Forensics

rsyslog v8.1903.0 releases: a Rocket-fast SYStem for LOG processing

do son March 5, 2019 No Comments rsyslog

Rsyslog

Rsyslog is a rocket-fast system for log processing.

rsyslog

It offers high-performance, great security features and a modular design. While it started as a regular syslogd, rsyslog has evolved into a kind of swiss army knife of logging, being able to accept inputs from a wide variety of sources, transform them, and output to the results to diverse destinations.

It can deliver over one million messages per second to local destinations when limited processing is applied (based on v7, December 2013). Even with remote destinations and more elaborate processing the performance is usually considered “stunning”.

It has a strong enterprise focus but also scales down to small systems. It supports, among others, MySQLPostgreSQLfailover log destinations, ElasticSearch, syslog/tcp transport, fine grain output format control, high precision timestamps, queued operations and the ability to filter on any message part.

Feature

  • Multi-threading
  • TCP, SSL, TLS, RELP
  • MySQL, PostgreSQL, Oracle and more
  • Filter any part of syslog message
  • Fully configurable output format
  • Suitable for enterprise-class relay chains

Changelog v8.1903.0

– improg: create input module to use external program as input datas
– omhttp: rewritten with large feature enhancements
Many thanks to Gabriel Intrator for this work. Gabriel also has adopted the
module and plans to support it in the future.
– TLS subsystem: add support for certless communication both openssl and GnuTLS drivers have been updated to support certless communications. In this case e.g. Diffie-Helman is used.
NOTE: this is an insecure mode, as it does NOT guard against
man-in-the-middle attacks. We implemented it because of the large demand,
not because we think it makes sense to use this mode. We strongly recommend
against it.
closes https://github.com/rsyslog/rsyslog/issues/1068
– imrelp/omrelp: add capability to specify tlslib for librelp
closes https://github.com/rsyslog/rsyslog/issues/3451
– build system: introduce a better way to handle compiler pragmas
we now use macros and _Pragma(). This requires less code lines and is more
portable.

More

Download & Use

Share