix: omelasticsearch did not compile on platforms without atomic + instructions +- bugfix: potential misaddressing on startup if property-filter was used + This could happen if the property name was longer than 127 chars, a case + that would not happen in practice. +- bugfix: invalid property filter was not properly disabled in ruleset + Note: the cosmetic memory leak introduced with that patch in 7.4.5 is + now also fixed. +- imported bugfixes from 7.4.6 stable release +--------------------------------------------------------------------------- +Version 7.5.5 [devel] 2013-10-16 +- imfile: permit to monitor an unlimited number of files +- imptcp: add "defaultTZ" input parameter +- imudp: support for multiple receiver threads added +- imudp: add "dfltTZ" input config parameter +- bugfix: memory leak in mmnormalize +- bugfix: mmutf8fix did not properly handle invalid UTF-8 at END of message + if the very last character sequence was too long, this was not detected + Thanks to Risto Vaarandi for reporting this problem. +- mmanon: removed the check for specific "terminator characters" after + last octet. As it turned out, this didn't work in practice as there + was an enormous set of potential terminator chars -- so removing + them was the best thing to do. Note that this may change behavior of + existing installations. Yet, we still consider this an important + bugfix, that should be applied to the stable branch. + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=477 + Thanks to Muri Cicanor for initiating the discussion +- now requires libestr 0.1.7 as early versions had a nasty bug in + string comparisons +- bugfix: mmanon did not detect all IP addresses in rewrite mode + The problem occurred if two IPs were close to each other and the first one + was shrunk. + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=485 + Thanks to micah-at-riseup.net for reporting this bug +- bugfix: mmanon sometimes used invalid replacement char in simple mode + depending on configuration sequence, the replacement character was set + to 's' instead of the correct value. Most importantly, it was set to + 's' if simple mode was selected and no replacement char set. + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=484 + Thanks to micah-at-riseup.net for reporting this bug +- bugfix: memory leak in mmnormalize +- bugfix: array-based ==/!= comparisons lead to invalid results + This was a regression introduced in 7.3.5 bei the PRI optimizer +--------------------------------------------------------------------------- +Version 7.5.4 [devel] 2013-10-07 +- mmpstrucdata: new module to parse RFC5424 structured data into json + message properties +- change main/ruleset queue defaults to be more enterprise-like + new defaults are queue.size 100,000 max workers 2, worker + activation after 40,000 msgs are queued, batch size 256. These settings + are much more useful for enterprises and will not hurt low-end systems + that much. This is part of our re-focus on enterprise needs. +- omfwd: new action parameter "maxErrorMessages" added +- omfile: new module parameters to set action defaults added + * dirCreateMode + * fileCreateMode +- mmutf8fix: new module to fix invalid UTF-8 sequences +- imuxsock: handle unlimited number of additional listen sockets +- doc: improve usability by linking to relevant web resources + The idea is to enable users to quickly find additional information, + samples, HOWTOs and the like on the main site. + At the same time, (very) slightly remove memory footprint when + few listeners are monitored. +- bugfix: omfwd parameter streamdrivermode was not properly handled + it was always overwritten by whatever value was set via the + legacy directive $ActionSendStreamDriverMode +- imtcp: add streamdriver.name module parameter + permits overriding the system default stream driver (gtls, ptcp) +- bugfix: build system: libgcrypt.h needed even if libgrcypt was disabled + Thanks to Jonny Törnbom for reporting this problem +- imported bugfixes from 7.4.4 +--------------------------------------------------------------------------- +Version 7.5.3 [devel] 2013-09-11 +- imfile: support for escaping LF characters added + embedded LF in syslog messages cause a lot of trouble. imfile now has + the capability to escape them to "#012" (just like the regular control + character escape option). This requires new-style input statements to be + used. If legacy configuration statements are used, LF escaping is always + turned off to preserve compatibility. + NOTE: if input() statements were already used, there is a CHANGE OF + BEHAVIOR: starting with this version, escaping is enabled by + default. So if you do not want it, you need to add + escapeLF="off" + to the input statement. Given the trouble LFs cause and the fact + that the majority of installations still use legacy config, we + considered this behavior change acceptable and useful. + see also: http://blog.gerhards.net/2013/09/imfile-multi-line-messages.html +- add support for global and local variables +- bugfix: queue file size was not correctly processed + this could lead to using one queue file per message for sizes >2GiB + Thanks to Tomas Heinrich for the patch. +- add main_queue() configuration object to configure main message queue +- bugfix: stream compression in imptcp caused timestamp to be corrupted +- imudp: add ability to specify SO_RCVBUF size (rcvbufSize parameter) +- imudp: use inputname for statistics, if configured +- impstats: add process resource usage counters [via getrusage()] +- impstats: add parameter "resetCounters" to report delta values + possible for most, but not all, counters. See doc for details. +- librelp 1.2.0 is now required +- make use of new librelp generic error reporting facility + This leads to more error messages being passed to the user and + thus simplified troubleshooting. +- bugfix: very small memory leak in imrelp + more or less cosmetic, a single memory block was not freed, but this + only happens immediately before termination (when the OS automatically + frees all memory). Still an annoyance e.g. in valgrind. +- fix compile problem in debug build +- imported fixes from 7.4.4 +--------------------------------------------------------------------------- +Version 7.5.2 [devel] 2013-07-04 +- librelp 1.1.4 is now required + We use API extensions for better error reporting and higher performance. +- omrelp: use transactional mode to make imrelp emit bulk sends +- omrelp: add "windowSize" parameter to set custom RELP window size +- bugfix: double-free in omelasticsearch + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=461 + a security advisory for this bug is available at: + http://www.lsexperts.de/advisories/lse-2013-07-03.txt + CVE: CVE-2013-4758 + PLEASE NOTE: This issue only existed if omelasticsearch was used + in a non-default configuration, where the "errorfile" parameter + was specified. Without that parameter set, the bug could not + be triggered. + Thanks to Markus Vervier and Marius Ionescu for providing a detailed + bug report. Special thanks to Markus for coordinating his security + advisory with us. +- doc: fixed various typos + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=391 + Thanks to Georgi Georgiev for the patch. +--------------------------------------------------------------------------- +Version 7.5.1 [devel] 2013-06-26 +- librelp 1.1.3 is required - older versions can lead to a segfault +- add mmfields, which among others supports easy parsing of CEF messages +- omrelp: + * new parameter "compression.prioritystring" to control encryption + parameters used by GnuTLS +- imrelp: + * new parameter "compression.dhbits" to control the number of + bits being used for Diffie-Hellman key generation + * new parameter "compression.prioritystring" to control encryption + parameters used by GnuTLS + * support for impstats added + * support for setting permitted peers (client authentication) added + * bugfix: potential segfault at startup on invalid config parameters +- imjournal: imported patches from 7.4.1 +- omprog: add support for command line parameters +- added experimental TCP stream compression (imptcp only, currently) +- added BSD-specific syslog facilities + * "console" + * "bsd_security" - this is called "security" under BSD, but that name + was unfortunately already taken by some standard facility. So I + did the (hopefully) second-best thing and renamed it a little. +- imported fixes from 7.4.2 (especially build problems on FreeBSD) +- bugfix: imptcp did not properly initialize compression status variable + could lead to segfault if stream:always compression mode was selected +--------------------------------------------------------------------------- +Version 7.5.0 [devel] 2013-06-11 +- imrelp: implement "ruleset" module parameter +- imrelp/omrelp: add TLS & compression (zip) support +- omrelp: add "rebindInterval" parameter +- add -S command line option to specify IP address to use for RELP client + connections + Thanks to Axel Rau for the patch. +--------------------------------------------------------------------------- +Version 7.4.11 [v7.4-stable] *never released* +- imjournal enhancements: + * log entries with empty message field are no longer ignored + * invalid facility and severity values are replaced by defaults + * new config parameters to set default facility and severity + Thanks to Tomas Heinrich for implementing this +--------------------------------------------------------------------------- +Version 7.4.10 [v7.4-stable] 2014-02-12 +- bugfix: json templates are improperly created + Strings miss the terminating NUL character, which obviously can lead + to all sorts of problems. + See also: https://github.com/rsyslog/rsyslog/issues/27 + Thanks to Alain for the analysis and the patch. +- ompgsql bugfix: improper handling of auto-backgrounding mode + If rsyslog was set to auto-background itself (default code behavior, but + many distros now turn it off for good reason), ompgsql could not + properly connect. This could even lead to a segfault. The core reason + was that a PG session handle was kept open over a fork, something that + is explicitly forbidden in the PG API. + Thanks to Alain for the analysis and the patch. +--------------------------------------------------------------------------- +Version 7.4.9 [v7.4-stable] 2014-01-22 +- added ProcessInternalMessages global system parameter + This permits to inject rsyslog status messages into *another* main + syslogd or the journal. +- new dependency: liblogging-stdlog (for submitting to external logger) +- bugfix: imuxsock input parameters were not accepted + due to copy&paste error. Thanks to Andy Goldstein for the fix. +- bugfix: potential double-free in RainerScript equal comparison + happens if the left-hand operand is JSON object and the right-hand + operand is a non-string that does not convert to a number (for + example, it can be another JSON object, probably the only case that + could happen in practice). This is very unlikely to be triggered. +- bugfix: some RainerScript Json(Variable)/string comparisons were wrong +--------------------------------------------------------------------------- +Version 7.4.8 [v7.4-stable] 2014-01-08 +- rsgtutil provides better error messages on unfinished signature blocks +- bugfix: guard against control characters in internal (error) messages + Thanks to Ahto Truu for alerting us. +- bugfix: immark did emit messages under kern.=info instead of syslog.=info + Note that his can potentially break existing configurations that + rely on immark sending as kern.=info. Unfortunately, we cannot leave + this unfixed as we never should emit messages under the kern facility. +--------------------------------------------------------------------------- +Version 7.4.7 [v7.4-stable] 2013-12-10 +- bugfix: limiting queue disk space did not work properly + * queue.maxdiskspace actually initializes queue.maxfilesize + * total size of queue files was not checked against + queue.maxdiskspace for disk assisted queues. + Thanks to Karol Jurak for the patch. +- bugfix: linux kernel-like ratelimiter did not work properly with all + inputs (for example, it did not work with imdup). The reason was that + the PRI value was used, but that needed parsing of the message, which + was done too late. +- bugfix: disk queues created files in wrong working directory + if the $WorkDirectory was changed multiple times, all queues only + used the last value set. +- bugfix: legacy directive $ActionQueueWorkerThreads was not honored +- bugfix: segfault on startup when certain script constructs are used + e.g. "if not $msg ..." +- bugfix: imuxsock: UseSysTimeStamp config parameter did not work correctly + Thanks to Tomas Heinrich for alerting us and providing a solution + suggestion. +- bugfix: $SystemLogUseSysTimeStamp/$SystemLogUsePIDFromSystem did not work + Thanks to Tomas Heinrich for the patch. +- improved checking of queue config parameters on startup +- bugfix: call to ruleset with async queue did not use the queue + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=443 +- bugfix: if imtcp is loaded and no listeners are configured (which is + uncommon), rsyslog crashes during shutdown. +--------------------------------------------------------------------------- +Version 7.4.6 [v7.4-stable] 2013-10-31 +- bugfix: potential abort during HUP + This could happen when one of imklog, imzmq3, imkmsg, impstats, + imjournal, or imuxsock were under heavy load during a HUP. + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=489 + Thanks to Guy Rozendorn for reporting the problem and Peval Levshin for + his analysis. +- bugfix: imtcp flowControl parameter incorrectly defaulted to "off" + This could cause message loss on systems under heavy load and was + a change-of-behavior to previous version. This is a regression + most probably introduced in 5.9.0 (but did not try hard to find the + exact point of its introduction). +- now requires libestr 0.1.9 as earlier versions lead to problems with + number handling in RainerScript +- bugfix: memory leak in strlen() RainerScript function + Thanks to Gregoire Seux for reporting this bug. + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=486 +- bugfix: buffer overrun if re_extract function was called for submatch 50 + Thanks to Pavel Levshin for reporting the problem and its location. +- bugfix: memleak in re_extract() function + Thanks to Pavel Levshin for reporting this problem. +- bugfix: potential abort in RainerScript optimizer + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=488 + Thanks to Thomas Doll for reporting the problem and Pavel Levshin for + fixing it. +- bugfix: memory leak in omhiredis + Thanks to Pavel Levshin for the fix +- bugfix: segfault if variable was assigned to non-container subtree + Thanks to Pavel Levshin for the fix +--------------------------------------------------------------------------- +Version 7.4.5 [v7.4-stable] 2013-10-22 +- mmanon: removed the check for specific "terminator characters" after + last octet. As it turned out, this didn't work in practice as there + was an enormous set of potential terminator chars -- so removing + them was the best thing to do. Note that this may change behavior of + existing installations. Yet, we still consider this an important + bugfix, that should be applied to the stable branch. + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=477 + Thanks to Muri Cicanor for initiating the discussion +- now requires libestr 0.1.8 as early versions had a nasty bug in + string comparisons +- omelasticsearch: add failed.httprequests stats counter +- bugfix: invalid property filter was not properly disabled in ruleset + Note that this bugfix introduces a very slight memory leak, which is + cosmetic, as it just holds data until termination that is no longer + needed. It is just the part of the config that was invalid. We will + "fix" this "issue" in the devel version first, as the fix is a bit + too intrusive to do without hard need in the stable version. +- bugfix: segfault if re_extract() function was used and no match found +- bugfix: potential misaddressing on startup if property-filter was used + This could happen if the property name was longer than 127 chars, a case + that would not happen in practice. +- bugfix: omelasticsearch: correct failed.http stats counter +- bugfix: omelasticsearch: did not correctly initialize stats counters +- bugfix: omelasticsearch: failed.es counter was only maintained in bulk mode + This usually did not lead to any problems, because they are in static + memory, which is initialized to zero by the OS when the plugin is + loaded. But it may cause problems especially on systems that do not + support atomic instructions - in this case the associated mutexes also + did not get properly initialized. +- bugfix: mmanon did not detect all IP addresses in rewrite mode + The problem occurred if two IPs were close to each other and the first one + was shrunk. + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=485 + Thanks to micah-at-riseup.net for reporting this bug +- bugfix: mmanon sometimes used invalid replacement char in simple mode + depending on configuration sequence, the replacement character was set + to 's' instead of the correct value. Most importantly, it was set to + 's' if simple mode was selected and no replacement char set. + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=484 + Thanks to micah-at-riseup.net for reporting this bug +- bugfix: memory leak in mmnormalize +- bugfix: array-based ==/!= comparisons lead to invalid results + This was a regression introduced in 7.3.5 bei the PRI optimizer +- bugfix: omprog blocked signals to executed programs + The made it impossible to send signals to programs executed via + omprog. + Thanks to Risto Vaarandi for the analysis and a patch. +- bugfix: doc: imuxsock legacy param $SystemLogSocketParseTrusted was + misspelled + Thanks to David Lang for alerting us +- bugfix: imfile "facility" input parameter improperly handled + caused facility not to be set, and severity to be overwritten with + the facility value. + Thanks to forum user dmunny for reporting this bug. +- bugfix: small memory leak in imfile when $ResetConfigVariables was used + Thanks to Grégory Nuyttens for reporting this bug and providing a fix +- bugfix: segfault on startup if TLS was used but no CA cert set +- bugfix: segfault on startup if TCP TLS was used but no cert or key set +- bugfix: some more build problems with newer json-c versions + Thanks to Michael Biebl for mentioning the problem. +- bugfix: build system: libgcrypt.h needed even if libgrcypt was disabled + Thanks to Jonny Törnbom for reporting this problem +--------------------------------------------------------------------------- +Version 7.4.4 [v7.4-stable] 2013-09-03 +- better error messages in GuardTime signature provider + Thanks to Ahto Truu for providing the patch. +- make rsyslog use the new json-c pkgconfig file if available + Thanks to the Gentoo team for the patches. +- bugfix: imfile parameter "persistStateInterval" was unusable + due to a case typo in imfile; work-around was to use legacy config + Thanks to Brandon Murphy for reporting this bug. +- bugfix: TLV16 flag encoding error in signature files from GT provider + This fixes a problem where the TLV16 flag was improperly encoded. + Unfortunately, existing files already have the bug and may not properly + be processed. The fix uses constants from the GuardTime API lib to + prevent such problems in the future. + Thanks to Ahto Truu for providing the patch. +- bugfix: slightly malformed SMTP handling in ommail +- bugfix: segfault in omprog if no template was provided (now dflt is used) +- bugfix: segfault in ompipe if no template was provided (now dflt is used) +- bugfix: segfault in omsnmp if no template was provided (now dflt is used) +- bugfix: some omsnmp optional config params were flagged as mandatory +- bugfix: segfault in omelasticsearch when resuming queued messages + after restarting Elasticsearch + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=464 +- bugfix: imtcp addtlframedelimiter could not be set to zero + Thanks to Chris Norton for alerting us. +- doc bugfix: remove no-longer existing omtemplate from developer doc + was specifically mentioned as a sample for creating new plugins + Thanks to Yannick Brosseau for alerting us of this problem. + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=473 +--------------------------------------------------------------------------- +Version 7.4.3 [v7.4-stable] 2013-07-18 +- bugfix: queue file size was not correctly processed + this could lead to using one queue file per message for sizes >2GiB + Thanks to Tomas Heinrich for the patch. +- bugfix: $QHOUR/$HHOUR were always "00" or "01" + regression some time between v5 and here + Thanks to forum user rjmcinty for reporting this bug +- bugfix: testbench tool chkseq did improperly report invalid file + This happened when permitted duplicate values existed in the very + last lines, right before end-of-file. + Thanks to Radu Gheorghe for reporting this bug. +--------------------------------------------------------------------------- +Version 7.4.3 [v7.4-stable] 2013-07-18 +- bugfix: memory leak if disk queues were used and json data present +- bugfix: CEE/json data was lost during disk queue operation +- bugfix: potential segfault during startup on invalid config + could happen if invalid actions were present, which could lead + to improper handling in optimizer. +- bugfix: 100% CPU utilization when DA queue became full +- bugfix: omlibdbi did not properly close connection on some errors + This happened to errors occurring in Begin/End Transaction entry + points. +- cosmetic bugfix: file name buffer was not freed on disk queue destruction + This was an extremely small one-time per run memleak, so nothing of + concern. However, it bugs under valgrind and similar memory debuggers. +- fix build on FreeBSD + Thanks to Christiano Rolim for the patch +--------------------------------------------------------------------------- +Version 7.4.2 [v7.4-stable] 2013-07-04 +- bugfix: in RFC5425 TLS, multiple wildcards in auth could cause segfault +- bugfix: RainerScript object required parameters were not properly + checked - this could result to segfaults on startup if parameters + were missing. +- bugfix: double-free in omelasticsearch + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=461 + a security advisory for this bug is available at: + http://www.lsexperts.de/advisories/lse-2013-07-03.txt + CVE: CVE-2013-4758 + PLEASE NOTE: This issue only existed if omelasticsearch was used + in a non-default configuration, where the "errorfile" parameter + was specified. Without that parameter set, the bug could not + be triggered. + Thanks to Markus Vervier and Marius Ionescu for providing a detailed + bug report. Special thanks to Markus for coordinating his security + advisory with us. +- bugfix: omrelp potential segfault at startup on invalid config parameters +- bugfix: small memory leak when $uptime property was used +- bugfix: potential segfault on rsyslog termination in imudp + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=456 +- bugfix: lmsig_gt abort on invalid configuration parameters + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=448 + Thanks to Risto Laanoja for the patch. +- imtcp: fix typo in "listner" parameter, which is "listener" + Currently, both names are accepted. +- solved build problems on FreeBSD + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=457 + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=458 + Thanks to Christiano for reporting and suggesting patches +- solved build problems on CENTOS5 +--------------------------------------------------------------------------- +Version 7.4.1 [v7.4-stable] 2013-06-17 +- imjournal: add ratelimiting capability + The original imjournal code did not support ratelimiting at all. We + now have our own ratelimiter. This can mitigate against journal + database corruption, when the journal re-sends old data. This is a + current bug in systemd journal, but we won't outrule this to happen + in the future again. So it is better to have a safeguard in place. + By default, we permit 20,000 messages within 10 minutes. This may + be a bit restrictive, but given the risk potential it seems reasonable. + Users requiring larger traffic flows can always adjust the value. +- bugfix: potential loop in rate limiting + if the message that tells about rate-limiting gets rate-limited itself, + it will potentially create and endless loop +- bugfix: potential segfault in imjournal if journal DB is corrupted +- bugfix: prevent a segfault in imjournal if state file is not defined +- bugfix imzmq3: potential segfault on startup + if no problem happened at startup, everything went fine + Thanks to Hongfei Cheng and Brian Knox for the patch +--------------------------------------------------------------------------- +Version 7.4.0 [v7.4-stable] 2013-06-06 +This starts a new stable branch based on 7.3.15 plus the following changes: +- add --enable-cached-man-pages ./configure option + permits to build rsyslog on a system where rst2man is not installed. In + that case, cached versions of the man pages are used (they were built + during "make dist", so they should be current for the version in + question. +- doc bugfix: ReadMode wrong in imfile doc, two values were swapped + Thanks to jokajak@gmail.com for mentioning this + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=450 +- imjournal: no longer do periodic wakeup +- bugfix: potential hang *in debug mode* on rsyslogd termination + This ONLY affected rsyslogd if it were running with debug output + enabled. +- bugfix: $template statement with multiple spaces lead to invalid tpl name + If multiple spaces were used in front of the template name, all but one + of them became actually part of the template name. So + $template a,"..." would be name " a", and as such "a" was not + available, e.g. in + *.* /var/log/file;a + This is a legacy config problem. As it was unreported for many years, + no backport of the fix to old versions will happen. + This is a long-standing bug that was only recently reported by forum + user mc-sim. + Reference: http://kb.monitorware.com/post23448.html +- 0mq fixes; credits to Hongfei Cheng and Brian Knox +--------------------------------------------------------------------------- +Version 7.3.15 [beta] 2013-05-15 +- bugfix: problem in build system (especially when cross-compiling) + Thanks to Tomas Heinrich and winfried_mb2@xmsnet.nl for the patch. + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=445 +- bugfix: imjournal had problem with systemd journal API change +- imjournal: now obtain and include PID +- bugfix: .logsig files had tlv16 indicator bit at wrong offset +- bugfix: omrelp legacy config parameters set a timeout of zero + which lead the legacy config to be unusable. +- bugfix: segfault on startup if a disk queue was configure without file + name + Now this triggers an error message and the queue is changed to + linkedList type. +- bugfix: invalid addressing in string class (recent regression) +--------------------------------------------------------------------------- +Version 7.3.14 [beta] 2013-05-06 +- bugfix: some man pages were not properly installed + either rscryutil or rsgtutil man was installed, but not both + Thanks to Marius Tomaschewski for the patch. +- bugfix: potential segfault on startup when builtin module was specified + in module() statement. + Thanks to Marius Tomaschewski for reporting the bug. +- bugfix: segfault due to invalid dynafile cache handling + Accidentally, the old-style cache size parameter was used when the + dynafile cache was created in a RainerScript action. If the old-style + size was lower than the one actually set, this lead to misaddressing + when the size was overrun, and that could lead to all kinds of + "interesting things", often in segfaults. + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=440 +--------------------------------------------------------------------------- +Version 7.3.13 [beta] 2013-04-29 +- added omrabbitmq module (contributed, untested) + Note: this is unsupported and as such was moved immediately into the + beta version. + Thanks to Vaclav Tomec for providing this module. +- bugfix: build problem when --enable-encryption was not selected + Thanks to Michael Biebl for fixing this. +- doc bugfix: omfile parameter "VeryRobustZip" was documented as + "VeryReliableZip" + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=437 + Thanks to Thomas Doll for reporting this. +--------------------------------------------------------------------------- +Version 7.3.12 [devel] 2013-04-25 +- added doc for omelasticsearch + Thanks to Radu Gheorghe for the doc contribution. +- omelasticsearch: _id field support for bulk operations + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=392 + Thanks to Jérôme Renard for the idea and patches. +- max number of templates for plugin use has been increased to five +- platform compatibility enhancement: solve compile issue with libgcrypt + do not use GCRY_CIPHER_MODE_AESWRAP where not available +- fix compile on Solaris + Thanks to Martin Carpenter for the patch. +- bugfix: off-by-one error in handling local FQDN name (regression) + A temporary buffer was allocated one byte too small. Did only + affect startup, not actual operations. Came up during routine tests, + and can have no effect once the engine runs. Bug was introduced in + 7.3.11. +- bugfix: build problems on Solaris + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=436 +- bugfix: block size limit was not properly honored +- bugfix: potential segfault in guardtime signature provider + it could segfault if an error was reported by the GuardTime API, because + an invalid free could happen then +--------------------------------------------------------------------------- +Version 7.3.11 [devel] 2013-04-23 +- added support for encrypting log files +- omhiredis: added support for redis pipeline support + Thanks to Brian Knox for the patch. +- bugfix: $PreserveFQDN is not properly working + Thanks to Louis Bouchard for the patch + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=426 +- bugfix: imuxsock aborted due to problem in ratelimiting code + Thanks to Tomas Heinrich for the patch. +- bugfix: imuxsock aborted under some conditions + regression from ratelimiting enhancements - this was a different one + to the one Tomas Heinrich patched. +- bugfix: timestamp problems in imkmsg +--------------------------------------------------------------------------- +Version 7.3.10 [devel] 2013-04-10 +- added RainerScript re_extract() function +- omrelp: added support for RainerScript-based configuration +- omrelp: added ability to specify session timeout +- templates now permit substring extraction relative to end-of-string +- bugfix: failover/action suspend did not work correctly + This was experienced if the retry action took more than one second + to complete. For suspending, a cached timestamp was used, and if the + retry took longer, that timestamp was already in the past. As a + result, the action never was kept in suspended state, and as such + no failover happened. The suspend functionality now does no longer use + the cached timestamp (should not have any performance implication, as + action suspend occurs very infrequently). +- bugfix: gnutls RFC5425 driver had some undersized buffers + Thanks to Tomas Heinrich for the patch. +- bugfix: nested if/prifilt conditions did not work properly + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=415 +- bugfix: imuxsock aborted under some conditions + regression from ratelimiting enhancements +- bugfix: build problems on Solaris + Thanks to Martin Carpenter for the patches. +--------------------------------------------------------------------------- +Version 7.3.9 [devel] 2013-03-27 +- support for signing logs added +- imudp: now supports user-selectable inputname +- omlibdbi: now supports transaction interface + if recent enough lbdbi is present +- imuxsock: add ability to NOT create/delete sockets during startup and + shutdown + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=259 +- imfile: errors persisting state file are now reported + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=292 +- imfile: now detects file change when rsyslog was inactive + Previously, this case could not be detected, so if a file was overwritten + or rotated away while rsyslog was stopped, some data was missing. This + is now detected and the new file being forwarded right from the + beginning. + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=228 +- updated systemd files to match current systemd source +- bugfix: imudp scheduling parameters did affect main thread, not imudp + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=409 +- bugfix: build problem on platforms without GLOB_NOMAGIC +- bugfix: build problems on non-Linux platforms +- bugfix: stdout/stderr were not closed on forking + but were closed when running in the foreground - this was just reversed + of what it should be. This is a regression of a recent change. +--------------------------------------------------------------------------- +Version 7.3.8 [devel] 2013-03-18 +- imrelp: now supports listening to IPv4/v6 only instead of always both + build now requires librelp 1.0.2 + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=378 +- bugfix: mmanon did not build on some platforms (e.g. Ubuntu) +- bugfix: segfault in expression optimizer + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=423 +- bugfix: imuxsock was missing SysSock.ParseTrusted module parameter + To use that functionality, legacy rsyslog.conf syntax had to be used. + Also, the doc was missing information on the "ParseTrusted" set of + config directives. +- bugfix: include files got included in the wrong order + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=411 + This happens if an $IncludeConfig directive was done on multiple + files (e.g. the distro default of $IncludeConfig /etc/rsyslog.d/*.conf). + In that case, the order of include file processing is reversed, which + could lead to all sorts of problems. + Thanks to Nathan Stratton Treadway for his great analysis of the problem, + which made bug fixing really easy. +--------------------------------------------------------------------------- +Version 7.3.7 [devel] 2013-03-12 +- add support for anonymizing IPv4 addresses +- add support for writing to the Linux Journal (omjournal) +- imuxsock: add capability to ignore messages from ourselves + This helps prevent message routing loops, and is vital to have + if omjournal is used together with traditional syslog. +- field() function now supports a string as field delimiter +- added ability to configure debug system via rsyslog.conf +- bugfix: imuxsock segfault when system log socket was used +- bugfix: mmjsonparse segfault if new-style config was used +- bugfix: script == comparison did not work properly on JSON objects +- bugfix: field() function did never return "***FIELD NOT FOUND***" + instead it returned "***ERROR in field() FUNCTION***" in that case +--------------------------------------------------------------------------- +Version 7.3.6 [devel] 2013-01-28 +- greatly improved speed of large-array [N]EQ RainerScript comparisons + Thanks to David Lang for a related discussion that inspired the idea + to do this with a much simpler (yet sufficient) approach than originally + planned for. +- greatly improved speed of DNS cache for large cache sizes +- general performance improvements +- omfile: added stats counters for dynafile caches +- omfile: improved async writing, finally enabled full async write + also fixed a couple of smaller issues along that way +- impstats: added ability to write stats records to local file + and avoid going through the syslog log stream. syslog logging can now + also be turned off (see doc for details). +- bugfix: imklog issued wrong facility in error messages + ...what could lead to problems in other parts of the code +- fix compile problem in imklog +- added capability to output thread-id-to-function debug info + This is a useful debug aid, but nothing of concern for regular users. +--------------------------------------------------------------------------- +Version 7.3.5 [devel] 2012-12-19 +- ommysql: addded batching/transaction support +- enhanced script optimizer to optimize common PRI-based comparisons + These constructs are especially used in SUSE default config files, + but also by many users (as they are more readable than the equivalent + PRI-based filter). +- omudpspoof: add support for new config system +- omudpspoof: add support for packets larger than 1472 bytes + On Ethernet, they need to be transmitted in multiple fragments. While + it is known that fragmentation can cause issues, it is the best choice + to be made in that case. Also improved debug output. +- bugfix: omudpspoof failed depending on the execution environment + The v7 engine closes fds, and closed some of libnet's fds as well, what + lead to problems (unfortunately, at least some libnet versions do not + report a proper error state but still "success"...). The order of libnet + calls has been adjusted to by in sync with what the core engine does. +- bugfix: segfault on imuxsock startup if system log socket is used + and no ratelimiting supported. Happens only during initial config + read phase, once this is over, everything works stable. +- bugfix: mmnormalize build problems +- bugfix: mmnormalize could abort rsyslog if config parameter was in error +- bugfix: no error message for invalid string template parameters + rather a malformed template was generated, and error information emitted + at runtime. However, this could be quite confusing. Note that with this + "bugfix" user experience changes: formerly, rsyslog and the affected + actions properly started up, but the actions did not produce proper + data. Now, there are startup error messages and the actions are NOT + executed (due to missing template due to template error). +- bugfix[minor]: invalid error code when mmnormalize could not access + rulebase +- bugfix(kind of): script optimizer did not work for complex boolean + expressions +- doc bugfix: corrections and improvements in mmnormalize html doc page +- bugfix: some message properties could be garbled due to race condition + This happened only on very high volume systems, if the same message was + being processed by two different actions. This was a regression caused + by the new config processor, which did no longer properly enable msg + locking in multithreaded cases. The bugfix is actually a refactoring of + the msg locking code - we no longer do unlocked operations, as the use + case for it has mostly gone away. It is potentially possible only at + very low-end systems, and there the small additional overhead of doing + the locking does not really hurt. Instead, the removal of that + capability can actually slightly improve performance in common cases, + as the code path is smaller and requires slightly less memory writes. + That probably outperforms the extra locking overhead (which in the + low-end case always happens in user space, without need for kernel + support as we can always directly acquire the lock - there is no + contention at all). +- build system cleanup (thanks to Michael Biebl for this!) +- bugfix: omelasticsearch did not properly compile on some platforms + due to missing libmath. Thanks to Michael Biebl for the fix +--------------------------------------------------------------------------- +Version 7.3.4 [devel] 2012-11-23 +- further (and rather drastically) improved disk queue performance + we now save one third of the IO calls +- imklog: added ParseKernelTimestamp parameter (import from 5.10.2) + Thanks to Marius Tomaschewski for the patch. +- imklog: added KeepKernelTimestamp parameter (import from 5.10.2) + Thanks to Marius Tomaschewski for the patch. +- bugfix: improper handling of backslash in string-type template()s +- bugfix: leading quote (") in string-type template() lead to tight loop + on startup +- bugfix: no error msg on invalid field option in legacy/string template +- bugfix: imklog mistakenly took kernel timestamp subseconds as nanoseconds + ... actually, they are microseconds. So the fractional part of the + timestamp was not properly formatted. (import from 5.10.2) + Thanks to Marius Tomaschewski for the bug report and the patch idea. +--------------------------------------------------------------------------- +Version 7.3.3 [devel] 2012-11-07 +- improved disk queue performance +- bugfix: dynafile zip files could be corrupted + This could happen if a dynafile was destructed before the first write. + In practice, this could happen if few lines were written to a file and + it then became evicted from the dynafile cache. This would probably + look very random, because it depended on the timing in regard to + message volume and dynafile cache size. +--------------------------------------------------------------------------- +Version 7.3.2 [devel] 2012-10-30 +- mmnormalize: support for v6+ config interface added +- mmjsonparse: support for v6+ config interface added +--------------------------------------------------------------------------- +Version 7.3.2 [devel] 2012-10-30 +- totally reworked ratelimiting and "last message repeated n times" + all over rsyslog code. Each of the supported inputs now supports + linux-like ratelimiting (formerly only imuxsock did). Also, the + "last message repeated n times" is now processed at the input side + and no longer at the output side of rsyslog processing. This + provides the basis for new future additions as well as usually more + performance and a much simpler output part (which can be even further + refactored). +- imtcp: support for Linux-Type ratelimiting added +- imptcp: support for Linux-Type ratelimiting added +- imudp enhancements: + * support for input batching added (performance improvement) + * support for Linux-Type ratelimiting added +- permited action-like statements (stop, call, ...) in action lists +- bugfix: segfault on startup when modules using MSG_PASSING mode are used +- omelasticsearch: support for writing data errors to local file added +- omelasticsearch: fix check for bulk processing status response +--------------------------------------------------------------------------- +Version 7.3.1 [devel] 2012-10-19 +- optimized template processing performance, especially for $NOW family + of properties +- change lumberjack cookie to "@cee:" from "@cee: " + CEE originally specified the cookie with SP, whereas other lumberjack + tools used it without space. In order to keep interop with lumberjack, + we now use the cookie without space as well. I hope this can be changed + in CEE as well when it is released at a later time. + Thanks to Miloslav Trmač for pointing this out and a similar v7 patch. +- bugfix: imuxsock and imklog truncated head of received message + This happened only under some circumstances. Thanks to Marius + Tomaschewski, Florian Piekert and Milan Bartos for their help in + solving this issue. +- bugfix: imuxsock did not properly honor $LocalHostIPIF +--------------------------------------------------------------------------- +Version 7.3.0 [devel] 2012-10-09 +- omlibdbi improvements, added + * support for config load phases & module() parameters + * support for default templates + * driverdirectory is now cleanly a global parameter, but can no longer + be specified as an action parameter. Note that in previous versions + this parameter was ignored in all but the first action definition +- improved omfile zip writer to increase compression + This was achieved by somewhat reducing the robustness of the zip archive. + This is controlled by the new action parameter "VeryReliableZip". +---------------------------------------------------------------------------- +Version 7.2.8 [v7-stable] 2013-0?-?? +- bugfix: potential segfault on startup when builtin module was specified + in module() statement. + Thanks to Marius Tomaschewski for reporting the bug. +- bugfix: segfault due to invalid dynafile cache handling + Accidentally, the old-style cache size parameter was used when the + dynafile cache was created in a RainerScript action. If the old-style + size was lower than the one actually set, this lead to misaddressing + when the size was overrun, and that could lead to all kinds of + "interesting things", often in segfaults. + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=440 +---------------------------------------------------------------------------- +Version 7.2.7 [v7-stable] 2013-04-17 +- rsyslogd startup information is now properly conveyed back to init + when privileges are being dropped + Actually, we have moved termination of the parent in front of the + priv drop. So it shall work now in all cases. See code comments in + commit for more details. +- If forking, the parent now waits for a maximum of 60 seconds for + termination by the child +- improved debugging support in forked (auto-backgrounding) mode + The rsyslog debug log file is now continued to be written across the + fork. +- updated systemd files to match current systemd source +- bugfix: failover/action suspend did not work correctly + This was experienced if the retry action took more than one second + to complete. For suspending, a cached timestamp was used, and if the + retry took longer, that timestamp was already in the past. As a + result, the action never was kept in suspended state, and as such + no failover happened. The suspend functionality now does no longer use + the cached timestamp (should not have any performance implication, as + action suspend occurs very infrequently). +- bugfix: nested if/prifilt conditions did not work properly + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=415 +- bugfix: script == comparison did not work properly on JSON objects + [backport from 7.3 branch] +- bugfix: imudp scheduling parameters did affect main thread, not imudp + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=409 +- bugfix: imuxsock rate-limiting could not be configured via legacy conf + Rate-limiting for the system socket could not be configured via legacy + configuration directives. However, the new-style RainerScript config + options worked. + Thanks to Milan Bartos for the patch. + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=390 +- bugfix: using group resolution could lead to endless loop + Thanks to Tomas Heinrich for the patch. + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=310 +- bugfix: $mmnormalizeuseramsg parameter was specified with wrong type + Thank to Renzhong Zhang for alerting us of the problem. + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=420 +- bugfix: RainerScript getenv() function caused segfault when var was + not found. + Thanks to Philippe Muller for the patch. +- bugfix: several issues in imkmsg + see bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=421#c8 +- bugfix: imuxsock was missing SysSock.ParseTrusted module parameter + To use that functionality, legacy rsyslog.conf syntax had to be used. + Also, the doc was missing information on the "ParseTrusted" set of + config directives. +- bugfix: parameter action.execOnlyWhenPreviousIsSuspended was accidentally + of integer-type. For obvious reasons, it needs to be boolean. Note + that this change can break existing configurations if they circumvented + the problem by using 0/1 values. +- doc bugfix: rsyslog.conf man page had invalid file format info + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=418 +---------------------------------------------------------------------------- +Version 7.2.6 [v7-stable] 2013-03-05 +- slightly improved config parser error messages when invalid escapes happen +- bugfix: include files got included in the wrong order + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=411 + This happens if an $IncludeConfig directive was done on multiple + files (e.g. the distro default of $IncludeConfig /etc/rsyslog.d/*.conf). + In that case, the order of include file processing is reversed, which + could lead to all sorts of problems. + Thanks to Nathan Stratton Treadway for his great analysis of the problem, + which made bug fixing really easy. +- bugfix: omelasticsearch failed when authentication data was provided + ... at least in most cases it emitted an error message: + "snprintf failed when trying to build auth string" + Thanks to Joerg Heinemann for alerting us. + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=404 +- bugfix: some property-based filter were incorrectly parsed + This usually lead to a syntax error on startup and rsyslogd not actually + starting up. The problem was the regex, which did not care for double + quote characters to follow in the action part - unfortunately something + that can frequently happen with v6+ format. An example: + :programname, isequal, "as" {action(type="omfile" ...) } + Here, the part + :programname, isequal, "as" {action(type="omfile" + was treated as the property filter, and the rest as action part. + Obviously, this did not work out. Unfortunately, such situations usually + resulted in very hard to understand error messages. +---------------------------------------------------------------------------- +Version 7.2.5 [v7-stable] 2013-01-08 +- build system cleanup (thanks to Michael Biebl for this!) +- bugfix: omelasticsearch did not properly compile on some platforms + due to missing libmath. Thanks to Michael Biebl for the fix +- bugfix: invalid DST handling under Solaris + Thanks to Scott Severtson for the patch. +- bugfix: on termination, actions were incorrectly called + The problem was that incomplete fiter evaluation was done *during the + shutdown phase*. This affected only the LAST batches being processed. No + problem existed during the regular run. Could usually only happen on + very busy systems, which were still busy during shutdown. +- bugfix: very large memory consumption (and probably out of memory) when + FromPos was specified in template, but ToPos not. + Thanks to Radu Gheorghe for alerting us of this bug. +- bugfix: timeval2syslogTime cause problems on some platforms + due to invalid assumption on structure data types. + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=394 + Thanks to David Hill for the patch [under ASL2.0 as per email conversation + 2013-01-03]. +- bugfix: compile errors in im3195 + Thanks to Martin Körper for the patch +- bugfix: doGetFileCreateMode() had invalid validity check ;) + Thanks to Chandler Latour for the patch. +- bugfix: mmjsonparse erroneously returned action error when no CEE cookie + was present. +---------------------------------------------------------------------------- +Version 7.2.4 [v7-stable] 2012-12-07 +- enhance: permit RFC3339 timestamp in local log socket messages + Thanks to Sebastien Ponce for the patch. +- imklog: added ParseKernelTimestamp parameter (import from 5.10.2) + Thanks to Marius Tomaschewski for the patch. +- fix missing functionality: ruleset(){} could not specify ruleset queue + The "queue.xxx" parameter set was not supported, and legacy ruleset + config statements did not work (by intention). The fix introduces the + "queue.xxx" parameter set. It has some regression potential, but only + for the new functionality. Note that using that interface it is possible + to specify duplicate queue file names, which will cause trouble. This + will be solved in v7.3, because there is a too-large regression + potential for the v7.2 stable branch. +- imklog: added KeepKernelTimestamp parameter (import from 5.10.2) + Thanks to Marius Tomaschewski for the patch. +- bugfix: imklog mistakenly took kernel timestamp subseconds as nanoseconds + ... actually, they are microseconds. So the fractional part of the + timestamp was not properly formatted. (import from 5.10.2) + Thanks to Marius Tomaschewski for the bug report and the patch idea. +- bugfix: supportoctetcountedframing parameter did not work in imptcp +- bugfix: modules not (yet) supporting new conf format were not properly + registered. This lead to a "module not found" error message instead of + the to-be-expected "module does not support new style" error message. + That invalid error message could be quite misleading and actually stop + people from addressing the real problem (aka "go nuts" ;)) +- bugfix: template "type" parameter is mandatory (but was not) +- bugfix: some message properties could be garbled due to race condition + This happened only on very high volume systems, if the same message was + being processed by two different actions. This was a regression caused + by the new config processor, which did no longer properly enable msg + locking in multithreaded cases. The bugfix is actually a refactoring of + the msg locking code - we no longer do unlocked operations, as the use + case for it has mostly gone away. It is potentially possible only at + very low-end systems, and there the small additional overhead of doing + the locking does not really hurt. Instead, the removal of that + capability can actually slightly improve performance in common cases, + as the code path is smaller and requires slightly less memory writes. + That probably outperforms the extra locking overhead (which in the + low-end case always happens in user space, without need for kernel + support as we can always directly acquire the lock - there is no + contention at all). +---------------------------------------------------------------------------- +Version 7.2.3 [v7-stable] 2012-10-21 +- regression fix: rsyslogd terminated when wild-card $IncludeConfig did not + find actual include files. For example, if this directive is present: + $IncludeConfig /etc/rsyslog.d/*.conf + and there are no *.conf files in /etc/rsyslog.d (but rsyslog.d exists), + rsyslogd will emit an error message and terminate. Previous (and expected) + behavior is that an empty file set is no problem. HOWEVER, if the + directory itself does not exist, this is flagged as an error and will + load to termination (no startup). + Unfortunately, this is often the case by default in many distros, so this + actually prevents rsyslog startup. +---------------------------------------------------------------------------- +Version 7.2.2 [v7-stable] 2012-10-16 +- doc improvements +- enabled to build without libuuid, at loss of uuid functionality + this enables smoother builds on older systems that do not support + libuuid. Loss of functionality should usually not matter too much as + uuid support has only recently been added and is very seldom used. +- bugfix: omfwd did not properly support "template" parameter +- bugfix: potential segfault when re_match() function was used + Thanks to oxpa for the patch. + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=371 +- bugfix: potential abort of imtcp on rsyslogd shutdown +- bugfix: imzmq3 segfault with PULL subscription + Thanks to Martin Nilsson for the patch. +- bugfix: improper handling of backslash in string-type template()s +- bugfix: leading quote (") in string-type template() lead to tight loop + on startup +- bugfix: no error msg on invalid field option in legacy/string template +- bugfix: potential segfault due to invalid param handling in comparisons + This could happen in RainerScript comparisons (like contains); in some + cases an uninitialized variable was accessed, which could lead to an + invalid free and in turn to a segfault. + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=372 + Thanks to Georgi Georgiev for reporting this bug and his great help + in solving it. +- bugfix: no error msg on unreadable $IncludeConfig path +- bugfix: $IncludeConfig did not correctly process directories + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=376 + The testbench was also enhanced to check for these cases. + Thanks to Georgi Georgiev for the bug report. +- bugfix: make rsyslog compile on kfreebsd again + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=380 + Thanks to Guillem Jover for the patch. +- bugfix: garbled message if field name was used with jsonf property option + The length for the field name was invalidly computed, resulting in either + truncated field names or including extra random data. If the random data + contained NULs, the rest of the message became unreadable. + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=374 +- bugfix: potential segfault at startup with property-based filter + If the property name was followed by a space before the comma, rsyslogd + aborted on startup. Note that no segfault could happen if the initial + startup went well (this was a problem with the config parser). + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=381 +- bugfix: imfile discarded some file parts + File lines that were incomplete (LF missing) *at the time imfile polled + the file* were partially discarded. That part of the line that was read + without the LF was discarded, and the rest of the line was submitted in + the next polling cycle. This is now changed so that the partial content + is saved until the complete line is read. Note that the patch affects + only read mode 0. + Thanks to Milan Bartos for providing the base idea for the solution. +---------------------------------------------------------------------------- +Version 7.2.1 [v7-stable] 2012-10-29 +- bugfix: ruleset()-object did only support a single statement +- added -D rsyslogd option to enable config parser debug mode +- improved syntax error messages by outputting the error token +- the rsyslog core now suspends actions after 10 failures in a row + This was former the case after 1,000 failures and could cause rsyslog + to be spammed/resources misused. See the v6 compatibility doc for more + details. +- ommongodb rate-limits error messages to prevent spamming the syslog + closes (for v7.2): http://bugzilla.adiscon.com/show_bug.cgi?id=366 +---------------------------------------------------------------------------- +Version 7.2.0 [v7-stable] 2012-10-22 +This starts a new stable branch based on 7.1.12 plus the following changes: +- bugfix: imuxsock did not properly honor $LocalHostIPIF +- omruleset/omdiscard do no longer issue "deprecated" warnings, as 7.1 + grammar does not permit to use the replacements under all circumstances +---------------------------------------------------------------------------- +Version 7.1.12 [beta] 2012-10-18 +- minor updates to better support newer systemd developments + Thanks to Michael Biebl for the patches. +- build system cleanup + Thanks to Michael Biebl for the patch series. +- cleanup: removed remains of -c option (compatibility mode) + both from code & doc and emitted warning message if still used + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=361 + Thanks to Michael Biebl for reporting & suggestions +- bugfix: imklog truncated head of received message + This happened only under some circumstances. Thanks to Marius + Tomaschewski and Florian Piekert for their help in solving this issue. +---------------------------------------------------------------------------- +Version 7.1.11 [beta] 2012-10-16 +- bugfix: imuxsock truncated head of received message + This happened only under some circumstances. Thanks to Marius + Tomaschewski, Florian Piekert and Milan Bartos for their help in + solving this issue. +- bugfix: do not crash if set statement is used with date field + Thanks to Miloslav Trmač for the patch. +- change lumberjack cookie to "@cee:" from "@cee: " + CEE originally specified the cookie with SP, whereas other lumberjack + tools used it without space. In order to keep interop with lumberjack, + we now use the cookie without space as well. I hope this can be changed + in CEE as well when it is released at a later time. + Thanks to Miloslav Trmač for pointing this out and a similar v7 patch. +- added deprecated note to omruleset (plus clue to use "call") +- added deprecated note to discard action (plus clue to use "stop") +--------------------------------------------------------------------------- +Version 7.1.10 [beta] 2012-10-11 + - bugfix: m4 directory was not present in release tarball + - bugfix: small memory leak with string-type templates + - bugfix: small memory leak when template was specified in omfile + - bugfix: some config processing warning messages were treated as errors + - bugfix: small memory leak when processing action() statements + - bugfix: unknown action() parameters were not reported +--------------------------------------------------------------------------- +Version 7.1.9 [beta] 2012-10-09 +- bugfix: comments inside objects (e.g. action()) were not properly handled +- bugfix: in (non)equal comparisons the position of arrays influenced result + This behavior is OK for "contains"-type of comparisons (which have quite + different semantics), but not for == and <>, which shall be commutative. + This has been fixed now, so there is no difference any longer if the + constant string array is the left or right hand operand. We solved this + via the optimizer, as it keeps the actual script execution code small. +--------------------------------------------------------------------------- +Version 7.1.8 [beta] 2012-10-02 +- bugfix: ruleset(){} directive erroneously changed default ruleset + much like the $ruleset legacy conf statement. This potentially lead + to statements being assigned to the wrong ruleset. +- improved module doc +- added "parser" parameter to ruleset(), so that parser chain can be + configured +- implemented "continue" RainerScript statement +--------------------------------------------------------------------------- +Version 7.1.7 [devel] 2012-10-01 +- implemented RainerScript "call" statement +- implemented RainerScript array-based string comparison operations +- implemented imtcp "permittedPeers" module-global parameter +- imudp: support for specifying multiple ports via array added +--------------------------------------------------------------------------- +Version 7.1.6 [devel] 2012-09-28 +- implemented RainerScript input() statement, including support for it + in major input plugins +- implemented RainerScript ruleset() statement +--------------------------------------------------------------------------- +Version 7.1.5 [devel] 2012-09-25 +- implemented RainerScript prifield() function +- implemented RainerScript field() function +- added new module imkmsg to process structured kernel log + Thanks to Milan Bartos for contributing this module +- implemented basic RainerScript optimizer, which will speed up script + operations +- bugfix: invalid free if function re_match() was incorrectly used + if the config file parser detected that param 2 was not constant, some + data fields were not initialized. The destructor did not care about that. + This bug happened only if rsyslog startup was unclean. +--------------------------------------------------------------------------- +Version 7.1.4 [devel] 2012-09-19 +- implemented ability for CEE-based properties to be stored in disk queues +- implemented string concatenation in expressions via &-operator +- implemented json subtree copy in variable assignment +- implemented full JSON support for variable manipulation +- introduced "subtree"-type templates +- bugfix: omfile action did not respect "template" parameter + ... and used default template in all cases +- bugfix: MsgDup() did not copy CEE structure + This function was called at various places, most importantly during + "last messages repeated n times" processing and omruleset. If CEE(JSON) + data was present, it was lost as part of the copy process. +- bugfix: debug output indicated improper queue type +--------------------------------------------------------------------------- +Version 7.1.3 [devel] 2012-09-17 +- introduced "set" and "unset" config statements +- bugfix: missing support for escape sequences in RainerScript + only \' was supported. Now the usual set is supported. Note that v5 + used \x as escape where x was any character (e.g. "\n" meant "n" and NOT + LF). This also means there is some incompatibility to v5 for well-know + sequences. Better break it now than later. +- bugfix: invalid property name in property-filter could cause abort + if action chaining (& operator) was used + http://bugzilla.adiscon.com/show_bug.cgi?id=355 + Thanks to pilou@gmx.com for the bug report +--------------------------------------------------------------------------- +Version 7.1.2 [devel] 2012-09-12 +- bugfix: messages were duplicated, sometimes massively + regression from new code in 7.1.1 and reason for early release +- bugfix: remove invalid socket option call from imuxsock + Thanks to Cristian Ionescu-Idbohrn and Jonny Törnbom +- bugfix: abort when invalid property name was configured + in property-based filter +- bugfix: multiple rulesets did no longer work correctly (7.1.1 regression) +--------------------------------------------------------------------------- +Version 7.1.1 [devel] 2012-09-11 +- MAJOR NEW FEATURE: ruleengine now fully supports nesting + including if ... then ... else ... constructs. This is a big change + and it obviously has a lot of bug potential. +- BSD-style (filter) blocks are no longer supported + see https://www.rsyslog.com/g/BSD for details and solution +- imuxsock now stores trusted properties by default in the CEE root + This was done in order to keep compatible with other implementations of + the lumberjack schema + Thanks to Miloslav Trmač for pointing to this. +- bugfix: string-generating templates caused abort if CEE field could not + be found +--------------------------------------------------------------------------- +Version 7.1.0 [devel] 2012-09-06 +- added support for hierarchical properties (CEE/lumberjack) +- added pure JSON output plugin parameter passing mode +- ommongodb now supports templates +- bugfix: imtcp could abort on exit due to invalid free() +- imported bugfixes from 6.4.1 +--------------------------------------------------------------------------- +Version 6.6.1 [v6-stable] 2012-10-?? +- bugfix: build problems on some platforms +- bugfix: misaddressing of $mmnormalizeuserawmsg parameter + On many platforms, this has no effect at all. At some, it may cause + a segfault. The problem occurs only during config phase, no segfault + happens when rsyslog has fully started. +- fix API "glitch" in some plugins + This did not affect users, but could have caused trouble in the future + for developers. +- bugfix: no error msg on invalid field option in legacy/string template +- bugfix: no error msg on unreadable $IncludeConfig path +- bugfix: $IncludeConfig did not correctly process directories + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=376 + The testbench was also enhanced to check for these cases. + Thanks to Georgi Georgiev for the bug report. +- bugfix: spurios error messages from imuxsock about (non-error) EAGAIN + Thanks to Marius Tomaschewski for the patch. +- imklog: added $klogParseKernelTimestamp option + When enabled, kernel message [timestamp] is converted for message time. + Default is to use receive time as in 5.8.x and before, because the clock + used to create the timestamp is not supposed to be as accurate as the + monotonic clock (depends on hardware and kernel) resulting in differences + between kernel and system messages which occurred at same time. + Thanks to Marius Tomaschewski for the patch. +- imklog: added $klogKeepKernelTimestamp option + When enabled, the kernel [timestamp] remains at begin of + each message, even it is used for the message time too. + Thanks to Marius Tomaschewski for the patch. +- bugfix: imklog mistakenly took kernel timestamp subseconds as nanoseconds + ... actually, they are microseconds. So the fractional part of the + timestamp was not properly formatted. + Thanks to Marius Tomaschewski for the bug report and the patch idea. +- bugfix: hostname set in rsyslog.conf was not picked up until HUP + which could also mean "never" or "not for a very long time". + Thanks to oxpa for providing analysis and a patch +- bugfix: some message properties could be garbled due to race condition + This happened only on very high volume systems, if the same message was + being processed by two different actions. This was a regression caused + by the new config processor, which did no longer properly enable msg + locking in multithreaded cases. The bugfix is actually a refactoring of + the msg locking code - we no longer do unlocked operations, as the use + case for it has mostly gone away. It is potentially possible only at + very low-end systems, and there the small additional overhead of doing + the locking does not really hurt. Instead, the removal of that + capability can actually slightly improve performance in common cases, + as the code path is smaller and requires slightly less memory writes. + That probably outperforms the extra locking overhead (which in the + low-end case always happens in user space, without need for kernel + support as we can always directly acquire the lock - there is no + contention at all). +- bugfix: invalid DST handling under Solaris + Thanks to Scott Severtson for the patch. +--------------------------------------------------------------------------- +Version 6.6.0 [v6-stable] 2012-10-22 +This starts a new stable branch, based on the 6.5.x series, plus: +- bugfix: imuxsock did not properly honor $LocalHostIPIF +--------------------------------------------------------------------------- +Version 6.5.1 [beta] 2012-10-11 +- added tool "logctl" to handle lumberjack logs in MongoDB +- imfile ported to new v6 config interface +- imfile now supports config parameter for maximum number of submits + which is a fine-tuning parameter in regard to input batching +- added pure JSON output plugin parameter passing mode +- ommongodb now supports templates +- bugfix: imtcp could abort on exit due to invalid free() +- bugfix: remove invalid socket option call from imuxsock + Thanks to Cristian Ionescu-Idbohrn and Jonny Törnbom +- added pure JSON output plugin parameter passing mode +- ommongodb now supports templates +- bugfix: imtcp could abort on exit due to invalid free() +- bugfix: missing support for escape sequences in RainerScript + only \' was supported. Now the usual set is supported. Note that v5 + used \x as escape where x was any character (e.g. "\n" meant "n" and NOT + LF). This also means there is some incompatibility to v5 for well-know + sequences. Better break it now than later. +- bugfix: small memory leaks in template() statements + these were one-time memory leaks during startup, so they did NOT grow + during runtime +- bugfix: config validation run did not always return correct return state +- bugfix: config errors did not always cause statement to fail + This could lead to startup with invalid parameters. +--------------------------------------------------------------------------- +Version 6.5.0 [devel] 2012-08-28 +- imrelp now supports non-cancel thread termination + (but now requires at least librelp 1.0.1) +- implemented freeCnf() module interface + This was actually not present in older versions, even though some modules + already used it. The implementation was now done, and not in 6.3/6.4 + because the resulting memory leak was ultra-slim and the new interface + handling has some potential to seriously break things. Not the kind of + thing you want to add in late beta state, if avoidable. +- added --enable-debugless configure option for very high demanding envs + This actually at compile time disables a lot of debug code, resulting + in some speedup (but serious loss of debugging capabilities) +- added new 0mq plugins (via czmq lib) + Thanks to David Kelly for contributing these modules +- bugfix: omhdfs did no longer compile +- bugfix: SystemLogSocketAnnotate did not work correctly + Thanks to Miloslav Trmač for the patch +- $SystemLogParseTrusted config file option + Thanks to Milan Bartos for the patch +- added template config directive +- added new uuid message property + Thanks to Jérôme Renard for the idea and patches. + Note: patches were released under ASL 2.0, see + http://bugzilla.adiscon.com/show_bug.cgi?id=353 +--------------------------------------------------------------------------- +Version 6.4.3 [V6-STABLE/NEVER RELEASED] 2012-??-?? +This version was never released as 6.6.0 came quickly enough. Note that +all these patches here are present in 6.6.0. +- cleanup: removed remains of -c option (compatibility mode) + both from code & doc and emitted warning message if still used + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=361 + Thanks to Michael Biebl for reporting & suggestions +- bugfix: imuxsock and imklog truncated head of received message + This happened only under some circumstances. Thanks to Marius + Tomaschewski, Florian Piekert and Milan Bartos for their help in + solving this issue. +- change lumberjack cookie to "@cee:" from "@cee: " + CEE originally specified the cookie with SP, whereas other lumberjack + tools used it without space. In order to keep interop with lumberjack, + we now use the cookie without space as well. I hope this can be changed + in CEE as well when it is released at a later time. + Thanks to Miloslav Trmač for pointing this out and a similar v7 patch. +- bugfix: comments inside objects (e.g. action()) were not properly handled +- bugfix: sysklogd-emulating standard template was no longer present in v6 + This was obviously lost during the transition to the new config format. + Thanks to Milan Bartos for alerting us and a patch! +- bugfix: some valid legacy PRI filters were flagged as erroneous + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=358 + This happened to filters of the style "local0,local1.*", where the + multiple facilities were comma-separated. +- bugfix: imuxsock did not properly honor $LocalHostIPIF +--------------------------------------------------------------------------- +Version 6.4.2 [V6-STABLE] 2012-09-20 +- bugfix: potential abort, if action queue could not be properly started + This most importantly could happen due to configuration errors. +- bugfix: remove invalid socket option call from imuxsock + Thanks to Cristian Ionescu-Idbohrn and Jonny Törnbom +- bugfix: missing support for escape sequences in RainerScript + only \' was supported. Now the usual set is supported. Note that v5 + used \x as escape where x was any character (e.g. "\n" meant "n" and NOT + LF). This also means there is some incompatibility to v5 for well-know + sequences. Better break it now than later. +- bugfix: config validation run did not always return correct return state +--------------------------------------------------------------------------- +Version 6.4.1 [V6-STABLE] 2012-09-06 +- bugfix: multiple main queues with same queue file name were not detected + This lead to queue file corruption. While the root cause is a config + error, it is a bug that this important and hard to find config error + was not detected by rsyslog. +- bugfix: "jsonf" property replacer option did generate invalid JSON + in JSON, we have "fieldname":"value", but the option emitted + "fieldname"="value". Interestingly, this was accepted by a couple + of sinks, most importantly elasticsearch. Now the correct format is + emitted, which causes a remote chance that some things that relied on + the wrong format will break. + Thanks to Miloslav Trmač for the patch +- change $!all-json did emit an empty (thus non-JSON) string if no libee + data was present. It now emits {} and thus valid JSON. There is a + small risk that this may break some things that relied on the previous + inconsistency. + Thanks to Miloslav Trmač for the patch +- bugfix: omusrmsg incorrect return state & config warning handling + During config file processing, Omusrmsg often incorrectly returned a + warning status, even when no warning was present (caused by + uninitialized variable). Also, the core handled warning messages + incorrectly, and treated them as errors. As a result, omusrmsg + (most often) could not properly be loaded. Note that this only + occurs with legacy config action syntax. This was a regression + caused by an incorrect merge in to the 6.3.x codebase. + Thanks to Stefano Mason for alerting us of this bug. +- bugfix: Fixed TCP CheckConnection handling in omfwd.c. Interface needed + to be changed in lower stream classes. Syslog TCP Sending is now resumed + properly. Unfixed, that lead to non-detection of downstate of remote + hosts. +--------------------------------------------------------------------------- +Version 6.4.0 [V6-STABLE] 2012-08-20 +- THIS IS THE FIRST VERSION OF THE 6.4.x STABLE BRANCH + It includes all enhancements made in 6.3.x plus what is written in the + ChangeLog below. +- omelasticsearch: support for parameters parent & dynparent added +- bugfix: imtcp aborted when more than 2 connections were used. + Incremented pthread stack size to 4MB for imtcp, imptcp and imttcp + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=342 +- bugfix: imptcp aborted when $InputPTCPServerBindRuleset was used +- bugfix: problem with cutting first 16 characters from message with + bAnnotate + Thanks to Milan Bartos for the patch. +--------------------------------------------------------------------------- +Version 6.3.12 [BETA] 2012-07-02 +- support for elasticsearch via omelasticsearch added + Note that this module has been tested quite well by a number of folks, + and this is why we merge in new functionality in a late beta stage. + Even if problems would exist, only users of omelasticsearch would + experience them, making it a pretty safe addition. +- bugfix: $ActionName was not properly honored + Thanks to Abby Edwards for alerting us +--------------------------------------------------------------------------- +Version 6.3.11 [BETA] 2012-06-18 +- bugfix: expression-based filters with AND/OR could segfault + due to a problem with boolean shortcut operations. From the user's + perspective, the segfault is almost non-deterministic (it occurs when + a shortcut is used). + Thanks to Lars Peterson for providing the initial bug report and his + support in solving it. +- bugfix: "last message repeated n times" message was missing hostname + Thanks to Zdenek Salvet for finding this bug and to Bodik for reporting +--------------------------------------------------------------------------- +Version 6.3.10 [BETA] 2012-06-04 +- bugfix: delayable source could block action queue, even if there was + a disk queue associated with it. The root cause of this problem was + that it makes no sense to delay messages once they arrive in the + action queue - the "input" that is being held in that case is the main + queue worker, what makes no sense. + Thanks to Marcin for alerting us on this problem and providing + instructions to reproduce it. +- bugfix: invalid free in imptcp could lead to abort during startup +- bugfix: if debug message could end up in log file when forking + if rsyslog was set to auto-background (thus fork, the default) and debug + mode to stdout was enabled, debug messages ended up in the first log file + opened. Currently, stdout logging is completely disabled in forking mode + (but writing to the debug log file is still possible). This is a change + in behavior, which is under review. If it causes problems to you, + please let us know. + Thanks to Tomas Heinrich for the patch. +- bugfix: --enable-smcustbindcdr configure directive did not work + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=330 + Thanks to Ultrabug for the patch. +- bugfix: made rsyslog compile when libestr ist not installed in /usr + Thanks to Miloslav Trmač for providing patches and suggestions +--------------------------------------------------------------------------- +Version 6.3.9 [BETA] 2012-05-22 +- bugfix: imtcp could cause hang during reception + this also applied to other users of core file tcpsrv.c, but imtcp was + by far the most prominent and widely-used, the rest rather exotic + (like imdiag) +- added capability to specify substrings for field extraction mode +- added the "jsonf" property replacer option (and fieldname) +- bugfix: omudpspoof did not work correctly if no spoof hostname was + configured +- bugfix: property replacer option "json" could lead to content loss + message was truncated if escaping was necessary +- bugfix: assigned ruleset was lost when using disk queues + This looked quite hard to diagnose for disk-assisted queues, as the + pure memory part worked well, but ruleset info was lost for messages + stored inside the disk queue. +- bugfix/imuxsock: solving abort if hostname was not set; configured + hostname was not used (both merge regressions) + -bugfix/omfile: template action parameter was not accepted + (and template name set to "??" if the parameter was used) + Thanks to Brian Knox for alerting us on this bug. +- bugfix: ommysql did not properly init/exit the mysql runtime library + this could lead to segfaults. Triggering condition: multiple action + instances using ommysql. Thanks to Tomas Heinrich for reporting this + problem and providing an initial patch (which my solution is based on, + I need to add more code to clean the mess up). +- bugfix: rsyslog did not terminate when delayable inputs were blocked + due to unavailable sources. Fixes: + http://bugzilla.adiscon.com/show_bug.cgi?id=299 + Thanks to Marcin M for bringing up this problem and Andre Lorbach + for helping to reproduce and fix it. +- added capability to specify substrings for field extraction mode +- bugfix: disk queue was not persisted on shutdown, regression of fix to + http://bugzilla.adiscon.com/show_bug.cgi?id=299 + The new code also handles the case of shutdown of blocking light and + full delayable sources somewhat smarter and permits, assuming sufficient + timeouts, to persist message up to the max queue capacity. Also some nits + in debug instrumentation have been fixed. +--------------------------------------------------------------------------- +Version 6.3.8 [DEVEL] 2012-04-16 +- added $PStatJSON directive to permit stats records in JSON format +- added "date-unixtimestamp" property replacer option to format as a + unix timestamp (seconds since epoch) +- added "json" property replacer option to support JSON encoding on a + per-property basis +- added omhiredis (contributed module) +- added mmjsonparse to support recognizing and parsing JSON enhanced syslog + messages +- upgraded more plugins to support the new v6 config format: + - ommysql + - omlibdbi + - omsnmp +- added configuration directives to customize queue light delay marks + $MainMsgQueueLightDelayMark, $ActionQueueLightDelayMark; both + specify number of messages starting at which a delay happens. +- added message property parsesuccess to indicate if the last run + higher-level parser could successfully parse the message or not + (see property replacer html doc for details) +- bugfix: abort during startup when rsyslog.conf v6+ format was used in + a certain way +- bugfix: property $!all-json made rsyslog abort if no normalized data + was available +- bugfix: memory leak in array passing output module mode +- added configuration directives to customize queue light delay marks +- permit size modifiers (k,m,g,...) in integer config parameters + Thanks to Jo Rhett for the suggestion. +- bugfix: hostname was not requeried on HUP + Thanks to Per Jessen for reporting this bug and Marius Tomaschewski for + his help in testing the fix. +- bugfix: imklog invalidly computed facility and severity + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=313 +- added configuration directive to disable octet-counted framing + for imtcp, directive is $InputTCPServerSupportOctetCountedFraming + for imptcp, directive is $InputPTCPServerSupportOctetCountedFraming +- added capability to use a local interface IP address as fromhost-ip for + locally originating messages. New directive $LocalHostIPIF +--------------------------------------------------------------------------- +Version 6.3.7 [DEVEL] 2012-02-02 +- imported refactored v5.9.6 imklog linux driver, now combined with BSD + driver +- removed imtemplate/omtemplate template modules, as this was waste of time + The actual input/output modules are better copy templates. Instead, the + now-removed modules cost time for maintenance AND often caused confusion + on what their role was. +- added a couple of new stats objects +- improved support for new v6 config system. The build-in output modules + now all support the new config language +- bugfix: facility local<x> was not correctly interpreted in legacy filters + Was only accepted if it was the first PRI in a multi-filter PRI. + Thanks to forum user Mark for bringing this to our attention. +- bugfix: potential abort after reading invalid X.509 certificate + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=290 + Thanks to Tomas Heinrich for the patch +- bugfix: legacy parsing of some filters did not work correctly +- bugfix: rsyslog aborted during startup if there is an error in loading + an action and legacy configuration mode is used +- bugfix: bsd klog driver did no longer compile +- relicensed larger parts of the code under Apache (ASL) 2.0 +--------------------------------------------------------------------------- +Version 6.3.6 [DEVEL] 2011-09-19 +- added $InputRELPServerBindRuleset directive to specify rulesets for RELP +- bugfix: config parser did not support properties with dashes in them + inside property-based filters. Thanks to Gerrit Seré for reporting this. +--------------------------------------------------------------------------- +Version 6.3.5 [DEVEL] (rgerhards/al), 2011-09-01 +- bugfix/security: off-by-two bug in legacy syslog parser, CVE-2011-3200 +- bugfix: mark message processing did not work correctly +- imudp&imtcp now report error if no listener at all was defined + Thanks to Marcin for suggesting this error message. +- bugfix: potential misaddressing in property replacer +--------------------------------------------------------------------------- +Version 6.3.4 [DEVEL] (rgerhards), 2011-08-02 +- added support for action() config object + * in rsyslog core engine + * in omfile + * in omusrmsg +- bugfix: omusrmsg format usr1,usr2 was no longer supported +- bugfix: misaddressing in config handler + In theory, can cause segfault, in practice this is extremely unlikely + Thanks to Marcin for alerting me. +--------------------------------------------------------------------------- +Version 6.3.3 [DEVEL] (rgerhards), 2011-07-13 +- rsyslog.conf format: now parsed by RainerScript parser + this provides the necessary base for future enhancements as well as some + minor immediate ones. For details see: + http://blog.gerhards.net/2011/07/rsyslog-633-config-format-improvements.html +- performance of script-based filters notably increased +- removed compatibility mode as we expect people have adjusted their + confs by now +- added support for the ":omfile:" syntax for actions +--------------------------------------------------------------------------- +Version 6.3.2 [DEVEL] (rgerhards), 2011-07-06 +- added support for the ":omusrmsg:" syntax in configuring user messages +- systemd support: set stdout/stderr to null - thx to Lennart for the patch +- added support for obtaining timestamp for kernel message from message + If the kernel time-stamps messages, time is now take from that + timestamp instead of the system time when the message was read. This + provides much better accuracy. Thanks to Lennart Poettering for + suggesting this feature and his help during implementation. +- added support for obtaining timestamp from system for imuxsock + This permits to read the time a message was submitted to the system + log socket. Most importantly, this is provided in microsecond resolution. + So we are able to obtain high precision timestampis even for messages + that were - as is usual - not formatted with them. This also simplifies + things in regard to local time calculation in chroot environments. + Many thanks to Lennart Poettering for suggesting this feature, + providing some guidance on implementing it and coordinating getting the + necessary support into the Linux kernel. +- bugfix: timestamp was incorrectly calculated for timezones with minute + offset + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=271 +- bugfix: memory leak in imtcp & subsystems under some circumstances + This leak is tied to error conditions which lead to incorrect cleanup + of some data structures. +--------------------------------------------------------------------------- +Version 6.3.1 [DEVEL] (rgerhards), 2011-06-07 +- added a first implementation of a DNS name cache + this still has a couple of weaknesses, like no expiration of entries, + suboptimal algorithms -- but it should perform much better than + what we had previously. Implementation will be improved based on + feedback during the next couple of releases +--------------------------------------------------------------------------- +Version 6.3.0 [DEVEL] (rgerhards), 2011-06-01 +- introduced new config system + http://blog.gerhards.net/2011/06/new-rsyslog-config-system-materializes.html +--------------------------------------------------------------------------- +Version 6.2.2 [v6-stable], 2012-06-13 +- build system improvements and spec file templates + Thanks to Abby Edwards for providing these enhancements +- bugfix: disk queue was not persisted on shutdown, regression of fix to + http://bugzilla.adiscon.com/show_bug.cgi?id=299 + The new code also handles the case of shutdown of blocking light and + full delayable sources somewhat smarter and permits, assuming sufficient + timeouts, to persist message up to the max queue capacity. Also some nits + in debug instrumentation have been fixed. +- bugfix: --enable-smcustbindcdr configure directive did not work + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=330 + Thanks to Ultrabug for the patch. +- add small delay (50ms) after sending shutdown message + There seem to be cases where the shutdown message is otherwise not + processed, not even on an idle system. Thanks to Marcin for + bringing this problem up. +- support for resolving huge groups + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=310 + Thanks to Alec Warner for the patch +- bugfix: potential hang due to mutex deadlock + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=316 + Thanks to Andreas Piesk for reporting&analyzing this bug as well as + providing patches and other help in resolving it. +- bugfix: property PROCID empty instead of proper nilvalue if not present + If it is not present, it must have the nilvalue "-" as of RFC5424 + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=332 + Thanks to John N for reporting this issue. +- bugfix: did not compile under solaris due to $uptime property code + For the time being, $uptime is not supported on Solaris +- bugfix: "last message repeated n times" message was missing hostname + Thanks to Zdenek Salvet for finding this bug and to Bodik for reporting +--------------------------------------------------------------------------- +Version 6.2.1 [v6-stable], 2012-05-10 +- change plugin config interface to be compatible with pre-v6.2 system + The functionality was already removed (because it is superseded by the + v6.3+ config language), but code was still present. I have now removed + those parts that affect interface. Full removal will happen in v6.3, in + order to limit potential regressions. However, it was considered useful + enough to do the interface change in v6-stable; this also eases merging + branches! +- re-licensed larger parts of the codebase under the Apache license 2.0 +- bugfix: omprog made rsyslog abort on startup if not binary to + execute was configured +- bugfix: imklog invalidly computed facility and severity + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=313 +- bugfix: stopped DA queue was never processed after a restart due to a + regression from statistics module +- bugfix: memory leak in array passing output module mode +- bugfix: ommysql did not properly init/exit the mysql runtime library + this could lead to segfaults. Triggering condition: multiple action + instances using ommysql. Thanks to Tomas Heinrich for reporting this + problem and providing an initial patch (which my solution is based on, + I need to add more code to clean the mess up). +- bugfix: rsyslog did not terminate when delayable inputs were blocked + due to unavailable sources. Fixes: + http://bugzilla.adiscon.com/show_bug.cgi?id=299 + Thanks to Marcin M for bringing up this problem and Andre Lorbach + for helping to reproduce and fix it. +- bugfix/tcpflood: sending small test files did not work correctly +--------------------------------------------------------------------------- +Version 6.2.0 [v6-stable], 2012-01-09 +- bugfix (kind of): removed numerical part from pri-text + see v6 compatibility document for reasons +- bugfix: race condition when extracting program name, APPNAME, structured + data and PROCID (RFC5424 fields) could lead to invalid characters e.g. + in dynamic file names or during forwarding (general malfunction of these + fields in templates, mostly under heavy load) +- bugfix: imuxsock did no longer ignore message-provided timestamp, if + so configured (the *default*). Lead to no longer sub-second timestamps. + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=281 +- bugfix: omfile returns fatal error code for things that go really wrong + previously, RS_RET_RESUME was returned, which lead to a loop inside the + rule engine as omfile could not really recover. +- bugfix: potential abort after reading invalid X.509 certificate + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=290 + Thanks to Tomas Heinrich for the patch +- enhanced module loader to not rely on PATH_MAX +- imuxsock: added capability to "annotate" messages with "trusted + information", which contains some properties obtained from the system + and as such sure to not be faked. This is inspired by the similar idea + introduced in systemd. +--------------------------------------------------------------------------- +Version 6.1.12 [BETA], 2011-09-01 +- bugfix/security: off-by-two bug in legacy syslog parser, CVE-2011-3200 +- bugfix: mark message processing did not work correctly +- bugfix: potential misaddressing in property replacer +- bugfix: memcpy overflow can occur in allowed sender checking + if a name is resolved to IPv4-mapped-on-IPv6 address + Found by Ismail Dönmez at suse +- bugfix: The NUL-Byte for the syslogtag was not copied in MsgDup (msg.c) +- bugfix: fixed incorrect state handling for Discard Action (transactions) + Note: This caused all messages in a batch to be set to COMMITTED, + even if they were discarded. +--------------------------------------------------------------------------- +Version 6.1.11 [BETA] (rgerhards), 2011-07-11 +- systemd support: set stdout/stderr to null - thx to Lennart for the patch +- added support for the ":omusrmsg:" syntax in configuring user messages +- added support for the ":omfile:" syntax in configuring user messages +--------------------------------------------------------------------------- +Version 6.1.10 [BETA] (rgerhards), 2011-06-22 +- bugfix: problems in failover action handling + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=270 + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=254 +- bugfix: mutex was invalidly left unlocked during action processing + At least one case where this can occur is during thread shutdown, which + may be initiated by lower activity. In most cases, this is quite + unlikely to happen. However, if it does, data structures may be + corrupted which could lead to fatal failure and segfault. I detected + this via a testbench test, not a user report. But I assume that some + users may have had unreproducable aborts that were cause by this bug. +--------------------------------------------------------------------------- +Version 6.1.9 [BETA] (rgerhards), 2011-06-14 +- bugfix: problems in failover action handling + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=270 + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=254 +- bugfix: mutex was invalidly left unlocked during action processing + At least one case where this can occur is during thread shutdown, which + may be initiated by lower activity. In most cases, this is quite + unlikely to happen. However, if it does, data structures may be + corrupted which could lead to fatal failure and segfault. I detected + this via a testbench test, not a user report. But I assume that some + users may have had unreproducable aborts that were cause by this bug. +- bugfix/improvement:$WorkDirectory now gracefully handles trailing slashes +- bugfix: memory leak in imtcp & subsystems under some circumstances + This leak is tied to error conditions which lead to incorrect cleanup + of some data structures. [backport from v6.3] +- bugfix: $ActionFileDefaultTemplate did not work + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=262 +--------------------------------------------------------------------------- +Version 6.1.8 [BETA] (rgerhards), 2011-05-20 +- official new beta version (note that in a sense 6.1.7 was already beta, + so we may release the first stable v6 earlier than usual) +- new module mmsnmptrapd, a sample message modification module +- import of minor bug fixes from v4 & v5 +--------------------------------------------------------------------------- +Version 6.1.7 [DEVEL] (rgerhards), 2011-04-15 +- added log classification capabilities (via mmnormalize & tags) +- speeded up tcp forwarding by reducing number of API calls + this especially speeds up TLS processing +- somewhat improved documentation index +- bugfix: enhanced imudp config processing code disabled due to wrong + merge (affected UDP realtime capabilities) +- bugfix (kind of): memory leak with tcp reception epoll handler + This was an extremely unlikely leak and, if it happened, quite small. + Still it is better to handle this border case. +- bugfix: IPv6-address could not be specified in omrelp + this was due to improper parsing of ":" + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=250 +- bugfix: do not open files with full privileges, if privs will be dropped + This make the privilege drop code more bulletproof, but breaks Ubuntu's + work-around for log files created by external programs with the wrong + user and/or group. Note that it was long said that this "functionality" + would break once we go for serious privilege drop code, so hopefully + nobody still depends on it (and, if so, they lost...). +- bugfix: pipes not opened in full priv mode when privs are to be dropped +--------------------------------------------------------------------------- +Version 6.1.6 [DEVEL] (rgerhards), 2011-03-14 +- enhanced omhdfs to support batching mode. This permits to increase + performance, as we now call the HDFS API with much larger message + sizes and far more infrequently +- improved testbench + among others, life tests for ommysql (against a test database) have + been added, valgrind-based testing enhanced, ... +- bugfix: minor memory leak in omlibdbi (< 1k per instance and run) +- bugfix: (regression) omhdfs did no longer compile +- bugfix: omlibdbi did not use password from rsyslog.con + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=203 +- systemd support somewhat improved (can now take over existing log sockt) +- bugfix: discard action did not work under some circumstances + fixes: http://bugzilla.adiscon.com/show_bug.cgi?id=217 +- bugfix: file descriptor leak in gnutls netstream driver + fixes: http://bugzilla.adiscon.com/show_bug.cgi?id=222 +- fixed compile problem in imtemplate + fixes: http://bugzilla.adiscon.com/show_bug.cgi?id=235 +--------------------------------------------------------------------------- +Version 6.1.5 [DEVEL] (rgerhards), 2011-03-04 +- improved testbench +- enhanced imtcp to use a pool of worker threads to process incoming + messages. This enables higher processing rates, especially in the TLS + case (where more CPU is needed for the crypto functions) +- added support for TLS (in anon mode) to tcpflood +- improved TLS error reporting +- improved TLS startup (Diffie-Hellman bits do not need to be generated, + as we do not support full anon key exchange -- we always need certs) +- bugfix: fixed a memory leak and potential abort condition + this could happen if multiple rulesets were used and some output batches + contained messages belonging to more than one ruleset. + fixes: http://bugzilla.adiscon.com/show_bug.cgi?id=226 + fixes: http://bugzilla.adiscon.com/show_bug.cgi?id=218 +- bugfix: memory leak when $RepeatedMsgReduction on was used + bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=225 +- bugfix: potential abort condition when $RepeatedMsgReduction set to on + as well as potentially in a number of other places where MsgDup() was + used. This only happened when the imudp input module was used and it + depended on name resolution not yet had taken place. In other words, + this was a strange problem that could lead to hard to diagnose + instability. So if you experience instability, chances are good that + this fix will help. +--------------------------------------------------------------------------- +Version 6.1.4 [DEVEL] (rgerhards), 2011-02-18 +- bugfix/omhdfs: directive $OMHDFSFileName rendered unusable + due to a search and replace-induced bug ;) +- bugfix: minor race condition in action.c - considered cosmetic + This is considered cosmetic as multiple threads tried to write exactly + the same value into the same memory location without sync. The method + has been changed so this can no longer happen. +- added pmsnare parser module (written by David Lang) +- enhanced imfile to support non-cancel input termination +- improved systemd socket activation thanks to Marius Tomaschewski +- improved error reporting for $WorkDirectory + non-existence and other detectable problems are now reported, + and the work directory is NOT set in this case +- bugfix: pmsnare caused abort under some conditions +- bugfix: abort if imfile reads file line of more than 64KiB + Thanks to Peter Eisentraut for reporting and analyzing this problem. + bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=221 +- bugfix: queue engine did not properly slow down inputs in FULL_DELAY mode + when in disk-assisted mode. This especially affected imfile, which + created unnecessarily queue files if a large set of input file data was + to process. +- bugfix: very long running actions could prevent shutdown under some + circumstances. This has now been solved, at least for common + situations. +- bugfix: fixed compile problem due to empty structs + this occurred only on some platforms/compilers. thanks to Dražen Kačar + for the fix +--------------------------------------------------------------------------- +Version 6.1.3 [DEVEL] (rgerhards), 2011-02-01 +- experimental support for mongodb added +- added $IMUDPSchedulingPolicy and $IMUDPSchedulingPriority config settings +- added $LocalHostName config directive +- improved tcpsrv performance by enabling multiple-entry epoll + so far, we always pulled a single event from the epoll interface. + Now 128, what should result in performance improvement (less API + calls) on busy systems. Most importantly affects imtcp. +- imptcp now supports non-cancel termination mode, a plus in stability +- imptcp speedup: multiple worker threads can now be used to read data +- new directive $InputIMPTcpHelperThreads added +- bugfix: fixed build problems on some platforms + namely those that have 32bit atomic operations but not 64 bit ones +- bugfix: local hostname was pulled too-early, so that some config + directives (namely FQDN settings) did not have any effect +- enhanced tcpflood to support multiple sender threads + this is required for some high-throughput scenarios (and necessary to + run some performance tests, because otherwise the sender is too slow). +- added some new custom parsers (snare, aix, some Cisco "specialities") + thanks to David Lang +--------------------------------------------------------------------------- +Version 6.1.2 [DEVEL] (rgerhards), 2010-12-16 +- added experimental support for log normalization (via liblognorm) + support for normalizing log messages has been added in the form of + mmnormalize. The core engine (property replacer, filter engine) has + been enhanced to support properties from normalized events. + Note: this is EXPERIMENTAL code. It is currently know that + there are issues if the functionality is used with + - disk-based queues + - asynchronous action queues + You can not use the new functionality together with these features. + This limitation will be removed in later releases. However, we + preferred to release early, so that one can experiment with the new + feature set and accepted the price that this means the full set of + functionality is not yet available. If not used together with + these features, log normalizing should be pretty stable. +- enhanced testing tool tcpflood + now supports sending via UDP and the capability to run multiple + iterations and generate statistics data records +- bugfix: potential abort when output modules with different parameter + passing modes were used in configured output modules +--------------------------------------------------------------------------- +Version 6.1.1 [DEVEL] (rgerhards), 2010-11-30 +- bugfix(important): problem in TLS handling could cause rsyslog to loop + in a tight loop, effectively disabling functionality and bearing the + risk of unresponsiveness of the whole system. + Bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=194 +- support for omhdfs officially added (import from 5.7.1) +- merged imuxsock improvements from 5.7.1 (see there) +- support for systemd officially added (import from 5.7.0) +- bugfix: a couple of problems that imfile had on some platforms, namely + Ubuntu (not their fault, but occurred there) +- bugfix: imfile utilizes 32 bit to track offset. Most importantly, + this problem can not experienced on Fedora 64 bit OS (which has + 64 bit long's!) +- a number of other bugfixes from older versions imported +--------------------------------------------------------------------------- +Version 6.1.0 [DEVEL] (rgerhards), 2010-08-12 + +*********************************** NOTE ********************************** +The v6 versions of rsyslog feature a greatly redesigned config system +which, among others, supports scoping. However, the initial version does +not contain the whole new system. Rather it will evolve. So it is +expected that interfaces, even new ones, break during the initial +6.x.y releases. +*********************************** NOTE ********************************** + +- added $Begin, $End and $ScriptScoping config scope statements + (at this time for actions only). +- added imptcp, a simplified, Linux-specific and potentially fast + syslog plain tcp input plugin (NOT supporting TLS!) + [ported from v4] +--------------------------------------------------------------------------- +Version 5.10.2 [V5-STABLE], 201?-??-?? +- bugfix: queue file size was not correctly processed + this could lead to using one queue file per message for sizes >2GiB + Thanks to Tomas Heinrich for the patch. +- updated systemd files to match current systemd source +- bugfix: spurios error messages from imuxsock about (non-error) EAGAIN + Thanks to Marius Tomaschewski for the patch. +- imklog: added $klogParseKernelTimestamp option + When enabled, kernel message [timestamp] is converted for message time. + Default is to use receive time as in 5.8.x and before, because the clock + used to create the timestamp is not supposed to be as accurate as the + monotonic clock (depends on hardware and kernel) resulting in differences + between kernel and system messages which occurred at same time. + Thanks to Marius Tomaschewski for the patch. +- imklog: added $klogKeepKernelTimestamp option + When enabled, the kernel [timestamp] remains at begin of + each message, even it is used for the message time too. + Thanks to Marius Tomaschewski for the patch. +- bugfix: imklog mistakenly took kernel timestamp subseconds as nanoseconds + ... actually, they are microseconds. So the fractional part of the + timestamp was not properly formatted. + Thanks to Marius Tomaschewski for the bug report and the patch idea. +- imklog: added $klogKeepKernelTimestamp option + When enabled, the kernel [timestamp] remains at begin of + each message, even it is used for the message time too. + Thanks to Marius Tomaschewski for the patch. +- bugfix: imklog mistakenly took kernel timestamp subseconds as nanoseconds + ... actually, they are microseconds. So the fractional part of the + timestamp was not properly formatted. + Thanks to Marius Tomaschewski for the bug report and the patch idea. +- bugfix: invalid DST handling under Solaris + Thanks to Scott Severtson for the patch. +- bugfix: invalid decrement in pm5424 could lead to log truncation + Thanks to Tomas Heinrich for the patch. +- bugfix[kind of]: omudpspoof discarded messages >1472 bytes (MTU size) + it now truncates these message, but ensures they are sent. Note that + 7.3.5+ will switch to fragmented UDP messages instead (up to 64K) +--------------------------------------------------------------------------- +Version 5.10.1 [V5-STABLE], 2012-10-17 +- bugfix: imuxsock and imklog truncated head of received message + This happened only under some circumstances. Thanks to Marius + Tomaschewski, Florian Piekert and Milan Bartos for their help in + solving this issue. +- enable DNS resolution in imrelp + Thanks to Apollon Oikonomopoulos for the patch +- bugfix: invalid property name in property-filter could cause abort + if action chaining (& operator) was used + http://bugzilla.adiscon.com/show_bug.cgi?id=355 + Thanks to pilou@gmx.com for the bug report +- bugfix: remove invalid socket option call from imuxsock + Thanks to Cristian Ionescu-Idbohrn and Jonny Törnbom +- bugfix: fixed wrong bufferlength for snprintf in tcpflood.c when using + the -f (dynafiles) option. +- fixed issues in build system (namely related to cust1 dummy plugin) +--------------------------------------------------------------------------- +Version 5.10.0 [V5-STABLE], 2012-08-23 + +NOTE: this is the new rsyslog v5-stable, incorporating all changes from the + 5.9.x series. In addition to that, it contains the fixes and + enhancements listed below in this entry. + +- bugfix: delayable source could block action queue, even if there was + a disk queue associated with it. The root cause of this problem was + that it makes no sense to delay messages once they arrive in the + action queue - the "input" that is being held in that case is the main + queue worker, what makes no sense. + Thanks to Marcin for alerting us on this problem and providing + instructions to reproduce it. +- bugfix: disk queue was not persisted on shutdown, regression of fix to + http://bugzilla.adiscon.com/show_bug.cgi?id=299 + The new code also handles the case of shutdown of blocking light and + full delayable sources somewhat smarter and permits, assuming sufficient + timeouts, to persist message up to the max queue capacity. Also some nits + in debug instrumentation have been fixed. +- add small delay (50ms) after sending shutdown message + There seem to be cases where the shutdown message is otherwise not + processed, not even on an idle system. Thanks to Marcin for + bringing this problem up. +- support for resolving huge groups + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=310 + Thanks to Alec Warner for the patch +- bugfix: potential hang due to mutex deadlock + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=316 + Thanks to Andreas Piesk for reporting&analyzing this bug as well as + providing patches and other help in resolving it. +- bugfix: property PROCID empty instead of proper nilvalue if not present + If it is not present, it must have the nilvalue "-" as of RFC5424 + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=332 + Thanks to John N for reporting this issue. +- bugfix: "last message repeated n times" message was missing hostname + Thanks to Zdenek Salvet for finding this bug and to Bodik for reporting +- bugfix: multiple main queues with same queue file name was not detected + This lead to queue file corruption. While the root cause is a config + error, it is a bug that this important and hard to find config error + was not detected by rsyslog. +--------------------------------------------------------------------------- +Version 5.9.7 [V5-BETA], 2012-05-10 +- added capability to specify substrings for field extraction mode +- bugfix: ommysql did not properly init/exit the mysql runtime library + this could lead to segfaults. Triggering condition: multiple action + instances using ommysql. Thanks to Tomas Heinrich for reporting this + problem and providing an initial patch (which my solution is based on, + I need to add more code to clean the mess up). +- bugfix: rsyslog did not terminate when delayable inputs were blocked + due to unavailable sources. Fixes: + http://bugzilla.adiscon.com/show_bug.cgi?id=299 + Thanks to Marcin M for bringing up this problem and Andre Lorbach + for helping to reproduce and fix it. +- bugfix/tcpflood: sending small test files did not work correctly +--------------------------------------------------------------------------- +Version 5.9.6 [V5-BETA], 2012-04-12 +- added configuration directives to customize queue light delay marks +- permit size modifiers (k,m,g,...) in integer config parameters + Thanks to Jo Rhett for the suggestion. +- bugfix: hostname was not requeried on HUP + Thanks to Per Jessen for reporting this bug and Marius Tomaschewski for + his help in testing the fix. +- bugfix: imklog invalidly computed facility and severity + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=313 +- bugfix: imptcp input name could not be set + config directive was accepted, but had no effect +- added configuration directive to disable octet-counted framing + for imtcp, directive is $InputTCPServerSupportOctetCountedFraming + for imptcp, directive is $InputPTCPServerSupportOctetCountedFraming +- added capability to use a local interface IP address as fromhost-ip for + locally originating messages. New directive $LocalHostIPIF +- added configuration directives to customize queue light delay marks + $MainMsgQueueLightDelayMark, $ActionQueueLightDelayMark; both + specify number of messages starting at which a delay happens. +--------------------------------------------------------------------------- +Version 5.9.5 [V5-DEVEL], 2012-01-27 +- improved impstats subsystem, added many new counters +- enhanced module loader to not rely on PATH_MAX +- refactored imklog linux driver, now combined with BSD driver + The Linux driver no longer supports outdated kernel symbol resolution, + which was disabled by default for very long. Also overall cleanup, + resulting in much smaller code. Linux and BSD are now covered by a + single small driver. +- $IMUXSockRateLimitInterval DEFAULT CHANGED, was 5, now 0 + The new default turns off rate limiting. This was chosen as people + experienced problems with rate-limiting activated by default. Now it + needs an explicit opt-in by setting this parameter. + Thanks to Chris Gaffney for suggesting to make it opt-in; thanks to + many unnamed others who already had complained at the time Chris made + the suggestion ;-) +--------------------------------------------------------------------------- +Version 5.9.4 [V5-DEVEL], 2011-11-29 +- imuxsock: added capability to "annotate" messages with "trusted + information", which contains some properties obtained from the system + and as such sure to not be faked. This is inspired by the similar idea + introduced in systemd. +- removed dependency on gcrypt for recently-enough GnuTLS + see: http://bugzilla.adiscon.com/show_bug.cgi?id=289 +- bugfix: imuxsock did no longer ignore message-provided timestamp, if + so configured (the *default*). Lead to no longer sub-second timestamps. + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=281 +- bugfix: omfile returns fatal error code for things that go really wrong + previously, RS_RET_RESUME was returned, which lead to a loop inside the + rule engine as omfile could not really recover. +- bugfix: rsyslogd -v always said 64 atomics were not present + thanks to mono_matsuko for the patch +--------------------------------------------------------------------------- +Version 5.9.3 [V5-DEVEL], 2011-09-01 +- bugfix/security: off-by-two bug in legacy syslog parser, CVE-2011-3200 +- bugfix: mark message processing did not work correctly +- added capability to emit config error location info for warnings + otherwise, omusrmsg's warning about new config format was not + accompanied by problem location. +- bugfix: potential misaddressing in property replacer +- bugfix: MSGID corruption in RFC5424 parser under some circumstances + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=275 +- bugfix: The NUL-Byte for the syslogtag was not copied in MsgDup (msg.c) +--------------------------------------------------------------------------- +Version 5.9.2 [V5-DEVEL] (rgerhards), 2011-07-11 +- systemd support: set stdout/stderr to null - thx to Lennart for the patch +- added support for the ":omusrmsg:" syntax in configuring user messages +- added support for the ":omfile:" syntax for actions +--------------------------------------------------------------------------- +Version 5.9.1 [V5-DEVEL] (rgerhards), 2011-06-30 +- added support for obtaining timestamp for kernel message from message + If the kernel time-stamps messages, time is now take from that + timestamp instead of the system time when the message was read. This + provides much better accuracy. Thanks to Lennart Poettering for + suggesting this feature and his help during implementation. +- added support for obtaining timestamp from system for imuxsock + This permits to read the time a message was submitted to the system + log socket. Most importantly, this is provided in microsecond resolution. + So we are able to obtain high precision timestampis even for messages + that were - as is usual - not formatted with them. This also simplifies + things in regard to local time calculation in chroot environments. + Many thanks to Lennart Poettering for suggesting this feature, + providing some guidance on implementing it and coordinating getting the + necessary support into the Linux kernel. +- bugfix: timestamp was incorrectly calculated for timezones with minute + offset + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=271 +- bugfix: problems in failover action handling + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=270 + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=254 +- bugfix: mutex was invalidly left unlocked during action processing + At least one case where this can occur is during thread shutdown, which + may be initiated by lower activity. In most cases, this is quite + unlikely to happen. However, if it does, data structures may be + corrupted which could lead to fatal failure and segfault. I detected + this via a testbench test, not a user report. But I assume that some + users may have had unreproducable aborts that were cause by this bug. +- bugfix: memory leak in imtcp & subsystems under some circumstances + This leak is tied to error conditions which lead to incorrect cleanup + of some data structures. [backport from v6] +- bugfix/improvement:$WorkDirectory now gracefully handles trailing slashes +--------------------------------------------------------------------------- +Version 5.9.0 [V5-DEVEL] (rgerhards), 2011-06-08 +- imfile: added $InputFileMaxLinesAtOnce directive +- enhanced imfile to support input batching +- added capability for imtcp and imptcp to activate keep-alive packets + at the socket layer. This has not been added to imttcp, as the latter is + only an experimental module, and one which did not prove to be useful. + reference: http://kb.monitorware.com/post20791.html +- added support to control KEEPALIVE settings in imptcp + this has not yet been added to imtcp, but could be done on request. +- $ActionName is now also used for naming of queues in impstats + as well as in the debug output +- bugfix: do not open files with full privileges, if privs will be dropped + This make the privilege drop code more bulletproof, but breaks Ubuntu's + work-around for log files created by external programs with the wrong + user and/or group. Note that it was long said that this "functionality" + would break once we go for serious privilege drop code, so hopefully + nobody still depends on it (and, if so, they lost...). +- bugfix: pipes not opened in full priv mode when privs are to be dropped +- this begins a new devel branch for v5 +- better handling of queue i/o errors in disk queues. This is kind of a + bugfix, but a very intrusive one, this it goes into the devel version + first. Right now, "file not found" is handled and leads to the new + emergency mode, in which disk action is stopped and the queue run + in direct mode. An error message is emited if this happens. +- added support for user-level PRI provided via systemd +- added new config directive $InputTCPFlowControl to select if tcp + received messages shall be flagged as light delayable or not. +- enhanced omhdfs to support batching mode. This permits to increase + performance, as we now call the HDFS API with much larger message + sizes and far more infrequently +- bugfix: failover did not work correctly if repeated msg reduction was on + affected directive was: $ActionExecOnlyWhenPreviousIsSuspended on + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=236 +--------------------------------------------------------------------------- +Version 5.8.13 [V5-stable] 2012-08-22 +- bugfix: DA queue could cause abort +- bugfix: "last message repeated n times" message was missing hostname + Thanks to Zdenek Salvet for finding this bug and to Bodik for reporting +- bugfix "$PreserveFQDN on" was not honored in some modules + Thanks to bodik for reporting this bug. +- bugfix: randomized IP option header in omudpspoof caused problems + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=327 + Thanks to Rick Brown for helping to test out the patch. +- bugfix: potential abort if output plugin logged message during shutdown + note that none of the rsyslog-provided plugins does this + Thanks to bodik and Rohit Prasad for alerting us on this bug and + analyzing it. + fixes: http://bugzilla.adiscon.com/show_bug.cgi?id=347 +- bugfix: multiple main queues with same queue file name was not detected + This lead to queue file corruption. While the root cause is a config + error, it is a bug that this important and hard to find config error + was not detected by rsyslog. +--------------------------------------------------------------------------- +Version 5.8.12 [V5-stable] 2012-06-06 +- add small delay (50ms) after sending shutdown message + There seem to be cases where the shutdown message is otherwise not + processed, not even on an idle system. Thanks to Marcin for + bringing this problem up. +- support for resolving huge groups + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=310 + Thanks to Alec Warner for the patch +- bugfix: delayable source could block action queue, even if there was + a disk queue associated with it. The root cause of this problem was + that it makes no sense to delay messages once they arrive in the + action queue - the "input" that is being held in that case is the main + queue worker, what makes no sense. + Thanks to Marcin for alerting us on this problem and providing + instructions to reproduce it. +- bugfix: disk queue was not persisted on shutdown, regression of fix to + http://bugzilla.adiscon.com/show_bug.cgi?id=299 + The new code also handles the case of shutdown of blocking light and + full delayable sources somewhat smarter and permits, assuming sufficient + timeouts, to persist message up to the max queue capacity. Also some nits + in debug instrumentation have been fixed. +- bugfix/omudpspoof: problems, including abort, happened when run on + multiple threads. Root cause is that libnet is not thread-safe. + omudpspoof now guards libnet calls with their own mutex. +- bugfix: if debug message could end up in log file when forking + if rsyslog was set to auto-background (thus fork, the default) and debug + mode to stdout was enabled, debug messages ended up in the first log file + opened. Currently, stdout logging is completely disabled in forking mode + (but writing to the debug log file is still possible). This is a change + in behavior, which is under review. If it causes problems to you, + please let us know. + Thanks to Tomas Heinrich for the patch. +- bugfix/tcpflood: sending small test files did not work correctly +- bugfix: potential hang due to mutex deadlock + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=316 + Thanks to Andreas Piesk for reporting&analyzing this bug as well as + providing patches and other help in resolving it. +- bugfix: property PROCID empty instead of proper nilvalue if not present + If it is not present, it must have the nilvalue "-" as of RFC5424 + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=332 + Thanks to John N for reporting this issue. +--------------------------------------------------------------------------- +Version 5.8.11 [V5-stable] 2012-05-03 +- bugfix: ommysql did not properly init/exit the mysql runtime library + this could lead to segfaults. Triggering condition: multiple action + instances using ommysql. Thanks to Tomas Heinrich for reporting this + problem and providing an initial patch (which my solution is based on, + I need to add more code to clean the mess up). +- bugfix: rsyslog did not terminate when delayable inputs were blocked + due to unavailable sources. Fixes: + http://bugzilla.adiscon.com/show_bug.cgi?id=299 + Thanks to Marcin M for bringing up this problem and Andre Lorbach + for helping to reproduce and fix it. +- bugfix: active input in "light delay state" could block rsyslog + termination, at least for prolonged period of time +- bugfix: imptcp input name could not be set + config directive was accepted, but had no effect +- bugfix: assigned ruleset was lost when using disk queues + This looked quite hard to diagnose for disk-assisted queues, as the + pure memory part worked well, but ruleset info was lost for messages + stored inside the disk queue. +- bugfix: hostname was not requeried on HUP + Thanks to Per Jessen for reporting this bug and Marius Tomaschewski for + his help in testing the fix. +- bugfix: inside queue.c, some thread cancel states were not correctly + reset. While this is a bug, we assume it did have no practical effect + because the reset as it was done was set to the state the code actually + had at this point. But better fix this... +--------------------------------------------------------------------------- +Version 5.8.10 [V5-stable] 2012-04-05 +- bugfix: segfault on startup if $actionqueuefilename was missing for disk + queue config + Thanks to Tomas Heinrich for the patch. +- bugfix: segfault if disk-queue was started up with old queue file + Thanks to Tomas Heinrich for the patch. +- bugfix: memory leak in array passing output module mode +--------------------------------------------------------------------------- +Version 5.8.9 [V5-stable] 2012-03-15 +- added tool to recover disk queue if .qi file is missing (recover_qi.pl) + Thanks to Kaiwang Chen for contributing this tool +- bugfix: stopped DA queue was never processed after a restart due to a + regression from statistics module +- added better doc for statsobj interface + Thanks to Kaiwang Chen for his suggestions and analysis in regard to the + stats subsystem. +--------------------------------------------------------------------------- +Version 5.8.8 [V5-stable] 2012-03-05 +- added capability to use a local interface IP address as fromhost-ip for + imuxsock imklog + new config directives: $IMUXSockLocalIPIF, $klogLocalIPIF +- added configuration directives to customize queue light delay marks + $MainMsgQueueLightDelayMark, $ActionQueueLightDelayMark; both + specify number of messages starting at which a delay happens. +- bugfix: omprog made rsyslog abort on startup if not binary to + execute was configured +- bugfix: imklog invalidly computed facility and severity + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=313 +--------------------------------------------------------------------------- +Version 5.8.7 [V5-stable] 2012-01-17 +- bugfix: instabilities when using RFC5424 header fields + Thanks to Kaiwang Chen for the patch +- bugfix: imuxsock did truncate part of received message if it did not + contain a proper date. The truncation occurred because we removed that + part of the messages that was expected to be the date. + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=295 +- bugfix: potential abort after reading invalid X.509 certificate + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=290 + Thanks to Tomas Heinrich for the patch +- bugfix: stats counter were not properly initialized on creation +- FQDN hostname for multihomed host was not always set to the correct name + if multiple aliases existed. Thanks to Tomas Heinreich for the patch. +- re-licensed larger parts of the codebase under the Apache license 2.0 +--------------------------------------------------------------------------- +Version 5.8.6 [V5-stable] 2011-10-21 +- bugfix: missing whitespace after property-based filter was not detected +- bugfix: $OMFileFlushInterval period was doubled - now using correct value +- bugfix: ActionQueue could malfunction due to index error + Thanks to Vlad Grigorescu for the patch +- bugfix: $ActionExecOnlyOnce interval did not work properly + Thanks to Tomas Heinrich for the patch +- bugfix: race condition when extracting program name, APPNAME, structured + data and PROCID (RFC5424 fields) could lead to invalid characters e.g. + in dynamic file names or during forwarding (general malfunction of these + fields in templates, mostly under heavy load) +- bugfix: imuxsock did no longer ignore message-provided timestamp, if + so configured (the *default*). Lead to no longer sub-second timestamps. + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=281 +- bugfix: omfile returns fatal error code for things that go really wrong + previously, RS_RET_RESUME was returned, which lead to a loop inside the + rule engine as omfile could not really recover. +- bugfix: imfile did invalid system call under some circumstances + when a file that was to be monitored did not exist BUT the state file + actually existed. Mostly a cosmetic issue. Root cause was incomplete + error checking in stream.c; so patch may affect other code areas. +- bugfix: rsyslogd -v always said 64 atomics were not present + thanks to mono_matsuko for the patch +--------------------------------------------------------------------------- +Version 5.8.5 [V5-stable] (rgerhards/al), 2011-09-01 +- bugfix/security: off-by-two bug in legacy syslog parser, CVE-2011-3200 +- bugfix: mark message processing did not work correctly +- bugfix: potential hang condition during tag emulation +- bugfix: too-early string termination during tag emulation +- bugfix: The NUL-Byte for the syslogtag was not copied in MsgDup (msg.c) +- bugfix: fixed incorrect state handling for Discard Action (transactions) + Note: This caused all messages in a batch to be set to COMMITTED, + even if they were discarded. +--------------------------------------------------------------------------- +Version 5.8.4 [V5-stable] (al), 2011-08-10 +- bugfix: potential misaddressing in property replacer +- bugfix: memcpy overflow can occur in allowed sender checking + if a name is resolved to IPv4-mapped-on-IPv6 address + Found by Ismail Dönmez at suse +- bugfix: potential misaddressing in property replacer +- bugfix: MSGID corruption in RFC5424 parser under some circumstances + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=275 +--------------------------------------------------------------------------- +Version 5.8.3 [V5-stable] (rgerhards), 2011-07-11 +- systemd support: set stdout/stderr to null - thx to Lennart for the patch +- added support for the ":omusrmsg:" syntax in configuring user messages +- added support for the ":omfile:" syntax for actions + Note: previous outchannel syntax will generate a warning message. This + may be surprising to some users, but it is quite urgent to alert them + of the new syntax as v6 can no longer support the previous one. +--------------------------------------------------------------------------- +Version 5.8.2 [V5-stable] (rgerhards), 2011-06-21 +- bugfix: problems in failover action handling + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=270 + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=254 +- bugfix: mutex was invalidly left unlocked during action processing + At least one case where this can occur is during thread shutdown, which + may be initiated by lower activity. In most cases, this is quite + unlikely to happen. However, if it does, data structures may be + corrupted which could lead to fatal failure and segfault. I detected + this via a testbench test, not a user report. But I assume that some + users may have had unreproducable aborts that were cause by this bug. +- bugfix: memory leak in imtcp & subsystems under some circumstances + This leak is tied to error conditions which lead to incorrect cleanup + of some data structures. [backport from v6] +- bugfix/improvement:$WorkDirectory now gracefully handles trailing slashes +--------------------------------------------------------------------------- +Version 5.8.1 [V5-stable] (rgerhards), 2011-05-19 +- bugfix: invalid processing in QUEUE_FULL condition + If the the multi-submit interface was used and a QUEUE_FULL condition + occurred, the failed message was properly destructed. However, the + rest of the input batch, if it existed, was not processed. So this + lead to potential loss of messages and a memory leak. The potential + loss of messages was IMHO minor, because they would have been dropped + in most cases due to the queue remaining full, but very few lucky ones + from the batch may have made it. Anyhow, this has now been changed so + that the rest of the batch is properly tried to be enqueued and, if + not possible, destructed. +- new module mmsnmptrapd, a sample message modification module + This can be useful to reformat snmptrapd messages and also serves as + a sample for how to write message modification modules using the + output module interface. Note that we introduced this new + functionality directly into the stable release, as it does not + modify the core and as such cannot have any side-effects if it is + not used (and thus the risk is solely on users requiring that + functionality). +- bugfix: rate-limiting inside imuxsock did not work 100% correct + reason was that a global config variable was invalidly accessed where a + listener variable should have been used. + Also performance-improved the case when rate limiting is turned off (this + is a very unintrusive change, thus done directly to the stable version). +- bugfix: $myhostname not available in RainerScript (and no error message) + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=233 +- bugfix: memory and file descriptor leak in stream processing + Leaks could occur under some circumstances if the file stream handler + errored out during the open call. Among others, this could cause very + big memory leaks if there were a problem with unreadable disk queue + files. In regard to the memory leak, this + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=256 +- bugfix: doc for impstats had wrong config statements + also, config statements were named a bit inconsistent, resolved that + problem by introducing an alias and only documenting the consistent + statements + Thanks to Marcin for bringing up this problem. +- bugfix: IPv6-address could not be specified in omrelp + this was due to improper parsing of ":" + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=250 +- bugfix: TCP connection invalidly aborted when messages needed to be + discarded (due to QUEUE_FULL or similar problem) +- bugfix: $LocalHostName was not honored under all circumstances + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=258 +- bugfix(minor): improper template function call in syslogd.c +--------------------------------------------------------------------------- +Version 5.8.0 [V5-stable] (rgerhards), 2011-04-12 + +This is the new v5-stable branch, importing all feature from the 5.7.x +versions. To see what has changed in regard to the previous v5-stable, +check the Changelog for 5.7.x below. + +- bugfix: race condition in deferred name resolution + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=238 + Special thanks to Marcin for his persistence in helping to solve this + bug. +- bugfix: DA queue was never shutdown once it was started + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=241 +--------------------------------------------------------------------------- +Version 5.7.10 [V5-BETA] (rgerhards), 2011-03-29 +- bugfix: ompgsql did not work properly with ANSI SQL strings + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=229 +- bugfix: rsyslog did not build with --disable-regexp configure option + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=243 +- bugfix: PRI was invalid on Solaris for message from local log socket +- enhance: added $BOM system property to ease writing byte order masks +- bugfix: RFC5424 parser confused by empty structured data + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=237 +- bugfix: error return from strgen caused abort, now causes action to be + ignored (just like a failed filter) +- new sample plugin for a strgen to generate sql statement consumable + by a database plugin +- bugfix: strgen could not be used together with database outputs + because the sql/stdsql option could not be specified. This has been + solved by permitting the strgen to include the opton inside its name. + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=195 +--------------------------------------------------------------------------- +Version 5.7.9 [V5-BETA] (rgerhards), 2011-03-16 +- improved testbench + among others, life tests for ommysql (against a test database) have + been added, valgrind-based testing enhanced, ... +- enhance: fallback *at runtime* to epoll_create if epoll_create1 is not + available. Thanks to Michael Biebl for analysis and patch! +- bugfix: failover did not work correctly if repeated msg reduction was on + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=236 + affected directive was: $ActionExecOnlyWhenPreviousIsSuspended on +- bugfix: minor memory leak in omlibdbi (< 1k per instance and run) +- bugfix: (regression) omhdfs did no longer compile +- bugfix: omlibdbi did not use password from rsyslog.conf + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=203 +--------------------------------------------------------------------------- +Version 5.7.8 [V5-BETA] (rgerhards), 2011-03-09 +- systemd support somewhat improved (can now take over existing log sockt) +- bugfix: discard action did not work under some circumstances + fixes: http://bugzilla.adiscon.com/show_bug.cgi?id=217 +- bugfix: file descriptor leak in gnutls netstream driver + fixes: http://bugzilla.adiscon.com/show_bug.cgi?id=222 +--------------------------------------------------------------------------- +Version 5.7.7 [V5-BETA] (rgerhards), 2011-03-02 +- bugfix: potential abort condition when $RepeatedMsgReduction set to on + as well as potentially in a number of other places where MsgDup() was + used. This only happened when the imudp input module was used and it + depended on name resolution not yet had taken place. In other words, + this was a strange problem that could lead to hard to diagnose + instability. So if you experience instability, chances are good that + this fix will help. +--------------------------------------------------------------------------- +Version 5.7.6 [V5-BETA] (rgerhards), 2011-02-25 +- bugfix: fixed a memory leak and potential abort condition + this could happen if multiple rulesets were used and some output batches + contained messages belonging to more than one ruleset. + fixes: http://bugzilla.adiscon.com/show_bug.cgi?id=226 + fixes: http://bugzilla.adiscon.com/show_bug.cgi?id=218 +- bugfix: memory leak when $RepeatedMsgReduction on was used + bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=225 +--------------------------------------------------------------------------- +Version 5.7.5 [V5-BETA] (rgerhards), 2011-02-23 +- enhance: imfile did not yet support multiple rulesets, now added + we do this directly in the beta because a) it does not affect existing + functionality and b) one may argue that this missing functionality is + close to a bug. +- improved testbench, added tests for imuxsock +- bugfix: imuxsock did no longer sanitize received messages + This was a regression from the imuxsock partial rewrite. Happened + because the message is no longer run through the standard parsers. + bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=224 +- bugfix: minor race condition in action.c - considered cosmetic + This is considered cosmetic as multiple threads tried to write exactly + the same value into the same memory location without sync. The method + has been changed so this can no longer happen. +--------------------------------------------------------------------------- +Version 5.7.4 [V5-BETA] (rgerhards), 2011-02-17 +- added pmsnare parser module (written by David Lang) +- enhanced imfile to support non-cancel input termination +- improved systemd socket activation thanks to Marius Tomaschewski +- improved error reporting for $WorkDirectory + non-existence and other detectable problems are now reported, + and the work directory is NOT set in this case +- bugfix: pmsnare caused abort under some conditions +- bugfix: abort if imfile reads file line of more than 64KiB + Thanks to Peter Eisentraut for reporting and analyzing this problem. + bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=221 +- bugfix: queue engine did not properly slow down inputs in FULL_DELAY mode + when in disk-assisted mode. This especially affected imfile, which + created unnecessarily queue files if a large set of input file data was + to process. +- bugfix: very long running actions could prevent shutdown under some + circumstances. This has now been solved, at least for common + situations. +- bugfix: fixed compile problem due to empty structs + this occurred only on some platforms/compilers. thanks to Dražen Kačar + for the fix +--------------------------------------------------------------------------- +Version 5.7.3 [V5-BETA] (rgerhards), 2011-02-07 +- added support for processing multi-line messages in imfile +- added $IMUDPSchedulingPolicy and $IMUDPSchedulingPriority config settings +- added $LocalHostName config directive +- bugfix: fixed build problems on some platforms + namely those that have 32bit atomic operations but not 64 bit ones +- bugfix: local hostname was pulled too-early, so that some config + directives (namely FQDN settings) did not have any effect +- bugfix: imfile did duplicate messages under some circumstances +- added $OMMySQLConfigFile config directive +- added $OMMySQLConfigSection config directive +--------------------------------------------------------------------------- +Version 5.7.2 [V5-DEVEL] (rgerhards), 2010-11-26 +- bugfix(important): problem in TLS handling could cause rsyslog to loop + in a tight loop, effectively disabling functionality and bearing the + risk of unresponsiveness of the whole system. + Bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=194 +- bugfix: imfile state file was not written when relative file name + for it was specified +- bugfix: compile failed on systems without epoll_create1() + Thanks to David Hill for providing a fix. +- bugfix: atomic increment for msg object may not work correct on all + platforms. Thanks to Chris Metcalf for the patch +- bugfix: replacements for atomic operations for non-int sized types had + problems. At least one instance of that problem could potentially lead + to abort (inside omfile). +--------------------------------------------------------------------------- +Version 5.7.1 [V5-DEVEL] (rgerhards), 2010-10-05 +- support for Hadoop's HDFS added (via omhdfs) +- imuxsock now optionally use SCM_CREDENTIALS to pull the pid from the log + socket itself + (thanks to Lennart Poettering for the suggesting this feature) +- imuxsock now optionally uses per-process input rate limiting, guarding the + user against processes spamming the system log + (thanks to Lennart Poettering for suggesting this feature) +- added new config statements + * $InputUnixListenSocketUsePIDFromSystem + * $SystemLogUsePIDFromSystem + * $SystemLogRateLimitInterval + * $SystemLogRateLimitBurst + * $SystemLogRateLimitSeverity + * $IMUxSockRateLimitInterval + * $IMUxSockRateLimitBurst + * $IMUxSockRateLimitSeverity +- imuxsock now supports up to 50 different sockets for input +- some code cleanup in imuxsock (consider this a release a major + modification, especially if problems show up) +- bugfix: /dev/log was unlinked even when passed in from systemd + in which case it should be preserved as systemd owns it +--------------------------------------------------------------------------- +Version 5.7.0 [V5-DEVEL] (rgerhards), 2010-09-16 +- added module impstat to emit periodic statistics on rsyslog counters +- support for systemd officially added + * acquire /dev/log socket optionally from systemd + thanks to Lennart Poettering for this patch + * sd-systemd API added as part of rsyslog runtime library +--------------------------------------------------------------------------- +Version 5.6.5 [V5-STABLE] (rgerhards), 2011-03-22 +- bugfix: failover did not work correctly if repeated msg reduction was on + affected directive was: $ActionExecOnlyWhenPreviousIsSuspended on + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=236 +- bugfix: omlibdbi did not use password from rsyslog.con + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=203 +- bugfix(kind of): tell users that config graph can currently not be + generated + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=232 +- bugfix: discard action did not work under some circumstances + fixes: http://bugzilla.adiscon.com/show_bug.cgi?id=217 + (backport from 5.7.8) +--------------------------------------------------------------------------- +Version 5.6.4 [V5-STABLE] (rgerhards), 2011-03-03 +- bugfix: potential abort condition when $RepeatedMsgReduction set to on + as well as potentially in a number of other places where MsgDup() was + used. This only happened when the imudp input module was used and it + depended on name resolution not yet had taken place. In other words, + this was a strange problem that could lead to hard to diagnose + instability. So if you experience instability, chances are good that + this fix will help. +- bugfix: fixed a memory leak and potential abort condition + this could happen if multiple rulesets were used and some output batches + contained messages belonging to more than one ruleset. + fixes: http://bugzilla.adiscon.com/show_bug.cgi?id=226 + fixes: http://bugzilla.adiscon.com/show_bug.cgi?id=218 +- bugfix: memory leak when $RepeatedMsgReduction on was used + bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=225 +--------------------------------------------------------------------------- +Version 5.6.3 [V5-STABLE] (rgerhards), 2011-01-26 +- bugfix: action processor released memory too early, resulting in + potential issue in retry cases (but very unlikely due to another + bug, which I also fixed -- only after the fix this problem here + became actually visible). +- bugfix: batch processing flagged invalid message as "bad" under some + circumstances +- bugfix: uninitialized variable could cause issues under extreme conditions + plus some minor nits. This was found after a clang static code analyzer + analysis (great tool, and special thanks to Marcin for telling me about + it!) +- bugfix: batches which had actions in error were not properly retried in + all cases +- bugfix: imfile did duplicate messages under some circumstances +- bugfix: testbench was not activated if no Java was present on system + ... what actually was a left-over. Java is no longer required. +--------------------------------------------------------------------------- +Version 5.6.2 [V5-STABLE] (rgerhards), 2010-11-30 +- bugfix: compile failed on systems without epoll_create1() + Thanks to David Hill for providing a fix. +- bugfix: atomic increment for msg object may not work correct on all + platforms. Thanks to Chris Metcalf for the patch +- bugfix: replacements for atomic operations for non-int sized types had + problems. At least one instance of that problem could potentially lead + to abort (inside omfile). +- added the $InputFilePersistStateInterval config directive to imfile +- changed imfile so that the state file is never deleted (makes imfile + more robust in regard to fatal failures) +- bugfix: a slightly more informative error message when a TCP + connections is aborted +--------------------------------------------------------------------------- +Version 5.6.1 [V5-STABLE] (rgerhards), 2010-11-24 +- bugfix(important): problem in TLS handling could cause rsyslog to loop + in a tight loop, effectively disabling functionality and bearing the + risk of unresponsiveness of the whole system. + Bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=194 +- permitted imptcp to work on systems which support epoll(), but not + epoll_create(). + Bug: http://bugzilla.adiscon.com/show_bug.cgi?id=204 + Thanks to Nicholas Brink for reporting this problem. +- bugfix: testbench failed if imptcp was not enabled +- bugfix: segfault when an *empty* template was used + Bug: http://bugzilla.adiscon.com/show_bug.cgi?id=206 + Thanks to David Hill for alerting us. +- bugfix: compile failed with --enable-unlimited-select + thanks varmojfekoj for the patch +--------------------------------------------------------------------------- +Version 5.6.0 [V5-STABLE] (rgerhards), 2010-10-19 + +This release brings all changes and enhancements of the 5.5.x series +to the v5-stable branch. + +- bugfix: a couple of problems that imfile had on some platforms, namely + Ubuntu (not their fault, but occurred there) +- bugfix: imfile utilizes 32 bit to track offset. Most importantly, + this problem can not experienced on Fedora 64 bit OS (which has + 64 bit long's!) +--------------------------------------------------------------------------- +Version 5.5.7 [V5-BETA] (rgerhards), 2010-08-09 +- changed omudpspoof default spoof address to simplify typical use case + thanks to David Lang for suggesting this +- doc bugfix: pmlastmsg doc samples had errors +- bugfix[minor]: pmrfc3164sd had invalid name (resided in rsyslog name + space, what should not be the case for a contributed module) +- added omuxsock, which permits to write message to local Unix sockets + this is the counterpart to imuxsock, enabling fast local forwarding +--------------------------------------------------------------------------- +Version 5.5.6 [DEVEL] (rgerhards), 2010-07-21 +- added parser modules + * pmlastmsg, which supports the notoriously malformed "last message + repeated n times" messages from some syslogd's (namely sysklogd) + * pmrfc3164sd (contributed), supports RFC5424 structured data in + RFC3164 messages [untested] +- added new module type "string generator", used to speed up output + processing. Expected speedup for (typical) rsyslog processing is + roughly 5 to 6 percent compared to using string-based templates. + They may also be used to do more complex formatting with custom + C code, what provided greater flexibility and probably far higher + speed, for example if using multiple regular expressions within a + template. +- added 4 string generators for + * RSYSLOG_FileFormat + * RSYSLOG_TraditionalFileFormat + * RSYSLOG_ForwardFormat + * RSYSLOG_TraditionalForwardFormat +- bugfix: mutexes used to simulate atomic instructions were not destructed +- bugfix: regression caused more locking action in msg.c than necessary +- bugfix: "$ActionExecOnlyWhenPreviousIsSuspended on" was broken +- bugfix: segfault on HUP when "HUPIsRestart" was set to "on" + thanks varmojfekoj for the patch +- bugfix: default for $OMFileFlushOnTXEnd was wrong ("off"). + This, in default mode, caused buffered writing to be used, what + means that it looked like no output were written or partial + lines. Thanks to Michael Biebl for pointing out this bug. +- bugfix: programname filter in ! configuration can not be reset + Thanks to Kiss Gabor for the patch. +--------------------------------------------------------------------------- +Version 5.5.5 [DEVEL] (rgerhards), 2010-05-20 +- added new cancel-reduced action thread termination method + We now manage to cancel threads that block inside a retry loop to + terminate without the need to cancel the thread. Avoiding cancellation + helps keep the system complexity minimal and thus provides for better + stability. This also solves some issues with improper shutdown when + inside an action retry loop. +--------------------------------------------------------------------------- +Version 5.5.4 [DEVEL] (rgerhards), 2010-05-03 +- This version offers full support for Solaris on Intel and Sparc +- bugfix: problems with atomic operations emulation + replaced atomic operation emulation with new code. The previous code + seemed to have some issue and also limited concurrency severely. The + whole atomic operation emulation has been rewritten. +- bugfix: netstream ptcp support class was not correctly build on systems + without epoll() support +- bugfix: segfault on Solaris/Sparc +--------------------------------------------------------------------------- +Version 5.5.3 [DEVEL] (rgerhards), 2010-04-09 +- added basic but functional support for Solaris +- imported many bugfixes from 3.6.2/4.6.1 (see ChangeLog below!) +- added new property replacer option "date-rfc3164-buggyday" primarily + to ease migration from syslog-ng. See property replacer doc for + details. +- added capability to turn off standard LF delimiter in TCP server + via new directive "$InputTCPServerDisableLFDelimiter on" +- bugfix: failed to compile on systems without epoll support +- bugfix: comment char ('#') in literal terminated script parsing + and thus could not be used. + but tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=119 + [merged in from v3.22.2] +- imported patches from 4.6.0: + * improved testbench to contain samples for totally malformed messages + which miss parts of the message content + * bugfix: some malformed messages could lead to a missing LF inside files + or some other missing parts of the template content. + * bugfix: if a message ended immediately with a hostname, the hostname + was mistakenly interpreted as TAG, and localhost be used as hostname +--------------------------------------------------------------------------- +Version 5.5.2 [DEVEL] (rgerhards), 2010-02-05 +- applied patches that make rsyslog compile under Apple OS X. + Thanks to trey for providing these. +- replaced data type "bool" by "sbool" because this created some + portability issues. +- added $Escape8BitCharactersOnReceive directive + Thanks to David Lang for suggesting it. +- worked around an issue where omfile failed to compile on 32 bit platforms + under some circumstances (this smells like a gcc problem, but a simple + solution was available). Thanks to Kenneth Marshall for some advice. +- extended testbench +--------------------------------------------------------------------------- +Version 5.5.1 [DEVEL] (rgerhards), 2009-11-27 +- introduced the ability for netstream drivers to utilize an epoll interface + This offers increased performance and removes the select() FDSET size + limit from imtcp. Note that we fall back to select() if there is no + epoll netstream drivers. So far, an epoll driver has only been + implemented for plain tcp syslog, the rest will follow once the code + proves well in practice AND there is demand. +- re-implemented $EscapeControlCharacterTab config directive + Based on Jonathan Bond-Caron's patch for v4. This now also includes some + automated tests. +- bugfix: enabling GSSServer crashes rsyslog startup + Thanks to Tomas Kubina for the patch [imgssapi] +- bugfix (kind of): check if TCP connection is still alive if using TLS + Thanks to Jonathan Bond-Caron for the patch. +--------------------------------------------------------------------------- +Version 5.5.0 [DEVEL] (rgerhards), 2009-11-18 +- moved DNS resolution code out of imudp and into the backend processing + Most importantly, DNS resolution now never happens if the resolved name + is not required. Note that this applies to imudp - for the other inputs, + DNS resolution almost comes for free, so we do not do it there. However, + the new method has been implemented in a generic way and as such may + also be used by other modules in the future. +- added option to use unlimited-size select() calls + Thanks to varmojfekoj for the patch + This is not done in imudp, as it natively supports epoll(). +- doc: improved description of what loadable modules can do +--------------------------------------------------------------------------- +Version 5.4.2 [v5-stable] (rgerhards), 2010-03-?? +- bugfix(kind of): output plugin retry behavior could cause engine to loop + The rsyslog engine did not guard itself against output modules that do + not properly convey back the tryResume() behavior. This then leads to + what looks like an endless loop. I consider this to be a bug of the + engine not only because it should be hardened against plugin misbehavior, + but also because plugins may not be totally able to avoid this situation + (depending on the type of and processing done by the plugin). +- bugfix: testbench failed when not executed in UTC+1 timezone + accidentally, the time zone information was kept inside some + to-be-checked-for responses +- temporary bugfix replaced by permanent one for + message-induced off-by-one error (potential segfault) (see 4.6.2) + The analysis has been completed and a better fix been crafted and + integrated. +- bugfix(minor): status variable was uninitialized + However, this would have caused harm only if NO parser modules at + all were loaded, which would lead to a defunctional configuration + at all. And, even more important, this is impossible as two parser + modules are built-in and thus can not be "not loaded", so we always + have a minimum of two. +--------------------------------------------------------------------------- +Version 5.4.1 [v5-stable] (rgerhards), 2010-03-?? +- added new property replacer option "date-rfc3164-buggyday" primarily + to ease migration from syslog-ng. See property replacer doc for + details. [backport from 5.5.3 because urgently needed by some] +- imported all bugfixes vom 4.6.2 (see below) +--------------------------------------------------------------------------- +Version 5.4.0 [v5-stable] (rgerhards), 2010-03-08 +*************************************************************************** +* This is a new stable v5 version. It contains all fixes and enhancements * +* made during the 5.3.x phase as well as those listed below. * +* Note that the 5.2.x series was quite buggy and as such all users are * +* strongly advised to upgrade to 5.4.0. * +*************************************************************************** +- bugfix: omruleset failed to work in many cases + bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=179 + Thanks to Ryan B. Lynch for reporting this issue. +- bugfix: comment char ('#') in literal terminated script parsing + and thus could not be used. + but tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=119 + [merged in from v3.22.2] +--------------------------------------------------------------------------- +Version 5.3.7 [BETA] (rgerhards), 2010-01-27 +- bugfix: queues in direct mode could case a segfault, especially if an + action failed for action queues. The issue was an invalid increment of + a stack-based pointer which lead to destruction of the stack frame and + thus a segfault on function return. + Thanks to Michael Biebl for alerting us on this problem. +- bugfix: hostname accidentally set to IP address for some message sources, + for example imudp. Thanks to Anton for reporting this bug. [imported v4] +- bugfix: ompgsql had problems with transaction support, what actually + rendered it unusable. Thanks to forum user "horhe" for alerting me + on this bug and helping to debug/fix it! [imported from 5.3.6] +- bugfix: $CreateDirs variable not properly initialized, default thus + was random (but most often "on") [imported from v3] +- bugfix: potential segfaults during queue shutdown + (bugs require certain non-standard settings to appear) + Thanks to varmojfekoj for the patch [imported from 4.5.8] + [backport from 5.5.2] +- bugfix: wrong memory assignment for a config variable (probably + without causing any harm) [backport from 5.2.2] +- bugfix: rsyslog hangs when writing to a named pipe which nobody was + reading. Thanks to Michael Biebl for reporting this bug. + Bugzilla entry: http://bugzilla.adiscon.com/show_bug.cgi?id=169 + [imported from 4.5.8] +--------------------------------------------------------------------------- +Version 5.3.6 [BETA] (rgerhards), 2010-01-13 +- bugfix: ompgsql did not properly check the server connection in + tryResume(), which could lead to rsyslog running in a tight loop +- bugfix: suspension during beginTransaction() was not properly handled + by rsyslog core +- bugfix: omfile output was only written when buffer was full, not at + end of transaction +- bugfix: commit transaction was not properly conveyed to message layer, + potentially resulting in non-message destruction and thus hangs +- bugfix: enabling GSSServer crashes rsyslog startup + Thanks to Tomas Kubina for the patch [imgssapi] +- bugfix (kind of): check if TCP connection is still alive if using TLS + Thanks to Jonathan Bond-Caron for the patch. +- bugfix: $CreateDirs variable not properly initialized, default thus + was random (but most often "on") [imported from v3] +- bugfix: ompgsql had problems with transaction support, what actually + rendered it unusable. Thanks to forum user "horhe" for alerting me + on this bug and helping to debug/fix it! +- bugfix: memory leak when sending messages in zip-compressed format + Thanks to Naoya Nakazawa for analyzing this issue and providing a patch. +- worked around an issue where omfile failed to compile on 32 bit platforms + under some circumstances (this smells like a gcc problem, but a simple + solution was available). Thanks to Kenneth Marshall for some advice. + [backported from 5.5.x branch] +--------------------------------------------------------------------------- +Version 5.3.5 [BETA] (rgerhards), 2009-11-13 +- some light performance enhancement by replacing time() call with much + faster (at least under linux) gettimeofday() calls. +- some improvement of omfile performance with dynafiles + saved costly time() calls by employing a logical clock, which is + sufficient for the use case +- bugfix: omudpspoof miscalculated source and destination ports + while this was probably not noticed for source ports, it resulted in + almost all destination ports being wrong, except for the default port + of 514, which by virtue of its binary representation was calculated + correct (and probably thus the bug not earlier detected). +- bugfixes imported from earlier releases + * bugfix: named pipes did no longer work (they always got an open error) + this was a regression from the omfile rewrite in 4.5.0 + * bugfix(testbench): sequence check was not always performed correctly, + that could result in tests reporting success when they actually failed +- improved testbench: added tests for UDP forwarding and omudpspoof +- doc bugfix: omudpspoof had wrong config command names ("om" missing) +- bugfix [imported from 4.4.3]: $ActionExecOnlyOnceEveryInterval did + not work. +- [inport v4] improved testbench, contains now tcp and gzip test cases +- [import v4] added a so-called "On Demand Debug" mode, in which debug + output can be generated only after the process has started, but not right + from the beginning. This is assumed to be useful for hard-to-find bugs. + Also improved the doc on the debug system. +- bugfix: segfault on startup when -q or -Q option was given + [imported from v3-stable] +--------------------------------------------------------------------------- +Version 5.3.4 [DEVEL] (rgerhards), 2009-11-04 +- added the ability to create custom message parsers +- added $RulesetParser config directive that permits to bind specific + parsers to specific rulesets +- added omruleset output module, which provides great flexibility in + action processing. THIS IS A VERY IMPORTANT ADDITION, see its doc + for why. +- added the capability to have ruleset-specific main message queues + This offers considerable additional flexibility AND superior performance + (in cases where multiple inputs now can avoid lock contention) +- bugfix: correct default for escape ('#') character restored + This was accidentally changed to '\\', thanks to David Lang for reporting +- bugfix(testbench): testcase did not properly wait for rsyslogd shutdown + thus some unpredictable behavior and a false negative test result + could occur. +--------------------------------------------------------------------------- +Version 5.3.3 [DEVEL] (rgerhards), 2009-10-27 +- simplified and thus speeded up the queue engine, also fixed some + potential race conditions (in very unusual shutdown conditions) + along the way. The threading model has seriously changes, so there may + be some regressions. +- enhanced test environment (including testbench): support for enhancing + probability of memory addressing failure by using non-NULL default + value for malloced memory (optional, only if requested by configure + option). This helps to track down some otherwise undetected issues + within the testbench. +- bugfix: potential abort if inputname property was not set + primarily a problem of imdiag +- bugfix: message processing states were not set correctly in all cases + however, this had no negative effect, as the message processing state + was not evaluated when a batch was deleted, and that was the only case + where the state could be wrong. +--------------------------------------------------------------------------- +Version 5.3.2 [DEVEL] (rgerhards), 2009-10-21 +- enhanced omfile to support transactional interface. This will increase + performance in many cases. +- added multi-ruleset support to imudp +- re-enabled input thread termination handling that does avoid thread + cancellation where possible. This provides a more reliable mode of + rsyslogd termination (canceling threads my result in not properly + freed resources and potential later hangs, even though we perform + proper cancel handling in our code). This is part of an effort to + reduce thread cancellation as much as possible in rsyslog. + NOTE: the code previously written code for this functionality had a + subtle race condition. The new code solves that. +- enhanced immark to support non-cancel input module termination +- improved imudp so that epoll can be used in more environments, + fixed potential compile time problem if EPOLL_CLOEXEC is not available. +- some cleanup/slight improvement: + * changed imuxsock to no longer use deprecated submitAndParseMsg() IF + * changed submitAndParseMsg() interface to be a wrapper around the new + way of message creation/submission. This enables older plugins to be + used together with the new interface. The removal also enables us to + drop a lot of duplicate code, reducing complexity and increasing + maintainability. +- bugfix: segfault when starting up with an invalid .qi file for a disk queue + Failed for both pure disk as well as DA queues. Now, we emit an error + message and disable disk queueing facility. +- bugfix: potential segfault on messages with empty MSG part. This was a + recently introduced regression. +- bugfix: debug string larger than 1K were improperly displayed. Max size + is now 32K, and if a string is even longer it is meaningfully truncated. +--------------------------------------------------------------------------- +Version 5.3.1 [DEVEL] (rgerhards), 2009-10-05 +- added $AbortOnUncleanConfig directive - permits to prevent startup when + there are problems with the configuration file. See it's doc for + details. +- included some important fixes from v4-stable: + * bugfix: invalid handling of zero-sized messages + * bugfix: zero-sized UDP messages are no longer processed + * bugfix: random data could be appended to message + * bugfix: reverse lookup reduction logic in imudp do DNS queries too often +- bugfixes imported from 4.5.4: + * bugfix: potential segfault in stream writer on destruction + * bugfix: potential race in object loader (obj.c) during use/release + * bugfixes: potential problems in out file zip writer +--------------------------------------------------------------------------- +Version 5.3.0 [DEVEL] (rgerhards), 2009-09-14 +- begun to add simple GUI programs to gain insight into running rsyslogd + instances and help setup and troubleshooting (active via the + --enable-gui ./configure switch) +- changed imudp to utilize epoll(), where available. This shall provide + slightly better performance (just slightly because we called select() + rather infrequently on a busy system) +--------------------------------------------------------------------------- +Version 5.2.2 [v5-stable] (rgerhards), 2009-11-?? +- bugfix: enabling GSSServer crashes rsyslog startup + Thanks to Tomas Kubina for the patch [imgssapi] +--------------------------------------------------------------------------- +Version 5.2.1 [v5-stable] (rgerhards), 2009-11-02 +- bugfix [imported from 4.4.3]: $ActionExecOnlyOnceEveryInterval did + not work. +- bugfix: segfault on startup when -q or -Q option was given + [imported from v3-stable] +--------------------------------------------------------------------------- +Version 5.2.0 [v5-stable] (rgerhards), 2009-11-02 +This is a re-release of version 5.1.6 as stable after we did not get any bug +reports during the whole beta phase. Still, this first v5-stable may not be +as stable as one hopes for, I am not sure if we did not get bug reports +just because nobody tried it. Anyhow, we need to go forward and so we +have the initial v5-stable. +--------------------------------------------------------------------------- +Version 5.1.6 [v5-beta] (rgerhards), 2009-10-15 +- feature imports from v4.5.6 +- bugfix: potential race condition when queue worker threads were + terminated +- bugfix: solved potential (temporary) stall of messages when the queue was + almost empty and few new data added (caused testbench to sometimes hang!) +- fixed some race condition in testbench +- added more elaborate diagnostics to parts of the testbench +- bugfixes imported from 4.5.4: + * bugfix: potential segfault in stream writer on destruction + * bugfix: potential race in object loader (obj.c) during use/release + * bugfixes: potential problems in out file zip writer +- included some important fixes from 4.4.2: + * bugfix: invalid handling of zero-sized messages + * bugfix: zero-sized UDP messages are no longer processed + * bugfix: random data could be appended to message + * bugfix: reverse lookup reduction logic in imudp do DNS queries too often +--------------------------------------------------------------------------- +Version 5.1.5 [v5-beta] (rgerhards), 2009-09-11 +- added new config option $ActionWriteAllMarkMessages + this option permits to process mark messages under all circumstances, + even if an action was recently called. This can be useful to use mark + messages as a kind of heartbeat. +- added new config option $InputUnixListenSocketCreatePath + to permit the auto-creation of paths to additional log sockets. This + turns out to be useful if they reside on temporary file systems and + rsyslogd starts up before the daemons that create these sockets + (rsyslogd always creates the socket itself if it does not exist). +- added $LogRSyslogStatusMessages configuration directive + permitting to turn off rsyslog start/stop/HUP messages. See Debian + ticket http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463793 +- bugfix: hostnames with dashes in them were incorrectly treated as + malformed, thus causing them to be treated as TAG (this was a regression + introduced from the "rfc3164 strict" change in 4.5.0). Testbench has been + updated to include a sample message with a hostname containing a dash. +- bugfix: strings improperly reused, resulting in some message properties + be populated with strings from previous messages. This was caused by + an improper predicate check. +- added new config directive $omfileForceChown [import from 4.7.0] +--------------------------------------------------------------------------- +Version 5.1.4 [DEVEL] (rgerhards), 2009-08-20 +- legacy syslog parser changed so that it now accepts date stamps in + wrong case. Some devices seem to create them and I do not see any harm + in supporting that. +- added $InputTCPMaxListeners directive - permits to specify how many + TCP servers shall be possible (default is 20). +- bugfix: memory leak with some input modules. Those inputs that + use parseAndSubmitMsg() leak two small memory blocks with every message. + Typically, those process only relatively few messages, so the issue + does most probably not have any effect in practice. +- bugfix: if tcp listen port could not be created, no error message was + emitted +- bugfix: discard action did not work (did not discard messages) +- bugfix: discard action caused segfault +- bugfix: potential segfault in output file writer (omfile) + In async write mode, we use modular arithmetic to index the output + buffer array. However, the counter variables accidentally were signed, + thus resulting in negative indices after integer overflow. That in turn + could lead to segfaults, but was depending on the memory layout of + the instance in question (which in turn depended on a number of + variables, like compile settings but also configuration). The counters + are now unsigned (as they always should have been) and so the dangling + mis-indexing does no longer happen. This bug potentially affected all + installations, even if only some may actually have seen a segfault. +--------------------------------------------------------------------------- +Version 5.1.3 [DEVEL] (rgerhards), 2009-07-28 +- architecture change: queue now always has at least one worker thread + if not running in direct mode. Previous versions could run without + any active workers. This simplifies the code at a very small expense. + See v5 compatibility note document for more in-depth discussion. +- enhance: UDP spoofing supported via new output module omudpspoof + See the omudpspoof documentation for details and samples +- bugfix: message could be truncated after TAG, often when forwarding + This was a result of an internal processing error if maximum field + sizes had been specified in the property replacer. +- bugfix: minor static memory leak while reading configuration + did NOT leak based on message volume +- internal: added ability to terminate input modules not via pthread_cancel + but an alternate approach via pthread_kill. This is somewhat safer as we + do not need to think about the cancel-safeness of all libraries we use. + However, not all inputs can easily supported, so this now is a feature + that can be requested by the input module (the most important ones + request it). +--------------------------------------------------------------------------- +Version 5.1.2 [DEVEL] (rgerhards), 2009-07-08 +- bugfix: properties inputname, fromhost, fromhost-ip, msg were lost when + working with disk queues +- some performance enhancements +- bugfix: abort condition when RecvFrom was not set and message reduction + was on. Happened e.g. with imuxsock. +- added $klogConsoleLogLevel directive which permits to set a new + console log level while rsyslog is active +- some internal code cleanup +--------------------------------------------------------------------------- +Version 5.1.1 [DEVEL] (rgerhards), 2009-07-03 +- bugfix: huge memory leak in queue engine (made rsyslogd unusable in + production). Occurred if at least one queue was in direct mode + (the default for action queues) +- imported many performance optimizations from v4-devel (4.5.0) +- bugfix: subtle (and usually irrelevant) issue in timeout processing + timeout could be one second too early if nanoseconds wrapped +- set a more sensible timeout for shutdown, now 1.5 seconds to complete + processing (this also removes those cases where the shutdown message + was not written because the termination happened before it) +--------------------------------------------------------------------------- +Version 5.1.0 [DEVEL] (rgerhards), 2009-05-29 + +*********************************** NOTE ********************************** +The v5 versions of rsyslog feature a greatly redesigned queue engine. The +major theme for the v5 release is twofold: + +a) greatly improved performance +b) enable audit-grade processing + +Here, audit-grade processing means that rsyslog, if used together with +audit-grade transports and configured correctly, will never lose messages +that already have been acknowledged, not even in fatal failure cases like +sudden loss of power. + +Note that large parts of rsyslog's important core components have been +restructured to support these design goals. As such, early versions of +the engine will probably be less stable than the v3/v4 engine. + +Also note that the initial versions do not cover all and everything. As +usual, the code will evolve toward the final goal as version numbers +increase. +*********************************** NOTE ********************************** + +- redesigned queue engine so that it supports ultra-reliable operations + This resulted in a rewrite of large parts. The new capability can be + used to build audit-grade systems on the basis of rsyslog. +- added $MainMsgQueueDequeueBatchSize and $ActionQueueDequeueBatchSize + configuration directives +- implemented a new transactional output module interface which provides + superior performance (for databases potentially far superior performance) +- increased ompgsql performance by adapting to new transactional + output module interface +--------------------------------------------------------------------------- +Version 4.8.1 [v4-stable], 2011-09-?? +- increased max config file line size to 64k + We now also emit an error message if even 64k is not enough (not + doing so previously may rightfully be considered as a bug) +- bugfix: omprog made rsyslog abort on startup if not binary to + execute was configured +- bugfix: $ActionExecOnlyOnce interval did not work properly + Thanks to Tomas Heinrich for the patch +- bugfix: potential abort if ultra-large file io buffers are used and + dynafile cache exhausts address space (primarily a problem on 32 bit + platforms) +- bugfix: potential abort after reading invalid X.509 certificate + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=290 + Thanks to Tomas Heinrich for the patch. +- bugfix: potential fatal abort in omgssapi + Thanks to Tomas Heinrich for the patch. +- added doc for omprog +- FQDN hostname for multihomed host was not always set to the correct name + if multiple aliases existed. Thanks to Tomas Heinreich for the patch. +- re-licensed larger parts of the codebase under the Apache license 2.0 +--------------------------------------------------------------------------- +Version 4.8.0 [v4-stable] (rgerhards), 2011-09-07 +*************************************************************************** +* This is a new stable v4 version. It contains all fixes and enhancements * +* made during the 4.7.x phase as well as those listed below. * +* Note: major new development to v4 is concluded and will only be done * +* for custom projects. * +*************************************************************************** +There are no changes compared to 4.7.5, just a re-release with the new +version number as new v4-stable. The most important new feature is Solaris +support. +--------------------------------------------------------------------------- +Version 4.7.5 [v4-beta], 2011-09-01 +- bugfix/security: off-by-two bug in legacy syslog parser, CVE-2011-3200 +- bugfix: potential misaddressing in property replacer +- bugfix: The NUL-Byte for the syslogtag was not copied in MsgDup (msg.c) +--------------------------------------------------------------------------- +Version 4.7.4 [v4-beta] (rgerhards), 2011-07-11 +- added support for the ":omusrmsg:" syntax in configuring user messages +- added support for the ":omfile:" syntax in configuring user messages +- added $LocalHostName config directive +- bugfix: PRI was invalid on Solaris for message from local log socket +Version 4.7.3 [v4-devel] (rgerhards), 2010-11-25 +- added omuxsock, which permits to write message to local Unix sockets + this is the counterpart to imuxsock, enabling fast local forwarding +- added imptcp, a simplified, Linux-specific and potentially fast + syslog plain tcp input plugin (NOT supporting TLS!) +- bugfix: a couple of problems that imfile had on some platforms, namely + Ubuntu (not their fault, but occurred there) +- bugfix: imfile utilizes 32 bit to track offset. Most importantly, + this problem can not experienced on Fedora 64 bit OS (which has + 64 bit long's!) +- added the $InputFilePersistStateInterval config directive to imfile +- changed imfile so that the state file is never deleted (makes imfile + more robust in regard to fatal failures) +--------------------------------------------------------------------------- +Version 4.7.2 [v4-devel] (rgerhards), 2010-05-03 +- bugfix: problems with atomic operations emulation + replaced atomic operation emulation with new code. The previous code + seemed to have some issue and also limited concurrency severely. The + whole atomic operation emulation has been rewritten. +- added new $Sleep directive to hold processing for a couple of seconds + during startup +- bugfix: programname filter in ! configuration can not be reset + Thanks to Kiss Gabor for the patch. +--------------------------------------------------------------------------- +Version 4.7.1 [v4-devel] (rgerhards), 2010-04-22 +- Solaris support much improved -- was not truly usable in 4.7.0 + Solaris is no longer supported in imklog, but rather there is a new + plugin imsolaris, which is used to pull local log sources on a Solaris + machine. +- testbench improvement: Java is no longer needed for testing tool creation +--------------------------------------------------------------------------- +Version 4.7.0 [v4-devel] (rgerhards), 2010-04-14 +- new: support for Solaris added (but not yet the Solaris door API) +- added function getenv() to RainerScript +- added new config option $InputUnixListenSocketCreatePath + to permit the auto-creation of paths to additional log sockets. This + turns out to be useful if they reside on temporary file systems and + rsyslogd starts up before the daemons that create these sockets + (rsyslogd always creates the socket itself if it does not exist). +- added $LogRSyslogStatusMessages configuration directive + permitting to turn off rsyslog start/stop/HUP messages. See Debian + ticket http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463793 +- added new config directive $omfileForceChown to (try to) fix some broken + system configs. + See ticket for details: http://bugzilla.adiscon.com/show_bug.cgi?id=150 +- added $EscapeControlCharacterTab config directive + Thanks to Jonathan Bond-Caron for the patch. +- added option to use unlimited-size select() calls + Thanks to varmojfekoj for the patch +- debugondemand mode caused backgrounding to fail - close to a bug, but I'd + consider the ability to background in this mode a new feature... +- bugfix (kind of): check if TCP connection is still alive if using TLS + Thanks to Jonathan Bond-Caron for the patch. +- imported changes from 4.5.7 and below +- bugfix: potential segfault when -p command line option was used + Thanks for varmojfekoj for pointing me at this bug. +- imported changes from 4.5.6 and below +--------------------------------------------------------------------------- +Version 4.6.8 [v4-stable] (rgerhards), 2011-09-01 +- bugfix/security: off-by-two bug in legacy syslog parser, CVE-2011-3200 +- bugfix: potential misaddressing in property replacer +- bugfix: memcpy overflow can occur in allowed sender checking + if a name is resolved to IPv4-mapped-on-IPv6 address + Found by Ismail Dönmez at suse +- bugfix: The NUL-Byte for the syslogtag was not copied in MsgDup (msg.c) +--------------------------------------------------------------------------- +Version 4.6.7 [v4-stable] (rgerhards), 2011-07-11 +- added support for the ":omusrmsg:" syntax in configuring user messages +- added support for the ":omfile:" syntax for actions +--------------------------------------------------------------------------- +Version 4.6.6 [v4-stable] (rgerhards), 2011-06-24 +- bugfix: memory leak in imtcp & subsystems under some circumstances + This leak is tied to error conditions which lead to incorrect cleanup + of some data structures. [backport from v6, limited testing under v4] +- bugfix: invalid processing in QUEUE_FULL condition + If the the multi-submit interface was used and a QUEUE_FULL condition + occurred, the failed message was properly destructed. However, the + rest of the input batch, if it existed, was not processed. So this + lead to potential loss of messages and a memory leak. The potential + loss of messages was IMHO minor, because they would have been dropped + in most cases due to the queue remaining full, but very few lucky ones + from the batch may have made it. Anyhow, this has now been changed so + that the rest of the batch is properly tried to be enqueued and, if + not possible, destructed. +- bugfix: invalid storage type for config variables +- bugfix: stream driver mode was not correctly set on tcp output on big + endian systems. + thanks varmojfekoj for the patch +- bugfix: IPv6-address could not be specified in omrelp + this was due to improper parsing of ":" + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=250 +- bugfix: memory and file descriptor leak in stream processing + Leaks could occur under some circumstances if the file stream handler + errored out during the open call. Among others, this could cause very + big memory leaks if there were a problem with unreadable disk queue + files. In regard to the memory leak, this + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=256 +- bugfix: imfile potentially duplicates lines + This can happen when 0 bytes are read from the input file, and some + writer appends data to the file BEFORE we check if a rollover happens. + The check for rollover uses the inode and size as a criterion. So far, + we checked for equality of sizes, which is not given in this scenario, + but that does not indicate a rollover. From the source code comments: + Note that when we check the size, we MUST NOT check for equality. + The reason is that the file may have been written right after we + did try to read (so the file size has increased). That is NOT in + indicator of a rollover (this is an actual bug scenario we + experienced). So we need to check if the new size is smaller than + what we already have seen! + Also, under some circumstances an invalid truncation was detected. This + code has now been removed, a file change (and thus resent) is only + detected if the inode number changes. +- bugfix: a couple of problems that imfile had on some platforms, namely + Ubuntu (not their fault, but occurred there) +- bugfix: imfile utilizes 32 bit to track offset. Most importantly, + this problem can not experienced on Fedora 64 bit OS (which has + 64 bit long's!) +- bugfix: abort if imfile reads file line of more than 64KiB + Thanks to Peter Eisentraut for reporting and analyzing this problem. + bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=221 +- bugfix: omlibdbi did not use password from rsyslog.con + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=203 +- bugfix: TCP connection invalidly aborted when messages needed to be + discarded (due to QUEUE_FULL or similar problem) +- bugfix: a slightly more informative error message when a TCP + connections is aborted +- bugfix: timestamp was incorrectly calculated for timezones with minute + offset + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=271 +- some improvements thanks to clang's static code analyzer + o overall cleanup (mostly unnecessary writes and otherwise unused stuff) + o bugfix: fixed a very remote problem in msg.c which could occur when + running under extremely low memory conditions +--------------------------------------------------------------------------- +Version 4.6.5 [v4-stable] (rgerhards), 2010-11-24 +- bugfix(important): problem in TLS handling could cause rsyslog to loop + in a tight loop, effectively disabling functionality and bearing the + risk of unresponsiveness of the whole system. + Bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=194 +--------------------------------------------------------------------------- +Version 4.6.4 [v4-stable] (rgerhards), 2010-08-05 +- bugfix: zero-sized (empty) messages were processed by imtcp + they are now dropped as they always should have been +- bugfix: programname filter in ! configuration can not be reset + Thanks to Kiss Gabor for the patch. +--------------------------------------------------------------------------- +Version 4.6.3 [v4-stable] (rgerhards), 2010-07-07 +- improved testbench + - added test with truly random data received via syslog to test + robustness + - added new configure option that permits to disable and enable an + extended testbench +- bugfix: segfault on HUP when "HUPIsRestart" was set to "on" + thanks varmojfekoj for the patch +- bugfix: default for $OMFileFlushOnTXEnd was wrong ("off"). + This, in default mode, caused buffered writing to be used, what + means that it looked like no output were written or partial + lines. Thanks to Michael Biebl for pointing out this bug. +- bugfix: testbench failed when not executed in UTC+1 timezone + accidentally, the time zone information was kept inside some + to-be-checked-for responses +- temporary bugfix replaced by permanent one for + message-induced off-by-one error (potential segfault) (see 4.6.2) + The analysis has been completed and a better fix been crafted and + integrated. +- bugfix: the T/P/E config size specifiers did not work properly under + all 32-bit platforms +- bugfix: local unix system log socket was deleted even when it was + not configured +- some doc fixes; incorrect config samples could cause confusion + thanks to Anthony Edwards for pointing the problems out +--------------------------------------------------------------------------- +Version 4.6.2 [v4-stable] (rgerhards), 2010-03-26 +- new feature: "." action type added to support writing files to relative + paths (this is primarily meant as a debug aid) +- added replacements for atomic instructions on systems that do not + support them. [backport of Stefen Sledz' patch for v5) +- new feature: $OMFileAsyncWriting directive added + it permits to specify if asynchronous writing should be done or not +- bugfix(temporary): message-induced off-by-one error (potential segfault) + Some types of malformed messages could trigger an off-by-one error + (for example, \0 or \n as the last character, and generally control + character escaption is questionable). This is due to not strictly + following a the \0 or string counted string paradigm (during the last + optimization on the cstring class). As a temporary fix, we have + introduced a proper recalculation of the size. However, a final + patch is expected in the future. See bug tracker for further details + and when the final patch will be available: + http://bugzilla.adiscon.com/show_bug.cgi?id=184 + Note that the current patch is considered sufficient to solve the + situation, but it requires a bit more runtime than desirable. +- bugfix: potential segfault in dynafile cache + This bug was triggered by an open failure. The the cache was full and + a new entry needed to be placed inside it, a victim for eviction was + selected. That victim was freed, then the open of the new file tried. If + the open failed, the victim entry was still freed, and the function + exited. However, on next invocation and cache search, the victim entry + was used as if it were populated, most probably resulting in a segfault. +- bugfix: race condition during directory creation + If multiple files try to create a directory at (almost) the same time, + some of them may fail. This is a data race and also exists with other + processes that may create the same directory. We do now check for this + condition and gracefully handle it. +- bugfix: potential re-use of free()ed file stream object in omfile + when dynaCache is enabled, the cache is full, a new entry needs to + be allocated, thus the LRU discarded, then a new entry is opend and that + fails. In that case, it looks like the discarded stream may be reused + improperly (based on code analysis, test case and confirmation pending) +- added new property replacer option "date-rfc3164-buggyday" primarily + to ease migration from syslog-ng. See property replacer doc for + details. [backport from 5.5.3 because urgently needed by some] +- improved testbench +- bugfix: invalid buffer write in (file) stream class + currently being accessed buffer could be overwritten with new data. + While this probably did not cause access violations, it could case loss + and/or duplication of some data (definitely a race with no deterministic + outcome) +- bugfix: potential hang condition during filestream close + predicate was not properly checked when waiting for the background file + writer +- bugfix: improper synchronization when "$OMFileFlushOnTXEnd on" was used + Internal data structures were not properly protected due to missing + mutex calls. +- bugfix: potential data loss during file stream shutdown +- bugfix: potential problems during file stream shutdown + The shutdown/close sequence was not clean, what potentially (but + unlikely) could lead to some issues. We have not been able to describe + any fatal cases, but there was some bug potential. Sequence has now + been straighted out. +- bugfix: potential problem (loop, abort) when file write error occurred + When a write error occurred in stream.c, variable iWritten had the error + code but this was handled as if it were the actual number of bytes + written. That was used in pointer arithmetic later on, and thus could + lead to all sorts of problems. However, this could only happen if the + error was EINTR or the file in question was a tty. All other cases were + handled properly. Now, iWritten is reset to zero in such cases, resulting + in proper retries. +- bugfix: $omfileFlushOnTXEnd was turned on when set to off and vice + versa due to an invalid check +- bugfix: recent patch to fix small memory leak could cause invalid free. + This could only happen during config file parsing. +- bugfix(minor): handling of extremely large strings in dbgprintf() fixed + Previously, it could lead to garbage output and, in extreme cases, also + to segfaults. Note: this was a problem only when debug output was + actually enabled, so it caused no problem in production use. +- bugfix(minor): BSD_SO_COMPAT query function had some global vars not + properly initialized. However, in practice the loader initializes them + with zero, the desired value, so there were no actual issue in almost + all cases. +--------------------------------------------------------------------------- +Version 4.6.1 [v4-stable] (rgerhards), 2010-03-04 +- re-enabled old pipe output (using new module ompipe, built-in) after + some problems with pipes (and especially in regard to xconsole) were + discovered. Thanks to Michael Biebl for reporting the issues. +- bugfix: potential problems with large file support could cause segfault + ... and other weird problems. This seemed to affect 32bit-platforms + only, but I can not totally outrule there were issues on other + platforms as well. The previous code could cause system data types + to be defined inconsistently, and that could lead to various + troubles. Special thanks go to the Mandriva team for identifying + an initial problem, help discussing it and ultimately a fix they + contributed. +- bugfix: fixed problem that caused compilation on FreeBSD 9.0 to fail. + bugtracker: http://bugzilla.adiscon.com/show_bug.cgi?id=181 + Thanks to Christiano for reporting. +- bugfix: potential segfault in omfile when a dynafile open failed + In that case, a partial cache entry was written, and some internal + pointers (iCurrElt) not correctly updated. In the next iteration, that + could lead to a segfault, especially if iCurrElt then points to the + then-partial record. Not very likely, but could happen in practice. +- bugfix (theoretical): potential segfault in omfile under low memory + condition. This is only a theoretical bug, because it would only + happen when strdup() fails to allocate memory - which is highly + unlikely and will probably lead to all other sorts of errors. +- bugfix: comment char ('#') in literal terminated script parsing + and thus could not be used. + but tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=119 + [merged in from v3.22.2] +--------------------------------------------------------------------------- +Version 4.6.0 [v4-stable] (rgerhards), 2010-02-24 +*************************************************************************** +* This is a new stable v4 version. It contains all fixes and enhancements * +* made during the 4.5.x phase as well as those listed below. * +* Note: this version is scheduled to conclude the v4 development process. * +* Do not expect any more new developments in v4. The focus is now * +* on v5 (what also means we have a single devel branch again). * +* ("development" means new feature development, bug fixes are of * +* course provided for v4-stable) * +*************************************************************************** +- improved testbench to contain samples for totally malformed messages + which miss parts of the message content +- bugfix: some malformed messages could lead to a missing LF inside files + or some other missing parts of the template content. +- bugfix: if a message ended immediately with a hostname, the hostname + was mistakenly interpreted as TAG, and localhost be used as hostname +- bugfix: message without MSG part could case a segfault + [backported from v5 commit 98d1ed504ec001728955a5bcd7916f64cd85f39f] + This actually was a "recent" regression, but I did not realize that it + was introduced by the performance optimization in v4-devel. Shame on + me for having two devel versions at the same time... +--------------------------------------------------------------------------- +Version 4.5.8 [v4-beta] (rgerhards), 2010-02-10 +- enhanced doc for using PostgreSQL + Thanks to Marc Schiffbauer for the new/updated doc +- bugfix: property replacer returned invalid parameters under some (unusual) + conditions. In extreme cases, this could lead to garbled logs and/or + a system failure. +- bugfix: invalid length returned (often) when using regular expressions + inside the property replacer +- bugfix: submatch regex in property replacer did not honor "return 0 on + no match" config case +- bugfix: imuxsock incorrectly stated inputname "imudp" + Thanks to Ryan Lynch for reporting this. +- (slightly) enhanced support for FreeBSD by setting _PATH_MODDIR to + the correct value on FreeBSD. + Thanks to Cristiano for the patch. +- bugfix: -d did not enable display of debug messages + regression from introduction of "debug on demand" mode + Thanks to Michael Biebl for reporting this bug +- bugfix: blanks inside file names did not terminate file name parsing. + This could result in the whole rest of a line (including comments) + to be treated as file name in "write to file" actions. + Thanks to Jack for reporting this issue. +- bugfix: rsyslog hang when writing to a named pipe which nobody was + reading. Thanks to Michael Biebl for reporting this bug. + Bugzilla entry: http://bugzilla.adiscon.com/show_bug.cgi?id=169 +- bugfix: potential segfaults during queue shutdown + (bugs require certain non-standard settings to appear) + Thanks to varmojfekoj for the patch +--------------------------------------------------------------------------- +Version 4.5.7 [v4-beta] (rgerhards), 2009-11-18 +- added a so-called "On Demand Debug" mode, in which debug output can + be generated only after the process has started, but not right from + the beginning. This is assumed to be useful for hard-to-find bugs. + Also improved the doc on the debug system. +- bugfix (kind of): check if TCP connection is still alive if using TLS + Thanks to Jonathan Bond-Caron for the patch. +- bugfix: hostname accidentally set to IP address for some message sources, + for example imudp. Thanks to Anton for reporting this bug. +- bugfix [imported from 4.4.3]: $ActionExecOnlyOnceEveryInterval did + not work. +--------------------------------------------------------------------------- +Version 4.5.6 [v4-beta] (rgerhards), 2009-11-05 +- bugfix: named pipes did no longer work (they always got an open error) + this was a regression from the omfile rewrite in 4.5.0 +- bugfix(minor): diag function returned wrong queue member count + for the main queue if an active DA queue existed. This had no relevance + to real deployments (assuming they are not running the debug/diagnostic + module...), but sometimes caused grief and false alerts in the + testbench. +- included some important fixes from v4-stable: + * bugfix: invalid handling of zero-sized messages + * bugfix: zero-sized UDP messages are no longer processed + * bugfix: random data could be appended to message + * bugfix: reverse lookup reduction logic in imudp do DNS queries too often +- bugfix(testbench): testcase did not properly wait for rsyslog shutdown + thus some unpredictable behavior and a false negative test result + could occur. [BACKPORTED from v5] +- bugfix(testbench): sequence check was not always performed correctly, + that could result in tests reporting success when they actually failed +--------------------------------------------------------------------------- +Version 4.5.5 [v4-beta] (rgerhards), 2009-10-21 +- added $InputTCPServerNotifyOnConnectionClose config directive + see doc for details +- bugfix: debug string larger than 1K were improperly displayed. Max size + is now 32K +- bugfix: invalid storage class selected for some size config parameters. + This resulted in wrong values. The most prominent victim was the + directory creation mode, which was set to zero in some cases. For + details, see related blog post: + http://blog.gerhards.net/2009/10/another-note-on-hard-to-find-bugs.html +--------------------------------------------------------------------------- +Version 4.5.4 [v4-beta] (rgerhards), 2009-09-29 +- bugfix: potential segfault in stream writer on destruction + Most severely affected omfile. The problem was that some buffers were + freed before the asynchronous writer thread was shut down. So the + writer thread accessed invalid data, which may even already be + overwritten. Symptoms (with omfile) were segfaults, garbled data + and files with random names placed around the file system (most + prominently into the root directory). Special thanks to Aaron for + helping to track this down. +- bugfix: potential race in object loader (obj.c) during use/release + of object interface +- bugfixes: potential problems in out file zip writer. Problems could + lead to abort and/or memory leak. The module is now hardened in a very + conservative way, which is sub-optimal from a performance point of view. + This should be improved if it has proven reliable in practice. +--------------------------------------------------------------------------- +Version 4.5.3 [v4-beta] (rgerhards), 2009-09-17 +- bugfix: repeated messages were incorrectly processed + this could lead to loss of the repeated message content. As a side- + effect, it could probably also be possible that some segfault occurs + (quite unlikely). The root cause was that some counters introduced + during the malloc optimizations were not properly duplicated in + MsgDup(). Note that repeated message processing is not enabled + by default. +- bugfix: message sanitation had some issues: + - control character DEL was not properly escaped + - NUL and LF characters were not properly stripped if no control + character replacement was to be done + - NUL characters in the message body were silently dropped (this was + a regression introduced by some of the recent optimizations) +- bugfix: strings improperly reused, resulting in some message properties + be populated with strings from previous messages. This was caused by + an improper predicate check. [backported from v5] +- fixed some minor portability issues +- bugfix: reverse lookup reduction logic in imudp do DNS queries too often + [imported from 4.4.2] +--------------------------------------------------------------------------- +Version 4.5.2 [v4-beta] (rgerhards), 2009-08-21 +- legacy syslog parser changed so that it now accepts date stamps in + wrong case. Some devices seem to create them and I do not see any harm + in supporting that. +- added $InputTCPMaxListeners directive - permits to specify how many + TCP servers shall be possible (default is 20). +- bugfix: memory leak with some input modules. Those inputs that + use parseAndSubmitMsg() leak two small memory blocks with every message. + Typically, those process only relatively few messages, so the issue + does most probably not have any effect in practice. +- bugfix: if tcp listen port could not be created, no error message was + emitted +- bugfix: potential segfault in output file writer (omfile) + In async write mode, we use modular arithmetic to index the output + buffer array. However, the counter variables accidentally were signed, + thus resulting in negative indices after integer overflow. That in turn + could lead to segfaults, but was depending on the memory layout of + the instance in question (which in turn depended on a number of + variables, like compile settings but also configuration). The counters + are now unsigned (as they always should have been) and so the dangling + mis-indexing does no longer happen. This bug potentially affected all + installations, even if only some may actually have seen a segfault. +- bugfix: hostnames with dashes in them were incorrectly treated as + malformed, thus causing them to be treated as TAG (this was a regression + introduced from the "rfc3164 strict" change in 4.5.0). +--------------------------------------------------------------------------- +Version 4.5.1 [DEVEL] (rgerhards), 2009-07-15 +- CONFIG CHANGE: $HUPisRestart default is now "off". We are doing this + to support removal of restart-type HUP in v5. +- bugfix: fromhost-ip was sometimes truncated +- bugfix: potential segfault when zip-compressed syslog records were + received (double free) +- bugfix: properties inputname, fromhost, fromhost-ip, msg were lost when + working with disk queues +- performance enhancement: much faster, up to twice as fast (depending + on configuration) +- bugfix: abort condition when RecvFrom was not set and message reduction + was on. Happened e.g. with imuxsock. +- added $klogConsoleLogLevel directive which permits to set a new + console log level while rsyslog is active +- bugfix: message could be truncated after TAG, often when forwarding + This was a result of an internal processing error if maximum field + sizes had been specified in the property replacer. +- added ability for the TCP output action to "rebind" its send socket after + sending n messages (actually, it re-opens the connection, the name is + used because this is a concept very similar to $ActionUDPRebindInterval). + New config directive $ActionSendTCPRebindInterval added for the purpose. + By default, rebinding is disabled. This is considered useful for load + balancers. +- testbench improvements +--------------------------------------------------------------------------- +Version 4.5.0 [DEVEL] (rgerhards), 2009-07-02 +- activation order of inputs changed, they are now activated only after + privileges are dropped. Thanks to Michael Terry for the patch. +- greatly improved performance +- greatly reduced memory requirements of msg object + to around half of the previous demand. This means that more messages can + be stored in core! Due to fewer cache misses, this also means some + performance improvement. +- improved config error messages: now contain a copy of the config line + that (most likely) caused the error +- reduced max value for $DynaFileCacheSize to 1,000 (the former maximum + of 10,000 really made no sense, even 1,000 is very high, but we like + to keep the user in control ;)). +- added capability to fsync() queue disk files for enhanced reliability + (also add's speed, because you do no longer need to run the whole file + system in sync mode) +- more strict parsing of the hostname in rfc3164 mode, hopefully + removes false positives (but may cause some trouble with hostname + parsing). For details, see this bug tracker: + http://bugzilla.adiscon.com/show_bug.cgi?id=126 +- omfile rewrite to natively support zip files (includes large extension + of the stream class) +- added configuration commands (see doc for explanations) + * $OMFileZipLevel + * $OMFileIOBufferSize + * $OMFileFlushOnTXEnd + * $MainMsgQueueSyncQueueFiles + * $ActionQueueSyncQueueFiles +- done some memory accesses explicitly atomic +- bugfix: subtle (and usually irrelevant) issue in timeout processing + timeout could be one second too early if nanoseconds wrapped +- set a more sensible timeout for shutdown, now 1.5 seconds to complete + processing (this also removes those cases where the shutdown message + was not written because the termination happened before it) +- internal bugfix: object pointer was only reset to NULL when an object + was actually destructed. This most likely had no effect to existing code, + but it may also have caused trouble in remote cases. Similarly, the fix + may also cause trouble... +- bugfix: missing initialization during timestamp creation + This could lead to timestamps written in the wrong format, but not to + an abort +--------------------------------------------------------------------------- +Version 4.4.3 [v4-stable] (rgerhards), 2009-10-?? +- bugfix: several smaller bugs resolved after flexelint review + Thanks to varmojfekoj for the patch. +- bugfix: $ActionExecOnlyOnceEveryInterval did not work. + This was a regression from the time() optimizations done in v4. + Bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=143 + Thanks to Klaus Tachtler for reporting this bug. +- bugfix: potential segfault on queue shutdown + Thanks to varmojfekoj for the patch. +- bugfix: potential hang condition on queue shutdown + [imported from v3-stable] +- bugfix: segfault on startup when -q or -Q option was given + [imported from v3-stable] +--------------------------------------------------------------------------- +Version 4.4.2 [v4-stable] (rgerhards), 2009-10-09 +- bugfix: invalid handling of zero-sized messages, could lead to mis- + addressing and potential memory corruption/segfault +- bugfix: zero-sized UDP messages are no longer processed + until now, they were forwarded to processing, but this makes no sense + Also, it looks like the system seems to provide a zero return code + on a UDP recvfrom() from time to time for some internal reasons. These + "receives" are now silently ignored. +- bugfix: random data could be appended to message, possibly causing + segfaults +- bugfix: reverse lookup reduction logic in imudp do DNS queries too often + A comparison was done between the current and the former source address. + However, this was done on the full sockaddr_storage structure and not + on the host address only. This has now been changed for IPv4 and IPv6. + The end result of this bug could be a higher UDP message loss rate than + necessary (note that UDP message loss can not totally be avoided due + to the UDP spec) +--------------------------------------------------------------------------- +Version 4.4.1 [v4-stable] (rgerhards), 2009-09-02 +- features requiring Java are automatically disabled if Java is not + present (thanks to Michael Biebl for his help!) +- bugfix: invalid double-quoted PRI, among others in outgoing messages + This causes grief with all receivers. + Bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=147 +- bugfix: Java testing tools were required, even if testbench was disabled + This resulted in build errors if no Java was present on the build system, + even though none of the selected option actually required Java. + (I forgot to backport a similar fix to newer releases). +- bugfix (backport): omfwd segfault + Note that the original (higher version) patch states this happens only + when debugging mode is turned on. That statement is wrong: if debug + mode is turned off, the message is not being emitted, but the division + by zero in the actual parameters still happens. +--------------------------------------------------------------------------- +Version 4.4.0 [v4-stable] (rgerhards), 2009-08-21 +- bugfix: stderr/stdout were not closed to be able to emit error messages, + but this caused ssh sessions to hang. Now we close them after the + initial initialization. See forum thread: + http://kb.monitorware.com/controlling-terminal-issues-t9875.html +- bugfix: sending syslog messages with zip compression did not work +--------------------------------------------------------------------------- +Version 4.3.2 [v4-beta] (rgerhards), 2009-06-24 +- removed long-obsoleted property UxTradMsg +- added a generic network stream server (in addition to rather specific + syslog tcp server) +- added ability for the UDP output action to rebind its send socket after + sending n messages. New config directive $ActionSendUDPRebindInterval + added for the purpose. By default, rebinding is disabled. This is + considered useful for load balancers. +- bugfix: imdiag/imtcp had a race condition +- improved testbench (now much better code design and reuse) +- added config switch --enable-testbench=no to turn off testbench +--------------------------------------------------------------------------- +Version 4.3.1 [DEVEL] (rgerhards), 2009-05-25 +- added capability to run multiple tcp listeners (on different ports) +- performance enhancement: imtcp calls parser no longer on input thread + but rather inside on of the potentially many main msg queue worker + threads (an enhancement scheduled for all input plugins where this is + possible) +- added $GenerateConfigGraph configuration command which can be used + to generate nice-looking (and very informative) rsyslog configuration + graphs. +- added $ActionName configuration directive (currently only used for + graph generation, but may find other uses) +- improved doc + * added (hopefully) easier to grasp queue explanation +- improved testbench + * added tests for queue disk-only mode (checks disk queue logic) +- bugfix: light and full delay watermarks had invalid values, badly + affecting performance for delayable inputs +- build system improvements - thanks to Michael Biebl +- added new testing module imdiag, which enables to talk to the + rsyslog core at runtime. The current implementation is only a + beginning, but can be expanded over time +--------------------------------------------------------------------------- +Version 4.3.0 [DEVEL] (rgerhards), 2009-04-17 +- new feature: new output plugin omprog, which permits to start program + and feed it (via its stdin) with syslog messages. If the program + terminates, it is restarted. +- improved internal handling of RainerScript functions, building the + necessary plumbing to support more functions with decent runtime + performance. This is also necessary towards the long-term goal + of loadable library modules. +- added new RainerScript function "tolower" +- improved testbench + * added tests for tcp-based reception + * added tcp-load test (1000 connections, 20,000 messages) +- added $MaxOpenFiles configuration directive +- bugfix: solved potential memory leak in msg processing, could manifest + itself in imtcp +- bugfix: ompgsql did not detect problems in sql command execution + this could cause loss of messages. The handling was correct if the + connection broke, but not if there was a problem with statement + execution. The most probable case for such a case would be invalid + sql inside the template, and this is now much easier to diagnose. +--------------------------------------------------------------------------- +Version 4.2.0 [v4-stable] (rgerhards), 2009-06-23 +- bugfix: light and full delay watermarks had invalid values, badly + affecting performance for delayable inputs +- imported all patches from 3.22.1 as of today (see below) +- bugfix: compile problems in im3195 +--------------------------------------------------------------------------- +Version 4.1.7 [BETA] (rgerhards), 2009-04-22 +- bugfix: $InputTCPMaxSessions config directive was accepted, but not + honored. This resulted in a fixed upper limit of 200 connections. +- bugfix: the default for $DirCreateMode was 0644, and as such wrong. + It has now been changed to 0700. For some background, please see + http://lists.adiscon.net/pipermail/rsyslog/2009-April/001986.html +- bugfix: ompgsql did not detect problems in sql command execution + this could cause loss of messages. The handling was correct if the + connection broke, but not if there was a problem with statement + execution. The most probable case for such a case would be invalid + sql inside the template, and this is now much easier to diagnose. +--------------------------------------------------------------------------- +Version 4.1.6 [DEVEL] (rgerhards), 2009-04-07 +- added new "csv" property replacer options to enable simple creation + of CSV-formatted outputs (format from RFC4180 is used) +- implemented function support in RainerScript. That means the engine + parses and compile functions, as well as executes a few build-in + ones. Dynamic loading and registration of functions is not yet + supported - but we now have a good foundation to do that later on. +- implemented the strlen() RainerScript function +- added a template output module +- added -T rsyslogd command line option, enables to specify a directory + where to chroot() into on startup. This is NOT a security feature but + introduced to support testing. Thus, -T does not make sure chroot() + is used in a secure way. (may be removed later) +- added omstdout module for testing purposes. Spits out all messages to + stdout - no config option, no other features +- added a parser testing suite (still needs to be extended, but a good + start) +- modified $ModLoad statement so that for modules whom's name starts with + a dot, no path is prepended (this enables relative-paths and should + not break any valid current config) +- fixed a bug that caused action retries not to work correctly + situation was only cleared by a restart +- bugfix: closed dynafile was potentially never written until another + dynafile name was generated - potential loss of messages +- improved omfile so that it properly suspends itself if there is an + i/o or file name generation error. This enables it to be used with + the full high availability features of rsyslog's engine +- bugfix: fixed some segfaults on Solaris, where vsprintf() does not + check for NULL pointers +- improved performance of regexp-based filters + Thanks to Arnaud Cornet for providing the idea and initial patch. +- added a new way how output plugins may be passed parameters. This is + more efficient for some outputs. They new can receive fields not only + as a single string but rather in an array where each string is separated. +- added (some) developer documentation for output plugin interface +- bugfix: potential abort with DA queue after high watermark is reached + There exists a race condition that can lead to a segfault. Thanks + go to vbernetr, who performed the analysis and provided patch, which + I only tweaked a very little bit. +- bugfix: imtcp did incorrectly parse hostname/tag + Thanks to Luis Fernando Muñoz Mejías for the patch. +--------------------------------------------------------------------------- +Version 4.1.5 [DEVEL] (rgerhards), 2009-03-11 +- bugfix: parser did not correctly parse fields in UDP-received messages +- added ERE support in filter conditions + new comparison operation "ereregex" +- added new config directive $RepeatedMsgContainsOriginalMsg so that the + "last message repeated n times" messages, if generated, may + have an alternate format that contains the message that is being repeated +--------------------------------------------------------------------------- +Version 4.1.4 [DEVEL] (rgerhards), 2009-01-29 +- bugfix: inconsistent use of mutex/atomic operations could cause segfault + details are too many, for full analysis see blog post at: + http://blog.gerhards.net/2009/01/rsyslog-data-race-analysis.html +- bugfix: uninitialized mutex was used in msg.c:getPRI + This was subtle, because getPRI is called as part of the debugging code + (always executed) in syslogd.c:logmsg. +- bugfix: $PreserveFQDN was not properly handled for locally emitted + messages +--------------------------------------------------------------------------- +Version 4.1.3 [DEVEL] (rgerhards), 2008-12-17 +- added $InputTCPServerAddtlFrameDelimiter config directive, which + enables to specify an additional, non-standard message delimiter + for processing plain tcp syslog. This is primarily a fix for the invalid + framing used in Juniper's NetScreen products. Credit to forum user + Arv for suggesting this solution. +- added $InputTCPServerInputName property, which enables a name to be + specified that will be available during message processing in the + inputname property. This is considered useful for logic that treats + messages differently depending on which input received them. +- added $PreserveFQDN config file directive + Enables to use FQDNs in sender names where the legacy default + would have stripped the domain part. + Thanks to BlinkMind, Inc. http://www.blinkmind.com for sponsoring this + development. +- bugfix: imudp went into an endless loop under some circumstances + (but could also leave it under some other circumstances...) + Thanks to David Lang and speedfox for reporting this issue. +--------------------------------------------------------------------------- +Version 4.1.2 [DEVEL] (rgerhards), 2008-12-04 +- bugfix: code did not compile without zlib +- security bugfix: $AllowedSender was not honored, all senders were + permitted instead (see https://www.rsyslog.com/Article322.phtml) +- security fix: imudp emitted a message when a non-permitted sender + tried to send a message to it. This behavior is operator-configurable. + If enabled, a message was emitted each time. That way an attacker could + effectively fill the disk via this facility. The message is now + emitted only once in a minute (this currently is a hard-coded limit, + if someone comes up with a good reason to make it configurable, we + will probably do that). +- doc bugfix: typo in v3 compatibility document directive syntax + thanks to Andrej for reporting +- imported other changes from 3.21.8 and 3.20.1 (see there) +--------------------------------------------------------------------------- +Version 4.1.1 [DEVEL] (rgerhards), 2008-11-26 +- added $PrivDropToGroup, $PrivDropToUser, $PrivDropToGroupID, + $PrivDropToUserID config directives to enable dropping privileges. + This is an effort to provide a security enhancement. For the limits of this + approach, see http://wiki.rsyslog.com/index.php/Security +- re-enabled imklog to compile on FreeBSD (brought in from beta) +--------------------------------------------------------------------------- +Version 4.1.0 [DEVEL] (rgerhards), 2008-11-18 + +********************************* WARNING ********************************* +This version has a slightly different on-disk format for message entries. +As a consequence, old queue files being read by this version may have +an invalid output timestamp, which could result to some malfunction inside +the output driver. It is recommended to drain queues with the previous +version before switching to this one. +********************************* WARNING ********************************* + +- greatly enhanced performance when compared to v3. +- added configuration directive "HUPisRestart" which enables to configure + HUP to be either a full restart or "just" a lightweight way to + close open files. +- enhanced legacy syslog parser to detect year if part of the timestamp + the format is based on what Cisco devices seem to emit. +- added a setting "$OptimizeForUniprocessor" to enable users to turn off + pthread_yield calls which are counter-productive on multiprocessor + machines (but have been shown to be useful on uniprocessors) +- reordered imudp processing. Message parsing is now done as part of main + message queue worker processing (was part of the input thread) + This should also improve performance, as potentially more work is + done in parallel. +- bugfix: compressed syslog messages could be slightly mis-uncompressed + if the last byte of the compressed record was a NUL +- added $UDPServerTimeRequery option which enables to work with + less accurate timestamps in favor of performance. This enables querying + of the time only every n-th time if imudp is running in the tight + receive loop (aka receiving messages at a high rate) +- doc bugfix: queue doc had wrong parameter name for setting controlling + worker thread shutdown period +- restructured rsyslog.conf documentation +- bugfix: memory leak in ompgsql + Thanks to Ken for providing the patch +--------------------------------------------------------------------------- +Version 3.22.4 [v3-stable] (rgerhards), 2010-??-?? +- bugfix: action resume interval incorrectly handled, thus took longer to + resume +- bugfix: cosmetic: proper constant used instead of number in open call +- bugfix: timestamp was incorrectly calculated for timezones with minute + offset + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=271 +- improved some code based on clang static analyzer results +- bugfix: potential misaddressing in property replacer +- bugfix: improper handling of invalid PRI values + references: CVE-2014-3634 +--------------------------------------------------------------------------- +Version 3.22.3 [v3-stable] (rgerhards), 2010-11-24 +- bugfix(important): problem in TLS handling could cause rsyslog to loop + in a tight loop, effectively disabling functionality and bearing the + risk of unresponsiveness of the whole system. + Bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=194 +--------------------------------------------------------------------------- +Version 3.22.2 [v3-stable] (rgerhards), 2010-08-05 +- bugfix: comment char ('#') in literal terminated script parsing + and thus could not be used. + but tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=119 +- enhance: imrelp now also provides remote peer's IP address + [if librelp != 1.0.0 is used] +- bugfix: sending syslog messages with zip compression did not work +- bugfix: potential hang condition on queue shutdown +- bugfix: segfault on startup when -q or -Q option was given + bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=157 + Thanks to Jonas Nogueira for reporting this bug. +- clarified use of $ActionsSendStreamDriver[AuthMode/PermittedPeers] + in doc set (require TLS drivers) +- bugfix: $CreateDirs variable not properly initialized, default thus + was random (but most often "on") +- bugfix: potential segfault when -p command line option was used + thanks to varmojfekoj for pointing me at this bug +- bugfix: programname filter in ! configuration can not be reset + Thanks to Kiss Gabor for the patch. +--------------------------------------------------------------------------- +Version 3.22.1 [v3-stable] (rgerhards), 2009-07-02 +- bugfix: invalid error message issued if $includeConfig was on an empty + set of files (e.g. *.conf, where none such files existed) + thanks to Michael Biebl for reporting this bug +- bugfix: when run in foreground (but not in debug mode), a + debug message ("DoDie called") was emitted at shutdown. Removed. + thanks to Michael Biebl for reporting this bug +- bugfix: some garbage was emitted to stderr on shutdown. This + garbage consisted of file names, which were written during + startup (key point: not a pointer error) + thanks to Michael Biebl for reporting this bug +- bugfix: startup and shutdown message were emitted to stdout + thanks to Michael Biebl for reporting this bug +- bugfix: error messages were not emitted to stderr in forked mode + (stderr and stdo are now kept open across forks) +- bugfix: internal messages were emitted to whatever file had fd2 when + rsyslogd ran in forked mode (as usual!) + Thanks to varmojfekoj for the patch +- small enhancement: config validation run now exits with code 1 if an + error is detected. This change is considered important but small enough + to apply it directly to the stable version. [But it is a border case, + the change requires more code than I had hoped. Thus I have NOT tried + to actually catch all cases, this is left for the current devel + releases, if necessary] +- bugfix: light and full delay watermarks had invalid values, badly + affecting performance for delayable inputs +- bugfix: potential segfault issue when multiple $UDPServerRun directives + are specified. Thanks to Michael Biebl for helping to debug this one. +- relaxed GnuTLS version requirement to 1.4.0 after confirmation from the + field that this version is sufficient +- bugfix: parser did not properly handle empty structured data +- bugfix: invalid mutex release in msg.c (detected under thread debugger, + seems not to have any impact on actual deployments) +--------------------------------------------------------------------------- +Version 3.22.0 [v3-stable] (rgerhards), 2009-04-21 +This is the first stable release that includes the full functionality +of the 3.21.x version tree. +- bugfix: $InputTCPMaxSessions config directive was accepted, but not + honored. This resulted in a fixed upper limit of 200 connections. +- bugfix: the default for $DirCreateMode was 0644, and as such wrong. + It has now been changed to 0700. For some background, please see + http://lists.adiscon.net/pipermail/rsyslog/2009-April/001986.html +- bugfix: ompgsql did not detect problems in sql command execution + this could cause loss of messages. The handling was correct if the + connection broke, but not if there was a problem with statement + execution. The most probable case for such a case would be invalid + sql inside the template, and this is now much easier to diagnose. +--------------------------------------------------------------------------- +Version 3.21.11 [BETA] (rgerhards), 2009-04-03 +- build system improvements contributed by Michael Biebl - thx! +- all patches from 3.20.5 incorporated (see it's ChangeLog entry) +--------------------------------------------------------------------------- +Version 3.21.10 [BETA] (rgerhards), 2009-02-02 +- bugfix: inconsistent use of mutex/atomic operations could cause segfault + details are too many, for full analysis see blog post at: + http://blog.gerhards.net/2009/01/rsyslog-data-race-analysis.html +- the string "Do Die" was accidentally emited upon exit in non-debug mode + This has now been corrected. Thanks to varmojfekoj for the patch. +- some legacy options were not correctly processed. + Thanks to varmojfekoj for the patch. +- doc bugfix: v3-compatibility document had typo in config directive + thanks to Andrej for reporting this +--------------------------------------------------------------------------- +Version 3.21.9 [BETA] (rgerhards), 2008-12-04 +- re-release of 3.21.8 with an additional fix, that could also lead + to DoS; 3.21.8 has been removed from the official download archives +- security fix: imudp emitted a message when a non-permitted sender + tried to send a message to it. This behavior is operator-configurable. + If enabled, a message was emitted each time. That way an attacker could + effectively fill the disk via this facility. The message is now + emitted only once in a minute (this currently is a hard-coded limit, + if someone comes up with a good reason to make it configurable, we + will probably do that). +--------------------------------------------------------------------------- +Version 3.21.8 [BETA] (rgerhards), 2008-12-04 +- bugfix: imklog did not compile on FreeBSD +- security bugfix: $AllowedSender was not honored, all senders were + permitted instead (see https://www.rsyslog.com/Article322.phtml) +- merged in all other changes from 3.20.1 (see there) +--------------------------------------------------------------------------- +Version 3.21.7 [BETA] (rgerhards), 2008-11-11 +- this is the new beta branch, based on the former 3.21.6 devel +- new functionality: ZERO property replacer nomatch option (from v3-stable) +--------------------------------------------------------------------------- +Version 3.21.6 [DEVEL] (rgerhards), 2008-10-22 +- consolidated time calls during msg object creation, improves performance + and consistency +- bugfix: solved a segfault condition +- bugfix: subsecond time properties generated by imfile, imklog and + internal messages could be slightly inconsistent +- bugfix: (potentially big) memory leak on HUP if queues could not be + drained before timeout - thanks to David Lang for pointing this out +- added capability to support multiple module search paths. Thank + to Marius Tomaschewski for providing the patch. +- bugfix: im3195 did no longer compile +- improved "make distcheck" by ensuring everything relevant is recompiled +--------------------------------------------------------------------------- +Version 3.21.5 [DEVEL] (rgerhards), 2008-09-30 +- performance optimization: unnecessary time() calls during message + parsing removed - thanks to David Lang for his excellent performance + analysis +- added new capability to property replacer: multiple immediately + successive field delimiters are treated as a single one. + Thanks to Zhuang Yuyao for the patch. +- added message property "inputname", which contains the name of the + input (module) that generated it. Presence is depending on support in + each input module (else it is blank). +- added system property "$myhostname", which contains the name of the + local host as it knows itself. +- imported a number of fixes and enhancements from the stable and + devel branches, including a fix to a potential segfault on HUP + when using UDP listeners +- re-enabled gcc builtin atomic operations and added a proper + ./configure check +- bugfix: potential race condition when adding messages to queue + There was a wrong order of mutex lock operations. It is hard to + believe that really caused problems, but in theory it could and with + threading we often see that theory becomes practice if something is only + used long enough on a fast enough machine with enough CPUs ;) +- cleaned up internal debug system code and made it behave better + in regard to multi-threading +--------------------------------------------------------------------------- +Version 3.21.4 [DEVEL] (rgerhards), 2008-09-04 +- removed compile time fixed message size limit (was 2K), limit can now + be set via $MaxMessageSize global config directive (finally gotten rid + of MAXLINE ;)) +- enhanced doc for $ActionExecOnlyEveryNthTimeTimeout +- integrated a number of patches from 3.18.4, namely + - bugfix: order-of magnitude issue with base-10 size definitions + in config file parser. Could lead to invalid sizes, constraints + etc for e.g. queue files and any other object whose size was specified + in base-10 entities. Did not apply to binary entities. Thanks to + RB for finding this bug and providing a patch. + - bugfix: action was not called when system time was set backwards + (until the previous time was reached again). There are still some + side-effects when time is rolled back (A time rollback is really a bad + thing to do, ideally the OS should issue pseudo time (like NetWare did) + when the user tries to roll back time). Thanks to varmojfekoj for this + patch. + - doc bugfix: rsyslog.conf man page improved and minor nit fixed + thanks to Lukas Kuklinek for the patch. +--------------------------------------------------------------------------- +Version 3.21.3 [DEVEL] (rgerhards), 2008-08-13 +- added ability to specify flow control mode for imuxsock +- added ability to execute actions only after the n-th call of the action + This also lead to the addition of two new config directives: + $ActionExecOnlyEveryNthTime and $ActionExecOnlyEveryNthTimeTimeout + This feature is useful, for example, for alerting: it permits you to + send an alert only after at least n occurrences of a specific message + have been seen by rsyslogd. This protects against false positives + due to waiting for additional confirmation. +- bugfix: IPv6 addresses could not be specified in forwarding actions + New syntax @[addr]:port introduced to enable that. Root problem was IPv6 + addresses contain colons. +- somewhat enhanced debugging messages +- imported from 3.18.3: + - enhanced ommysql to support custom port to connect to server + Port can be set via new $ActionOmmysqlServerPort config directive + Note: this was a very minor change and thus deemed appropriate to be + done in the stable release. + - bugfix: misspelled config directive, previously was + $MainMsgQueueWorkeTimeoutrThreadShutdown, is now + $MainMsgQueueWorkerTimeoutThreadShutdown. Note that the misspelled + directive is not preserved - if the misspelled directive was used + (which I consider highly unlikely), the config file must be changed. + Thanks to lperr for reporting the bug. +--------------------------------------------------------------------------- +Version 3.21.2 [DEVEL] (rgerhards), 2008-08-04 +- added $InputUnixListenSocketHostName config directive, which permits to + override the hostname being used on a local unix socket. This is useful + for differentiating "hosts" running in several jails. Feature was + suggested by David Darville, thanks for the suggestion. +- enhanced ommail to support multiple email recipients. This is done by + specifying $ActionMailTo multiple times. Note that this introduces a + small incompatibility to previous config file syntax: the recipient + list is now reset for each action (we honestly believe that will + not cause any problem - apologies if it does). +- enhanced troubleshooting documentation +--------------------------------------------------------------------------- +Version 3.21.1 [DEVEL] (rgerhards), 2008-07-30 +- bugfix: no error was reported if the target of a $IncludeConfig + could not be accessed. +- added testbed for common config errors +- added doc for -u option to rsyslogd man page +- enhanced config file checking - no active actions are detected +- added -N rsyslogd command line option for a config validation run + (which does not execute actual syslogd code and does not interfere + with a running instance) +- somewhat improved emergency configuration. It is now also selected + if the config contains no active actions +- rsyslogd error messages are now reported to stderr by default. can be + turned off by the new "$ErrorMessagesToStderr off" directive + Thanks to HKS for suggesting the new features. +--------------------------------------------------------------------------- +Version 3.21.0 [DEVEL] (rgerhards), 2008-07-18 +- starts a new devel branch +- added a generic test driver for RainerScript plus some test cases + to the testbench +- added a small diagnostic tool to obtain result of gethostname() API +- imported all changes from 3.18.1 until today (some quite important, + see below) +--------------------------------------------------------------------------- +Version 3.20.6 [v3-stable] (rgerhards), 2009-04-16 +- this is the last v3-stable for the 3.20.x series +- bugfix: $InputTCPMaxSessions config directive was accepted, but not + honored. This resulted in a fixed upper limit of 200 connections. +- bugfix: the default for $DirCreateMode was 0644, and as such wrong. + It has now been changed to 0700. For some background, please see + http://lists.adiscon.net/pipermail/rsyslog/2009-April/001986.html +--------------------------------------------------------------------------- +Version 3.20.5 [v3-stable] (rgerhards), 2009-04-02 +- bugfix: potential abort with DA queue after high watermark is reached + There exists a race condition that can lead to a segfault. Thanks + go to vbernetr, who performed the analysis and provided patch, which + I only tweaked a very little bit. +- fixed bugs in RainerScript: + o when converting a number and a string to a common type, both were + actually converted to the other variable's type. + o the value of rsCStrConvertToNumber() was miscalculated. + Thanks to varmojfekoj for the patch +- fixed a bug in configure.ac which resulted in problems with + environment detection - thanks to Michael Biebl for the patch +- fixed a potential segfault problem in gssapi code + thanks to varmojfekoj for the patch +- doc enhance: provide standard template for MySQL module and instructions + on how to modify schema +--------------------------------------------------------------------------- +Version 3.20.4 [v3-stable] (rgerhards), 2009-02-09 +- bugfix: inconsistent use of mutex/atomic operations could cause segfault + details are too many, for full analysis see blog post at: + http://blog.gerhards.net/2009/01/rsyslog-data-race-analysis.html +- bugfix: invalid ./configure settings for RFC3195 + thanks to Michael Biebl for the patch +- bugfix: invalid mutex access in msg.c +- doc bugfix: dist tarball missed 2 files, had one extra file that no + longer belongs into it. Thanks to Michael Biebl for pointing this out. +--------------------------------------------------------------------------- +Version 3.20.3 [v3-stable] (rgerhards), 2009-01-19 +- doc bugfix: v3-compatibility document had typo in config directive + thanks to Andrej for reporting this +- fixed a potential segfault condition with $AllowedSender directive + On HUP, the root pointers were not properly cleaned up. Thanks to + Michael Biebl, olgoat, and Juha Koho for reporting and analyzing + the bug. +--------------------------------------------------------------------------- +Version 3.20.2 [v3-stable] (rgerhards), 2008-12-04 +- re-release of 3.20.1 with an additional fix, that could also lead + to DoS; 3.20.1 has been removed from the official download archives +- security fix: imudp emitted a message when a non-permitted sender + tried to send a message to it. This behavior is operator-configurable. + If enabled, a message was emitted each time. That way an attacker could + effectively fill the disk via this facility. The message is now + emitted only once in a minute (this currently is a hard-coded limit, + if someone comes up with a good reason to make it configurable, we + will probably do that). +--------------------------------------------------------------------------- +Version 3.20.1 [v3-stable] (rgerhards), 2008-12-04 +- security bugfix: $AllowedSender was not honored, all senders were + permitted instead +- enhance: regex nomatch option "ZERO" has been added + This allows one to return the string 0 if a regular expression is + not found. This is probably useful for storing numerical values into + database columns. +- bugfix: memory leak in gtls netstream driver fixed + memory was lost each time a TLS session was torn down. This could + result in a considerable memory leak if it happened quite frequently + (potential system crash condition) +- doc update: documented how to specify multiple property replacer + options + link to new online regex generator tool added +- minor bugfix: very small memory leak in gtls netstream driver + around a handful of bytes (< 20) for each HUP +- improved debug output for regular expressions inside property replacer + RE's seem to be a big trouble spot and I would like to have more + information inside the debug log. So I decided to add some additional + debug strings permanently. +--------------------------------------------------------------------------- +Version 3.20.0 [v3-stable] (rgerhards), 2008-11-05 +- this is the initial release of the 3.19.x branch as a stable release +- bugfix: double-free in pctp netstream driver. Thank to varmojfekoj + for the patch +--------------------------------------------------------------------------- +Version 3.19.12 [BETA] (rgerhards), 2008-10-16 +- bugfix: subseconds where not correctly extracted from a timestamp + if that timestamp did not contain any subsecond information (the + resulting string was garbage but should have been "0", what it + now is). +- increased maximum size of a configuration statement to 4K (was 1K) +- imported all fixes from the stable branch (quite a lot) +- bugfix: (potentially big) memory leak on HUP if queues could not be + drained before timeout - thanks to David Lang for pointing this out +--------------------------------------------------------------------------- +Version 3.19.11 [BETA] (rgerhards), 2008-08-25 +This is a refresh of the beta. No beta-specific fixes have been added. +- included fixes from v3-stable (most importantly 3.18.3) +--------------------------------------------------------------------------- +Version 3.19.10 [BETA] (rgerhards), 2008-07-15 +- start of a new beta branch based on former 3.19 devel branch +- bugfix: bad memory leak in disk-based queue modes +- bugfix: UDP syslog forwarding did not work on all platforms + the ai_socktype was incorrectly set to 1. On some platforms, this + lead to failing name resolution (e.g. FreeBSD 7). Thanks to HKS for + reporting the bug. +- bugfix: priority was incorrectly calculated on FreeBSD 7, + because the LOG_MAKEPRI() C macro has a different meaning there (it + is just a simple addition of facility and severity). I have changed + this to use own, consistent, code for PRI calculation. Thank to HKS + for reporting this bug. +- bugfix (cosmetical): authorization was not checked when gtls handshake + completed immediately. While this sounds scary, the situation can not + happen in practice. We use non-blocking IO only for server-based gtls + session setup. As TLS requires the exchange of multiple frames before + the handshake completes, it simply is impossible to do this in one + step. However, it is useful to have the code path correct even for + this case - otherwise, we may run into problems if the code is changed + some time later (e.g. to use blocking sockets). Thanks to varmojfekoj + for providing the patch. +- important queue bugfix from 3.18.1 imported (see below) +- cleanup of some debug messages +--------------------------------------------------------------------------- +Version 3.19.9 (rgerhards), 2008-07-07 +- added tutorial for creating a TLS-secured syslog infrastructure +- rewritten omusrmsg to no longer fork() a new process for sending messages + this caused some problems with the threading model, e.g. zombies. Also, + it was far less optimal than it is now. +- bugfix: machine certificate was required for client even in TLS anon mode + Reference: http://bugzilla.adiscon.com/show_bug.cgi?id=85 + The fix also slightly improves performance by not storing certificates in + client sessions when there is no need to do so. +- bugfix: RainerScript syntax error was not always detected +--------------------------------------------------------------------------- +Version 3.19.8 (rgerhards), 2008-07-01 +- bugfix: gtls module did not correctly handle EGAIN (and similar) recv() + states. This has been fixed by introducing a new abstraction layer inside + gtls. +- added (internal) error codes to error messages; added redirector to + web description of error codes + closes bug http://bugzilla.adiscon.com/show_bug.cgi?id=20 +- disabled compile warnings caused by third-party libraries +- reduced number of compile warnings in gcc's -pedantic mode +- some minor documentation improvements +- included all fixes from beta 3.17.5 +--------------------------------------------------------------------------- +Version 3.19.7 (rgerhards), 2008-06-11 +- added new property replacer option "date-subseconds" that enables + to query just the subsecond part of a high-precision timestamp +- somewhat improved plain tcp syslog reliability by doing a connection + check before sending. Credits to Martin Schuette for providing the + idea. Details are available at + http://blog.gerhards.net/2008/06/reliable-plain-tcp-syslog-once-again.html +- made rsyslog tickless in the (usual and default) case that repeated + message reduction is turned off. More info: + http://blog.gerhards.net/2008/06/coding-to-save-environment.html +- some build system cleanup, thanks to Michael Biebl +- bugfix: compile under (Free)BSD failed due to some invalid library + definitions - this is fixed now. Thanks to Michael Biebl for the patch. +--------------------------------------------------------------------------- +Version 3.19.6 (rgerhards), 2008-06-06 +- enhanced property replacer to support multiple regex matches +- bugfix: part of permittedPeer structure was not correctly initialized + thanks to varmojfekoj for spotting this +- bugfix: off-by-one bug during certificate check +- bugfix: removed some memory leaks in TLS code +--------------------------------------------------------------------------- +Version 3.19.5 (rgerhards), 2008-05-30 +- enabled Posix ERE expressions inside the property replacer + (previously BRE was permitted only) +- provided ability to specify that a regular expression submatch shall + be used inside the property replacer +- implemented in property replacer: if a regular expression does not match, + it can now either return "**NO MATCH** (default, as before), a blank + property or the full original property text +- enhanced property replacer to support multiple regex matches +--------------------------------------------------------------------------- +Version 3.19.4 (rgerhards), 2008-05-27 +- implemented x509/certvalid gtls auth mode +- implemented x509/name gtls auth mode (including wildcards) +- changed fingerprint gtls auth mode to new format fingerprint +- protected gtls error string function by a mutex. Without it, we + could have a race condition in extreme cases. This was very remote, + but now can no longer happen. +- changed config directive name to reflect different use + $ActionSendStreamDriverCertFingerprint is now + $ActionSendStreamDriverPermittedPeer and can be used both for + fingerprint and name authentication (similar to the input side) +- bugfix: sender information (fromhost et al) was missing in imudp + thanks to sandiso for reporting this bug +- this release fully implements IETF's syslog-transport-tls-12 plus + the latest text changes Joe Salowey provided via email. Not included + is ipAddress subjectAltName authentication, which I think will be + dropped from the draft. I don't think there is any real need for it. +This release also includes all bug fix up to today from the beta +and stable branches. Most importantly, this means the bugfix for +100% CPU utilization by imklog. +--------------------------------------------------------------------------- +Version 3.19.3 (rgerhards), 2008-05-21 +- added ability to authenticate the server against its certificate + fingerprint +- added ability for client to provide its fingerprint +- added ability for server to obtain client cert's fingerprint +- bugfix: small mem leak in omfwd on exit (strmdriver name was not freed) +- bugfix: $ActionSendStreamDriver had no effect +- bugfix: default syslog port was no longer used if none was + configured. Thanks to varmojfekoj for the patch +- bugfix: missing linker options caused build to fail on some + systems. Thanks to Tiziano Mueller for the patch. +--------------------------------------------------------------------------- +Version 3.19.2 (rgerhards), 2008-05-16 +- bugfix: TCP input modules did incorrectly set fromhost property + (always blank) +- bugfix: imklog did not set fromhost property +- added "fromhost-ip" property + Note that adding this property changes the on-disk format for messages. + However, that should not have any bad effect on existing spool files. + But you will run into trouble if you create a spool file with this + version and then try to process it with an older one (after a downgrade). + Don't do that ;) +- added "RSYSLOG_DebugFormat" canned template +- bugfix: hostname and fromhost were swapped when a persisted message + (in queued mode) was read in +- bugfix: lmtcpclt, lmtcpsrv and lmgssutil did all link to the static + runtime library, resulting in a large size increase (and potential + "interesting" effects). Thanks to Michael Biebl for reporting the size + issue. +- bugfix: TLS server went into an endless loop in some situations. + Thanks to Michael Biebl for reporting the problem. +- fixed potential segfault due to invalid call to cfsysline + thanks to varmojfekoj for the patch +--------------------------------------------------------------------------- +Version 3.19.1 (rgerhards), 2008-05-07 +- configure help for --enable-gnutls wrong - said default is "yes" but + default actually is "no" - thanks to darix for pointing this out +- file dirty.h was missing - thanks to darix for pointing this out +- bugfix: man files were not properly distributed - thanks to + darix for reporting and to Michael Biebl for help with the fix +- some minor cleanup +--------------------------------------------------------------------------- +Version 3.19.0 (rgerhards), 2008-05-06 +- begins new devel branch version +- implemented TLS for plain tcp syslog (this is also the world's first + implementation of IETF's upcoming syslog-transport-tls draft) +- partly rewritten and improved omfwd among others, now loads TCP + code only if this is actually necessary +- split of a "runtime library" for rsyslog - this is not yet a clean + model, because some modularization is still outstanding. In theory, + this shall enable other utilities but rsyslogd to use the same + runtime +- implemented im3195, the RFC3195 input as a plugin +- changed directory structure, files are now better organized +- a lot of cleanup in regard to modularization +- -c option no longer must be the first option - thanks to varmojfekoj + for the patch +--------------------------------------------------------------------------- +Version 3.18.7 (rgerhards), 2008-12-?? +- bugfix: the default for $DirCreateMode was 0644, and as such wrong. + It has now been changed to 0700. For some background, please see + http://lists.adiscon.net/pipermail/rsyslog/2009-April/001986.html +- fixed a potential segfault condition with $AllowedSender directive + On HUP, the root pointers were not properly cleaned up. Thanks to + Michael Biebl, olgoat, and Juha Koho for reporting and analyzing + the bug. +- some legacy options were not correctly processed. + Thanks to varmojfekoj for the patch. +- doc bugfix: some spelling errors in man pages corrected. Thanks to + Geoff Simmons for the patch. +--------------------------------------------------------------------------- +Version 3.18.6 (rgerhards), 2008-12-08 +- security bugfix: $AllowedSender was not honored, all senders were + permitted instead (see https://www.rsyslog.com/Article322.phtml) + (backport from v3-stable, v3.20.9) +- minor bugfix: dual close() call on tcp session closure +--------------------------------------------------------------------------- +Version 3.18.5 (rgerhards), 2008-10-09 +- bugfix: imudp input module could cause segfault on HUP + It did not properly de-init a variable acting as a linked list head. + That resulted in trying to access freed memory blocks after the HUP. +- bugfix: rsyslogd could hang on HUP + because getnameinfo() is not cancel-safe, but was not guarded against + being cancelled. pthread_cancel() is routinely being called during + HUP processing. +- bugfix[minor]: if queue size reached light_delay mark, enqueuing + could potentially be blocked for a longer period of time, which + was not the behavior desired. +- doc bugfix: $ActionExecOnlyWhenPreviousIsSuspended was still misspelled + as $...OnlyIfPrev... in some parts of the documentation. Thanks to + Lorenzo M. Catucci for reporting this bug. +- added doc on malformed messages, cause and how to work-around, to the + doc set +- added doc on how to build from source repository +--------------------------------------------------------------------------- +Version 3.18.4 (rgerhards), 2008-09-18 +- bugfix: order-of magnitude issue with base-10 size definitions + in config file parser. Could lead to invalid sizes, constraints + etc for e.g. queue files and any other object whose size was specified + in base-10 entities. Did not apply to binary entities. Thanks to + RB for finding this bug and providing a patch. +- bugfix: action was not called when system time was set backwards + (until the previous time was reached again). There are still some + side-effects when time is rolled back (A time rollback is really a bad + thing to do, ideally the OS should issue pseudo time (like NetWare did) + when the user tries to roll back time). Thanks to varmojfekoj for this + patch. +- doc bugfix: rsyslog.conf man page improved and minor nit fixed + thanks to Lukas Kuklinek for the patch. +- bugfix: error code -2025 was used for two different errors. queue full + is now -2074 and -2025 is unique again. (did cause no real problem + except for troubleshooting) +- bugfix: default discard severity was incorrectly set to 4, which lead + to discard-on-queue-full to be enabled by default. That could cause + message loss where non was expected. The default has now been changed + to the correct value of 8, which disables the functionality. This + problem applied both to the main message queue and the action queues. + Thanks to Raoul Bhatia for pointing out this problem. +- bugfix: option value for legacy -a option could not be specified, + resulting in strange operations. Thanks to Marius Tomaschewski + for the patch. +- bugfix: colon after date should be ignored, but was not. This has + now been corrected. Required change to the internal ParseTIMESTAMP3164() + interface. +--------------------------------------------------------------------------- +Version 3.18.3 (rgerhards), 2008-08-18 +- bugfix: imfile could cause a segfault upon rsyslogd HUP and termination + Thanks to lperr for an excellent bug report that helped detect this + problem. +- enhanced ommysql to support custom port to connect to server + Port can be set via new $ActionOmmysqlServerPort config directive + Note: this was a very minor change and thus deemed appropriate to be + done in the stable release. +- bugfix: misspelled config directive, previously was + $MainMsgQueueWorkeTimeoutrThreadShutdown, is now + $MainMsgQueueWorkerTimeoutThreadShutdown. Note that the misspelled + directive is not preserved - if the misspelled directive was used + (which I consider highly unlikely), the config file must be changed. + Thanks to lperr for reporting the bug. +- disabled flow control for imuxsock, as it could cause system hangs + under some circumstances. The devel (3.21.3 and above) will + re-enable it and provide enhanced configurability to overcome the + problems if they occur. +--------------------------------------------------------------------------- +Version 3.18.2 (rgerhards), 2008-08-08 +- merged in IPv6 forwarding address bugfix from v2-stable +--------------------------------------------------------------------------- +Version 3.18.1 (rgerhards), 2008-07-21 +- bugfix: potential segfault in creating message mutex in non-direct queue + mode. rsyslogd segfaults on freeBSD 7.0 (an potentially other platforms) + if an action queue is running in any other mode than non-direct. The + same problem can potentially be triggered by some main message queue + settings. In any case, it will manifest during rsyslog's startup. It is + unlikely to happen after a successful startup (the only window of + exposure may be a relatively seldom executed action running in queued + mode). This has been corrected. Thank to HKS for point out the problem. +- bugfix: priority was incorrectly calculated on FreeBSD 7, + because the LOG_MAKEPRI() C macro has a different meaning there (it + is just a simple addition of facility and severity). I have changed + this to use own, consistent, code for PRI calculation. [Backport from + 3.19.10] +- bugfix: remove PRI part from kernel message if it is present + Thanks to Michael Biebl for reporting this bug +- bugfix: mark messages were not correctly written to text log files + the markmessageinterval was not correctly propagated to all places + where it was needed. This resulted in rsyslog using the default + (20 minutes) in some code paths, what looked to the user like mark + messages were never written. +- added a new property replacer option "sp-if-no-1st-sp" to cover + a problem with RFC 3164 based interpretation of tag separation. While + it is a generic approach, it fixes a format problem introduced in + 3.18.0, where kernel messages no longer had a space after the tag. + This is done by a modification of the default templates. + Please note that this may affect some messages where there intentionally + is no space between the tag and the first character of the message + content. If so, this needs to be worked around via a specific + template. However, we consider this scenario to be quite remote and, + even if it exists, it is not expected that it will actually cause + problems with log parsers (instead, we assume the new default template + behavior may fix previous problems with log parsers due to the + missing space). +- bugfix: imklog module was not correctly compiled for GNU/kFreeBSD. + Thanks to Petr Salinger for the patch +- doc bugfix: property replacer options secpath-replace and + secpath-drop were not documented +- doc bugfix: fixed some typos in rsyslog.conf man page +- fixed typo in source comment - thanks to Rio Fujita +- some general cleanup (thanks to Michael Biebl) +--------------------------------------------------------------------------- +Version 3.18.0 (rgerhards), 2008-07-11 +- begun a new v3-stable based on former 3.17.4 beta plus patches to + previous v3-stable +- bugfix in RainerScript: syntax error was not always detected +--------------------------------------------------------------------------- +Version 3.17.5 (rgerhards), 2008-06-27 +- added doc: howto set up a reliable connection to remote server via + queued mode (and plain tcp protocol) +- bugfix: comments after actions were not properly treated. For some + actions (e.g. forwarding), this could also lead to invalid configuration +--------------------------------------------------------------------------- +Version 3.17.4 (rgerhards), 2008-06-16 +- changed default for $KlogSymbolLookup to "off". The directive is + also scheduled for removal in a later version. This was necessary + because on kernels >= 2.6, the kernel does the symbol lookup itself. The + imklog lookup logic then breaks the log message and makes it unusable. +--------------------------------------------------------------------------- +Version 3.17.3 (rgerhards), 2008-05-28 +- bugfix: imklog went into an endless loop if a PRI value was inside + a kernel log message (unusual case under Linux, frequent under BSD) +--------------------------------------------------------------------------- +Version 3.17.2 (rgerhards), 2008-05-04 +- this version is the new beta, based on 3.17.1 devel feature set +- merged in imklog bug fix from v3-stable (3.16.1) +--------------------------------------------------------------------------- +Version 3.17.1 (rgerhards), 2008-04-15 +- removed dependency on MAXHOSTNAMELEN as much as it made sense. + GNU/Hurd does not define it (because it has no limit), and we have taken + care for cases where it is undefined now. However, some very few places + remain where IMHO it currently is not worth fixing the code. If it is + not defined, we have used a generous value of 1K, which is above IETF + RFC's on hostname length at all. The memory consumption is no issue, as + there are only a handful of this buffers allocated *per run* -- that's + also the main reason why we consider it not worth to be fixed any further. +- enhanced legacy syslog parser to handle slightly malformed messages + (with a space in front of the timestamp) - at least HP procurve is + known to do that and I won't outrule that others also do it. The + change looks quite unintrusive and so we added it to the parser. +- implemented klogd functionality for BSD +- implemented high precision timestamps for the kernel log. Thanks to + Michael Biebl for pointing out that the kernel log did not have them. +- provided ability to discard non-kernel messages if they are present + in the kernel log (seems to happen on BSD) +- implemented $KLogInternalMsgFacility config directive +- implemented $KLogPermitNonKernelFacility config directive +Plus a number of bugfixes that were applied to v3-stable and beta +branches (not mentioned here in detail). +--------------------------------------------------------------------------- +Version 3.17.0 (rgerhards), 2008-04-08 +- added native ability to send mail messages +- removed no longer needed file relputil.c/.h +- added $ActionExecOnlyOnceEveryInterval config directive +- bugfix: memory leaks in script engine +- bugfix: zero-length strings were not supported in object + deserializer +- properties are now case-insensitive everywhere (script, filters, + templates) +- added the capability to specify a processing (actually dequeue) + timeframe with queues - so things can be configured to be done + at off-peak hours +- We have removed the 32 character size limit (from RFC3164) on the + tag. This had bad effects on existing environments, as sysklogd didn't + obey it either (probably another bug in RFC3164...). We now receive + the full size, but will modify the outputs so that only 32 characters + max are used by default. If you need large tags in the output, you need + to provide custom templates. +- changed command line processing. -v, -M, -c options are now parsed + and processed before all other options. Inter-option dependencies + have been relieved. Among others, permits to specify initial module + load path via -M only (not the environment) which makes it much + easier to work with non-standard module library locations. Thanks + to varmojfekoj for suggesting this change. Matches bugzilla bug 55. +- bugfix: some messages were emited without hostname +Plus a number of bugfixes that were applied to v3-stable and beta +branches (not mentioned here in detail). +--------------------------------------------------------------------------- +Version 3.16.3 (rgerhards), 2008-07-11 +- updated information on rsyslog packages +- bugfix: memory leak in disk-based queue modes +--------------------------------------------------------------------------- +Version 3.16.2 (rgerhards), 2008-06-25 +- fixed potential segfault due to invalid call to cfsysline + thanks to varmojfekoj for the patch +- bugfix: some whitespaces where incorrectly not ignored when parsing + the config file. This is now corrected. Thanks to Michael Biebl for + pointing out the problem. +--------------------------------------------------------------------------- +Version 3.16.1 (rgerhards), 2008-05-02 +- fixed a bug in imklog which lead to startup problems (including + segfault) on some platforms under some circumstances. Thanks to + Vieri for reporting this bug and helping to troubleshoot it. +--------------------------------------------------------------------------- +Version 3.16.0 (rgerhards), 2008-04-24 +- new v3-stable (3.16.x) based on beta 3.15.x (RELP support) +- bugfix: omsnmp had a too-small sized buffer for hostname+port. This + could not lead to a segfault, as snprintf() was used, but could cause + some trouble with extensively long hostnames. +- applied patch from Tiziano Müller to remove some compiler warnings +- added gssapi overview/howto thanks to Peter Vrabec +- changed some files to grant LGPLv3 extended permissions on top of GPLv3 + this also is the first sign of something that will evolve into a + well-defined "rsyslog runtime library" +--------------------------------------------------------------------------- +Version 3.15.1 (rgerhards), 2008-04-11 +- bugfix: some messages were emited without hostname +- disabled atomic operations for the time being because they introduce some + cross-platform trouble - need to see how to fix this in the best + possible way +- bugfix: zero-length strings were not supported in object + deserializer +- added librelp check via PKG_CHECK thanks to Michael Biebl's patch +- file relputil.c deleted, is not actually needed +- added more meaningful error messages to rsyslogd (when some errors + happens during startup) +- bugfix: memory leaks in script engine +- bugfix: $hostname and $fromhost in RainerScript did not work +This release also includes all changes applied to the stable versions +up to today. +--------------------------------------------------------------------------- +Version 3.15.0 (rgerhards), 2008-04-01 +- major new feature: imrelp/omrelp support reliable delivery of syslog + messages via the RELP protocol and librelp (http://www.librelp.com). + Plain tcp syslog, so far the best reliability solution, can lose + messages when something goes wrong or a peer goes down. With RELP, + this can no longer happen. See imrelp.html for more details. +- bugfix: rsyslogd was no longer build by default; man pages are + only installed if corresponding option is selected. Thanks to + Michael Biebl for pointing these problems out. +--------------------------------------------------------------------------- +Version 3.14.2 (rgerhards), 2008-04-09 +- bugfix: segfault with expression-based filters +- bugfix: omsnmp did not deref errmsg object on exit (no bad effects caused) +- some cleanup +- bugfix: imklog did not work well with kernel 2.6+. Thanks to Peter + Vrabec for patching it based on the development in sysklogd - and thanks + to the sysklogd project for upgrading klogd to support the new + functionality +- some cleanup in imklog +- bugfix: potential segfault in imklog when kernel is compiled without + /proc/kallsyms and the file System.map is missing. Thanks to + Andrea Morandi for pointing it out and suggesting a fix. +- bugfixes, credits to varmojfekoj: + * reset errno before printing a warning message + * misspelled directive name in code processing legacy options +- bugfix: some legacy options not correctly interpreted - thanks to + varmojfekoj for the patch +- improved detection of modules being loaded more than once + thanks to varmojfekoj for the patch +--------------------------------------------------------------------------- +Version 3.14.1 (rgerhards), 2008-04-04 +- bugfix: some messages were emited without hostname +- bugfix: rsyslogd was no longer build by default; man pages are + only installed if corresponding option is selected. Thanks to + Michael Biebl for pointing these problems out. +- bugfix: zero-length strings were not supported in object + deserializer +- disabled atomic operations for this stable build as it caused + platform problems +- bugfix: memory leaks in script engine +- bugfix: $hostname and $fromhost in RainerScript did not work +- bugfix: some memory leak when queue is running in disk mode +- man pages improved thanks to varmojfekoj and Peter Vrabec +- We have removed the 32 character size limit (from RFC3164) on the + tag. This had bad effects on existing environments, as sysklogd didn't + obey it either (probably another bug in RFC3164...). We now receive + the full size, but will modify the outputs so that only 32 characters + max are used by default. If you need large tags in the output, you need + to provide custom templates. +- bugfix: some memory leak when queue is running in disk mode +--------------------------------------------------------------------------- +Version 3.14.0 (rgerhards), 2008-04-02 +An interim version was accidentally released to the web. It was named 3.14.0. +To avoid confusion, we have not assigned this version number to any +official release. If you happen to use 3.14.0, please update to 3.14.1. +--------------------------------------------------------------------------- +Version 3.13.0-dev0 (rgerhards), 2008-03-31 +- bugfix: accidentally set debug option in 3.12.5 reset to production + This option prevented dlclose() to be called. It had no real bad effects, + as the modules were otherwise correctly deinitialized and dlopen() + supports multiple opens of the same module without any memory footprint. +- removed --enable-mudflap, added --enable-valgrind ./configure setting +- bugfix: tcp receiver could segfault due to uninitialized variable +- docfix: queue doc had a wrong directive name that prevented max worker + threads to be correctly set +- worked a bit on atomic memory operations to support problem-free + threading (only at non-intrusive places) +- added a --enable/disable-rsyslogd configure option so that + source-based packaging systems can build plugins without the need + to compile rsyslogd +- some cleanup +- test of potential new version number scheme +--------------------------------------------------------------------------- +Version 3.12.5 (rgerhards), 2008-03-28 +- changed default for "last message repeated n times", which is now + off by default +- implemented backward compatibility commandline option parsing +- automatically generated compatibility config lines are now also + logged so that a user can diagnose problems with them +- added compatibility mode for -a, -o and -p options +- compatibility mode processing finished +- changed default file output format to include high-precision timestamps +- added a built-in template for previous syslogd file format +- added new $ActionFileDefaultTemplate directive +- added support for high-precision timestamps when receiving legacy + syslog messages +- added new $ActionForwardDefaultTemplate directive +- added new $ActionGSSForwardDefaultTemplate directive +- added build-in templates for easier configuration +- bugfix: fixed small memory leak in tcpclt.c +- bugfix: fixed small memory leak in template regular expressions +- bugfix: regular expressions inside property replacer did not work + properly +- bugfix: QHOUR and HHOUR properties were wrongly calculated +- bugfix: fixed memory leaks in stream class and imfile +- bugfix: $ModDir did invalid bounds checking, potential overflow in + dbgprintf() - thanks to varmojfekoj for the patch +- bugfix: -t and -g legacy options max number of sessions had a wrong + and much too high value +--------------------------------------------------------------------------- +Version 3.12.4 (rgerhards), 2008-03-25 +- Greatly enhanced rsyslogd's file write performance by disabling + file syncing capability of output modules by default. This + feature is usually not required, not useful and an extreme performance + hit (both to rsyslogd as well as the system at large). Unfortunately, + most users enable it by default, because it was most intuitive to enable + it in plain old sysklogd syslog.conf format. There is now the + $ActionFileEnableSync config setting which must be enabled in order to + support syncing. By default it is off. So even if the old-format config + lines request syncing, it is not done unless explicitly enabled. I am + sure this is a very useful change and not a risk at all. I need to think + if I undo it under compatibility mode, but currently this does not + happen (I fear a lot of lazy users will run rsyslogd in compatibility + mode, again bringing up this performance problem...). +- added flow control options to other input sources +- added $HHOUR and $QHOUR system properties - can be used for half- and + quarter-hour logfile rotation +- changed queue's discard severities default value to 8 (do not discard) + to prevent unintentional message loss +- removed a no-longer needed callback from the output module + interface. Results in reduced code complexity. +- bugfix/doc: removed no longer supported -h option from man page +- bugfix: imklog leaked several hundred KB on each HUP. Thanks to + varmojfekoj for the patch +- bugfix: potential segfault on module unload. Thanks to varmojfekoj for + the patch +- bugfix: fixed some minor memory leaks +- bugfix: fixed some slightly invalid memory accesses +- bugfix: internally generated messages had "FROMHOST" property not set +--------------------------------------------------------------------------- +Version 3.12.3 (rgerhards), 2008-03-18 +- added advanced flow control for congestion cases (mode depending on message + source and its capability to be delayed without bad side effects) +- bugfix: $ModDir should not be reset on $ResetConfig - this can cause a lot + of confusion and there is no real good reason to do so. Also conflicts with + the new -M option and environment setting. +- bugfix: TCP and GSSAPI framing mode variable was uninitialized, leading to + wrong framing (caused, among others, interop problems) +- bugfix: TCP (and GSSAPI) octet-counted frame did not work correctly in all + situations. If the header was split across two packet reads, it was invalidly + processed, causing loss or modification of messages. +- bugfix: memory leak in imfile +- bugfix: duplicate public symbol in omfwd and omgssapi could lead to + segfault. thanks to varmojfekoj for the patch. +- bugfix: rsyslogd aborted on sighup - thanks to varmojfekoj for the patch +- some more internal cleanup ;) +- begun relp modules, but these are not functional yet +- Greatly enhanced rsyslogd's file write performance by disabling + file syncing capability of output modules by default. This + feature is usually not required, not useful and an extreme performance + hit (both to rsyslogd as well as the system at large). Unfortunately, + most users enable it by default, because it was most intuitive to enable + it in plain old sysklogd syslog.conf format. There is now a new config + setting which must be enabled in order to support syncing. By default it + is off. So even if the old-format config lines request syncing, it is + not done unless explicitly enabled. I am sure this is a very useful + change and not a risk at all. I need to think if I undo it under + compatibility mode, but currently this does not happen (I fear a lot of + lazy users will run rsyslogd in compatibility mode, again bringing up + this performance problem...). +--------------------------------------------------------------------------- +Version 3.12.2 (rgerhards), 2008-03-13 +- added RSYSLOGD_MODDIR environment variable +- added -M rsyslogd option (allows one to specify module directory location) +- converted net.c into a loadable library plugin +- bugfix: debug module now survives unload of loadable module when + printing out function call data +- bugfix: not properly initialized data could cause several segfaults if + there were errors in the config file - thanks to varmojfekoj for the patch +- bugfix: rsyslogd segfaulted when imfile read an empty line - thanks + to Johnny Tan for an excellent bug report +- implemented dynamic module unload capability (not visible to end user) +- some more internal cleanup +- bugfix: imgssapi segfaulted under some conditions; this fix is actually + not just a fix but a change in the object model. Thanks to varmojfekoj + for providing the bug report, an initial fix and lots of good discussion + that lead to where we finally ended up. +- improved session recovery when outbound tcp connection breaks, reduces + probability of message loss at the price of a highly unlikely potential + (single) message duplication +--------------------------------------------------------------------------- +Version 3.12.1 (rgerhards), 2008-03-06 +- added library plugins, which can be automatically loaded +- bugfix: actions were not correctly retried; caused message loss +- changed module loader to automatically add ".so" suffix if not + specified (over time, this shall also ease portability of config + files) +- improved debugging support; debug runtime options can now be set via + an environment variable +- bugfix: removed debugging code that I forgot to remove before releasing + 3.12.0 (does not cause harm and happened only during startup) +- added support for the MonitorWare syslog MIB to omsnmp +- internal code improvements (more code converted into classes) +- internal code reworking of the imtcp/imgssapi module +- added capability to ignore client-provided timestamp on unix sockets and + made this mode the default; this was needed, as some programs (e.g. sshd) + log with inconsistent timezone information, what messes up the local + logs (which by default don't even contain time zone information). This + seems to be consistent with what sysklogd did for the past four years. + Alternate behavior may be desirable if gateway-like processes send + messages via the local log slot - in this case, it can be enabled + via the $InputUnixListenSocketIgnoreMsgTimestamp and + $SystemLogSocketIgnoreMsgTimestamp config directives +- added ability to compile on HP UX; verified that imudp worked on HP UX; + however, we are still in need of people trying out rsyslogd on HP UX, + so it can not yet be assumed it runs there +- improved session recovery when outbound tcp connection breaks, reduces + probability of message loss at the price of a highly unlikely potential + (single) message duplication +--------------------------------------------------------------------------- +Version 3.12.0 (rgerhards), 2008-02-28 +- added full expression support for filters; filters can now contain + arbitrary complex boolean, string and arithmetic expressions +--------------------------------------------------------------------------- +Version 3.11.6 (rgerhards), 2008-02-27 +- bugfix: gssapi libraries were still linked to rsyslog core, what should + no longer be necessary. Applied fix by Michael Biebl to solve this. +- enabled imgssapi to be loaded side-by-side with imtcp +- added InputGSSServerPermitPlainTCP config directive +- split imgssapi source code somewhat from imtcp +- bugfix: queue cancel cleanup handler could be called with + invalid pointer if dequeue failed +- bugfix: rsyslogd segfaulted on second SIGHUP + tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=38 +- improved stability of queue engine +- bugfix: queue disk file were not properly persisted when + immediately after closing an output file rsyslog was stopped + or huped (the new output file open must NOT have happened at + that point) - this lead to a sparse and invalid queue file + which could cause several problems to the engine (unpredictable + results). This situation should have happened only in very + rare cases. tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=40 +- bugfix: during queue shutdown, an assert invalidly triggered when + the primary queue's DA worker was terminated while the DA queue's + regular worker was still executing. This could result in a segfault + during shutdown. + tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=41 +- bugfix: queue properties sizeOnDisk, bytesRead were persisted to + disk with wrong data type (long instead of int64) - could cause + problems on 32 bit machines +- bugfix: queue aborted when it was shut down, DA-enabled, DA mode + was just initiated but not fully initialized (a race condition) +- bugfix: imfile could abort under extreme stress conditions + (when it was terminated before it could open all of its + to be monitored files) +- applied patch from varmojfekoj to fix an issue with compatibility + mode and default module directories (many thanks!): + I've also noticed a bug in the compatibility code; the problem is that + options are parsed before configuration file so options which need a + module to be loaded will currently ignore any $moddir directive. This + can be fixed by moving legacyOptsHook() after config file parsing. + (see the attached patch) This goes against the logical order of + processing, but the legacy options are only few and it doesn't seem to + be a problem. +- bugfix: object property deserializer did not handle negative numbers +--------------------------------------------------------------------------- +Version 3.11.5 (rgerhards), 2008-02-25 +- new imgssapi module, changed imtcp module - this enables to load/package + GSSAPI support separately - thanks to varmojfekoj for the patch +- compatibility mode (the -c option series) is now at least partly + completed - thanks to varmojfekoj for the patch +- documentation for imgssapi and imtcp added +- duplicate $ModLoad's for the same module are now detected and + rejected -- thanks to varmojfekoj for the patch +--------------------------------------------------------------------------- +Version 3.11.4 (rgerhards), 2008-02-21 +- bugfix: debug.html was missing from release tarball - thanks to Michael + Biebl for bringing this to my attention +- some internal cleanup on the stringbuf object calling interface +- general code cleanup and further modularization +- $MainMessageQueueDiscardSeverity can now also handle textual severities + (previously only integers) +- bugfix: message object was not properly synchronized when the + main queue had a single thread and non-direct action queues were used +- some documentation improvements +--------------------------------------------------------------------------- +Version 3.11.3 (rgerhards), 2008-02-18 +- fixed a bug in imklog which lead to duplicate message content in + kernel logs +- added support for better plugin handling in libdbi (we contributed + a patch to do that, we just now need to wait for the next libdbi + version) +- bugfix: fixed abort when invalid template was provided to an action + bug http://bugzilla.adiscon.com/show_bug.cgi?id=4 +- re-instantiated SIGUSR1 function; added SIGUSR2 to generate debug + status output +- added some documentation on runtime-debug settings +- slightly improved man pages for novice users +--------------------------------------------------------------------------- +Version 3.11.2 (rgerhards), 2008-02-15 +- added the capability to monitor text files and process their content + as syslog messages (including forwarding) +- added support for libdbi, a database abstraction layer. rsyslog now + also supports the following databases via dbi drivers: + * Firebird/Interbase + * FreeTDS (access to MS SQL Server and Sybase) + * SQLite/SQLite3 + * Ingres (experimental) + * mSQL (experimental) + * Oracle (experimental) + Additional drivers may be provided by the libdbi-drivers project, which + can be used by rsyslog as soon as they become available. +- removed some left-over unnecessary dbgprintf's (cluttered screen, + cosmetic) +- doc bugfix: html documentation for omsnmp was missing +--------------------------------------------------------------------------- +Version 3.11.1 (rgerhards), 2008-02-12 +- SNMP trap sender added thanks to Andre Lorbach (omsnmp) +- added input-plugin interface specification in form of a (copy) template + input module +- applied documentation fix by Michael Biebl -- many thanks! +- bugfix: immark did not have MARK flags set... +- added x-info field to rsyslogd startup/shutdown message. Hopefully + points users to right location for further info (many don't even know + they run rsyslog ;)) +- bugfix: trailing ":" of tag was lost while parsing legacy syslog messages + without timestamp - thanks to Anders Blomdell for providing a patch! +- fixed a bug in stringbuf.c related to STRINGBUF_TRIM_ALLOCSIZE, which + wasn't supposed to be used with rsyslog. Put a warning message up that + tells this feature is not tested and probably not worth the effort. + Thanks to Anders Blomdell fro bringing this to our attention +- somewhat improved performance of string buffers +- fixed bug that caused invalid treatment of tabs (HT) in rsyslog.conf +- bugfix: setting for $EscapeControlCharactersOnReceive was not + properly initialized +- clarified usage of space-cc property replacer option +- improved abort diagnostic handler +- some initial effort for malloc/free runtime debugging support +- bugfix: using dynafile actions caused rsyslogd abort +- fixed minor man errors thanks to Michael Biebl +--------------------------------------------------------------------------- +Version 3.11.0 (rgerhards), 2008-01-31 +- implemented queued actions +- implemented simple rate limiting for actions +- implemented deliberate discarding of lower priority messages over higher + priority ones when a queue runs out of space +- implemented disk quotas for disk queues +- implemented the $ActionResumeRetryCount config directive +- added $ActionQueueFilename config directive +- added $ActionQueueSize config directive +- added $ActionQueueHighWaterMark config directive +- added $ActionQueueLowWaterMark config directive +- added $ActionQueueDiscardMark config directive +- added $ActionQueueDiscardSeverity config directive +- added $ActionQueueCheckpointInterval config directive +- added $ActionQueueType config directive +- added $ActionQueueWorkerThreads config directive +- added $ActionQueueTimeoutshutdown config directive +- added $ActionQueueTimeoutActionCompletion config directive +- added $ActionQueueTimeoutenQueue config directive +- added $ActionQueueTimeoutworkerThreadShutdown config directive +- added $ActionQueueWorkerThreadMinimumMessages config directive +- added $ActionQueueMaxFileSize config directive +- added $ActionQueueSaveonShutdown config directive +- addded $ActionQueueDequeueSlowdown config directive +- addded $MainMsgQueueDequeueSlowdown config directive +- bugfix: added forgotten docs to package +- improved debugging support +- fixed a bug that caused $MainMsgQueueCheckpointInterval to work incorrectly +- when a long-running action needs to be cancelled on shutdown, the message + that was processed by it is now preserved. This finishes support for + guaranteed delivery of messages (if the output supports it, of course) +- fixed bug in output module interface, see + http://sourceforge.net/tracker/index.php?func=detail&aid=1881008&group_id=123448&atid=696552 +- changed the ommysql output plugin so that the (lengthy) connection + initialization now takes place in message processing. This works much + better with the new queued action mode (fast startup) +- fixed a bug that caused a potential hang in file and fwd output module + varmojfekoj provided the patch - many thanks! +- bugfixed stream class offset handling on 32bit platforms +--------------------------------------------------------------------------- +Version 3.10.3 (rgerhards), 2008-01-28 +- fixed a bug with standard template definitions (not a big deal) - thanks + to varmojfekoj for spotting it +- run-time instrumentation added +- implemented disk-assisted queue mode, which enables on-demand disk + spooling if the queue's in-memory queue is exhausted +- implemented a dynamic worker thread pool for processing incoming + messages; workers are started and shut down as need arises +- implemented a run-time instrumentation debug package +- implemented the $MainMsgQueueSaveOnShutdown config directive +- implemented the $MainMsgQueueWorkerThreadMinimumMessages config directive +- implemented the $MainMsgQueueTimeoutWorkerThreadShutdown config directive +--------------------------------------------------------------------------- +Version 3.10.2 (rgerhards), 2008-01-14 +- added the ability to keep stop rsyslogd without the need to drain + the main message queue. In disk queue mode, rsyslog continues to + run from the point where it stopped. In case of a system failure, it + continues to process messages from the last checkpoint. +- fixed a bug that caused a segfault on startup when no $WorkDir directive + was specified in rsyslog.conf +- provided more fine-grain control over shutdown timeouts and added a + way to specify the enqueue timeout when the main message queue is full +- implemented $MainMsgQueueCheckpointInterval config directive +- implemented $MainMsgQueueTimeoutActionCompletion config directive +- implemented $MainMsgQueueTimeoutEnqueue config directive +- implemented $MainMsgQueueTimeoutShutdown config directive +--------------------------------------------------------------------------- +Version 3.10.1 (rgerhards), 2008-01-10 +- implemented the "disk" queue mode. However, it currently is of very + limited use, because it does not support persistence over rsyslogd + runs. So when rsyslogd is stopped, the queue is drained just as with + the in-memory queue modes. Persistent queues will be a feature of + the next release. +- performance-optimized string class, should bring an overall improvement +- fixed a memory leak in imudp -- thanks to varmojfekoj for the patch +- fixed a race condition that could lead to a rsyslogd hang when during + HUP or termination +- done some doc updates +- added $WorkDirectory config directive +- added $MainMsgQueueFileName config directive +- added $MainMsgQueueMaxFileSize config directive +--------------------------------------------------------------------------- +Version 3.10.0 (rgerhards), 2008-01-07 +- implemented input module interface and initial input modules +- enhanced threading for input modules (each on its own thread now) +- ability to bind UDP listeners to specific local interfaces/ports and + ability to run multiple of them concurrently +- added ability to specify listen IP address for UDP syslog server +- license changed to GPLv3 +- mark messages are now provided by loadble module immark +- rklogd is no longer provided. Its functionality has now been taken over + by imklog, a loadable input module. This offers a much better integration + into rsyslogd and makes sure that the kernel logger process is brought + up and down at the appropriate times +- enhanced $IncludeConfig directive to support wildcard characters + (thanks to Michael Biebl) +- all inputs are now implemented as loadable plugins +- enhanced threading model: each input module now runs on its own thread +- enhanced message queue which now supports different queueing methods + (among others, this can be used for performance fine-tuning) +- added a large number of new configuration directives for the new + input modules +- enhanced multi-threading utilizing a worker thread pool for the + main message queue +- compilation without pthreads is no longer supported +- much cleaner code due to new objects and removal of single-threading + mode +--------------------------------------------------------------------------- +Version 2.0.8 V2-STABLE (rgerhards), 2008-??-?? +- bugfix: ompgsql did not detect problems in sql command execution + this could cause loss of messages. The handling was correct if the + connection broke, but not if there was a problem with statement + execution. The most probable case for such a case would be invalid + sql inside the template, and this is now much easier to diagnose. +- doc bugfix: default for $DirCreateMode incorrectly stated +--------------------------------------------------------------------------- +Version 2.0.7 V2-STABLE (rgerhards), 2008-04-14 +- bugfix: the default for $DirCreateMode was 0644, and as such wrong. + It has now been changed to 0700. For some background, please see + http://lists.adiscon.net/pipermail/rsyslog/2009-April/001986.html +- bugfix: "$CreateDirs off" also disabled file creation + Thanks to William Tisater for analyzing this bug and providing a patch. + The actual code change is heavily based on William's patch. +- bugfix: memory leak in ompgsql + Thanks to Ken for providing the patch +- bugfix: potential memory leak in msg.c + This one did not surface yet and the issue was actually found due to + a problem in v4 - but better fix it here, too +--------------------------------------------------------------------------- +Version 2.0.6 V2-STABLE (rgerhards), 2008-08-07 +- bugfix: memory leaks in rsyslogd, primarily in singlethread mode + Thanks to Frederico Nunez for providing the fix +- bugfix: copy&paste error lead to dangling if - this caused a very minor + issue with re-formatting a RFC3164 date when the message was invalidly + formatted and had a colon immediately after the date. This was in the + code for some years (even v1 had it) and I think it never had any + effect at all in practice. Though, it should be fixed - but definitely + nothing to worry about. +--------------------------------------------------------------------------- +Version 2.0.6 V2-STABLE (rgerhards), 2008-08-07 +- bugfix: IPv6 addresses could not be specified in forwarding actions + New syntax @[addr]:port introduced to enable that. Root problem was IPv6 + addresses contain colons. (backport from 3.21.3) +--------------------------------------------------------------------------- +Version 2.0.5 STABLE (rgerhards), 2008-05-15 +- bugfix: regular expressions inside property replacer did not work + properly +- adapted to liblogging 0.7.1+ +--------------------------------------------------------------------------- +Version 2.0.4 STABLE (rgerhards), 2008-03-27 +- bugfix: internally generated messages had "FROMHOST" property not set +- bugfix: continue parsing if tag is oversize (discard oversize part) - thanks + to mclaughlin77@gmail.com for the patch +- added $HHOUR and $QHOUR system properties - can be used for half- and + quarter-hour logfile rotation +--------------------------------------------------------------------------- +Version 2.0.3 STABLE (rgerhards), 2008-03-12 +- bugfix: setting for $EscapeControlCharactersOnReceive was not + properly initialized +- bugfix: resolved potential segfault condition on HUP (extremely + unlikely to happen in practice), for details see tracker: + http://bugzilla.adiscon.com/show_bug.cgi?id=38 +- improved the man pages a bit - thanks to Michael Biebl for the patch +- bugfix: not properly initialized data could cause several segfaults if + there were errors in the config file - thanks to varmojfekoj for the patch +--------------------------------------------------------------------------- +Version 2.0.2 STABLE (rgerhards), 2008-02-12 +- fixed a bug that could cause invalid string handling via strerror_r + varmojfekoj provided the patch - many thanks! +- added x-info field to rsyslogd startup/shutdown message. Hopefully + points users to right location for further info (many don't even know + they run rsyslog ;)) +- bugfix: suspended actions were not always properly resumed + varmojfekoj provided the patch - many thanks! +- bugfix: errno could be changed during mark processing, leading to + invalid error messages when processing inputs. Thank to varmojfekoj for + pointing out this problem. +- bugfix: trailing ":" of tag was lost while parsing legacy syslog messages + without timestamp - thanks to Anders Blomdell for providing a patch! +- bugfix (doc): misspelled config directive, invalid signal info +- applied some doc fixes from Michel Biebl and cleaned up some no longer + needed files suggested by him +- cleaned up stringbuf.c to fix an annoyance reported by Anders Blomdell +- fixed bug that caused invalid treatment of tabs (HT) in rsyslog.conf +--------------------------------------------------------------------------- +Version 2.0.1 STABLE (rgerhards), 2008-01-24 +- fixed a bug in integer conversion - but this function was never called, + so it is not really a useful bug fix ;) +- fixed a bug with standard template definitions (not a big deal) - thanks + to varmojfekoj for spotting it +- fixed a bug that caused a potential hang in file and fwd output module + varmojfekoj provided the patch - many thanks! +--------------------------------------------------------------------------- +Version 2.0.0 STABLE (rgerhards), 2008-01-02 +- re-release of 1.21.2 as STABLE with no modifications except some + doc updates +--------------------------------------------------------------------------- +Version 1.21.2 (rgerhards), 2007-12-28 +- created a gss-api output module. This keeps GSS-API code and + TCP/UDP code separated. It is also important for forward- + compatibility with v3. Please note that this change breaks compatibility + with config files created for 1.21.0 and 1.21.1 - this was considered + acceptable. +- fixed an error in forwarding retry code (could lead to message corruption + but surfaced very seldom) +- increased portability for older platforms (AI_NUMERICSERV moved) +- removed socket leak in omfwd.c +- cross-platform patch for GSS-API compile problem on some platforms + thanks to darix for the patch! +--------------------------------------------------------------------------- +Version 1.21.1 (rgerhards), 2007-12-23 +- small doc fix for $IncludeConfig +- fixed a bug in llDestroy() +- bugfix: fixing memory leak when message queue is full and during + parsing. Thanks to varmojfekoj for the patch. +- bugfix: when compiled without network support, unix sockets were + not properly closed +- bugfix: memory leak in cfsysline.c/doGetWord() fixed +--------------------------------------------------------------------------- +Version 1.21.0 (rgerhards), 2007-12-19 +- GSS-API support for syslog/TCP connections was added. Thanks to + varmojfekoj for providing the patch with this functionality +- code cleanup +- enhanced $IncludeConfig directive to support wildcard filenames +- changed some multithreading synchronization +--------------------------------------------------------------------------- +Version 1.20.1 (rgerhards), 2007-12-12 +- corrected a debug setting that survived release. Caused TCP connections + to be retried unnecessarily often. +- When a hostname ACL was provided and DNS resolution for that name failed, + ACL processing was stopped at that point. Thanks to mildew for the patch. + Fedora Bugzilla: http://bugzilla.redhat.com/show_bug.cgi?id=395911 +- fixed a potential race condition, see link for details: + http://rgerhards.blogspot.com/2007/12/rsyslog-race-condition.html + Note that the probability of problems from this bug was very remote +- fixed a memory leak that happened when PostgreSQL date formats were + used +--------------------------------------------------------------------------- +Version 1.20.0 (rgerhards), 2007-12-07 +- an output module for postgres databases has been added. Thanks to + sur5r for contributing this code +- unloading dynamic modules has been cleaned up, we now have a + real implementation and not just a dummy "good enough for the time + being". +- enhanced platform independence - thanks to Bartosz Kuzma and Michael + Biebl for their very useful contributions +- some general code cleanup (including warnings on 64 platforms, only) +--------------------------------------------------------------------------- +Version 1.19.12 (rgerhards), 2007-12-03 +- cleaned up the build system (thanks to Michael Biebl for the patch) +- fixed a bug where ommysql was still not compiled with -pthread option +--------------------------------------------------------------------------- +Version 1.19.11 (rgerhards), 2007-11-29 +- applied -pthread option to build when building for multi-threading mode + hopefully solves an issue with segfaulting +--------------------------------------------------------------------------- +Version 1.19.10 (rgerhards), 2007-10-19 +- introduced the new ":modulename:" syntax for calling module actions + in selector lines; modified ommysql to support it. This is primarily + an aid for further modules and a prerequisite to actually allow third + party modules to be created. +- minor fix in slackware startup script, "-r 0" is now "-r0" +- updated rsyslogd doc set man page; now in html format +- undid creation of a separate thread for the main loop -- this did not + turn out to be needed or useful, so reduce complexity once again. +- added doc fixes provided by Michael Biebl - thanks +--------------------------------------------------------------------------- +Version 1.19.9 (rgerhards), 2007-10-12 +- now packaging system which again contains all components in a single + tarball +- modularized main() a bit more, resulting in less complex code +- experimentally added an additional thread - will see if that affects + the segfault bug we experience on some platforms. Note that this change + is scheduled to be removed again later. +--------------------------------------------------------------------------- +Version 1.19.8 (rgerhards), 2007-09-27 +- improved repeated message processing +- applied patch provided by varmojfekoj to support building ommysql + in its own way (now also resides in a plugin subdirectory); + ommysql is now a separate package +- fixed a bug in cvthname() that lead to message loss if part + of the source hostname would have been dropped +- created some support for distributing ommysql together with the + main rsyslog package. I need to re-think it in the future, but + for the time being the current mode is best. I now simply include + one additional tarball for ommysql inside the main distribution. + I look forward to user feedback on how this should be done best. In the + long term, a separate project should be spawend for ommysql, but I'd + like to do that only after the plugin interface is fully stable (what + it is not yet). +--------------------------------------------------------------------------- +Version 1.19.7 (rgerhards), 2007-09-25 +- added code to handle situations where senders send us messages ending with + a NUL character. It is now simply removed. This also caused trailing LF + reduction to fail, when it was followed by such a NUL. This is now also + handled. +- replaced some non-thread-safe function calls by their thread-safe + counterparts +- fixed a minor memory leak that occurred when the %APPNAME% property was + used (I think nobody used that in practice) +- fixed a bug that caused signal handlers in cvthname() not to be restored when + a malicious pointer record was detected and processing of the message been + stopped for that reason (this should be really rare and can not be related + to the segfault bug we are hunting). +- fixed a bug in cvthname that lead to passing a wrong parameter - in + practice, this had no impact. +- general code cleanup (e.g. compiler warnings, comments) +--------------------------------------------------------------------------- +Version 1.19.6 (rgerhards), 2007-09-11 +- applied patch by varmojfekoj to change signal handling to the new + sigaction API set (replacing the depreciated signal() calls and its + friends. +- fixed a bug that in --enable-debug mode caused an assertion when the + discard action was used +- cleaned up compiler warnings +- applied patch by varmojfekoj to FIX a bug that could cause + segfaults if empty properties were processed using modifying + options (e.g. space-cc, drop-cc) +- fixed man bug: rsyslogd supports -l option +--------------------------------------------------------------------------- +Version 1.19.5 (rgerhards), 2007-09-07 +- changed part of the CStr interface so that better error tracking + is provided and the calling sequence is more intuitive (there were + invalid calls based on a too-weird interface) +- (hopefully) fixed some remaining bugs rooted in wrong use of + the CStr class. These could lead to program abort. +- applied patch by varmojfekoj two fix two potential segfault situations +- added $ModDir config directive +- modified $ModLoad so that an absolute path may be specified as + module name (e.g. /rsyslog/ommysql.so) +--------------------------------------------------------------------------- +Version 1.19.4 (rgerhards/varmojfekoj), 2007-09-04 +- fixed a number of small memory leaks - thanks varmojfekoj for patching +- fixed an issue with CString class that could lead to rsyslog abort + in tplToString() - thanks varmojfekoj for patching +- added a man-version of the config file documentation - thanks to Michel + Samia for providing the man file +- fixed bug: a template like this causes an infinite loop: + $template opts,"%programname:::a,b%" + thanks varmojfekoj for the patch +- fixed bug: case changing options crash freeing the string pointer + because they modify it: $template opts2,"%programname::1:lowercase%" + thanks varmojfekoj for the patch +--------------------------------------------------------------------------- +Version 1.19.3 (mmeckelein/varmojfekoj), 2007-08-31 +- small mem leak fixed (after calling parseSelectorAct) - Thx varmojfekoj +- documentation section "Regular File" und "Blocks" updated +- solved an issue with dynamic file generation - Once again many thanks + to varmojfekoj +- the negative selector for program name filter (Blocks) does not work as + expected - Thanks varmojfekoj for patching +- added forwarding information to sysklogd (requires special template) + to config doc +--------------------------------------------------------------------------- +Version 1.19.2 (mmeckelein/varmojfekoj), 2007-08-28 +- a specifically formed message caused a segfault - Many thanks varmojfekoj + for providing a patch +- a typo and a weird condition are fixed in msg.c - Thanks again + varmojfekoj +- on file creation the file was always owned by root:root. This is fixed + now - Thanks ypsa for solving this issue +--------------------------------------------------------------------------- +Version 1.19.1 (mmeckelein), 2007-08-22 +- a bug that caused a high load when a TCP/UDP connection was closed is + fixed now - Thanks mildew for solving this issue +- fixed a bug which caused a segfault on reinit - Thx varmojfekoj for the + patch +- changed the hardcoded module path "/lib/rsyslog" to $(pkglibdir) in order + to avoid trouble e.g. on 64 bit platforms (/lib64) - many thanks Peter + Vrabec and darix, both provided a patch for solving this issue +- enhanced the unloading of modules - thanks again varmojfekoj +- applied a patch from varmojfekoj which fixes various little things in + MySQL output module +--------------------------------------------------------------------------- +Version 1.19.0 (varmojfekoj/rgerhards), 2007-08-16 +- integrated patch from varmojfekoj to make the mysql module a loadable one + many thanks for the patch, MUCH appreciated +--------------------------------------------------------------------------- +Version 1.18.2 (rgerhards), 2007-08-13 +- fixed a bug in outchannel code that caused templates to be incorrectly + parsed +- fixed a bug in ommysql that caused a wrong ";template" missing message +- added some code for unloading modules; not yet fully complete (and we do + not yet have loadable modules, so this is no problem) +- removed debian subdirectory by request of a debian packager (this is a special + subdir for debian and there is also no point in maintaining it when there + is a debian package available - so I gladly did this) in some cases +- improved overall doc quality (some pages were quite old) and linked to + more of the online resources. +- improved /contrib/delete_mysql script by adding a host option and some + other minor modifications +--------------------------------------------------------------------------- +Version 1.18.1 (rgerhards), 2007-08-08 +- applied a patch from varmojfekoj which solved a potential segfault + of rsyslogd on HUP +- applied patch from Michel Samia to fix compilation when the pthreads + feature is disabled +- some code cleanup (moved action object to its own file set) +- add config directive $MainMsgQueueSize, which now allows one to configure the + queue size dynamically +- all compile-time settings are now shown in rsyslogd -v, not just the + active ones +- enhanced performance a little bit more +- added config file directive $ActionResumeInterval +- fixed a bug that prevented compilation under debian sid +- added a contrib directory for user-contributed useful things +--------------------------------------------------------------------------- +Version 1.18.0 (rgerhards), 2007-08-03 +- rsyslog now supports fallback actions when an action did not work. This + is a great feature e.g. for backup database servers or backup syslog + servers +- modified rklogd to only change the console log level if -c is specified +- added feature to use multiple actions inside a single selector +- implemented $ActionExecOnlyWhenPreviousIsSuspended config directive +- error messages during startup are now spit out to the configured log + destinations +--------------------------------------------------------------------------- +Version 1.17.6 (rgerhards), 2007-08-01 +- continued to work on output module modularization - basic stage of + this work is now FINISHED +- fixed bug in OMSRcreate() - always returned SR_RET_OK +- fixed a bug that caused ommysql to always complain about missing + templates +- fixed a mem leak in OMSRdestruct - freeing the object itself was + forgotten - thanks to varmojfekoj for the patch +- fixed a memory leak in syslogd/init() that happened when the config + file could not be read - thanks to varmojfekoj for the patch +- fixed insufficient memory allocation in addAction() and its helpers. + The initial fix and idea was developed by mildew, I fine-tuned + it a bit. Thanks a lot for the fix, I'd probably had pulled out my + hair to find the bug... +- added output of config file line number when a parsing error occurred +- fixed bug in objomsr.c that caused program to abort in debug mode with + an invalid assertion (in some cases) +- fixed a typo that caused the default template for MySQL to be wrong. + thanks to mildew for catching this. +- added configuration file command $DebugPrintModuleList and + $DebugPrintCfSysLineHandlerList +- fixed an invalid value for the MARK timer - unfortunately, there was + a testing aid left in place. This resulted in quite frequent MARK messages +- added $IncludeConfig config directive +- applied a patch from mildew to prevent rsyslogd from freezing under heavy + load. This could happen when the queue was full. Now, we drop messages + but rsyslogd remains active. +--------------------------------------------------------------------------- +Version 1.17.5 (rgerhards), 2007-07-30 +- continued to work on output module modularization +- fixed a missing file bug - thanks to Andrea Montanari for reporting + this problem +- fixed a problem with shutting down the worker thread and freeing the + selector_t list - this caused messages to be lost, because the + message queue was not properly drained before the selectors got + destroyed. +--------------------------------------------------------------------------- +Version 1.17.4 (rgerhards), 2007-07-27 +- continued to work on output module modularization +- fixed a situation where rsyslogd could create zombie processes + thanks to mildew for the patch +- applied patch from Michel Samia to fix compilation when NOT + compiled for pthreads +--------------------------------------------------------------------------- +Version 1.17.3 (rgerhards), 2007-07-25 +- continued working on output module modularization +- fixed a bug that caused rsyslogd to segfault on exit (and + probably also on HUP), when there was an unsent message in a selector + that required forwarding and the dns lookup failed for that selector + (yes, it was pretty unlikely to happen;)) + thanks to varmojfekoj <varmojfekoj@gmail.com> for the patch +- fixed a memory leak in config file parsing and die() + thanks to varmojfekoj <varmojfekoj@gmail.com> for the patch +- rsyslogd now checks on startup if it is capable to perform any work + at all. If it cant, it complains and terminates + thanks to Michel Samia for providing the patch! +- fixed a small memory leak when HUPing syslogd. The allowed sender + list now gets freed. thanks to mildew for the patch. +- changed the way error messages in early startup are logged. They + now do no longer use the syslogd code directly but are rather + send to stderr. +--------------------------------------------------------------------------- +Version 1.17.2 (rgerhards), 2007-07-23 +- made the port part of the -r option optional. Needed for backward + compatibility with sysklogd +- replaced system() calls with something more reasonable. Please note that + this might break compatibility with some existing configuration files. + We accept this in favor of the gained security. +- removed a memory leak that could occur if timegenerated was used in + RFC 3164 format in templates +- did some preparation in msg.c for advanced multithreading - placed the + hooks, but not yet any active code +- worked further on modularization +- added $ModLoad MySQL (dummy) config directive +- added DropTrailingLFOnReception config directive +--------------------------------------------------------------------------- +Version 1.17.1 (rgerhards), 2007-07-20 +- fixed a bug that caused make install to install rsyslogd and rklogd under + the wrong names +- fixed bug that caused $AllowedSenders to handle IPv6 scopes incorrectly; + also fixed but that could garble $AllowedSender wildcards. Thanks to + mildew@gmail.com for the patch +- minor code cleanup - thanks to Peter Vrabec for the patch +- fixed minimal memory leak on HUP (caused by templates) + thanks to varmojfekoj <varmojfekoj@gmail.com> for the patch +- fixed another memory leak on HUPing and on exiting rsyslogd + again thanks to varmojfekoj <varmojfekoj@gmail.com> for the patch +- code cleanup (removed compiler warnings) +- fixed portability bug in configure.ac - thanks to Bartosz Kuźma for patch +- moved msg object into its own file set +- added the capability to continue trying to write log files when the + file system is full. Functionality based on patch by Martin Schulze + to sysklogd package. +--------------------------------------------------------------------------- +Version 1.17.0 (RGer), 2007-07-17 +- added $RepeatedLineReduction config parameter +- added $EscapeControlCharactersOnReceive config parameter +- added $ControlCharacterEscapePrefix config parameter +- added $DirCreateMode config parameter +- added $CreateDirs config parameter +- added $DebugPrintTemplateList config parameter +- added $ResetConfigVariables config parameter +- added $FileOwner config parameter +- added $FileGroup config parameter +- added $DirOwner config parameter +- added $DirGroup config parameter +- added $FailOnChownFailure config parameter +- added regular expression support to the filter engine + thanks to Michel Samia for providing the patch! +- enhanced $AllowedSender functionality. Credits to mildew@gmail.com for + the patch doing that + - added IPv6 support + - allowed DNS hostnames + - allowed DNS wildcard names +- added new option $DropMsgsWithMaliciousDnsPTRRecords +- added autoconf so that rfc3195d, rsyslogd and klogd are stored to /sbin +- added capability to auto-create directories with dynaFiles +--------------------------------------------------------------------------- +Version 1.16.0 (RGer/Peter Vrabec), 2007-07-13 - The Friday, 13th Release ;) +- build system switched to autotools +- removed SYSV preprocessor macro use, replaced with autotools equivalents +- fixed a bug that caused rsyslogd to segfault when TCP listening was + disabled and it terminated +- added new properties "syslogfacility-text" and "syslogseverity-text" + thanks to varmojfekoj <varmojfekoj@gmail.com> for the patch +- added the -x option to disable hostname dns resolution + thanks to varmojfekoj <varmojfekoj@gmail.com> for the patch +- begun to better modularize syslogd.c - this is an ongoing project; moved + type definitions to a separate file +- removed some now-unused fields from struct filed +- move file size limit fields in struct field to the "right spot" (the file + writing part of the union - f_un.f_file) +- subdirectories linux and solaris are no longer part of the distribution + package. This is not because we cease support for them, but there are no + longer any files in them after the move to autotools +--------------------------------------------------------------------------- +Version 1.15.1 (RGer), 2007-07-10 +- fixed a bug that caused a dynaFile selector to stall when there was + an open error with one file +- improved template processing for dynaFiles; templates are now only + looked up during initialization - speeds up processing +- optimized memory layout in struct filed when compiled with MySQL + support +- fixed a bug that caused compilation without SYSLOG_INET to fail +- re-enabled the "last message repeated n times" feature. This + feature was not taken care of while rsyslogd evolved from sysklogd + and it was more or less defunct. Now it is fully functional again. +- added system properties: $NOW, $YEAR, $MONTH, $DAY, $HOUR, $MINUTE +- fixed a bug in iovAsString() that caused a memory leak under stress + conditions (most probably memory shortage). This was unlikely to + ever happen, but it doesn't hurt doing it right +- cosmetic: defined type "uchar", change all unsigned chars to uchar +--------------------------------------------------------------------------- +Version 1.15.0 (RGer), 2007-07-05 +- added ability to dynamically generate file names based on templates + and thus properties. This was a much-requested feature. It makes + life easy when it e.g. comes to splitting files based on the sender + address. +- added $umask and $FileCreateMode config file directives +- applied a patch from Bartosz Kuzma to compile cleanly under NetBSD +- checks for extra (unexpected) characters in system config file lines + have been added +- added IPv6 documentation - was accidentally missing from CVS +- begun to change char to unsigned char +--------------------------------------------------------------------------- +Version 1.14.2 (RGer), 2007-07-03 +** this release fixes all known nits with IPv6 ** +- restored capability to do /etc/service lookup for "syslog" + service when -r 0 was given +- documented IPv6 handling of syslog messages +- integrate patch from Bartosz Kuźma to make rsyslog compile under + Solaris again (the patch replaced a strndup() call, which is not + available under Solaris +- improved debug logging when waiting on select +- updated rsyslogd man page with new options (-46A) +--------------------------------------------------------------------------- +Version 1.14.1 (RGer/Peter Vrabec), 2007-06-29 +- added Peter Vrabec's patch for IPv6 TCP +- prefixed all messages send to stderr in rsyslogd with "rsyslogd: " +--------------------------------------------------------------------------- +Version 1.14.0 (RGer/Peter Vrabec), 2007-06-28 +- Peter Vrabec provided IPv6 for rsyslog, so we are now IPv6 enabled + IPv6 Support is currently for UDP only, TCP is to come soon. + AllowedSender configuration does not yet work for IPv6. +- fixed code in iovCreate() that broke C's strict aliasing rules +- fixed some char/unsigned char differences that forced the compiler + to spit out warning messages +- updated the Red Hat init script to fix a known issue (thanks to + Peter Vrabec) +--------------------------------------------------------------------------- +Version 1.13.5 (RGer), 2007-06-22 +- made the TCP session limit configurable via command line switch + now -t <port>,<max sessions> +- added man page for rklogd(8) (basically a copy from klogd, but now + there is one...) +- fixed a bug that caused internal messages (e.g. rsyslogd startup) to + appear without a tag. +- removed a minor memory leak that occurred when TAG processing requalified + a HOSTNAME to be a TAG (and a TAG already was set). +- removed potential small memory leaks in MsgSet***() functions. There + would be a leak if a property was re-set, something that happened + extremely seldom. +--------------------------------------------------------------------------- +Version 1.13.4 (RGer), 2007-06-18 +- added a new property "PRI-text", which holds the PRI field in + textual form (e.g. "syslog.info") +- added alias "syslogseverity" for "syslogpriority", which is a + misleading property name that needs to stay for historical + reasons (and backward-compatibility) +- added doc on how to record PRI value in log file +- enhanced signal handling in klogd, including removal of an unsafe + call to the logging system during signal handling +--------------------------------------------------------------------------- +Version 1.13.3 (RGer), 2007-06-15 +- create a version of syslog.c from scratch. This is now + - highly optimized for rsyslog + - removes an incompatible license problem as the original + version had a BSD license with advertising clause + - fixed in the regard that rklogd will continue to work when + rsyslogd has been restarted (the original version, as well + as sysklogd, will remain silent then) + - solved an issue with an extra NUL char at message end that the + original version had +- applied some changes to klogd to care for the new interface +- fixed a bug in syslogd.c which prevented compiling under debian +--------------------------------------------------------------------------- +Version 1.13.2 (RGer), 2007-06-13 +- lib order in makefile patched to facilitate static linking - thanks + to Bennett Todd for providing the patch +- Integrated a patch from Peter Vrabec (pvrabec@redhat.com): + - added klogd under the name of rklogd (remove dependency on + original sysklogd package + - createDB.sql now in UTF + - added additional config files for use on Red Hat +--------------------------------------------------------------------------- +Version 1.13.1 (RGer), 2007-02-05 +- changed the listen backlog limit to a more reasonable value based on + the maximum number of TCP connections configured (10% + 5) - thanks to Guy + Standen for the hint (actually, the limit was 5 and that was a + left-over from early testing). +- fixed a bug in makefile which caused DB-support to be disabled when + NETZIP support was enabled +- added the -e option to allow transmission of every message to remote + hosts (effectively turns off duplicate message suppression) +- (somewhat) improved memory consumption when compiled with MySQL support +- looks like we fixed an incompatibility with MySQL 5.x and above software + At least in one case, the remote server name was destroyed, leading to + a connection failure. The new, improved code does not have this issue and + so we see this as solved (the new code is generally somewhat better, so + there is a good chance we fixed this incompatibility). +--------------------------------------------------------------------------- +Version 1.13.0 (RGer), 2006-12-19 +- added '$' as ToPos property replacer specifier - means "up to the + end of the string" +- property replacer option "escape-cc", "drop-cc" and "space-cc" added +- changed the handling of \0 characters inside syslog messages. We now + consistently escape them to "#000". This is somewhat recommended in + the draft-ietf-syslog-protocol-19 draft. While the real recommendation + is to not escape any characters at all, we can not do this without + considerable modification of the code. So we escape it to "#000", which + is consistent with a sample found in the Internet-draft. +- removed message glue logic (see printchopped() comment for details) + Also caused removal of parts table and thus some improvements in + memory usage. +- changed the default MAXLINE to 2048 to take care of recent syslog + standardization efforts (can easily be changed in syslogd.c) +- added support for byte-counted TCP syslog messages (much like + syslog-transport-tls-05 Internet Draft). This was necessary to + support compression over TCP. +- added support for receiving compressed syslog messages +- added support for sending compressed syslog messages +- fixed a bug where the last message in a syslog/tcp stream was + lost if it was not properly terminated by a LF character +--------------------------------------------------------------------------- +Version 1.12.3 (RGer), 2006-10-04 +- implemented some changes to support Solaris (but support is not + yet complete) +- commented out (via #if 0) some methods that are currently not being use + but should be kept for further us +- added (interim) -u 1 option to turn off hostname and tag parsing +- done some modifications to better support Fedora +- made the field delimiter inside property replace configurable via + template +- fixed a bug in property replacer: if fields were used, the delimitor + became part of the field. Up until now, this was barely noticeable as + the delimiter as TAB only and thus invisible to a human. With other + delimiters available now, it quickly showed up. This bug fix might cause + some grief to existing installations if they used the extra TAB for + whatever reasons - sorry folks... Anyhow, a solution is easy: just add + a TAB character constant into your template. Thus, there has no attempt + been made to do this in a backwards-compatible way. +--------------------------------------------------------------------------- +Version 1.12.2 (RGer), 2006-02-15 +- fixed a bug in the RFC 3339 date formatter. An extra space was added + after the actual timestamp +- added support for providing high-precision RFC3339 timestamps for + (rsyslogd-)internally-generated messages +- very (!) experimental support for syslog-protocol internet draft + added (the draft is experimental, the code is solid ;)) +- added support for field-extracting in the property replacer +- enhanced the legacy-syslog parser so that it can interpret messages + that do not contain a TIMESTAMP +- fixed a bug that caused the default socket (usually /dev/log) to be + opened even when -o command line option was given +- fixed a bug in the Debian sample startup script - it caused rsyslogd + to listen to remote requests, which it shouldn't by default +--------------------------------------------------------------------------- +Version 1.12.1 (RGer), 2005-11-23 +- made multithreading work with BSD. Some signal-handling needed to be + restructured. Also, there might be a slight delay of up to 10 seconds + when huping and terminating rsyslogd under BSD +- fixed a bug where a NULL-pointer was passed to printf() in logmsg(). +- fixed a bug during "make install" where rc3195d was not installed + Thanks to Bennett Todd for spotting this. +- fixed a bug where rsyslogd dumped core when no TAG was found in the + received message +- enhanced message parser so that it can deal with missing hostnames + in many cases (may not be totally fail-safe) +- fixed a bug where internally-generated messages did not have the correct + TAG +--------------------------------------------------------------------------- +Version 1.12.0 (RGer), 2005-10-26 +- moved to a multi-threaded design. single-threading is still optionally + available. Multi-threading is experimental! +- fixed a potential race condition. In the original code, marking was done + by an alarm handler, which could lead to all sorts of bad things. This + has been changed now. See comments in syslogd.c/domark() for details. +- improved debug output for property-based filters +- not a code change, but: I have checked all exit()s to make sure that + none occurs once rsyslogd has started up. Even in unusual conditions + (like low-memory conditions) rsyslogd somehow remains active. Of course, + it might loose a message or two, but at least it does not abort and it + can also recover when the condition no longer persists. +- fixed a bug that could cause loss of the last message received + immediately before rsyslogd was terminated. +- added comments on thread-safety of global variables in syslogd.c +- fixed a small bug: spurios printf() when TCP syslog was used +- fixed a bug that causes rsyslogd to dump core on termination when one + of the selector lines did not receive a message during the run (very + unlikely) +- fixed an one-too-low memory allocation in the TCP sender. Could result + in rsyslogd dumping core. +- fixed a bug with regular expression support (thanks to Andres Riancho) +- a little bit of code restructuring (especially main(), which was + horribly large) +--------------------------------------------------------------------------- +Version 1.11.1 (RGer), 2005-10-19 +- support for BSD-style program name and host blocks +- added a new property "programname" that can be used in templates +- added ability to specify listen port for rfc3195d +- fixed a bug that rendered the "startswith" comparison operation + unusable. +- changed more functions to "static" storage class to help compiler + optimize (should have been static in the first place...) +- fixed a potential memory leak in the string buffer class destructor. + As the destructor was previously never called, the leak did not actually + appear. +- some internal restructuring in anticipation/preparation of minimal + multi-threading support +- rsyslogd still shares some code with the sysklogd project. Some patches + for this shared code have been brought over from the sysklogd CVS. +--------------------------------------------------------------------------- +Version 1.11.0 (RGer), 2005-10-12 +- support for receiving messages via RFC 3195; added rfc3195d for that + purpose +- added an additional guard to prevent rsyslogd from aborting when the + 2gb file size limit is hit. While a user can configure rsyslogd to + handle such situations, it would abort if that was not done AND large + file support was not enabled (ok, this is hopefully an unlikely scenario) +- fixed a bug that caused additional Unix domain sockets to be incorrectly + processed - could lead to message loss in extreme cases +--------------------------------------------------------------------------- +Version 1.10.2 (RGer), 2005-09-27 +- added comparison operations in property-based filters: + * isequal + * startswith +- added ability to negate all property-based filter comparison operations + by adding a !-sign right in front of the operation name +- added the ability to specify remote senders for UDP and TCP + received messages. Allows to block all but well-known hosts +- changed the $-config line directives to be case-INsensitive +- new command line option -w added: "do not display warnings if messages + from disallowed senders are received" +- fixed a bug that caused rsyslogd to dump core when the compare value + was not quoted in property-based filters +- fixed a bug in the new CStr compare function which lead to invalid + results (fortunately, this function was not yet used widely) +- added better support for "debugging" rsyslog.conf property filters + (only if -d switch is given) +- changed some function definitions to static, which eventually enables + some compiler optimizations +- fixed a bug in MySQL code; when a SQL error occurred, rsyslogd could + run in a tight loop. This was due to invalid sequence of error reporting + and is now fixed. +--------------------------------------------------------------------------- +Version 1.10.1 (RGer), 2005-09-23 +- added the ability to execute a shell script as an action. + Thanks to Bjoern Kalkbrenner for providing the code! +- fixed a bug in the MySQL code; due to the bug the automatic one-time + retry after an error did not happen - this lead to error message in + cases where none should be seen (e.g. after a MySQL restart) +- fixed a security issue with SQL-escaping in conjunction with + non-(SQL-)standard MySQL features. +--------------------------------------------------------------------------- +Version 1.10.0 (RGer), 2005-09-20 + REMINDER: 1.10 is the first unstable version if the 1.x series! +- added the capability to filter on any property in selector lines + (not just facility and priority) +- changed stringbuf into a new counted string class +- added support for a "discard" action. If a selector line with + discard (~ character) is found, no selector lines *after* that + line will be processed. +- thanks to Andres Riancho, regular expression support has been + added to the template engine +- added the FROMHOST property in the template processor, which could + previously not be obtained. Thanks to Cristian Testa for pointing + this out and even providing a fix. +- added display of compile-time options to -v output +- performance improvement for production build - made some checks + to happen only during debug mode +- fixed a problem with compiling on SUSE and - while doing so - removed + the socket call to set SO_BSDCOMPAT in cases where it is obsolete. +--------------------------------------------------------------------------- +Version 1.0.4 (RGer), 2006-02-01 +- a small but important fix: the tcp receiver had two forgotten printf's + in it that caused a lot of unnecessary output to stdout. This was + important enough to justify a new release +--------------------------------------------------------------------------- +Version 1.0.3 (RGer), 2005-11-14 +- added an additional guard to prevent rsyslogd from aborting when the + 2gb file size limit is hit. While a user can configure rsyslogd to + handle such situations, it would abort if that was not done AND large + file support was not enabled (ok, this is hopefully an unlikely scenario) +- fixed a bug that caused additional Unix domain sockets to be incorrectly + processed - could lead to message loss in extreme cases +- applied some patches available from the sysklogd project to code + shared from there +- fixed a bug that causes rsyslogd to dump core on termination when one + of the selector lines did not receive a message during the run (very + unlikely) +- fixed an one-too-low memory allocation in the TCP sender. Could result + in rsyslogd dumping core. +- fixed a bug in the TCP sender that caused the retry logic to fail + after an error or receiver overrun +- fixed a bug in init() that could lead to dumping core +- fixed a bug that could lead to dumping core when no HOSTNAME or no TAG + was present in the syslog message +--------------------------------------------------------------------------- +Version 1.0.2 (RGer), 2005-10-05 +- fixed an issue with MySQL error reporting. When an error occurred, + the MySQL driver went into an endless loop (at least in most cases). +--------------------------------------------------------------------------- +Version 1.0.1 (RGer), 2005-09-23 +- fixed a security issue with SQL-escaping in conjunction with + non-(SQL-)standard MySQL features. +--------------------------------------------------------------------------- +Version 1.0.0 (RGer), 2005-09-12 +- changed install doc to cover daily cron scripts - a trouble source +- added rc script for slackware (provided by Chris Elvidge - thanks!) +- fixed a really minor bug in usage() - the -r option was still + reported as without the port parameter +--------------------------------------------------------------------------- +Version 0.9.8 (RGer), 2005-09-05 +- made startup and shutdown message more consistent and included the + pid, so that they can be easier correlated. Used syslog-protocol + structured data format for this purpose. +- improved config info in startup message, now tells not only + if it is listening remote on udp, but also for tcp. Also includes + the port numbers. The previous startup message was misleading, because + it did not say "remote reception" if rsyslogd was only listening via + tcp (but not via udp). +- added a "how can you help" document to the doc set +--------------------------------------------------------------------------- +Version 0.9.7 (RGer), 2005-08-15 +- some of the previous doc files (like INSTALL) did not properly + reflect the changes to the build process and the new doc. Fixed + that. +- changed syslogd.c so that when compiled without database support, + an error message is displayed when a database action is detected + in the config file (previously this was used as an user rule ;)) +- fixed a bug in the os-specific Makefiles which caused MySQL + support to not be compiled, even if selected +--------------------------------------------------------------------------- +Version 0.9.6 (RGer), 2005-08-09 +- greatly enhanced documentation. Now available in html format in + the "doc" folder and FreeBSD. Finally includes an install howto. +- improved MySQL error messages a little - they now show up as log + messages, too (formerly only in debug mode) +- added the ability to specify the listen port for udp syslog. + WARNING: This introduces an incompatibility. Formerly, udp + syslog was enabled by the -r command line option. Now, it is + "-r [port]", which is consistent with the tcp listener. However, + just -r will now return an error message. +- added sample startup scripts for Debian and FreeBSD +- added support for easy feature selection in the makefile. Un- + fortunately, this also means I needed to spilt the make file + for different OS and distros. There are some really bad syntax + differences between FreeBSD and Linux make. +--------------------------------------------------------------------------- +Version 0.9.5 (RGer), 2005-08-01 +- the "semicolon bug" was actually not (fully) solved in 0.9.4. One + part of the bug was solved, but another still existed. This one + is fixed now, too. +- the "semicolon bug" actually turned out to be a more generic bug. + It appeared whenever an invalid template name was given. With some + selector actions, rsyslogd dumped core, with other it "just" had + a small resource leak with others all worked well. These anomalies + are now fixed. Note that they only appeared during system initialization + once the system was running, nothing bad happened. +- improved error reporting for template errors on startup. They are now + shown on the console and the start-up tty. Formerly, they were only + visible in debug mode. +- support for multiple instances of rsyslogd on a single machine added +- added new option "-o" --> omit local unix domain socket. This option + enables rsyslogd NOT to listen to the local socket. This is most + helpful when multiple instances of rsyslogd (or rsyslogd and another + syslogd) shall run on a single system. +- added new option "-i <pidfile>" which allows one to specify the pidfile. + This is needed when multiple instances of rsyslogd are to be run. +- the new project home page is now online at www.rsyslog.com +--------------------------------------------------------------------------- +Version 0.9.4 (RGer), 2005-07-25 +- finally added the TCP sender. It now supports non-blocking mode, no + longer disabling message reception during connect. As it is now, it + is usable in production. The code could be more sophisticated, but + I've kept it short in anticipation of the move to liblogging, which + will lead to the removal of the code just written ;) +- the "exiting on signal..." message still had the "syslogd" name in + it. Changed this to "rsyslogd", as we do not have a large user base + yet, this should pose no problem. +- fixed "the semicolon" bug. rsyslogd dumped core if a write-db action + was specified but no semicolon was given after the password (an empty + template was ok, but the semicolon needed to be present). +- changed a default for traditional output format. During testing, it + was seen that the timestamp written to file in default format was + the time of message reception, not the time specified in the TIMESTAMP + field of the message itself. Traditionally, the message TIMESTAMP is + used and this has been changed now. +--------------------------------------------------------------------------- +Version 0.9.3 (RGer), 2005-07-19 +- fixed a bug in the message parser. In June, the RFC 3164 timestamp + was not correctly parsed (yes, only in June and some other months, + see the code comment to learn why...) +- added the ability to specify the destination port when forwarding + syslog messages (both for TCP and UDP) +- added an very experimental TCP sender (activated by + @@machine:port in config). This is not yet for production use. If + the receiver is not alive, rsyslogd will wait quite some time until + the connection request times out, which most probably leads to + loss of incoming messages. + +--------------------------------------------------------------------------- +Version 0.9.2 (RGer), around 2005-07-06 +- I intended to change the maxsupported message size to 32k to + support IHE - but given the memory inefficiency in the usual use + cases, I have not done this. I have, however, included very + specific instructions on how to do this in the source code. I have + also done some testing with 32k messages, so you can change the + max size without taking too much risk. +- added a syslog/tcp receiver; we now can receive messages via + plain tcp, but we can still send only via UDP. The syslog/tcp + receiver is the primary enhancement of this release. +- slightly changed some error messages that contained a spurios \n at + the end of the line (which gives empty lines in your log...) + +--------------------------------------------------------------------------- +Version 0.9.1 (RGer) +- fixed code so that it compiles without errors under FreeBSD +- removed now unused function "allocate_log()" from syslogd.c +- changed the make file so that it contains more defines for + different environments (in the long term, we need a better + system for disabling/enabling features...) +- changed some printf's printing off_t types to %lld and + explicit (long long) casts. I tried to figure out the exact type, + but did not succeed in this. In the worst case, ultra-large peta- + byte files will now display funny informational messages on rollover, + something I think we can live with for the neersion 3.11.2 (rgerhards), 2008-02-?? +--------------------------------------------------------------------------- +Version 3.11.1 (rgerhards), 2008-02-12 +- SNMP trap sender added thanks to Andre Lorbach (omsnmp) +- added input-plugin interface specification in form of a (copy) template + input module +- applied documentation fix by Michael Biebl -- many thanks! +- bugfix: immark did not have MARK flags set... +- added x-info field to rsyslogd startup/shutdown message. Hopefully + points users to right location for further info (many don't even know + they run rsyslog ;)) +- bugfix: trailing ":" of tag was lost while parsing legacy syslog messages + without timestamp - thanks to Anders Blomdell for providing a patch! +- fixed a bug in stringbuf.c related to STRINGBUF_TRIM_ALLOCSIZE, which + wasn't supposed to be used with rsyslog. Put a warning message up that + tells this feature is not tested and probably not worth the effort. + Thanks to Anders Blomdell fro bringing this to our attention +- somewhat improved performance of string buffers +- fixed bug that caused invalid treatment of tabs (HT) in rsyslog.conf +- bugfix: setting for $EscapeControlCharactersOnReceive was not + properly initialized +- clarified usage of space-cc property replacer option +- improved abort diagnostic handler +- some initial effort for malloc/free runtime debugging support +- bugfix: using dynafile actions caused rsyslogd abort +- fixed minor man errors thanks to Michael Biebl +--------------------------------------------------------------------------- +Version 3.11.0 (rgerhards), 2008-01-31 +- implemented queued actions +- implemented simple rate limiting for actions +- implemented deliberate discarding of lower priority messages over higher + priority ones when a queue runs out of space +- implemented disk quotas for disk queues +- implemented the $ActionResumeRetryCount config directive +- added $ActionQueueFilename config directive +- added $ActionQueueSize config directive +- added $ActionQueueHighWaterMark config directive +- added $ActionQueueLowWaterMark config directive +- added $ActionQueueDiscardMark config directive +- added $ActionQueueDiscardSeverity config directive +- added $ActionQueueCheckpointInterval config directive +- added $ActionQueueType config directive +- added $ActionQueueWorkerThreads config directive +- added $ActionQueueTimeoutshutdown config directive +- added $ActionQueueTimeoutActionCompletion config directive +- added $ActionQueueTimeoutenQueue config directive +- added $ActionQueueTimeoutworkerThreadShutdown config directive +- added $ActionQueueWorkerThreadMinimumMessages config directive +- added $ActionQueueMaxFileSize config directive +- added $ActionQueueSaveonShutdown config directive +- addded $ActionQueueDequeueSlowdown config directive +- addded $MainMsgQueueDequeueSlowdown config directive +- bugfix: added forgotten docs to package +- improved debugging support +- fixed a bug that caused $MainMsgQueueCheckpointInterval to work incorrectly +- when a long-running action needs to be cancelled on shutdown, the message + that was processed by it is now preserved. This finishes support for + guaranteed delivery of messages (if the output supports it, of course) +- fixed bug in output module interface, see + http://sourceforge.net/tracker/index.php?func=detail&aid=1881008&group_id=123448&atid=696552 +- changed the ommysql output plugin so that the (lengthy) connection + initialization now takes place in message processing. This works much + better with the new queued action mode (fast startup) +- fixed a bug that caused a potential hang in file and fwd output module + varmojfekoj provided the patch - many thanks! +- bugfixed stream class offset handling on 32bit platforms +--------------------------------------------------------------------------- +Version 3.10.3 (rgerhards), 2008-01-28 +- fixed a bug with standard template definitions (not a big deal) - thanks + to varmojfekoj for spotting it +- run-time instrumentation added +- implemented disk-assisted queue mode, which enables on-demand disk + spooling if the queue's in-memory queue is exhausted +- implemented a dynamic worker thread pool for processing incoming + messages; workers are started and shut down as need arises +- implemented a run-time instrumentation debug package +- implemented the $MainMsgQueueSaveOnShutdown config directive +- implemented the $MainMsgQueueWorkerThreadMinimumMessages config directive +- implemented the $MainMsgQueueTimeoutWorkerThreadShutdown config directive +--------------------------------------------------------------------------- +Version 3.10.2 (rgerhards), 2008-01-14 +- added the ability to keep stop rsyslogd without the need to drain + the main message queue. In disk queue mode, rsyslog continues to + run from the point where it stopped. In case of a system failure, it + continues to process messages from the last checkpoint. +- fixed a bug that caused a segfault on startup when no $WorkDir directive + was specified in rsyslog.conf +- provided more fine-grain control over shutdown timeouts and added a + way to specify the enqueue timeout when the main message queue is full +- implemented $MainMsgQueueCheckpointInterval config directive +- implemented $MainMsgQueueTimeoutActionCompletion config directive +- implemented $MainMsgQueueTimeoutEnqueue config directive +- implemented $MainMsgQueueTimeoutShutdown config directive +--------------------------------------------------------------------------- +Version 3.10.1 (rgerhards), 2008-01-10 +- implemented the "disk" queue mode. However, it currently is of very + limited use, because it does not support persistence over rsyslogd + runs. So when rsyslogd is stopped, the queue is drained just as with + the in-memory queue modes. Persistent queues will be a feature of + the next release. +- performance-optimized string class, should bring an overall improvement +- fixed a memory leak in imudp -- thanks to varmojfekoj for the patch +- fixed a race condition that could lead to a rsyslogd hang when during + HUP or termination +- done some doc updates +- added $WorkDirectory config directive +- added $MainMsgQueueFileName config directive +- added $MainMsgQueueMaxFileSize config directive +--------------------------------------------------------------------------- +Version 3.10.0 (rgerhards), 2008-01-07 +- implemented input module interface and initial input modules +- enhanced threading for input modules (each on its own thread now) +- ability to bind UDP listeners to specific local interfaces/ports and + ability to run multiple of them concurrently +- added ability to specify listen IP address for UDP syslog server +- license changed to GPLv3 +- mark messages are now provided by loadble module immark +- rklogd is no longer provided. Its functionality has now been taken over + by imklog, a loadable input module. This offers a much better integration + into rsyslogd and makes sure that the kernel logger process is brought + up and down at the appropriate times +- enhanced $IncludeConfig directive to support wildcard characters + (thanks to Michael Biebl) +- all inputs are now implemented as loadable plugins +- enhanced threading model: each input module now runs on its own thread +- enhanced message queue which now supports different queueing methods + (among others, this can be used for performance fine-tuning) +- added a large number of new configuration directives for the new + input modules +- enhanced multi-threading utilizing a worker thread pool for the + main message queue +- compilation without pthreads is no longer supported +- much cleaner code due to new objects and removal of single-threading + mode +--------------------------------------------------------------------------- +Version 2.0.1 STABLE (rgerhards), 2008-01-24 +- fixed a bug in integer conversion - but this function was never called, + so it is not really a useful bug fix ;) +- fixed a bug with standard template definitions (not a big deal) - thanks + to varmojfekoj for spotting it +- fixed a bug that caused a potential hang in file and fwd output module + varmojfekoj provided the patch - many thanks! +--------------------------------------------------------------------------- +Version 2.0.0 STABLE (rgerhards), 2008-01-02 +- re-release of 1.21.2 as STABLE with no modifications except some + doc updates +--------------------------------------------------------------------------- +Version 1.21.2 (rgerhards), 2007-12-28 +- created a gss-api output module. This keeps GSS-API code and + TCP/UDP code separated. It is also important for forward- + compatibility with v3. Please note that this change breaks compatibility + with config files created for 1.21.0 and 1.21.1 - this was considered + acceptable. +- fixed an error in forwarding retry code (could lead to message corruption + but surfaced very seldom) +- increased portability for older platforms (AI_NUMERICSERV moved) +- removed socket leak in omfwd.c +- cross-platform patch for GSS-API compile problem on some platforms + thanks to darix for the patch! +--------------------------------------------------------------------------- +Version 1.21.1 (rgerhards), 2007-12-23 +- small doc fix for $IncludeConfig +- fixed a bug in llDestroy() +- bugfix: fixing memory leak when message queue is full and during + parsing. Thanks to varmojfekoj for the patch. +- bugfix: when compiled without network support, unix sockets were + not properly closed +- bugfix: memory leak in cfsysline.c/doGetWord() fixed +--------------------------------------------------------------------------- +Version 1.21.0 (rgerhards), 2007-12-19 +- GSS-API support for syslog/TCP connections was added. Thanks to + varmojfekoj for providing the patch with this functionality +- code cleanup +- enhanced $IncludeConfig directive to support wildcard filenames +- changed some multithreading synchronization +--------------------------------------------------------------------------- +Version 1.20.1 (rgerhards), 2007-12-12 +- corrected a debug setting that survived release. Caused TCP connections + to be retried unnecessarily often. +- When a hostname ACL was provided and DNS resolution for that name failed, + ACL processing was stopped at that point. Thanks to mildew for the patch. + Fedora Bugzilla: http://bugzilla.redhat.com/show_bug.cgi?id=395911 +- fixed a potential race condition, see link for details: + http://rgerhards.blogspot.com/2007/12/rsyslog-race-condition.html + Note that the probability of problems from this bug was very remote +- fixed a memory leak that happened when PostgreSQL date formats were + used +--------------------------------------------------------------------------- +Version 1.20.0 (rgerhards), 2007-12-07 +- an output module for postgres databases has been added. Thanks to + sur5r for contributing this code +- unloading dynamic modules has been cleaned up, we now have a + real implementation and not just a dummy "good enough for the time + being". +- enhanced platform independence - thanks to Bartosz Kuzma and Michael + Biebl for their very useful contributions +- some general code cleanup (including warnings on 64 platforms, only) +--------------------------------------------------------------------------- +Version 1.19.12 (rgerhards), 2007-12-03 +- cleaned up the build system (thanks to Michael Biebl for the patch) +- fixed a bug where ommysql was still not compiled with -pthread option +--------------------------------------------------------------------------- +Version 1.19.11 (rgerhards), 2007-11-29 +- applied -pthread option to build when building for multi-threading mode + hopefully solves an issue with segfaulting +--------------------------------------------------------------------------- +Version 1.19.10 (rgerhards), 2007-10-19 +- introduced the new ":modulename:" syntax for calling module actions + in selector lines; modified ommysql to support it. This is primarily + an aid for further modules and a prerequisite to actually allow third + party modules to be created. +- minor fix in slackware startup script, "-r 0" is now "-r0" +- updated rsyslogd doc set man page; now in html format +- undid creation of a separate thread for the main loop -- this did not + turn out to be needed or useful, so reduce complexity once again. +- added doc fixes provided by Michael Biebl - thanks +--------------------------------------------------------------------------- +Version 1.19.9 (rgerhards), 2007-10-12 +- now packaging system which again contains all components in a single + tarball +- modularized main() a bit more, resulting in less complex code +- experimentally added an additional thread - will see if that affects + the segfault bug we experience on some platforms. Note that this change + is scheduled to be removed again later. +--------------------------------------------------------------------------- +Version 1.19.8 (rgerhards), 2007-09-27 +- improved repeated message processing +- applied patch provided by varmojfekoj to support building ommysql + in its own way (now also resides in a plugin subdirectory); + ommysql is now a separate package +- fixed a bug in cvthname() that lead to message loss if part + of the source hostname would have been dropped +- created some support for distributing ommysql together with the + main rsyslog package. I need to re-think it in the future, but + for the time being the current mode is best. I now simply include + one additional tarball for ommysql inside the main distribution. + I look forward to user feedback on how this should be done best. In the + long term, a separate project should be spawend for ommysql, but I'd + like to do that only after the plugin interface is fully stable (what + it is not yet). +--------------------------------------------------------------------------- +Version 1.19.7 (rgerhards), 2007-09-25 +- added code to handle situations where senders send us messages ending with + a NUL character. It is now simply removed. This also caused trailing LF + reduction to fail, when it was followed by such a NUL. This is now also + handled. +- replaced some non-thread-safe function calls by their thread-safe + counterparts +- fixed a minor memory leak that occurred when the %APPNAME% property was + used (I think nobody used that in practice) +- fixed a bug that caused signal handlers in cvthname() not to be restored when + a malicious pointer record was detected and processing of the message been + stopped for that reason (this should be really rare and can not be related + to the segfault bug we are hunting). +- fixed a bug in cvthname that lead to passing a wrong parameter - in + practice, this had no impact. +- general code cleanup (e.g. compiler warnings, comments) +--------------------------------------------------------------------------- +Version 1.19.6 (rgerhards), 2007-09-11 +- applied patch by varmojfekoj to change signal handling to the new + sigaction API set (replacing the depreciated signal() calls and its + friends. +- fixed a bug that in --enable-debug mode caused an assertion when the + discard action was used +- cleaned up compiler warnings +- applied patch by varmojfekoj to FIX a bug that could cause + segfaults if empty properties were processed using modifying + options (e.g. space-cc, drop-cc) +- fixed man bug: rsyslogd supports -l option +--------------------------------------------------------------------------- +Version 1.19.5 (rgerhards), 2007-09-07 +- changed part of the CStr interface so that better error tracking + is provided and the calling sequence is more intuitive (there were + invalid calls based on a too-weird interface) +- (hopefully) fixed some remaining bugs rooted in wrong use of + the CStr class. These could lead to program abort. +- applied patch by varmojfekoj two fix two potential segfault situations +- added $ModDir config directive +- modified $ModLoad so that an absolute path may be specified as + module name (e.g. /rsyslog/ommysql.so) +--------------------------------------------------------------------------- +Version 1.19.4 (rgerhards/varmojfekoj), 2007-09-04 +- fixed a number of small memory leaks - thanks varmojfekoj for patching +- fixed an issue with CString class that could lead to rsyslog abort + in tplToString() - thanks varmojfekoj for patching +- added a man-version of the config file documentation - thanks to Michel + Samia for providing the man file +- fixed bug: a template like this causes an infinite loop: + $template opts,"%programname:::a,b%" + thanks varmojfekoj for the patch +- fixed bug: case changing options crash freeing the string pointer + because they modify it: $template opts2,"%programname::1:lowercase%" + thanks varmojfekoj for the patch +--------------------------------------------------------------------------- +Version 1.19.3 (mmeckelein/varmojfekoj), 2007-08-31 +- small mem leak fixed (after calling parseSelectorAct) - Thx varmojfekoj +- documentation section "Regular File" und "Blocks" updated +- solved an issue with dynamic file generation - Once again many thanks + to varmojfekoj +- the negative selector for program name filter (Blocks) does not work as + expected - Thanks varmojfekoj for patching +- added forwarding information to sysklogd (requires special template) + to config doc +--------------------------------------------------------------------------- +Version 1.19.2 (mmeckelein/varmojfekoj), 2007-08-28 +- a specifically formed message caused a segfault - Many thanks varmojfekoj + for providing a patch +- a typo and a weird condition are fixed in msg.c - Thanks again + varmojfekoj +- on file creation the file was always owned by root:root. This is fixed + now - Thanks ypsa for solving this issue +--------------------------------------------------------------------------- +Version 1.19.1 (mmeckelein), 2007-08-22 +- a bug that caused a high load when a TCP/UDP connection was closed is + fixed now - Thanks mildew for solving this issue +- fixed a bug which caused a segfault on reinit - Thx varmojfekoj for the + patch +- changed the hardcoded module path "/lib/rsyslog" to $(pkglibdir) in order + to avoid trouble e.g. on 64 bit platforms (/lib64) - many thanks Peter + Vrabec and darix, both provided a patch for solving this issue +- enhanced the unloading of modules - thanks again varmojfekoj +- applied a patch from varmojfekoj which fixes various little things in + MySQL output module +--------------------------------------------------------------------------- +Version 1.19.0 (varmojfekoj/rgerhards), 2007-08-16 +- integrated patch from varmojfekoj to make the mysql module a loadable one + many thanks for the patch, MUCH appreciated +--------------------------------------------------------------------------- +Version 1.18.2 (rgerhards), 2007-08-13 +- fixed a bug in outchannel code that caused templates to be incorrectly + parsed +- fixed a bug in ommysql that caused a wrong ";template" missing message +- added some code for unloading modules; not yet fully complete (and we do + not yet have loadable modules, so this is no problem) +- removed debian subdirectory by request of a debian packager (this is a special + subdir for debian and there is also no point in maintaining it when there + is a debian package available - so I gladly did this) in some cases +- improved overall doc quality (some pages were quite old) and linked to + more of the online resources. +- improved /contrib/delete_mysql script by adding a host option and some + other minor modifications +--------------------------------------------------------------------------- +Version 1.18.1 (rgerhards), 2007-08-08 +- applied a patch from varmojfekoj which solved a potential segfault + of rsyslogd on HUP +- applied patch from Michel Samia to fix compilation when the pthreads + feature is disabled +- some code cleanup (moved action object to its own file set) +- add config directive $MainMsgQueueSize, which now allows one to configure the + queue size dynamically +- all compile-time settings are now shown in rsyslogd -v, not just the + active ones +- enhanced performance a little bit more +- added config file directive $ActionResumeInterval +- fixed a bug that prevented compilation under debian sid +- added a contrib directory for user-contributed useful things +--------------------------------------------------------------------------- +Version 1.18.0 (rgerhards), 2007-08-03 +- rsyslog now supports fallback actions when an action did not work. This + is a great feature e.g. for backup database servers or backup syslog + servers +- modified rklogd to only change the console log level if -c is specified +- added feature to use multiple actions inside a single selector +- implemented $ActionExecOnlyWhenPreviousIsSuspended config directive +- error messages during startup are now spit out to the configured log + destinations +--------------------------------------------------------------------------- +Version 1.17.6 (rgerhards), 2007-08-01 +- continued to work on output module modularization - basic stage of + this work is now FINISHED +- fixed bug in OMSRcreate() - always returned SR_RET_OK +- fixed a bug that caused ommysql to always complain about missing + templates +- fixed a mem leak in OMSRdestruct - freeing the object itself was + forgotten - thanks to varmojfekoj for the patch +- fixed a memory leak in syslogd/init() that happened when the config + file could not be read - thanks to varmojfekoj for the patch +- fixed insufficient memory allocation in addAction() and its helpers. + The initial fix and idea was developed by mildew, I fine-tuned + it a bit. Thanks a lot for the fix, I'd probably had pulled out my + hair to find the bug... +- added output of config file line number when a parsing error occurred +- fixed bug in objomsr.c that caused program to abort in debug mode with + an invalid assertion (in some cases) +- fixed a typo that caused the default template for MySQL to be wrong. + thanks to mildew for catching this. +- added configuration file command $DebugPrintModuleList and + $DebugPrintCfSysLineHandlerList +- fixed an invalid value for the MARK timer - unfortunately, there was + a testing aid left in place. This resulted in quite frequent MARK messages +- added $IncludeConfig config directive +- applied a patch from mildew to prevent rsyslogd from freezing under heavy + load. This could happen when the queue was full. Now, we drop messages + but rsyslogd remains active. +--------------------------------------------------------------------------- +Version 1.17.5 (rgerhards), 2007-07-30 +- continued to work on output module modularization +- fixed a missing file bug - thanks to Andrea Montanari for reporting + this problem +- fixed a problem with shutting down the worker thread and freeing the + selector_t list - this caused messages to be lost, because the + message queue was not properly drained before the selectors got + destroyed. +--------------------------------------------------------------------------- +Version 1.17.4 (rgerhards), 2007-07-27 +- continued to work on output module modularization +- fixed a situation where rsyslogd could create zombie processes + thanks to mildew for the patch +- applied patch from Michel Samia to fix compilation when NOT + compiled for pthreads +--------------------------------------------------------------------------- +Version 1.17.3 (rgerhards), 2007-07-25 +- continued working on output module modularization +- fixed a bug that caused rsyslogd to segfault on exit (and + probably also on HUP), when there was an unsent message in a selector + that required forwarding and the dns lookup failed for that selector + (yes, it was pretty unlikely to happen;)) + thanks to varmojfekoj <varmojfekoj@gmail.com> for the patch +- fixed a memory leak in config file parsing and die() + thanks to varmojfekoj <varmojfekoj@gmail.com> for the patch +- rsyslogd now checks on startup if it is capable to perform any work + at all. If it cant, it complains and terminates + thanks to Michel Samia for providing the patch! +- fixed a small memory leak when HUPing syslogd. The allowed sender + list now gets freed. thanks to mildew for the patch. +- changed the way error messages in early startup are logged. They + now do no longer use the syslogd code directly but are rather + send to stderr. +--------------------------------------------------------------------------- +Version 1.17.2 (rgerhards), 2007-07-23 +- made the port part of the -r option optional. Needed for backward + compatibility with sysklogd +- replaced system() calls with something more reasonable. Please note that + this might break compatibility with some existing configuration files. + We accept this in favor of the gained security. +- removed a memory leak that could occur if timegenerated was used in + RFC 3164 format in templates +- did some preparation in msg.c for advanced multithreading - placed the + hooks, but not yet any active code +- worked further on modularization +- added $ModLoad MySQL (dummy) config directive +- added DropTrailingLFOnReception config directive +--------------------------------------------------------------------------- +Version 1.17.1 (rgerhards), 2007-07-20 +- fixed a bug that caused make install to install rsyslogd and rklogd under + the wrong names +- fixed bug that caused $AllowedSenders to handle IPv6 scopes incorrectly; + also fixed but that could garble $AllowedSender wildcards. Thanks to + mildew@gmail.com for the patch +- minor code cleanup - thanks to Peter Vrabec for the patch +- fixed minimal memory leak on HUP (caused by templates) + thanks to varmojfekoj <varmojfekoj@gmail.com> for the patch +- fixed another memory leak on HUPing and on exiting rsyslogd + again thanks to varmojfekoj <varmojfekoj@gmail.com> for the patch +- code cleanup (removed compiler warnings) +- fixed portability bug in configure.ac - thanks to Bartosz Kuźma for patch +- moved msg object into its own file set +- added the capability to continue trying to write log files when the + file system is full. Functionality based on patch by Martin Schulze + to sysklogd package. +--------------------------------------------------------------------------- +Version 1.17.0 (RGer), 2007-07-17 +- added $RepeatedLineReduction config parameter +- added $EscapeControlCharactersOnReceive config parameter +- added $ControlCharacterEscapePrefix config parameter +- added $DirCreateMode config parameter +- added $CreateDirs config parameter +- added $DebugPrintTemplateList config parameter +- added $ResetConfigVariables config parameter +- added $FileOwner config parameter +- added $FileGroup config parameter +- added $DirOwner config parameter +- added $DirGroup config parameter +- added $FailOnChownFailure config parameter +- added regular expression support to the filter engine + thanks to Michel Samia for providing the patch! +- enhanced $AllowedSender functionality. Credits to mildew@gmail.com for + the patch doing that + - added IPv6 support + - allowed DNS hostnames + - allowed DNS wildcard names +- added new option $DropMsgsWithMaliciousDnsPTRRecords +- added autoconf so that rfc3195d, rsyslogd and klogd are stored to /sbin +- added capability to auto-create directories with dynaFiles +--------------------------------------------------------------------------- +Version 1.16.0 (RGer/Peter Vrabec), 2007-07-13 - The Friday, 13th Release ;) +- build system switched to autotools +- removed SYSV preprocessor macro use, replaced with autotools equivalents +- fixed a bug that caused rsyslogd to segfault when TCP listening was + disabled and it terminated +- added new properties "syslogfacility-text" and "syslogseverity-text" + thanks to varmojfekoj <varmojfekoj@gmail.com> for the patch +- added the -x option to disable hostname dns resolution + thanks to varmojfekoj <varmojfekoj@gmail.com> for the patch +- begun to better modularize syslogd.c - this is an ongoing project; moved + type definitions to a separate file +- removed some now-unused fields from struct filed +- move file size limit fields in struct field to the "right spot" (the file + writing part of the union - f_un.f_file) +- subdirectories linux and solaris are no longer part of the distribution + package. This is not because we cease support for them, but there are no + longer any files in them after the move to autotools +--------------------------------------------------------------------------- +Version 1.15.1 (RGer), 2007-07-10 +- fixed a bug that caused a dynaFile selector to stall when there was + an open error with one file +- improved template processing for dynaFiles; templates are now only + looked up during initialization - speeds up processing +- optimized memory layout in struct filed when compiled with MySQL + support +- fixed a bug that caused compilation without SYSLOG_INET to fail +- re-enabled the "last message repeated n times" feature. This + feature was not taken care of while rsyslogd evolved from sysklogd + and it was more or less defunct. Now it is fully functional again. +- added system properties: $NOW, $YEAR, $MONTH, $DAY, $HOUR, $MINUTE +- fixed a bug in iovAsString() that caused a memory leak under stress + conditions (most probably memory shortage). This was unlikely to + ever happen, but it doesn't hurt doing it right +- cosmetic: defined type "uchar", change all unsigned chars to uchar +--------------------------------------------------------------------------- +Version 1.15.0 (RGer), 2007-07-05 +- added ability to dynamically generate file names based on templates + and thus properties. This was a much-requested feature. It makes + life easy when it e.g. comes to splitting files based on the sender + address. +- added $umask and $FileCreateMode config file directives +- applied a patch from Bartosz Kuzma to compile cleanly under NetBSD +- checks for extra (unexpected) characters in system config file lines + have been added +- added IPv6 documentation - was accidentally missing from CVS +- begun to change char to unsigned char +--------------------------------------------------------------------------- +Version 1.14.2 (RGer), 2007-07-03 +** this release fixes all known nits with IPv6 ** +- restored capability to do /etc/service lookup for "syslog" + service when -r 0 was given +- documented IPv6 handling of syslog messages +- integrate patch from Bartosz Kuźma to make rsyslog compile under + Solaris again (the patch replaced a strndup() call, which is not + available under Solaris +- improved debug logging when waiting on select +- updated rsyslogd man page with new options (-46A) +--------------------------------------------------------------------------- +Version 1.14.1 (RGer/Peter Vrabec), 2007-06-29 +- added Peter Vrabec's patch for IPv6 TCP +- prefixed all messages send to stderr in rsyslogd with "rsyslogd: " +--------------------------------------------------------------------------- +Version 1.14.0 (RGer/Peter Vrabec), 2007-06-28 +- Peter Vrabec provided IPv6 for rsyslog, so we are now IPv6 enabled + IPv6 Support is currently for UDP only, TCP is to come soon. + AllowedSender configuration does not yet work for IPv6. +- fixed code in iovCreate() that broke C's strict aliasing rules +- fixed some char/unsigned char differences that forced the compiler + to spit out warning messages +- updated the Red Hat init script to fix a known issue (thanks to + Peter Vrabec) +--------------------------------------------------------------------------- +Version 1.13.5 (RGer), 2007-06-22 +- made the TCP session limit configurable via command line switch + now -t <port>,<max sessions> +- added man page for rklogd(8) (basically a copy from klogd, but now + there is one...) +- fixed a bug that caused internal messages (e.g. rsyslogd startup) to + appear without a tag. +- removed a minor memory leak that occurred when TAG processing requalified + a HOSTNAME to be a TAG (and a TAG already was set). +- removed potential small memory leaks in MsgSet***() functions. There + would be a leak if a property was re-set, something that happened + extremely seldom. +--------------------------------------------------------------------------- +Version 1.13.4 (RGer), 2007-06-18 +- added a new property "PRI-text", which holds the PRI field in + textual form (e.g. "syslog.info") +- added alias "syslogseverity" for "syslogpriority", which is a + misleading property name that needs to stay for historical + reasons (and backward-compatibility) +- added doc on how to record PRI value in log file +- enhanced signal handling in klogd, including removal of an unsafe + call to the logging system during signal handling +--------------------------------------------------------------------------- +Version 1.13.3 (RGer), 2007-06-15 +- create a version of syslog.c from scratch. This is now + - highly optimized for rsyslog + - removes an incompatible license problem as the original + version had a BSD license with advertising clause + - fixed in the regard that rklogd will continue to work when + rsyslogd has been restarted (the original version, as well + as sysklogd, will remain silent then) + - solved an issue with an extra NUL char at message end that the + original version had +- applied some changes to klogd to care for the new interface +- fixed a bug in syslogd.c which prevented compiling under debian +--------------------------------------------------------------------------- +Version 1.13.2 (RGer), 2007-06-13 +- lib order in makefile patched to facilitate static linking - thanks + to Bennett Todd for providing the patch +- Integrated a patch from Peter Vrabec (pvrabec@redhat.com): + - added klogd under the name of rklogd (remove dependency on + original sysklogd package + - createDB.sql now in UTF + - added additional config files for use on Red Hat +--------------------------------------------------------------------------- +Version 1.13.1 (RGer), 2007-02-05 +- changed the listen backlog limit to a more reasonable value based on + the maximum number of TCP connections configured (10% + 5) - thanks to Guy + Standen for the hint (actually, the limit was 5 and that was a + left-over from early testing). +- fixed a bug in makefile which caused DB-support to be disabled when + NETZIP support was enabled +- added the -e option to allow transmission of every message to remote + hosts (effectively turns off duplicate message suppression) +- (somewhat) improved memory consumption when compiled with MySQL support +- looks like we fixed an incompatibility with MySQL 5.x and above software + At least in one case, the remote server name was destroyed, leading to + a connection failure. The new, improved code does not have this issue and + so we see this as solved (the new code is generally somewhat better, so + there is a good chance we fixed this incompatibility). +--------------------------------------------------------------------------- +Version 1.13.0 (RGer), 2006-12-19 +- added '$' as ToPos property replacer specifier - means "up to the + end of the string" +- property replacer option "escape-cc", "drop-cc" and "space-cc" added +- changed the handling of \0 characters inside syslog messages. We now + consistently escape them to "#000". This is somewhat recommended in + the draft-ietf-syslog-protocol-19 draft. While the real recommendation + is to not escape any characters at all, we can not do this without + considerable modification of the code. So we escape it to "#000", which + is consistent with a sample found in the Internet-draft. +- removed message glue logic (see printchopped() comment for details) + Also caused removal of parts table and thus some improvements in + memory usage. +- changed the default MAXLINE to 2048 to take care of recent syslog + standardization efforts (can easily be changed in syslogd.c) +- added support for byte-counted TCP syslog messages (much like + syslog-transport-tls-05 Internet Draft). This was necessary to + support compression over TCP. +- added support for receiving compressed syslog messages +- added support for sending compressed syslog messages +- fixed a bug where the last message in a syslog/tcp stream was + lost if it was not properly terminated by a LF character +--------------------------------------------------------------------------- +Version 1.12.3 (RGer), 2006-10-04 +- implemented some changes to support Solaris (but support is not + yet complete) +- commented out (via #if 0) some methods that are currently not being use + but should be kept for further us +- added (interim) -u 1 option to turn off hostname and tag parsing +- done some modifications to better support Fedora +- made the field delimiter inside property replace configurable via + template +- fixed a bug in property replacer: if fields were used, the delimitor + became part of the field. Up until now, this was barely noticeable as + the delimiter as TAB only and thus invisible to a human. With other + delimiters available now, it quickly showed up. This bug fix might cause + some grief to existing installations if they used the extra TAB for + whatever reasons - sorry folks... Anyhow, a solution is easy: just add + a TAB character constant into your template. Thus, there has no attempt + been made to do this in a backwards-compatible way. +--------------------------------------------------------------------------- +Version 1.12.2 (RGer), 2006-02-15 +- fixed a bug in the RFC 3339 date formatter. An extra space was added + after the actual timestamp +- added support for providing high-precision RFC3339 timestamps for + (rsyslogd-)internally-generated messages +- very (!) experimental support for syslog-protocol internet draft + added (the draft is experimental, the code is solid ;)) +- added support for field-extracting in the property replacer +- enhanced the legacy-syslog parser so that it can interpret messages + that do not contain a TIMESTAMP +- fixed a bug that caused the default socket (usually /dev/log) to be + opened even when -o command line option was given +- fixed a bug in the Debian sample startup script - it caused rsyslogd + to listen to remote requests, which it shouldn't by default +--------------------------------------------------------------------------- +Version 1.12.1 (RGer), 2005-11-23 +- made multithreading work with BSD. Some signal-handling needed to be + restructured. Also, there might be a slight delay of up to 10 seconds + when huping and terminating rsyslogd under BSD +- fixed a bug where a NULL-pointer was passed to printf() in logmsg(). +- fixed a bug during "make install" where rc3195d was not installed + Thanks to Bennett Todd for spotting this. +- fixed a bug where rsyslogd dumped core when no TAG was found in the + received message +- enhanced message parser so that it can deal with missing hostnames + in many cases (may not be totally fail-safe) +- fixed a bug where internally-generated messages did not have the correct + TAG +--------------------------------------------------------------------------- +Version 1.12.0 (RGer), 2005-10-26 +- moved to a multi-threaded design. single-threading is still optionally + available. Multi-threading is experimental! +- fixed a potential race condition. In the original code, marking was done + by an alarm handler, which could lead to all sorts of bad things. This + has been changed now. See comments in syslogd.c/domark() for details. +- improved debug output for property-based filters +- not a code change, but: I have checked all exit()s to make sure that + none occurs once rsyslogd has started up. Even in unusual conditions + (like low-memory conditions) rsyslogd somehow remains active. Of course, + it might loose a message or two, but at least it does not abort and it + can also recover when the condition no longer persists. +- fixed a bug that could cause loss of the last message received + immediately before rsyslogd was terminated. +- added comments on thread-safety of global variables in syslogd.c +- fixed a small bug: spurios printf() when TCP syslog was used +- fixed a bug that causes rsyslogd to dump core on termination when one + of the selector lines did not receive a message during the run (very + unlikely) +- fixed an one-too-low memory allocation in the TCP sender. Could result + in rsyslogd dumping core. +- fixed a bug with regular expression support (thanks to Andres Riancho) +- a little bit of code restructuring (especially main(), which was + horribly large) +--------------------------------------------------------------------------- +Version 1.11.1 (RGer), 2005-10-19 +- support for BSD-style program name and host blocks +- added a new property "programname" that can be used in templates +- added ability to specify listen port for rfc3195d +- fixed a bug that rendered the "startswith" comparison operation + unusable. +- changed more functions to "static" storage class to help compiler + optimize (should have been static in the first place...) +- fixed a potential memory leak in the string buffer class destructor. + As the destructor was previously never called, the leak did not actually + appear. +- some internal restructuring in anticipation/preparation of minimal + multi-threading support +- rsyslogd still shares some code with the sysklogd project. Some patches + for this shared code have been brought over from the sysklogd CVS. +--------------------------------------------------------------------------- +Version 1.11.0 (RGer), 2005-10-12 +- support for receiving messages via RFC 3195; added rfc3195d for that + purpose +- added an additional guard to prevent rsyslogd from aborting when the + 2gb file size limit is hit. While a user can configure rsyslogd to + handle such situations, it would abort if that was not done AND large + file support was not enabled (ok, this is hopefully an unlikely scenario) +- fixed a bug that caused additional Unix domain sockets to be incorrectly + processed - could lead to message loss in extreme cases +--------------------------------------------------------------------------- +Version 1.10.2 (RGer), 2005-09-27 +- added comparison operations in property-based filters: + * isequal + * startswith +- added ability to negate all property-based filter comparison operations + by adding a !-sign right in front of the operation name +- added the ability to specify remote senders for UDP and TCP + received messages. Allows to block all but well-known hosts +- changed the $-config line directives to be case-INsensitive +- new command line option -w added: "do not display warnings if messages + from disallowed senders are received" +- fixed a bug that caused rsyslogd to dump core when the compare value + was not quoted in property-based filters +- fixed a bug in the new CStr compare function which lead to invalid + results (fortunately, this function was not yet used widely) +- added better support for "debugging" rsyslog.conf property filters + (only if -d switch is given) +- changed some function definitions to static, which eventually enables + some compiler optimizations +- fixed a bug in MySQL code; when a SQL error occurred, rsyslogd could + run in a tight loop. This was due to invalid sequence of error reporting + and is now fixed. +--------------------------------------------------------------------------- +Version 1.10.1 (RGer), 2005-09-23 +- added the ability to execute a shell script as an action. + Thanks to Bjoern Kalkbrenner for providing the code! +- fixed a bug in the MySQL code; due to the bug the automatic one-time + retry after an error did not happen - this lead to error message in + cases where none should be seen (e.g. after a MySQL restart) +- fixed a security issue with SQL-escaping in conjunction with + non-(SQL-)standard MySQL features. +--------------------------------------------------------------------------- +Version 1.10.0 (RGer), 2005-09-20 + REMINDER: 1.10 is the first unstable version if the 1.x series! +- added the capability to filter on any property in selector lines + (not just facility and priority) +- changed stringbuf into a new counted string class +- added support for a "discard" action. If a selector line with + discard (~ character) is found, no selector lines *after* that + line will be processed. +- thanks to Andres Riancho, regular expression support has been + added to the template engine +- added the FROMHOST property in the template processor, which could + previously not be obtained. Thanks to Cristian Testa for pointing + this out and even providing a fix. +- added display of compile-time options to -v output +- performance improvement for production build - made some checks + to happen only during debug mode +- fixed a problem with compiling on SUSE and - while doing so - removed + the socket call to set SO_BSDCOMPAT in cases where it is obsolete. +--------------------------------------------------------------------------- +Version 1.0.4 (RGer), 2006-02-01 +- a small but important fix: the tcp receiver had two forgotten printf's + in it that caused a lot of unnecessary output to stdout. This was + important enough to justify a new release +--------------------------------------------------------------------------- +Version 1.0.3 (RGer), 2005-11-14 +- added an additional guard to prevent rsyslogd from aborting when the + 2gb file size limit is hit. While a user can configure rsyslogd to + handle such situations, it would abort if that was not done AND large + file support was not enabled (ok, this is hopefully an unlikely scenario) +- fixed a bug that caused additional Unix domain sockets to be incorrectly + processed - could lead to message loss in extreme cases +- applied some patches available from the sysklogd project to code + shared from there +- fixed a bug that causes rsyslogd to dump core on termination when one + of the selector lines did not receive a message during the run (very + unlikely) +- fixed an one-too-low memory allocation in the TCP sender. Could result + in rsyslogd dumping core. +- fixed a bug in the TCP sender that caused the retry logic to fail + after an error or receiver overrun +- fixed a bug in init() that could lead to dumping core +- fixed a bug that could lead to dumping core when no HOSTNAME or no TAG + was present in the syslog message +--------------------------------------------------------------------------- +Version 1.0.2 (RGer), 2005-10-05 +- fixed an issue with MySQL error reporting. When an error occurred, + the MySQL driver went into an endless loop (at least in most cases). +--------------------------------------------------------------------------- +Version 1.0.1 (RGer), 2005-09-23 +- fixed a security issue with SQL-escaping in conjunction with + non-(SQL-)standard MySQL features. +--------------------------------------------------------------------------- +Version 1.0.0 (RGer), 2005-09-12 +- changed install doc to cover daily cron scripts - a trouble source +- added rc script for slackware (provided by Chris Elvidge - thanks!) +- fixed a really minor bug in usage() - the -r option was still + reported as without the port parameter +--------------------------------------------------------------------------- +Version 0.9.8 (RGer), 2005-09-05 +- made startup and shutdown message more consistent and included the + pid, so that they can be easier correlated. Used syslog-protocol + structured data format for this purpose. +- improved config info in startup message, now tells not only + if it is listening remote on udp, but also for tcp. Also includes + the port numbers. The previous startup message was misleading, because + it did not say "remote reception" if rsyslogd was only listening via + tcp (but not via udp). +- added a "how can you help" document to the doc set +--------------------------------------------------------------------------- +Version 0.9.7 (RGer), 2005-08-15 +- some of the previous doc files (like INSTALL) did not properly + reflect the changes to the build process and the new doc. Fixed + that. +- changed syslogd.c so that when compiled without database support, + an error message is displayed when a database action is detected + in the config file (previously this was used as an user rule ;)) +- fixed a bug in the os-specific Makefiles which caused MySQL + support to not be compiled, even if selected +--------------------------------------------------------------------------- +Version 0.9.6 (RGer), 2005-08-09 +- greatly enhanced documentation. Now available in html format in + the "doc" folder and FreeBSD. Finally includes an install howto. +- improved MySQL error messages a little - they now show up as log + messages, too (formerly only in debug mode) +- added the ability to specify the listen port for udp syslog. + WARNING: This introduces an incompatibility. Formerly, udp + syslog was enabled by the -r command line option. Now, it is + "-r [port]", which is consistent with the tcp listener. However, + just -r will now return an error message. +- added sample startup scripts for Debian and FreeBSD +- added support for easy feature selection in the makefile. Un- + fortunately, this also means I needed to spilt the make file + for different OS and distros. There are some really bad syntax + differences between FreeBSD and Linux make. +--------------------------------------------------------------------------- +Version 0.9.5 (RGer), 2005-08-01 +- the "semicolon bug" was actually not (fully) solved in 0.9.4. One + part of the bug was solved, but another still existed. This one + is fixed now, too. +- the "semicolon bug" actually turned out to be a more generic bug. + It appeared whenever an invalid template name was given. With some + selector actions, rsyslogd dumped core, with other it "just" had + a small resource leak with others all worked well. These anomalies + are now fixed. Note that they only appeared during system initialization + once the system was running, nothing bad happened. +- improved error reporting for template errors on startup. They are now + shown on the console and the start-up tty. Formerly, they were only + visible in debug mode. +- support for multiple instances of rsyslogd on a single machine added +- added new option "-o" --> omit local unix domain socket. This option + enables rsyslogd NOT to listen to the local socket. This is most + helpful when multiple instances of rsyslogd (or rsyslogd and another + syslogd) shall run on a single system. +- added new option "-i <pidfile>" which allows one to specify the pidfile. + This is needed when multiple instances of rsyslogd are to be run. +- the new project home page is now online at www.rsyslog.com +--------------------------------------------------------------------------- +Version 0.9.4 (RGer), 2005-07-25 +- finally added the TCP sender. It now supports non-blocking mode, no + longer disabling message reception during connect. As it is now, it + is usable in production. The code could be more sophisticated, but + I've kept it short in anticipation of the move to liblogging, which + will lead to the removal of the code just written ;) +- the "exiting on signal..." message still had the "syslogd" name in + it. Changed this to "rsyslogd", as we do not have a large user base + yet, this should pose no problem. +- fixed "the semicolon" bug. rsyslogd dumped core if a write-db action + was specified but no semicolon was given after the password (an empty + template was ok, but the semicolon needed to be present). +- changed a default for traditional output format. During testing, it + was seen that the timestamp written to file in default format was + the time of message reception, not the time specified in the TIMESTAMP + field of the message itself. Traditionally, the message TIMESTAMP is + used and this has been changed now. +--------------------------------------------------------------------------- +Version 0.9.3 (RGer), 2005-07-19 +- fixed a bug in the message parser. In June, the RFC 3164 timestamp + was not correctly parsed (yes, only in June and some other months, + see the code comment to learn why...) +- added the ability to specify the destination port when forwarding + syslog messages (both for TCP and UDP) +- added an very experimental TCP sender (activated by + @@machine:port in config). This is not yet for production use. If + the receiver is not alive, rsyslogd will wait quite some time until + the connection request times out, which most probably leads to + loss of incoming messages. + +--------------------------------------------------------------------------- +Version 0.9.2 (RGer), around 2005-07-06 +- I intended to change the maxsupported message size to 32k to + support IHE - but given the memory inefficiency in the usual use + cases, I have not done this. I have, however, included very + specific instructions on how to do this in the source code. I have + also done some testing with 32k messages, so you can change the + max size without taking too much risk. +- added a syslog/tcp receiver; we now can receive messages via + plain tcp, but we can still send only via UDP. The syslog/tcp + receiver is the primary enhancement of this release. +- slightly changed some error messages that contained a spurios \n at + the end of the line (which gives empty lines in your log...) + +--------------------------------------------------------------------------- +Version 0.9.1 (RGer) +- fixed code so that it compiles without errors under FreeBSD +- removed now unused function "allocate_log()" from syslogd.c +- changed the make file so that it contains more defines for + different environments (in the long term, we need a better + system for disabling/enabling features...) +- changed some printf's printing off_t types to %lld and + explicit (long long) casts. I tried to figure out the exact type, + but did not succeed in this. In the worst case, ultra-large peta- + byte files will now display funny informational messages on rollover, + something I think we can live with for the neersion 3.11.2 (rgerhards), 2008-02-?? +--------------------------------------------------------------------------- +Version 3.11.1 (rgerhards), 2008-02-12 +- SNMP trap sender added thanks to Andre Lorbach (omsnmp) +- added input-plugin interface specification in form of a (copy) template + input module +- applied documentation fix by Michael Biebl -- many thanks! +- bugfix: immark did not have MARK flags set... +- added x-info field to rsyslogd startup/shutdown message. Hopefully + points users to right location for further info (many don't even know + they run rsyslog ;)) +- bugfix: trailing ":" of tag was lost while parsing legacy syslog messages + without timestamp - thanks to Anders Blomdell for providing a patch! +- fixed a bug in stringbuf.c related to STRINGBUF_TRIM_ALLOCSIZE, which + wasn't supposed to be used with rsyslog. Put a warning message up that + tells this feature is not tested and probably not worth the effort. + Thanks to Anders Blomdell fro bringing this to our attention +- somewhat improved performance of string buffers +- fixed bug that caused invalid treatment of tabs (HT) in rsyslog.conf +- bugfix: setting for $EscapeControlCharactersOnReceive was not + properly initialized +- clarified usage of space-cc property replacer option +- improved abort diagnostic handler +- some initial effort for malloc/free runtime debugging support +- bugfix: using dynafile actions caused rsyslogd abort +- fixed minor man errors thanks to Michael Biebl +--------------------------------------------------------------------------- +Version 3.11.0 (rgerhards), 2008-01-31 +- implemented queued actions +- implemented simple rate limiting for actions +- implemented deliberate discarding of lower priority messages over higher + priority ones when a queue runs out of space +- implemented disk quotas for disk queues +- implemented the $ActionResumeRetryCount config directive +- added $ActionQueueFilename config directive +- added $ActionQueueSize config directive +- added $ActionQueueHighWaterMark config directive +- added $ActionQueueLowWaterMark config directive +- added $ActionQueueDiscardMark config directive +- added $ActionQueueDiscardSeverity config directive +- added $ActionQueueCheckpointInterval config directive +- added $ActionQueueType config directive +- added $ActionQueueWorkerThreads config directive +- added $ActionQueueTimeoutshutdown config directive +- added $ActionQueueTimeoutActionCompletion config directive +- added $ActionQueueTimeoutenQueue config directive +- added $ActionQueueTimeoutworkerThreadShutdown config directive +- added $ActionQueueWorkerThreadMinimumMessages config directive +- added $ActionQueueMaxFileSize config directive +- added $ActionQueueSaveonShutdown config directive +- addded $ActionQueueDequeueSlowdown config directive +- addded $MainMsgQueueDequeueSlowdown config directive +- bugfix: added forgotten docs to package +- improved debugging support +- fixed a bug that caused $MainMsgQueueCheckpointInterval to work incorrectly +- when a long-running action needs to be cancelled on shutdown, the message + that was processed by it is now preserved. This finishes support for + guaranteed delivery of messages (if the output supports it, of course) +- fixed bug in output module interface, see + http://sourceforge.net/tracker/index.php?func=detail&aid=1881008&group_id=123448&atid=696552 +- changed the ommysql output plugin so that the (lengthy) connection + initialization now takes place in message processing. This works much + better with the new queued action mode (fast startup) +- fixed a bug that caused a potential hang in file and fwd output module + varmojfekoj provided the patch - many thanks! +- bugfixed stream class offset handling on 32bit platforms +--------------------------------------------------------------------------- +Version 3.10.3 (rgerhards), 2008-01-28 +- fixed a bug with standard template definitions (not a big deal) - thanks + to varmojfekoj for spotting it +- run-time instrumentation added +- implemented disk-assisted queue mode, which enables on-demand disk + spooling if the queue's in-memory queue is exhausted +- implemented a dynamic worker thread pool for processing incoming + messages; workers are started and shut down as need arises +- implemented a run-time instrumentation debug package +- implemented the $MainMsgQueueSaveOnShutdown config directive +- implemented the $MainMsgQueueWorkerThreadMinimumMessages config directive +- implemented the $MainMsgQueueTimeoutWorkerThreadShutdown config directive +--------------------------------------------------------------------------- +Version 3.10.2 (rgerhards), 2008-01-14 +- added the ability to keep stop rsyslogd without the need to drain + the main message queue. In disk queue mode, rsyslog continues to + run from the point where it stopped. In case of a system failure, it + continues to process messages from the last checkpoint. +- fixed a bug that caused a segfault on startup when no $WorkDir directive + was specified in rsyslog.conf +- provided more fine-grain control over shutdown timeouts and added a + way to specify the enqueue timeout when the main message queue is full +- implemented $MainMsgQueueCheckpointInterval config directive +- implemented $MainMsgQueueTimeoutActionCompletion config directive +- implemented $MainMsgQueueTimeoutEnqueue config directive +- implemented $MainMsgQueueTimeoutShutdown config directive +--------------------------------------------------------------------------- +Version 3.10.1 (rgerhards), 2008-01-10 +- implemented the "disk" queue mode. However, it currently is of very + limited use, because it does not support persistence over rsyslogd + runs. So when rsyslogd is stopped, the queue is drained just as with + the in-memory queue modes. Persistent queues will be a feature of + the next release. +- performance-optimized string class, should bring an overall improvement +- fixed a memory leak in imudp -- thanks to varmojfekoj for the patch +- fixed a race condition that could lead to a rsyslogd hang when during + HUP or termination +- done some doc updates +- added $WorkDirectory config directive +- added $MainMsgQueueFileName config directive +- added $MainMsgQueueMaxFileSize config directive +--------------------------------------------------------------------------- +Version 3.10.0 (rgerhards), 2008-01-07 +- implemented input module interface and initial input modules +- enhanced threading for input modules (each on its own thread now) +- ability to bind UDP listeners to specific local interfaces/ports and + ability to run multiple of them concurrently +- added ability to specify listen IP address for UDP syslog server +- license changed to GPLv3 +- mark messages are now provided by loadble module immark +- rklogd is no longer provided. Its functionality has now been taken over + by imklog, a loadable input module. This offers a much better integration + into rsyslogd and makes sure that the kernel logger process is brought + up and down at the appropriate times +- enhanced $IncludeConfig directive to support wildcard characters + (thanks to Michael Biebl) +- all inputs are now implemented as loadable plugins +- enhanced threading model: each input module now runs on its own thread +- enhanced message queue which now supports different queueing methods + (among others, this can be used for performance fine-tuning) +- added a large number of new configuration directives for the new + input modules +- enhanced multi-threading utilizing a worker thread pool for the + main message queue +- compilation without pthreads is no longer supported +- much cleaner code due to new objects and removal of single-threading + mode +--------------------------------------------------------------------------- +Version 2.0.1 STABLE (rgerhards), 2008-01-24 +- fixed a bug in integer conversion - but this function was never called, + so it is not really a useful bug fix ;) +- fixed a bug with standard template definitions (not a big deal) - thanks + to varmojfekoj for spotting it +- fixed a bug that caused a potential hang in file and fwd output module + varmojfekoj provided the patch - many thanks! +--------------------------------------------------------------------------- +Version 2.0.0 STABLE (rgerhards), 2008-01-02 +- re-release of 1.21.2 as STABLE with no modifications except some + doc updates +--------------------------------------------------------------------------- +Version 1.21.2 (rgerhards), 2007-12-28 +- created a gss-api output module. This keeps GSS-API code and + TCP/UDP code separated. It is also important for forward- + compatibility with v3. Please note that this change breaks compatibility + with config files created for 1.21.0 and 1.21.1 - this was considered + acceptable. +- fixed an error in forwarding retry code (could lead to message corruption + but surfaced very seldom) +- increased portability for older platforms (AI_NUMERICSERV moved) +- removed socket leak in omfwd.c +- cross-platform patch for GSS-API compile problem on some platforms + thanks to darix for the patch! +--------------------------------------------------------------------------- +Version 1.21.1 (rgerhards), 2007-12-23 +- small doc fix for $IncludeConfig +- fixed a bug in llDestroy() +- bugfix: fixing memory leak when message queue is full and during + parsing. Thanks to varmojfekoj for the patch. +- bugfix: when compiled without network support, unix sockets were + not properly closed +- bugfix: memory leak in cfsysline.c/doGetWord() fixed +--------------------------------------------------------------------------- +Version 1.21.0 (rgerhards), 2007-12-19 +- GSS-API support for syslog/TCP connections was added. Thanks to + varmojfekoj for providing the patch with this functionality +- code cleanup +- enhanced $IncludeConfig directive to support wildcard filenames +- changed some multithreading synchronization +--------------------------------------------------------------------------- +Version 1.20.1 (rgerhards), 2007-12-12 +- corrected a debug setting that survived release. Caused TCP connections + to be retried unnecessarily often. +- When a hostname ACL was provided and DNS resolution for that name failed, + ACL processing was stopped at that point. Thanks to mildew for the patch. + Fedora Bugzilla: http://bugzilla.redhat.com/show_bug.cgi?id=395911 +- fixed a potential race condition, see link for details: + http://rgerhards.blogspot.com/2007/12/rsyslog-race-condition.html + Note that the probability of problems from this bug was very remote +- fixed a memory leak that happened when PostgreSQL date formats were + used +--------------------------------------------------------------------------- +Version 1.20.0 (rgerhards), 2007-12-07 +- an output module for postgres databases has been added. Thanks to + sur5r for contributing this code +- unloading dynamic modules has been cleaned up, we now have a + real implementation and not just a dummy "good enough for the time + being". +- enhanced platform independence - thanks to Bartosz Kuzma and Michael + Biebl for their very useful contributions +- some general code cleanup (including warnings on 64 platforms, only) +--------------------------------------------------------------------------- +Version 1.19.12 (rgerhards), 2007-12-03 +- cleaned up the build system (thanks to Michael Biebl for the patch) +- fixed a bug where ommysql was still not compiled with -pthread option +--------------------------------------------------------------------------- +Version 1.19.11 (rgerhards), 2007-11-29 +- applied -pthread option to build when building for multi-threading mode + hopefully solves an issue with segfaulting +--------------------------------------------------------------------------- +Version 1.19.10 (rgerhards), 2007-10-19 +- introduced the new ":modulename:" syntax for calling module actions + in selector lines; modified ommysql to support it. This is primarily + an aid for further modules and a prerequisite to actually allow third + party modules to be created. +- minor fix in slackware startup script, "-r 0" is now "-r0" +- updated rsyslogd doc set man page; now in html format +- undid creation of a separate thread for the main loop -- this did not + turn out to be needed or useful, so reduce complexity once again. +- added doc fixes provided by Michael Biebl - thanks +--------------------------------------------------------------------------- +Version 1.19.9 (rgerhards), 2007-10-12 +- now packaging system which again contains all components in a single + tarball +- modularized main() a bit more, resulting in less complex code +- experimentally added an additional thread - will see if that affects + the segfault bug we experience on some platforms. Note that this change + is scheduled to be removed again later. +--------------------------------------------------------------------------- +Version 1.19.8 (rgerhards), 2007-09-27 +- improved repeated message processing +- applied patch provided by varmojfekoj to support building ommysql + in its own way (now also resides in a plugin subdirectory); + ommysql is now a separate package +- fixed a bug in cvthname() that lead to message loss if part + of the source hostname would have been dropped +- created some support for distributing ommysql together with the + main rsyslog package. I need to re-think it in the future, but + for the time being the current mode is best. I now simply include + one additional tarball for ommysql inside the main distribution. + I look forward to user feedback on how this should be done best. In the + long term, a separate project should be spawend for ommysql, but I'd + like to do that only after the plugin interface is fully stable (what + it is not yet). +--------------------------------------------------------------------------- +Version 1.19.7 (rgerhards), 2007-09-25 +- added code to handle situations where senders send us messages ending with + a NUL character. It is now simply removed. This also caused trailing LF + reduction to fail, when it was followed by such a NUL. This is now also + handled. +- replaced some non-thread-safe function calls by their thread-safe + counterparts +- fixed a minor memory leak that occurred when the %APPNAME% property was + used (I think nobody used that in practice) +- fixed a bug that caused signal handlers in cvthname() not to be restored when + a malicious pointer record was detected and processing of the message been + stopped for that reason (this should be really rare and can not be related + to the segfault bug we are hunting). +- fixed a bug in cvthname that lead to passing a wrong parameter - in + practice, this had no impact. +- general code cleanup (e.g. compiler warnings, comments) +--------------------------------------------------------------------------- +Version 1.19.6 (rgerhards), 2007-09-11 +- applied patch by varmojfekoj to change signal handling to the new + sigaction API set (replacing the depreciated signal() calls and its + friends. +- fixed a bug that in --enable-debug mode caused an assertion when the + discard action was used +- cleaned up compiler warnings +- applied patch by varmojfekoj to FIX a bug that could cause + segfaults if empty properties were processed using modifying + options (e.g. space-cc, drop-cc) +- fixed man bug: rsyslogd supports -l option +--------------------------------------------------------------------------- +Version 1.19.5 (rgerhards), 2007-09-07 +- changed part of the CStr interface so that better error tracking + is provided and the calling sequence is more intuitive (there were + invalid calls based on a too-weird interface) +- (hopefully) fixed some remaining bugs rooted in wrong use of + the CStr class. These could lead to program abort. +- applied patch by varmojfekoj two fix two potential segfault situations +- added $ModDir config directive +- modified $ModLoad so that an absolute path may be specified as + module name (e.g. /rsyslog/ommysql.so) +--------------------------------------------------------------------------- +Version 1.19.4 (rgerhards/varmojfekoj), 2007-09-04 +- fixed a number of small memory leaks - thanks varmojfekoj for patching +- fixed an issue with CString class that could lead to rsyslog abort + in tplToString() - thanks varmojfekoj for patching +- added a man-version of the config file documentation - thanks to Michel + Samia for providing the man file +- fixed bug: a template like this causes an infinite loop: + $template opts,"%programname:::a,b%" + thanks varmojfekoj for the patch +- fixed bug: case changing options crash freeing the string pointer + because they modify it: $template opts2,"%programname::1:lowercase%" + thanks varmojfekoj for the patch +--------------------------------------------------------------------------- +Version 1.19.3 (mmeckelein/varmojfekoj), 2007-08-31 +- small mem leak fixed (after calling parseSelectorAct) - Thx varmojfekoj +- documentation section "Regular File" und "Blocks" updated +- solved an issue with dynamic file generation - Once again many thanks + to varmojfekoj +- the negative selector for program name filter (Blocks) does not work as + expected - Thanks varmojfekoj for patching +- added forwarding information to sysklogd (requires special template) + to config doc +--------------------------------------------------------------------------- +Version 1.19.2 (mmeckelein/varmojfekoj), 2007-08-28 +- a specifically formed message caused a segfault - Many thanks varmojfekoj + for providing a patch +- a typo and a weird condition are fixed in msg.c - Thanks again + varmojfekoj +- on file creation the file was always owned by root:root. This is fixed + now - Thanks ypsa for solving this issue +--------------------------------------------------------------------------- +Version 1.19.1 (mmeckelein), 2007-08-22 +- a bug that caused a high load when a TCP/UDP connection was closed is + fixed now - Thanks mildew for solving this issue +- fixed a bug which caused a segfault on reinit - Thx varmojfekoj for the + patch +- changed the hardcoded module path "/lib/rsyslog" to $(pkglibdir) in order + to avoid trouble e.g. on 64 bit platforms (/lib64) - many thanks Peter + Vrabec and darix, both provided a patch for solving this issue +- enhanced the unloading of modules - thanks again varmojfekoj +- applied a patch from varmojfekoj which fixes various little things in + MySQL output module +--------------------------------------------------------------------------- +Version 1.19.0 (varmojfekoj/rgerhards), 2007-08-16 +- integrated patch from varmojfekoj to make the mysql module a loadable one + many thanks for the patch, MUCH appreciated +--------------------------------------------------------------------------- +Version 1.18.2 (rgerhards), 2007-08-13 +- fixed a bug in outchannel code that caused templates to be incorrectly + parsed +- fixed a bug in ommysql that caused a wrong ";template" missing message +- added some code for unloading modules; not yet fully complete (and we do + not yet have loadable modules, so this is no problem) +- removed debian subdirectory by request of a debian packager (this is a special + subdir for debian and there is also no point in maintaining it when there + is a debian package available - so I gladly did this) in some cases +- improved overall doc quality (some pages were quite old) and linked to + more of the online resources. +- improved /contrib/delete_mysql script by adding a host option and some + other minor modifications +--------------------------------------------------------------------------- +Version 1.18.1 (rgerhards), 2007-08-08 +- applied a patch from varmojfekoj which solved a potential segfault + of rsyslogd on HUP +- applied patch from Michel Samia to fix compilation when the pthreads + feature is disabled +- some code cleanup (moved action object to its own file set) +- add config directive $MainMsgQueueSize, which now allows one to configure the + queue size dynamically +- all compile-time settings are now shown in rsyslogd -v, not just the + active ones +- enhanced performance a little bit more +- added config file directive $ActionResumeInterval +- fixed a bug that prevented compilation under debian sid +- added a contrib directory for user-contributed useful things +--------------------------------------------------------------------------- +Version 1.18.0 (rgerhards), 2007-08-03 +- rsyslog now supports fallback actions when an action did not work. This + is a great feature e.g. for backup database servers or backup syslog + servers +- modified rklogd to only change the console log level if -c is specified +- added feature to use multiple actions inside a single selector +- implemented $ActionExecOnlyWhenPreviousIsSuspended config directive +- error messages during startup are now spit out to the configured log + destinations +--------------------------------------------------------------------------- +Version 1.17.6 (rgerhards), 2007-08-01 +- continued to work on output module modularization - basic stage of + this work is now FINISHED +- fixed bug in OMSRcreate() - always returned SR_RET_OK +- fixed a bug that caused ommysql to always complain about missing + templates +- fixed a mem leak in OMSRdestruct - freeing the object itself was + forgotten - thanks to varmojfekoj for the patch +- fixed a memory leak in syslogd/init() that happened when the config + file could not be read - thanks to varmojfekoj for the patch +- fixed insufficient memory allocation in addAction() and its helpers. + The initial fix and idea was developed by mildew, I fine-tuned + it a bit. Thanks a lot for the fix, I'd probably had pulled out my + hair to find the bug... +- added output of config file line number when a parsing error occurred +- fixed bug in objomsr.c that caused program to abort in debug mode with + an invalid assertion (in some cases) +- fixed a typo that caused the default template for MySQL to be wrong. + thanks to mildew for catching this. +- added configuration file command $DebugPrintModuleList and + $DebugPrintCfSysLineHandlerList +- fixed an invalid value for the MARK timer - unfortunately, there was + a testing aid left in place. This resulted in quite frequent MARK messages +- added $IncludeConfig config directive +- applied a patch from mildew to prevent rsyslogd from freezing under heavy + load. This could happen when the queue was full. Now, we drop messages + but rsyslogd remains active. +--------------------------------------------------------------------------- +Version 1.17.5 (rgerhards), 2007-07-30 +- continued to work on output module modularization +- fixed a missing file bug - thanks to Andrea Montanari for reporting + this problem +- fixed a problem with shutting down the worker thread and freeing the + selector_t list - this caused messages to be lost, because the + message queue was not properly drained before the selectors got + destroyed. +--------------------------------------------------------------------------- +Version 1.17.4 (rgerhards), 2007-07-27 +- continued to work on output module modularization +- fixed a situation where rsyslogd could create zombie processes + thanks to mildew for the patch +- applied patch from Michel Samia to fix compilation when NOT + compiled for pthreads +--------------------------------------------------------------------------- +Version 1.17.3 (rgerhards), 2007-07-25 +- continued working on output module modularization +- fixed a bug that caused rsyslogd to segfault on exit (and + probably also on HUP), when there was an unsent message in a selector + that required forwarding and the dns lookup failed for that selector + (yes, it was pretty unlikely to happen;)) + thanks to varmojfekoj <varmojfekoj@gmail.com> for the patch +- fixed a memory leak in config file parsing and die() + thanks to varmojfekoj <varmojfekoj@gmail.com> for the patch +- rsyslogd now checks on startup if it is capable to perform any work + at all. If it cant, it complains and terminates + thanks to Michel Samia for providing the patch! +- fixed a small memory leak when HUPing syslogd. The allowed sender + list now gets freed. thanks to mildew for the patch. +- changed the way error messages in early startup are logged. They + now do no longer use the syslogd code directly but are rather + send to stderr. +--------------------------------------------------------------------------- +Version 1.17.2 (rgerhards), 2007-07-23 +- made the port part of the -r option optional. Needed for backward + compatibility with sysklogd +- replaced system() calls with something more reasonable. Please note that + this might break compatibility with some existing configuration files. + We accept this in favor of the gained security. +- removed a memory leak that could occur if timegenerated was used in + RFC 3164 format in templates +- did some preparation in msg.c for advanced multithreading - placed the + hooks, but not yet any active code +- worked further on modularization +- added $ModLoad MySQL (dummy) config directive +- added DropTrailingLFOnReception config directive +--------------------------------------------------------------------------- +Version 1.17.1 (rgerhards), 2007-07-20 +- fixed a bug that caused make install to install rsyslogd and rklogd under + the wrong names +- fixed bug that caused $AllowedSenders to handle IPv6 scopes incorrectly; + also fixed but that could garble $AllowedSender wildcards. Thanks to + mildew@gmail.com for the patch +- minor code cleanup - thanks to Peter Vrabec for the patch +- fixed minimal memory leak on HUP (caused by templates) + thanks to varmojfekoj <varmojfekoj@gmail.com> for the patch +- fixed another memory leak on HUPing and on exiting rsyslogd + again thanks to varmojfekoj <varmojfekoj@gmail.com> for the patch +- code cleanup (removed compiler warnings) +- fixed portability bug in configure.ac - thanks to Bartosz Kuźma for patch +- moved msg object into its own file set +- added the capability to continue trying to write log files when the + file system is full. Functionality based on patch by Martin Schulze + to sysklogd package. +--------------------------------------------------------------------------- +Version 1.17.0 (RGer), 2007-07-17 +- added $RepeatedLineReduction config parameter +- added $EscapeControlCharactersOnReceive config parameter +- added $ControlCharacterEscapePrefix config parameter +- added $DirCreateMode config parameter +- added $CreateDirs config parameter +- added $DebugPrintTemplateList config parameter +- added $ResetConfigVariables config parameter +- added $FileOwner config parameter +- added $FileGroup config parameter +- added $DirOwner config parameter +- added $DirGroup config parameter +- added $FailOnChownFailure config parameter +- added regular expression support to the filter engine + thanks to Michel Samia for providing the patch! +- enhanced $AllowedSender functionality. Credits to mildew@gmail.com for + the patch doing that + - added IPv6 support + - allowed DNS hostnames + - allowed DNS wildcard names +- added new option $DropMsgsWithMaliciousDnsPTRRecords +- added autoconf so that rfc3195d, rsyslogd and klogd are stored to /sbin +- added capability to auto-create directories with dynaFiles +--------------------------------------------------------------------------- +Version 1.16.0 (RGer/Peter Vrabec), 2007-07-13 - The Friday, 13th Release ;) +- build system switched to autotools +- removed SYSV preprocessor macro use, replaced with autotools equivalents +- fixed a bug that caused rsyslogd to segfault when TCP listening was + disabled and it terminated +- added new properties "syslogfacility-text" and "syslogseverity-text" + thanks to varmojfekoj <varmojfekoj@gmail.com> for the patch +- added the -x option to disable hostname dns resolution + thanks to varmojfekoj <varmojfekoj@gmail.com> for the patch +- begun to better modularize syslogd.c - this is an ongoing project; moved + type definitions to a separate file +- removed some now-unused fields from struct filed +- move file size limit fields in struct field to the "right spot" (the file + writing part of the union - f_un.f_file) +- subdirectories linux and solaris are no longer part of the distribution + package. This is not because we cease support for them, but there are no + longer any files in them after the move to autotools +--------------------------------------------------------------------------- +Version 1.15.1 (RGer), 2007-07-10 +- fixed a bug that caused a dynaFile selector to stall when there was + an open error with one file +- improved template processing for dynaFiles; templates are now only + looked up during initialization - speeds up processing +- optimized memory layout in struct filed when compiled with MySQL + support +- fixed a bug that caused compilation without SYSLOG_INET to fail +- re-enabled the "last message repeated n times" feature. This + feature was not taken care of while rsyslogd evolved from sysklogd + and it was more or less defunct. Now it is fully functional again. +- added system properties: $NOW, $YEAR, $MONTH, $DAY, $HOUR, $MINUTE +- fixed a bug in iovAsString() that caused a memory leak under stress + conditions (most probably memory shortage). This was unlikely to + ever happen, but it doesn't hurt doing it right +- cosmetic: defined type "uchar", change all unsigned chars to uchar +--------------------------------------------------------------------------- +Version 1.15.0 (RGer), 2007-07-05 +- added ability to dynamically generate file names based on templates + and thus properties. This was a much-requested feature. It makes + life easy when it e.g. comes to splitting files based on the sender + address. +- added $umask and $FileCreateMode config file directives +- applied a patch from Bartosz Kuzma to compile cleanly under NetBSD +- checks for extra (unexpected) characters in system config file lines + have been added +- added IPv6 documentation - was accidentally missing from CVS +- begun to change char to unsigned char +--------------------------------------------------------------------------- +Version 1.14.2 (RGer), 2007-07-03 +** this release fixes all known nits with IPv6 ** +- restored capability to do /etc/service lookup for "syslog" + service when -r 0 was given +- documented IPv6 handling of syslog messages +- integrate patch from Bartosz Kuźma to make rsyslog compile under + Solaris again (the patch replaced a strndup() call, which is not + available under Solaris +- improved debug logging when waiting on select +- updated rsyslogd man page with new options (-46A) +--------------------------------------------------------------------------- +Version 1.14.1 (RGer/Peter Vrabec), 2007-06-29 +- added Peter Vrabec's patch for IPv6 TCP +- prefixed all messages send to stderr in rsyslogd with "rsyslogd: " +--------------------------------------------------------------------------- +Version 1.14.0 (RGer/Peter Vrabec), 2007-06-28 +- Peter Vrabec provided IPv6 for rsyslog, so we are now IPv6 enabled + IPv6 Support is currently for UDP only, TCP is to come soon. + AllowedSender configuration does not yet work for IPv6. +- fixed code in iovCreate() that broke C's strict aliasing rules +- fixed some char/unsigned char differences that forced the compiler + to spit out warning messages +- updated the Red Hat init script to fix a known issue (thanks to + Peter Vrabec) +--------------------------------------------------------------------------- +Version 1.13.5 (RGer), 2007-06-22 +- made the TCP session limit configurable via command line switch + now -t <port>,<max sessions> +- added man page for rklogd(8) (basically a copy from klogd, but now + there is one...) +- fixed a bug that caused internal messages (e.g. rsyslogd startup) to + appear without a tag. +- removed a minor memory leak that occurred when TAG processing requalified + a HOSTNAME to be a TAG (and a TAG already was set). +- removed potential small memory leaks in MsgSet***() functions. There + would be a leak if a property was re-set, something that happened + extremely seldom. +--------------------------------------------------------------------------- +Version 1.13.4 (RGer), 2007-06-18 +- added a new property "PRI-text", which holds the PRI field in + textual form (e.g. "syslog.info") +- added alias "syslogseverity" for "syslogpriority", which is a + misleading property name that needs to stay for historical + reasons (and backward-compatibility) +- added doc on how to record PRI value in log file +- enhanced signal handling in klogd, including removal of an unsafe + call to the logging system during signal handling +--------------------------------------------------------------------------- +Version 1.13.3 (RGer), 2007-06-15 +- create a version of syslog.c from scratch. This is now + - highly optimized for rsyslog + - removes an incompatible license problem as the original + version had a BSD license with advertising clause + - fixed in the regard that rklogd will continue to work when + rsyslogd has been restarted (the original version, as well + as sysklogd, will remain silent then) + - solved an issue with an extra NUL char at message end that the + original version had +- applied some changes to klogd to care for the new interface +- fixed a bug in syslogd.c which prevented compiling under debian +--------------------------------------------------------------------------- +Version 1.13.2 (RGer), 2007-06-13 +- lib order in makefile patched to facilitate static linking - thanks + to Bennett Todd for providing the patch +- Integrated a patch from Peter Vrabec (pvrabec@redhat.com): + - added klogd under the name of rklogd (remove dependency on + original sysklogd package + - createDB.sql now in UTF + - added additional config files for use on Red Hat +--------------------------------------------------------------------------- +Version 1.13.1 (RGer), 2007-02-05 +- changed the listen backlog limit to a more reasonable value based on + the maximum number of TCP connections configured (10% + 5) - thanks to Guy + Standen for the hint (actually, the limit was 5 and that was a + left-over from early testing). +- fixed a bug in makefile which caused DB-support to be disabled when + NETZIP support was enabled +- added the -e option to allow transmission of every message to remote + hosts (effectively turns off duplicate message suppression) +- (somewhat) improved memory consumption when compiled with MySQL support +- looks like we fixed an incompatibility with MySQL 5.x and above software + At least in one case, the remote server name was destroyed, leading to + a connection failure. The new, improved code does not have this issue and + so we see this as solved (the new code is generally somewhat better, so + there is a good chance we fixed this incompatibility). +--------------------------------------------------------------------------- +Version 1.13.0 (RGer), 2006-12-19 +- added '$' as ToPos property replacer specifier - means "up to the + end of the string" +- property replacer option "escape-cc", "drop-cc" and "space-cc" added +- changed the handling of \0 characters inside syslog messages. We now + consistently escape them to "#000". This is somewhat recommended in + the draft-ietf-syslog-protocol-19 draft. While the real recommendation + is to not escape any characters at all, we can not do this without + considerable modification of the code. So we escape it to "#000", which + is consistent with a sample found in the Internet-draft. +- removed message glue logic (see printchopped() comment for details) + Also caused removal of parts table and thus some improvements in + memory usage. +- changed the default MAXLINE to 2048 to take care of recent syslog + standardization efforts (can easily be changed in syslogd.c) +- added support for byte-counted TCP syslog messages (much like + syslog-transport-tls-05 Internet Draft). This was necessary to + support compression over TCP. +- added support for receiving compressed syslog messages +- added support for sending compressed syslog messages +- fixed a bug where the last message in a syslog/tcp stream was + lost if it was not properly terminated by a LF character +--------------------------------------------------------------------------- +Version 1.12.3 (RGer), 2006-10-04 +- implemented some changes to support Solaris (but support is not + yet complete) +- commented out (via #if 0) some methods that are currently not being use + but should be kept for further us +- added (interim) -u 1 option to turn off hostname and tag parsing +- done some modifications to better support Fedora +- made the field delimiter inside property replace configurable via + template +- fixed a bug in property replacer: if fields were used, the delimitor + became part of the field. Up until now, this was barely noticeable as + the delimiter as TAB only and thus invisible to a human. With other + delimiters available now, it quickly showed up. This bug fix might cause + some grief to existing installations if they used the extra TAB for + whatever reasons - sorry folks... Anyhow, a solution is easy: just add + a TAB character constant into your template. Thus, there has no attempt + been made to do this in a backwards-compatible way. +--------------------------------------------------------------------------- +Version 1.12.2 (RGer), 2006-02-15 +- fixed a bug in the RFC 3339 date formatter. An extra space was added + after the actual timestamp +- added support for providing high-precision RFC3339 timestamps for + (rsyslogd-)internally-generated messages +- very (!) experimental support for syslog-protocol internet draft + added (the draft is experimental, the code is solid ;)) +- added support for field-extracting in the property replacer +- enhanced the legacy-syslog parser so that it can interpret messages + that do not contain a TIMESTAMP +- fixed a bug that caused the default socket (usually /dev/log) to be + opened even when -o command line option was given +- fixed a bug in the Debian sample startup script - it caused rsyslogd + to listen to remote requests, which it shouldn't by default +--------------------------------------------------------------------------- +Version 1.12.1 (RGer), 2005-11-23 +- made multithreading work with BSD. Some signal-handling needed to be + restructured. Also, there might be a slight delay of up to 10 seconds + when huping and terminating rsyslogd under BSD +- fixed a bug where a NULL-pointer was passed to printf() in logmsg(). +- fixed a bug during "make install" where rc3195d was not installed + Thanks to Bennett Todd for spotting this. +- fixed a bug where rsyslogd dumped core when no TAG was found in the + received message +- enhanced message parser so that it can deal with missing hostnames + in many cases (may not be totally fail-safe) +- fixed a bug where internally-generated messages did not have the correct + TAG +--------------------------------------------------------------------------- +Version 1.12.0 (RGer), 2005-10-26 +- moved to a multi-threaded design. single-threading is still optionally + available. Multi-threading is experimental! +- fixed a potential race condition. In the original code, marking was done + by an alarm handler, which could lead to all sorts of bad things. This + has been changed now. See comments in syslogd.c/domark() for details. +- improved debug output for property-based filters +- not a code change, but: I have checked all exit()s to make sure that + none occurs once rsyslogd has started up. Even in unusual conditions + (like low-memory conditions) rsyslogd somehow remains active. Of course, + it might loose a message or two, but at least it does not abort and it + can also recover when the condition no longer persists. +- fixed a bug that could cause loss of the last message received + immediately before rsyslogd was terminated. +- added comments on thread-safety of global variables in syslogd.c +- fixed a small bug: spurios printf() when TCP syslog was used +- fixed a bug that causes rsyslogd to dump core on termination when one + of the selector lines did not receive a message during the run (very + unlikely) +- fixed an one-too-low memory allocation in the TCP sender. Could result + in rsyslogd dumping core. +- fixed a bug with regular expression support (thanks to Andres Riancho) +- a little bit of code restructuring (especially main(), which was + horribly large) +--------------------------------------------------------------------------- +Version 1.11.1 (RGer), 2005-10-19 +- support for BSD-style program name and host blocks +- added a new property "programname" that can be used in templates +- added ability to specify listen port for rfc3195d +- fixed a bug that rendered the "startswith" comparison operation + unusable. +- changed more functions to "static" storage class to help compiler + optimize (should have been static in the first place...) +- fixed a potential memory leak in the string buffer class destructor. + As the destructor was previously never called, the leak did not actually + appear. +- some internal restructuring in anticipation/preparation of minimal + multi-threading support +- rsyslogd still shares some code with the sysklogd project. Some patches + for this shared code have been brought over from the sysklogd CVS. +--------------------------------------------------------------------------- +Version 1.11.0 (RGer), 2005-10-12 +- support for receiving messages via RFC 3195; added rfc3195d for that + purpose +- added an additional guard to prevent rsyslogd from aborting when the + 2gb file size limit is hit. While a user can configure rsyslogd to + handle such situations, it would abort if that was not done AND large + file support was not enabled (ok, this is hopefully an unlikely scenario) +- fixed a bug that caused additional Unix domain sockets to be incorrectly + processed - could lead to message loss in extreme cases +--------------------------------------------------------------------------- +Version 1.10.2 (RGer), 2005-09-27 +- added comparison operations in property-based filters: + * isequal + * startswith +- added ability to negate all property-based filter comparison operations + by adding a !-sign right in front of the operation name +- added the ability to specify remote senders for UDP and TCP + received messages. Allows to block all but well-known hosts +- changed the $-config line directives to be case-INsensitive +- new command line option -w added: "do not display warnings if messages + from disallowed senders are received" +- fixed a bug that caused rsyslogd to dump core when the compare value + was not quoted in property-based filters +- fixed a bug in the new CStr compare function which lead to invalid + results (fortunately, this function was not yet used widely) +- added better support for "debugging" rsyslog.conf property filters + (only if -d switch is given) +- changed some function definitions to static, which eventually enables + some compiler optimizations +- fixed a bug in MySQL code; when a SQL error occurred, rsyslogd could + run in a tight loop. This was due to invalid sequence of error reporting + and is now fixed. +--------------------------------------------------------------------------- +Version 1.10.1 (RGer), 2005-09-23 +- added the ability to execute a shell script as an action. + Thanks to Bjoern Kalkbrenner for providing the code! +- fixed a bug in the MySQL code; due to the bug the automatic one-time + retry after an error did not happen - this lead to error message in + cases where none should be seen (e.g. after a MySQL restart) +- fixed a security issue with SQL-escaping in conjunction with + non-(SQL-)standard MySQL features. +--------------------------------------------------------------------------- +Version 1.10.0 (RGer), 2005-09-20 + REMINDER: 1.10 is the first unstable version if the 1.x series! +- added the capability to filter on any property in selector lines + (not just facility and priority) +- changed stringbuf into a new counted string class +- added support for a "discard" action. If a selector line with + discard (~ character) is found, no selector lines *after* that + line will be processed. +- thanks to Andres Riancho, regular expression support has been + added to the template engine +- added the FROMHOST property in the template processor, which could + previously not be obtained. Thanks to Cristian Testa for pointing + this out and even providing a fix. +- added display of compile-time options to -v output +- performance improvement for production build - made some checks + to happen only during debug mode +- fixed a problem with compiling on SUSE and - while doing so - removed + the socket call to set SO_BSDCOMPAT in cases where it is obsolete. +--------------------------------------------------------------------------- +Version 1.0.4 (RGer), 2006-02-01 +- a small but important fix: the tcp receiver had two forgotten printf's + in it that caused a lot of unnecessary output to stdout. This was + important enough to justify a new release +--------------------------------------------------------------------------- +Version 1.0.3 (RGer), 2005-11-14 +- added an additional guard to prevent rsyslogd from aborting when the + 2gb file size limit is hit. While a user can configure rsyslogd to + handle such situations, it would abort if that was not done AND large + file support was not enabled (ok, this is hopefully an unlikely scenario) +- fixed a bug that caused additional Unix domain sockets to be incorrectly + processed - could lead to message loss in extreme cases +- applied some patches available from the sysklogd project to code + shared from there +- fixed a bug that causes rsyslogd to dump core on termination when one + of the selector lines did not receive a message during the run (very + unlikely) +- fixed an one-too-low memory allocation in the TCP sender. Could result + in rsyslogd dumping core. +- fixed a bug in the TCP sender that caused the retry logic to fail + after an error or receiver overrun +- fixed a bug in init() that could lead to dumping core +- fixed a bug that could lead to dumping core when no HOSTNAME or no TAG + was present in the syslog message +--------------------------------------------------------------------------- +Version 1.0.2 (RGer), 2005-10-05 +- fixed an issue with MySQL error reporting. When an error occurred, + the MySQL driver went into an endless loop (at least in most cases). +--------------------------------------------------------------------------- +Version 1.0.1 (RGer), 2005-09-23 +- fixed a security issue with SQL-escaping in conjunction with + non-(SQL-)standard MySQL features. +--------------------------------------------------------------------------- +Version 1.0.0 (RGer), 2005-09-12 +- changed install doc to cover daily cron scripts - a trouble source +- added rc script for slackware (provided by Chris Elvidge - thanks!) +- fixed a really minor bug in usage() - the -r option was still + reported as without the port parameter +--------------------------------------------------------------------------- +Version 0.9.8 (RGer), 2005-09-05 +- made startup and shutdown message more consistent and included the + pid, so that they can be easier correlated. Used syslog-protocol + structured data format for this purpose. +- improved config info in startup message, now tells not only + if it is listening remote on udp, but also for tcp. Also includes + the port numbers. The previous startup message was misleading, because + it did not say "remote reception" if rsyslogd was only listening via + tcp (but not via udp). +- added a "how can you help" document to the doc set +--------------------------------------------------------------------------- +Version 0.9.7 (RGer), 2005-08-15 +- some of the previous doc files (like INSTALL) did not properly + reflect the changes to the build process and the new doc. Fixed + that. +- changed syslogd.c so that when compiled without database support, + an error message is displayed when a database action is detected + in the config file (previously this was used as an user rule ;)) +- fixed a bug in the os-specific Makefiles which caused MySQL + support to not be compiled, even if selected +--------------------------------------------------------------------------- +Version 0.9.6 (RGer), 2005-08-09 +- greatly enhanced documentation. Now available in html format in + the "doc" folder and FreeBSD. Finally includes an install howto. +- improved MySQL error messages a little - they now show up as log + messages, too (formerly only in debug mode) +- added the ability to specify the listen port for udp syslog. + WARNING: This introduces an incompatibility. Formerly, udp + syslog was enabled by the -r command line option. Now, it is + "-r [port]", which is consistent with the tcp listener. However, + just -r will now return an error message. +- added sample startup scripts for Debian and FreeBSD +- added support for easy feature selection in the makefile. Un- + fortunately, this also means I needed to spilt the make file + for different OS and distros. There are some really bad syntax + differences between FreeBSD and Linux make. +--------------------------------------------------------------------------- +Version 0.9.5 (RGer), 2005-08-01 +- the "semicolon bug" was actually not (fully) solved in 0.9.4. One + part of the bug was solved, but another still existed. This one + is fixed now, too. +- the "semicolon bug" actually turned out to be a more generic bug. + It appeared whenever an invalid template name was given. With some + selector actions, rsyslogd dumped core, with other it "just" had + a small resource leak with others all worked well. These anomalies + are now fixed. Note that they only appeared during system initialization + once the system was running, nothing bad happened. +- improved error reporting for template errors on startup. They are now + shown on the console and the start-up tty. Formerly, they were only + visible in debug mode. +- support for multiple instances of rsyslogd on a single machine added +- added new option "-o" --> omit local unix domain socket. This option + enables rsyslogd NOT to listen to the local socket. This is most + helpful when multiple instances of rsyslogd (or rsyslogd and another + syslogd) shall run on a single system. +- added new option "-i <pidfile>" which allows one to specify the pidfile. + This is needed when multiple instances of rsyslogd are to be run. +- the new project home page is now online at www.rsyslog.com +--------------------------------------------------------------------------- +Version 0.9.4 (RGer), 2005-07-25 +- finally added the TCP sender. It now supports non-blocking mode, no + longer disabling message reception during connect. As it is now, it + is usable in production. The code could be more sophisticated, but + I've kept it short in anticipation of the move to liblogging, which + will lead to the removal of the code just written ;) +- the "exiting on signal..." message still had the "syslogd" name in + it. Changed this to "rsyslogd", as we do not have a large user base + yet, this should pose no problem. +- fixed "the semicolon" bug. rsyslogd dumped core if a write-db action + was specified but no semicolon was given after the password (an empty + template was ok, but the semicolon needed to be present). +- changed a default for traditional output format. During testing, it + was seen that the timestamp written to file in default format was + the time of message reception, not the time specified in the TIMESTAMP + field of the message itself. Traditionally, the message TIMESTAMP is + used and this has been changed now. +--------------------------------------------------------------------------- +Version 0.9.3 (RGer), 2005-07-19 +- fixed a bug in the message parser. In June, the RFC 3164 timestamp + was not correctly parsed (yes, only in June and some other months, + see the code comment to learn why...) +- added the ability to specify the destination port when forwarding + syslog messages (both for TCP and UDP) +- added an very experimental TCP sender (activated by + @@machine:port in config). This is not yet for production use. If + the receiver is not alive, rsyslogd will wait quite some time until + the connection request times out, which most probably leads to + loss of incoming messages. + +--------------------------------------------------------------------------- +Version 0.9.2 (RGer), around 2005-07-06 +- I intended to change the maxsupported message size to 32k to + support IHE - but given the memory inefficiency in the usual use + cases, I have not done this. I have, however, included very + specific instructions on how to do this in the source code. I have + also done some testing with 32k messages, so you can change the + max size without taking too much risk. +- added a syslog/tcp receiver; we now can receive messages via + plain tcp, but we can still send only via UDP. The syslog/tcp + receiver is the primary enhancement of this release. +- slightly changed some error messages that contained a spurios \n at + the end of the line (which gives empty lines in your log...) + +--------------------------------------------------------------------------- +Version 0.9.1 (RGer) +- fixed code so that it compiles without errors under FreeBSD +- removed now unused function "allocate_log()" from syslogd.c +- changed the make file so that it contains more defines for + different environments (in the long term, we need a better + system for disabling/enabling features...) +- changed some printf's printing off_t types to %lld and + explicit (long long) casts. I tried to figure out the exact type, + but did not succeed in this. In the worst case, ultra-large peta- + byte files will now display funny informational messages on rollover, + something I think we can live with for the next 10 years or so... + +--------------------------------------------------------------------------- +Version 0.9.0 (RGer) +- changed the filed structure to be a linked list. Previously, it + was a table - well, for non-SYSV it was defined as linked list, + but from what I see that code did no longer work after my + modifications. I am now using a linked list in general because + that is needed for other upcoming modifications. +- fixed a bug that caused rsyslogd not to listen to anything if + the configuration file could not be read +- previous versions disabled network logging (send/receive) if + syslog/udp port was not in /etc/services. Now defaulting to + port 514 in this case. +- internal error messages are now supported up to 256 bytes +- error message seen during config file read are now also displayed + to the attached tty and not only the console +- changed some error messages during init to be sent to the console + and/or emergency log. Previously, they were only seen if the + -d (debug) option was present on the command line. +- fixed the "2gb file issue on 32bit systems". If a file grew to + more than 2gb, the syslogd was aborted with "file size exceeded". + Now, defines have been added according to + http://www.daimi.au.dk/~kasperd/comp.os.linux.development.faq.html#LARGEFILE + Testing revealed that they work ;) + HOWEVER, if your file system, glibc, kernel, whatever does not + support files larger 2gb, you need to set a file size limit with + the new output channel mechanism. +- updated man pages to reflect the changes + +--------------------------------------------------------------------------- +Version 0.8.4 + +- improved -d debug output (removed developer-only content) +- now compiles under FreeBSD and NetBSD (only quick testing done on NetBSD) +--------------------------------------------------------------------------- +Version 0.8.3 + +- security model in "make install" changed +- minor doc updates +--------------------------------------------------------------------------- +Version 0.8.2 + +- added man page for rsyslog.conf and rsyslogd +- gave up on the concept of rsyslog being a "drop in" replacement + for syslogd. Now, the user installs rsyslogd and also needs to + adjust his system settings to this specifically. This also lead + to these changes: + * changed Makefile so that install now installs rsyslogd instead + of dealing with syslogd + * changed the default config file name to rsyslog.conf +--------------------------------------------------------------------------- +Version 0.8.1 + +- fixed a nasty memory leak (probably not the last one with this release) +- some enhancements to Makefile as suggested by Bennett Todd +- syslogd-internal messages (like restart) were missing the hostname + this has been corrected +--------------------------------------------------------------------------- +Version 0.8.0 + +Initial testing release. Based on the sysklogd package. Thanks to the +sysklogd maintainers for all their good work! +--------------------------------------------------------------------------- + +---------------------------------------------------------------------- +The following comments were left in the syslogd source. While they provide +not too much detail, the help to date when Rainer started work on the +project (which was 2003, now even surprising for Rainer himself ;)). + * \author Rainer Gerhards <rgerhards@adiscon.com> + * \date 2003-10-17 + * Some initial modifications on the sysklogd package to support + * liblogging. These have actually not yet been merged to the + * source you see currently (but they hopefully will) + * + * \date 2004-10-28 + * Restarted the modifications of sysklogd. This time, we + * focus on a simpler approach first. The initial goal is to + * provide MySQL database support (so that syslogd can log + * to the database). +---------------------------------------------------------------------- +The following comments are from the stock syslogd.c source. They provide +some insight into what happened to the source before we forked +rsyslogd. However, much of the code already has been replaced and more +is to be replaced. So over time, these comments become less valuable. +I have moved them out of the syslogd.c file to shrink it, especially +as a lot of them do no longer apply. For historical reasons and +understanding of how the daemon evolved, they are probably still +helpful. + * Author: Eric Allman + * extensive changes by Ralph Campbell + * more extensive changes by Eric Allman (again) + * + * Steve Lord: Fix UNIX domain socket code, added linux kernel logging + * change defines to + * SYSLOG_INET - listen on a UDP socket + * SYSLOG_UNIXAF - listen on unix domain socket + * SYSLOG_KERNEL - listen to linux kernel + * + * Mon Feb 22 09:55:42 CST 1993: Dr. Wettstein + * Additional modifications to the source. Changed priority scheme + * to increase the level of configurability. In its stock configuration + * syslogd no longer logs all messages of a certain priority and above + * to a log file. The * wildcard is supported to specify all priorities. + * Note that this is a departure from the BSD standard. + * + * Syslogd will now listen to both the inetd and the unixd socket. The + * strategy is to allow all local programs to direct their output to + * syslogd through the unixd socket while the program listens to the + * inetd socket to get messages forwarded from other hosts. + * + * Fri Mar 12 16:55:33 CST 1993: Dr. Wettstein + * Thanks to Stephen Tweedie (dcs.ed.ac.uk!sct) for helpful bug-fixes + * and an enlightened commentary on the prioritization problem. + * + * Changed the priority scheme so that the default behavior mimics the + * standard BSD. In this scenario all messages of a specified priority + * and above are logged. + * + * Add the ability to specify a wildcard (=) as the first character + * of the priority name. Doing this specifies that ONLY messages with + * this level of priority are to be logged. For example: + * + * *.=debug /usr/adm/debug + * + * Would log only messages with a priority of debug to the /usr/adm/debug + * file. + * + * Providing an * as the priority specifies that all messages are to be + * logged. Note that this case is degenerate with specifying a priority + * level of debug. The wildcard * was retained because I believe that + * this is more intuitive. + * + * Thu Jun 24 11:34:13 CDT 1993: Dr. Wettstein + * Modified sources to incorporate changes in libc4.4. Messages from + * syslog are now null-terminated, syslogd code now parses messages + * based on this termination scheme. Linux as of libc4.4 supports the + * fsync system call. Modified code to fsync after all writes to + * log files. + * + * Sat Dec 11 11:59:43 CST 1993: Dr. Wettstein + * Extensive changes to the source code to allow compilation with no + * complaints with -Wall. + * + * Reorganized the facility and priority name arrays so that they + * compatible with the syslog.h source found in /usr/include/syslog.h. + * NOTE that this should really be changed. The reason I do not + * allow the use of the values defined in syslog.h is on account of + * the extensions made to allow the wildcard character in the + * priority field. To fix this properly one should malloc an array, + * copy the contents of the array defined by syslog.h and then + * make whatever modifications that are desired. Next round. + * + * Thu Jan 6 12:07:36 CST 1994: Dr. Wettstein + * Added support for proper decomposition and re-assembly of + * fragment messages on UNIX domain sockets. Lack of this capability + * was causing 'partial' messages to be output. Since facility and + * priority information is encoded as a leader on the messages this + * was causing lines to be placed in erroneous files. + * + * Also added a patch from Shane Alderton (shane@ion.apana.org.au) to + * correct a problem with syslogd dumping core when an attempt was made + * to write log messages to a logged-on user. Thank you. + * + * Many thanks to Juha Virtanen (jiivee@hut.fi) for a series of + * interchanges which lead to the fixing of problems with messages set + * to priorities of none and emerg. Also thanks to Juha for a patch + * to exclude users with a class of LOGIN from receiving messages. + * + * Shane Alderton provided an additional patch to fix zombies which + * were conceived when messages were written to multiple users. + * + * Mon Feb 6 09:57:10 CST 1995: Dr. Wettstein + * Patch to properly reset the single priority message flag. Thanks + * to Christopher Gori for spotting this bug and forwarding a patch. + * + * Wed Feb 22 15:38:31 CST 1995: Dr. Wettstein + * Added version information to startup messages. + * + * Added defines so that paths to important files are taken from + * the definitions in paths.h. Hopefully this will insure that + * everything follows the FSSTND standards. Thanks to Chris Metcalf + * for a set of patches to provide this functionality. Also thanks + * Elias Levy for prompting me to get these into the sources. + * + * Wed Jul 26 18:57:23 MET DST 1995: Martin Schulze + * Linux' gethostname only returns the hostname and not the fqdn as + * expected in the code. But if you call hostname with an fqdn then + * gethostname will return an fqdn, so we have to mention that. This + * has been changed. + * + * The 'LocalDomain' and the hostname of a remote machine is + * converted to lower case, because the original caused some + * inconsistency, because the (at least my) nameserver did respond an + * fqdn containing of upper- _and_ lowercase letters while + * 'LocalDomain' consisted only of lowercase letters and that didn't + * match. + * + * Sat Aug 5 18:59:15 MET DST 1995: Martin Schulze + * Now no messages that were received from any remote host are sent + * out to another. At my domain this missing feature caused ugly + * syslog-loops, sometimes. + * + * Remember that no message is sent out. I can't figure out any + * scenario where it might be useful to change this behavior and to + * send out messages to other hosts than the one from which we + * received the message, but I might be shortsighted. :-/ + * + * Thu Aug 10 19:01:08 MET DST 1995: Martin Schulze + * Added my pidfile.[ch] to it to perform a better handling with + * pidfiles. Now both, syslogd and klogd, can only be started + * once. They check the pidfile. + * + * Sun Aug 13 19:01:41 MET DST 1995: Martin Schulze + * Add an addition to syslog.conf's interpretation. If a priority + * begins with an exclamation mark ('!') the normal interpretation + * of the priority is inverted: ".!*" is the same as ".none", ".!=info" + * don't logs the info priority, ".!crit" won't log any message with + * the priority crit or higher. For example: + * + * mail.*;mail.!=info /usr/adm/mail + * + * Would log all messages of the facility mail except those with + * the priority info to /usr/adm/mail. This makes the syslogd + * much more flexible. + * + * Defined TABLE_ALLPRI=255 and changed some occurrences. + * + * Sat Aug 19 21:40:13 MET DST 1995: Martin Schulze + * Making the table of facilities and priorities while in debug + * mode more readable. + * + * If debugging is turned on, printing the whole table of + * facilities and priorities every hexadecimal or 'X' entry is + * now 2 characters wide. + * + * The number of the entry is prepended to each line of + * facilities and priorities, and F_UNUSED lines are not shown + * anymore. + * + * Corrected some #ifdef SYSV's. + * + * Mon Aug 21 22:10:35 MET DST 1995: Martin Schulze + * Corrected a strange behavior during parsing of configuration + * file. The original BSD syslogd doesn't understand spaces as + * separators between specifier and action. This syslogd now + * understands them. The old behavior caused some confusion over + * the Linux community. + * + * Thu Oct 19 00:02:07 MET 1995: Martin Schulze + * The default behavior has changed for security reasons. The + * syslogd will not receive any remote message unless you turn + * reception on with the "-r" option. + * + * Not defining SYSLOG_INET will result in not doing any network + * activity, i.e. not sending or receiving messages. I changed + * this because the old idea is implemented with the "-r" option + * and the old thing didn't work anyway. + * + * Thu Oct 26 13:14:06 MET 1995: Martin Schulze + * Added another logfile type F_FORW_UNKN. The problem I ran into + * was a name server that runs on my machine and a forwarder of + * kern.crit to another host. The hosts address can only be + * fetched using the nameserver. But named is started after + * syslogd, so syslogd complained. + * + * This logfile type will retry to get the address of the + * hostname ten times and then complain. This should be enough to + * get the named up and running during boot sequence. + * + * Fri Oct 27 14:08:15 1995: Dr. Wettstein + * Changed static array of logfiles to a dynamic array. This + * can grow during process. + * + * Fri Nov 10 23:08:18 1995: Martin Schulze + * Inserted a new tabular sys_h_errlist that contains plain text + * for error codes that are returned from the net subsystem and + * stored in h_errno. I have also changed some wrong lookups to + * sys_errlist. + * + * Wed Nov 22 22:32:55 1995: Martin Schulze + * Added the fabulous strip-domain feature that allows us to + * strip off (several) domain names from the fqdn and only log + * the simple hostname. This is useful if you're in a LAN that + * has a central log server and also different domains. + * + * I have also also added the -l switch do define hosts as + * local. These will get logged with their simple hostname, too. + * + * Thu Nov 23 19:02:56 MET DST 1995: Martin Schulze + * Added the possibility to omit fsyncing of logfiles after every + * write. This will give some performance back if you have + * programs that log in a very verbose manner (like innd or + * smartlist). Thanks to Stephen R. van den Berg <srb@cuci.nl> + * for the idea. + * + * Thu Jan 18 11:14:36 CST 1996: Dr. Wettstein + * Added patch from beta-testers to stop compile error. Also + * added removal of pid file as part of termination cleanup. + * + * Wed Feb 14 12:42:09 CST 1996: Dr. Wettstein + * Allowed forwarding of messages received from remote hosts to + * be controlled by a command-line switch. Specifying -h allows + * forwarding. The default behavior is to disable forwarding of + * messages which were received from a remote host. + * + * Parent process of syslogd does not exit until child process has + * finished initialization process. This allows rc.* startup to + * pause until syslogd facility is up and operating. + * + * Re-arranged the select code to move UNIX domain socket accepts + * to be processed later. This was a contributed change which + * has been proposed to correct the delays sometimes encountered + * when syslogd starts up. + * + * Minor code cleanups. + * + * Thu May 2 15:15:33 CDT 1996: Dr. Wettstein + * Fixed bug in init function which resulted in file descriptors + * being orphaned when syslogd process was re-initialized with SIGHUP + * signal. Thanks to Edvard Tuinder + * (Edvard.Tuinder@praseodymium.cistron.nl) for putting me on the + * trail of this bug. I am amazed that we didn't catch this one + * before now. + * + * Tue May 14 00:03:35 MET DST 1996: Martin Schulze + * Corrected a mistake that causes the syslogd to stop logging at + * some virtual consoles under Linux. This was caused by checking + * the wrong error code. Thanks to Michael Nonweiler + * <mrn20@hermes.cam.ac.uk> for sending me a patch. + * + * Mon May 20 13:29:32 MET DST 1996: Miquel van Smoorenburg <miquels@cistron.nl> + * Added continuation line supported and fixed a bug in + * the init() code. + * + * Tue May 28 00:58:45 MET DST 1996: Martin Schulze + * Corrected behavior of blocking pipes - i.e. the whole system + * hung. Michael Nonweiler <mrn20@hermes.cam.ac.uk> has sent us + * a patch to correct this. A new logfile type F_PIPE has been + * introduced. + * + * Mon Feb 3 10:12:15 MET DST 1997: Martin Schulze + * Corrected behavior of logfiles if the file can't be opened. + * There was a bug that causes syslogd to try to log into non + * existing files which ate cpu power. + * + * Sun Feb 9 03:22:12 MET DST 1997: Martin Schulze + * Modified syslogd.c to not kill itself which confuses bash 2.0. + * + * Mon Feb 10 00:09:11 MET DST 1997: Martin Schulze + * Improved debug code to decode the numeric facility/priority + * pair into textual information. + * + * Tue Jun 10 12:35:10 MET DST 1997: Martin Schulze + * Corrected freeing of logfiles. Thanks to Jos Vos <jos@xos.nl> + * for reporting the bug and sending an idea to fix the problem. + * + * Tue Jun 10 12:51:41 MET DST 1997: Martin Schulze + * Removed sleep(10) from parent process. This has caused a slow + * startup in former times - and I don't see any reason for this. + * + * Sun Jun 15 16:23:29 MET DST 1997: Michael Alan Dorman + * Some more glibc patches made by <mdorman@debian.org>. + * + * Thu Jan 1 16:04:52 CET 1998: Martin Schulze <joey@infodrom.north.de + * Applied patch from Herbert Thielen <Herbert.Thielen@lpr.e-technik.tu-muenchen.de>. + * This included some balance parentheses for emacs and a bug in + * the exclamation mark handling. + * + * Fixed small bug which caused syslogd to write messages to the + * wrong logfile under some very rare conditions. Thanks to + * Herbert Xu <herbert@gondor.apana.org.au> for fiddling this out. + * + * Thu Jan 8 22:46:35 CET 1998: Martin Schulze <joey@infodrom.north.de> + * Reworked one line of the above patch as it prevented syslogd + * from binding the socket with the result that no messages were + * forwarded to other hosts. + * + * Sat Jan 10 01:33:06 CET 1998: Martin Schulze <joey@infodrom.north.de> + * Fixed small bugs in F_FORW_UNKN mechanism. Thanks to Torsten + * Neumann <torsten@londo.rhein-main.de> for pointing me to it. + * + * Mon Jan 12 19:50:58 CET 1998: Martin Schulze <joey@infodrom.north.de> + * Modified debug output concerning remote reception. + * + * Mon Feb 23 23:32:35 CET 1998: Topi Miettinen <Topi.Miettinen@ml.tele.fi> + * Re-worked handling of Unix and UDP sockets to support closing / + * opening of them in order to have it open only if it is needed + * either for forwarding to a remote host or by reception from + * the network. + * + * Wed Feb 25 10:54:09 CET 1998: Martin Schulze <joey@infodrom.north.de> + * Fixed little comparison mistake that prevented the MARK + * feature to work properly. + * + * Wed Feb 25 13:21:44 CET 1998: Martin Schulze <joey@infodrom.north.de> + * Corrected Topi's patch as it prevented forwarding during + * startup due to an unknown LogPort. + * + * Sat Oct 10 20:01:48 CEST 1998: Martin Schulze <joey@infodrom.north.de> + * Added support for TESTING define which will turn syslogd into + * stdio-mode used for debugging. + * + * Sun Oct 11 20:16:59 CEST 1998: Martin Schulze <joey@infodrom.north.de> + * Reworked the initialization/fork code. Now the parent + * process activates a signal handler which the daughter process + * will raise if it is initialized. Only after that one the + * parent process may exit. Otherwise klogd might try to flush + * its log cache while syslogd can't receive the messages yet. + * + * Mon Oct 12 13:30:35 CEST 1998: Martin Schulze <joey@infodrom.north.de> + * Redirected some error output with regard to argument parsing to + * stderr. + * + * Mon Oct 12 14:02:51 CEST 1998: Martin Schulze <joey@infodrom.north.de> + * Applied patch provided vom Topi Miettinen with regard to the + * people from OpenBSD. This provides the additional '-a' + * argument used for specifying additional UNIX domain sockets to + * listen to. This is been used with chroot()'ed named's for + * example. See for http://www.psionic.com/papers/dns.html + * + * Mon Oct 12 18:29:44 CEST 1998: Martin Schulze <joey@infodrom.north.de> + * Added `ftp' facility which was introduced in glibc version 2. + * It's #ifdef'ed so won't harm with older libraries. + * + * Mon Oct 12 19:59:21 MET DST 1998: Martin Schulze <joey@infodrom.north.de> + * Code cleanups with regard to bsd -> posix transition and + * stronger security (buffer length checking). Thanks to Topi + * Miettinen <tom@medialab.sonera.net> + * . index() --> strchr() + * . sprintf() --> snprintf() + * . bcopy() --> memcpy() + * . bzero() --> memset() + * . UNAMESZ --> UT_NAMESIZE + * . sys_errlist --> strerror() + * + * Mon Oct 12 20:22:59 CEST 1998: Martin Schulze <joey@infodrom.north.de> + * Added support for setutent()/getutent()/endutent() instead of + * binary reading the UTMP file. This is the the most portable + * way. This allows /var/run/utmp format to change, even to a + * real database or utmp daemon. Also if utmp file locking is + * implemented in libc, syslog will use it immediately. Thanks + * to Topi Miettinen <tom@medialab.sonera.net>. + * + * Mon Oct 12 20:49:18 MET DST 1998: Martin Schulze <joey@infodrom.north.de> + * Avoid logging of SIGCHLD when syslogd is in the process of + * exiting and closing its files. Again thanks to Topi. + * + * Mon Oct 12 22:18:34 CEST 1998: Martin Schulze <joey@infodrom.north.de> + * Modified printline() to support 8bit characters - such as + * russian letters. Thanks to Vladas Lapinskas <lapinskas@mail.iae.lt>. + * + * Sat Nov 14 02:29:37 CET 1998: Martin Schulze <joey@infodrom.north.de> + * ``-m 0'' now turns of MARK logging entirely. + * + * Tue Jan 19 01:04:18 MET 1999: Martin Schulze <joey@infodrom.north.de> + * Finally fixed an error with `-a' processing, thanks to Topi + * Miettinen <tom@medialab.sonera.net>. + * + * Sun May 23 10:08:53 CEST 1999: Martin Schulze <joey@infodrom.north.de> + * Removed superfluous call to utmpname(). The path to the utmp + * file is defined in the used libc and should not be hardcoded + * into the syslogd binary referring the system it was compiled on. + * + * Sun Sep 17 20:45:33 CEST 2000: Martin Schulze <joey@infodrom.ffis.de> + * Fixed some bugs in printline() code that did not escape + * control characters '\177' through '\237' and contained a + * single-byte buffer overflow. Thanks to Solar Designer + * <solar@false.com>. + * + * Sun Sep 17 21:26:16 CEST 2000: Martin Schulze <joey@infodrom.ffis.de> + * Don't close open sockets upon reload. Thanks to Bill + * Nottingham. + * + * Mon Sep 18 09:10:47 CEST 2000: Martin Schulze <joey@infodrom.ffis.de> + * Fixed bug in printchopped() that caused syslogd to emit + * kern.emerg messages when splitting long lines. Thanks to + * Daniel Jacobowitz <dan@debian.org> for the fix. + * + * Mon Sep 18 15:33:26 CEST 2000: Martin Schulze <joey@infodrom.ffis.de> + * Removed unixm/unix domain sockets and switch to Datagram Unix + * Sockets. This should remove one possibility to play DoS with + * syslogd. Thanks to Olaf Kirch <okir@caldera.de> for the patch. + * + * Sun Mar 11 20:23:44 CET 2001: Martin Schulze <joey@infodrom.ffis.de> + * Don't return a closed fd if `-a' is called with a wrong path. + * Thanks to Bill Nottingham <notting@redhat.com> for providing + * a patch. |