Rsyslog

Rsyslog is a rocket-fast system for log processing.

It offers high-performance, great security features and a modular design. While it started as a regular syslogd, rsyslog has evolved into a kind of swiss army knife of logging, being able to accept inputs from a wide variety of sources, transform them, and output to the results to diverse destinations.

It can deliver over one million messages per second to local destinations when limited processing is applied (based on v7, December 2013). Even with remote destinations and more elaborate processing the performance is usually considered “stunning”.

It has a strong enterprise focus but also scales down to small systems. It supports, among others, MySQL, PostgreSQL, failover log destinations, ElasticSearch, syslog/tcp transport, fine grain output format control, high precision timestamps, queued operations and the ability to filter on any message part.

Feature

• Multi-threading
• TCP, SSL, TLS, RELP
• MySQL, PostgreSQL, Oracle and more
• Filter any part of syslog message
• Fully configurable output format
• Suitable for enterprise-class relay chains

Changelog v8.1910.0

– 2019-10-01: core bugfix: incorrect error message on duplicate module load A Null-pointer was passed to printf instead of the module name.
On some platforms this may lead to a segfault. On most platforms printf check’s for NULL pointers and uses the string “(null)” instead. In any case, the module name is missing from the error message.
– 2019-10-01: imczmq nitfix: potential NULL ptr in printf on out-of-memory condition very unlikely to happen but if it does without any real issue on most platforms.
– 2019-10-01: work around some compiler warning messages induced by pthreads API
– 2019-10-01: core ratelimiting: more verbose message when rate-limiting happens
When messages are rate-limited, the error message now also contains the rate limiter setting. This enables the user to more quickly understand what the problem is (especially if default values apply).
Thanks to Jiri Vymazal for the patch.
– 2019-10-01: openssl TLS driver: do not emit unnecessary error message
On older openssl versions, an API was missing to set user-defined parameters. If we had such an older version, rsyslog emitted an error message even if the user did not configure such parameters. This has been corrected, so that a message is only emitted if there really is a problem. Based on user feedback the severity has also
been downgraded to “warning”.
– 2019-10-01: pmcisconames (contributed module) bugfix: potential misadressing
– 2019-09-30: pmaixforwardedfrom (contributed module) bugfix: potential misadressing
– 2019-09-30: pmdb2diag (contributed module) bugfix: Out of bounds issue
Add a new sanity check after determining the level len.
Thanks to Philippe Duveau for the patch.
see also: https://nvd.nist.gov/vuln/detail/CVE-2019-17040
– 2019-09-02: ability to set stricter TLS operation modes
– checking of extendedKeyUsage certificate field
– stricter checking of certificate name/adresses
Thanks to Jiri Vymazal for the patch.
– 2019-08-21: testbench: add basic test for immark
– 2019-08-20: core: do not unnecessarily set hostname on each HUP
– 2019-08-20: build system: support cross-platform build for mysql/mariadb
rsyslog fails to cross build from source, because it uses mysql_config and mysql_config is unfixably broken for cross compilation. It would be better to use pkg-config. The attached patch makes rsyslog try pkg-config first and fall back to mysql_config.
Thanks to Helmut Grohne for providing a base patch.
– 2019-08-20: core/tcpsrv: potential race on startup/shutdown
if the tcpsrv component is started and quickly terminated, it may hang for a short period of time. Also a very small amout of memory is leaked immediately before shutdown. While this leak is irrelevant in practice
(the OS clean up the process anyways), it leads to CI failures. The hang, however, can lead to longer than expected shutdown times for rsyslog. The problem can be experienced via imtcp, imgssapi and imdiag (users
of affected core component).

Download & Use

Copyright (C) Rainer Gerhards <rgerhards@adiscon.com> lead rsyslog developer