From b9dc14cb020bdec5ce0fbace2fadce19c98d0501 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Tue, 10 Jul 2007 12:46:46 +0000 Subject: preparing for 1.15.1 release --- NEWS | 15 ++++- doc/features.html | 8 ++- doc/history.html | 154 ++++++++++++++++++++++++---------------------- doc/rsyslog_packages.html | 68 ++++++++++---------- doc/status.html | 10 +-- rsyslogd.8 | 26 ++------ 6 files changed, 148 insertions(+), 133 deletions(-) diff --git a/NEWS b/NEWS index 8a607d39..f9c9a968 100644 --- a/NEWS +++ b/NEWS @@ -1,7 +1,20 @@ --------------------------------------------------------------------------- -Version 1.15.1 (RGer), 2007-07-0? +Version 1.15.1 (RGer), 2007-07-10 - fixed a bug that caused a dynaFile selector to stall when there was an open error with one file +- improved template processing for dynaFiles; templates are now only + looked up during initialization - speeds up processing +- optimized memory layout in struct filed when compiled with MySQL + support +- fixed a bug that caused compilation without SYSLOG_INET to fail +- re-enabled the "last message repeated n times" feature. This + feature was not taken care of while rsyslogd evolved from sysklogd + and it was more or less defunct. Now it is fully functional again. +- added system properties: $NOW, $YEAR, $MONTH, $DAY, $HOUR, $MINUTE +- fixed a bug in iovAsString() that caused a memory leak under stress + conditions (most probably memory shortage). This was unlikely to + ever happen, but it doesn't hurt doing it right +- cosmetic: defined type "uchar", change all unsigned chars to uchar --------------------------------------------------------------------------- Version 1.15.0 (RGer), 2007-07-05 - added ability to dynamically generate file names based on templates diff --git a/doc/features.html b/doc/features.html index 7a690ae7..611e8403 100644 --- a/doc/features.html +++ b/doc/features.html @@ -50,8 +50,12 @@ at some time moved back to the sourceforge tracker.

create a plug-in-interface

implement native email-functionality in selector (probably best done as a plug-in)

port it to more *nix variants (eg AIX and HP UX) - this needs volunteers with access to those machines and - knowledge

support for native SSL enryption of plain tcp syslog sessions. This will - most probably happen based on syslog-transport-tls.

even more enhanced multi-threading

pcre filtering - maybe (depending on feedback) - simple regex already + knowledge

provide an on-disk queue for syslog messages; should be + combined with reliable delivery to the next hop

support for native SSL enryption of plain tcp syslog sessions. This will + most probably happen based on syslog-transport-tls.

even more enhanced multi-threading, + with a message queue for each selector line (when implementing this, search + for CHECKMULTIQUEUE comments in the source - they already contain hints of + what to look at).

pcre filtering - maybe (depending on feedback) - simple regex already partly added. So far, this seems sufficient so that there is no urgent

support for RFC 3195 as a sender - this is currently unlikely to happen, because there is no real demand for it. Any work on RFC 3195 has been suspend until we see some real interest in it. It is probably much better to use TCP-based syslog, diff --git a/doc/history.html b/doc/history.html index 91ee4909..02dec93c 100644 --- a/doc/history.html +++ b/doc/history.html @@ -1,75 +1,81 @@ - - -rsyslog history - - -

RSyslog - History

- -Rsyslog is a GPL-ed, enhanced syslogd. Among others, it offers support for -reliable syslog over TCP, writing to -MySQL databases and fully configurable output formats (including great timestamps). -Rsyslog was initiated by Rainer Gerhards. It has -been forked from the sysklogd standard package. -The goal of the -rsyslog project is to provide a more configurable and reliable -syslog deamon while retaining drop-in replacement capabilities for stock syslogd. By "reliable", we mean support for reliable transmission -modes like TCP or RFC 3195 (syslog-reliable). -We do NOT imply that the sysklogd package is unreliable. In fact, the -opposite is the case and we assume that for the time being the well-used -sysklogd package offers better program reliability than our -brand-new modifications to it. - -

The name "rsyslog" stems back to the -planned support for syslog-reliable. Ironically, the initial release -of rsyslog did NEITHER support syslog-reliable NOR tcp based syslog. -Instead, it contains enhanced configurability and other enhancements -(like database support). The reason for this is that full support for -RFC 3195 would require even more changes and especially fundamental architectural -changes. Also, questions asked on the loganalysis list and at other -places indicated that RFC3195 is NOT a prime priority for users, but -rather better control over the output format. So here we are, with -a rsyslod that covers a lot of enhancements, but not a single one -of these that made its name ;) Since version 0.9.2, receiving syslog messages -via plain tcp is finally supported, a bit later sending via TCP, too. Starting -with 1.11.0, RFC 3195 is finally support at the receiving side (a.k.a. "listener"). -Support for sending via RFC 3195 is still due. Anyhow, rsyslog has come much -closer to what it name promises.

-The next enhancement scheduled is support for the new syslog-protocol -internet draft format, not the least to see how easy/complicated it is -to implement. We already know that some subleties of syslog-protocol will -require at least one considerable architectural change to the syslogd -and this might delay things a little. Our immediate goal is to receive -feedback and get the bugs out of the current release. Only after that -we intend to advance the code and introduce new features. -

-The database support was included so that our web-based syslog interface -can be used. This is another open source project which can be found -under http://www.phplogcon.org. We highly recommend having a look at -it. It might not work for you if you expect thousands of messages per -second (because your database won't be able to provide adequate performance), -but in many cases it is a very handy analysis and troubleshooting tool. - -

Rsyslogd supports an enhanced syslog.conf file format, and also works -with the standard syslog.conf. In theory, it should be possible to simply replace -the syslogd binary with the one that comes with rsyslog. Of course, in order -to use any of the new features, you must re-write your syslog.conf. To learn -how to do this, please review our commented sample.conf -file. It outlines the enhancements over stock syslogd. -

If you are interested in the IHE -environment, you might be interested to hear that rsyslog supports message with -sizes of 32k and more. This feature has been tested, but by default is turned off -(as it has some memory footprint that we didn't want to put on users not -actually requiring it). Search the file syslogd.c and search for "IHE" - you -will find easy and precise instructions on what you need to change (it's just -one line of code!). Please note that RFC 3195/COOKED supports 1K message sizes -only. It'll probably support longer messages in the future, but it is our -believe that using larger messages with current RFC 3195 is a violation of the -standard.

Be sure to visit Rainer's syslog block -to get some more insight into the development of rsyslog and syslog in general.

Some useful links

the rsyslog change log

- + + +rsyslog history + + +

RSyslog - History

+ +Rsyslog is a GPL-ed, enhanced syslogd. Among others, it offers support for +reliable syslog over TCP, writing to +MySQL databases and fully configurable output formats (including great timestamps). +Rsyslog was initiated by Rainer Gerhards. It has +been forked from the sysklogd standard package. +The goal of the +rsyslog project is to provide a more configurable and reliable +syslog deamon while retaining drop-in replacement capabilities for stock syslogd. By "reliable", we mean support for reliable transmission +modes like TCP or RFC 3195 (syslog-reliable). +We do NOT imply that the sysklogd package is unreliable. In fact, the +opposite is the case and we assume that for the time being the well-used +sysklogd package offers better program reliability than our +brand-new modifications to it. + +

The name "rsyslog" stems back to the +planned support for syslog-reliable. Ironically, the initial release +of rsyslog did NEITHER support syslog-reliable NOR tcp based syslog. +Instead, it contains enhanced configurability and other enhancements +(like database support). The reason for this is that full support for +RFC 3195 would require even more changes and especially fundamental architectural +changes. Also, questions asked on the loganalysis list and at other +places indicated that RFC3195 is NOT a prime priority for users, but +rather better control over the output format. So here we are, with +a rsyslod that covers a lot of enhancements, but not a single one +of these that made its name ;) Since version 0.9.2, receiving syslog messages +via plain tcp is finally supported, a bit later sending via TCP, too. Starting +with 1.11.0, RFC 3195 is finally support at the receiving side (a.k.a. "listener"). +Support for sending via RFC 3195 is still due. Anyhow, rsyslog has come much +closer to what it name promises.

+The next enhancement scheduled is support for the new syslog-protocol +internet draft format, not the least to see how easy/complicated it is +to implement. We already know that some subleties of syslog-protocol will +require at least one considerable architectural change to the syslogd +and this might delay things a little. Our immediate goal is to receive +feedback and get the bugs out of the current release. Only after that +we intend to advance the code and introduce new features. +

+The database support was included so that our web-based syslog interface +can be used. This is another open source project which can be found +under http://www.phplogcon.org. We highly recommend having a look at +it. It might not work for you if you expect thousands of messages per +second (because your database won't be able to provide adequate performance), +but in many cases it is a very handy analysis and troubleshooting tool. + +

Rsyslogd supports an enhanced syslog.conf file format, and also works +with the standard syslog.conf. In theory, it should be possible to simply replace +the syslogd binary with the one that comes with rsyslog. Of course, in order +to use any of the new features, you must re-write your syslog.conf. To learn +how to do this, please review our commented sample.conf +file. It outlines the enhancements over stock syslogd. +

If you are interested in the IHE +environment, you might be interested to hear that rsyslog supports message with +sizes of 32k and more. This feature has been tested, but by default is turned off +(as it has some memory footprint that we didn't want to put on users not +actually requiring it). Search the file syslogd.c and search for "IHE" - you +will find easy and precise instructions on what you need to change (it's just +one line of code!). Please note that RFC 3195/COOKED supports 1K message sizes +only. It'll probably support longer messages in the future, but it is our +believe that using larger messages with current RFC 3195 is a violation of the +standard.

In June 2007, Peter Vrabec from Red Hat helped us to create +RPM files for Fedora as well as supporting IPv6. There also seemed to be some +interest from the Red Hat community. This interest and new ideas resulted in a +very busy time with many great additions.

In July 2007, Andrew +Pantyukhin added BSD ports files for rsyslog and liblogging. We were strongly +encouraged by this too. It looks like rsyslog is getting more and more momentum. +Let's see what comes next...

Be sure to visit Rainer's syslog block +to get some more insight into the development of rsyslog and syslog in general.

Some useful links

the rsyslog change log

+ \ No newline at end of file diff --git a/doc/rsyslog_packages.html b/doc/rsyslog_packages.html index 6bf03c5c..8cdd2e73 100644 --- a/doc/rsyslog_packages.html +++ b/doc/rsyslog_packages.html @@ -1,31 +1,37 @@ - - -rsyslog precompiled packages (RPM and such...) - - -

rsyslog packages

Thanks to some volunteers, rsyslog is also available in package form on -some distributions. All available packages are listed below. If you would -like to maintain a package for a new distribution, please mail me at -rgerhards@adiscon.com. Any help is *deeply* -appreciated. While I create the core daemon, the package maintainers are really -filling it with life, making it available to the average user. I am very -grateful for that!

This list has last been updated on 2006-09-26 by -Rainer Gerhards. -New packages may appear at any time, so be sure to check this page whenever you -need a new one.

CentOS 4.3

- -http://www.se-community.com/~james/rsyslog/

Maintained by James Bergamin.

Almost any Linux

Bennet Todd maintains packages that should work on almost any Linux. -He keeps a current i386 tree. There is also a PPC tree, but that one is not paid -much attention for (anyhow, it is known to typically work well, too).

Please visit -http://bent.latency.net/bent/, select the relevant tree and then do a search -for rsyslog.

- - - + + +rsyslog precompiled packages (RPM and such...) + + +

rsyslog packages

Thanks to some volunteers, rsyslog is also available in package form on +some distributions. All available packages are listed below. If you would +like to maintain a package for a new distribution, please mail me at +rgerhards@adiscon.com. Any help is *deeply* +appreciated. While I create the core daemon, the package maintainers are really +filling it with life, making it available to the average user. I am very +grateful for that!

This list has last been updated on 2007-07-06 by +Rainer Gerhards. +New packages may appear at any time, so be sure to check this page whenever you +need a new one.

Red Hat has recently begun to build RPMs for rsyslog. The URL changes, but a +good place to look for them is at +freshmeat's rsyslog info page.

BSD

Give +http://www.freshports.org/sysutils/rsyslog/ a try.

CentOS 4.3

+ +http://www.se-community.com/~james/rsyslog/

Maintained by James Bergamin.

Almost any Linux

Bennet Todd maintains packages that should work on almost any Linux. +He keeps a current i386 tree. There is also a PPC tree, but that one is not paid +much attention for (anyhow, it is known to typically work well, too).

Please visit +http://bent.latency.net/bent/, select the relevant tree and then do a search +for rsyslog.

+ + + diff --git a/doc/status.html b/doc/status.html index f3deafbf..ade8da15 100644 --- a/doc/status.html +++ b/doc/status.html @@ -4,12 +4,12 @@

rsyslog status page

This page reflects the status as of 2007-07-05.

This page reflects the status as of 2007-07-10.

Current Releases

development: 1.15.0 - change log - -download

stable: 1.0.4 - change log - -download

development: 1.15.1 - change log - +download

stable: 1.0.5 - change log - +download

(How are versions named?)

Do NOT use versions prior to 1.10.1 or 1.0.1, because they contain a SQL injection vulnerability (read diff --git a/rsyslogd.8 b/rsyslogd.8 index 5c8ec69d..a000b3fb 100644 --- a/rsyslogd.8 +++ b/rsyslogd.8 @@ -546,26 +546,12 @@ The file containing the process id of .BR rsyslogd . .PD .SH BUGS -This is an early release of -.B Rsyslogd . -As such, there are probably a number of bugs. Those that I know -are described in the file BUGS that came with the package. Be sure -to review it. - -If an error occurs in one line the whole rule is ignored. - -.B Rsyslogd -doesn't change the filemode of opened logfiles at any stage of -process. If a file is created it is world readable. If you want to -avoid this, you have to create it and change permissions on your own. -This could be done in combination with rotating logfiles using the -.BR savelog (8) -program that is shipped in the -.B smail -3.x distribution. Remember that it might be a security hole if -everybody is able to read auth.* messages as these might contain -passwords. -.LP +Please review the file BUGS for up-to-date information on known +bugs and annouyances. +.SH Further Information +Please visit +.BR http://www.rsyslog.com/doc +for additional information, tutorials and a support forum. .SH SEE ALSO .BR rsyslog.conf (5), .BR logger (1), -- cgit