--------------------------------------------------------------------------- Version 6.4.2 [V6-STABLE] 2012-09-?? - bugfix: remove invalid socket option call from imuxsock Thanks to Cristian Ionescu-Idbohrn and Jonny Törnbom - bugfix: missing support for escape sequences in RainerScript only \' was supported. Now the usual set is supported. Note that v5 used \x as escape where x was any character (e.g. "\n" meant "n" and NOT LF). This also means there is some incompatibility to v5 for well-know sequences. Better break it now than later. --------------------------------------------------------------------------- Version 6.4.1 [V6-STABLE] 2012-09-06 - bugfix: multiple main queues with same queue file name were not detected This lead to queue file corruption. While the root cause is a config error, it is a bug that this important and hard to find config error was not detected by rsyslog. - bugfix: "jsonf" property replacer option did generate invalid JSON in JSON, we have "fieldname":"value", but the option emitted "fieldname"="value". Interestingly, this was accepted by a couple of sinks, most importantly elasticsearch. Now the correct format is emitted, which causes a remote chance that some things that relied on the wrong format will break. Thanks to Miloslav Trmač for the patch - change $!all-json did emit an empty (thus non-JSON) string if no libee data was present. It now emits {} and thus valid JSON. There is a small risk that this may break some things that relied on the previous inconsistency. Thanks to Miloslav Trmač for the patch - bugfix: omusrsmsg incorrect return state & config warning handling During config file processing, Omusrmsg often incorrectly returned a warning status, even when no warning was present (caused by uninitialized variable). Also, the core handled warning messages incorrectly, and treated them as errors. As a result, omusrmsg (most often) could not properly be loaded. Note that this only occurs with legacy config action syntax. This was a regression caused by an incorrect merge in to the 6.3.x codebase. Thanks to Stefano Mason for alerting us of this bug. - bugfix: Fixed TCP CheckConnection handling in omfwd.c. Interface needed to be changed in lower stream classes. Syslog TCP Sending is now resumed properly. Unfixed, that lead to non-detection of downstate of remote hosts. --------------------------------------------------------------------------- Version 6.4.0 [V6-STABLE] 2012-08-20 - THIS IS THE FIRST VERSION OF THE 6.4.x STABLE BRANCH It includes all enhancements made in 6.3.x plus what is written in the ChangeLog below. - omelasticsearch: support for parameters parent & dynparent added - bugfix: imtcp aborted when more than 2 connections were used. Incremented pthread stack size to 4MB for imtcp, imptcp and imttcp closes: http://bugzilla.adiscon.com/show_bug.cgi?id=342 - bugfix: imptcp aborted when $InputPTCPServerBindRuleset was used - bugfix: problem with cutting first 16 characters from message with bAnnotate Thanks to Milan Bartos for the patch. --------------------------------------------------------------------------- Version 6.3.12 [BETA] 2012-07-02 - support for elasticsearch via omelasticsearch added Note that this module has been tested quite well by a number of folks, and this is why we merge in new functionality in a late beta stage. Even if problems would exist, only users of omelasticsearch would experience them, making it a pretty safe addition. - bugfix: $ActionName was not properly honored Thanks to Abby Edwards for alerting us --------------------------------------------------------------------------- Version 6.3.11 [BETA] 2012-06-18 - bugfix: expression-based filters with AND/OR could segfault due to a problem with boolean shortcut operations. From the user's perspective, the segfault is almost non-deterministic (it occurs when a shortcut is used). Thanks to Lars Peterson for providing the initial bug report and his support in solving it. - bugfix: "last message repeated n times" message was missing hostname Thanks to Zdenek Salvet for finding this bug and to Bodik for reporting --------------------------------------------------------------------------- Version 6.3.10 [BETA] 2012-06-04 - bugfix: delayble source could block action queue, even if there was a disk queue associated with it. The root cause of this problem was that it makes no sense to delay messages once they arrive in the action queue - the "input" that is being held in that case is the main queue worker, what makes no sense. Thanks to Marcin for alerting us on this problem and providing instructions to reproduce it. - bugfix: invalid free in imptcp could lead to abort during startup - bugfix: if debug message could end up in log file when forking if rsyslog was set to auto-background (thus fork, the default) and debug mode to stdout was enabled, debug messages ended up in the first log file opened. Currently, stdout logging is completely disabled in forking mode (but writing to the debug log file is still possible). This is a change in behaviour, which is under review. If it causes problems to you, please let us know. Thanks to Tomas Heinrich for the patch. - bugfix: --enable-smcustbindcdr configure directive did not work closes: http://bugzilla.adiscon.com/show_bug.cgi?id=330 Thanks to Ultrabug for the patch. - bugfix: made rsyslog compile when libestr ist not installed in /usr Thanks to Miloslav Trmač for providing patches and suggestions --------------------------------------------------------------------------- Version 6.3.9 [BETA] 2012-05-22 - bugfix: imtcp could cause hang during reception this also applied to other users of core file tcpsrv.c, but imtcp was by far the most prominent and widely-used, the rest rather exotic (like imdiag) - added capability to specify substrings for field extraction mode - added the "jsonf" property replacer option (and fieldname) - bugfix: omudpspoof did not work correctly if no spoof hostname was configured - bugfix: property replacer option "json" could lead to content loss message was truncated if escaping was necessary - bugfix: assigned ruleset was lost when using disk queues This looked quite hard to diagnose for disk-assisted queues, as the pure memory part worked well, but ruleset info was lost for messages stored inside the disk queue. - bugfix/imuxsock: solving abort if hostname was not set; configured hostname was not used (both merge regressions) -bugfix/omfile: template action parameter was not accepted (and template name set to "??" if the parameter was used) Thanks to Brian Knox for alerting us on this bug. - bugfix: ommysql did not properly init/exit the mysql runtime library this could lead to segfaults. Triggering condition: multiple action instances using ommysql. Thanks to Tomas Heinrich for reporting this problem and providing an initial patch (which my solution is based on, I need to add more code to clean the mess up). - bugfix: rsyslog did not terminate when delayable inputs were blocked due to unvailable sources. Fixes: http://bugzilla.adiscon.com/show_bug.cgi?id=299 Thanks to Marcin M for bringing up this problem and Andre Lorbach for helping to reproduce and fix it. - added capability to specify substrings for field extraction mode - bugfix: disk queue was not persisted on shutdown, regression of fix to http://bugzilla.adiscon.com/show_bug.cgi?id=299 The new code also handles the case of shutdown of blocking light and full delayable sources somewhat smarter and permits, assuming sufficient timouts, to persist message up to the max queue capacity. Also some nits in debug instrumentation have been fixed. --------------------------------------------------------------------------- Version 6.3.8 [DEVEL] 2012-04-16 - added $PStatJSON directive to permit stats records in JSON format - added "date-unixtimestamp" property replacer option to format as a unix timestamp (seconds since epoch) - added "json" property replacer option to support JSON encoding on a per-property basis - added omhiredis (contributed module) - added mmjsonparse to support recognizing and parsing JSON enhanced syslog messages - upgraded more plugins to support the new v6 config format: - ommysql - omlibdbi - omsnmp - added configuration directives to customize queue light delay marks $MainMsgQueueLightDelayMark, $ActionQueueLightDelayMark; both specify number of messages starting at which a delay happens. - added message property parsesuccess to indicate if the last run higher-level parser could successfully parse the message or not (see property replacer html doc for details) - bugfix: abort during startup when rsyslog.conf v6+ format was used in a certain way - bugfix: property $!all-json made rsyslog abort if no normalized data was available - bugfix: memory leak in array passing output module mode - added configuration directives to customize queue light delay marks - permit size modifiers (k,m,g,...) in integer config parameters Thanks to Jo Rhett for the suggestion. - bugfix: hostname was not requeried on HUP Thanks to Per Jessen for reporting this bug and Marius Tomaschewski for his help in testing the fix. - bugfix: imklog invalidly computed facility and severity closes: http://bugzilla.adiscon.com/show_bug.cgi?id=313 - added configuration directive to disable octet-counted framing for imtcp, directive is $InputTCPServerSupportOctetCountedFraming for imptcp, directive is $InputPTCPServerSupportOctetCountedFraming - added capability to use a local interface IP address as fromhost-ip for locally originating messages. New directive $LocalHostIPIF --------------------------------------------------------------------------- Version 6.3.7 [DEVEL] 2012-02-02 - imported refactored v5.9.6 imklog linux driver, now combined with BSD driver - removed imtemplate/omtemplate template modules, as this was waste of time The actual input/output modules are better copy templates. Instead, the now-removed modules cost time for maintenance AND often caused confusion on what their role was. - added a couple of new stats objects - improved support for new v6 config system. The build-in output modules now all support the new config language - bugfix: facility local was not correctly interpreted in legacy filters Was only accepted if it was the first PRI in a multi-filter PRI. Thanks to forum user Mark for bringing this to our attention. - bugfix: potential abort after reading invalid X.509 certificate closes: http://bugzilla.adiscon.com/show_bug.cgi?id=290 Thanks to Tomas Heinrich for the patch - bufgix: legacy parsing of some filters did not work correctly - bugfix: rsyslog aborted during startup if there is an error in loading an action and legacy configuration mode is used - bugfix: bsd klog driver did no longer compile - relicensed larger parts of the code under Apache (ASL) 2.0 --------------------------------------------------------------------------- Version 6.3.6 [DEVEL] 2011-09-19 - added $InputRELPServerBindRuleset directive to specify rulesets for RELP - bugfix: config parser did not support properties with dashes in them inside property-based filters. Thanks to Gerrit Seré for reporting this. --------------------------------------------------------------------------- Version 6.3.5 [DEVEL] (rgerhards/al), 2011-09-01 - bugfix/security: off-by-two bug in legacy syslog parser, CVE-2011-3200 - bugfix: mark message processing did not work correctly - imudp&imtcp now report error if no listener at all was defined Thanks to Marcin for suggesting this error message. - bugfix: potential misadressing in property replacer --------------------------------------------------------------------------- Version 6.3.4 [DEVEL] (rgerhards), 2011-08-02 - added support for action() config object * in rsyslog core engine * in omfile * in omusrmsg - bugfix: omusrmsg format usr1,usr2 was no longer supported - bugfix: misaddressing in config handler In theory, can cause segfault, in practice this is extremely unlikely Thanks to Marcin for alertig me. --------------------------------------------------------------------------- Version 6.3.3 [DEVEL] (rgerhards), 2011-07-13 - rsyslog.conf format: now parsed by RainerScript parser this provides the necessary base for future enhancements as well as some minor immediate ones. For details see: http://blog.gerhards.net/2011/07/rsyslog-633-config-format-improvements.html - performance of script-based filters notably increased - removed compatibility mode as we expect people have adjusted their confs by now - added support for the ":omfile:" syntax for actions --------------------------------------------------------------------------- Version 6.3.2 [DEVEL] (rgerhards), 2011-07-06 - added support for the ":omusrmsg:" syntax in configuring user messages - systemd support: set stdout/stderr to null - thx to Lennart for the patch - added support for obtaining timestamp for kernel message from message If the kernel time-stamps messages, time is now take from that timestamp instead of the system time when the message was read. This provides much better accuracy. Thanks to Lennart Poettering for suggesting this feature and his help during implementation. - added support for obtaining timestamp from system for imuxsock This permits to read the time a message was submitted to the system log socket. Most importantly, this is provided in microsecond resolution. So we are able to obtain high precision timestampis even for messages that were - as is usual - not formatted with them. This also simplifies things in regard to local time calculation in chroot environments. Many thanks to Lennart Poettering for suggesting this feature, providing some guidance on implementing it and coordinating getting the necessary support into the Linux kernel. - bugfix: timestamp was incorrectly calculated for timezones with minute offset closes: http://bugzilla.adiscon.com/show_bug.cgi?id=271 - bugfix: memory leak in imtcp & subsystems under some circumstances This leak is tied to error conditions which lead to incorrect cleanup of some data structures. --------------------------------------------------------------------------- Version 6.3.1 [DEVEL] (rgerhards), 2011-06-07 - added a first implementation of a DNS name cache this still has a couple of weaknesses, like no expiration of entries, suboptimal algorithms -- but it should perform much better than what we had previously. Implementation will be improved based on feedback during the next couple of releases --------------------------------------------------------------------------- Version 6.3.0 [DEVEL] (rgerhards), 2011-06-01 - introduced new config system http://blog.gerhards.net/2011/06/new-rsyslog-config-system-materializes.html --------------------------------------------------------------------------- Version 6.2.2 [v6-stable], 2012-06-13 - build system improvements and spec file templates Thanks to Abby Edwards for providing these enhancements - bugfix: disk queue was not persisted on shutdown, regression of fix to http://bugzilla.adiscon.com/show_bug.cgi?id=299 The new code also handles the case of shutdown of blocking light and full delayable sources somewhat smarter and permits, assuming sufficient timouts, to persist message up to the max queue capacity. Also some nits in debug instrumentation have been fixed. - bugfix: --enable-smcustbindcdr configure directive did not work closes: http://bugzilla.adiscon.com/show_bug.cgi?id=330 Thanks to Ultrabug for the patch. - add small delay (50ms) after sending shutdown message There seem to be cases where the shutdown message is otherwise not processed, not even on an idle system. Thanks to Marcin for bringing this problem up. - support for resolving huge groups closes: http://bugzilla.adiscon.com/show_bug.cgi?id=310 Thanks to Alec Warner for the patch - bugfix: potential hang due to mutex deadlock closes: http://bugzilla.adiscon.com/show_bug.cgi?id=316 Thanks to Andreas Piesk for reporting&analyzing this bug as well as providing patches and other help in resolving it. - bugfix: property PROCID empty instead of proper nilvalue if not present If it is not present, it must have the nilvalue "-" as of RFC5424 closes: http://bugzilla.adiscon.com/show_bug.cgi?id=332 Thanks to John N for reporting this issue. - bugfix: did not compile under solaris due to $uptime property code For the time being, $uptime is not supported on Solaris - bugfix: "last message repeated n times" message was missing hostname Thanks to Zdenek Salvet for finding this bug and to Bodik for reporting --------------------------------------------------------------------------- Version 6.2.1 [v6-stable], 2012-05-10 - change plugin config interface to be compatible with pre-v6.2 system The functionality was already removed (because it is superseeded by the v6.3+ config language), but code was still present. I have now removed those parts that affect interface. Full removal will happen in v6.3, in order to limit potential regressions. However, it was considered useful enough to do the interface change in v6-stable; this also eases merging branches! - re-licensed larger parts of the codebase under the Apache license 2.0 - bugfix: omprog made rsyslog abort on startup if not binary to execute was configured - bugfix: imklog invalidly computed facility and severity closes: http://bugzilla.adiscon.com/show_bug.cgi?id=313 - bugfix: stopped DA queue was never processed after a restart due to a regression from statistics module - bugfix: memory leak in array passing output module mode - bugfix: ommysql did not properly init/exit the mysql runtime library this could lead to segfaults. Triggering condition: multiple action instances using ommysql. Thanks to Tomas Heinrich for reporting this problem and providing an initial patch (which my solution is based on, I need to add more code to clean the mess up). - bugfix: rsyslog did not terminate when delayable inputs were blocked due to unvailable sources. Fixes: http://bugzilla.adiscon.com/show_bug.cgi?id=299 Thanks to Marcin M for bringing up this problem and Andre Lorbach for helping to reproduce and fix it. - bugfix/tcpflood: sending small test files did not work correctly --------------------------------------------------------------------------- Version 6.2.0 [v6-stable], 2012-01-09 - bugfix (kind of): removed numerical part from pri-text see v6 compatibility document for reasons - bugfix: race condition when extracting program name, APPNAME, structured data and PROCID (RFC5424 fields) could lead to invalid characters e.g. in dynamic file names or during forwarding (general malfunction of these fields in templates, mostly under heavy load) - bugfix: imuxsock did no longer ignore message-provided timestamp, if so configured (the *default*). Lead to no longer sub-second timestamps. closes: http://bugzilla.adiscon.com/show_bug.cgi?id=281 - bugfix: omfile returns fatal error code for things that go really wrong previously, RS_RET_RESUME was returned, which lead to a loop inside the rule engine as omfile could not really recover. - bugfix: rsyslogd -v always said 64 atomics were not present thanks to mono_matsuko for the patch - bugfix: potential abort after reading invalid X.509 certificate closes: http://bugzilla.adiscon.com/show_bug.cgi?id=290 Thanks to Tomas Heinrich for the patch - enhanced module loader to not rely on PATH_MAX - imuxsock: added capability to "annotate" messages with "trusted information", which contains some properties obtained from the system and as such sure to not be faked. This is inspired by the similiar idea introduced in systemd. --------------------------------------------------------------------------- Version 6.1.12 [BETA], 2011-09-01 - bugfix/security: off-by-two bug in legacy syslog parser, CVE-2011-3200 - bugfix: mark message processing did not work correctly - bugfix: potential misadressing in property replacer - bugfix: memcpy overflow can occur in allowed sender checkig if a name is resolved to IPv4-mapped-on-IPv6 address Found by Ismail Dönmez at suse - bugfix: The NUL-Byte for the syslogtag was not copied in MsgDup (msg.c) - bugfix: fixed incorrect state handling for Discard Action (transactions) Note: This caused all messages in a batch to be set to COMMITTED, even if they were discarded. --------------------------------------------------------------------------- Version 6.1.11 [BETA] (rgerhards), 2011-07-11 - systemd support: set stdout/stderr to null - thx to Lennart for the patch - added support for the ":omusrmsg:" syntax in configuring user messages - added support for the ":omfile:" syntax in configuring user messages --------------------------------------------------------------------------- Version 6.1.10 [BETA] (rgerhards), 2011-06-22 - bugfix: problems in failover action handling closes: http://bugzilla.adiscon.com/show_bug.cgi?id=270 closes: http://bugzilla.adiscon.com/show_bug.cgi?id=254 - bugfix: mutex was invalidly left unlocked during action processing At least one case where this can occur is during thread shutdown, which may be initiated by lower activity. In most cases, this is quite unlikely to happen. However, if it does, data structures may be corrupted which could lead to fatal failure and segfault. I detected this via a testbench test, not a user report. But I assume that some users may have had unreproducable aborts that were cause by this bug. --------------------------------------------------------------------------- Version 6.1.9 [BETA] (rgerhards), 2011-06-14 - bugfix: problems in failover action handling closes: http://bugzilla.adiscon.com/show_bug.cgi?id=270 closes: http://bugzilla.adiscon.com/show_bug.cgi?id=254 - bugfix: mutex was invalidly left unlocked during action processing At least one case where this can occur is during thread shutdown, which may be initiated by lower activity. In most cases, this is quite unlikely to happen. However, if it does, data structures may be corrupted which could lead to fatal failure and segfault. I detected this via a testbench test, not a user report. But I assume that some users may have had unreproducable aborts that were cause by this bug. - bugfix/improvement:$WorkDirectory now gracefully handles trailing slashes - bugfix: memory leak in imtcp & subsystems under some circumstances This leak is tied to error conditions which lead to incorrect cleanup of some data structures. [backport from v6.3] - bugfix: $ActionFileDefaultTemplate did not work closes: http://bugzilla.adiscon.com/show_bug.cgi?id=262 --------------------------------------------------------------------------- Version 6.1.8 [BETA] (rgerhards), 2011-05-20 - official new beta version (note that in a sense 6.1.7 was already beta, so we may release the first stable v6 earlier than usual) - new module mmsnmptrapd, a sample message modification module - import of minor bug fixes from v4 & v5 --------------------------------------------------------------------------- Version 6.1.7 [DEVEL] (rgerhards), 2011-04-15 - added log classification capabilities (via mmnormalize & tags) - speeded up tcp forwarding by reducing number of API calls this especially speeds up TLS processing - somewhat improved documentation index - bugfix: enhanced imudp config processing code disabled due to wrong merge (affected UDP realtime capabilities) - bugfix (kind of): memory leak with tcp reception epoll handler This was an extremely unlikely leak and, if it happend, quite small. Still it is better to handle this border case. - bugfix: IPv6-address could not be specified in omrelp this was due to improper parsing of ":" closes: http://bugzilla.adiscon.com/show_bug.cgi?id=250 - bugfix: do not open files with full privileges, if privs will be dropped This make the privilege drop code more bulletproof, but breaks Ubuntu's work-around for log files created by external programs with the wrong user and/or group. Note that it was long said that this "functionality" would break once we go for serious privilege drop code, so hopefully nobody still depends on it (and, if so, they lost...). - bugfix: pipes not opened in full priv mode when privs are to be dropped --------------------------------------------------------------------------- Version 6.1.6 [DEVEL] (rgerhards), 2011-03-14 - enhanced omhdfs to support batching mode. This permits to increase performance, as we now call the HDFS API with much larger message sizes and far more infrequently - improved testbench among others, life tests for ommysql (against a test database) have been added, valgrind-based testing enhanced, ... - bugfix: minor memory leak in omlibdbi (< 1k per instance and run) - bugfix: (regression) omhdfs did no longer compile - bugfix: omlibdbi did not use password from rsyslog.con closes: http://bugzilla.adiscon.com/show_bug.cgi?id=203 - systemd support somewhat improved (can now take over existing log sockt) - bugfix: discard action did not work under some circumstances fixes: http://bugzilla.adiscon.com/show_bug.cgi?id=217 - bugfix: file descriptor leak in gnutls netstream driver fixes: http://bugzilla.adiscon.com/show_bug.cgi?id=222 - fixed compile problem in imtemplate fixes: http://bugzilla.adiscon.com/show_bug.cgi?id=235 --------------------------------------------------------------------------- Version 6.1.5 [DEVEL] (rgerhards), 2011-03-04 - improved testbench - enhanced imtcp to use a pool of worker threads to process incoming messages. This enables higher processing rates, especially in the TLS case (where more CPU is needed for the crypto functions) - added support for TLS (in anon mode) to tcpflood - improved TLS error reporting - improved TLS startup (Diffie-Hellman bits do not need to be generated, as we do not support full anon key exchange -- we always need certs) - bugfix: fixed a memory leak and potential abort condition this could happen if multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. fixes: http://bugzilla.adiscon.com/show_bug.cgi?id=226 fixes: http://bugzilla.adiscon.com/show_bug.cgi?id=218 - bugfix: memory leak when $RepeatedMsgReduction on was used bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=225 - bugfix: potential abort condition when $RepeatedMsgReduction set to on as well as potentially in a number of other places where MsgDup() was used. This only happened when the imudp input module was used and it depended on name resolution not yet had taken place. In other words, this was a strange problem that could lead to hard to diagnose instability. So if you experience instability, chances are good that this fix will help. --------------------------------------------------------------------------- Version 6.1.4 [DEVEL] (rgerhards), 2011-02-18 - bugfix/omhdfs: directive $OMHDFSFileName rendered unusable due to a search and replace-induced bug ;) - bugfix: minor race condition in action.c - considered cosmetic This is considered cosmetic as multiple threads tried to write exactly the same value into the same memory location without sync. The method has been changed so this can no longer happen. - added pmsnare parser module (written by David Lang) - enhanced imfile to support non-cancel input termination - improved systemd socket activation thanks to Marius Tomaschweski - improved error reporting for $WorkDirectory non-existance and other detectable problems are now reported, and the work directory is NOT set in this case - bugfix: pmsnare causded abort under some conditions - bugfix: abort if imfile reads file line of more than 64KiB Thanks to Peter Eisentraut for reporting and analysing this problem. bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=221 - bugfix: queue engine did not properly slow down inputs in FULL_DELAY mode when in disk-assisted mode. This especially affected imfile, which created unnecessarily queue files if a large set of input file data was to process. - bugfix: very long running actions could prevent shutdown under some circumstances. This has now been solved, at least for common situations. - bugfix: fixed compile problem due to empty structs this occured only on some platforms/compilers. thanks to Dražen Kačar for the fix --------------------------------------------------------------------------- Version 6.1.3 [DEVEL] (rgerhards), 2011-02-01 - experimental support for monogodb added - added $IMUDPSchedulingPolicy and $IMUDPSchedulingPriority config settings - added $LocalHostName config directive - improved tcpsrv performance by enabling multiple-entry epoll so far, we always pulled a single event from the epoll interface. Now 128, what should result in performance improvement (less API calls) on busy systems. Most importantly affects imtcp. - imptcp now supports non-cancel termination mode, a plus in stability - imptcp speedup: multiple worker threads can now be used to read data - new directive $InputIMPTcpHelperThreads added - bugfix: fixed build problems on some platforms namely those that have 32bit atomic operations but not 64 bit ones - bugfix: local hostname was pulled too-early, so that some config directives (namely FQDN settings) did not have any effect - enhanced tcpflood to support multiple sender threads this is required for some high-throughput scenarios (and necessary to run some performance tests, because otherwise the sender is too slow). - added some new custom parsers (snare, aix, some Cisco "specialities") thanks to David Lang --------------------------------------------------------------------------- Version 6.1.2 [DEVEL] (rgerhards), 2010-12-16 - added experimental support for log normalizaton (via liblognorm) support for normalizing log messages has been added in the form of mmnormalize. The core engine (property replacer, filter engine) has been enhanced to support properties from normalized events. Note: this is EXPERIMENTAL code. It is currently know that there are issues if the functionality is used with - disk-based queues - asynchronous action queues You can not use the new functionality together with these features. This limitation will be removed in later releases. However, we preferred to release early, so that one can experiment with the new feature set and accepted the price that this means the full set of functionality is not yet available. If not used together with these features, log normalizing should be pretty stable. - enhanced testing tool tcpflood now supports sending via UDP and the capability to run multiple iterations and generate statistics data records - bugfix: potential abort when output modules with different parameter passing modes were used in configured output modules --------------------------------------------------------------------------- Version 6.1.1 [DEVEL] (rgerhards), 2010-11-30 - bugfix(important): problem in TLS handling could cause rsyslog to loop in a tight loop, effectively disabling functionality and bearing the risk of unresponsiveness of the whole system. Bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=194 - support for omhdfs officially added (import from 5.7.1) - merged imuxsock improvements from 5.7.1 (see there) - support for systemd officially added (import from 5.7.0) - bugfix: a couple of problems that imfile had on some platforms, namely Ubuntu (not their fault, but occured there) - bugfix: imfile utilizes 32 bit to track offset. Most importantly, this problem can not experienced on Fedora 64 bit OS (which has 64 bit long's!) - a number of other bugfixes from older versions imported --------------------------------------------------------------------------- Version 6.1.0 [DEVEL] (rgerhards), 2010-08-12 *********************************** NOTE ********************************** The v6 versions of rsyslog feature a greatly redesigned config system which, among others, supports scoping. However, the initial version does not contain the whole new system. Rather it will evolve. So it is expected that interfaces, even new ones, break during the initial 6.x.y releases. *********************************** NOTE ********************************** - added $Begin, $End and $ScriptScoping config scope statments (at this time for actions only). - added imptcp, a simplified, Linux-specific and potentielly fast syslog plain tcp input plugin (NOT supporting TLS!) [ported from v4] --------------------------------------------------------------------------- Version 5.10.1 [V5-STABLE], 2012-0?-?? - bugfix: invalid property name in property-filter could cause abort if action chaining (& operator) was used http://bugzilla.adiscon.com/show_bug.cgi?id=355 Thanks to pilou@gmx.com for the bug report - bugfix: remove invalid socket option call from imuxsock Thanks to Cristian Ionescu-Idbohrn and Jonny Törnbom --------------------------------------------------------------------------- Version 5.10.0 [V5-STABLE], 2012-08-23 NOTE: this is the new rsyslog v5-stable, incorporating all changes from the 5.9.x series. In addition to that, it contains the fixes and enhancements listed below in this entry. - bugfix: delayble source could block action queue, even if there was a disk queue associated with it. The root cause of this problem was that it makes no sense to delay messages once they arrive in the action queue - the "input" that is being held in that case is the main queue worker, what makes no sense. Thanks to Marcin for alerting us on this problem and providing instructions to reproduce it. - bugfix: disk queue was not persisted on shutdown, regression of fix to http://bugzilla.adiscon.com/show_bug.cgi?id=299 The new code also handles the case of shutdown of blocking light and full delayable sources somewhat smarter and permits, assuming sufficient timouts, to persist message up to the max queue capacity. Also some nits in debug instrumentation have been fixed. - add small delay (50ms) after sending shutdown message There seem to be cases where the shutdown message is otherwise not processed, not even on an idle system. Thanks to Marcin for bringing this problem up. - support for resolving huge groups closes: http://bugzilla.adiscon.com/show_bug.cgi?id=310 Thanks to Alec Warner for the patch - bugfix: potential hang due to mutex deadlock closes: http://bugzilla.adiscon.com/show_bug.cgi?id=316 Thanks to Andreas Piesk for reporting&analyzing this bug as well as providing patches and other help in resolving it. - bugfix: property PROCID empty instead of proper nilvalue if not present If it is not present, it must have the nilvalue "-" as of RFC5424 closes: http://bugzilla.adiscon.com/show_bug.cgi?id=332 Thanks to John N for reporting this issue. - bugfix: "last message repeated n times" message was missing hostname Thanks to Zdenek Salvet for finding this bug and to Bodik for reporting - bugfix: multiple main queues with same queue file name was not detected This lead to queue file corruption. While the root cause is a config error, it is a bug that this important and hard to find config error was not detected by rsyslog. --------------------------------------------------------------------------- Version 5.9.7 [V5-BETA], 2012-05-10 - added capability to specify substrings for field extraction mode - bugfix: ommysql did not properly init/exit the mysql runtime library this could lead to segfaults. Triggering condition: multiple action instances using ommysql. Thanks to Tomas Heinrich for reporting this problem and providing an initial patch (which my solution is based on, I need to add more code to clean the mess up). - bugfix: rsyslog did not terminate when delayable inputs were blocked due to unvailable sources. Fixes: http://bugzilla.adiscon.com/show_bug.cgi?id=299 Thanks to Marcin M for bringing up this problem and Andre Lorbach for helping to reproduce and fix it. - bugfix/tcpflood: sending small test files did not work correctly --------------------------------------------------------------------------- Version 5.9.6 [V5-BETA], 2012-04-12 - added configuration directives to customize queue light delay marks - permit size modifiers (k,m,g,...) in integer config parameters Thanks to Jo Rhett for the suggestion. - bugfix: hostname was not requeried on HUP Thanks to Per Jessen for reporting this bug and Marius Tomaschewski for his help in testing the fix. - bugfix: imklog invalidly computed facility and severity closes: http://bugzilla.adiscon.com/show_bug.cgi?id=313 - bugfix: imptcp input name could not be set config directive was accepted, but had no effect - added configuration directive to disable octet-counted framing for imtcp, directive is $InputTCPServerSupportOctetCountedFraming for imptcp, directive is $InputPTCPServerSupportOctetCountedFraming - added capability to use a local interface IP address as fromhost-ip for locally originating messages. New directive $LocalHostIPIF - added configuration directives to customize queue light delay marks $MainMsgQueueLightDelayMark, $ActionQueueLightDelayMark; both specify number of messages starting at which a delay happens. --------------------------------------------------------------------------- Version 5.9.5 [V5-DEVEL], 2012-01-27 - improved impstats subsystem, added many new counters - enhanced module loader to not rely on PATH_MAX - refactored imklog linux driver, now combined with BSD driver The Linux driver no longer supports outdated kernel symbol resolution, which was disabled by default for very long. Also overall cleanup, resulting in much smaller code. Linux and BSD are now covered by a single small driver. - $IMUXSockRateLimitInterval DEFAULT CHANGED, was 5, now 0 The new default turns off rate limiting. This was chosen as people experienced problems with rate-limiting activated by default. Now it needs an explicit opt-in by setting this parameter. Thanks to Chris Gaffney for suggesting to make it opt-in; thanks to many unnamed others who already had complained at the time Chris made the suggestion ;-) --------------------------------------------------------------------------- Version 5.9.4 [V5-DEVEL], 2011-11-29 - imuxsock: added capability to "annotate" messages with "trusted information", which contains some properties obtained from the system and as such sure to not be faked. This is inspired by the similiar idea introduced in systemd. - removed dependency on gcrypt for recently-enough GnuTLS see: http://bugzilla.adiscon.com/show_bug.cgi?id=289 - bugfix: imuxsock did no longer ignore message-provided timestamp, if so configured (the *default*). Lead to no longer sub-second timestamps. closes: http://bugzilla.adiscon.com/show_bug.cgi?id=281 - bugfix: omfile returns fatal error code for things that go really wrong previously, RS_RET_RESUME was returned, which lead to a loop inside the rule engine as omfile could not really recover. - bugfix: rsyslogd -v always said 64 atomics were not present thanks to mono_matsuko for the patch --------------------------------------------------------------------------- Version 5.9.3 [V5-DEVEL], 2011-09-01 - bugfix/security: off-by-two bug in legacy syslog parser, CVE-2011-3200 - bugfix: mark message processing did not work correctly - added capability to emit config error location info for warnings otherwise, omusrmsg's warning about new config format was not accompanied by problem location. - bugfix: potential misadressing in property replacer - bugfix: MSGID corruption in RFC5424 parser under some circumstances closes: http://bugzilla.adiscon.com/show_bug.cgi?id=275 - bugfix: The NUL-Byte for the syslogtag was not copied in MsgDup (msg.c) --------------------------------------------------------------------------- Version 5.9.2 [V5-DEVEL] (rgerhards), 2011-07-11 - systemd support: set stdout/stderr to null - thx to Lennart for the patch - added support for the ":omusrmsg:" syntax in configuring user messages - added support for the ":omfile:" syntax for actions --------------------------------------------------------------------------- Version 5.9.1 [V5-DEVEL] (rgerhards), 2011-06-30 - added support for obtaining timestamp for kernel message from message If the kernel time-stamps messages, time is now take from that timestamp instead of the system time when the message was read. This provides much better accuracy. Thanks to Lennart Poettering for suggesting this feature and his help during implementation. - added support for obtaining timestamp from system for imuxsock This permits to read the time a message was submitted to the system log socket. Most importantly, this is provided in microsecond resolution. So we are able to obtain high precision timestampis even for messages that were - as is usual - not formatted with them. This also simplifies things in regard to local time calculation in chroot environments. Many thanks to Lennart Poettering for suggesting this feature, providing some guidance on implementing it and coordinating getting the necessary support into the Linux kernel. - bugfix: timestamp was incorrectly calculated for timezones with minute offset closes: http://bugzilla.adiscon.com/show_bug.cgi?id=271 - bugfix: problems in failover action handling closes: http://bugzilla.adiscon.com/show_bug.cgi?id=270 closes: http://bugzilla.adiscon.com/show_bug.cgi?id=254 - bugfix: mutex was invalidly left unlocked during action processing At least one case where this can occur is during thread shutdown, which may be initiated by lower activity. In most cases, this is quite unlikely to happen. However, if it does, data structures may be corrupted which could lead to fatal failure and segfault. I detected this via a testbench test, not a user report. But I assume that some users may have had unreproducable aborts that were cause by this bug. - bugfix: memory leak in imtcp & subsystems under some circumstances This leak is tied to error conditions which lead to incorrect cleanup of some data structures. [backport from v6] - bugfix/improvement:$WorkDirectory now gracefully handles trailing slashes --------------------------------------------------------------------------- Version 5.9.0 [V5-DEVEL] (rgerhards), 2011-06-08 - imfile: added $InputFileMaxLinesAtOnce directive - enhanced imfile to support input batching - added capability for imtcp and imptcp to activate keep-alive packets at the socket layer. This has not been added to imttcp, as the latter is only an experimental module, and one which did not prove to be useful. reference: http://kb.monitorware.com/post20791.html - added support to control KEEPALIVE settings in imptcp this has not yet been added to imtcp, but could be done on request. - $ActionName is now also used for naming of queues in impstats as well as in the debug output - bugfix: do not open files with full privileges, if privs will be dropped This make the privilege drop code more bulletproof, but breaks Ubuntu's work-around for log files created by external programs with the wrong user and/or group. Note that it was long said that this "functionality" would break once we go for serious privilege drop code, so hopefully nobody still depends on it (and, if so, they lost...). - bugfix: pipes not opened in full priv mode when privs are to be dropped - this begins a new devel branch for v5 - better handling of queue i/o errors in disk queues. This is kind of a bugfix, but a very intrusive one, this it goes into the devel version first. Right now, "file not found" is handled and leads to the new emergency mode, in which disk action is stopped and the queue run in direct mode. An error message is emited if this happens. - added support for user-level PRI provided via systemd - added new config directive $InputTCPFlowControl to select if tcp received messages shall be flagged as light delayable or not. - enhanced omhdfs to support batching mode. This permits to increase performance, as we now call the HDFS API with much larger message sizes and far more infrequently - bugfix: failover did not work correctly if repeated msg reduction was on affected directive was: $ActionExecOnlyWhenPreviousIsSuspended on closes: http://bugzilla.adiscon.com/show_bug.cgi?id=236 --------------------------------------------------------------------------- Version 5.8.13 [V5-stable] 2012-08-22 - bugfix: DA queue could cause abort - bugfix: "last message repeated n times" message was missing hostname Thanks to Zdenek Salvet for finding this bug and to Bodik for reporting - bugfix "$PreserveFQDN on" was not honored in some modules Thanks to bodik for reporting this bug. - bugfix: randomized IP option header in omudpspoof caused problems closes: http://bugzilla.adiscon.com/show_bug.cgi?id=327 Thanks to Rick Brown for helping to test out the patch. - bugfix: potential abort if output plugin logged message during shutdown note that none of the rsyslog-provided plugins does this Thanks to bodik and Rohit Prasad for alerting us on this bug and analyzing it. fixes: http://bugzilla.adiscon.com/show_bug.cgi?id=347 - bugfix: multiple main queues with same queue file name was not detected This lead to queue file corruption. While the root cause is a config error, it is a bug that this important and hard to find config error was not detected by rsyslog. --------------------------------------------------------------------------- Version 5.8.12 [V5-stable] 2012-06-06 - add small delay (50ms) after sending shutdown message There seem to be cases where the shutdown message is otherwise not processed, not even on an idle system. Thanks to Marcin for bringing this problem up. - support for resolving huge groups closes: http://bugzilla.adiscon.com/show_bug.cgi?id=310 Thanks to Alec Warner for the patch - bugfix: delayble source could block action queue, even if there was a disk queue associated with it. The root cause of this problem was that it makes no sense to delay messages once they arrive in the action queue - the "input" that is being held in that case is the main queue worker, what makes no sense. Thanks to Marcin for alerting us on this problem and providing instructions to reproduce it. - bugfix: disk queue was not persisted on shutdown, regression of fix to http://bugzilla.adiscon.com/show_bug.cgi?id=299 The new code also handles the case of shutdown of blocking light and full delayable sources somewhat smarter and permits, assuming sufficient timouts, to persist message up to the max queue capacity. Also some nits in debug instrumentation have been fixed. - bugfix/omudpspoof: problems, including abort, happend when run on multiple threads. Root cause is that libnet is not thread-safe. omudpspoof now guards libnet calls with their own mutex. - bugfix: if debug message could end up in log file when forking if rsyslog was set to auto-background (thus fork, the default) and debug mode to stdout was enabled, debug messages ended up in the first log file opened. Currently, stdout logging is completely disabled in forking mode (but writing to the debug log file is still possible). This is a change in behaviour, which is under review. If it causes problems to you, please let us know. Thanks to Tomas Heinrich for the patch. - bugfix/tcpflood: sending small test files did not work correctly - bugfix: potential hang due to mutex deadlock closes: http://bugzilla.adiscon.com/show_bug.cgi?id=316 Thanks to Andreas Piesk for reporting&analyzing this bug as well as providing patches and other help in resolving it. - bugfix: property PROCID empty instead of proper nilvalue if not present If it is not present, it must have the nilvalue "-" as of RFC5424 closes: http://bugzilla.adiscon.com/show_bug.cgi?id=332 Thanks to John N for reporting this issue. --------------------------------------------------------------------------- Version 5.8.11 [V5-stable] 2012-05-03 - bugfix: ommysql did not properly init/exit the mysql runtime library this could lead to segfaults. Triggering condition: multiple action instances using ommysql. Thanks to Tomas Heinrich for reporting this problem and providing an initial patch (which my solution is based on, I need to add more code to clean the mess up). - bugfix: rsyslog did not terminate when delayable inputs were blocked due to unvailable sources. Fixes: http://bugzilla.adiscon.com/show_bug.cgi?id=299 Thanks to Marcin M for bringing up this problem and Andre Lorbach for helping to reproduce and fix it. - bugfix: active input in "light delay state" could block rsyslog termination, at least for prolonged period of time - bugfix: imptcp input name could not be set config directive was accepted, but had no effect - bugfix: assigned ruleset was lost when using disk queues This looked quite hard to diagnose for disk-assisted queues, as the pure memory part worked well, but ruleset info was lost for messages stored inside the disk queue. - bugfix: hostname was not requeried on HUP Thanks to Per Jessen for reporting this bug and Marius Tomaschewski for his help in testing the fix. - bugfix: inside queue.c, some thread cancel states were not correctly reset. While this is a bug, we assume it did have no practical effect because the reset as it was done was set to the state the code actually had at this point. But better fix this... --------------------------------------------------------------------------- Version 5.8.10 [V5-stable] 2012-04-05 - bugfix: segfault on startup if $actionqueuefilename was missing for disk queue config Thanks to Tomas Heinrich for the patch. - bugfix: segfault if disk-queue was started up with old queue file Thanks to Tomas Heinrich for the patch. - bugfix: memory leak in array passing output module mode --------------------------------------------------------------------------- Version 5.8.9 [V5-stable] 2012-03-15 - added tool to recover disk queue if .qi file is missing (recover_qi.pl) Thanks to Kaiwang Chen for contributing this tool - bugfix: stopped DA queue was never processed after a restart due to a regression from statistics module - added better doc for statsobj interface Thanks to Kaiwang Chen for his suggestions and analysis in regard to the stats subsystem. --------------------------------------------------------------------------- Version 5.8.8 [V5-stable] 2012-03-05 - added capability to use a local interface IP address as fromhost-ip for imuxsock imklog new config directives: $IMUXSockLocalIPIF, $klogLocalIPIF - added configuration directives to customize queue light delay marks $MainMsgQueueLightDelayMark, $ActionQueueLightDelayMark; both specify number of messages starting at which a delay happens. - bugfix: omprog made rsyslog abort on startup if not binary to execute was configured - bugfix: imklog invalidly computed facility and severity closes: http://bugzilla.adiscon.com/show_bug.cgi?id=313 --------------------------------------------------------------------------- Version 5.8.7 [V5-stable] 2012-01-17 - bugfix: instabilities when using RFC5424 header fields Thanks to Kaiwang Chen for the patch - bugfix: imuxsock did truncate part of received message if it did not contain a proper date. The truncation occured because we removed that part of the messages that was expected to be the date. closes: http://bugzilla.adiscon.com/show_bug.cgi?id=295 - bugfix: potential abort after reading invalid X.509 certificate closes: http://bugzilla.adiscon.com/show_bug.cgi?id=290 Thanks to Tomas Heinrich for the patch - bugfix: stats counter were not properly initialized on creation - FQDN hostname for multihomed host was not always set to the correct name if multiple aliases existed. Thanks to Tomas Heinreich for the patch. - re-licensed larger parts of the codebase under the Apache license 2.0 --------------------------------------------------------------------------- Version 5.8.6 [V5-stable] 2011-10-21 - bugfix: missing whitespace after property-based filter was not detected - bugfix: $OMFileFlushInterval period was doubled - now using correct value - bugfix: ActionQueue could malfunction due to index error Thanks to Vlad Grigorescu for the patch - bugfix: $ActionExecOnlyOnce interval did not work properly Thanks to Tomas Heinrich for the patch - bugfix: race condition when extracting program name, APPNAME, structured data and PROCID (RFC5424 fields) could lead to invalid characters e.g. in dynamic file names or during forwarding (general malfunction of these fields in templates, mostly under heavy load) - bugfix: imuxsock did no longer ignore message-provided timestamp, if so configured (the *default*). Lead to no longer sub-second timestamps. closes: http://bugzilla.adiscon.com/show_bug.cgi?id=281 - bugfix: omfile returns fatal error code for things that go really wrong previously, RS_RET_RESUME was returned, which lead to a loop inside the rule engine as omfile could not really recover. - bugfix: imfile did invalid system call under some circumstances when a file that was to be monitored did not exist BUT the state file actually existed. Mostly a cosmetic issue. Root cause was incomplete error checking in stream.c; so patch may affect other code areas. - bugfix: rsyslogd -v always said 64 atomics were not present thanks to mono_matsuko for the patch --------------------------------------------------------------------------- Version 5.8.5 [V5-stable] (rgerhards/al), 2011-09-01 - bugfix/security: off-by-two bug in legacy syslog parser, CVE-2011-3200 - bugfix: mark message processing did not work correctly - bugfix: potential hang condition during tag emulation - bugfix: too-early string termination during tag emulation - bugfix: The NUL-Byte for the syslogtag was not copied in MsgDup (msg.c) - bugfix: fixed incorrect state handling for Discard Action (transactions) Note: This caused all messages in a batch to be set to COMMITTED, even if they were discarded. --------------------------------------------------------------------------- Version 5.8.4 [V5-stable] (al), 2011-08-10 - bugfix: potential misadressing in property replacer - bugfix: memcpy overflow can occur in allowed sender checkig if a name is resolved to IPv4-mapped-on-IPv6 address Found by Ismail Dönmez at suse - bugfix: potential misadressing in property replacer - bugfix: MSGID corruption in RFC5424 parser under some circumstances closes: http://bugzilla.adiscon.com/show_bug.cgi?id=275 --------------------------------------------------------------------------- Version 5.8.3 [V5-stable] (rgerhards), 2011-07-11 - systemd support: set stdout/stderr to null - thx to Lennart for the patch - added support for the ":omusrmsg:" syntax in configuring user messages - added support for the ":omfile:" syntax for actions Note: previous outchannel syntax will generate a warning message. This may be surprising to some users, but it is quite urgent to alert them of the new syntax as v6 can no longer support the previous one. --------------------------------------------------------------------------- Version 5.8.2 [V5-stable] (rgerhards), 2011-06-21 - bugfix: problems in failover action handling closes: http://bugzilla.adiscon.com/show_bug.cgi?id=270 closes: http://bugzilla.adiscon.com/show_bug.cgi?id=254 - bugfix: mutex was invalidly left unlocked during action processing At least one case where this can occur is during thread shutdown, which may be initiated by lower activity. In most cases, this is quite unlikely to happen. However, if it does, data structures may be corrupted which could lead to fatal failure and segfault. I detected this via a testbench test, not a user report. But I assume that some users may have had unreproducable aborts that were cause by this bug. - bugfix: memory leak in imtcp & subsystems under some circumstances This leak is tied to error conditions which lead to incorrect cleanup of some data structures. [backport from v6] - bugfix/improvement:$WorkDirectory now gracefully handles trailing slashes --------------------------------------------------------------------------- Version 5.8.1 [V5-stable] (rgerhards), 2011-05-19 - bugfix: invalid processing in QUEUE_FULL condition If the the multi-submit interface was used and a QUEUE_FULL condition occured, the failed message was properly destructed. However, the rest of the input batch, if it existed, was not processed. So this lead to potential loss of messages and a memory leak. The potential loss of messages was IMHO minor, because they would have been dropped in most cases due to the queue remaining full, but very few lucky ones from the batch may have made it. Anyhow, this has now been changed so that the rest of the batch is properly tried to be enqueued and, if not possible, destructed. - new module mmsnmptrapd, a sample message modification module This can be useful to reformat snmptrapd messages and also serves as a sample for how to write message modification modules using the output module interface. Note that we introduced this new functionality directly into the stable release, as it does not modify the core and as such cannot have any side-effects if it is not used (and thus the risk is solely on users requiring that functionality). - bugfix: rate-limiting inside imuxsock did not work 100% correct reason was that a global config variable was invalidly accessed where a listener variable should have been used. Also performance-improved the case when rate limiting is turned off (this is a very unintrusive change, thus done directly to the stable version). - bugfix: $myhostname not available in RainerScript (and no error message) closes: http://bugzilla.adiscon.com/show_bug.cgi?id=233 - bugfix: memory and file descriptor leak in stream processing Leaks could occur under some circumstances if the file stream handler errored out during the open call. Among others, this could cause very big memory leaks if there were a problem with unreadable disk queue files. In regard to the memory leak, this closes: http://bugzilla.adiscon.com/show_bug.cgi?id=256 - bugfix: doc for impstats had wrong config statements also, config statements were named a bit inconsistent, resolved that problem by introducing an alias and only documenting the consistent statements Thanks to Marcin for bringing up this problem. - bugfix: IPv6-address could not be specified in omrelp this was due to improper parsing of ":" closes: http://bugzilla.adiscon.com/show_bug.cgi?id=250 - bugfix: TCP connection invalidly aborted when messages needed to be discarded (due to QUEUE_FULL or similar problem) - bugfix: $LocalHostName was not honored under all circumstances closes: http://bugzilla.adiscon.com/show_bug.cgi?id=258 - bugfix(minor): improper template function call in syslogd.c --------------------------------------------------------------------------- Version 5.8.0 [V5-stable] (rgerhards), 2011-04-12 This is the new v5-stable branch, importing all feature from the 5.7.x versions. To see what has changed in regard to the previous v5-stable, check the Changelog for 5.7.x below. - bugfix: race condition in deferred name resolution closes: http://bugzilla.adiscon.com/show_bug.cgi?id=238 Special thanks to Marcin for his persistence in helping to solve this bug. - bugfix: DA queue was never shutdown once it was started closes: http://bugzilla.adiscon.com/show_bug.cgi?id=241 --------------------------------------------------------------------------- Version 5.7.10 [V5-BETA] (rgerhards), 2011-03-29 - bugfix: ompgsql did not work properly with ANSI SQL strings closes: http://bugzilla.adiscon.com/show_bug.cgi?id=229 - bugfix: rsyslog did not build with --disable-regexp configure option closes: http://bugzilla.adiscon.com/show_bug.cgi?id=243 - bugfix: PRI was invalid on Solaris for message from local log socket - enhance: added $BOM system property to ease writing byte order masks - bugfix: RFC5424 parser confused by empty structured data closes: http://bugzilla.adiscon.com/show_bug.cgi?id=237 - bugfix: error return from strgen caused abort, now causes action to be ignored (just like a failed filter) - new sample plugin for a strgen to generate sql statement consumable by a database plugin - bugfix: strgen could not be used together with database outputs because the sql/stdsql option could not be specified. This has been solved by permitting the strgen to include the opton inside its name. closes: http://bugzilla.adiscon.com/show_bug.cgi?id=195 --------------------------------------------------------------------------- Version 5.7.9 [V5-BETA] (rgerhards), 2011-03-16 - improved testbench among others, life tests for ommysql (against a test database) have been added, valgrind-based testing enhanced, ... - enhance: fallback *at runtime* to epoll_create if epoll_create1 is not available. Thanks to Michael Biebl for analysis and patch! - bugfix: failover did not work correctly if repeated msg reduction was on closes: http://bugzilla.adiscon.com/show_bug.cgi?id=236 affected directive was: $ActionExecOnlyWhenPreviousIsSuspended on - bugfix: minor memory leak in omlibdbi (< 1k per instance and run) - bugfix: (regression) omhdfs did no longer compile - bugfix: omlibdbi did not use password from rsyslog.conf closes: http://bugzilla.adiscon.com/show_bug.cgi?id=203 --------------------------------------------------------------------------- Version 5.7.8 [V5-BETA] (rgerhards), 2011-03-09 - systemd support somewhat improved (can now take over existing log sockt) - bugfix: discard action did not work under some circumstances fixes: http://bugzilla.adiscon.com/show_bug.cgi?id=217 - bugfix: file descriptor leak in gnutls netstream driver fixes: http://bugzilla.adiscon.com/show_bug.cgi?id=222 --------------------------------------------------------------------------- Version 5.7.7 [V5-BETA] (rgerhards), 2011-03-02 - bugfix: potential abort condition when $RepeatedMsgReduction set to on as well as potentially in a number of other places where MsgDup() was used. This only happened when the imudp input module was used and it depended on name resolution not yet had taken place. In other words, this was a strange problem that could lead to hard to diagnose instability. So if you experience instability, chances are good that this fix will help. --------------------------------------------------------------------------- Version 5.7.6 [V5-BETA] (rgerhards), 2011-02-25 - bugfix: fixed a memory leak and potential abort condition this could happen if multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. fixes: http://bugzilla.adiscon.com/show_bug.cgi?id=226 fixes: http://bugzilla.adiscon.com/show_bug.cgi?id=218 - bugfix: memory leak when $RepeatedMsgReduction on was used bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=225 --------------------------------------------------------------------------- Version 5.7.5 [V5-BETA] (rgerhards), 2011-02-23 - enhance: imfile did not yet support multiple rulesets, now added we do this directly in the beta because a) it does not affect existing functionality and b) one may argue that this missing functionality is close to a bug. - improved testbench, added tests for imuxsock - bugfix: imuxsock did no longer sanitize received messages This was a regression from the imuxsock partial rewrite. Happened because the message is no longer run through the standard parsers. bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=224 - bugfix: minor race condition in action.c - considered cosmetic This is considered cosmetic as multiple threads tried to write exactly the same value into the same memory location without sync. The method has been changed so this can no longer happen. --------------------------------------------------------------------------- Version 5.7.4 [V5-BETA] (rgerhards), 2011-02-17 - added pmsnare parser module (written by David Lang) - enhanced imfile to support non-cancel input termination - improved systemd socket activation thanks to Marius Tomaschweski - improved error reporting for $WorkDirectory non-existance and other detectable problems are now reported, and the work directory is NOT set in this case - bugfix: pmsnare causded abort under some conditions - bugfix: abort if imfile reads file line of more than 64KiB Thanks to Peter Eisentraut for reporting and analysing this problem. bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=221 - bugfix: queue engine did not properly slow down inputs in FULL_DELAY mode when in disk-assisted mode. This especially affected imfile, which created unnecessarily queue files if a large set of input file data was to process. - bugfix: very long running actions could prevent shutdown under some circumstances. This has now been solved, at least for common situations. - bugfix: fixed compile problem due to empty structs this occured only on some platforms/compilers. thanks to Dražen Kačar for the fix --------------------------------------------------------------------------- Version 5.7.3 [V5-BETA] (rgerhards), 2011-02-07 - added support for processing multi-line messages in imfile - added $IMUDPSchedulingPolicy and $IMUDPSchedulingPriority config settings - added $LocalHostName config directive - bugfix: fixed build problems on some platforms namely those that have 32bit atomic operations but not 64 bit ones - bugfix: local hostname was pulled too-early, so that some config directives (namely FQDN settings) did not have any effect - bugfix: imfile did duplicate messages under some circumstances - added $OMMySQLConfigFile config directive - added $OMMySQLConfigSection config directive --------------------------------------------------------------------------- Version 5.7.2 [V5-DEVEL] (rgerhards), 2010-11-26 - bugfix(important): problem in TLS handling could cause rsyslog to loop in a tight loop, effectively disabling functionality and bearing the risk of unresponsiveness of the whole system. Bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=194 - bugfix: imfile state file was not written when relative file name for it was specified - bugfix: compile failed on systems without epoll_create1() Thanks to David Hill for providing a fix. - bugfix: atomic increment for msg object may not work correct on all platforms. Thanks to Chris Metcalf for the patch - bugfix: replacements for atomic operations for non-int sized types had problems. At least one instance of that problem could potentially lead to abort (inside omfile). --------------------------------------------------------------------------- Version 5.7.1 [V5-DEVEL] (rgerhards), 2010-10-05 - support for Hadoop's HDFS added (via omhdfs) - imuxsock now optionally use SCM_CREDENTIALS to pull the pid from the log socket itself (thanks to Lennart Poettering for the suggesting this feature) - imuxsock now optionally uses per-process input rate limiting, guarding the user against processes spamming the system log (thanks to Lennart Poettering for suggesting this feature) - added new config statements * $InputUnixListenSocketUsePIDFromSystem * $SystemLogUsePIDFromSystem * $SystemLogRateLimitInterval * $SystemLogRateLimitBurst * $SystemLogRateLimitSeverity * $IMUxSockRateLimitInterval * $IMUxSockRateLimitBurst * $IMUxSockRateLimitSeverity - imuxsock now supports up to 50 different sockets for input - some code cleanup in imuxsock (consider this a release a major modification, especially if problems show up) - bugfix: /dev/log was unlinked even when passed in from systemd in which case it should be preserved as systemd owns it --------------------------------------------------------------------------- Version 5.7.0 [V5-DEVEL] (rgerhards), 2010-09-16 - added module impstat to emit periodic statistics on rsyslog counters - support for systemd officially added * acquire /dev/log socket optionally from systemd thanks to Lennart Poettering for this patch * sd-systemd API added as part of rsyslog runtime library --------------------------------------------------------------------------- Version 5.6.5 [V5-STABLE] (rgerhards), 2011-03-22 - bugfix: failover did not work correctly if repeated msg reduction was on affected directive was: $ActionExecOnlyWhenPreviousIsSuspended on closes: http://bugzilla.adiscon.com/show_bug.cgi?id=236 - bugfix: omlibdbi did not use password from rsyslog.con closes: http://bugzilla.adiscon.com/show_bug.cgi?id=203 - bugfix(kind of): tell users that config graph can currently not be generated closes: http://bugzilla.adiscon.com/show_bug.cgi?id=232 - bugfix: discard action did not work under some circumstances fixes: http://bugzilla.adiscon.com/show_bug.cgi?id=217 (backport from 5.7.8) --------------------------------------------------------------------------- Version 5.6.4 [V5-STABLE] (rgerhards), 2011-03-03 - bugfix: potential abort condition when $RepeatedMsgReduction set to on as well as potentially in a number of other places where MsgDup() was used. This only happened when the imudp input module was used and it depended on name resolution not yet had taken place. In other words, this was a strange problem that could lead to hard to diagnose instability. So if you experience instability, chances are good that this fix will help. - bugfix: fixed a memory leak and potential abort condition this could happen if multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. fixes: http://bugzilla.adiscon.com/show_bug.cgi?id=226 fixes: http://bugzilla.adiscon.com/show_bug.cgi?id=218 - bugfix: memory leak when $RepeatedMsgReduction on was used bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=225 --------------------------------------------------------------------------- Version 5.6.3 [V5-STABLE] (rgerhards), 2011-01-26 - bugfix: action processor released memory too early, resulting in potential issue in retry cases (but very unlikely due to another bug, which I also fixed -- only after the fix this problem here became actually visible). - bugfix: batch processing flagged invalid message as "bad" under some circumstances - bugfix: unitialized variable could cause issues under extreme conditions plus some minor nits. This was found after a clang static code analyzer analysis (great tool, and special thanks to Marcin for telling me about it!) - bugfix: batches which had actions in error were not properly retried in all cases - bugfix: imfile did duplicate messages under some circumstances - bugfix: testbench was not activated if no Java was present on system ... what actually was a left-over. Java is no longer required. --------------------------------------------------------------------------- Version 5.6.2 [V5-STABLE] (rgerhards), 2010-11-30 - bugfix: compile failed on systems without epoll_create1() Thanks to David Hill for providing a fix. - bugfix: atomic increment for msg object may not work correct on all platforms. Thanks to Chris Metcalf for the patch - bugfix: replacements for atomic operations for non-int sized types had problems. At least one instance of that problem could potentially lead to abort (inside omfile). - added the $InputFilePersistStateInterval config directive to imfile - changed imfile so that the state file is never deleted (makes imfile more robust in regard to fatal failures) - bugfix: a slightly more informative error message when a TCP connections is aborted --------------------------------------------------------------------------- Version 5.6.1 [V5-STABLE] (rgerhards), 2010-11-24 - bugfix(important): problem in TLS handling could cause rsyslog to loop in a tight loop, effectively disabling functionality and bearing the risk of unresponsiveness of the whole system. Bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=194 - permitted imptcp to work on systems which support epoll(), but not epoll_create(). Bug: http://bugzilla.adiscon.com/show_bug.cgi?id=204 Thanks to Nicholas Brink for reporting this problem. - bugfix: testbench failed if imptcp was not enabled - bugfix: segfault when an *empty* template was used Bug: http://bugzilla.adiscon.com/show_bug.cgi?id=206 Thanks to David Hill for alerting us. - bugfix: compile failed with --enable-unlimited-select thanks varmojfekoj for the patch --------------------------------------------------------------------------- Version 5.6.0 [V5-STABLE] (rgerhards), 2010-10-19 This release brings all changes and enhancements of the 5.5.x series to the v5-stable branch. - bugfix: a couple of problems that imfile had on some platforms, namely Ubuntu (not their fault, but occured there) - bugfix: imfile utilizes 32 bit to track offset. Most importantly, this problem can not experienced on Fedora 64 bit OS (which has 64 bit long's!) --------------------------------------------------------------------------- Version 5.5.7 [V5-BETA] (rgerhards), 2010-08-09 - changed omudpspoof default spoof address to simplify typical use case thanks to David Lang for suggesting this - doc bugfix: pmlastmsg doc samples had errors - bugfix[minor]: pmrfc3164sd had invalid name (resided in rsyslog name space, what should not be the case for a contributed module) - added omuxsock, which permits to write message to local Unix sockets this is the counterpart to imuxsock, enabling fast local forwarding --------------------------------------------------------------------------- Version 5.5.6 [DEVEL] (rgerhards), 2010-07-21 - added parser modules * pmlastmsg, which supports the notoriously malformed "last message repeated n times" messages from some syslogd's (namely sysklogd) * pmrfc3164sd (contributed), supports RFC5424 structured data in RFC3164 messages [untested] - added new module type "string generator", used to speed up output processing. Expected speedup for (typical) rsyslog processing is roughly 5 to 6 percent compared to using string-based templates. They may also be used to do more complex formatting with custom C code, what provided greater flexibility and probably far higher speed, for example if using multiple regular expressions within a template. - added 4 string generators for * RSYSLOG_FileFormat * RSYSLOG_TraditionalFileFormat * RSYSLOG_ForwardFormat * RSYSLOG_TraditionalForwardFormat - bugfix: mutexes used to simulate atomic instructions were not destructed - bugfix: regression caused more locking action in msg.c than necessary - bugfix: "$ActionExecOnlyWhenPreviousIsSuspended on" was broken - bugfix: segfault on HUP when "HUPIsRestart" was set to "on" thanks varmojfekoj for the patch - bugfix: default for $OMFileFlushOnTXEnd was wrong ("off"). This, in default mode, caused buffered writing to be used, what means that it looked like no output were written or partial lines. Thanks to Michael Biebl for pointing out this bug. - bugfix: programname filter in ! configuration can not be reset Thanks to Kiss Gabor for the patch. --------------------------------------------------------------------------- Version 5.5.5 [DEVEL] (rgerhards), 2010-05-20 - added new cancel-reduced action thread termination method We now manage to cancel threads that block inside a retry loop to terminate without the need to cancel the thread. Avoiding cancellation helps keep the system complexity minimal and thus provides for better stability. This also solves some issues with improper shutdown when inside an action retry loop. --------------------------------------------------------------------------- Version 5.5.4 [DEVEL] (rgerhards), 2010-05-03 - This version offers full support for Solaris on Intel and Sparc - bugfix: problems with atomic operations emulation replaced atomic operation emulation with new code. The previous code seemed to have some issue and also limited concurrency severely. The whole atomic operation emulation has been rewritten. - bugfix: netstream ptcp support class was not correctly build on systems without epoll() support - bugfix: segfault on Solaris/Sparc --------------------------------------------------------------------------- Version 5.5.3 [DEVEL] (rgerhards), 2010-04-09 - added basic but functional support for Solaris - imported many bugfixes from 3.6.2/4.6.1 (see ChangeLog below!) - added new property replacer option "date-rfc3164-buggyday" primarily to ease migration from syslog-ng. See property replacer doc for details. - added capability to turn off standard LF delimiter in TCP server via new directive "$InputTCPServerDisableLFDelimiter on" - bugfix: failed to compile on systems without epoll support - bugfix: comment char ('#') in literal terminated script parsing and thus could not be used. but tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=119 [merged in from v3.22.2] - imported patches from 4.6.0: * improved testbench to contain samples for totally malformed messages which miss parts of the message content * bugfix: some malformed messages could lead to a missing LF inside files or some other missing parts of the template content. * bugfix: if a message ended immediately with a hostname, the hostname was mistakenly interpreted as TAG, and localhost be used as hostname --------------------------------------------------------------------------- Version 5.5.2 [DEVEL] (rgerhards), 2010-02-05 - applied patches that make rsyslog compile under Apple OS X. Thanks to trey for providing these. - replaced data type "bool" by "sbool" because this created some portability issues. - added $Escape8BitCharactersOnReceive directive Thanks to David Lang for suggesting it. - worked around an issue where omfile failed to compile on 32 bit platforms under some circumstances (this smells like a gcc problem, but a simple solution was available). Thanks to Kenneth Marshall for some advice. - extended testbench --------------------------------------------------------------------------- Version 5.5.1 [DEVEL] (rgerhards), 2009-11-27 - introduced the ablity for netstream drivers to utilize an epoll interface This offers increased performance and removes the select() FDSET size limit from imtcp. Note that we fall back to select() if there is no epoll netstream drivers. So far, an epoll driver has only been implemented for plain tcp syslog, the rest will follow once the code proves well in practice AND there is demand. - re-implemented $EscapeControlCharacterTab config directive Based on Jonathan Bond-Caron's patch for v4. This now also includes some automatted tests. - bugfix: enabling GSSServer crashes rsyslog startup Thanks to Tomas Kubina for the patch [imgssapi] - bugfix (kind of): check if TCP connection is still alive if using TLS Thanks to Jonathan Bond-Caron for the patch. --------------------------------------------------------------------------- Version 5.5.0 [DEVEL] (rgerhards), 2009-11-18 - moved DNS resolution code out of imudp and into the backend processing Most importantly, DNS resolution now never happens if the resolved name is not required. Note that this applies to imudp - for the other inputs, DNS resolution almost comes for free, so we do not do it there. However, the new method has been implemented in a generic way and as such may also be used by other modules in the future. - added option to use unlimited-size select() calls Thanks to varmjofekoj for the patch This is not done in imudp, as it natively supports epoll(). - doc: improved description of what loadable modules can do --------------------------------------------------------------------------- Version 5.4.2 [v5-stable] (rgerhards), 2010-03-?? - bugfix(kind of): output plugin retry behaviour could cause engine to loop The rsyslog engine did not guard itself against output modules that do not properly convey back the tryResume() behaviour. This then leads to what looks like an endless loop. I consider this to be a bug of the engine not only because it should be hardened against plugin misbehaviour, but also because plugins may not be totally able to avoid this situation (depending on the type of and processing done by the plugin). - bugfix: testbench failed when not executed in UTC+1 timezone accidently, the time zone information was kept inside some to-be-checked-for responses - temporary bugfix replaced by permanent one for message-induced off-by-one error (potential segfault) (see 4.6.2) The analysis has been completed and a better fix been crafted and integrated. - bugfix(minor): status variable was uninitialized However, this would have caused harm only if NO parser modules at all were loaded, which would lead to a defunctional configuration at all. And, even more important, this is impossible as two parser modules are built-in and thus can not be "not loaded", so we always have a minimum of two. --------------------------------------------------------------------------- Version 5.4.1 [v5-stable] (rgerhards), 2010-03-?? - added new property replacer option "date-rfc3164-buggyday" primarily to ease migration from syslog-ng. See property replacer doc for details. [backport from 5.5.3 because urgently needed by some] - imported all bugfixes vom 4.6.2 (see below) --------------------------------------------------------------------------- Version 5.4.0 [v5-stable] (rgerhards), 2010-03-08 *************************************************************************** * This is a new stable v5 version. It contains all fixes and enhancements * * made during the 5.3.x phase as well as those listed below. * * Note that the 5.2.x series was quite buggy and as such all users are * * strongly advised to upgrade to 5.4.0. * *************************************************************************** - bugfix: omruleset failed to work in many cases bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=179 Thanks to Ryan B. Lynch for reporting this issue. - bugfix: comment char ('#') in literal terminated script parsing and thus could not be used. but tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=119 [merged in from v3.22.2] --------------------------------------------------------------------------- Version 5.3.7 [BETA] (rgerhards), 2010-01-27 - bugfix: queues in direct mode could case a segfault, especially if an action failed for action queues. The issue was an invalid increment of a stack-based pointer which lead to destruction of the stack frame and thus a segfault on function return. Thanks to Michael Biebl for alerting us on this problem. - bugfix: hostname accidently set to IP address for some message sources, for example imudp. Thanks to Anton for reporting this bug. [imported v4] - bugfix: ompgsql had problems with transaction support, what actually rendered it unsuable. Thanks to forum user "horhe" for alerting me on this bug and helping to debug/fix it! [imported from 5.3.6] - bugfix: $CreateDirs variable not properly initialized, default thus was random (but most often "on") [imported from v3] - bugfix: potential segfaults during queue shutdown (bugs require certain non-standard settings to appear) Thanks to varmojfekoj for the patch [imported from 4.5.8] [backport from 5.5.2] - bugfix: wrong memory assignment for a config variable (probably without causing any harm) [backport from 5.2.2] - bugfix: rsyslog hangs when writing to a named pipe which nobody was reading. Thanks to Michael Biebl for reporting this bug. Bugzilla entry: http://bugzilla.adiscon.com/show_bug.cgi?id=169 [imported from 4.5.8] --------------------------------------------------------------------------- Version 5.3.6 [BETA] (rgerhards), 2010-01-13 - bugfix: ompgsql did not properly check the server connection in tryResume(), which could lead to rsyslog running in a thight loop - bugfix: suspension during beginTransaction() was not properly handled by rsyslog core - bugfix: omfile output was only written when buffer was full, not at end of transaction - bugfix: commit transaction was not properly conveyed to message layer, potentially resulting in non-message destruction and thus hangs - bugfix: enabling GSSServer crashes rsyslog startup Thanks to Tomas Kubina for the patch [imgssapi] - bugfix (kind of): check if TCP connection is still alive if using TLS Thanks to Jonathan Bond-Caron for the patch. - bugfix: $CreateDirs variable not properly initialized, default thus was random (but most often "on") [imported from v3] - bugfix: ompgsql had problems with transaction support, what actually rendered it unsuable. Thanks to forum user "horhe" for alerting me on this bug and helping to debug/fix it! - bugfix: memory leak when sending messages in zip-compressed format Thanks to Naoya Nakazawa for analyzing this issue and providing a patch. - worked around an issue where omfile failed to compile on 32 bit platforms under some circumstances (this smells like a gcc problem, but a simple solution was available). Thanks to Kenneth Marshall for some advice. [backported from 5.5.x branch] --------------------------------------------------------------------------- Version 5.3.5 [BETA] (rgerhards), 2009-11-13 - some light performance enhancement by replacing time() call with much faster (at least under linux) gettimeofday() calls. - some improvement of omfile performance with dynafiles saved costly time() calls by employing a logical clock, which is sufficient for the use case - bugfix: omudpspoof miscalculated source and destination ports while this was probably not noticed for source ports, it resulted in almost all destination ports being wrong, except for the default port of 514, which by virtue of its binary representation was calculated correct (and probably thus the bug not earlier detected). - bugfixes imported from earlier releases * bugfix: named pipes did no longer work (they always got an open error) this was a regression from the omfile rewrite in 4.5.0 * bugfix(testbench): sequence check was not always performed correctly, that could result in tests reporting success when they actually failed - improved testbench: added tests for UDP forwarding and omudpspoof - doc bugfix: omudpspoof had wrong config command names ("om" missing) - bugfix [imported from 4.4.3]: $ActionExecOnlyOnceEveryInterval did not work. - [inport v4] improved testbench, contains now tcp and gzip test cases - [import v4] added a so-called "On Demand Debug" mode, in which debug output can be generated only after the process has started, but not right from the beginning. This is assumed to be useful for hard-to-find bugs. Also improved the doc on the debug system. - bugfix: segfault on startup when -q or -Q option was given [imported from v3-stable] --------------------------------------------------------------------------- Version 5.3.4 [DEVEL] (rgerhards), 2009-11-04 - added the ability to create custom message parsers - added $RulesetParser config directive that permits to bind specific parsers to specific rulesets - added omruleset output module, which provides great flexibility in action processing. THIS IS A VERY IMPORTANT ADDITION, see its doc for why. - added the capability to have ruleset-specific main message queues This offers considerable additional flexibility AND superior performance (in cases where multiple inputs now can avoid lock contention) - bugfix: correct default for escape ('#') character restored This was accidently changed to '\\', thanks to David Lang for reporting - bugfix(testbench): testcase did not properly wait for rsyslogd shutdown thus some unpredictable behavior and a false negative test result could occur. --------------------------------------------------------------------------- Version 5.3.3 [DEVEL] (rgerhards), 2009-10-27 - simplified and thus speeded up the queue engine, also fixed some potential race conditions (in very unusual shutdown conditions) along the way. The threading model has seriously changes, so there may be some regressions. - enhanced test environment (inlcuding testbench): support for enhancing probability of memory addressing failure by using non-NULL default value for malloced memory (optional, only if requested by configure option). This helps to track down some otherwise undetected issues within the testbench. - bugfix: potential abort if inputname property was not set primarily a problem of imdiag - bugfix: message processing states were not set correctly in all cases however, this had no negative effect, as the message processing state was not evaluated when a batch was deleted, and that was the only case where the state could be wrong. --------------------------------------------------------------------------- Version 5.3.2 [DEVEL] (rgerhards), 2009-10-21 - enhanced omfile to support transactional interface. This will increase performance in many cases. - added multi-ruleset support to imudp - re-enabled input thread termination handling that does avoid thread cancellation where possible. This provides a more reliable mode of rsyslogd termination (canceling threads my result in not properly freed resouces and potential later hangs, even though we perform proper cancel handling in our code). This is part of an effort to reduce thread cancellation as much as possible in rsyslog. NOTE: the code previously written code for this functionality had a subtle race condition. The new code solves that. - enhanced immark to support non-cancel input module termination - improved imudp so that epoll can be used in more environments, fixed potential compile time problem if EPOLL_CLOEXEC is not available. - some cleanup/slight improvement: * changed imuxsock to no longer use deprecated submitAndParseMsg() IF * changed submitAndParseMsg() interface to be a wrapper around the new way of message creation/submission. This enables older plugins to be used together with the new interface. The removal also enables us to drop a lot of duplicate code, reducing complexity and increasing maintainability. - bugfix: segfault when starting up with an invalid .qi file for a disk queue Failed for both pure disk as well as DA queues. Now, we emit an error message and disable disk queueing facility. - bugfix: potential segfault on messages with empty MSG part. This was a recently introduced regression. - bugfix: debug string larger than 1K were improperly displayed. Max size is now 32K, and if a string is even longer it is meaningfully truncated. --------------------------------------------------------------------------- Version 5.3.1 [DEVEL] (rgerhards), 2009-10-05 - added $AbortOnUncleanConfig directive - permits to prevent startup when there are problems with the configuration file. See it's doc for details. - included some important fixes from v4-stable: * bugfix: invalid handling of zero-sized messages * bugfix: zero-sized UDP messages are no longer processed * bugfix: random data could be appended to message * bugfix: reverse lookup reduction logic in imudp do DNS queries too often - bugfixes imported from 4.5.4: * bugfix: potential segfault in stream writer on destruction * bugfix: potential race in object loader (obj.c) during use/release * bugfixes: potential problems in out file zip writer --------------------------------------------------------------------------- Version 5.3.0 [DEVEL] (rgerhards), 2009-09-14 - begun to add simple GUI programs to gain insight into running rsyslogd instances and help setup and troubleshooting (active via the --enable-gui ./configure switch) - changed imudp to utilize epoll(), where available. This shall provide slightly better performance (just slightly because we called select() rather infrequently on a busy system) --------------------------------------------------------------------------- Version 5.2.2 [v5-stable] (rgerhards), 2009-11-?? - bugfix: enabling GSSServer crashes rsyslog startup Thanks to Tomas Kubina for the patch [imgssapi] --------------------------------------------------------------------------- Version 5.2.1 [v5-stable] (rgerhards), 2009-11-02 - bugfix [imported from 4.4.3]: $ActionExecOnlyOnceEveryInterval did not work. - bugfix: segfault on startup when -q or -Q option was given [imported from v3-stable] --------------------------------------------------------------------------- Version 5.2.0 [v5-stable] (rgerhards), 2009-11-02 This is a re-release of version 5.1.6 as stable after we did not get any bug reports during the whole beta phase. Still, this first v5-stable may not be as stable as one hopes for, I am not sure if we did not get bug reports just because nobody tried it. Anyhow, we need to go forward and so we have the initial v5-stable. --------------------------------------------------------------------------- Version 5.1.6 [v5-beta] (rgerhards), 2009-10-15 - feature imports from v4.5.6 - bugfix: potential race condition when queue worker threads were terminated - bugfix: solved potential (temporary) stall of messages when the queue was almost empty and few new data added (caused testbench to sometimes hang!) - fixed some race condition in testbench - added more elaborate diagnostics to parts of the testbench - bugfixes imported from 4.5.4: * bugfix: potential segfault in stream writer on destruction * bugfix: potential race in object loader (obj.c) during use/release * bugfixes: potential problems in out file zip writer - included some important fixes from 4.4.2: * bugfix: invalid handling of zero-sized messages * bugfix: zero-sized UDP messages are no longer processed * bugfix: random data could be appended to message * bugfix: reverse lookup reduction logic in imudp do DNS queries too often --------------------------------------------------------------------------- Version 5.1.5 [v5-beta] (rgerhards), 2009-09-11 - added new config option $ActionWriteAllMarkMessages this option permites to process mark messages under all circumstances, even if an action was recently called. This can be useful to use mark messages as a kind of heartbeat. - added new config option $InputUnixListenSocketCreatePath to permit the auto-creation of pathes to additional log sockets. This turns out to be useful if they reside on temporary file systems and rsyslogd starts up before the daemons that create these sockets (rsyslogd always creates the socket itself if it does not exist). - added $LogRSyslogStatusMessages configuration directive permitting to turn off rsyslog start/stop/HUP messages. See Debian ticket http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463793 - bugfix: hostnames with dashes in them were incorrectly treated as malformed, thus causing them to be treated as TAG (this was a regression introduced from the "rfc3164 strict" change in 4.5.0). Testbench has been updated to include a smaple message with a hostname containing a dash. - bugfix: strings improperly reused, resulting in some message properties be populated with strings from previous messages. This was caused by an improper predicate check. - added new config directive $omfileForceChown [import from 4.7.0] --------------------------------------------------------------------------- Version 5.1.4 [DEVEL] (rgerhards), 2009-08-20 - legacy syslog parser changed so that it now accepts date stamps in wrong case. Some devices seem to create them and I do not see any harm in supporting that. - added $InputTCPMaxListeners directive - permits to specify how many TCP servers shall be possible (default is 20). - bugfix: memory leak with some input modules. Those inputs that use parseAndSubmitMsg() leak two small memory blocks with every message. Typically, those process only relatively few messages, so the issue does most probably not have any effect in practice. - bugfix: if tcp listen port could not be created, no error message was emitted - bugfix: discard action did not work (did not discard messages) - bugfix: discard action caused segfault - bugfix: potential segfault in output file writer (omfile) In async write mode, we use modular arithmetic to index the output buffer array. However, the counter variables accidently were signed, thus resulting in negative indizes after integer overflow. That in turn could lead to segfaults, but was depending on the memory layout of the instance in question (which in turn depended on a number of variables, like compile settings but also configuration). The counters are now unsigned (as they always should have been) and so the dangling mis-indexing does no longer happen. This bug potentially affected all installations, even if only some may actually have seen a segfault. --------------------------------------------------------------------------- Version 5.1.3 [DEVEL] (rgerhards), 2009-07-28 - architecture change: queue now always has at least one worker thread if not running in direct mode. Previous versions could run without any active workers. This simplifies the code at a very small expense. See v5 compatibility note document for more in-depth discussion. - enhance: UDP spoofing supported via new output module omudpspoof See the omudpspoof documentation for details and samples - bugfix: message could be truncated after TAG, often when forwarding This was a result of an internal processing error if maximum field sizes had been specified in the property replacer. - bugfix: minor static memory leak while reading configuration did NOT leak based on message volume - internal: added ability to terminate input modules not via pthread_cancel but an alternate approach via pthread_kill. This is somewhat safer as we do not need to think about the cancel-safeness of all libraries we use. However, not all inputs can easily supported, so this now is a feature that can be requested by the input module (the most important ones request it). --------------------------------------------------------------------------- Version 5.1.2 [DEVEL] (rgerhards), 2009-07-08 - bugfix: properties inputname, fromhost, fromhost-ip, msg were lost when working with disk queues - some performance enhancements - bugfix: abort condition when RecvFrom was not set and message reduction was on. Happend e.g. with imuxsock. - added $klogConsoleLogLevel directive which permits to set a new console log level while rsyslog is active - some internal code cleanup --------------------------------------------------------------------------- Version 5.1.1 [DEVEL] (rgerhards), 2009-07-03 - bugfix: huge memory leak in queue engine (made rsyslogd unusable in production). Occured if at least one queue was in direct mode (the default for action queues) - imported many performance optimizations from v4-devel (4.5.0) - bugfix: subtle (and usually irrelevant) issue in timout processing timeout could be one second too early if nanoseconds wrapped - set a more sensible timeout for shutdow, now 1.5 seconds to complete processing (this also removes those cases where the shutdown message was not written because the termination happened before it) --------------------------------------------------------------------------- Version 5.1.0 [DEVEL] (rgerhards), 2009-05-29 *********************************** NOTE ********************************** The v5 versions of rsyslog feature a greatly redesigned queue engine. The major theme for the v5 release is twofold: a) greatly improved performance b) enable audit-grade processing Here, audit-grade processing means that rsyslog, if used together with audit-grade transports and configured correctly, will never lose messages that already have been acknowledged, not even in fatal failure cases like sudden loss of power. Note that large parts of rsyslog's important core components have been restructured to support these design goals. As such, early versions of the engine will probably be less stable than the v3/v4 engine. Also note that the initial versions do not cover all and everything. As usual, the code will evolve toward the final goal as version numbers increase. *********************************** NOTE ********************************** - redesigned queue engine so that it supports ultra-reliable operations This resulted in a rewrite of large parts. The new capability can be used to build audit-grade systems on the basis of rsyslog. - added $MainMsgQueueDequeueBatchSize and $ActionQueueDequeueBatchSize configuration directives - implemented a new transactional output module interface which provides superior performance (for databases potentially far superior performance) - increased ompgsql performance by adapting to new transactional output module interface --------------------------------------------------------------------------- Version 4.8.1 [v4-stable], 2011-09-?? - increased max config file line size to 64k We now also emit an error message if even 64k is not enough (not doing so previously may rightfully be considered as a bug) - bugfix: omprog made rsyslog abort on startup if not binary to execute was configured - bugfix: $ActionExecOnlyOnce interval did not work properly Thanks to Tomas Heinrich for the patch - bugfix: potential abort if ultra-large file io buffers are used and dynafile cache exhausts address space (primarily a problem on 32 bit platforms) - bugfix: potential abort after reading invalid X.509 certificate closes: http://bugzilla.adiscon.com/show_bug.cgi?id=290 Thanks to Tomas Heinrich for the patch. - bugfix: potential fatal abort in omgssapi Thanks to Tomas Heinrich for the patch. - added doc for omprog - FQDN hostname for multihomed host was not always set to the correct name if multiple aliases existed. Thanks to Tomas Heinreich for the patch. - re-licensed larger parts of the codebase under the Apache license 2.0 --------------------------------------------------------------------------- Version 4.8.0 [v4-stable] (rgerhards), 2011-09-07 *************************************************************************** * This is a new stable v4 version. It contains all fixes and enhancements * * made during the 4.7.x phase as well as those listed below. * * Note: major new development to v4 is concluded and will only be done * * for custom projects. * *************************************************************************** There are no changes compared to 4.7.5, just a re-release with the new version number as new v4-stable. The most important new feature is Solaris support. --------------------------------------------------------------------------- Version 4.7.5 [v4-beta], 2011-09-01 - bugfix/security: off-by-two bug in legacy syslog parser, CVE-2011-3200 - bugfix: potential misadressing in property replacer - bugfix: The NUL-Byte for the syslogtag was not copied in MsgDup (msg.c) --------------------------------------------------------------------------- Version 4.7.4 [v4-beta] (rgerhards), 2011-07-11 - added support for the ":omusrmsg:" syntax in configuring user messages - added support for the ":omfile:" syntax in configuring user messages - added $LocalHostName config directive - bugfix: PRI was invalid on Solaris for message from local log socket Version 4.7.3 [v4-devel] (rgerhards), 2010-11-25 - added omuxsock, which permits to write message to local Unix sockets this is the counterpart to imuxsock, enabling fast local forwarding - added imptcp, a simplified, Linux-specific and potentielly fast syslog plain tcp input plugin (NOT supporting TLS!) - bugfix: a couple of problems that imfile had on some platforms, namely Ubuntu (not their fault, but occured there) - bugfix: imfile utilizes 32 bit to track offset. Most importantly, this problem can not experienced on Fedora 64 bit OS (which has 64 bit long's!) - added the $InputFilePersistStateInterval config directive to imfile - changed imfile so that the state file is never deleted (makes imfile more robust in regard to fatal failures) --------------------------------------------------------------------------- Version 4.7.2 [v4-devel] (rgerhards), 2010-05-03 - bugfix: problems with atomic operations emulaton replaced atomic operation emulation with new code. The previous code seemed to have some issue and also limited concurrency severely. The whole atomic operation emulation has been rewritten. - added new $Sleep directive to hold processing for a couple of seconds during startup - bugfix: programname filter in ! configuration can not be reset Thanks to Kiss Gabor for the patch. --------------------------------------------------------------------------- Version 4.7.1 [v4-devel] (rgerhards), 2010-04-22 - Solaris support much improved -- was not truely usable in 4.7.0 Solaris is no longer supported in imklog, but rather there is a new plugin imsolaris, which is used to pull local log sources on a Solaris machine. - testbench improvement: Java is no longer needed for testing tool creation --------------------------------------------------------------------------- Version 4.7.0 [v4-devel] (rgerhards), 2010-04-14 - new: support for Solaris added (but not yet the Solaris door API) - added function getenv() to RainerScript - added new config option $InputUnixListenSocketCreatePath to permit the auto-creation of pathes to additional log sockets. This turns out to be useful if they reside on temporary file systems and rsyslogd starts up before the daemons that create these sockets (rsyslogd always creates the socket itself if it does not exist). - added $LogRSyslogStatusMessages configuration directive permitting to turn off rsyslog start/stop/HUP messages. See Debian ticket http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463793 - added new config directive $omfileForceChown to (try to) fix some broken system configs. See ticket for details: http://bugzilla.adiscon.com/show_bug.cgi?id=150 - added $EscapeControlCharacterTab config directive Thanks to Jonathan Bond-Caron for the patch. - added option to use unlimited-size select() calls Thanks to varmjofekoj for the patch - debugondemand mode caused backgrounding to fail - close to a bug, but I'd consider the ability to background in this mode a new feature... - bugfix (kind of): check if TCP connection is still alive if using TLS Thanks to Jonathan Bond-Caron for the patch. - imported changes from 4.5.7 and below - bugfix: potential segfault when -p command line option was used Thanks for varmojfekoj for pointing me at this bug. - imported changes from 4.5.6 and below --------------------------------------------------------------------------- Version 4.6.8 [v4-stable] (rgerhards), 2011-09-01 - bugfix/security: off-by-two bug in legacy syslog parser, CVE-2011-3200 - bugfix: potential misadressing in property replacer - bugfix: memcpy overflow can occur in allowed sender checking if a name is resolved to IPv4-mapped-on-IPv6 address Found by Ismail Dönmez at suse - bugfix: The NUL-Byte for the syslogtag was not copied in MsgDup (msg.c) --------------------------------------------------------------------------- Version 4.6.7 [v4-stable] (rgerhards), 2011-07-11 - added support for the ":omusrmsg:" syntax in configuring user messages - added support for the ":omfile:" syntax for actions --------------------------------------------------------------------------- Version 4.6.6 [v4-stable] (rgerhards), 2011-06-24 - bugfix: memory leak in imtcp & subsystems under some circumstances This leak is tied to error conditions which lead to incorrect cleanup of some data structures. [backport from v6, limited testing under v4] - bugfix: invalid processing in QUEUE_FULL condition If the the multi-submit interface was used and a QUEUE_FULL condition occured, the failed message was properly destructed. However, the rest of the input batch, if it existed, was not processed. So this lead to potential loss of messages and a memory leak. The potential loss of messages was IMHO minor, because they would have been dropped in most cases due to the queue remaining full, but very few lucky ones from the batch may have made it. Anyhow, this has now been changed so that the rest of the batch is properly tried to be enqueued and, if not possible, destructed. - bugfix: invalid storage type for config variables - bugfix: stream driver mode was not correctly set on tcp ouput on big endian systems. thanks varmojfekoj for the patch - bugfix: IPv6-address could not be specified in omrelp this was due to improper parsing of ":" closes: http://bugzilla.adiscon.com/show_bug.cgi?id=250 - bugfix: memory and file descriptor leak in stream processing Leaks could occur under some circumstances if the file stream handler errored out during the open call. Among others, this could cause very big memory leaks if there were a problem with unreadable disk queue files. In regard to the memory leak, this closes: http://bugzilla.adiscon.com/show_bug.cgi?id=256 - bugfix: imfile potentially duplicates lines This can happen when 0 bytes are read from the input file, and some writer appends data to the file BEFORE we check if a rollover happens. The check for rollover uses the inode and size as a criterion. So far, we checked for equality of sizes, which is not given in this scenario, but that does not indicate a rollover. From the source code comments: Note that when we check the size, we MUST NOT check for equality. The reason is that the file may have been written right after we did try to read (so the file size has increased). That is NOT in indicator of a rollover (this is an actual bug scenario we experienced). So we need to check if the new size is smaller than what we already have seen! Also, under some circumstances an invalid truncation was detected. This code has now been removed, a file change (and thus resent) is only detected if the inode number changes. - bugfix: a couple of problems that imfile had on some platforms, namely Ubuntu (not their fault, but occured there) - bugfix: imfile utilizes 32 bit to track offset. Most importantly, this problem can not experienced on Fedora 64 bit OS (which has 64 bit long's!) - bugfix: abort if imfile reads file line of more than 64KiB Thanks to Peter Eisentraut for reporting and analysing this problem. bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=221 - bugfix: omlibdbi did not use password from rsyslog.con closes: http://bugzilla.adiscon.com/show_bug.cgi?id=203 - bugfix: TCP connection invalidly aborted when messages needed to be discarded (due to QUEUE_FULL or similar problem) - bugfix: a slightly more informative error message when a TCP connections is aborted - bugfix: timestamp was incorrectly calculated for timezones with minute offset closes: http://bugzilla.adiscon.com/show_bug.cgi?id=271 - some improvements thanks to clang's static code analyzer o overall cleanup (mostly unnecessary writes and otherwise unused stuff) o bugfix: fixed a very remote problem in msg.c which could occur when running under extremely low memory conditions --------------------------------------------------------------------------- Version 4.6.5 [v4-stable] (rgerhards), 2010-11-24 - bugfix(important): problem in TLS handling could cause rsyslog to loop in a tight loop, effectively disabling functionality and bearing the risk of unresponsiveness of the whole system. Bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=194 --------------------------------------------------------------------------- Version 4.6.4 [v4-stable] (rgerhards), 2010-08-05 - bugfix: zero-sized (empty) messages were processed by imtcp they are now dropped as they always should have been - bugfix: programname filter in ! configuration can not be reset Thanks to Kiss Gabor for the patch. --------------------------------------------------------------------------- Version 4.6.3 [v4-stable] (rgerhards), 2010-07-07 - improvded testbench - added test with truly random data received via syslog to test robustness - added new configure option that permits to disable and enable an extended testbench - bugfix: segfault on HUP when "HUPIsRestart" was set to "on" thanks varmojfekoj for the patch - bugfix: default for $OMFileFlushOnTXEnd was wrong ("off"). This, in default mode, caused buffered writing to be used, what means that it looked like no output were written or partial lines. Thanks to Michael Biebl for pointing out this bug. - bugfix: testbench failed when not executed in UTC+1 timezone accidently, the time zone information was kept inside some to-be-checked-for responses - temporary bugfix replaced by permanent one for message-induced off-by-one error (potential segfault) (see 4.6.2) The analysis has been completed and a better fix been crafted and integrated. - bugfix: the T/P/E config size specifiers did not work properly under all 32-bit platforms - bugfix: local unix system log socket was deleted even when it was not configured - some doc fixes; incorrect config samples could cause confusion thanks to Anthony Edwards for pointing the problems out --------------------------------------------------------------------------- Version 4.6.2 [v4-stable] (rgerhards), 2010-03-26 - new feature: "." action type added to support writing files to relative pathes (this is primarily meant as a debug aid) - added replacements for atomic instructions on systems that do not support them. [backport of Stefen Sledz' patch for v5) - new feature: $OMFileAsyncWriting directive added it permits to specifiy if asynchronous writing should be done or not - bugfix(temporary): message-induced off-by-one error (potential segfault) Some types of malformed messages could trigger an off-by-one error (for example, \0 or \n as the last character, and generally control character escaption is questionable). This is due to not strictly following a the \0 or string counted string paradigm (during the last optimization on the cstring class). As a temporary fix, we have introduced a proper recalculation of the size. However, a final patch is expected in the future. See bug tracker for further details and when the final patch will be available: http://bugzilla.adiscon.com/show_bug.cgi?id=184 Note that the current patch is considered sufficient to solve the situation, but it requires a bit more runtime than desirable. - bugfix: potential segfault in dynafile cache This bug was triggered by an open failure. The the cache was full and a new entry needed to be placed inside it, a victim for eviction was selected. That victim was freed, then the open of the new file tried. If the open failed, the victim entry was still freed, and the function exited. However, on next invocation and cache search, the victim entry was used as if it were populated, most probably resulting in a segfault. - bugfix: race condition during directory creation If multiple files try to create a directory at (almost) the same time, some of them may fail. This is a data race and also exists with other processes that may create the same directory. We do now check for this condition and gracefully handle it. - bugfix: potential re-use of free()ed file stream object in omfile when dynaCache is enabled, the cache is full, a new entry needs to be allocated, thus the LRU discarded, then a new entry is opend and that fails. In that case, it looks like the discarded stream may be reused improperly (based on code analysis, test case and confirmation pending) - added new property replacer option "date-rfc3164-buggyday" primarily to ease migration from syslog-ng. See property replacer doc for details. [backport from 5.5.3 because urgently needed by some] - improved testbench - bugfix: invalid buffer write in (file) stream class currently being accessed buffer could be overwritten with new data. While this probably did not cause access violations, it could case loss and/or duplication of some data (definitely a race with no deterministic outcome) - bugfix: potential hang condition during filestream close predicate was not properly checked when waiting for the background file writer - bugfix: improper synchronization when "$OMFileFlushOnTXEnd on" was used Internal data structures were not properly protected due to missing mutex calls. - bugfix: potential data loss during file stream shutdown - bugfix: potential problems during file stream shutdown The shutdown/close sequence was not clean, what potentially (but unlikely) could lead to some issues. We have not been able to describe any fatal cases, but there was some bug potential. Sequence has now been straighted out. - bugfix: potential problem (loop, abort) when file write error occured When a write error occured in stream.c, variable iWritten had the error code but this was handled as if it were the actual number of bytes written. That was used in pointer arithmetic later on, and thus could lead to all sorts of problems. However, this could only happen if the error was EINTR or the file in question was a tty. All other cases were handled properly. Now, iWritten is reset to zero in such cases, resulting in proper retries. - bugfix: $omfileFlushOnTXEnd was turned on when set to off and vice versa due to an invalid check - bugfix: recent patch to fix small memory leak could cause invalid free. This could only happen during config file parsing. - bugfix(minor): handling of extremely large strings in dbgprintf() fixed Previously, it could lead to garbagge output and, in extreme cases, also to segfaults. Note: this was a problem only when debug output was actually enabled, so it caused no problem in production use. - bugfix(minor): BSD_SO_COMPAT query function had some global vars not properly initialized. However, in practice the loader initializes them with zero, the desired value, so there were no actual issue in almost all cases. --------------------------------------------------------------------------- Version 4.6.1 [v4-stable] (rgerhards), 2010-03-04 - re-enabled old pipe output (using new module ompipe, built-in) after some problems with pipes (and especially in regard to xconsole) were discovered. Thanks to Michael Biebl for reporting the issues. - bugfix: potential problems with large file support could cause segfault ... and other weird problems. This seemed to affect 32bit-platforms only, but I can not totally outrule there were issues on other platforms as well. The previous code could cause system data types to be defined inconsistently, and that could lead to various troubles. Special thanks go to the Mandriva team for identifying an initial problem, help discussing it and ultimately a fix they contributed. - bugfix: fixed problem that caused compilation on FreeBSD 9.0 to fail. bugtracker: http://bugzilla.adiscon.com/show_bug.cgi?id=181 Thanks to Christiano for reporting. - bugfix: potential segfault in omfile when a dynafile open failed In that case, a partial cache entry was written, and some internal pointers (iCurrElt) not correctly updated. In the next iteration, that could lead to a segfault, especially if iCurrElt then points to the then-partial record. Not very likely, but could happen in practice. - bugfix (theoretical): potential segfault in omfile under low memory condition. This is only a theoretical bug, because it would only happen when strdup() fails to allocate memory - which is highly unlikely and will probably lead to all other sorts of errors. - bugfix: comment char ('#') in literal terminated script parsing and thus could not be used. but tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=119 [merged in from v3.22.2] --------------------------------------------------------------------------- Version 4.6.0 [v4-stable] (rgerhards), 2010-02-24 *************************************************************************** * This is a new stable v4 version. It contains all fixes and enhancements * * made during the 4.5.x phase as well as those listed below. * * Note: this version is scheduled to conclude the v4 development process. * * Do not expect any more new developments in v4. The focus is now * * on v5 (what also means we have a single devel branch again). * * ("development" means new feature development, bug fixes are of * * course provided for v4-stable) * *************************************************************************** - improved testbench to contain samples for totally malformed messages which miss parts of the message content - bugfix: some malformed messages could lead to a missing LF inside files or some other missing parts of the template content. - bugfix: if a message ended immediately with a hostname, the hostname was mistakenly interpreted as TAG, and localhost be used as hostname - bugfix: message without MSG part could case a segfault [backported from v5 commit 98d1ed504ec001728955a5bcd7916f64cd85f39f] This actually was a "recent" regression, but I did not realize that it was introduced by the performance optimization in v4-devel. Shame on me for having two devel versions at the same time... --------------------------------------------------------------------------- Version 4.5.8 [v4-beta] (rgerhards), 2010-02-10 - enhanced doc for using PostgreSQL Thanks to Marc Schiffbauer for the new/updated doc - bugfix: property replacer returned invalid parameters under some (unusual) conditions. In extreme cases, this could lead to garbled logs and/or a system failure. - bugfix: invalid length returned (often) when using regular expressions inside the property replacer - bugfix: submatch regex in property replacer did not honor "return 0 on no match" config case - bugfix: imuxsock incorrectly stated inputname "imudp" Thanks to Ryan Lynch for reporting this. - (slightly) enhanced support for FreeBSD by setting _PATH_MODDIR to the correct value on FreeBSD. Thanks to Cristiano for the patch. - bugfix: -d did not enable display of debug messages regression from introduction of "debug on demand" mode Thanks to Michael Biebl for reporting this bug - bugfix: blanks inside file names did not terminate file name parsing. This could reslult in the whole rest of a line (including comments) to be treated as file name in "write to file" actions. Thanks to Jack for reporting this issue. - bugfix: rsyslog hang when writing to a named pipe which nobody was reading. Thanks to Michael Biebl for reporting this bug. Bugzilla entry: http://bugzilla.adiscon.com/show_bug.cgi?id=169 - bugfix: potential segfaults during queue shutdown (bugs require certain non-standard settings to appear) Thanks to varmojfekoj for the patch --------------------------------------------------------------------------- Version 4.5.7 [v4-beta] (rgerhards), 2009-11-18 - added a so-called "On Demand Debug" mode, in which debug output can be generated only after the process has started, but not right from the beginning. This is assumed to be useful for hard-to-find bugs. Also improved the doc on the debug system. - bugfix (kind of): check if TCP connection is still alive if using TLS Thanks to Jonathan Bond-Caron for the patch. - bugfix: hostname accidently set to IP address for some message sources, for example imudp. Thanks to Anton for reporting this bug. - bugfix [imported from 4.4.3]: $ActionExecOnlyOnceEveryInterval did not work. --------------------------------------------------------------------------- Version 4.5.6 [v4-beta] (rgerhards), 2009-11-05 - bugfix: named pipes did no longer work (they always got an open error) this was a regression from the omfile rewrite in 4.5.0 - bugfix(minor): diag function returned wrong queue memeber count for the main queue if an active DA queue existed. This had no relevance to real deployments (assuming they are not running the debug/diagnostic module...), but sometimes caused grief and false alerts in the testbench. - included some important fixes from v4-stable: * bugfix: invalid handling of zero-sized messages * bugfix: zero-sized UDP messages are no longer processed * bugfix: random data could be appended to message * bugfix: reverse lookup reduction logic in imudp do DNS queries too often - bugfix(testbench): testcase did not properly wait for rsyslod shutdown thus some unpredictable behavior and a false negative test result could occur. [BACKPORTED from v5] - bugfix(testbench): sequence check was not always performed correctly, that could result in tests reporting success when they actually failed --------------------------------------------------------------------------- Version 4.5.5 [v4-beta] (rgerhards), 2009-10-21 - added $InputTCPServerNotifyOnConnectionClose config directive see doc for details - bugfix: debug string larger than 1K were improperly displayed. Max size is now 32K - bugfix: invalid storage class selected for some size config parameters. This resulted in wrong values. The most prominent victim was the directory creation mode, which was set to zero in some cases. For details, see related blog post: http://blog.gerhards.net/2009/10/another-note-on-hard-to-find-bugs.html --------------------------------------------------------------------------- Version 4.5.4 [v4-beta] (rgerhards), 2009-09-29 - bugfix: potential segfault in stream writer on destruction Most severely affected omfile. The problem was that some buffers were freed before the asynchronous writer thread was shut down. So the writer thread accessed invalid data, which may even already be overwritten. Symptoms (with omfile) were segfaults, grabled data and files with random names placed around the file system (most prominently into the root directory). Special thanks to Aaron for helping to track this down. - bugfix: potential race in object loader (obj.c) during use/release of object interface - bugfixes: potential problems in out file zip writer. Problems could lead to abort and/or memory leak. The module is now hardened in a very conservative way, which is sub-optimal from a performance point of view. This should be improved if it has proven reliable in practice. --------------------------------------------------------------------------- Version 4.5.3 [v4-beta] (rgerhards), 2009-09-17 - bugfix: repeated messages were incorrectly processed this could lead to loss of the repeated message content. As a side- effect, it could probably also be possible that some segfault occurs (quite unlikely). The root cause was that some counters introduced during the malloc optimizations were not properly duplicated in MsgDup(). Note that repeated message processing is not enabled by default. - bugfix: message sanitation had some issues: - control character DEL was not properly escaped - NUL and LF characters were not properly stripped if no control character replacement was to be done - NUL characters in the message body were silently dropped (this was a regeression introduced by some of the recent optimizations) - bugfix: strings improperly reused, resulting in some message properties be populated with strings from previous messages. This was caused by an improper predicate check. [backported from v5] - fixed some minor portability issues - bugfix: reverse lookup reduction logic in imudp do DNS queries too often [imported from 4.4.2] --------------------------------------------------------------------------- Version 4.5.2 [v4-beta] (rgerhards), 2009-08-21 - legacy syslog parser changed so that it now accepts date stamps in wrong case. Some devices seem to create them and I do not see any harm in supporting that. - added $InputTCPMaxListeners directive - permits to specify how many TCP servers shall be possible (default is 20). - bugfix: memory leak with some input modules. Those inputs that use parseAndSubmitMsg() leak two small memory blocks with every message. Typically, those process only relatively few messages, so the issue does most probably not have any effect in practice. - bugfix: if tcp listen port could not be created, no error message was emitted - bugfix: potential segfault in output file writer (omfile) In async write mode, we use modular arithmetic to index the output buffer array. However, the counter variables accidently were signed, thus resulting in negative indizes after integer overflow. That in turn could lead to segfaults, but was depending on the memory layout of the instance in question (which in turn depended on a number of variables, like compile settings but also configuration). The counters are now unsigned (as they always should have been) and so the dangling mis-indexing does no longer happen. This bug potentially affected all installations, even if only some may actually have seen a segfault. - bugfix: hostnames with dashes in them were incorrectly treated as malformed, thus causing them to be treated as TAG (this was a regression introduced from the "rfc3164 strict" change in 4.5.0). --------------------------------------------------------------------------- Version 4.5.1 [DEVEL] (rgerhards), 2009-07-15 - CONFIG CHANGE: $HUPisRestart default is now "off". We are doing this to support removal of restart-type HUP in v5. - bugfix: fromhost-ip was sometimes truncated - bugfix: potential segfault when zip-compressed syslog records were received (double free) - bugfix: properties inputname, fromhost, fromhost-ip, msg were lost when working with disk queues - performance enhancement: much faster, up to twice as fast (depending on configuration) - bugfix: abort condition when RecvFrom was not set and message reduction was on. Happend e.g. with imuxsock. - added $klogConsoleLogLevel directive which permits to set a new console log level while rsyslog is active - bugfix: message could be truncated after TAG, often when forwarding This was a result of an internal processing error if maximum field sizes had been specified in the property replacer. - added ability for the TCP output action to "rebind" its send socket after sending n messages (actually, it re-opens the connection, the name is used because this is a concept very similiar to $ActionUDPRebindInterval). New config directive $ActionSendTCPRebindInterval added for the purpose. By default, rebinding is disabled. This is considered useful for load balancers. - testbench improvements --------------------------------------------------------------------------- Version 4.5.0 [DEVEL] (rgerhards), 2009-07-02 - activation order of inputs changed, they are now activated only after privileges are dropped. Thanks to Michael Terry for the patch. - greatly improved performance - greatly reduced memory requirements of msg object to around half of the previous demand. This means that more messages can be stored in core! Due to fewer cache misses, this also means some performance improvement. - improved config error messages: now contain a copy of the config line that (most likely) caused the error - reduced max value for $DynaFileCacheSize to 1,000 (the former maximum of 10,000 really made no sense, even 1,000 is very high, but we like to keep the user in control ;)). - added capability to fsync() queue disk files for enhanced reliability (also add's speed, because you do no longer need to run the whole file system in sync mode) - more strict parsing of the hostname in rfc3164 mode, hopefully removes false positives (but may cause some trouble with hostname parsing). For details, see this bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=126 - omfile rewrite to natively support zip files (includes large extension of the stream class) - added configuration commands (see doc for explanations) * $OMFileZipLevel * $OMFileIOBufferSize * $OMFileFlushOnTXEnd * $MainMsgQueueSyncQueueFiles * $ActionQueueSyncQueueFiles - done some memory accesses explicitely atomic - bugfix: subtle (and usually irrelevant) issue in timout processing timeout could be one second too early if nanoseconds wrapped - set a more sensible timeout for shutdow, now 1.5 seconds to complete processing (this also removes those cases where the shutdown message was not written because the termination happened before it) - internal bugfix: object pointer was only reset to NULL when an object was actually destructed. This most likely had no effect to existing code, but it may also have caused trouble in remote cases. Similarly, the fix may also cause trouble... - bugfix: missing initialization during timestamp creation This could lead to timestamps written in the wrong format, but not to an abort --------------------------------------------------------------------------- Version 4.4.3 [v4-stable] (rgerhards), 2009-10-?? - bugfix: several smaller bugs resolved after flexelint review Thanks to varmojfekoj for the patch. - bugfix: $ActionExecOnlyOnceEveryInterval did not work. This was a regression from the time() optimizations done in v4. Bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=143 Thanks to Klaus Tachtler for reporting this bug. - bugfix: potential segfault on queue shutdown Thanks to varmojfekoj for the patch. - bugfix: potential hang condition on queue shutdown [imported from v3-stable] - bugfix: segfault on startup when -q or -Q option was given [imported from v3-stable] --------------------------------------------------------------------------- Version 4.4.2 [v4-stable] (rgerhards), 2009-10-09 - bugfix: invalid handling of zero-sized messages, could lead to mis- addressing and potential memory corruption/segfault - bugfix: zero-sized UDP messages are no longer processed until now, they were forwarded to processing, but this makes no sense Also, it looks like the system seems to provide a zero return code on a UDP recvfrom() from time to time for some internal reasons. These "receives" are now silently ignored. - bugfix: random data could be appended to message, possibly causing segfaults - bugfix: reverse lookup reduction logic in imudp do DNS queries too often A comparison was done between the current and the former source address. However, this was done on the full sockaddr_storage structure and not on the host address only. This has now been changed for IPv4 and IPv6. The end result of this bug could be a higher UDP message loss rate than necessary (note that UDP message loss can not totally be avoided due to the UDP spec) --------------------------------------------------------------------------- Version 4.4.1 [v4-stable] (rgerhards), 2009-09-02 - features requiring Java are automatically disabled if Java is not present (thanks to Michael Biebl for his help!) - bugfix: invalid double-quoted PRI, among others in outgoing messages This causes grief with all receivers. Bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=147 - bugfix: Java testing tools were required, even if testbench was disabled This resulted in build errors if no Java was present on the build system, even though none of the selected option actually required Java. (I forgot to backport a similar fix to newer releases). - bugfix (backport): omfwd segfault Note that the orginal (higher version) patch states this happens only when debugging mode is turned on. That statement is wrong: if debug mode is turned off, the message is not being emitted, but the division by zero in the actual parameters still happens. --------------------------------------------------------------------------- Version 4.4.0 [v4-stable] (rgerhards), 2009-08-21 - bugfix: stderr/stdout were not closed to be able to emit error messages, but this caused ssh sessions to hang. Now we close them after the initial initialization. See forum thread: http://kb.monitorware.com/controlling-terminal-issues-t9875.html - bugfix: sending syslog messages with zip compression did not work --------------------------------------------------------------------------- Version 4.3.2 [v4-beta] (rgerhards), 2009-06-24 - removed long-obsoleted property UxTradMsg - added a generic network stream server (in addition to rather specific syslog tcp server) - added ability for the UDP output action to rebind its send socket after sending n messages. New config directive $ActionSendUDPRebindInterval added for the purpose. By default, rebinding is disabled. This is considered useful for load balancers. - bugfix: imdiag/imtcp had a race condition - improved testbench (now much better code design and reuse) - added config switch --enable-testbench=no to turn off testbench --------------------------------------------------------------------------- Version 4.3.1 [DEVEL] (rgerhards), 2009-05-25 - added capability to run multiple tcp listeners (on different ports) - performance enhancement: imtcp calls parser no longer on input thread but rather inside on of the potentially many main msg queue worker threads (an enhancement scheduled for all input plugins where this is possible) - added $GenerateConfigGraph configuration command which can be used to generate nice-looking (and very informative) rsyslog configuration graphs. - added $ActionName configuration directive (currently only used for graph generation, but may find other uses) - improved doc * added (hopefully) easier to grasp queue explanation - improved testbench * added tests for queue disk-only mode (checks disk queue logic) - bugfix: light and full delay watermarks had invalid values, badly affecting performance for delayable inputs - build system improvements - thanks to Michael Biebl - added new testing module imdiag, which enables to talk to the rsyslog core at runtime. The current implementation is only a beginning, but can be expanded over time --------------------------------------------------------------------------- Version 4.3.0 [DEVEL] (rgerhards), 2009-04-17 - new feature: new output plugin omprog, which permits to start program and feed it (via its stdin) with syslog messages. If the program terminates, it is restarted. - improved internal handling of RainerScript functions, building the necessary plumbing to support more functions with decent runtime performance. This is also necessary towards the long-term goal of loadable library modules. - added new RainerScript function "tolower" - improved testbench * added tests for tcp-based reception * added tcp-load test (1000 connections, 20,000 messages) - added $MaxOpenFiles configuration directive - bugfix: solved potential memory leak in msg processing, could manifest itself in imtcp - bugfix: ompgsql did not detect problems in sql command execution this could cause loss of messages. The handling was correct if the connection broke, but not if there was a problem with statement execution. The most probable case for such a case would be invalid sql inside the template, and this is now much easier to diagnose. --------------------------------------------------------------------------- Version 4.2.0 [v4-stable] (rgerhards), 2009-06-23 - bugfix: light and full delay watermarks had invalid values, badly affecting performance for delayable inputs - imported all patches from 3.22.1 as of today (see below) - bugfix: compile problems in im3195 --------------------------------------------------------------------------- Version 4.1.7 [BETA] (rgerhards), 2009-04-22 - bugfix: $InputTCPMaxSessions config directive was accepted, but not honored. This resulted in a fixed upper limit of 200 connections. - bugfix: the default for $DirCreateMode was 0644, and as such wrong. It has now been changed to 0700. For some background, please see http://lists.adiscon.net/pipermail/rsyslog/2009-April/001986.html - bugfix: ompgsql did not detect problems in sql command execution this could cause loss of messages. The handling was correct if the connection broke, but not if there was a problem with statement execution. The most probable case for such a case would be invalid sql inside the template, and this is now much easier to diagnose. --------------------------------------------------------------------------- Version 4.1.6 [DEVEL] (rgerhards), 2009-04-07 - added new "csv" property replacer options to enable simple creation of CSV-formatted outputs (format from RFC4180 is used) - implemented function support in RainerScript. That means the engine parses and compile functions, as well as executes a few build-in ones. Dynamic loading and registration of functions is not yet supported - but we now have a good foundation to do that later on. - implemented the strlen() RainerScript function - added a template output module - added -T rsyslogd command line option, enables to specify a directory where to chroot() into on startup. This is NOT a security feature but introduced to support testing. Thus, -T does not make sure chroot() is used in a secure way. (may be removed later) - added omstdout module for testing purposes. Spits out all messages to stdout - no config option, no other features - added a parser testing suite (still needs to be extended, but a good start) - modified $ModLoad statement so that for modules whom's name starts with a dot, no path is prepended (this enables relative-pathes and should not break any valid current config) - fixed a bug that caused action retries not to work correctly situation was only cleared by a restart - bugfix: closed dynafile was potentially never written until another dynafile name was generated - potential loss of messages - improved omfile so that it properly suspends itself if there is an i/o or file name generation error. This enables it to be used with the full high availability features of rsyslog's engine - bugfix: fixed some segaults on Solaris, where vsprintf() does not check for NULL pointers - improved performance of regexp-based filters Thanks to Arnaud Cornet for providing the idea and initial patch. - added a new way how output plugins may be passed parameters. This is more effcient for some outputs. They new can receive fields not only as a single string but rather in an array where each string is seperated. - added (some) developer documentation for output plugin interface - bugfix: potential abort with DA queue after high watermark is reached There exists a race condition that can lead to a segfault. Thanks go to vbernetr, who performed the analysis and provided patch, which I only tweaked a very little bit. - bugfix: imtcp did incorrectly parse hostname/tag Thanks to Luis Fernando Muñoz Mejías for the patch. --------------------------------------------------------------------------- Version 4.1.5 [DEVEL] (rgerhards), 2009-03-11 - bugfix: parser did not correctly parse fields in UDP-received messages - added ERE support in filter conditions new comparison operation "ereregex" - added new config directive $RepeatedMsgContainsOriginalMsg so that the "last message repeated n times" messages, if generated, may have an alternate format that contains the message that is being repeated --------------------------------------------------------------------------- Version 4.1.4 [DEVEL] (rgerhards), 2009-01-29 - bugfix: inconsistent use of mutex/atomic operations could cause segfault details are too many, for full analysis see blog post at: http://blog.gerhards.net/2009/01/rsyslog-data-race-analysis.html - bugfix: unitialized mutex was used in msg.c:getPRI This was subtle, because getPRI is called as part of the debugging code (always executed) in syslogd.c:logmsg. - bufgix: $PreserveFQDN was not properly handled for locally emitted messages --------------------------------------------------------------------------- Version 4.1.3 [DEVEL] (rgerhards), 2008-12-17 - added $InputTCPServerAddtlFrameDelimiter config directive, which enables to specify an additional, non-standard message delimiter for processing plain tcp syslog. This is primarily a fix for the invalid framing used in Juniper's NetScreen products. Credit to forum user Arv for suggesting this solution. - added $InputTCPServerInputName property, which enables a name to be specified that will be available during message processing in the inputname property. This is considered useful for logic that treats messages differently depending on which input received them. - added $PreserveFQDN config file directive Enables to use FQDNs in sender names where the legacy default would have stripped the domain part. Thanks to BlinkMind, Inc. http://www.blinkmind.com for sponsoring this development. - bugfix: imudp went into an endless loop under some circumstances (but could also leave it under some other circumstances...) Thanks to David Lang and speedfox for reporting this issue. --------------------------------------------------------------------------- Version 4.1.2 [DEVEL] (rgerhards), 2008-12-04 - bugfix: code did not compile without zlib - security bugfix: $AllowedSender was not honored, all senders were permitted instead (see http://www.rsyslog.com/Article322.phtml) - security fix: imudp emitted a message when a non-permitted sender tried to send a message to it. This behaviour is operator-configurable. If enabled, a message was emitted each time. That way an attacker could effectively fill the disk via this facility. The message is now emitted only once in a minute (this currently is a hard-coded limit, if someone comes up with a good reason to make it configurable, we will probably do that). - doc bugfix: typo in v3 compatibility document directive syntax thanks to Andrej for reporting - imported other changes from 3.21.8 and 3.20.1 (see there) --------------------------------------------------------------------------- Version 4.1.1 [DEVEL] (rgerhards), 2008-11-26 - added $PrivDropToGroup, $PrivDropToUser, $PrivDropToGroupID, $PrivDropToUserID config directives to enable dropping privileges. This is an effort to provide a security enhancement. For the limits of this approach, see http://wiki.rsyslog.com/index.php/Security - re-enabled imklog to compile on FreeBSD (brought in from beta) --------------------------------------------------------------------------- Version 4.1.0 [DEVEL] (rgerhards), 2008-11-18 ********************************* WARNING ********************************* This version has a slightly different on-disk format for message entries. As a consequence, old queue files being read by this version may have an invalid output timestamp, which could result to some malfunction inside the output driver. It is recommended to drain queues with the previous version before switching to this one. ********************************* WARNING ********************************* - greatly enhanced performance when compared to v3. - added configuration directive "HUPisRestart" which enables to configure HUP to be either a full restart or "just" a leightweight way to close open files. - enhanced legacy syslog parser to detect year if part of the timestamp the format is based on what Cisco devices seem to emit. - added a setting "$OptimizeForUniprocessor" to enable users to turn off pthread_yield calls which are counter-productive on multiprocessor machines (but have been shown to be useful on uniprocessors) - reordered imudp processing. Message parsing is now done as part of main message queue worker processing (was part of the input thread) This should also improve performance, as potentially more work is done in parallel. - bugfix: compressed syslog messages could be slightly mis-uncompressed if the last byte of the compressed record was a NUL - added $UDPServerTimeRequery option which enables to work with less acurate timestamps in favor of performance. This enables querying of the time only every n-th time if imudp is running in the tight receive loop (aka receiving messsages at a high rate) - doc bugfix: queue doc had wrong parameter name for setting controlling worker thread shutdown period - restructured rsyslog.conf documentation - bugfix: memory leak in ompgsql Thanks to Ken for providing the patch --------------------------------------------------------------------------- Version 3.22.4 [v3-stable] (rgerhards), 2010-??-?? - bugfix: action resume interval incorrectly handled, thus took longer to resume - bugfix: cosmetic: proper constant used instead of number in open call - bugfix: timestamp was incorrectly calculated for timezones with minute offset closes: http://bugzilla.adiscon.com/show_bug.cgi?id=271 - improved some code based on clang static analyzer results - bugfix: potential misadressing in property replacer --------------------------------------------------------------------------- Version 3.22.3 [v3-stable] (rgerhards), 2010-11-24 - bugfix(important): problem in TLS handling could cause rsyslog to loop in a tight loop, effectively disabling functionality and bearing the risk of unresponsiveness of the whole system. Bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=194 --------------------------------------------------------------------------- Version 3.22.2 [v3-stable] (rgerhards), 2010-08-05 - bugfix: comment char ('#') in literal terminated script parsing and thus could not be used. but tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=119 - enhance: imrelp now also provides remote peer's IP address [if librelp != 1.0.0 is used] - bugfix: sending syslog messages with zip compression did not work - bugfix: potential hang condition on queue shutdown - bugfix: segfault on startup when -q or -Q option was given bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=157 Thanks to Jonas Nogueira for reporting this bug. - clarified use of $ActionsSendStreamDriver[AuthMode/PermittedPeers] in doc set (require TLS drivers) - bugfix: $CreateDirs variable not properly initialized, default thus was random (but most often "on") - bugfix: potential segfault when -p command line option was used thanks to varmojfekoj for pointing me at this bug - bugfix: programname filter in ! configuration can not be reset Thanks to Kiss Gabor for the patch. --------------------------------------------------------------------------- Version 3.22.1 [v3-stable] (rgerhards), 2009-07-02 - bugfix: invalid error message issued if $inlcudeConfig was on an empty set of files (e.g. *.conf, where none such files existed) thanks to Michael Biebl for reporting this bug - bugfix: when run in foreground (but not in debug mode), a debug message ("DoDie called") was emitted at shutdown. Removed. thanks to Michael Biebl for reporting this bug - bugfix: some garbagge was emitted to stderr on shutdown. This garbage consisted of file names, which were written during startup (key point: not a pointer error) thanks to Michael Biebl for reporting this bug - bugfix: startup and shutdown message were emitted to stdout thanks to Michael Biebl for reporting this bug - bugfix: error messages were not emitted to stderr in forked mode (stderr and stdo are now kept open across forks) - bugfix: internal messages were emitted to whatever file had fd2 when rsyslogd ran in forked mode (as usual!) Thanks to varmojfekoj for the patch - small enhancement: config validation run now exits with code 1 if an error is detected. This change is considered important but small enough to apply it directly to the stable version. [But it is a border case, the change requires more code than I had hoped. Thus I have NOT tried to actually catch all cases, this is left for the current devel releases, if necessary] - bugfix: light and full delay watermarks had invalid values, badly affecting performance for delayable inputs - bugfix: potential segfault issue when multiple $UDPServerRun directives are specified. Thanks to Michael Biebl for helping to debug this one. - relaxed GnuTLS version requirement to 1.4.0 after confirmation from the field that this version is sufficient - bugfix: parser did not properly handle empty structured data - bugfix: invalid mutex release in msg.c (detected under thread debugger, seems not to have any impact on actual deployments) --------------------------------------------------------------------------- Version 3.22.0 [v3-stable] (rgerhards), 2009-04-21 This is the first stable release that includes the full functionality of the 3.21.x version tree. - bugfix: $InputTCPMaxSessions config directive was accepted, but not honored. This resulted in a fixed upper limit of 200 connections. - bugfix: the default for $DirCreateMode was 0644, and as such wrong. It has now been changed to 0700. For some background, please see http://lists.adiscon.net/pipermail/rsyslog/2009-April/001986.html - bugfix: ompgsql did not detect problems in sql command execution this could cause loss of messages. The handling was correct if the connection broke, but not if there was a problem with statement execution. The most probable case for such a case would be invalid sql inside the template, and this is now much easier to diagnose. --------------------------------------------------------------------------- Version 3.21.11 [BETA] (rgerhards), 2009-04-03 - build system improvements contributed by Michael Biebl - thx! - all patches from 3.20.5 incorporated (see it's ChangeLog entry) --------------------------------------------------------------------------- Version 3.21.10 [BETA] (rgerhards), 2009-02-02 - bugfix: inconsistent use of mutex/atomic operations could cause segfault details are too many, for full analysis see blog post at: http://blog.gerhards.net/2009/01/rsyslog-data-race-analysis.html - the string "Do Die" was accidently emited upon exit in non-debug mode This has now been corrected. Thanks to varmojfekoj for the patch. - some legacy options were not correctly processed. Thanks to varmojfekoj for the patch. - doc bugfix: v3-compatiblity document had typo in config directive thanks to Andrej for reporting this --------------------------------------------------------------------------- Version 3.21.9 [BETA] (rgerhards), 2008-12-04 - re-release of 3.21.8 with an additional fix, that could also lead to DoS; 3.21.8 has been removed from the official download archives - security fix: imudp emitted a message when a non-permitted sender tried to send a message to it. This behaviour is operator-configurable. If enabled, a message was emitted each time. That way an attacker could effectively fill the disk via this facility. The message is now emitted only once in a minute (this currently is a hard-coded limit, if someone comes up with a good reason to make it configurable, we will probably do that). --------------------------------------------------------------------------- Version 3.21.8 [BETA] (rgerhards), 2008-12-04 - bugfix: imklog did not compile on FreeBSD - security bugfix: $AllowedSender was not honored, all senders were permitted instead (see http://www.rsyslog.com/Article322.phtml) - merged in all other changes from 3.20.1 (see there) --------------------------------------------------------------------------- Version 3.21.7 [BETA] (rgerhards), 2008-11-11 - this is the new beta branch, based on the former 3.21.6 devel - new functionality: ZERO property replacer nomatch option (from v3-stable) --------------------------------------------------------------------------- Version 3.21.6 [DEVEL] (rgerhards), 2008-10-22 - consolidated time calls during msg object creation, improves performance and consistency - bugfix: solved a segfault condition - bugfix: subsecond time properties generated by imfile, imklog and internal messages could be slightly inconsistent - bugfix: (potentially big) memory leak on HUP if queues could not be drained before timeout - thanks to David Lang for pointing this out - added capability to support multiple module search pathes. Thank to Marius Tomaschewski for providing the patch. - bugfix: im3195 did no longer compile - improved "make distcheck" by ensuring everything relevant is recompiled --------------------------------------------------------------------------- Version 3.21.5 [DEVEL] (rgerhards), 2008-09-30 - performance optimization: unnecessary time() calls during message parsing removed - thanks to David Lang for his excellent performance analysis - added new capability to property replacer: multiple immediately successive field delimiters are treated as a single one. Thanks to Zhuang Yuyao for the patch. - added message property "inputname", which contains the name of the input (module) that generated it. Presence is depending on suport in each input module (else it is blank). - added system property "$myhostname", which contains the name of the local host as it knows itself. - imported a number of fixes and enhancements from the stable and devel branches, including a fix to a potential segfault on HUP when using UDP listners - re-enabled gcc builtin atomic operations and added a proper ./configure check - bugfix: potential race condition when adding messages to queue There was a wrong order of mutex lock operations. It is hard to believe that really caused problems, but in theory it could and with threading we often see that theory becomes practice if something is only used long enough on a fast enough machine with enough CPUs ;) - cleaned up internal debug system code and made it behave better in regard to multi-threading --------------------------------------------------------------------------- Version 3.21.4 [DEVEL] (rgerhards), 2008-09-04 - removed compile time fixed message size limit (was 2K), limit can now be set via $MaxMessageSize global config directive (finally gotten rid of MAXLINE ;)) - enhanced doc for $ActionExecOnlyEveryNthTimeTimeout - integrated a number of patches from 3.18.4, namely - bugfix: order-of magnitude issue with base-10 size definitions in config file parser. Could lead to invalid sizes, constraints etc for e.g. queue files and any other object whose size was specified in base-10 entities. Did not apply to binary entities. Thanks to RB for finding this bug and providing a patch. - bugfix: action was not called when system time was set backwards (until the previous time was reached again). There are still some side-effects when time is rolled back (A time rollback is really a bad thing to do, ideally the OS should issue pseudo time (like NetWare did) when the user tries to roll back time). Thanks to varmojfekoj for this patch. - doc bugfix: rsyslog.conf man page improved and minor nit fixed thanks to Lukas Kuklinek for the patch. --------------------------------------------------------------------------- Version 3.21.3 [DEVEL] (rgerhards), 2008-08-13 - added ability to specify flow control mode for imuxsock - added ability to execute actions only after the n-th call of the action This also lead to the addition of two new config directives: $ActionExecOnlyEveryNthTime and $ActionExecOnlyEveryNthTimeTimeout This feature is useful, for example, for alerting: it permits you to send an alert only after at least n occurences of a specific message have been seen by rsyslogd. This protectes against false positives due to waiting for additional confirmation. - bugfix: IPv6 addresses could not be specified in forwarding actions New syntax @[addr]:port introduced to enable that. Root problem was IPv6 addresses contain colons. - somewhat enhanced debugging messages - imported from 3.18.3: - enhanced ommysql to support custom port to connect to server Port can be set via new $ActionOmmysqlServerPort config directive Note: this was a very minor change and thus deemed appropriate to be done in the stable release. - bugfix: misspelled config directive, previously was $MainMsgQueueWorkeTimeoutrThreadShutdown, is now $MainMsgQueueWorkerTimeoutThreadShutdown. Note that the misspelled directive is not preserved - if the misspelled directive was used (which I consider highly unlikely), the config file must be changed. Thanks to lperr for reporting the bug. --------------------------------------------------------------------------- Version 3.21.2 [DEVEL] (rgerhards), 2008-08-04 - added $InputUnixListenSocketHostName config directive, which permits to override the hostname being used on a local unix socket. This is useful for differentiating "hosts" running in several jails. Feature was suggested by David Darville, thanks for the suggestion. - enhanced ommail to support multiple email recipients. This is done by specifying $ActionMailTo multiple times. Note that this introduces a small incompatibility to previous config file syntax: the recipient list is now reset for each action (we honestly believe that will not cause any problem - apologies if it does). - enhanced troubleshooting documentation --------------------------------------------------------------------------- Version 3.21.1 [DEVEL] (rgerhards), 2008-07-30 - bugfix: no error was reported if the target of a $IncludeConfig could not be accessed. - added testbed for common config errors - added doc for -u option to rsyslogd man page - enhanced config file checking - no active actions are detected - added -N rsyslogd command line option for a config validation run (which does not execute actual syslogd code and does not interfere with a running instance) - somewhat improved emergency configuration. It is now also selected if the config contains no active actions - rsyslogd error messages are now reported to stderr by default. can be turned off by the new "$ErrorMessagesToStderr off" directive Thanks to HKS for suggesting the new features. --------------------------------------------------------------------------- Version 3.21.0 [DEVEL] (rgerhards), 2008-07-18 - starts a new devel branch - added a generic test driver for RainerScript plus some test cases to the testbench - added a small diagnostic tool to obtain result of gethostname() API - imported all changes from 3.18.1 until today (some quite important, see below) --------------------------------------------------------------------------- Version 3.20.6 [v3-stable] (rgerhards), 2009-04-16 - this is the last v3-stable for the 3.20.x series - bugfix: $InputTCPMaxSessions config directive was accepted, but not honored. This resulted in a fixed upper limit of 200 connections. - bugfix: the default for $DirCreateMode was 0644, and as such wrong. It has now been changed to 0700. For some background, please see http://lists.adiscon.net/pipermail/rsyslog/2009-April/001986.html --------------------------------------------------------------------------- Version 3.20.5 [v3-stable] (rgerhards), 2009-04-02 - bugfix: potential abort with DA queue after high watermark is reached There exists a race condition that can lead to a segfault. Thanks go to vbernetr, who performed the analysis and provided patch, which I only tweaked a very little bit. - fixed bugs in RainerScript: o when converting a number and a string to a common type, both were actually converted to the other variable's type. o the value of rsCStrConvertToNumber() was miscalculated. Thanks to varmojfekoj for the patch - fixed a bug in configure.ac which resulted in problems with environment detection - thanks to Michael Biebl for the patch - fixed a potential segfault problem in gssapi code thanks to varmojfekoj for the patch - doc enhance: provide standard template for MySQL module and instructions on how to modify schema --------------------------------------------------------------------------- Version 3.20.4 [v3-stable] (rgerhards), 2009-02-09 - bugfix: inconsistent use of mutex/atomic operations could cause segfault details are too many, for full analysis see blog post at: http://blog.gerhards.net/2009/01/rsyslog-data-race-analysis.html - bugfix: invalid ./configure settings for RFC3195 thanks to Michael Biebl for the patch - bugfix: invalid mutex access in msg.c - doc bugfix: dist tarball missed 2 files, had one extra file that no longer belongs into it. Thanks to Michael Biebl for pointing this out. --------------------------------------------------------------------------- Version 3.20.3 [v3-stable] (rgerhards), 2009-01-19 - doc bugfix: v3-compatiblity document had typo in config directive thanks to Andrej for reporting this - fixed a potential segfault condition with $AllowedSender directive On HUP, the root pointers were not properly cleaned up. Thanks to Michael Biebel, olgoat, and Juha Koho for reporting and analyzing the bug. --------------------------------------------------------------------------- Version 3.20.2 [v3-stable] (rgerhards), 2008-12-04 - re-release of 3.20.1 with an additional fix, that could also lead to DoS; 3.20.1 has been removed from the official download archives - security fix: imudp emitted a message when a non-permitted sender tried to send a message to it. This behaviour is operator-configurable. If enabled, a message was emitted each time. That way an attacker could effectively fill the disk via this facility. The message is now emitted only once in a minute (this currently is a hard-coded limit, if someone comes up with a good reason to make it configurable, we will probably do that). --------------------------------------------------------------------------- Version 3.20.1 [v3-stable] (rgerhards), 2008-12-04 - security bugfix: $AllowedSender was not honored, all senders were permitted instead - enhance: regex nomatch option "ZERO" has been added This allows to return the string 0 if a regular expression is not found. This is probably useful for storing numerical values into database columns. - bugfix: memory leak in gtls netstream driver fixed memory was lost each time a TLS session was torn down. This could result in a considerable memory leak if it happened quite frequently (potential system crash condition) - doc update: documented how to specify multiple property replacer options + link to new online regex generator tool added - minor bufgfix: very small memory leak in gtls netstream driver around a handful of bytes (< 20) for each HUP - improved debug output for regular expressions inside property replacer RE's seem to be a big trouble spot and I would like to have more information inside the debug log. So I decided to add some additional debug strings permanently. --------------------------------------------------------------------------- Version 3.20.0 [v3-stable] (rgerhards), 2008-11-05 - this is the inital release of the 3.19.x branch as a stable release - bugfix: double-free in pctp netstream driver. Thank to varmojfeko for the patch --------------------------------------------------------------------------- Version 3.19.12 [BETA] (rgerhards), 2008-10-16 - bugfix: subseconds where not correctly extracted from a timestamp if that timestamp did not contain any subsecond information (the resulting string was garbagge but should have been "0", what it now is). - increased maximum size of a configuration statement to 4K (was 1K) - imported all fixes from the stable branch (quite a lot) - bugfix: (potentially big) memory leak on HUP if queues could not be drained before timeout - thanks to David Lang for pointing this out --------------------------------------------------------------------------- Version 3.19.11 [BETA] (rgerhards), 2008-08-25 This is a refresh of the beta. No beta-specific fixes have been added. - included fixes from v3-stable (most importantly 3.18.3) --------------------------------------------------------------------------- Version 3.19.10 [BETA] (rgerhards), 2008-07-15 - start of a new beta branch based on former 3.19 devel branch - bugfix: bad memory leak in disk-based queue modes - bugfix: UDP syslog forwarding did not work on all platforms the ai_socktype was incorrectly set to 1. On some platforms, this lead to failing name resolution (e.g. FreeBSD 7). Thanks to HKS for reporting the bug. - bugfix: priority was incorrectly calculated on FreeBSD 7, because the LOG_MAKEPRI() C macro has a different meaning there (it is just a simple addition of faciltity and severity). I have changed this to use own, consistent, code for PRI calculation. Thank to HKS for reporting this bug. - bugfix (cosmetical): authorization was not checked when gtls handshake completed immediately. While this sounds scary, the situation can not happen in practice. We use non-blocking IO only for server-based gtls session setup. As TLS requires the exchange of multiple frames before the handshake completes, it simply is impossible to do this in one step. However, it is useful to have the code path correct even for this case - otherwise, we may run into problems if the code is changed some time later (e.g. to use blocking sockets). Thanks to varmojfekoj for providing the patch. - important queue bugfix from 3.18.1 imported (see below) - cleanup of some debug messages --------------------------------------------------------------------------- Version 3.19.9 (rgerhards), 2008-07-07 - added tutorial for creating a TLS-secured syslog infrastructure - rewritten omusrmsg to no longer fork() a new process for sending messages this caused some problems with the threading model, e.g. zombies. Also, it was far less optimal than it is now. - bugfix: machine certificate was required for client even in TLS anon mode Reference: http://bugzilla.adiscon.com/show_bug.cgi?id=85 The fix also slightly improves performance by not storing certificates in client sessions when there is no need to do so. - bugfix: RainerScript syntax error was not always detected --------------------------------------------------------------------------- Version 3.19.8 (rgerhards), 2008-07-01 - bugfix: gtls module did not correctly handle EGAIN (and similar) recv() states. This has been fixed by introducing a new abstraction layer inside gtls. - added (internal) error codes to error messages; added redirector to web description of error codes closes bug http://bugzilla.adiscon.com/show_bug.cgi?id=20 - disabled compile warnings caused by third-party libraries - reduced number of compile warnings in gcc's -pedantic mode - some minor documentation improvements - included all fixes from beta 3.17.5 --------------------------------------------------------------------------- Version 3.19.7 (rgerhards), 2008-06-11 - added new property replacer option "date-subseconds" that enables to query just the subsecond part of a high-precision timestamp - somewhat improved plain tcp syslog reliability by doing a connection check before sending. Credits to Martin Schuette for providing the idea. Details are available at http://blog.gerhards.net/2008/06/reliable-plain-tcp-syslog-once-again.html - made rsyslog tickless in the (usual and default) case that repeated message reduction is turned off. More info: http://blog.gerhards.net/2008/06/coding-to-save-environment.html - some build system cleanup, thanks to Michael Biebl - bugfix: compile under (Free)BSD failed due to some invalid library definitions - this is fixed now. Thanks to Michael Biebl for the patch. --------------------------------------------------------------------------- Version 3.19.6 (rgerhards), 2008-06-06 - enhanced property replacer to support multiple regex matches - bugfix: part of permittedPeer structure was not correctly initialized thanks to varmojfekoj for spotting this - bugfix: off-by-one bug during certificate check - bugfix: removed some memory leaks in TLS code --------------------------------------------------------------------------- Version 3.19.5 (rgerhards), 2008-05-30 - enabled Posix ERE expressions inside the property replacer (previously BRE was permitted only) - provided ability to specify that a regular expression submatch shall be used inside the property replacer - implemented in property replacer: if a regular expression does not match, it can now either return "**NO MATCH** (default, as before), a blank property or the full original property text - enhanced property replacer to support multiple regex matches --------------------------------------------------------------------------- Version 3.19.4 (rgerhards), 2008-05-27 - implemented x509/certvalid gtls auth mode - implemented x509/name gtls auth mode (including wildcards) - changed fingerprint gtls auth mode to new format fingerprint - protected gtls error string function by a mutex. Without it, we could have a race condition in extreme cases. This was very remote, but now can no longer happen. - changed config directive name to reflect different use $ActionSendStreamDriverCertFingerprint is now $ActionSendStreamDriverPermittedPeer and can be used both for fingerprint and name authentication (similar to the input side) - bugfix: sender information (fromhost et al) was missing in imudp thanks to sandiso for reporting this bug - this release fully inplements IETF's syslog-transport-tls-12 plus the latest text changes Joe Salowey provided via email. Not included is ipAddress subjectAltName authentication, which I think will be dropped from the draft. I don't think there is any real need for it. This release also includes all bug fix up to today from the beta and stable branches. Most importantly, this means the bugfix for 100% CPU utilization by imklog. --------------------------------------------------------------------------- Version 3.19.3 (rgerhards), 2008-05-21 - added ability to authenticate the server against its certificate fingerprint - added ability for client to provide its fingerprint - added ability for server to obtain client cert's fingerprint - bugfix: small mem leak in omfwd on exit (strmdriver name was not freed) - bugfix: $ActionSendStreamDriver had no effect - bugfix: default syslog port was no longer used if none was configured. Thanks to varmojfekoj for the patch - bugfix: missing linker options caused build to fail on some systems. Thanks to Tiziano Mueller for the patch. --------------------------------------------------------------------------- Version 3.19.2 (rgerhards), 2008-05-16 - bugfix: TCP input modules did incorrectly set fromhost property (always blank) - bugfix: imklog did not set fromhost property - added "fromhost-ip" property Note that adding this property changes the on-disk format for messages. However, that should not have any bad effect on existing spool files. But you will run into trouble if you create a spool file with this version and then try to process it with an older one (after a downgrade). Don't do that ;) - added "RSYSLOG_DebugFormat" canned template - bugfix: hostname and fromhost were swapped when a persisted message (in queued mode) was read in - bugfix: lmtcpclt, lmtcpsrv and lmgssutil did all link to the static runtime library, resulting in a large size increase (and potential "interesting" effects). Thanks to Michael Biebel for reporting the size issue. - bugfix: TLS server went into an endless loop in some situations. Thanks to Michael Biebl for reporting the problem. - fixed potential segfault due to invalid call to cfsysline thanks to varmojfekoj for the patch --------------------------------------------------------------------------- Version 3.19.1 (rgerhards), 2008-05-07 - configure help for --enable-gnutls wrong - said default is "yes" but default actually is "no" - thanks to darix for pointing this out - file dirty.h was missing - thanks to darix for pointing this out - bugfix: man files were not properly distributed - thanks to darix for reporting and to Michael Biebl for help with the fix - some minor cleanup --------------------------------------------------------------------------- Version 3.19.0 (rgerhards), 2008-05-06 - begins new devel branch version - implemented TLS for plain tcp syslog (this is also the world's first implementation of IETF's upcoming syslog-transport-tls draft) - partly rewritten and improved omfwd among others, now loads TCP code only if this is actually necessary - split of a "runtime library" for rsyslog - this is not yet a clean model, because some modularization is still outstanding. In theory, this shall enable other utilities but rsyslogd to use the same runtime - implemented im3195, the RFC3195 input as a plugin - changed directory structure, files are now better organized - a lot of cleanup in regard to modularization - -c option no longer must be the first option - thanks to varmjofekoj for the patch --------------------------------------------------------------------------- Version 3.18.7 (rgerhards), 2008-12-?? - bugfix: the default for $DirCreateMode was 0644, and as such wrong. It has now been changed to 0700. For some background, please see http://lists.adiscon.net/pipermail/rsyslog/2009-April/001986.html - fixed a potential segfault condition with $AllowedSender directive On HUP, the root pointers were not properly cleaned up. Thanks to Michael Biebel, olgoat, and Juha Koho for reporting and analyzing the bug. - some legacy options were not correctly processed. Thanks to varmojfekoj for the patch. - doc bugfix: some spelling errors in man pages corrected. Thanks to Geoff Simmons for the patch. --------------------------------------------------------------------------- Version 3.18.6 (rgerhards), 2008-12-08 - security bugfix: $AllowedSender was not honored, all senders were permitted instead (see http://www.rsyslog.com/Article322.phtml) (backport from v3-stable, v3.20.9) - minor bugfix: dual close() call on tcp session closure --------------------------------------------------------------------------- Version 3.18.5 (rgerhards), 2008-10-09 - bugfix: imudp input module could cause segfault on HUP It did not properly de-init a variable acting as a linked list head. That resulted in trying to access freed memory blocks after the HUP. - bugfix: rsyslogd could hang on HUP because getnameinfo() is not cancel-safe, but was not guarded against being cancelled. pthread_cancel() is routinely being called during HUP processing. - bugfix[minor]: if queue size reached light_delay mark, enqueuing could potentially be blocked for a longer period of time, which was not the behaviour desired. - doc bugfix: $ActionExecOnlyWhenPreviousIsSuspended was still misspelled as $...OnlyIfPrev... in some parts of the documentation. Thanks to Lorenzo M. Catucci for reporting this bug. - added doc on malformed messages, cause and how to work-around, to the doc set - added doc on how to build from source repository --------------------------------------------------------------------------- Version 3.18.4 (rgerhards), 2008-09-18 - bugfix: order-of magnitude issue with base-10 size definitions in config file parser. Could lead to invalid sizes, constraints etc for e.g. queue files and any other object whose size was specified in base-10 entities. Did not apply to binary entities. Thanks to RB for finding this bug and providing a patch. - bugfix: action was not called when system time was set backwards (until the previous time was reached again). There are still some side-effects when time is rolled back (A time rollback is really a bad thing to do, ideally the OS should issue pseudo time (like NetWare did) when the user tries to roll back time). Thanks to varmojfekoj for this patch. - doc bugfix: rsyslog.conf man page improved and minor nit fixed thanks to Lukas Kuklinek for the patch. - bugfix: error code -2025 was used for two different errors. queue full is now -2074 and -2025 is unique again. (did cause no real problem except for troubleshooting) - bugfix: default discard severity was incorrectly set to 4, which lead to discard-on-queue-full to be enabled by default. That could cause message loss where non was expected. The default has now been changed to the correct value of 8, which disables the functionality. This problem applied both to the main message queue and the action queues. Thanks to Raoul Bhatia for pointing out this problem. - bugfix: option value for legacy -a option could not be specified, resulting in strange operations. Thanks to Marius Tomaschewski for the patch. - bugfix: colon after date should be ignored, but was not. This has now been corrected. Required change to the internal ParseTIMESTAMP3164() interface. --------------------------------------------------------------------------- Version 3.18.3 (rgerhards), 2008-08-18 - bugfix: imfile could cause a segfault upon rsyslogd HUP and termination Thanks to lperr for an excellent bug report that helped detect this problem. - enhanced ommysql to support custom port to connect to server Port can be set via new $ActionOmmysqlServerPort config directive Note: this was a very minor change and thus deemed appropriate to be done in the stable release. - bugfix: misspelled config directive, previously was $MainMsgQueueWorkeTimeoutrThreadShutdown, is now $MainMsgQueueWorkerTimeoutThreadShutdown. Note that the misspelled directive is not preserved - if the misspelled directive was used (which I consider highly unlikely), the config file must be changed. Thanks to lperr for reporting the bug. - disabled flow control for imuxsock, as it could cause system hangs under some circumstances. The devel (3.21.3 and above) will re-enable it and provide enhanced configurability to overcome the problems if they occur. --------------------------------------------------------------------------- Version 3.18.2 (rgerhards), 2008-08-08 - merged in IPv6 forwarding address bugfix from v2-stable --------------------------------------------------------------------------- Version 3.18.1 (rgerhards), 2008-07-21 - bugfix: potential segfault in creating message mutex in non-direct queue mode. rsyslogd segfaults on freeeBSD 7.0 (an potentially other platforms) if an action queue is running in any other mode than non-direct. The same problem can potentially be triggered by some main message queue settings. In any case, it will manifest during rsylog's startup. It is unlikely to happen after a successful startup (the only window of exposure may be a relatively seldom executed action running in queued mode). This has been corrected. Thank to HKS for point out the problem. - bugfix: priority was incorrectly calculated on FreeBSD 7, because the LOG_MAKEPRI() C macro has a different meaning there (it is just a simple addition of faciltity and severity). I have changed this to use own, consistent, code for PRI calculation. [Backport from 3.19.10] - bugfix: remove PRI part from kernel message if it is present Thanks to Michael Biebl for reporting this bug - bugfix: mark messages were not correctly written to text log files the markmessageinterval was not correctly propagated to all places where it was needed. This resulted in rsyslog using the default (20 minutes) in some code pathes, what looked to the user like mark messages were never written. - added a new property replacer option "sp-if-no-1st-sp" to cover a problem with RFC 3164 based interpreation of tag separation. While it is a generic approach, it fixes a format problem introduced in 3.18.0, where kernel messages no longer had a space after the tag. This is done by a modifcation of the default templates. Please note that this may affect some messages where there intentionally is no space between the tag and the first character of the message content. If so, this needs to be worked around via a specific template. However, we consider this scenario to be quite remote and, even if it exists, it is not expected that it will actually cause problems with log parsers (instead, we assume the new default template behaviour may fix previous problems with log parsers due to the missing space). - bugfix: imklog module was not correctly compiled for GNU/kFreeBSD. Thanks to Petr Salinger for the patch - doc bugfix: property replacer options secpath-replace and secpath-drop were not documented - doc bugfix: fixed some typos in rsyslog.conf man page - fixed typo in source comment - thanks to Rio Fujita - some general cleanup (thanks to Michael Biebl) --------------------------------------------------------------------------- Version 3.18.0 (rgerhards), 2008-07-11 - begun a new v3-stable based on former 3.17.4 beta plus patches to previous v3-stable - bugfix in RainerScript: syntax error was not always detected --------------------------------------------------------------------------- Version 3.17.5 (rgerhards), 2008-06-27 - added doc: howto set up a reliable connection to remote server via queued mode (and plain tcp protocol) - bugfix: comments after actions were not properly treated. For some actions (e.g. forwarding), this could also lead to invalid configuration --------------------------------------------------------------------------- Version 3.17.4 (rgerhards), 2008-06-16 - changed default for $KlogSymbolLookup to "off". The directive is also scheduled for removal in a later version. This was necessary because on kernels >= 2.6, the kernel does the symbol lookup itself. The imklog lookup logic then breaks the log message and makes it unusable. --------------------------------------------------------------------------- Version 3.17.3 (rgerhards), 2008-05-28 - bugfix: imklog went into an endless loop if a PRI value was inside a kernel log message (unusual case under Linux, frequent under BSD) --------------------------------------------------------------------------- Version 3.17.2 (rgerhards), 2008-05-04 - this version is the new beta, based on 3.17.1 devel feature set - merged in imklog bug fix from v3-stable (3.16.1) --------------------------------------------------------------------------- Version 3.17.1 (rgerhards), 2008-04-15 - removed dependency on MAXHOSTNAMELEN as much as it made sense. GNU/Hurd does not define it (because it has no limit), and we have taken care for cases where it is undefined now. However, some very few places remain where IMHO it currently is not worth fixing the code. If it is not defined, we have used a generous value of 1K, which is above IETF RFC's on hostname length at all. The memory consumption is no issue, as there are only a handful of this buffers allocated *per run* -- that's also the main reason why we consider it not worth to be fixed any further. - enhanced legacy syslog parser to handle slightly malformed messages (with a space in front of the timestamp) - at least HP procurve is known to do that and I won't outrule that others also do it. The change looks quite unintrusive and so we added it to the parser. - implemented klogd functionality for BSD - implemented high precision timestamps for the kernel log. Thanks to Michael Biebl for pointing out that the kernel log did not have them. - provided ability to discard non-kernel messages if they are present in the kernel log (seems to happen on BSD) - implemented $KLogInternalMsgFacility config directive - implemented $KLogPermitNonKernelFacility config directive Plus a number of bugfixes that were applied to v3-stable and beta branches (not mentioned here in detail). --------------------------------------------------------------------------- Version 3.17.0 (rgerhards), 2008-04-08 - added native ability to send mail messages - removed no longer needed file relptuil.c/.h - added $ActionExecOnlyOnceEveryInterval config directive - bugfix: memory leaks in script engine - bugfix: zero-length strings were not supported in object deserializer - properties are now case-insensitive everywhere (script, filters, templates) - added the capability to specify a processing (actually dequeue) timeframe with queues - so things can be configured to be done at off-peak hours - We have removed the 32 character size limit (from RFC3164) on the tag. This had bad effects on existing envrionments, as sysklogd didn't obey it either (probably another bug in RFC3164...). We now receive the full size, but will modify the outputs so that only 32 characters max are used by default. If you need large tags in the output, you need to provide custom templates. - changed command line processing. -v, -M, -c options are now parsed and processed before all other options. Inter-option dependencies have been relieved. Among others, permits to specify intial module load path via -M only (not the environment) which makes it much easier to work with non-standard module library locations. Thanks to varmojfekoj for suggesting this change. Matches bugzilla bug 55. - bugfix: some messages were emited without hostname Plus a number of bugfixes that were applied to v3-stable and beta branches (not mentioned here in detail). --------------------------------------------------------------------------- Version 3.16.3 (rgerhards), 2008-07-11 - updated information on rsyslog packages - bugfix: memory leak in disk-based queue modes --------------------------------------------------------------------------- Version 3.16.2 (rgerhards), 2008-06-25 - fixed potential segfault due to invalid call to cfsysline thanks to varmojfekoj for the patch - bugfix: some whitespaces where incorrectly not ignored when parsing the config file. This is now corrected. Thanks to Michael Biebl for pointing out the problem. --------------------------------------------------------------------------- Version 3.16.1 (rgerhards), 2008-05-02 - fixed a bug in imklog which lead to startup problems (including segfault) on some platforms under some circumsances. Thanks to Vieri for reporting this bug and helping to troubleshoot it. --------------------------------------------------------------------------- Version 3.16.0 (rgerhards), 2008-04-24 - new v3-stable (3.16.x) based on beta 3.15.x (RELP support) - bugfix: omsnmp had a too-small sized buffer for hostname+port. This could not lead to a segfault, as snprintf() was used, but could cause some trouble with extensively long hostnames. - applied patch from Tiziano Müller to remove some compiler warnings - added gssapi overview/howto thanks to Peter Vrabec - changed some files to grant LGPLv3 extended persmissions on top of GPLv3 this also is the first sign of something that will evolve into a well-defined "rsyslog runtime library" --------------------------------------------------------------------------- Version 3.15.1 (rgerhards), 2008-04-11 - bugfix: some messages were emited without hostname - disabled atomic operations for the time being because they introduce some cross-platform trouble - need to see how to fix this in the best possible way - bugfix: zero-length strings were not supported in object deserializer - added librelp check via PKG_CHECK thanks to Michael Biebl's patch - file relputil.c deleted, is not actually needed - added more meaningful error messages to rsyslogd (when some errors happens during startup) - bugfix: memory leaks in script engine - bugfix: $hostname and $fromhost in RainerScript did not work This release also includes all changes applied to the stable versions up to today. --------------------------------------------------------------------------- Version 3.15.0 (rgerhards), 2008-04-01 - major new feature: imrelp/omrelp support reliable delivery of syslog messages via the RELP protocol and librelp (http://www.librelp.com). Plain tcp syslog, so far the best reliability solution, can lose messages when something goes wrong or a peer goes down. With RELP, this can no longer happen. See imrelp.html for more details. - bugfix: rsyslogd was no longer build by default; man pages are only installed if corresponding option is selected. Thanks to Michael Biebl for pointing these problems out. --------------------------------------------------------------------------- Version 3.14.2 (rgerhards), 2008-04-09 - bugfix: segfault with expression-based filters - bugfix: omsnmp did not deref errmsg object on exit (no bad effects caused) - some cleanup - bugfix: imklog did not work well with kernel 2.6+. Thanks to Peter Vrabec for patching it based on the development in sysklogd - and thanks to the sysklogd project for upgrading klogd to support the new functionality - some cleanup in imklog - bugfix: potential segfault in imklog when kernel is compiled without /proc/kallsyms and the file System.map is missing. Thanks to Andrea Morandi for pointing it out and suggesting a fix. - bugfixes, credits to varmojfekoj: * reset errno before printing a warning message * misspelled directive name in code processing legacy options - bugfix: some legacy options not correctly interpreted - thanks to varmojfekoj for the patch - improved detection of modules being loaded more than once thanks to varmojfekoj for the patch --------------------------------------------------------------------------- Version 3.14.1 (rgerhards), 2008-04-04 - bugfix: some messages were emited without hostname - bugfix: rsyslogd was no longer build by default; man pages are only installed if corresponding option is selected. Thanks to Michael Biebl for pointing these problems out. - bugfix: zero-length strings were not supported in object deserializer - disabled atomic operations for this stable build as it caused platform problems - bugfix: memory leaks in script engine - bugfix: $hostname and $fromhost in RainerScript did not work - bugfix: some memory leak when queue is runing in disk mode - man pages improved thanks to varmofekoj and Peter Vrabec - We have removed the 32 character size limit (from RFC3164) on the tag. This had bad effects on existing envrionments, as sysklogd didn't obey it either (probably another bug in RFC3164...). We now receive the full size, but will modify the outputs so that only 32 characters max are used by default. If you need large tags in the output, you need to provide custom templates. - bugfix: some memory leak when queue is runing in disk mode --------------------------------------------------------------------------- Version 3.14.0 (rgerhards), 2008-04-02 An interim version was accidently released to the web. It was named 3.14.0. To avoid confusion, we have not assigned this version number to any official release. If you happen to use 3.14.0, please update to 3.14.1. --------------------------------------------------------------------------- Version 3.13.0-dev0 (rgerhards), 2008-03-31 - bugfix: accidently set debug option in 3.12.5 reset to production This option prevented dlclose() to be called. It had no real bad effects, as the modules were otherwise correctly deinitialized and dlopen() supports multiple opens of the same module without any memory footprint. - removed --enable-mudflap, added --enable-valgrind ./configure setting - bugfix: tcp receiver could segfault due to uninitialized variable - docfix: queue doc had a wrong directive name that prevented max worker threads to be correctly set - worked a bit on atomic memory operations to support problem-free threading (only at non-intrusive places) - added a --enable/disable-rsyslogd configure option so that source-based packaging systems can build plugins without the need to compile rsyslogd - some cleanup - test of potential new version number scheme --------------------------------------------------------------------------- Version 3.12.5 (rgerhards), 2008-03-28 - changed default for "last message repeated n times", which is now off by default - implemented backward compatibility commandline option parsing - automatically generated compatibility config lines are now also logged so that a user can diagnose problems with them - added compatibility mode for -a, -o and -p options - compatibility mode processing finished - changed default file output format to include high-precision timestamps - added a buid-in template for previous syslogd file format - added new $ActionFileDefaultTemplate directive - added support for high-precision timestamps when receiving legacy syslog messages - added new $ActionForwardDefaultTemplate directive - added new $ActionGSSForwardDefaultTemplate directive - added build-in templates for easier configuration - bugfix: fixed small memory leak in tcpclt.c - bugfix: fixed small memory leak in template regular expressions - bugfix: regular expressions inside property replacer did not work properly - bugfix: QHOUR and HHOUR properties were wrongly calculated - bugfix: fixed memory leaks in stream class and imfile - bugfix: $ModDir did invalid bounds checking, potential overlow in dbgprintf() - thanks to varmojfekoj for the patch - bugfix: -t and -g legacy options max number of sessions had a wrong and much too high value --------------------------------------------------------------------------- Version 3.12.4 (rgerhards), 2008-03-25 - Greatly enhanced rsyslogd's file write performance by disabling file syncing capability of output modules by default. This feature is usually not required, not useful and an extreme performance hit (both to rsyslogd as well as the system at large). Unfortunately, most users enable it by default, because it was most intuitive to enable it in plain old sysklogd syslog.conf format. There is now the $ActionFileEnableSync config setting which must be enabled in order to support syncing. By default it is off. So even if the old-format config lines request syncing, it is not done unless explicitely enabled. I am sure this is a very useful change and not a risk at all. I need to think if I undo it under compatibility mode, but currently this does not happen (I fear a lot of lazy users will run rsyslogd in compatibility mode, again bringing up this performance problem...). - added flow control options to other input sources - added $HHOUR and $QHOUR system properties - can be used for half- and quarter-hour logfile rotation - changed queue's discard severities default value to 8 (do not discard) to prevent unintentional message loss - removed a no-longer needed callback from the output module interface. Results in reduced code complexity. - bugfix/doc: removed no longer supported -h option from man page - bugfix: imklog leaked several hundered KB on each HUP. Thanks to varmojfekoj for the patch - bugfix: potential segfault on module unload. Thanks to varmojfekoj for the patch - bugfix: fixed some minor memory leaks - bugfix: fixed some slightly invalid memory accesses - bugfix: internally generated messages had "FROMHOST" property not set --------------------------------------------------------------------------- Version 3.12.3 (rgerhards), 2008-03-18 - added advanced flow control for congestion cases (mode depending on message source and its capablity to be delayed without bad side effects) - bugfix: $ModDir should not be reset on $ResetConfig - this can cause a lot of confusion and there is no real good reason to do so. Also conflicts with the new -M option and environment setting. - bugfix: TCP and GSSAPI framing mode variable was uninitialized, leading to wrong framing (caused, among others, interop problems) - bugfix: TCP (and GSSAPI) octet-counted frame did not work correctly in all situations. If the header was split across two packet reads, it was invalidly processed, causing loss or modification of messages. - bugfix: memory leak in imfile - bugfix: duplicate public symbol in omfwd and omgssapi could lead to segfault. thanks to varmojfekoj for the patch. - bugfix: rsyslogd aborted on sigup - thanks to varmojfekoj for the patch - some more internal cleanup ;) - begun relp modules, but these are not functional yet - Greatly enhanced rsyslogd's file write performance by disabling file syncing capability of output modules by default. This feature is usually not required, not useful and an extreme performance hit (both to rsyslogd as well as the system at large). Unfortunately, most users enable it by default, because it was most intuitive to enable it in plain old sysklogd syslog.conf format. There is now a new config setting which must be enabled in order to support syncing. By default it is off. So even if the old-format config lines request syncing, it is not done unless explicitely enabled. I am sure this is a very useful change and not a risk at all. I need to think if I undo it under compatibility mode, but currently this does not happen (I fear a lot of lazy users will run rsyslogd in compatibility mode, again bringing up this performance problem...). --------------------------------------------------------------------------- Version 3.12.2 (rgerhards), 2008-03-13 - added RSYSLOGD_MODDIR environment variable - added -M rsyslogd option (allows to specify module directory location) - converted net.c into a loadable library plugin - bugfix: debug module now survives unload of loadable module when printing out function call data - bugfix: not properly initialized data could cause several segfaults if there were errors in the config file - thanks to varmojfekoj for the patch - bugfix: rsyslogd segfaulted when imfile read an empty line - thanks to Johnny Tan for an excellent bug report - implemented dynamic module unload capability (not visible to end user) - some more internal cleanup - bugfix: imgssapi segfaulted under some conditions; this fix is actually not just a fix but a change in the object model. Thanks to varmojfekoj for providing the bug report, an initial fix and lots of good discussion that lead to where we finally ended up. - improved session recovery when outbound tcp connection breaks, reduces probability of message loss at the price of a highly unlikely potential (single) message duplication --------------------------------------------------------------------------- Version 3.12.1 (rgerhards), 2008-03-06 - added library plugins, which can be automatically loaded - bugfix: actions were not correctly retried; caused message loss - changed module loader to automatically add ".so" suffix if not specified (over time, this shall also ease portability of config files) - improved debugging support; debug runtime options can now be set via an environment variable - bugfix: removed debugging code that I forgot to remove before releasing 3.12.0 (does not cause harm and happened only during startup) - added support for the MonitorWare syslog MIB to omsnmp - internal code improvements (more code converted into classes) - internal code reworking of the imtcp/imgssapi module - added capability to ignore client-provided timestamp on unix sockets and made this mode the default; this was needed, as some programs (e.g. sshd) log with inconsistent timezone information, what messes up the local logs (which by default don't even contain time zone information). This seems to be consistent with what sysklogd did for the past four years. Alternate behaviour may be desirable if gateway-like processes send messages via the local log slot - in this case, it can be enabled via the $InputUnixListenSocketIgnoreMsgTimestamp and $SystemLogSocketIgnoreMsgTimestamp config directives - added ability to compile on HP UX; verified that imudp worked on HP UX; however, we are still in need of people trying out rsyslogd on HP UX, so it can not yet be assumed it runs there - improved session recovery when outbound tcp connection breaks, reduces probability of message loss at the price of a highly unlikely potential (single) message duplication --------------------------------------------------------------------------- Version 3.12.0 (rgerhards), 2008-02-28 - added full expression support for filters; filters can now contain arbitrary complex boolean, string and arithmetic expressions --------------------------------------------------------------------------- Version 3.11.6 (rgerhards), 2008-02-27 - bugfix: gssapi libraries were still linked to rsyslog core, what should no longer be necessary. Applied fix by Michael Biebl to solve this. - enabled imgssapi to be loaded side-by-side with imtcp - added InputGSSServerPermitPlainTCP config directive - split imgssapi source code somewhat from imtcp - bugfix: queue cancel cleanup handler could be called with invalid pointer if dequeue failed - bugfix: rsyslogd segfaulted on second SIGHUP tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=38 - improved stability of queue engine - bugfix: queue disk file were not properly persisted when immediately after closing an output file rsyslog was stopped or huped (the new output file open must NOT have happend at that point) - this lead to a sparse and invalid queue file which could cause several problems to the engine (unpredictable results). This situation should have happened only in very rare cases. tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=40 - bugfix: during queue shutdown, an assert invalidly triggered when the primary queue's DA worker was terminated while the DA queue's regular worker was still executing. This could result in a segfault during shutdown. tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=41 - bugfix: queue properties sizeOnDisk, bytesRead were persisted to disk with wrong data type (long instead of int64) - could cause problems on 32 bit machines - bugfix: queue aborted when it was shut down, DA-enabled, DA mode was just initiated but not fully initialized (a race condition) - bugfix: imfile could abort under extreme stress conditions (when it was terminated before it could open all of its to be monitored files) - applied patch from varmojfekoj to fix an issue with compatibility mode and default module directories (many thanks!): I've also noticed a bug in the compatibility code; the problem is that options are parsed before configuration file so options which need a module to be loaded will currently ignore any $moddir directive. This can be fixed by moving legacyOptsHook() after config file parsing. (see the attached patch) This goes against the logical order of processing, but the legacy options are only few and it doesn't seem to be a problem. - bugfix: object property deserializer did not handle negative numbers --------------------------------------------------------------------------- Version 3.11.5 (rgerhards), 2008-02-25 - new imgssapi module, changed imtcp module - this enables to load/package GSSAPI support separately - thanks to varmojfekoj for the patch - compatibility mode (the -c option series) is now at least partly completed - thanks to varmojfekoj for the patch - documentation for imgssapi and imtcp added - duplicate $ModLoad's for the same module are now detected and rejected -- thanks to varmojfekoj for the patch --------------------------------------------------------------------------- Version 3.11.4 (rgerhards), 2008-02-21 - bugfix: debug.html was missing from release tarball - thanks to Michael Biebl for bringing this to my attention - some internal cleanup on the stringbuf object calling interface - general code cleanup and further modularization - $MainMessageQueueDiscardSeverity can now also handle textual severities (previously only integers) - bugfix: message object was not properly synchronized when the main queue had a single thread and non-direct action queues were used - some documentation improvements --------------------------------------------------------------------------- Version 3.11.3 (rgerhards), 2008-02-18 - fixed a bug in imklog which lead to duplicate message content in kernel logs - added support for better plugin handling in libdbi (we contributed a patch to do that, we just now need to wait for the next libdbi version) - bugfix: fixed abort when invalid template was provided to an action bug http://bugzilla.adiscon.com/show_bug.cgi?id=4 - re-instantiated SIGUSR1 function; added SIGUSR2 to generate debug status output - added some documentation on runtime-debug settings - slightly improved man pages for novice users --------------------------------------------------------------------------- Version 3.11.2 (rgerhards), 2008-02-15 - added the capability to monitor text files and process their content as syslog messages (including forwarding) - added support for libdbi, a database abstraction layer. rsyslog now also supports the following databases via dbi drivers: * Firebird/Interbase * FreeTDS (access to MS SQL Server and Sybase) * SQLite/SQLite3 * Ingres (experimental) * mSQL (experimental) * Oracle (experimental) Additional drivers may be provided by the libdbi-drivers project, which can be used by rsyslog as soon as they become available. - removed some left-over unnecessary dbgprintf's (cluttered screen, cosmetic) - doc bugfix: html documentation for omsnmp was missing --------------------------------------------------------------------------- Version 3.11.1 (rgerhards), 2008-02-12 - SNMP trap sender added thanks to Andre Lorbach (omsnmp) - added input-plugin interface specification in form of a (copy) template input module - applied documentation fix by Michael Biebl -- many thanks! - bugfix: immark did not have MARK flags set... - added x-info field to rsyslogd startup/shutdown message. Hopefully points users to right location for further info (many don't even know they run rsyslog ;)) - bugfix: trailing ":" of tag was lost while parsing legacy syslog messages without timestamp - thanks to Anders Blomdell for providing a patch! - fixed a bug in stringbuf.c related to STRINGBUF_TRIM_ALLOCSIZE, which wasn't supposed to be used with rsyslog. Put a warning message up that tells this feature is not tested and probably not worth the effort. Thanks to Anders Blomdell fro bringing this to our attention - somewhat improved performance of string buffers - fixed bug that caused invalid treatment of tabs (HT) in rsyslog.conf - bugfix: setting for $EscapeCopntrolCharactersOnReceive was not properly initialized - clarified usage of space-cc property replacer option - improved abort diagnostic handler - some initial effort for malloc/free runtime debugging support - bugfix: using dynafile actions caused rsyslogd abort - fixed minor man errors thanks to Michael Biebl --------------------------------------------------------------------------- Version 3.11.0 (rgerhards), 2008-01-31 - implemented queued actions - implemented simple rate limiting for actions - implemented deliberate discarding of lower priority messages over higher priority ones when a queue runs out of space - implemented disk quotas for disk queues - implemented the $ActionResumeRetryCount config directive - added $ActionQueueFilename config directive - added $ActionQueueSize config directive - added $ActionQueueHighWaterMark config directive - added $ActionQueueLowWaterMark config directive - added $ActionQueueDiscardMark config directive - added $ActionQueueDiscardSeverity config directive - added $ActionQueueCheckpointInterval config directive - added $ActionQueueType config directive - added $ActionQueueWorkerThreads config directive - added $ActionQueueTimeoutshutdown config directive - added $ActionQueueTimeoutActionCompletion config directive - added $ActionQueueTimeoutenQueue config directive - added $ActionQueueTimeoutworkerThreadShutdown config directive - added $ActionQueueWorkerThreadMinimumMessages config directive - added $ActionQueueMaxFileSize config directive - added $ActionQueueSaveonShutdown config directive - addded $ActionQueueDequeueSlowdown config directive - addded $MainMsgQueueDequeueSlowdown config directive - bugfix: added forgotten docs to package - improved debugging support - fixed a bug that caused $MainMsgQueueCheckpointInterval to work incorrectly - when a long-running action needs to be cancelled on shutdown, the message that was processed by it is now preserved. This finishes support for guaranteed delivery of messages (if the output supports it, of course) - fixed bug in output module interface, see http://sourceforge.net/tracker/index.php?func=detail&aid=1881008&group_id=123448&atid=696552 - changed the ommysql output plugin so that the (lengthy) connection initialization now takes place in message processing. This works much better with the new queued action mode (fast startup) - fixed a bug that caused a potential hang in file and fwd output module varmojfekoj provided the patch - many thanks! - bugfixed stream class offset handling on 32bit platforms --------------------------------------------------------------------------- Version 3.10.3 (rgerhards), 2008-01-28 - fixed a bug with standard template definitions (not a big deal) - thanks to varmojfekoj for spotting it - run-time instrumentation added - implemented disk-assisted queue mode, which enables on-demand disk spooling if the queue's in-memory queue is exhausted - implemented a dynamic worker thread pool for processing incoming messages; workers are started and shut down as need arises - implemented a run-time instrumentation debug package - implemented the $MainMsgQueueSaveOnShutdown config directive - implemented the $MainMsgQueueWorkerThreadMinimumMessages config directive - implemented the $MainMsgQueueTimeoutWorkerThreadShutdown config directive --------------------------------------------------------------------------- Version 3.10.2 (rgerhards), 2008-01-14 - added the ability to keep stop rsyslogd without the need to drain the main message queue. In disk queue mode, rsyslog continues to run from the point where it stopped. In case of a system failure, it continues to process messages from the last checkpoint. - fixed a bug that caused a segfault on startup when no $WorkDir directive was specified in rsyslog.conf - provided more fine-grain control over shutdown timeouts and added a way to specify the enqueue timeout when the main message queue is full - implemented $MainMsgQueueCheckpointInterval config directive - implemented $MainMsgQueueTimeoutActionCompletion config directive - implemented $MainMsgQueueTimeoutEnqueue config directive - implemented $MainMsgQueueTimeoutShutdown config directive --------------------------------------------------------------------------- Version 3.10.1 (rgerhards), 2008-01-10 - implemented the "disk" queue mode. However, it currently is of very limited use, because it does not support persistence over rsyslogd runs. So when rsyslogd is stopped, the queue is drained just as with the in-memory queue modes. Persistent queues will be a feature of the next release. - performance-optimized string class, should bring an overall improvement - fixed a memory leak in imudp -- thanks to varmojfekoj for the patch - fixed a race condition that could lead to a rsyslogd hang when during HUP or termination - done some doc updates - added $WorkDirectory config directive - added $MainMsgQueueFileName config directive - added $MainMsgQueueMaxFileSize config directive --------------------------------------------------------------------------- Version 3.10.0 (rgerhards), 2008-01-07 - implemented input module interface and initial input modules - enhanced threading for input modules (each on its own thread now) - ability to bind UDP listeners to specific local interfaces/ports and ability to run multiple of them concurrently - added ability to specify listen IP address for UDP syslog server - license changed to GPLv3 - mark messages are now provided by loadble module immark - rklogd is no longer provided. Its functionality has now been taken over by imklog, a loadable input module. This offers a much better integration into rsyslogd and makes sure that the kernel logger process is brought up and down at the appropriate times - enhanced $IncludeConfig directive to support wildcard characters (thanks to Michael Biebl) - all inputs are now implemented as loadable plugins - enhanced threading model: each input module now runs on its own thread - enhanced message queue which now supports different queueing methods (among others, this can be used for performance fine-tuning) - added a large number of new configuration directives for the new input modules - enhanced multi-threading utilizing a worker thread pool for the main message queue - compilation without pthreads is no longer supported - much cleaner code due to new objects and removal of single-threading mode --------------------------------------------------------------------------- Version 2.0.8 V2-STABLE (rgerhards), 2008-??-?? - bugfix: ompgsql did not detect problems in sql command execution this could cause loss of messages. The handling was correct if the connection broke, but not if there was a problem with statement execution. The most probable case for such a case would be invalid sql inside the template, and this is now much easier to diagnose. - doc bugfix: default for $DirCreateMode incorrectly stated --------------------------------------------------------------------------- Version 2.0.7 V2-STABLE (rgerhards), 2008-04-14 - bugfix: the default for $DirCreateMode was 0644, and as such wrong. It has now been changed to 0700. For some background, please see http://lists.adiscon.net/pipermail/rsyslog/2009-April/001986.html - bugfix: "$CreateDirs off" also disabled file creation Thanks to William Tisater for analyzing this bug and providing a patch. The actual code change is heavily based on William's patch. - bugfix: memory leak in ompgsql Thanks to Ken for providing the patch - bugfix: potential memory leak in msg.c This one did not surface yet and the issue was actually found due to a problem in v4 - but better fix it here, too --------------------------------------------------------------------------- Version 2.0.6 V2-STABLE (rgerhards), 2008-08-07 - bugfix: memory leaks in rsyslogd, primarily in singlethread mode Thanks to Frederico Nunez for providing the fix - bugfix: copy&paste error lead to dangling if - this caused a very minor issue with re-formatting a RFC3164 date when the message was invalidly formatted and had a colon immediately after the date. This was in the code for some years (even v1 had it) and I think it never had any effect at all in practice. Though, it should be fixed - but definitely nothing to worry about. --------------------------------------------------------------------------- Version 2.0.6 V2-STABLE (rgerhards), 2008-08-07 - bugfix: IPv6 addresses could not be specified in forwarding actions New syntax @[addr]:port introduced to enable that. Root problem was IPv6 addresses contain colons. (backport from 3.21.3) --------------------------------------------------------------------------- Version 2.0.5 STABLE (rgerhards), 2008-05-15 - bugfix: regular expressions inside property replacer did not work properly - adapted to liblogging 0.7.1+ --------------------------------------------------------------------------- Version 2.0.4 STABLE (rgerhards), 2008-03-27 - bugfix: internally generated messages had "FROMHOST" property not set - bugfix: continue parsing if tag is oversize (discard oversize part) - thanks to mclaughlin77@gmail.com for the patch - added $HHOUR and $QHOUR system properties - can be used for half- and quarter-hour logfile rotation --------------------------------------------------------------------------- Version 2.0.3 STABLE (rgerhards), 2008-03-12 - bugfix: setting for $EscapeCopntrolCharactersOnReceive was not properly initialized - bugfix: resolved potential segfault condition on HUP (extremely unlikely to happen in practice), for details see tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=38 - improved the man pages a bit - thanks to Michael Biebl for the patch - bugfix: not properly initialized data could cause several segfaults if there were errors in the config file - thanks to varmojfekoj for the patch --------------------------------------------------------------------------- Version 2.0.2 STABLE (rgerhards), 2008-02-12 - fixed a bug that could cause invalid string handling via strerror_r varmojfekoj provided the patch - many thanks! - added x-info field to rsyslogd startup/shutdown message. Hopefully points users to right location for further info (many don't even know they run rsyslog ;)) - bugfix: suspended actions were not always properly resumed varmojfekoj provided the patch - many thanks! - bugfix: errno could be changed during mark processing, leading to invalid error messages when processing inputs. Thank to varmojfekoj for pointing out this problem. - bugfix: trailing ":" of tag was lost while parsing legacy syslog messages without timestamp - thanks to Anders Blomdell for providing a patch! - bugfix (doc): misspelled config directive, invalid signal info - applied some doc fixes from Michel Biebl and cleaned up some no longer needed files suggested by him - cleaned up stringbuf.c to fix an annoyance reported by Anders Blomdell - fixed bug that caused invalid treatment of tabs (HT) in rsyslog.conf --------------------------------------------------------------------------- Version 2.0.1 STABLE (rgerhards), 2008-01-24 - fixed a bug in integer conversion - but this function was never called, so it is not really a useful bug fix ;) - fixed a bug with standard template definitions (not a big deal) - thanks to varmojfekoj for spotting it - fixed a bug that caused a potential hang in file and fwd output module varmojfekoj provided the patch - many thanks! --------------------------------------------------------------------------- Version 2.0.0 STABLE (rgerhards), 2008-01-02 - re-release of 1.21.2 as STABLE with no modifications except some doc updates --------------------------------------------------------------------------- Version 1.21.2 (rgerhards), 2007-12-28 - created a gss-api output module. This keeps GSS-API code and TCP/UDP code separated. It is also important for forward- compatibility with v3. Please note that this change breaks compatibility with config files created for 1.21.0 and 1.21.1 - this was considered acceptable. - fixed an error in forwarding retry code (could lead to message corruption but surfaced very seldom) - increased portability for older platforms (AI_NUMERICSERV moved) - removed socket leak in omfwd.c - cross-platform patch for GSS-API compile problem on some platforms thanks to darix for the patch! --------------------------------------------------------------------------- Version 1.21.1 (rgerhards), 2007-12-23 - small doc fix for $IncludeConfig - fixed a bug in llDestroy() - bugfix: fixing memory leak when message queue is full and during parsing. Thanks to varmojfekoj for the patch. - bugfix: when compiled without network support, unix sockets were not properply closed - bugfix: memory leak in cfsysline.c/doGetWord() fixed --------------------------------------------------------------------------- Version 1.21.0 (rgerhards), 2007-12-19 - GSS-API support for syslog/TCP connections was added. Thanks to varmojfekoj for providing the patch with this functionality - code cleanup - enhanced $IncludeConfig directive to support wildcard filenames - changed some multithreading synchronization --------------------------------------------------------------------------- Version 1.20.1 (rgerhards), 2007-12-12 - corrected a debug setting that survived release. Caused TCP connections to be retried unnecessarily often. - When a hostname ACL was provided and DNS resolution for that name failed, ACL processing was stopped at that point. Thanks to mildew for the patch. Fedora Bugzilla: http://bugzilla.redhat.com/show_bug.cgi?id=395911 - fixed a potential race condition, see link for details: http://rgerhards.blogspot.com/2007/12/rsyslog-race-condition.html Note that the probability of problems from this bug was very remote - fixed a memory leak that happend when PostgreSQL date formats were used --------------------------------------------------------------------------- Version 1.20.0 (rgerhards), 2007-12-07 - an output module for postgres databases has been added. Thanks to sur5r for contributing this code - unloading dynamic modules has been cleaned up, we now have a real implementation and not just a dummy "good enough for the time being". - enhanced platform independence - thanks to Bartosz Kuzma and Michael Biebl for their very useful contributions - some general code cleanup (including warnings on 64 platforms, only) --------------------------------------------------------------------------- Version 1.19.12 (rgerhards), 2007-12-03 - cleaned up the build system (thanks to Michael Biebl for the patch) - fixed a bug where ommysql was still not compiled with -pthread option --------------------------------------------------------------------------- Version 1.19.11 (rgerhards), 2007-11-29 - applied -pthread option to build when building for multi-threading mode hopefully solves an issue with segfaulting --------------------------------------------------------------------------- Version 1.19.10 (rgerhards), 2007-10-19 - introdcued the new ":modulename:" syntax for calling module actions in selector lines; modified ommysql to support it. This is primarily an aid for further modules and a prequisite to actually allow third party modules to be created. - minor fix in slackware startup script, "-r 0" is now "-r0" - updated rsyslogd doc set man page; now in html format - undid creation of a separate thread for the main loop -- this did not turn out to be needed or useful, so reduce complexity once again. - added doc fixes provided by Michael Biebl - thanks --------------------------------------------------------------------------- Version 1.19.9 (rgerhards), 2007-10-12 - now packaging system which again contains all components in a single tarball - modularized main() a bit more, resulting in less complex code - experimentally added an additional thread - will see if that affects the segfault bug we experience on some platforms. Note that this change is scheduled to be removed again later. --------------------------------------------------------------------------- Version 1.19.8 (rgerhards), 2007-09-27 - improved repeated message processing - applied patch provided by varmojfekoj to support building ommysql in its own way (now also resides in a plugin subdirectory); ommysql is now a separate package - fixed a bug in cvthname() that lead to message loss if part of the source hostname would have been dropped - created some support for distributing ommysql together with the main rsyslog package. I need to re-think it in the future, but for the time being the current mode is best. I now simply include one additional tarball for ommysql inside the main distribution. I look forward to user feedback on how this should be done best. In the long term, a separate project should be spawend for ommysql, but I'd like to do that only after the plugin interface is fully stable (what it is not yet). --------------------------------------------------------------------------- Version 1.19.7 (rgerhards), 2007-09-25 - added code to handle situations where senders send us messages ending with a NUL character. It is now simply removed. This also caused trailing LF reduction to fail, when it was followed by such a NUL. This is now also handled. - replaced some non-thread-safe function calls by their thread-safe counterparts - fixed a minor memory leak that occured when the %APPNAME% property was used (I think nobody used that in practice) - fixed a bug that caused signal handlers in cvthname() not to be restored when a malicious pointer record was detected and processing of the message been stopped for that reason (this should be really rare and can not be related to the segfault bug we are hunting). - fixed a bug in cvthname that lead to passing a wrong parameter - in practice, this had no impact. - general code cleanup (e.g. compiler warnings, comments) --------------------------------------------------------------------------- Version 1.19.6 (rgerhards), 2007-09-11 - applied patch by varmojfekoj to change signal handling to the new sigaction API set (replacing the depreciated signal() calls and its friends. - fixed a bug that in --enable-debug mode caused an assertion when the discard action was used - cleaned up compiler warnings - applied patch by varmojfekoj to FIX a bug that could cause segfaults if empty properties were processed using modifying options (e.g. space-cc, drop-cc) - fixed man bug: rsyslogd supports -l option --------------------------------------------------------------------------- Version 1.19.5 (rgerhards), 2007-09-07 - changed part of the CStr interface so that better error tracking is provided and the calling sequence is more intuitive (there were invalid calls based on a too-weired interface) - (hopefully) fixed some remaining bugs rooted in wrong use of the CStr class. These could lead to program abort. - applied patch by varmojfekoj two fix two potential segfault situations - added $ModDir config directive - modified $ModLoad so that an absolute path may be specified as module name (e.g. /rsyslog/ommysql.so) --------------------------------------------------------------------------- Version 1.19.4 (rgerhards/varmojfekoj), 2007-09-04 - fixed a number of small memory leaks - thanks varmojfekoj for patching - fixed an issue with CString class that could lead to rsyslog abort in tplToString() - thanks varmojfekoj for patching - added a man-version of the config file documenation - thanks to Michel Samia for providing the man file - fixed bug: a template like this causes an infinite loop: $template opts,"%programname:::a,b%" thanks varmojfekoj for the patch - fixed bug: case changing options crash freeing the string pointer because they modify it: $template opts2,"%programname::1:lowercase%" thanks varmojfekoj for the patch --------------------------------------------------------------------------- Version 1.19.3 (mmeckelein/varmojfekoj), 2007-08-31 - small mem leak fixed (after calling parseSelectorAct) - Thx varmojkekoj - documentation section "Regular File" und "Blocks" updated - solved an issue with dynamic file generation - Once again many thanks to varmojfekoj - the negative selector for program name filter (Blocks) does not work as expected - Thanks varmojfekoj for patching - added forwarding information to sysklogd (requires special template) to config doc --------------------------------------------------------------------------- Version 1.19.2 (mmeckelein/varmojfekoj), 2007-08-28 - a specifically formed message caused a segfault - Many thanks varmojfekoj for providing a patch - a typo and a weird condition are fixed in msg.c - Thanks again varmojfekoj - on file creation the file was always owned by root:root. This is fixed now - Thanks ypsa for solving this issue --------------------------------------------------------------------------- Version 1.19.1 (mmeckelein), 2007-08-22 - a bug that caused a high load when a TCP/UDP connection was closed is fixed now - Thanks mildew for solving this issue - fixed a bug which caused a segfault on reinit - Thx varmojfekoj for the patch - changed the hardcoded module path "/lib/rsyslog" to $(pkglibdir) in order to avoid trouble e.g. on 64 bit platforms (/lib64) - many thanks Peter Vrabec and darix, both provided a patch for solving this issue - enhanced the unloading of modules - thanks again varmojfekoj - applied a patch from varmojfekoj which fixes various little things in MySQL output module --------------------------------------------------------------------------- Version 1.19.0 (varmojfekoj/rgerhards), 2007-08-16 - integrated patch from varmojfekoj to make the mysql module a loadable one many thanks for the patch, MUCH appreciated --------------------------------------------------------------------------- Version 1.18.2 (rgerhards), 2007-08-13 - fixed a bug in outchannel code that caused templates to be incorrectly parsed - fixed a bug in ommysql that caused a wrong ";template" missing message - added some code for unloading modules; not yet fully complete (and we do not yet have loadable modules, so this is no problem) - removed debian subdirectory by request of a debian packager (this is a special subdir for debian and there is also no point in maintaining it when there is a debian package available - so I gladly did this) in some cases - improved overall doc quality (some pages were quite old) and linked to more of the online resources. - improved /contrib/delete_mysql script by adding a host option and some other minor modifications --------------------------------------------------------------------------- Version 1.18.1 (rgerhards), 2007-08-08 - applied a patch from varmojfekoj which solved a potential segfault of rsyslogd on HUP - applied patch from Michel Samia to fix compilation when the pthreads feature is disabled - some code cleanup (moved action object to its own file set) - add config directive $MainMsgQueueSize, which now allows to configure the queue size dynamically - all compile-time settings are now shown in rsyslogd -v, not just the active ones - enhanced performance a little bit more - added config file directive $ActionResumeInterval - fixed a bug that prevented compilation under debian sid - added a contrib directory for user-contributed useful things --------------------------------------------------------------------------- Version 1.18.0 (rgerhards), 2007-08-03 - rsyslog now supports fallback actions when an action did not work. This is a great feature e.g. for backup database servers or backup syslog servers - modified rklogd to only change the console log level if -c is specified - added feature to use multiple actions inside a single selector - implemented $ActionExecOnlyWhenPreviousIsSuspended config directive - error messages during startup are now spit out to the configured log destinations --------------------------------------------------------------------------- Version 1.17.6 (rgerhards), 2007-08-01 - continued to work on output module modularization - basic stage of this work is now FINISHED - fixed bug in OMSRcreate() - always returned SR_RET_OK - fixed a bug that caused ommysql to always complain about missing templates - fixed a mem leak in OMSRdestruct - freeing the object itself was forgotten - thanks to varmojfekoj for the patch - fixed a memory leak in syslogd/init() that happend when the config file could not be read - thanks to varmojfekoj for the patch - fixed insufficient memory allocation in addAction() and its helpers. The initial fix and idea was developed by mildew, I fine-tuned it a bit. Thanks a lot for the fix, I'd probably had pulled out my hair to find the bug... - added output of config file line number when a parsing error occured - fixed bug in objomsr.c that caused program to abort in debug mode with an invalid assertion (in some cases) - fixed a typo that caused the default template for MySQL to be wrong. thanks to mildew for catching this. - added configuration file command $DebugPrintModuleList and $DebugPrintCfSysLineHandlerList - fixed an invalid value for the MARK timer - unfortunately, there was a testing aid left in place. This resulted in quite frequent MARK messages - added $IncludeConfig config directive - applied a patch from mildew to prevent rsyslogd from freezing under heavy load. This could happen when the queue was full. Now, we drop messages but rsyslogd remains active. --------------------------------------------------------------------------- Version 1.17.5 (rgerhards), 2007-07-30 - continued to work on output module modularization - fixed a missing file bug - thanks to Andrea Montanari for reporting this problem - fixed a problem with shutting down the worker thread and freeing the selector_t list - this caused messages to be lost, because the message queue was not properly drained before the selectors got destroyed. --------------------------------------------------------------------------- Version 1.17.4 (rgerhards), 2007-07-27 - continued to work on output module modularization - fixed a situation where rsyslogd could create zombie processes thanks to mildew for the patch - applied patch from Michel Samia to fix compilation when NOT compiled for pthreads --------------------------------------------------------------------------- Version 1.17.3 (rgerhards), 2007-07-25 - continued working on output module modularization - fixed a bug that caused rsyslogd to segfault on exit (and probably also on HUP), when there was an unsent message in a selector that required forwarding and the dns lookup failed for that selector (yes, it was pretty unlikely to happen;)) thanks to varmojfekoj for the patch - fixed a memory leak in config file parsing and die() thanks to varmojfekoj for the patch - rsyslogd now checks on startup if it is capable to performa any work at all. If it cant, it complains and terminates thanks to Michel Samia for providing the patch! - fixed a small memory leak when HUPing syslogd. The allowed sender list now gets freed. thanks to mildew for the patch. - changed the way error messages in early startup are logged. They now do no longer use the syslogd code directly but are rather send to stderr. --------------------------------------------------------------------------- Version 1.17.2 (rgerhards), 2007-07-23 - made the port part of the -r option optional. Needed for backward compatibility with sysklogd - replaced system() calls with something more reasonable. Please note that this might break compatibility with some existing configuration files. We accept this in favour of the gained security. - removed a memory leak that could occur if timegenerated was used in RFC 3164 format in templates - did some preparation in msg.c for advanced multithreading - placed the hooks, but not yet any active code - worked further on modularization - added $ModLoad MySQL (dummy) config directive - added DropTrailingLFOnReception config directive --------------------------------------------------------------------------- Version 1.17.1 (rgerhards), 2007-07-20 - fixed a bug that caused make install to install rsyslogd and rklogd under the wrong names - fixed bug that caused $AllowedSenders to handle IPv6 scopes incorrectly; also fixed but that could grabble $AllowedSender wildcards. Thanks to mildew@gmail.com for the patch - minor code cleanup - thanks to Peter Vrabec for the patch - fixed minimal memory leak on HUP (caused by templates) thanks to varmojfekoj for the patch - fixed another memory leak on HUPing and on exiting rsyslogd again thanks to varmojfekoj for the patch - code cleanup (removed compiler warnings) - fixed portability bug in configure.ac - thanks to Bartosz Kuźma for patch - moved msg object into its own file set - added the capability to continue trying to write log files when the file system is full. Functionality based on patch by Martin Schulze to sysklogd package. --------------------------------------------------------------------------- Version 1.17.0 (RGer), 2007-07-17 - added $RepeatedLineReduction config parameter - added $EscapeControlCharactersOnReceive config parameter - added $ControlCharacterEscapePrefix config parameter - added $DirCreateMode config parameter - added $CreateDirs config parameter - added $DebugPrintTemplateList config parameter - added $ResetConfigVariables config parameter - added $FileOwner config parameter - added $FileGroup config parameter - added $DirOwner config parameter - added $DirGroup config parameter - added $FailOnChownFailure config parameter - added regular expression support to the filter engine thanks to Michel Samia for providing the patch! - enhanced $AllowedSender functionality. Credits to mildew@gmail.com for the patch doing that - added IPv6 support - allowed DNS hostnames - allowed DNS wildcard names - added new option $DropMsgsWithMaliciousDnsPTRRecords - added autoconf so that rfc3195d, rsyslogd and klogd are stored to /sbin - added capability to auto-create directories with dynaFiles --------------------------------------------------------------------------- Version 1.16.0 (RGer/Peter Vrabec), 2007-07-13 - The Friday, 13th Release ;) - build system switched to autotools - removed SYSV preprocessor macro use, replaced with autotools equivalents - fixed a bug that caused rsyslogd to segfault when TCP listening was disabled and it terminated - added new properties "syslogfacility-text" and "syslogseverity-text" thanks to varmojfekoj for the patch - added the -x option to disable hostname dns reslution thanks to varmojfekoj for the patch - begun to better modularize syslogd.c - this is an ongoing project; moved type definitions to a separate file - removed some now-unused fields from struct filed - move file size limit fields in struct field to the "right spot" (the file writing part of the union - f_un.f_file) - subdirectories linux and solaris are no longer part of the distribution package. This is not because we cease support for them, but there are no longer any files in them after the move to autotools --------------------------------------------------------------------------- Version 1.15.1 (RGer), 2007-07-10 - fixed a bug that caused a dynaFile selector to stall when there was an open error with one file - improved template processing for dynaFiles; templates are now only looked up during initialization - speeds up processing - optimized memory layout in struct filed when compiled with MySQL support - fixed a bug that caused compilation without SYSLOG_INET to fail - re-enabled the "last message repeated n times" feature. This feature was not taken care of while rsyslogd evolved from sysklogd and it was more or less defunct. Now it is fully functional again. - added system properties: $NOW, $YEAR, $MONTH, $DAY, $HOUR, $MINUTE - fixed a bug in iovAsString() that caused a memory leak under stress conditions (most probably memory shortage). This was unlikely to ever happen, but it doesn't hurt doing it right - cosmetic: defined type "uchar", change all unsigned chars to uchar --------------------------------------------------------------------------- Version 1.15.0 (RGer), 2007-07-05 - added ability to dynamically generate file names based on templates and thus properties. This was a much-requested feature. It makes life easy when it e.g. comes to splitting files based on the sender address. - added $umask and $FileCreateMode config file directives - applied a patch from Bartosz Kuzma to compile cleanly under NetBSD - checks for extra (unexpected) characters in system config file lines have been added - added IPv6 documentation - was accidently missing from CVS - begun to change char to unsigned char --------------------------------------------------------------------------- Version 1.14.2 (RGer), 2007-07-03 ** this release fixes all known nits with IPv6 ** - restored capability to do /etc/service lookup for "syslog" service when -r 0 was given - documented IPv6 handling of syslog messages - integrate patch from Bartosz Kuźma to make rsyslog compile under Solaris again (the patch replaced a strndup() call, which is not available under Solaris - improved debug logging when waiting on select - updated rsyslogd man page with new options (-46A) --------------------------------------------------------------------------- Version 1.14.1 (RGer/Peter Vrabec), 2007-06-29 - added Peter Vrabec's patch for IPv6 TCP - prefixed all messages send to stderr in rsyslogd with "rsyslogd: " --------------------------------------------------------------------------- Version 1.14.0 (RGer/Peter Vrabec), 2007-06-28 - Peter Vrabec provided IPv6 for rsyslog, so we are now IPv6 enabled IPv6 Support is currently for UDP only, TCP is to come soon. AllowedSender configuration does not yet work for IPv6. - fixed code in iovCreate() that broke C's strict aliasing rules - fixed some char/unsigned char differences that forced the compiler to spit out warning messages - updated the Red Hat init script to fix a known issue (thanks to Peter Vrabec) --------------------------------------------------------------------------- Version 1.13.5 (RGer), 2007-06-22 - made the TCP session limit configurable via command line switch now -t , - added man page for rklogd(8) (basically a copy from klogd, but now there is one...) - fixed a bug that caused internal messages (e.g. rsyslogd startup) to appear without a tag. - removed a minor memory leak that occurred when TAG processing requalified a HOSTNAME to be a TAG (and a TAG already was set). - removed potential small memory leaks in MsgSet***() functions. There would be a leak if a property was re-set, something that happened extremely seldom. --------------------------------------------------------------------------- Version 1.13.4 (RGer), 2007-06-18 - added a new property "PRI-text", which holds the PRI field in textual form (e.g. "syslog.info") - added alias "syslogseverity" for "syslogpriority", which is a misleading property name that needs to stay for historical reasons (and backward-compatility) - added doc on how to record PRI value in log file - enhanced signal handling in klogd, including removal of an unsafe call to the logging system during signal handling --------------------------------------------------------------------------- Version 1.13.3 (RGer), 2007-06-15 - create a version of syslog.c from scratch. This is now - highly optimized for rsyslog - removes an incompatible license problem as the original version had a BSD license with advertising clause - fixed in the regard that rklogd will continue to work when rsysogd has been restarted (the original version, as well as sysklogd, will remain silent then) - solved an issue with an extra NUL char at message end that the original version had - applied some changes to klogd to care for the new interface - fixed a bug in syslogd.c which prevented compiling under debian --------------------------------------------------------------------------- Version 1.13.2 (RGer), 2007-06-13 - lib order in makefile patched to facilitate static linking - thanks to Bennett Todd for providing the patch - Integrated a patch from Peter Vrabec (pvrabec@redheat.com): - added klogd under the name of rklogd (remove dependency on original sysklogd package - createDB.sql now in UTF - added additional config files for use on Red Hat --------------------------------------------------------------------------- Version 1.13.1 (RGer), 2007-02-05 - changed the listen backlog limit to a more reasonable value based on the maximum number of TCP connections configurd (10% + 5) - thanks to Guy Standen for the hint (actually, the limit was 5 and that was a left-over from early testing). - fixed a bug in makefile which caused DB-support to be disabled when NETZIP support was enabled - added the -e option to allow transmission of every message to remote hosts (effectively turns off duplicate message suppression) - (somewhat) improved memory consumption when compiled with MySQL support - looks like we fixed an incompatibility with MySQL 5.x and above software At least in one case, the remote server name was destroyed, leading to a connection failure. The new, improved code does not have this issue and so we see this as solved (the new code is generally somewhat better, so there is a good chance we fixed this incompatibility). --------------------------------------------------------------------------- Version 1.13.0 (RGer), 2006-12-19 - added '$' as ToPos proptery replacer specifier - means "up to the end of the string" - property replacer option "escape-cc", "drop-cc" and "space-cc" added - changed the handling of \0 characters inside syslog messages. We now consistently escape them to "#000". This is somewhat recommended in the draft-ietf-syslog-protocol-19 draft. While the real recomendation is to not escape any characters at all, we can not do this without considerable modification of the code. So we escape it to "#000", which is consistent with a sample found in the Internet-draft. - removed message glue logic (see printchopped() comment for details) Also caused removal of parts table and thus some improvements in memory usage. - changed the default MAXLINE to 2048 to take care of recent syslog standardization efforts (can easily be changed in syslogd.c) - added support for byte-counted TCP syslog messages (much like syslog-transport-tls-05 Internet Draft). This was necessary to support compression over TCP. - added support for receiving compressed syslog messages - added support for sending compressed syslog messages - fixed a bug where the last message in a syslog/tcp stream was lost if it was not properly terminated by a LF character --------------------------------------------------------------------------- Version 1.12.3 (RGer), 2006-10-04 - implemented some changes to support Solaris (but support is not yet complete) - commented out (via #if 0) some methods that are currently not being use but should be kept for further us - added (interim) -u 1 option to turn off hostname and tag parsing - done some modifications to better support Fedora - made the field delimiter inside property replace configurable via template - fixed a bug in property replacer: if fields were used, the delimitor became part of the field. Up until now, this was barely noticable as the delimiter as TAB only and thus invisible to a human. With other delimiters available now, it quickly showed up. This bug fix might cause some grief to existing installations if they used the extra TAB for whatever reasons - sorry folks... Anyhow, a solution is easy: just add a TAB character contstant into your template. Thus, there has no attempt been made to do this in a backwards-compatible way. --------------------------------------------------------------------------- Version 1.12.2 (RGer), 2006-02-15 - fixed a bug in the RFC 3339 date formatter. An extra space was added after the actual timestamp - added support for providing high-precision RFC3339 timestamps for (rsyslogd-)internally-generated messages - very (!) experimental support for syslog-protocol internet draft added (the draft is experimental, the code is solid ;)) - added support for field-extracting in the property replacer - enhanced the legacy-syslog parser so that it can interpret messages that do not contain a TIMESTAMP - fixed a bug that caused the default socket (usually /dev/log) to be opened even when -o command line option was given - fixed a bug in the Debian sample startup script - it caused rsyslogd to listen to remote requests, which it shouldn't by default --------------------------------------------------------------------------- Version 1.12.1 (RGer), 2005-11-23 - made multithreading work with BSD. Some signal-handling needed to be restructured. Also, there might be a slight delay of up to 10 seconds when huping and terminating rsyslogd under BSD - fixed a bug where a NULL-pointer was passed to printf() in logmsg(). - fixed a bug during "make install" where rc3195d was not installed Thanks to Bennett Todd for spotting this. - fixed a bug where rsyslogd dumped core when no TAG was found in the received message - enhanced message parser so that it can deal with missing hostnames in many cases (may not be totally fail-safe) - fixed a bug where internally-generated messages did not have the correct TAG --------------------------------------------------------------------------- Version 1.12.0 (RGer), 2005-10-26 - moved to a multi-threaded design. single-threading is still optionally available. Multi-threading is experimental! - fixed a potential race condition. In the original code, marking was done by an alarm handler, which could lead to all sorts of bad things. This has been changed now. See comments in syslogd.c/domark() for details. - improved debug output for property-based filters - not a code change, but: I have checked all exit()s to make sure that none occurs once rsyslogd has started up. Even in unusual conditions (like low-memory conditions) rsyslogd somehow remains active. Of course, it might loose a message or two, but at least it does not abort and it can also recover when the condition no longer persists. - fixed a bug that could cause loss of the last message received immediately before rsyslogd was terminated. - added comments on thread-safety of global variables in syslogd.c - fixed a small bug: spurios printf() when TCP syslog was used - fixed a bug that causes rsyslogd to dump core on termination when one of the selector lines did not receive a message during the run (very unlikely) - fixed an one-too-low memory allocation in the TCP sender. Could result in rsyslogd dumping core. - fixed a bug with regular expression support (thanks to Andres Riancho) - a little bit of code restructuring (especially main(), which was horribly large) --------------------------------------------------------------------------- Version 1.11.1 (RGer), 2005-10-19 - support for BSD-style program name and host blocks - added a new property "programname" that can be used in templates - added ability to specify listen port for rfc3195d - fixed a bug that rendered the "startswith" comparison operation unusable. - changed more functions to "static" storage class to help compiler optimize (should have been static in the first place...) - fixed a potential memory leak in the string buffer class destructor. As the destructur was previously never called, the leak did not actually appear. - some internal restructuring in anticipation/preparation of minimal multi-threading support - rsyslogd still shares some code with the sysklogd project. Some patches for this shared code have been brought over from the sysklogd CVS. --------------------------------------------------------------------------- Version 1.11.0 (RGer), 2005-10-12 - support for receiving messages via RFC 3195; added rfc3195d for that purpose - added an additional guard to prevent rsyslogd from aborting when the 2gb file size limit is hit. While a user can configure rsyslogd to handle such situations, it would abort if that was not done AND large file support was not enabled (ok, this is hopefully an unlikely scenario) - fixed a bug that caused additional Unix domain sockets to be incorrectly processed - could lead to message loss in extreme cases --------------------------------------------------------------------------- Version 1.10.2 (RGer), 2005-09-27 - added comparison operations in property-based filters: * isequal * startswith - added ability to negate all property-based filter comparison operations by adding a !-sign right in front of the operation name - added the ability to specify remote senders for UDP and TCP received messages. Allows to block all but well-known hosts - changed the $-config line directives to be case-INsensitive - new command line option -w added: "do not display warnings if messages from disallowed senders are received" - fixed a bug that caused rsyslogd to dump core when the compare value was not quoted in property-based filters - fixed a bug in the new CStr compare function which lead to invalid results (fortunately, this function was not yet used widely) - added better support for "debugging" rsyslog.conf property filters (only if -d switch is given) - changed some function definitions to static, which eventually enables some compiler optimizations - fixed a bug in MySQL code; when a SQL error occured, rsyslogd could run in a tight loop. This was due to invalid sequence of error reporting and is now fixed. --------------------------------------------------------------------------- Version 1.10.1 (RGer), 2005-09-23 - added the ability to execute a shell script as an action. Thanks to Bjoern Kalkbrenner for providing the code! - fixed a bug in the MySQL code; due to the bug the automatic one-time retry after an error did not happen - this lead to error message in cases where none should be seen (e.g. after a MySQL restart) - fixed a security issue with SQL-escaping in conjunction with non-(SQL-)standard MySQL features. --------------------------------------------------------------------------- Version 1.10.0 (RGer), 2005-09-20 REMINDER: 1.10 is the first unstable version if the 1.x series! - added the capability to filter on any property in selector lines (not just facility and priority) - changed stringbuf into a new counted string class - added support for a "discard" action. If a selector line with discard (~ character) is found, no selector lines *after* that line will be processed. - thanks to Andres Riancho, regular expression support has been added to the template engine - added the FROMHOST property in the template processor, which could previously not be obtained. Thanks to Cristian Testa for pointing this out and even providing a fix. - added display of compile-time options to -v output - performance improvement for production build - made some checks to happen only during debug mode - fixed a problem with compiling on SUSE and - while doing so - removed the socket call to set SO_BSDCOMPAT in cases where it is obsolete. --------------------------------------------------------------------------- Version 1.0.4 (RGer), 2006-02-01 - a small but important fix: the tcp receiver had two forgotten printf's in it that caused a lot of unnecessary output to stdout. This was important enough to justify a new release --------------------------------------------------------------------------- Version 1.0.3 (RGer), 2005-11-14 - added an additional guard to prevent rsyslogd from aborting when the 2gb file size limit is hit. While a user can configure rsyslogd to handle such situations, it would abort if that was not done AND large file support was not enabled (ok, this is hopefully an unlikely scenario) - fixed a bug that caused additional Unix domain sockets to be incorrectly processed - could lead to message loss in extreme cases - applied some patches available from the sysklogd project to code shared from there - fixed a bug that causes rsyslogd to dump core on termination when one of the selector lines did not receive a message during the run (very unlikely) - fixed an one-too-low memory allocation in the TCP sender. Could result in rsyslogd dumping core. - fixed a bug in the TCP sender that caused the retry logic to fail after an error or receiver overrun - fixed a bug in init() that could lead to dumping core - fixed a bug that could lead to dumping core when no HOSTNAME or no TAG was present in the syslog message --------------------------------------------------------------------------- Version 1.0.2 (RGer), 2005-10-05 - fixed an issue with MySQL error reporting. When an error occured, the MySQL driver went into an endless loop (at least in most cases). --------------------------------------------------------------------------- Version 1.0.1 (RGer), 2005-09-23 - fixed a security issue with SQL-escaping in conjunction with non-(SQL-)standard MySQL features. --------------------------------------------------------------------------- Version 1.0.0 (RGer), 2005-09-12 - changed install doc to cover daily cron scripts - a trouble source - added rc script for slackware (provided by Chris Elvidge - thanks!) - fixed a really minor bug in usage() - the -r option was still reported as without the port parameter --------------------------------------------------------------------------- Version 0.9.8 (RGer), 2005-09-05 - made startup and shutdown message more consistent and included the pid, so that they can be easier correlated. Used syslog-protocol structured data format for this purpose. - improved config info in startup message, now tells not only if it is listening remote on udp, but also for tcp. Also includes the port numbers. The previous startup message was misleading, because it did not say "remote reception" if rsyslogd was only listening via tcp (but not via udp). - added a "how can you help" document to the doc set --------------------------------------------------------------------------- Version 0.9.7 (RGer), 2005-08-15 - some of the previous doc files (like INSTALL) did not properly reflect the changes to the build process and the new doc. Fixed that. - changed syslogd.c so that when compiled without database support, an error message is displayed when a database action is detected in the config file (previously this was used as an user rule ;)) - fixed a bug in the os-specific Makefiles which caused MySQL support to not be compiled, even if selected --------------------------------------------------------------------------- Version 0.9.6 (RGer), 2005-08-09 - greatly enhanced documentation. Now available in html format in the "doc" folder and FreeBSD. Finally includes an install howto. - improved MySQL error messages a little - they now show up as log messages, too (formerly only in debug mode) - added the ability to specify the listen port for udp syslog. WARNING: This introduces an incompatibility. Formerly, udp syslog was enabled by the -r command line option. Now, it is "-r [port]", which is consistent with the tcp listener. However, just -r will now return an error message. - added sample startup scripts for Debian and FreeBSD - added support for easy feature selection in the makefile. Un- fortunately, this also means I needed to spilt the make file for different OS and distros. There are some really bad syntax differences between FreeBSD and Linux make. --------------------------------------------------------------------------- Version 0.9.5 (RGer), 2005-08-01 - the "semicolon bug" was actually not (fully) solved in 0.9.4. One part of the bug was solved, but another still existed. This one is fixed now, too. - the "semicolon bug" actually turned out to be a more generic bug. It appeared whenever an invalid template name was given. With some selector actions, rsyslogd dumped core, with other it "just" had a small ressource leak with others all worked well. These anomalies are now fixed. Note that they only appeared during system initaliziation once the system was running, nothing bad happened. - improved error reporting for template errors on startup. They are now shown on the console and the start-up tty. Formerly, they were only visible in debug mode. - support for multiple instances of rsyslogd on a single machine added - added new option "-o" --> omit local unix domain socket. This option enables rsyslogd NOT to listen to the local socket. This is most helpful when multiple instances of rsyslogd (or rsyslogd and another syslogd) shall run on a single system. - added new option "-i " which allows to specify the pidfile. This is needed when multiple instances of rsyslogd are to be run. - the new project home page is now online at www.rsyslog.com --------------------------------------------------------------------------- Version 0.9.4 (RGer), 2005-07-25 - finally added the TCP sender. It now supports non-blocking mode, no longer disabling message reception during connect. As it is now, it is usable in production. The code could be more sophisticated, but I've kept it short in anticipation of the move to liblogging, which will lead to the removal of the code just written ;) - the "exiting on signal..." message still had the "syslogd" name in it. Changed this to "rsyslogd", as we do not have a large user base yet, this should pose no problem. - fixed "the semiconlon" bug. rsyslogd dumped core if a write-db action was specified but no semicolon was given after the password (an empty template was ok, but the semicolon needed to be present). - changed a default for traditional output format. During testing, it was seen that the timestamp written to file in default format was the time of message reception, not the time specified in the TIMESTAMP field of the message itself. Traditionally, the message TIMESTAMP is used and this has been changed now. --------------------------------------------------------------------------- Version 0.9.3 (RGer), 2005-07-19 - fixed a bug in the message parser. In June, the RFC 3164 timestamp was not correctly parsed (yes, only in June and some other months, see the code comment to learn why...) - added the ability to specify the destination port when forwarding syslog messages (both for TCP and UDP) - added an very experimental TCP sender (activated by @@machine:port in config). This is not yet for production use. If the receiver is not alive, rsyslogd will wait quite some time until the connection request times out, which most probably leads to loss of incoming messages. --------------------------------------------------------------------------- Version 0.9.2 (RGer), around 2005-07-06 - I intended to change the maxsupported message size to 32k to support IHE - but given the memory inefficiency in the usual use cases, I have not done this. I have, however, included very specific instructions on how to do this in the source code. I have also done some testing with 32k messages, so you can change the max size without taking too much risk. - added a syslog/tcp receiver; we now can receive messages via plain tcp, but we can still send only via UDP. The syslog/tcp receiver is the primary enhancement of this release. - slightly changed some error messages that contained a spurios \n at the end of the line (which gives empty lines in your log...) --------------------------------------------------------------------------- Version 0.9.1 (RGer) - fixed code so that it compiles without errors under FreeBSD - removed now unused function "allocate_log()" from syslogd.c - changed the make file so that it contains more defines for different environments (in the long term, we need a better system for disabling/enabling features...) - changed some printf's printing off_t types to %lld and explicit (long long) casts. I tried to figure out the exact type, but did not succeed in this. In the worst case, ultra-large peta- byte files will now display funny informational messages on rollover, something I think we can live with for the neersion 3.11.2 (rgerhards), 2008-02-?? --------------------------------------------------------------------------- Version 3.11.1 (rgerhards), 2008-02-12 - SNMP trap sender added thanks to Andre Lorbach (omsnmp) - added input-plugin interface specification in form of a (copy) template input module - applied documentation fix by Michael Biebl -- many thanks! - bugfix: immark did not have MARK flags set... - added x-info field to rsyslogd startup/shutdown message. Hopefully points users to right location for further info (many don't even know they run rsyslog ;)) - bugfix: trailing ":" of tag was lost while parsing legacy syslog messages without timestamp - thanks to Anders Blomdell for providing a patch! - fixed a bug in stringbuf.c related to STRINGBUF_TRIM_ALLOCSIZE, which wasn't supposed to be used with rsyslog. Put a warning message up that tells this feature is not tested and probably not worth the effort. Thanks to Anders Blomdell fro bringing this to our attention - somewhat improved performance of string buffers - fixed bug that caused invalid treatment of tabs (HT) in rsyslog.conf - bugfix: setting for $EscapeCopntrolCharactersOnReceive was not properly initialized - clarified usage of space-cc property replacer option - improved abort diagnostic handler - some initial effort for malloc/free runtime debugging support - bugfix: using dynafile actions caused rsyslogd abort - fixed minor man errors thanks to Michael Biebl --------------------------------------------------------------------------- Version 3.11.0 (rgerhards), 2008-01-31 - implemented queued actions - implemented simple rate limiting for actions - implemented deliberate discarding of lower priority messages over higher priority ones when a queue runs out of space - implemented disk quotas for disk queues - implemented the $ActionResumeRetryCount config directive - added $ActionQueueFilename config directive - added $ActionQueueSize config directive - added $ActionQueueHighWaterMark config directive - added $ActionQueueLowWaterMark config directive - added $ActionQueueDiscardMark config directive - added $ActionQueueDiscardSeverity config directive - added $ActionQueueCheckpointInterval config directive - added $ActionQueueType config directive - added $ActionQueueWorkerThreads config directive - added $ActionQueueTimeoutshutdown config directive - added $ActionQueueTimeoutActionCompletion config directive - added $ActionQueueTimeoutenQueue config directive - added $ActionQueueTimeoutworkerThreadShutdown config directive - added $ActionQueueWorkerThreadMinimumMessages config directive - added $ActionQueueMaxFileSize config directive - added $ActionQueueSaveonShutdown config directive - addded $ActionQueueDequeueSlowdown config directive - addded $MainMsgQueueDequeueSlowdown config directive - bugfix: added forgotten docs to package - improved debugging support - fixed a bug that caused $MainMsgQueueCheckpointInterval to work incorrectly - when a long-running action needs to be cancelled on shutdown, the message that was processed by it is now preserved. This finishes support for guaranteed delivery of messages (if the output supports it, of course) - fixed bug in output module interface, see http://sourceforge.net/tracker/index.php?func=detail&aid=1881008&group_id=123448&atid=696552 - changed the ommysql output plugin so that the (lengthy) connection initialization now takes place in message processing. This works much better with the new queued action mode (fast startup) - fixed a bug that caused a potential hang in file and fwd output module varmojfekoj provided the patch - many thanks! - bugfixed stream class offset handling on 32bit platforms --------------------------------------------------------------------------- Version 3.10.3 (rgerhards), 2008-01-28 - fixed a bug with standard template definitions (not a big deal) - thanks to varmojfekoj for spotting it - run-time instrumentation added - implemented disk-assisted queue mode, which enables on-demand disk spooling if the queue's in-memory queue is exhausted - implemented a dynamic worker thread pool for processing incoming messages; workers are started and shut down as need arises - implemented a run-time instrumentation debug package - implemented the $MainMsgQueueSaveOnShutdown config directive - implemented the $MainMsgQueueWorkerThreadMinimumMessages config directive - implemented the $MainMsgQueueTimeoutWorkerThreadShutdown config directive --------------------------------------------------------------------------- Version 3.10.2 (rgerhards), 2008-01-14 - added the ability to keep stop rsyslogd without the need to drain the main message queue. In disk queue mode, rsyslog continues to run from the point where it stopped. In case of a system failure, it continues to process messages from the last checkpoint. - fixed a bug that caused a segfault on startup when no $WorkDir directive was specified in rsyslog.conf - provided more fine-grain control over shutdown timeouts and added a way to specify the enqueue timeout when the main message queue is full - implemented $MainMsgQueueCheckpointInterval config directive - implemented $MainMsgQueueTimeoutActionCompletion config directive - implemented $MainMsgQueueTimeoutEnqueue config directive - implemented $MainMsgQueueTimeoutShutdown config directive --------------------------------------------------------------------------- Version 3.10.1 (rgerhards), 2008-01-10 - implemented the "disk" queue mode. However, it currently is of very limited use, because it does not support persistence over rsyslogd runs. So when rsyslogd is stopped, the queue is drained just as with the in-memory queue modes. Persistent queues will be a feature of the next release. - performance-optimized string class, should bring an overall improvement - fixed a memory leak in imudp -- thanks to varmojfekoj for the patch - fixed a race condition that could lead to a rsyslogd hang when during HUP or termination - done some doc updates - added $WorkDirectory config directive - added $MainMsgQueueFileName config directive - added $MainMsgQueueMaxFileSize config directive --------------------------------------------------------------------------- Version 3.10.0 (rgerhards), 2008-01-07 - implemented input module interface and initial input modules - enhanced threading for input modules (each on its own thread now) - ability to bind UDP listeners to specific local interfaces/ports and ability to run multiple of them concurrently - added ability to specify listen IP address for UDP syslog server - license changed to GPLv3 - mark messages are now provided by loadble module immark - rklogd is no longer provided. Its functionality has now been taken over by imklog, a loadable input module. This offers a much better integration into rsyslogd and makes sure that the kernel logger process is brought up and down at the appropriate times - enhanced $IncludeConfig directive to support wildcard characters (thanks to Michael Biebl) - all inputs are now implemented as loadable plugins - enhanced threading model: each input module now runs on its own thread - enhanced message queue which now supports different queueing methods (among others, this can be used for performance fine-tuning) - added a large number of new configuration directives for the new input modules - enhanced multi-threading utilizing a worker thread pool for the main message queue - compilation without pthreads is no longer supported - much cleaner code due to new objects and removal of single-threading mode --------------------------------------------------------------------------- Version 2.0.1 STABLE (rgerhards), 2008-01-24 - fixed a bug in integer conversion - but this function was never called, so it is not really a useful bug fix ;) - fixed a bug with standard template definitions (not a big deal) - thanks to varmojfekoj for spotting it - fixed a bug that caused a potential hang in file and fwd output module varmojfekoj provided the patch - many thanks! --------------------------------------------------------------------------- Version 2.0.0 STABLE (rgerhards), 2008-01-02 - re-release of 1.21.2 as STABLE with no modifications except some doc updates --------------------------------------------------------------------------- Version 1.21.2 (rgerhards), 2007-12-28 - created a gss-api output module. This keeps GSS-API code and TCP/UDP code separated. It is also important for forward- compatibility with v3. Please note that this change breaks compatibility with config files created for 1.21.0 and 1.21.1 - this was considered acceptable. - fixed an error in forwarding retry code (could lead to message corruption but surfaced very seldom) - increased portability for older platforms (AI_NUMERICSERV moved) - removed socket leak in omfwd.c - cross-platform patch for GSS-API compile problem on some platforms thanks to darix for the patch! --------------------------------------------------------------------------- Version 1.21.1 (rgerhards), 2007-12-23 - small doc fix for $IncludeConfig - fixed a bug in llDestroy() - bugfix: fixing memory leak when message queue is full and during parsing. Thanks to varmojfekoj for the patch. - bugfix: when compiled without network support, unix sockets were not properply closed - bugfix: memory leak in cfsysline.c/doGetWord() fixed --------------------------------------------------------------------------- Version 1.21.0 (rgerhards), 2007-12-19 - GSS-API support for syslog/TCP connections was added. Thanks to varmojfekoj for providing the patch with this functionality - code cleanup - enhanced $IncludeConfig directive to support wildcard filenames - changed some multithreading synchronization --------------------------------------------------------------------------- Version 1.20.1 (rgerhards), 2007-12-12 - corrected a debug setting that survived release. Caused TCP connections to be retried unnecessarily often. - When a hostname ACL was provided and DNS resolution for that name failed, ACL processing was stopped at that point. Thanks to mildew for the patch. Fedora Bugzilla: http://bugzilla.redhat.com/show_bug.cgi?id=395911 - fixed a potential race condition, see link for details: http://rgerhards.blogspot.com/2007/12/rsyslog-race-condition.html Note that the probability of problems from this bug was very remote - fixed a memory leak that happend when PostgreSQL date formats were used --------------------------------------------------------------------------- Version 1.20.0 (rgerhards), 2007-12-07 - an output module for postgres databases has been added. Thanks to sur5r for contributing this code - unloading dynamic modules has been cleaned up, we now have a real implementation and not just a dummy "good enough for the time being". - enhanced platform independence - thanks to Bartosz Kuzma and Michael Biebl for their very useful contributions - some general code cleanup (including warnings on 64 platforms, only) --------------------------------------------------------------------------- Version 1.19.12 (rgerhards), 2007-12-03 - cleaned up the build system (thanks to Michael Biebl for the patch) - fixed a bug where ommysql was still not compiled with -pthread option --------------------------------------------------------------------------- Version 1.19.11 (rgerhards), 2007-11-29 - applied -pthread option to build when building for multi-threading mode hopefully solves an issue with segfaulting --------------------------------------------------------------------------- Version 1.19.10 (rgerhards), 2007-10-19 - introdcued the new ":modulename:" syntax for calling module actions in selector lines; modified ommysql to support it. This is primarily an aid for further modules and a prequisite to actually allow third party modules to be created. - minor fix in slackware startup script, "-r 0" is now "-r0" - updated rsyslogd doc set man page; now in html format - undid creation of a separate thread for the main loop -- this did not turn out to be needed or useful, so reduce complexity once again. - added doc fixes provided by Michael Biebl - thanks --------------------------------------------------------------------------- Version 1.19.9 (rgerhards), 2007-10-12 - now packaging system which again contains all components in a single tarball - modularized main() a bit more, resulting in less complex code - experimentally added an additional thread - will see if that affects the segfault bug we experience on some platforms. Note that this change is scheduled to be removed again later. --------------------------------------------------------------------------- Version 1.19.8 (rgerhards), 2007-09-27 - improved repeated message processing - applied patch provided by varmojfekoj to support building ommysql in its own way (now also resides in a plugin subdirectory); ommysql is now a separate package - fixed a bug in cvthname() that lead to message loss if part of the source hostname would have been dropped - created some support for distributing ommysql together with the main rsyslog package. I need to re-think it in the future, but for the time being the current mode is best. I now simply include one additional tarball for ommysql inside the main distribution. I look forward to user feedback on how this should be done best. In the long term, a separate project should be spawend for ommysql, but I'd like to do that only after the plugin interface is fully stable (what it is not yet). --------------------------------------------------------------------------- Version 1.19.7 (rgerhards), 2007-09-25 - added code to handle situations where senders send us messages ending with a NUL character. It is now simply removed. This also caused trailing LF reduction to fail, when it was followed by such a NUL. This is now also handled. - replaced some non-thread-safe function calls by their thread-safe counterparts - fixed a minor memory leak that occured when the %APPNAME% property was used (I think nobody used that in practice) - fixed a bug that caused signal handlers in cvthname() not to be restored when a malicious pointer record was detected and processing of the message been stopped for that reason (this should be really rare and can not be related to the segfault bug we are hunting). - fixed a bug in cvthname that lead to passing a wrong parameter - in practice, this had no impact. - general code cleanup (e.g. compiler warnings, comments) --------------------------------------------------------------------------- Version 1.19.6 (rgerhards), 2007-09-11 - applied patch by varmojfekoj to change signal handling to the new sigaction API set (replacing the depreciated signal() calls and its friends. - fixed a bug that in --enable-debug mode caused an assertion when the discard action was used - cleaned up compiler warnings - applied patch by varmojfekoj to FIX a bug that could cause segfaults if empty properties were processed using modifying options (e.g. space-cc, drop-cc) - fixed man bug: rsyslogd supports -l option --------------------------------------------------------------------------- Version 1.19.5 (rgerhards), 2007-09-07 - changed part of the CStr interface so that better error tracking is provided and the calling sequence is more intuitive (there were invalid calls based on a too-weired interface) - (hopefully) fixed some remaining bugs rooted in wrong use of the CStr class. These could lead to program abort. - applied patch by varmojfekoj two fix two potential segfault situations - added $ModDir config directive - modified $ModLoad so that an absolute path may be specified as module name (e.g. /rsyslog/ommysql.so) --------------------------------------------------------------------------- Version 1.19.4 (rgerhards/varmojfekoj), 2007-09-04 - fixed a number of small memory leaks - thanks varmojfekoj for patching - fixed an issue with CString class that could lead to rsyslog abort in tplToString() - thanks varmojfekoj for patching - added a man-version of the config file documenation - thanks to Michel Samia for providing the man file - fixed bug: a template like this causes an infinite loop: $template opts,"%programname:::a,b%" thanks varmojfekoj for the patch - fixed bug: case changing options crash freeing the string pointer because they modify it: $template opts2,"%programname::1:lowercase%" thanks varmojfekoj for the patch --------------------------------------------------------------------------- Version 1.19.3 (mmeckelein/varmojfekoj), 2007-08-31 - small mem leak fixed (after calling parseSelectorAct) - Thx varmojkekoj - documentation section "Regular File" und "Blocks" updated - solved an issue with dynamic file generation - Once again many thanks to varmojfekoj - the negative selector for program name filter (Blocks) does not work as expected - Thanks varmojfekoj for patching - added forwarding information to sysklogd (requires special template) to config doc --------------------------------------------------------------------------- Version 1.19.2 (mmeckelein/varmojfekoj), 2007-08-28 - a specifically formed message caused a segfault - Many thanks varmojfekoj for providing a patch - a typo and a weird condition are fixed in msg.c - Thanks again varmojfekoj - on file creation the file was always owned by root:root. This is fixed now - Thanks ypsa for solving this issue --------------------------------------------------------------------------- Version 1.19.1 (mmeckelein), 2007-08-22 - a bug that caused a high load when a TCP/UDP connection was closed is fixed now - Thanks mildew for solving this issue - fixed a bug which caused a segfault on reinit - Thx varmojfekoj for the patch - changed the hardcoded module path "/lib/rsyslog" to $(pkglibdir) in order to avoid trouble e.g. on 64 bit platforms (/lib64) - many thanks Peter Vrabec and darix, both provided a patch for solving this issue - enhanced the unloading of modules - thanks again varmojfekoj - applied a patch from varmojfekoj which fixes various little things in MySQL output module --------------------------------------------------------------------------- Version 1.19.0 (varmojfekoj/rgerhards), 2007-08-16 - integrated patch from varmojfekoj to make the mysql module a loadable one many thanks for the patch, MUCH appreciated --------------------------------------------------------------------------- Version 1.18.2 (rgerhards), 2007-08-13 - fixed a bug in outchannel code that caused templates to be incorrectly parsed - fixed a bug in ommysql that caused a wrong ";template" missing message - added some code for unloading modules; not yet fully complete (and we do not yet have loadable modules, so this is no problem) - removed debian subdirectory by request of a debian packager (this is a special subdir for debian and there is also no point in maintaining it when there is a debian package available - so I gladly did this) in some cases - improved overall doc quality (some pages were quite old) and linked to more of the online resources. - improved /contrib/delete_mysql script by adding a host option and some other minor modifications --------------------------------------------------------------------------- Version 1.18.1 (rgerhards), 2007-08-08 - applied a patch from varmojfekoj which solved a potential segfault of rsyslogd on HUP - applied patch from Michel Samia to fix compilation when the pthreads feature is disabled - some code cleanup (moved action object to its own file set) - add config directive $MainMsgQueueSize, which now allows to configure the queue size dynamically - all compile-time settings are now shown in rsyslogd -v, not just the active ones - enhanced performance a little bit more - added config file directive $ActionResumeInterval - fixed a bug that prevented compilation under debian sid - added a contrib directory for user-contributed useful things --------------------------------------------------------------------------- Version 1.18.0 (rgerhards), 2007-08-03 - rsyslog now supports fallback actions when an action did not work. This is a great feature e.g. for backup database servers or backup syslog servers - modified rklogd to only change the console log level if -c is specified - added feature to use multiple actions inside a single selector - implemented $ActionExecOnlyWhenPreviousIsSuspended config directive - error messages during startup are now spit out to the configured log destinations --------------------------------------------------------------------------- Version 1.17.6 (rgerhards), 2007-08-01 - continued to work on output module modularization - basic stage of this work is now FINISHED - fixed bug in OMSRcreate() - always returned SR_RET_OK - fixed a bug that caused ommysql to always complain about missing templates - fixed a mem leak in OMSRdestruct - freeing the object itself was forgotten - thanks to varmojfekoj for the patch - fixed a memory leak in syslogd/init() that happend when the config file could not be read - thanks to varmojfekoj for the patch - fixed insufficient memory allocation in addAction() and its helpers. The initial fix and idea was developed by mildew, I fine-tuned it a bit. Thanks a lot for the fix, I'd probably had pulled out my hair to find the bug... - added output of config file line number when a parsing error occured - fixed bug in objomsr.c that caused program to abort in debug mode with an invalid assertion (in some cases) - fixed a typo that caused the default template for MySQL to be wrong. thanks to mildew for catching this. - added configuration file command $DebugPrintModuleList and $DebugPrintCfSysLineHandlerList - fixed an invalid value for the MARK timer - unfortunately, there was a testing aid left in place. This resulted in quite frequent MARK messages - added $IncludeConfig config directive - applied a patch from mildew to prevent rsyslogd from freezing under heavy load. This could happen when the queue was full. Now, we drop messages but rsyslogd remains active. --------------------------------------------------------------------------- Version 1.17.5 (rgerhards), 2007-07-30 - continued to work on output module modularization - fixed a missing file bug - thanks to Andrea Montanari for reporting this problem - fixed a problem with shutting down the worker thread and freeing the selector_t list - this caused messages to be lost, because the message queue was not properly drained before the selectors got destroyed. --------------------------------------------------------------------------- Version 1.17.4 (rgerhards), 2007-07-27 - continued to work on output module modularization - fixed a situation where rsyslogd could create zombie processes thanks to mildew for the patch - applied patch from Michel Samia to fix compilation when NOT compiled for pthreads --------------------------------------------------------------------------- Version 1.17.3 (rgerhards), 2007-07-25 - continued working on output module modularization - fixed a bug that caused rsyslogd to segfault on exit (and probably also on HUP), when there was an unsent message in a selector that required forwarding and the dns lookup failed for that selector (yes, it was pretty unlikely to happen;)) thanks to varmojfekoj for the patch - fixed a memory leak in config file parsing and die() thanks to varmojfekoj for the patch - rsyslogd now checks on startup if it is capable to performa any work at all. If it cant, it complains and terminates thanks to Michel Samia for providing the patch! - fixed a small memory leak when HUPing syslogd. The allowed sender list now gets freed. thanks to mildew for the patch. - changed the way error messages in early startup are logged. They now do no longer use the syslogd code directly but are rather send to stderr. --------------------------------------------------------------------------- Version 1.17.2 (rgerhards), 2007-07-23 - made the port part of the -r option optional. Needed for backward compatibility with sysklogd - replaced system() calls with something more reasonable. Please note that this might break compatibility with some existing configuration files. We accept this in favour of the gained security. - removed a memory leak that could occur if timegenerated was used in RFC 3164 format in templates - did some preparation in msg.c for advanced multithreading - placed the hooks, but not yet any active code - worked further on modularization - added $ModLoad MySQL (dummy) config directive - added DropTrailingLFOnReception config directive --------------------------------------------------------------------------- Version 1.17.1 (rgerhards), 2007-07-20 - fixed a bug that caused make install to install rsyslogd and rklogd under the wrong names - fixed bug that caused $AllowedSenders to handle IPv6 scopes incorrectly; also fixed but that could grabble $AllowedSender wildcards. Thanks to mildew@gmail.com for the patch - minor code cleanup - thanks to Peter Vrabec for the patch - fixed minimal memory leak on HUP (caused by templates) thanks to varmojfekoj for the patch - fixed another memory leak on HUPing and on exiting rsyslogd again thanks to varmojfekoj for the patch - code cleanup (removed compiler warnings) - fixed portability bug in configure.ac - thanks to Bartosz Kuźma for patch - moved msg object into its own file set - added the capability to continue trying to write log files when the file system is full. Functionality based on patch by Martin Schulze to sysklogd package. --------------------------------------------------------------------------- Version 1.17.0 (RGer), 2007-07-17 - added $RepeatedLineReduction config parameter - added $EscapeControlCharactersOnReceive config parameter - added $ControlCharacterEscapePrefix config parameter - added $DirCreateMode config parameter - added $CreateDirs config parameter - added $DebugPrintTemplateList config parameter - added $ResetConfigVariables config parameter - added $FileOwner config parameter - added $FileGroup config parameter - added $DirOwner config parameter - added $DirGroup config parameter - added $FailOnChownFailure config parameter - added regular expression support to the filter engine thanks to Michel Samia for providing the patch! - enhanced $AllowedSender functionality. Credits to mildew@gmail.com for the patch doing that - added IPv6 support - allowed DNS hostnames - allowed DNS wildcard names - added new option $DropMsgsWithMaliciousDnsPTRRecords - added autoconf so that rfc3195d, rsyslogd and klogd are stored to /sbin - added capability to auto-create directories with dynaFiles --------------------------------------------------------------------------- Version 1.16.0 (RGer/Peter Vrabec), 2007-07-13 - The Friday, 13th Release ;) - build system switched to autotools - removed SYSV preprocessor macro use, replaced with autotools equivalents - fixed a bug that caused rsyslogd to segfault when TCP listening was disabled and it terminated - added new properties "syslogfacility-text" and "syslogseverity-text" thanks to varmojfekoj for the patch - added the -x option to disable hostname dns reslution thanks to varmojfekoj for the patch - begun to better modularize syslogd.c - this is an ongoing project; moved type definitions to a separate file - removed some now-unused fields from struct filed - move file size limit fields in struct field to the "right spot" (the file writing part of the union - f_un.f_file) - subdirectories linux and solaris are no longer part of the distribution package. This is not because we cease support for them, but there are no longer any files in them after the move to autotools --------------------------------------------------------------------------- Version 1.15.1 (RGer), 2007-07-10 - fixed a bug that caused a dynaFile selector to stall when there was an open error with one file - improved template processing for dynaFiles; templates are now only looked up during initialization - speeds up processing - optimized memory layout in struct filed when compiled with MySQL support - fixed a bug that caused compilation without SYSLOG_INET to fail - re-enabled the "last message repeated n times" feature. This feature was not taken care of while rsyslogd evolved from sysklogd and it was more or less defunct. Now it is fully functional again. - added system properties: $NOW, $YEAR, $MONTH, $DAY, $HOUR, $MINUTE - fixed a bug in iovAsString() that caused a memory leak under stress conditions (most probably memory shortage). This was unlikely to ever happen, but it doesn't hurt doing it right - cosmetic: defined type "uchar", change all unsigned chars to uchar --------------------------------------------------------------------------- Version 1.15.0 (RGer), 2007-07-05 - added ability to dynamically generate file names based on templates and thus properties. This was a much-requested feature. It makes life easy when it e.g. comes to splitting files based on the sender address. - added $umask and $FileCreateMode config file directives - applied a patch from Bartosz Kuzma to compile cleanly under NetBSD - checks for extra (unexpected) characters in system config file lines have been added - added IPv6 documentation - was accidently missing from CVS - begun to change char to unsigned char --------------------------------------------------------------------------- Version 1.14.2 (RGer), 2007-07-03 ** this release fixes all known nits with IPv6 ** - restored capability to do /etc/service lookup for "syslog" service when -r 0 was given - documented IPv6 handling of syslog messages - integrate patch from Bartosz Kuźma to make rsyslog compile under Solaris again (the patch replaced a strndup() call, which is not available under Solaris - improved debug logging when waiting on select - updated rsyslogd man page with new options (-46A) --------------------------------------------------------------------------- Version 1.14.1 (RGer/Peter Vrabec), 2007-06-29 - added Peter Vrabec's patch for IPv6 TCP - prefixed all messages send to stderr in rsyslogd with "rsyslogd: " --------------------------------------------------------------------------- Version 1.14.0 (RGer/Peter Vrabec), 2007-06-28 - Peter Vrabec provided IPv6 for rsyslog, so we are now IPv6 enabled IPv6 Support is currently for UDP only, TCP is to come soon. AllowedSender configuration does not yet work for IPv6. - fixed code in iovCreate() that broke C's strict aliasing rules - fixed some char/unsigned char differences that forced the compiler to spit out warning messages - updated the Red Hat init script to fix a known issue (thanks to Peter Vrabec) --------------------------------------------------------------------------- Version 1.13.5 (RGer), 2007-06-22 - made the TCP session limit configurable via command line switch now -t , - added man page for rklogd(8) (basically a copy from klogd, but now there is one...) - fixed a bug that caused internal messages (e.g. rsyslogd startup) to appear without a tag. - removed a minor memory leak that occurred when TAG processing requalified a HOSTNAME to be a TAG (and a TAG already was set). - removed potential small memory leaks in MsgSet***() functions. There would be a leak if a property was re-set, something that happened extremely seldom. --------------------------------------------------------------------------- Version 1.13.4 (RGer), 2007-06-18 - added a new property "PRI-text", which holds the PRI field in textual form (e.g. "syslog.info") - added alias "syslogseverity" for "syslogpriority", which is a misleading property name that needs to stay for historical reasons (and backward-compatility) - added doc on how to record PRI value in log file - enhanced signal handling in klogd, including removal of an unsafe call to the logging system during signal handling --------------------------------------------------------------------------- Version 1.13.3 (RGer), 2007-06-15 - create a version of syslog.c from scratch. This is now - highly optimized for rsyslog - removes an incompatible license problem as the original version had a BSD license with advertising clause - fixed in the regard that rklogd will continue to work when rsysogd has been restarted (the original version, as well as sysklogd, will remain silent then) - solved an issue with an extra NUL char at message end that the original version had - applied some changes to klogd to care for the new interface - fixed a bug in syslogd.c which prevented compiling under debian --------------------------------------------------------------------------- Version 1.13.2 (RGer), 2007-06-13 - lib order in makefile patched to facilitate static linking - thanks to Bennett Todd for providing the patch - Integrated a patch from Peter Vrabec (pvrabec@redheat.com): - added klogd under the name of rklogd (remove dependency on original sysklogd package - createDB.sql now in UTF - added additional config files for use on Red Hat --------------------------------------------------------------------------- Version 1.13.1 (RGer), 2007-02-05 - changed the listen backlog limit to a more reasonable value based on the maximum number of TCP connections configurd (10% + 5) - thanks to Guy Standen for the hint (actually, the limit was 5 and that was a left-over from early testing). - fixed a bug in makefile which caused DB-support to be disabled when NETZIP support was enabled - added the -e option to allow transmission of every message to remote hosts (effectively turns off duplicate message suppression) - (somewhat) improved memory consumption when compiled with MySQL support - looks like we fixed an incompatibility with MySQL 5.x and above software At least in one case, the remote server name was destroyed, leading to a connection failure. The new, improved code does not have this issue and so we see this as solved (the new code is generally somewhat better, so there is a good chance we fixed this incompatibility). --------------------------------------------------------------------------- Version 1.13.0 (RGer), 2006-12-19 - added '$' as ToPos proptery replacer specifier - means "up to the end of the string" - property replacer option "escape-cc", "drop-cc" and "space-cc" added - changed the handling of \0 characters inside syslog messages. We now consistently escape them to "#000". This is somewhat recommended in the draft-ietf-syslog-protocol-19 draft. While the real recomendation is to not escape any characters at all, we can not do this without considerable modification of the code. So we escape it to "#000", which is consistent with a sample found in the Internet-draft. - removed message glue logic (see printchopped() comment for details) Also caused removal of parts table and thus some improvements in memory usage. - changed the default MAXLINE to 2048 to take care of recent syslog standardization efforts (can easily be changed in syslogd.c) - added support for byte-counted TCP syslog messages (much like syslog-transport-tls-05 Internet Draft). This was necessary to support compression over TCP. - added support for receiving compressed syslog messages - added support for sending compressed syslog messages - fixed a bug where the last message in a syslog/tcp stream was lost if it was not properly terminated by a LF character --------------------------------------------------------------------------- Version 1.12.3 (RGer), 2006-10-04 - implemented some changes to support Solaris (but support is not yet complete) - commented out (via #if 0) some methods that are currently not being use but should be kept for further us - added (interim) -u 1 option to turn off hostname and tag parsing - done some modifications to better support Fedora - made the field delimiter inside property replace configurable via template - fixed a bug in property replacer: if fields were used, the delimitor became part of the field. Up until now, this was barely noticable as the delimiter as TAB only and thus invisible to a human. With other delimiters available now, it quickly showed up. This bug fix might cause some grief to existing installations if they used the extra TAB for whatever reasons - sorry folks... Anyhow, a solution is easy: just add a TAB character contstant into your template. Thus, there has no attempt been made to do this in a backwards-compatible way. --------------------------------------------------------------------------- Version 1.12.2 (RGer), 2006-02-15 - fixed a bug in the RFC 3339 date formatter. An extra space was added after the actual timestamp - added support for providing high-precision RFC3339 timestamps for (rsyslogd-)internally-generated messages - very (!) experimental support for syslog-protocol internet draft added (the draft is experimental, the code is solid ;)) - added support for field-extracting in the property replacer - enhanced the legacy-syslog parser so that it can interpret messages that do not contain a TIMESTAMP - fixed a bug that caused the default socket (usually /dev/log) to be opened even when -o command line option was given - fixed a bug in the Debian sample startup script - it caused rsyslogd to listen to remote requests, which it shouldn't by default --------------------------------------------------------------------------- Version 1.12.1 (RGer), 2005-11-23 - made multithreading work with BSD. Some signal-handling needed to be restructured. Also, there might be a slight delay of up to 10 seconds when huping and terminating rsyslogd under BSD - fixed a bug where a NULL-pointer was passed to printf() in logmsg(). - fixed a bug during "make install" where rc3195d was not installed Thanks to Bennett Todd for spotting this. - fixed a bug where rsyslogd dumped core when no TAG was found in the received message - enhanced message parser so that it can deal with missing hostnames in many cases (may not be totally fail-safe) - fixed a bug where internally-generated messages did not have the correct TAG --------------------------------------------------------------------------- Version 1.12.0 (RGer), 2005-10-26 - moved to a multi-threaded design. single-threading is still optionally available. Multi-threading is experimental! - fixed a potential race condition. In the original code, marking was done by an alarm handler, which could lead to all sorts of bad things. This has been changed now. See comments in syslogd.c/domark() for details. - improved debug output for property-based filters - not a code change, but: I have checked all exit()s to make sure that none occurs once rsyslogd has started up. Even in unusual conditions (like low-memory conditions) rsyslogd somehow remains active. Of course, it might loose a message or two, but at least it does not abort and it can also recover when the condition no longer persists. - fixed a bug that could cause loss of the last message received immediately before rsyslogd was terminated. - added comments on thread-safety of global variables in syslogd.c - fixed a small bug: spurios printf() when TCP syslog was used - fixed a bug that causes rsyslogd to dump core on termination when one of the selector lines did not receive a message during the run (very unlikely) - fixed an one-too-low memory allocation in the TCP sender. Could result in rsyslogd dumping core. - fixed a bug with regular expression support (thanks to Andres Riancho) - a little bit of code restructuring (especially main(), which was horribly large) --------------------------------------------------------------------------- Version 1.11.1 (RGer), 2005-10-19 - support for BSD-style program name and host blocks - added a new property "programname" that can be used in templates - added ability to specify listen port for rfc3195d - fixed a bug that rendered the "startswith" comparison operation unusable. - changed more functions to "static" storage class to help compiler optimize (should have been static in the first place...) - fixed a potential memory leak in the string buffer class destructor. As the destructur was previously never called, the leak did not actually appear. - some internal restructuring in anticipation/preparation of minimal multi-threading support - rsyslogd still shares some code with the sysklogd project. Some patches for this shared code have been brought over from the sysklogd CVS. --------------------------------------------------------------------------- Version 1.11.0 (RGer), 2005-10-12 - support for receiving messages via RFC 3195; added rfc3195d for that purpose - added an additional guard to prevent rsyslogd from aborting when the 2gb file size limit is hit. While a user can configure rsyslogd to handle such situations, it would abort if that was not done AND large file support was not enabled (ok, this is hopefully an unlikely scenario) - fixed a bug that caused additional Unix domain sockets to be incorrectly processed - could lead to message loss in extreme cases --------------------------------------------------------------------------- Version 1.10.2 (RGer), 2005-09-27 - added comparison operations in property-based filters: * isequal * startswith - added ability to negate all property-based filter comparison operations by adding a !-sign right in front of the operation name - added the ability to specify remote senders for UDP and TCP received messages. Allows to block all but well-known hosts - changed the $-config line directives to be case-INsensitive - new command line option -w added: "do not display warnings if messages from disallowed senders are received" - fixed a bug that caused rsyslogd to dump core when the compare value was not quoted in property-based filters - fixed a bug in the new CStr compare function which lead to invalid results (fortunately, this function was not yet used widely) - added better support for "debugging" rsyslog.conf property filters (only if -d switch is given) - changed some function definitions to static, which eventually enables some compiler optimizations - fixed a bug in MySQL code; when a SQL error occured, rsyslogd could run in a tight loop. This was due to invalid sequence of error reporting and is now fixed. --------------------------------------------------------------------------- Version 1.10.1 (RGer), 2005-09-23 - added the ability to execute a shell script as an action. Thanks to Bjoern Kalkbrenner for providing the code! - fixed a bug in the MySQL code; due to the bug the automatic one-time retry after an error did not happen - this lead to error message in cases where none should be seen (e.g. after a MySQL restart) - fixed a security issue with SQL-escaping in conjunction with non-(SQL-)standard MySQL features. --------------------------------------------------------------------------- Version 1.10.0 (RGer), 2005-09-20 REMINDER: 1.10 is the first unstable version if the 1.x series! - added the capability to filter on any property in selector lines (not just facility and priority) - changed stringbuf into a new counted string class - added support for a "discard" action. If a selector line with discard (~ character) is found, no selector lines *after* that line will be processed. - thanks to Andres Riancho, regular expression support has been added to the template engine - added the FROMHOST property in the template processor, which could previously not be obtained. Thanks to Cristian Testa for pointing this out and even providing a fix. - added display of compile-time options to -v output - performance improvement for production build - made some checks to happen only during debug mode - fixed a problem with compiling on SUSE and - while doing so - removed the socket call to set SO_BSDCOMPAT in cases where it is obsolete. --------------------------------------------------------------------------- Version 1.0.4 (RGer), 2006-02-01 - a small but important fix: the tcp receiver had two forgotten printf's in it that caused a lot of unnecessary output to stdout. This was important enough to justify a new release --------------------------------------------------------------------------- Version 1.0.3 (RGer), 2005-11-14 - added an additional guard to prevent rsyslogd from aborting when the 2gb file size limit is hit. While a user can configure rsyslogd to handle such situations, it would abort if that was not done AND large file support was not enabled (ok, this is hopefully an unlikely scenario) - fixed a bug that caused additional Unix domain sockets to be incorrectly processed - could lead to message loss in extreme cases - applied some patches available from the sysklogd project to code shared from there - fixed a bug that causes rsyslogd to dump core on termination when one of the selector lines did not receive a message during the run (very unlikely) - fixed an one-too-low memory allocation in the TCP sender. Could result in rsyslogd dumping core. - fixed a bug in the TCP sender that caused the retry logic to fail after an error or receiver overrun - fixed a bug in init() that could lead to dumping core - fixed a bug that could lead to dumping core when no HOSTNAME or no TAG was present in the syslog message --------------------------------------------------------------------------- Version 1.0.2 (RGer), 2005-10-05 - fixed an issue with MySQL error reporting. When an error occured, the MySQL driver went into an endless loop (at least in most cases). --------------------------------------------------------------------------- Version 1.0.1 (RGer), 2005-09-23 - fixed a security issue with SQL-escaping in conjunction with non-(SQL-)standard MySQL features. --------------------------------------------------------------------------- Version 1.0.0 (RGer), 2005-09-12 - changed install doc to cover daily cron scripts - a trouble source - added rc script for slackware (provided by Chris Elvidge - thanks!) - fixed a really minor bug in usage() - the -r option was still reported as without the port parameter --------------------------------------------------------------------------- Version 0.9.8 (RGer), 2005-09-05 - made startup and shutdown message more consistent and included the pid, so that they can be easier correlated. Used syslog-protocol structured data format for this purpose. - improved config info in startup message, now tells not only if it is listening remote on udp, but also for tcp. Also includes the port numbers. The previous startup message was misleading, because it did not say "remote reception" if rsyslogd was only listening via tcp (but not via udp). - added a "how can you help" document to the doc set --------------------------------------------------------------------------- Version 0.9.7 (RGer), 2005-08-15 - some of the previous doc files (like INSTALL) did not properly reflect the changes to the build process and the new doc. Fixed that. - changed syslogd.c so that when compiled without database support, an error message is displayed when a database action is detected in the config file (previously this was used as an user rule ;)) - fixed a bug in the os-specific Makefiles which caused MySQL support to not be compiled, even if selected --------------------------------------------------------------------------- Version 0.9.6 (RGer), 2005-08-09 - greatly enhanced documentation. Now available in html format in the "doc" folder and FreeBSD. Finally includes an install howto. - improved MySQL error messages a little - they now show up as log messages, too (formerly only in debug mode) - added the ability to specify the listen port for udp syslog. WARNING: This introduces an incompatibility. Formerly, udp syslog was enabled by the -r command line option. Now, it is "-r [port]", which is consistent with the tcp listener. However, just -r will now return an error message. - added sample startup scripts for Debian and FreeBSD - added support for easy feature selection in the makefile. Un- fortunately, this also means I needed to spilt the make file for different OS and distros. There are some really bad syntax differences between FreeBSD and Linux make. --------------------------------------------------------------------------- Version 0.9.5 (RGer), 2005-08-01 - the "semicolon bug" was actually not (fully) solved in 0.9.4. One part of the bug was solved, but another still existed. This one is fixed now, too. - the "semicolon bug" actually turned out to be a more generic bug. It appeared whenever an invalid template name was given. With some selector actions, rsyslogd dumped core, with other it "just" had a small ressource leak with others all worked well. These anomalies are now fixed. Note that they only appeared during system initaliziation once the system was running, nothing bad happened. - improved error reporting for template errors on startup. They are now shown on the console and the start-up tty. Formerly, they were only visible in debug mode. - support for multiple instances of rsyslogd on a single machine added - added new option "-o" --> omit local unix domain socket. This option enables rsyslogd NOT to listen to the local socket. This is most helpful when multiple instances of rsyslogd (or rsyslogd and another syslogd) shall run on a single system. - added new option "-i " which allows to specify the pidfile. This is needed when multiple instances of rsyslogd are to be run. - the new project home page is now online at www.rsyslog.com --------------------------------------------------------------------------- Version 0.9.4 (RGer), 2005-07-25 - finally added the TCP sender. It now supports non-blocking mode, no longer disabling message reception during connect. As it is now, it is usable in production. The code could be more sophisticated, but I've kept it short in anticipation of the move to liblogging, which will lead to the removal of the code just written ;) - the "exiting on signal..." message still had the "syslogd" name in it. Changed this to "rsyslogd", as we do not have a large user base yet, this should pose no problem. - fixed "the semiconlon" bug. rsyslogd dumped core if a write-db action was specified but no semicolon was given after the password (an empty template was ok, but the semicolon needed to be present). - changed a default for traditional output format. During testing, it was seen that the timestamp written to file in default format was the time of message reception, not the time specified in the TIMESTAMP field of the message itself. Traditionally, the message TIMESTAMP is used and this has been changed now. --------------------------------------------------------------------------- Version 0.9.3 (RGer), 2005-07-19 - fixed a bug in the message parser. In June, the RFC 3164 timestamp was not correctly parsed (yes, only in June and some other months, see the code comment to learn why...) - added the ability to specify the destination port when forwarding syslog messages (both for TCP and UDP) - added an very experimental TCP sender (activated by @@machine:port in config). This is not yet for production use. If the receiver is not alive, rsyslogd will wait quite some time until the connection request times out, which most probably leads to loss of incoming messages. --------------------------------------------------------------------------- Version 0.9.2 (RGer), around 2005-07-06 - I intended to change the maxsupported message size to 32k to support IHE - but given the memory inefficiency in the usual use cases, I have not done this. I have, however, included very specific instructions on how to do this in the source code. I have also done some testing with 32k messages, so you can change the max size without taking too much risk. - added a syslog/tcp receiver; we now can receive messages via plain tcp, but we can still send only via UDP. The syslog/tcp receiver is the primary enhancement of this release. - slightly changed some error messages that contained a spurios \n at the end of the line (which gives empty lines in your log...) --------------------------------------------------------------------------- Version 0.9.1 (RGer) - fixed code so that it compiles without errors under FreeBSD - removed now unused function "allocate_log()" from syslogd.c - changed the make file so that it contains more defines for different environments (in the long term, we need a better system for disabling/enabling features...) - changed some printf's printing off_t types to %lld and explicit (long long) casts. I tried to figure out the exact type, but did not succeed in this. In the worst case, ultra-large peta- byte files will now display funny informational messages on rollover, something I think we can live with for the neersion 3.11.2 (rgerhards), 2008-02-?? --------------------------------------------------------------------------- Version 3.11.1 (rgerhards), 2008-02-12 - SNMP trap sender added thanks to Andre Lorbach (omsnmp) - added input-plugin interface specification in form of a (copy) template input module - applied documentation fix by Michael Biebl -- many thanks! - bugfix: immark did not have MARK flags set... - added x-info field to rsyslogd startup/shutdown message. Hopefully points users to right location for further info (many don't even know they run rsyslog ;)) - bugfix: trailing ":" of tag was lost while parsing legacy syslog messages without timestamp - thanks to Anders Blomdell for providing a patch! - fixed a bug in stringbuf.c related to STRINGBUF_TRIM_ALLOCSIZE, which wasn't supposed to be used with rsyslog. Put a warning message up that tells this feature is not tested and probably not worth the effort. Thanks to Anders Blomdell fro bringing this to our attention - somewhat improved performance of string buffers - fixed bug that caused invalid treatment of tabs (HT) in rsyslog.conf - bugfix: setting for $EscapeCopntrolCharactersOnReceive was not properly initialized - clarified usage of space-cc property replacer option - improved abort diagnostic handler - some initial effort for malloc/free runtime debugging support - bugfix: using dynafile actions caused rsyslogd abort - fixed minor man errors thanks to Michael Biebl --------------------------------------------------------------------------- Version 3.11.0 (rgerhards), 2008-01-31 - implemented queued actions - implemented simple rate limiting for actions - implemented deliberate discarding of lower priority messages over higher priority ones when a queue runs out of space - implemented disk quotas for disk queues - implemented the $ActionResumeRetryCount config directive - added $ActionQueueFilename config directive - added $ActionQueueSize config directive - added $ActionQueueHighWaterMark config directive - added $ActionQueueLowWaterMark config directive - added $ActionQueueDiscardMark config directive - added $ActionQueueDiscardSeverity config directive - added $ActionQueueCheckpointInterval config directive - added $ActionQueueType config directive - added $ActionQueueWorkerThreads config directive - added $ActionQueueTimeoutshutdown config directive - added $ActionQueueTimeoutActionCompletion config directive - added $ActionQueueTimeoutenQueue config directive - added $ActionQueueTimeoutworkerThreadShutdown config directive - added $ActionQueueWorkerThreadMinimumMessages config directive - added $ActionQueueMaxFileSize config directive - added $ActionQueueSaveonShutdown config directive - addded $ActionQueueDequeueSlowdown config directive - addded $MainMsgQueueDequeueSlowdown config directive - bugfix: added forgotten docs to package - improved debugging support - fixed a bug that caused $MainMsgQueueCheckpointInterval to work incorrectly - when a long-running action needs to be cancelled on shutdown, the message that was processed by it is now preserved. This finishes support for guaranteed delivery of messages (if the output supports it, of course) - fixed bug in output module interface, see http://sourceforge.net/tracker/index.php?func=detail&aid=1881008&group_id=123448&atid=696552 - changed the ommysql output plugin so that the (lengthy) connection initialization now takes place in message processing. This works much better with the new queued action mode (fast startup) - fixed a bug that caused a potential hang in file and fwd output module varmojfekoj provided the patch - many thanks! - bugfixed stream class offset handling on 32bit platforms --------------------------------------------------------------------------- Version 3.10.3 (rgerhards), 2008-01-28 - fixed a bug with standard template definitions (not a big deal) - thanks to varmojfekoj for spotting it - run-time instrumentation added - implemented disk-assisted queue mode, which enables on-demand disk spooling if the queue's in-memory queue is exhausted - implemented a dynamic worker thread pool for processing incoming messages; workers are started and shut down as need arises - implemented a run-time instrumentation debug package - implemented the $MainMsgQueueSaveOnShutdown config directive - implemented the $MainMsgQueueWorkerThreadMinimumMessages config directive - implemented the $MainMsgQueueTimeoutWorkerThreadShutdown config directive --------------------------------------------------------------------------- Version 3.10.2 (rgerhards), 2008-01-14 - added the ability to keep stop rsyslogd without the need to drain the main message queue. In disk queue mode, rsyslog continues to run from the point where it stopped. In case of a system failure, it continues to process messages from the last checkpoint. - fixed a bug that caused a segfault on startup when no $WorkDir directive was specified in rsyslog.conf - provided more fine-grain control over shutdown timeouts and added a way to specify the enqueue timeout when the main message queue is full - implemented $MainMsgQueueCheckpointInterval config directive - implemented $MainMsgQueueTimeoutActionCompletion config directive - implemented $MainMsgQueueTimeoutEnqueue config directive - implemented $MainMsgQueueTimeoutShutdown config directive --------------------------------------------------------------------------- Version 3.10.1 (rgerhards), 2008-01-10 - implemented the "disk" queue mode. However, it currently is of very limited use, because it does not support persistence over rsyslogd runs. So when rsyslogd is stopped, the queue is drained just as with the in-memory queue modes. Persistent queues will be a feature of the next release. - performance-optimized string class, should bring an overall improvement - fixed a memory leak in imudp -- thanks to varmojfekoj for the patch - fixed a race condition that could lead to a rsyslogd hang when during HUP or termination - done some doc updates - added $WorkDirectory config directive - added $MainMsgQueueFileName config directive - added $MainMsgQueueMaxFileSize config directive --------------------------------------------------------------------------- Version 3.10.0 (rgerhards), 2008-01-07 - implemented input module interface and initial input modules - enhanced threading for input modules (each on its own thread now) - ability to bind UDP listeners to specific local interfaces/ports and ability to run multiple of them concurrently - added ability to specify listen IP address for UDP syslog server - license changed to GPLv3 - mark messages are now provided by loadble module immark - rklogd is no longer provided. Its functionality has now been taken over by imklog, a loadable input module. This offers a much better integration into rsyslogd and makes sure that the kernel logger process is brought up and down at the appropriate times - enhanced $IncludeConfig directive to support wildcard characters (thanks to Michael Biebl) - all inputs are now implemented as loadable plugins - enhanced threading model: each input module now runs on its own thread - enhanced message queue which now supports different queueing methods (among others, this can be used for performance fine-tuning) - added a large number of new configuration directives for the new input modules - enhanced multi-threading utilizing a worker thread pool for the main message queue - compilation without pthreads is no longer supported - much cleaner code due to new objects and removal of single-threading mode --------------------------------------------------------------------------- Version 2.0.1 STABLE (rgerhards), 2008-01-24 - fixed a bug in integer conversion - but this function was never called, so it is not really a useful bug fix ;) - fixed a bug with standard template definitions (not a big deal) - thanks to varmojfekoj for spotting it - fixed a bug that caused a potential hang in file and fwd output module varmojfekoj provided the patch - many thanks! --------------------------------------------------------------------------- Version 2.0.0 STABLE (rgerhards), 2008-01-02 - re-release of 1.21.2 as STABLE with no modifications except some doc updates --------------------------------------------------------------------------- Version 1.21.2 (rgerhards), 2007-12-28 - created a gss-api output module. This keeps GSS-API code and TCP/UDP code separated. It is also important for forward- compatibility with v3. Please note that this change breaks compatibility with config files created for 1.21.0 and 1.21.1 - this was considered acceptable. - fixed an error in forwarding retry code (could lead to message corruption but surfaced very seldom) - increased portability for older platforms (AI_NUMERICSERV moved) - removed socket leak in omfwd.c - cross-platform patch for GSS-API compile problem on some platforms thanks to darix for the patch! --------------------------------------------------------------------------- Version 1.21.1 (rgerhards), 2007-12-23 - small doc fix for $IncludeConfig - fixed a bug in llDestroy() - bugfix: fixing memory leak when message queue is full and during parsing. Thanks to varmojfekoj for the patch. - bugfix: when compiled without network support, unix sockets were not properply closed - bugfix: memory leak in cfsysline.c/doGetWord() fixed --------------------------------------------------------------------------- Version 1.21.0 (rgerhards), 2007-12-19 - GSS-API support for syslog/TCP connections was added. Thanks to varmojfekoj for providing the patch with this functionality - code cleanup - enhanced $IncludeConfig directive to support wildcard filenames - changed some multithreading synchronization --------------------------------------------------------------------------- Version 1.20.1 (rgerhards), 2007-12-12 - corrected a debug setting that survived release. Caused TCP connections to be retried unnecessarily often. - When a hostname ACL was provided and DNS resolution for that name failed, ACL processing was stopped at that point. Thanks to mildew for the patch. Fedora Bugzilla: http://bugzilla.redhat.com/show_bug.cgi?id=395911 - fixed a potential race condition, see link for details: http://rgerhards.blogspot.com/2007/12/rsyslog-race-condition.html Note that the probability of problems from this bug was very remote - fixed a memory leak that happend when PostgreSQL date formats were used --------------------------------------------------------------------------- Version 1.20.0 (rgerhards), 2007-12-07 - an output module for postgres databases has been added. Thanks to sur5r for contributing this code - unloading dynamic modules has been cleaned up, we now have a real implementation and not just a dummy "good enough for the time being". - enhanced platform independence - thanks to Bartosz Kuzma and Michael Biebl for their very useful contributions - some general code cleanup (including warnings on 64 platforms, only) --------------------------------------------------------------------------- Version 1.19.12 (rgerhards), 2007-12-03 - cleaned up the build system (thanks to Michael Biebl for the patch) - fixed a bug where ommysql was still not compiled with -pthread option --------------------------------------------------------------------------- Version 1.19.11 (rgerhards), 2007-11-29 - applied -pthread option to build when building for multi-threading mode hopefully solves an issue with segfaulting --------------------------------------------------------------------------- Version 1.19.10 (rgerhards), 2007-10-19 - introdcued the new ":modulename:" syntax for calling module actions in selector lines; modified ommysql to support it. This is primarily an aid for further modules and a prequisite to actually allow third party modules to be created. - minor fix in slackware startup script, "-r 0" is now "-r0" - updated rsyslogd doc set man page; now in html format - undid creation of a separate thread for the main loop -- this did not turn out to be needed or useful, so reduce complexity once again. - added doc fixes provided by Michael Biebl - thanks --------------------------------------------------------------------------- Version 1.19.9 (rgerhards), 2007-10-12 - now packaging system which again contains all components in a single tarball - modularized main() a bit more, resulting in less complex code - experimentally added an additional thread - will see if that affects the segfault bug we experience on some platforms. Note that this change is scheduled to be removed again later. --------------------------------------------------------------------------- Version 1.19.8 (rgerhards), 2007-09-27 - improved repeated message processing - applied patch provided by varmojfekoj to support building ommysql in its own way (now also resides in a plugin subdirectory); ommysql is now a separate package - fixed a bug in cvthname() that lead to message loss if part of the source hostname would have been dropped - created some support for distributing ommysql together with the main rsyslog package. I need to re-think it in the future, but for the time being the current mode is best. I now simply include one additional tarball for ommysql inside the main distribution. I look forward to user feedback on how this should be done best. In the long term, a separate project should be spawend for ommysql, but I'd like to do that only after the plugin interface is fully stable (what it is not yet). --------------------------------------------------------------------------- Version 1.19.7 (rgerhards), 2007-09-25 - added code to handle situations where senders send us messages ending with a NUL character. It is now simply removed. This also caused trailing LF reduction to fail, when it was followed by such a NUL. This is now also handled. - replaced some non-thread-safe function calls by their thread-safe counterparts - fixed a minor memory leak that occured when the %APPNAME% property was used (I think nobody used that in practice) - fixed a bug that caused signal handlers in cvthname() not to be restored when a malicious pointer record was detected and processing of the message been stopped for that reason (this should be really rare and can not be related to the segfault bug we are hunting). - fixed a bug in cvthname that lead to passing a wrong parameter - in practice, this had no impact. - general code cleanup (e.g. compiler warnings, comments) --------------------------------------------------------------------------- Version 1.19.6 (rgerhards), 2007-09-11 - applied patch by varmojfekoj to change signal handling to the new sigaction API set (replacing the depreciated signal() calls and its friends. - fixed a bug that in --enable-debug mode caused an assertion when the discard action was used - cleaned up compiler warnings - applied patch by varmojfekoj to FIX a bug that could cause segfaults if empty properties were processed using modifying options (e.g. space-cc, drop-cc) - fixed man bug: rsyslogd supports -l option --------------------------------------------------------------------------- Version 1.19.5 (rgerhards), 2007-09-07 - changed part of the CStr interface so that better error tracking is provided and the calling sequence is more intuitive (there were invalid calls based on a too-weired interface) - (hopefully) fixed some remaining bugs rooted in wrong use of the CStr class. These could lead to program abort. - applied patch by varmojfekoj two fix two potential segfault situations - added $ModDir config directive - modified $ModLoad so that an absolute path may be specified as module name (e.g. /rsyslog/ommysql.so) --------------------------------------------------------------------------- Version 1.19.4 (rgerhards/varmojfekoj), 2007-09-04 - fixed a number of small memory leaks - thanks varmojfekoj for patching - fixed an issue with CString class that could lead to rsyslog abort in tplToString() - thanks varmojfekoj for patching - added a man-version of the config file documenation - thanks to Michel Samia for providing the man file - fixed bug: a template like this causes an infinite loop: $template opts,"%programname:::a,b%" thanks varmojfekoj for the patch - fixed bug: case changing options crash freeing the string pointer because they modify it: $template opts2,"%programname::1:lowercase%" thanks varmojfekoj for the patch --------------------------------------------------------------------------- Version 1.19.3 (mmeckelein/varmojfekoj), 2007-08-31 - small mem leak fixed (after calling parseSelectorAct) - Thx varmojkekoj - documentation section "Regular File" und "Blocks" updated - solved an issue with dynamic file generation - Once again many thanks to varmojfekoj - the negative selector for program name filter (Blocks) does not work as expected - Thanks varmojfekoj for patching - added forwarding information to sysklogd (requires special template) to config doc --------------------------------------------------------------------------- Version 1.19.2 (mmeckelein/varmojfekoj), 2007-08-28 - a specifically formed message caused a segfault - Many thanks varmojfekoj for providing a patch - a typo and a weird condition are fixed in msg.c - Thanks again varmojfekoj - on file creation the file was always owned by root:root. This is fixed now - Thanks ypsa for solving this issue --------------------------------------------------------------------------- Version 1.19.1 (mmeckelein), 2007-08-22 - a bug that caused a high load when a TCP/UDP connection was closed is fixed now - Thanks mildew for solving this issue - fixed a bug which caused a segfault on reinit - Thx varmojfekoj for the patch - changed the hardcoded module path "/lib/rsyslog" to $(pkglibdir) in order to avoid trouble e.g. on 64 bit platforms (/lib64) - many thanks Peter Vrabec and darix, both provided a patch for solving this issue - enhanced the unloading of modules - thanks again varmojfekoj - applied a patch from varmojfekoj which fixes various little things in MySQL output module --------------------------------------------------------------------------- Version 1.19.0 (varmojfekoj/rgerhards), 2007-08-16 - integrated patch from varmojfekoj to make the mysql module a loadable one many thanks for the patch, MUCH appreciated --------------------------------------------------------------------------- Version 1.18.2 (rgerhards), 2007-08-13 - fixed a bug in outchannel code that caused templates to be incorrectly parsed - fixed a bug in ommysql that caused a wrong ";template" missing message - added some code for unloading modules; not yet fully complete (and we do not yet have loadable modules, so this is no problem) - removed debian subdirectory by request of a debian packager (this is a special subdir for debian and there is also no point in maintaining it when there is a debian package available - so I gladly did this) in some cases - improved overall doc quality (some pages were quite old) and linked to more of the online resources. - improved /contrib/delete_mysql script by adding a host option and some other minor modifications --------------------------------------------------------------------------- Version 1.18.1 (rgerhards), 2007-08-08 - applied a patch from varmojfekoj which solved a potential segfault of rsyslogd on HUP - applied patch from Michel Samia to fix compilation when the pthreads feature is disabled - some code cleanup (moved action object to its own file set) - add config directive $MainMsgQueueSize, which now allows to configure the queue size dynamically - all compile-time settings are now shown in rsyslogd -v, not just the active ones - enhanced performance a little bit more - added config file directive $ActionResumeInterval - fixed a bug that prevented compilation under debian sid - added a contrib directory for user-contributed useful things --------------------------------------------------------------------------- Version 1.18.0 (rgerhards), 2007-08-03 - rsyslog now supports fallback actions when an action did not work. This is a great feature e.g. for backup database servers or backup syslog servers - modified rklogd to only change the console log level if -c is specified - added feature to use multiple actions inside a single selector - implemented $ActionExecOnlyWhenPreviousIsSuspended config directive - error messages during startup are now spit out to the configured log destinations --------------------------------------------------------------------------- Version 1.17.6 (rgerhards), 2007-08-01 - continued to work on output module modularization - basic stage of this work is now FINISHED - fixed bug in OMSRcreate() - always returned SR_RET_OK - fixed a bug that caused ommysql to always complain about missing templates - fixed a mem leak in OMSRdestruct - freeing the object itself was forgotten - thanks to varmojfekoj for the patch - fixed a memory leak in syslogd/init() that happend when the config file could not be read - thanks to varmojfekoj for the patch - fixed insufficient memory allocation in addAction() and its helpers. The initial fix and idea was developed by mildew, I fine-tuned it a bit. Thanks a lot for the fix, I'd probably had pulled out my hair to find the bug... - added output of config file line number when a parsing error occured - fixed bug in objomsr.c that caused program to abort in debug mode with an invalid assertion (in some cases) - fixed a typo that caused the default template for MySQL to be wrong. thanks to mildew for catching this. - added configuration file command $DebugPrintModuleList and $DebugPrintCfSysLineHandlerList - fixed an invalid value for the MARK timer - unfortunately, there was a testing aid left in place. This resulted in quite frequent MARK messages - added $IncludeConfig config directive - applied a patch from mildew to prevent rsyslogd from freezing under heavy load. This could happen when the queue was full. Now, we drop messages but rsyslogd remains active. --------------------------------------------------------------------------- Version 1.17.5 (rgerhards), 2007-07-30 - continued to work on output module modularization - fixed a missing file bug - thanks to Andrea Montanari for reporting this problem - fixed a problem with shutting down the worker thread and freeing the selector_t list - this caused messages to be lost, because the message queue was not properly drained before the selectors got destroyed. --------------------------------------------------------------------------- Version 1.17.4 (rgerhards), 2007-07-27 - continued to work on output module modularization - fixed a situation where rsyslogd could create zombie processes thanks to mildew for the patch - applied patch from Michel Samia to fix compilation when NOT compiled for pthreads --------------------------------------------------------------------------- Version 1.17.3 (rgerhards), 2007-07-25 - continued working on output module modularization - fixed a bug that caused rsyslogd to segfault on exit (and probably also on HUP), when there was an unsent message in a selector that required forwarding and the dns lookup failed for that selector (yes, it was pretty unlikely to happen;)) thanks to varmojfekoj for the patch - fixed a memory leak in config file parsing and die() thanks to varmojfekoj for the patch - rsyslogd now checks on startup if it is capable to performa any work at all. If it cant, it complains and terminates thanks to Michel Samia for providing the patch! - fixed a small memory leak when HUPing syslogd. The allowed sender list now gets freed. thanks to mildew for the patch. - changed the way error messages in early startup are logged. They now do no longer use the syslogd code directly but are rather send to stderr. --------------------------------------------------------------------------- Version 1.17.2 (rgerhards), 2007-07-23 - made the port part of the -r option optional. Needed for backward compatibility with sysklogd - replaced system() calls with something more reasonable. Please note that this might break compatibility with some existing configuration files. We accept this in favour of the gained security. - removed a memory leak that could occur if timegenerated was used in RFC 3164 format in templates - did some preparation in msg.c for advanced multithreading - placed the hooks, but not yet any active code - worked further on modularization - added $ModLoad MySQL (dummy) config directive - added DropTrailingLFOnReception config directive --------------------------------------------------------------------------- Version 1.17.1 (rgerhards), 2007-07-20 - fixed a bug that caused make install to install rsyslogd and rklogd under the wrong names - fixed bug that caused $AllowedSenders to handle IPv6 scopes incorrectly; also fixed but that could grabble $AllowedSender wildcards. Thanks to mildew@gmail.com for the patch - minor code cleanup - thanks to Peter Vrabec for the patch - fixed minimal memory leak on HUP (caused by templates) thanks to varmojfekoj for the patch - fixed another memory leak on HUPing and on exiting rsyslogd again thanks to varmojfekoj for the patch - code cleanup (removed compiler warnings) - fixed portability bug in configure.ac - thanks to Bartosz Kuźma for patch - moved msg object into its own file set - added the capability to continue trying to write log files when the file system is full. Functionality based on patch by Martin Schulze to sysklogd package. --------------------------------------------------------------------------- Version 1.17.0 (RGer), 2007-07-17 - added $RepeatedLineReduction config parameter - added $EscapeControlCharactersOnReceive config parameter - added $ControlCharacterEscapePrefix config parameter - added $DirCreateMode config parameter - added $CreateDirs config parameter - added $DebugPrintTemplateList config parameter - added $ResetConfigVariables config parameter - added $FileOwner config parameter - added $FileGroup config parameter - added $DirOwner config parameter - added $DirGroup config parameter - added $FailOnChownFailure config parameter - added regular expression support to the filter engine thanks to Michel Samia for providing the patch! - enhanced $AllowedSender functionality. Credits to mildew@gmail.com for the patch doing that - added IPv6 support - allowed DNS hostnames - allowed DNS wildcard names - added new option $DropMsgsWithMaliciousDnsPTRRecords - added autoconf so that rfc3195d, rsyslogd and klogd are stored to /sbin - added capability to auto-create directories with dynaFiles --------------------------------------------------------------------------- Version 1.16.0 (RGer/Peter Vrabec), 2007-07-13 - The Friday, 13th Release ;) - build system switched to autotools - removed SYSV preprocessor macro use, replaced with autotools equivalents - fixed a bug that caused rsyslogd to segfault when TCP listening was disabled and it terminated - added new properties "syslogfacility-text" and "syslogseverity-text" thanks to varmojfekoj for the patch - added the -x option to disable hostname dns reslution thanks to varmojfekoj for the patch - begun to better modularize syslogd.c - this is an ongoing project; moved type definitions to a separate file - removed some now-unused fields from struct filed - move file size limit fields in struct field to the "right spot" (the file writing part of the union - f_un.f_file) - subdirectories linux and solaris are no longer part of the distribution package. This is not because we cease support for them, but there are no longer any files in them after the move to autotools --------------------------------------------------------------------------- Version 1.15.1 (RGer), 2007-07-10 - fixed a bug that caused a dynaFile selector to stall when there was an open error with one file - improved template processing for dynaFiles; templates are now only looked up during initialization - speeds up processing - optimized memory layout in struct filed when compiled with MySQL support - fixed a bug that caused compilation without SYSLOG_INET to fail - re-enabled the "last message repeated n times" feature. This feature was not taken care of while rsyslogd evolved from sysklogd and it was more or less defunct. Now it is fully functional again. - added system properties: $NOW, $YEAR, $MONTH, $DAY, $HOUR, $MINUTE - fixed a bug in iovAsString() that caused a memory leak under stress conditions (most probably memory shortage). This was unlikely to ever happen, but it doesn't hurt doing it right - cosmetic: defined type "uchar", change all unsigned chars to uchar --------------------------------------------------------------------------- Version 1.15.0 (RGer), 2007-07-05 - added ability to dynamically generate file names based on templates and thus properties. This was a much-requested feature. It makes life easy when it e.g. comes to splitting files based on the sender address. - added $umask and $FileCreateMode config file directives - applied a patch from Bartosz Kuzma to compile cleanly under NetBSD - checks for extra (unexpected) characters in system config file lines have been added - added IPv6 documentation - was accidently missing from CVS - begun to change char to unsigned char --------------------------------------------------------------------------- Version 1.14.2 (RGer), 2007-07-03 ** this release fixes all known nits with IPv6 ** - restored capability to do /etc/service lookup for "syslog" service when -r 0 was given - documented IPv6 handling of syslog messages - integrate patch from Bartosz Kuźma to make rsyslog compile under Solaris again (the patch replaced a strndup() call, which is not available under Solaris - improved debug logging when waiting on select - updated rsyslogd man page with new options (-46A) --------------------------------------------------------------------------- Version 1.14.1 (RGer/Peter Vrabec), 2007-06-29 - added Peter Vrabec's patch for IPv6 TCP - prefixed all messages send to stderr in rsyslogd with "rsyslogd: " --------------------------------------------------------------------------- Version 1.14.0 (RGer/Peter Vrabec), 2007-06-28 - Peter Vrabec provided IPv6 for rsyslog, so we are now IPv6 enabled IPv6 Support is currently for UDP only, TCP is to come soon. AllowedSender configuration does not yet work for IPv6. - fixed code in iovCreate() that broke C's strict aliasing rules - fixed some char/unsigned char differences that forced the compiler to spit out warning messages - updated the Red Hat init script to fix a known issue (thanks to Peter Vrabec) --------------------------------------------------------------------------- Version 1.13.5 (RGer), 2007-06-22 - made the TCP session limit configurable via command line switch now -t , - added man page for rklogd(8) (basically a copy from klogd, but now there is one...) - fixed a bug that caused internal messages (e.g. rsyslogd startup) to appear without a tag. - removed a minor memory leak that occurred when TAG processing requalified a HOSTNAME to be a TAG (and a TAG already was set). - removed potential small memory leaks in MsgSet***() functions. There would be a leak if a property was re-set, something that happened extremely seldom. --------------------------------------------------------------------------- Version 1.13.4 (RGer), 2007-06-18 - added a new property "PRI-text", which holds the PRI field in textual form (e.g. "syslog.info") - added alias "syslogseverity" for "syslogpriority", which is a misleading property name that needs to stay for historical reasons (and backward-compatility) - added doc on how to record PRI value in log file - enhanced signal handling in klogd, including removal of an unsafe call to the logging system during signal handling --------------------------------------------------------------------------- Version 1.13.3 (RGer), 2007-06-15 - create a version of syslog.c from scratch. This is now - highly optimized for rsyslog - removes an incompatible license problem as the original version had a BSD license with advertising clause - fixed in the regard that rklogd will continue to work when rsysogd has been restarted (the original version, as well as sysklogd, will remain silent then) - solved an issue with an extra NUL char at message end that the original version had - applied some changes to klogd to care for the new interface - fixed a bug in syslogd.c which prevented compiling under debian --------------------------------------------------------------------------- Version 1.13.2 (RGer), 2007-06-13 - lib order in makefile patched to facilitate static linking - thanks to Bennett Todd for providing the patch - Integrated a patch from Peter Vrabec (pvrabec@redheat.com): - added klogd under the name of rklogd (remove dependency on original sysklogd package - createDB.sql now in UTF - added additional config files for use on Red Hat --------------------------------------------------------------------------- Version 1.13.1 (RGer), 2007-02-05 - changed the listen backlog limit to a more reasonable value based on the maximum number of TCP connections configurd (10% + 5) - thanks to Guy Standen for the hint (actually, the limit was 5 and that was a left-over from early testing). - fixed a bug in makefile which caused DB-support to be disabled when NETZIP support was enabled - added the -e option to allow transmission of every message to remote hosts (effectively turns off duplicate message suppression) - (somewhat) improved memory consumption when compiled with MySQL support - looks like we fixed an incompatibility with MySQL 5.x and above software At least in one case, the remote server name was destroyed, leading to a connection failure. The new, improved code does not have this issue and so we see this as solved (the new code is generally somewhat better, so there is a good chance we fixed this incompatibility). --------------------------------------------------------------------------- Version 1.13.0 (RGer), 2006-12-19 - added '$' as ToPos proptery replacer specifier - means "up to the end of the string" - property replacer option "escape-cc", "drop-cc" and "space-cc" added - changed the handling of \0 characters inside syslog messages. We now consistently escape them to "#000". This is somewhat recommended in the draft-ietf-syslog-protocol-19 draft. While the real recomendation is to not escape any characters at all, we can not do this without considerable modification of the code. So we escape it to "#000", which is consistent with a sample found in the Internet-draft. - removed message glue logic (see printchopped() comment for details) Also caused removal of parts table and thus some improvements in memory usage. - changed the default MAXLINE to 2048 to take care of recent syslog standardization efforts (can easily be changed in syslogd.c) - added support for byte-counted TCP syslog messages (much like syslog-transport-tls-05 Internet Draft). This was necessary to support compression over TCP. - added support for receiving compressed syslog messages - added support for sending compressed syslog messages - fixed a bug where the last message in a syslog/tcp stream was lost if it was not properly terminated by a LF character --------------------------------------------------------------------------- Version 1.12.3 (RGer), 2006-10-04 - implemented some changes to support Solaris (but support is not yet complete) - commented out (via #if 0) some methods that are currently not being use but should be kept for further us - added (interim) -u 1 option to turn off hostname and tag parsing - done some modifications to better support Fedora - made the field delimiter inside property replace configurable via template - fixed a bug in property replacer: if fields were used, the delimitor became part of the field. Up until now, this was barely noticable as the delimiter as TAB only and thus invisible to a human. With other delimiters available now, it quickly showed up. This bug fix might cause some grief to existing installations if they used the extra TAB for whatever reasons - sorry folks... Anyhow, a solution is easy: just add a TAB character contstant into your template. Thus, there has no attempt been made to do this in a backwards-compatible way. --------------------------------------------------------------------------- Version 1.12.2 (RGer), 2006-02-15 - fixed a bug in the RFC 3339 date formatter. An extra space was added after the actual timestamp - added support for providing high-precision RFC3339 timestamps for (rsyslogd-)internally-generated messages - very (!) experimental support for syslog-protocol internet draft added (the draft is experimental, the code is solid ;)) - added support for field-extracting in the property replacer - enhanced the legacy-syslog parser so that it can interpret messages that do not contain a TIMESTAMP - fixed a bug that caused the default socket (usually /dev/log) to be opened even when -o command line option was given - fixed a bug in the Debian sample startup script - it caused rsyslogd to listen to remote requests, which it shouldn't by default --------------------------------------------------------------------------- Version 1.12.1 (RGer), 2005-11-23 - made multithreading work with BSD. Some signal-handling needed to be restructured. Also, there might be a slight delay of up to 10 seconds when huping and terminating rsyslogd under BSD - fixed a bug where a NULL-pointer was passed to printf() in logmsg(). - fixed a bug during "make install" where rc3195d was not installed Thanks to Bennett Todd for spotting this. - fixed a bug where rsyslogd dumped core when no TAG was found in the received message - enhanced message parser so that it can deal with missing hostnames in many cases (may not be totally fail-safe) - fixed a bug where internally-generated messages did not have the correct TAG --------------------------------------------------------------------------- Version 1.12.0 (RGer), 2005-10-26 - moved to a multi-threaded design. single-threading is still optionally available. Multi-threading is experimental! - fixed a potential race condition. In the original code, marking was done by an alarm handler, which could lead to all sorts of bad things. This has been changed now. See comments in syslogd.c/domark() for details. - improved debug output for property-based filters - not a code change, but: I have checked all exit()s to make sure that none occurs once rsyslogd has started up. Even in unusual conditions (like low-memory conditions) rsyslogd somehow remains active. Of course, it might loose a message or two, but at least it does not abort and it can also recover when the condition no longer persists. - fixed a bug that could cause loss of the last message received immediately before rsyslogd was terminated. - added comments on thread-safety of global variables in syslogd.c - fixed a small bug: spurios printf() when TCP syslog was used - fixed a bug that causes rsyslogd to dump core on termination when one of the selector lines did not receive a message during the run (very unlikely) - fixed an one-too-low memory allocation in the TCP sender. Could result in rsyslogd dumping core. - fixed a bug with regular expression support (thanks to Andres Riancho) - a little bit of code restructuring (especially main(), which was horribly large) --------------------------------------------------------------------------- Version 1.11.1 (RGer), 2005-10-19 - support for BSD-style program name and host blocks - added a new property "programname" that can be used in templates - added ability to specify listen port for rfc3195d - fixed a bug that rendered the "startswith" comparison operation unusable. - changed more functions to "static" storage class to help compiler optimize (should have been static in the first place...) - fixed a potential memory leak in the string buffer class destructor. As the destructur was previously never called, the leak did not actually appear. - some internal restructuring in anticipation/preparation of minimal multi-threading support - rsyslogd still shares some code with the sysklogd project. Some patches for this shared code have been brought over from the sysklogd CVS. --------------------------------------------------------------------------- Version 1.11.0 (RGer), 2005-10-12 - support for receiving messages via RFC 3195; added rfc3195d for that purpose - added an additional guard to prevent rsyslogd from aborting when the 2gb file size limit is hit. While a user can configure rsyslogd to handle such situations, it would abort if that was not done AND large file support was not enabled (ok, this is hopefully an unlikely scenario) - fixed a bug that caused additional Unix domain sockets to be incorrectly processed - could lead to message loss in extreme cases --------------------------------------------------------------------------- Version 1.10.2 (RGer), 2005-09-27 - added comparison operations in property-based filters: * isequal * startswith - added ability to negate all property-based filter comparison operations by adding a !-sign right in front of the operation name - added the ability to specify remote senders for UDP and TCP received messages. Allows to block all but well-known hosts - changed the $-config line directives to be case-INsensitive - new command line option -w added: "do not display warnings if messages from disallowed senders are received" - fixed a bug that caused rsyslogd to dump core when the compare value was not quoted in property-based filters - fixed a bug in the new CStr compare function which lead to invalid results (fortunately, this function was not yet used widely) - added better support for "debugging" rsyslog.conf property filters (only if -d switch is given) - changed some function definitions to static, which eventually enables some compiler optimizations - fixed a bug in MySQL code; when a SQL error occured, rsyslogd could run in a tight loop. This was due to invalid sequence of error reporting and is now fixed. --------------------------------------------------------------------------- Version 1.10.1 (RGer), 2005-09-23 - added the ability to execute a shell script as an action. Thanks to Bjoern Kalkbrenner for providing the code! - fixed a bug in the MySQL code; due to the bug the automatic one-time retry after an error did not happen - this lead to error message in cases where none should be seen (e.g. after a MySQL restart) - fixed a security issue with SQL-escaping in conjunction with non-(SQL-)standard MySQL features. --------------------------------------------------------------------------- Version 1.10.0 (RGer), 2005-09-20 REMINDER: 1.10 is the first unstable version if the 1.x series! - added the capability to filter on any property in selector lines (not just facility and priority) - changed stringbuf into a new counted string class - added support for a "discard" action. If a selector line with discard (~ character) is found, no selector lines *after* that line will be processed. - thanks to Andres Riancho, regular expression support has been added to the template engine - added the FROMHOST property in the template processor, which could previously not be obtained. Thanks to Cristian Testa for pointing this out and even providing a fix. - added display of compile-time options to -v output - performance improvement for production build - made some checks to happen only during debug mode - fixed a problem with compiling on SUSE and - while doing so - removed the socket call to set SO_BSDCOMPAT in cases where it is obsolete. --------------------------------------------------------------------------- Version 1.0.4 (RGer), 2006-02-01 - a small but important fix: the tcp receiver had two forgotten printf's in it that caused a lot of unnecessary output to stdout. This was important enough to justify a new release --------------------------------------------------------------------------- Version 1.0.3 (RGer), 2005-11-14 - added an additional guard to prevent rsyslogd from aborting when the 2gb file size limit is hit. While a user can configure rsyslogd to handle such situations, it would abort if that was not done AND large file support was not enabled (ok, this is hopefully an unlikely scenario) - fixed a bug that caused additional Unix domain sockets to be incorrectly processed - could lead to message loss in extreme cases - applied some patches available from the sysklogd project to code shared from there - fixed a bug that causes rsyslogd to dump core on termination when one of the selector lines did not receive a message during the run (very unlikely) - fixed an one-too-low memory allocation in the TCP sender. Could result in rsyslogd dumping core. - fixed a bug in the TCP sender that caused the retry logic to fail after an error or receiver overrun - fixed a bug in init() that could lead to dumping core - fixed a bug that could lead to dumping core when no HOSTNAME or no TAG was present in the syslog message --------------------------------------------------------------------------- Version 1.0.2 (RGer), 2005-10-05 - fixed an issue with MySQL error reporting. When an error occured, the MySQL driver went into an endless loop (at least in most cases). --------------------------------------------------------------------------- Version 1.0.1 (RGer), 2005-09-23 - fixed a security issue with SQL-escaping in conjunction with non-(SQL-)standard MySQL features. --------------------------------------------------------------------------- Version 1.0.0 (RGer), 2005-09-12 - changed install doc to cover daily cron scripts - a trouble source - added rc script for slackware (provided by Chris Elvidge - thanks!) - fixed a really minor bug in usage() - the -r option was still reported as without the port parameter --------------------------------------------------------------------------- Version 0.9.8 (RGer), 2005-09-05 - made startup and shutdown message more consistent and included the pid, so that they can be easier correlated. Used syslog-protocol structured data format for this purpose. - improved config info in startup message, now tells not only if it is listening remote on udp, but also for tcp. Also includes the port numbers. The previous startup message was misleading, because it did not say "remote reception" if rsyslogd was only listening via tcp (but not via udp). - added a "how can you help" document to the doc set --------------------------------------------------------------------------- Version 0.9.7 (RGer), 2005-08-15 - some of the previous doc files (like INSTALL) did not properly reflect the changes to the build process and the new doc. Fixed that. - changed syslogd.c so that when compiled without database support, an error message is displayed when a database action is detected in the config file (previously this was used as an user rule ;)) - fixed a bug in the os-specific Makefiles which caused MySQL support to not be compiled, even if selected --------------------------------------------------------------------------- Version 0.9.6 (RGer), 2005-08-09 - greatly enhanced documentation. Now available in html format in the "doc" folder and FreeBSD. Finally includes an install howto. - improved MySQL error messages a little - they now show up as log messages, too (formerly only in debug mode) - added the ability to specify the listen port for udp syslog. WARNING: This introduces an incompatibility. Formerly, udp syslog was enabled by the -r command line option. Now, it is "-r [port]", which is consistent with the tcp listener. However, just -r will now return an error message. - added sample startup scripts for Debian and FreeBSD - added support for easy feature selection in the makefile. Un- fortunately, this also means I needed to spilt the make file for different OS and distros. There are some really bad syntax differences between FreeBSD and Linux make. --------------------------------------------------------------------------- Version 0.9.5 (RGer), 2005-08-01 - the "semicolon bug" was actually not (fully) solved in 0.9.4. One part of the bug was solved, but another still existed. This one is fixed now, too. - the "semicolon bug" actually turned out to be a more generic bug. It appeared whenever an invalid template name was given. With some selector actions, rsyslogd dumped core, with other it "just" had a small ressource leak with others all worked well. These anomalies are now fixed. Note that they only appeared during system initaliziation once the system was running, nothing bad happened. - improved error reporting for template errors on startup. They are now shown on the console and the start-up tty. Formerly, they were only visible in debug mode. - support for multiple instances of rsyslogd on a single machine added - added new option "-o" --> omit local unix domain socket. This option enables rsyslogd NOT to listen to the local socket. This is most helpful when multiple instances of rsyslogd (or rsyslogd and another syslogd) shall run on a single system. - added new option "-i " which allows to specify the pidfile. This is needed when multiple instances of rsyslogd are to be run. - the new project home page is now online at www.rsyslog.com --------------------------------------------------------------------------- Version 0.9.4 (RGer), 2005-07-25 - finally added the TCP sender. It now supports non-blocking mode, no longer disabling message reception during connect. As it is now, it is usable in production. The code could be more sophisticated, but I've kept it short in anticipation of the move to liblogging, which will lead to the removal of the code just written ;) - the "exiting on signal..." message still had the "syslogd" name in it. Changed this to "rsyslogd", as we do not have a large user base yet, this should pose no problem. - fixed "the semiconlon" bug. rsyslogd dumped core if a write-db action was specified but no semicolon was given after the password (an empty template was ok, but the semicolon needed to be present). - changed a default for traditional output format. During testing, it was seen that the timestamp written to file in default format was the time of message reception, not the time specified in the TIMESTAMP field of the message itself. Traditionally, the message TIMESTAMP is used and this has been changed now. --------------------------------------------------------------------------- Version 0.9.3 (RGer), 2005-07-19 - fixed a bug in the message parser. In June, the RFC 3164 timestamp was not correctly parsed (yes, only in June and some other months, see the code comment to learn why...) - added the ability to specify the destination port when forwarding syslog messages (both for TCP and UDP) - added an very experimental TCP sender (activated by @@machine:port in config). This is not yet for production use. If the receiver is not alive, rsyslogd will wait quite some time until the connection request times out, which most probably leads to loss of incoming messages. --------------------------------------------------------------------------- Version 0.9.2 (RGer), around 2005-07-06 - I intended to change the maxsupported message size to 32k to support IHE - but given the memory inefficiency in the usual use cases, I have not done this. I have, however, included very specific instructions on how to do this in the source code. I have also done some testing with 32k messages, so you can change the max size without taking too much risk. - added a syslog/tcp receiver; we now can receive messages via plain tcp, but we can still send only via UDP. The syslog/tcp receiver is the primary enhancement of this release. - slightly changed some error messages that contained a spurios \n at the end of the line (which gives empty lines in your log...) --------------------------------------------------------------------------- Version 0.9.1 (RGer) - fixed code so that it compiles without errors under FreeBSD - removed now unused function "allocate_log()" from syslogd.c - changed the make file so that it contains more defines for different environments (in the long term, we need a better system for disabling/enabling features...) - changed some printf's printing off_t types to %lld and explicit (long long) casts. I tried to figure out the exact type, but did not succeed in this. In the worst case, ultra-large peta- byte files will now display funny informational messages on rollover, something I think we can live with for the next 10 years or so... --------------------------------------------------------------------------- Version 0.9.0 (RGer) - changed the filed structure to be a linked list. Previously, it was a table - well, for non-SYSV it was defined as linked list, but from what I see that code did no longer work after my modifications. I am now using a linked list in general because that is needed for other upcoming modifications. - fixed a bug that caused rsyslogd not to listen to anything if the configuration file could not be read - pervious versions disabled network logging (send/receive) if syslog/udp port was not in /etc/services. Now defaulting to port 514 in this case. - internal error messages are now supported up to 256 bytes - error message seen during config file read are now also displayed to the attached tty and not only the console - changed some error messages during init to be sent to the console and/or emergency log. Previously, they were only seen if the -d (debug) option was present on the command line. - fixed the "2gb file issue on 32bit systems". If a file grew to more than 2gb, the syslogd was aborted with "file size exceeded". Now, defines have been added according to http://www.daimi.au.dk/~kasperd/comp.os.linux.development.faq.html#LARGEFILE Testing revealed that they work ;) HOWEVER, if your file system, glibc, kernel, whatever does not support files larger 2gb, you need to set a file size limit with the new output channel mechanism. - updated man pages to reflect the changes --------------------------------------------------------------------------- Version 0.8.4 - improved -d debug output (removed developer-only content) - now compiles under FreeBSD and NetBSD (only quick testing done on NetBSD) --------------------------------------------------------------------------- Version 0.8.3 - security model in "make install" changed - minor doc updates --------------------------------------------------------------------------- Version 0.8.2 - added man page for rsyslog.conf and rsyslogd - gave up on the concept of rsyslog being a "drop in" replacement for syslogd. Now, the user installs rsyslogd and also needs to adjust his system settings to this specifically. This also lead to these changes: * changed Makefile so that install now installs rsyslogd instead of dealing with syslogd * changed the default config file name to rsyslog.conf --------------------------------------------------------------------------- Version 0.8.1 - fixed a nasty memory leak (probably not the last one with this release) - some enhancements to Makefile as suggested by Bennett Todd - syslogd-internal messages (like restart) were missing the hostname this has been corrected --------------------------------------------------------------------------- Version 0.8.0 Initial testing release. Based on the sysklogd package. Thanks to the sysklogd maintainers for all their good work! --------------------------------------------------------------------------- ---------------------------------------------------------------------- The following comments were left in the syslogd source. While they provide not too much detail, the help to date when Rainer started work on the project (which was 2003, now even surprising for Rainer himself ;)). * \author Rainer Gerhards * \date 2003-10-17 * Some initial modifications on the sysklogd package to support * liblogging. These have actually not yet been merged to the * source you see currently (but they hopefully will) * * \date 2004-10-28 * Restarted the modifications of sysklogd. This time, we * focus on a simpler approach first. The initial goal is to * provide MySQL database support (so that syslogd can log * to the database). ---------------------------------------------------------------------- The following comments are from the stock syslogd.c source. They provide some insight into what happened to the source before we forked rsyslogd. However, much of the code already has been replaced and more is to be replaced. So over time, these comments become less valuable. I have moved them out of the syslogd.c file to shrink it, especially as a lot of them do no longer apply. For historical reasons and understanding of how the daemon evolved, they are probably still helpful. * Author: Eric Allman * extensive changes by Ralph Campbell * more extensive changes by Eric Allman (again) * * Steve Lord: Fix UNIX domain socket code, added linux kernel logging * change defines to * SYSLOG_INET - listen on a UDP socket * SYSLOG_UNIXAF - listen on unix domain socket * SYSLOG_KERNEL - listen to linux kernel * * Mon Feb 22 09:55:42 CST 1993: Dr. Wettstein * Additional modifications to the source. Changed priority scheme * to increase the level of configurability. In its stock configuration * syslogd no longer logs all messages of a certain priority and above * to a log file. The * wildcard is supported to specify all priorities. * Note that this is a departure from the BSD standard. * * Syslogd will now listen to both the inetd and the unixd socket. The * strategy is to allow all local programs to direct their output to * syslogd through the unixd socket while the program listens to the * inetd socket to get messages forwarded from other hosts. * * Fri Mar 12 16:55:33 CST 1993: Dr. Wettstein * Thanks to Stephen Tweedie (dcs.ed.ac.uk!sct) for helpful bug-fixes * and an enlightened commentary on the prioritization problem. * * Changed the priority scheme so that the default behavior mimics the * standard BSD. In this scenario all messages of a specified priority * and above are logged. * * Add the ability to specify a wildcard (=) as the first character * of the priority name. Doing this specifies that ONLY messages with * this level of priority are to be logged. For example: * * *.=debug /usr/adm/debug * * Would log only messages with a priority of debug to the /usr/adm/debug * file. * * Providing an * as the priority specifies that all messages are to be * logged. Note that this case is degenerate with specifying a priority * level of debug. The wildcard * was retained because I believe that * this is more intuitive. * * Thu Jun 24 11:34:13 CDT 1993: Dr. Wettstein * Modified sources to incorporate changes in libc4.4. Messages from * syslog are now null-terminated, syslogd code now parses messages * based on this termination scheme. Linux as of libc4.4 supports the * fsync system call. Modified code to fsync after all writes to * log files. * * Sat Dec 11 11:59:43 CST 1993: Dr. Wettstein * Extensive changes to the source code to allow compilation with no * complaints with -Wall. * * Reorganized the facility and priority name arrays so that they * compatible with the syslog.h source found in /usr/include/syslog.h. * NOTE that this should really be changed. The reason I do not * allow the use of the values defined in syslog.h is on account of * the extensions made to allow the wildcard character in the * priority field. To fix this properly one should malloc an array, * copy the contents of the array defined by syslog.h and then * make whatever modifications that are desired. Next round. * * Thu Jan 6 12:07:36 CST 1994: Dr. Wettstein * Added support for proper decomposition and re-assembly of * fragment messages on UNIX domain sockets. Lack of this capability * was causing 'partial' messages to be output. Since facility and * priority information is encoded as a leader on the messages this * was causing lines to be placed in erroneous files. * * Also added a patch from Shane Alderton (shane@ion.apana.org.au) to * correct a problem with syslogd dumping core when an attempt was made * to write log messages to a logged-on user. Thank you. * * Many thanks to Juha Virtanen (jiivee@hut.fi) for a series of * interchanges which lead to the fixing of problems with messages set * to priorities of none and emerg. Also thanks to Juha for a patch * to exclude users with a class of LOGIN from receiving messages. * * Shane Alderton provided an additional patch to fix zombies which * were conceived when messages were written to multiple users. * * Mon Feb 6 09:57:10 CST 1995: Dr. Wettstein * Patch to properly reset the single priority message flag. Thanks * to Christopher Gori for spotting this bug and forwarding a patch. * * Wed Feb 22 15:38:31 CST 1995: Dr. Wettstein * Added version information to startup messages. * * Added defines so that paths to important files are taken from * the definitions in paths.h. Hopefully this will insure that * everything follows the FSSTND standards. Thanks to Chris Metcalf * for a set of patches to provide this functionality. Also thanks * Elias Levy for prompting me to get these into the sources. * * Wed Jul 26 18:57:23 MET DST 1995: Martin Schulze * Linux' gethostname only returns the hostname and not the fqdn as * expected in the code. But if you call hostname with an fqdn then * gethostname will return an fqdn, so we have to mention that. This * has been changed. * * The 'LocalDomain' and the hostname of a remote machine is * converted to lower case, because the original caused some * inconsistency, because the (at least my) nameserver did respond an * fqdn containing of upper- _and_ lowercase letters while * 'LocalDomain' consisted only of lowercase letters and that didn't * match. * * Sat Aug 5 18:59:15 MET DST 1995: Martin Schulze * Now no messages that were received from any remote host are sent * out to another. At my domain this missing feature caused ugly * syslog-loops, sometimes. * * Remember that no message is sent out. I can't figure out any * scenario where it might be useful to change this behavior and to * send out messages to other hosts than the one from which we * received the message, but I might be shortsighted. :-/ * * Thu Aug 10 19:01:08 MET DST 1995: Martin Schulze * Added my pidfile.[ch] to it to perform a better handling with * pidfiles. Now both, syslogd and klogd, can only be started * once. They check the pidfile. * * Sun Aug 13 19:01:41 MET DST 1995: Martin Schulze * Add an addition to syslog.conf's interpretation. If a priority * begins with an exclamation mark ('!') the normal interpretation * of the priority is inverted: ".!*" is the same as ".none", ".!=info" * don't logs the info priority, ".!crit" won't log any message with * the priority crit or higher. For example: * * mail.*;mail.!=info /usr/adm/mail * * Would log all messages of the facility mail except those with * the priority info to /usr/adm/mail. This makes the syslogd * much more flexible. * * Defined TABLE_ALLPRI=255 and changed some occurrences. * * Sat Aug 19 21:40:13 MET DST 1995: Martin Schulze * Making the table of facilities and priorities while in debug * mode more readable. * * If debugging is turned on, printing the whole table of * facilities and priorities every hexadecimal or 'X' entry is * now 2 characters wide. * * The number of the entry is prepended to each line of * facilities and priorities, and F_UNUSED lines are not shown * anymore. * * Corrected some #ifdef SYSV's. * * Mon Aug 21 22:10:35 MET DST 1995: Martin Schulze * Corrected a strange behavior during parsing of configuration * file. The original BSD syslogd doesn't understand spaces as * separators between specifier and action. This syslogd now * understands them. The old behavior caused some confusion over * the Linux community. * * Thu Oct 19 00:02:07 MET 1995: Martin Schulze * The default behavior has changed for security reasons. The * syslogd will not receive any remote message unless you turn * reception on with the "-r" option. * * Not defining SYSLOG_INET will result in not doing any network * activity, i.e. not sending or receiving messages. I changed * this because the old idea is implemented with the "-r" option * and the old thing didn't work anyway. * * Thu Oct 26 13:14:06 MET 1995: Martin Schulze * Added another logfile type F_FORW_UNKN. The problem I ran into * was a name server that runs on my machine and a forwarder of * kern.crit to another host. The hosts address can only be * fetched using the nameserver. But named is started after * syslogd, so syslogd complained. * * This logfile type will retry to get the address of the * hostname ten times and then complain. This should be enough to * get the named up and running during boot sequence. * * Fri Oct 27 14:08:15 1995: Dr. Wettstein * Changed static array of logfiles to a dynamic array. This * can grow during process. * * Fri Nov 10 23:08:18 1995: Martin Schulze * Inserted a new tabular sys_h_errlist that contains plain text * for error codes that are returned from the net subsystem and * stored in h_errno. I have also changed some wrong lookups to * sys_errlist. * * Wed Nov 22 22:32:55 1995: Martin Schulze * Added the fabulous strip-domain feature that allows us to * strip off (several) domain names from the fqdn and only log * the simple hostname. This is useful if you're in a LAN that * has a central log server and also different domains. * * I have also also added the -l switch do define hosts as * local. These will get logged with their simple hostname, too. * * Thu Nov 23 19:02:56 MET DST 1995: Martin Schulze * Added the possibility to omit fsyncing of logfiles after every * write. This will give some performance back if you have * programs that log in a very verbose manner (like innd or * smartlist). Thanks to Stephen R. van den Berg * for the idea. * * Thu Jan 18 11:14:36 CST 1996: Dr. Wettstein * Added patche from beta-testers to stop compile error. Also * added removal of pid file as part of termination cleanup. * * Wed Feb 14 12:42:09 CST 1996: Dr. Wettstein * Allowed forwarding of messages received from remote hosts to * be controlled by a command-line switch. Specifying -h allows * forwarding. The default behavior is to disable forwarding of * messages which were received from a remote host. * * Parent process of syslogd does not exit until child process has * finished initialization process. This allows rc.* startup to * pause until syslogd facility is up and operating. * * Re-arranged the select code to move UNIX domain socket accepts * to be processed later. This was a contributed change which * has been proposed to correct the delays sometimes encountered * when syslogd starts up. * * Minor code cleanups. * * Thu May 2 15:15:33 CDT 1996: Dr. Wettstein * Fixed bug in init function which resulted in file descripters * being orphaned when syslogd process was re-initialized with SIGHUP * signal. Thanks to Edvard Tuinder * (Edvard.Tuinder@praseodymium.cistron.nl) for putting me on the * trail of this bug. I am amazed that we didn't catch this one * before now. * * Tue May 14 00:03:35 MET DST 1996: Martin Schulze * Corrected a mistake that causes the syslogd to stop logging at * some virtual consoles under Linux. This was caused by checking * the wrong error code. Thanks to Michael Nonweiler * for sending me a patch. * * Mon May 20 13:29:32 MET DST 1996: Miquel van Smoorenburg * Added continuation line supported and fixed a bug in * the init() code. * * Tue May 28 00:58:45 MET DST 1996: Martin Schulze * Corrected behaviour of blocking pipes - i.e. the whole system * hung. Michael Nonweiler has sent us * a patch to correct this. A new logfile type F_PIPE has been * introduced. * * Mon Feb 3 10:12:15 MET DST 1997: Martin Schulze * Corrected behaviour of logfiles if the file can't be opened. * There was a bug that causes syslogd to try to log into non * existing files which ate cpu power. * * Sun Feb 9 03:22:12 MET DST 1997: Martin Schulze * Modified syslogd.c to not kill itself which confuses bash 2.0. * * Mon Feb 10 00:09:11 MET DST 1997: Martin Schulze * Improved debug code to decode the numeric facility/priority * pair into textual information. * * Tue Jun 10 12:35:10 MET DST 1997: Martin Schulze * Corrected freeing of logfiles. Thanks to Jos Vos * for reporting the bug and sending an idea to fix the problem. * * Tue Jun 10 12:51:41 MET DST 1997: Martin Schulze * Removed sleep(10) from parent process. This has caused a slow * startup in former times - and I don't see any reason for this. * * Sun Jun 15 16:23:29 MET DST 1997: Michael Alan Dorman * Some more glibc patches made by . * * Thu Jan 1 16:04:52 CET 1998: Martin Schulze . * This included some balance parentheses for emacs and a bug in * the exclamation mark handling. * * Fixed small bug which caused syslogd to write messages to the * wrong logfile under some very rare conditions. Thanks to * Herbert Xu for fiddling this out. * * Thu Jan 8 22:46:35 CET 1998: Martin Schulze * Reworked one line of the above patch as it prevented syslogd * from binding the socket with the result that no messages were * forwarded to other hosts. * * Sat Jan 10 01:33:06 CET 1998: Martin Schulze * Fixed small bugs in F_FORW_UNKN meachanism. Thanks to Torsten * Neumann for pointing me to it. * * Mon Jan 12 19:50:58 CET 1998: Martin Schulze * Modified debug output concerning remote receiption. * * Mon Feb 23 23:32:35 CET 1998: Topi Miettinen * Re-worked handling of Unix and UDP sockets to support closing / * opening of them in order to have it open only if it is needed * either for forwarding to a remote host or by receiption from * the network. * * Wed Feb 25 10:54:09 CET 1998: Martin Schulze * Fixed little comparison mistake that prevented the MARK * feature to work properly. * * Wed Feb 25 13:21:44 CET 1998: Martin Schulze * Corrected Topi's patch as it prevented forwarding during * startup due to an unknown LogPort. * * Sat Oct 10 20:01:48 CEST 1998: Martin Schulze * Added support for TESTING define which will turn syslogd into * stdio-mode used for debugging. * * Sun Oct 11 20:16:59 CEST 1998: Martin Schulze * Reworked the initialization/fork code. Now the parent * process activates a signal handler which the daughter process * will raise if it is initialized. Only after that one the * parent process may exit. Otherwise klogd might try to flush * its log cache while syslogd can't receive the messages yet. * * Mon Oct 12 13:30:35 CEST 1998: Martin Schulze * Redirected some error output with regard to argument parsing to * stderr. * * Mon Oct 12 14:02:51 CEST 1998: Martin Schulze * Applied patch provided vom Topi Miettinen with regard to the * people from OpenBSD. This provides the additional '-a' * argument used for specifying additional UNIX domain sockets to * listen to. This is been used with chroot()'ed named's for * example. See for http://www.psionic.com/papers/dns.html * * Mon Oct 12 18:29:44 CEST 1998: Martin Schulze * Added `ftp' facility which was introduced in glibc version 2. * It's #ifdef'ed so won't harm with older libraries. * * Mon Oct 12 19:59:21 MET DST 1998: Martin Schulze * Code cleanups with regard to bsd -> posix transition and * stronger security (buffer length checking). Thanks to Topi * Miettinen * . index() --> strchr() * . sprintf() --> snprintf() * . bcopy() --> memcpy() * . bzero() --> memset() * . UNAMESZ --> UT_NAMESIZE * . sys_errlist --> strerror() * * Mon Oct 12 20:22:59 CEST 1998: Martin Schulze * Added support for setutent()/getutent()/endutend() instead of * binary reading the UTMP file. This is the the most portable * way. This allows /var/run/utmp format to change, even to a * real database or utmp daemon. Also if utmp file locking is * implemented in libc, syslog will use it immediately. Thanks * to Topi Miettinen . * * Mon Oct 12 20:49:18 MET DST 1998: Martin Schulze * Avoid logging of SIGCHLD when syslogd is in the process of * exiting and closing its files. Again thanks to Topi. * * Mon Oct 12 22:18:34 CEST 1998: Martin Schulze * Modified printline() to support 8bit characters - such as * russion letters. Thanks to Vladas Lapinskas . * * Sat Nov 14 02:29:37 CET 1998: Martin Schulze * ``-m 0'' now turns of MARK logging entirely. * * Tue Jan 19 01:04:18 MET 1999: Martin Schulze * Finally fixed an error with `-a' processing, thanks to Topi * Miettinen . * * Sun May 23 10:08:53 CEST 1999: Martin Schulze * Removed superflous call to utmpname(). The path to the utmp * file is defined in the used libc and should not be hardcoded * into the syslogd binary referring the system it was compiled on. * * Sun Sep 17 20:45:33 CEST 2000: Martin Schulze * Fixed some bugs in printline() code that did not escape * control characters '\177' through '\237' and contained a * single-byte buffer overflow. Thanks to Solar Designer * . * * Sun Sep 17 21:26:16 CEST 2000: Martin Schulze * Don't close open sockets upon reload. Thanks to Bill * Nottingham. * * Mon Sep 18 09:10:47 CEST 2000: Martin Schulze * Fixed bug in printchopped() that caused syslogd to emit * kern.emerg messages when splitting long lines. Thanks to * Daniel Jacobowitz for the fix. * * Mon Sep 18 15:33:26 CEST 2000: Martin Schulze * Removed unixm/unix domain sockets and switch to Datagram Unix * Sockets. This should remove one possibility to play DoS with * syslogd. Thanks to Olaf Kirch for the patch. * * Sun Mar 11 20:23:44 CET 2001: Martin Schulze * Don't return a closed fd if `-a' is called with a wrong path. * Thanks to Bill Nottingham for providing * a patch.