forked from rsyslog/rsyslog
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathChangeLog
11434 lines (11402 loc) · 636 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
------------------------------------------------------------------------------
Version 8.32.0 [v8-stable] 2018-01-09
- imfile: added support for Solaris File Event notification
improves performance under Solaris; current implementation does not yet
support wildcards (will follow as a separate project)
- imuxsock: improved status reporting: socket name received from systemd
Providing an indication of what we got from systemd facilitates problem
analysis.
- added --enable-libsystemd configure option to enforce use of libsystemd
so we can fail the build on platforms where this is required
- fixed a couple of build issues with gcc-7 (in less frequently used modules)
- mmsnmptrapd bugfix: potential misadressing
This only occured in situations when the system was totally out of memory.
- pmnormalize bugfix: remove unsave "strcat" implementation
- rainerscript bugfix: ltrim() and rtrim function misadressing
This could lead to a segfault and was triggerred by certain input data
schemes. For example, a ltrim(" a") could lead to the fault.
------------------------------------------------------------------------------
Version 8.31.0 [v8-stable] 2017-11-28
- NEW BUILD DEPENDENCY: ommongodb now requires libmongo-c
instead of deprecated libmongo-client.
- remove systemd embedded code, use libsystemd instead
Since the early days rsyslog used the orginal systemd embedded
interface code. This version now uses libsystemd where available.
If we do not find libsystemd, we assume the system does not use
systemd, which is a safe assumption nowadays. This ensures we use the
fresh interface code and also removes bloat from our project.
closes https://github.com/rsyslog/rsyslog/issues/1933
- mmanon: add support for IPv6 adresses with embedded IPv4 address
While this format is uncommon, it may still be present in logs and as
such should be supported. It is configurable via individual settings,
though. Especially the number of bits to anonymize may be desired to
be different than in pure IPv6.
- ommongodb: big refactoring, more or less a feature-enhanced rewrite
New features are :
* Handle TLS connexion to mongodb
* Handle MongoDB Replicasets
* Added the 'ssl_ca' and 'ssl_cert' directives to configure tls connexion
* Added 'uristr' directive to configure the connection uri in the form
of 'mongodb://...'
Now uses the official mongo-c-driver library instead of the deprecated
mongo-client library
Special thanks to Hugo Soszynski and Jérémie Jourdin for there hard work
to make this a reality!
See also: https://github.com/rsyslog/rsyslog/pull/1917
- rainerscript: add parse_time() function
Thanks to Stephen Workman for implementing this.
- omelasticsearch: add pipeline support
supports static and dynamic ElasticSearch pipeline parameter.
closes https://github.com/rsyslog/rsyslog/issues/1411
Thanks to github users scibi and WaeCo for the implementation.
- lmsig_ksi_ls12: support asynchronous mode of libksi
- omprog: added error handling and transaction support for external plugins
This permits much better integration of external output modules.
Special thanks to Joan Sala for providing this work!
- imzmq3/omzmq3: marked as deprecated, modules will be remove in v8.41
see also: https://github.com/rsyslog/rsyslog/issues/2100
- imzmq3/omzmq3: fixed build issues with gcc-7
- core: emit error message on abnormal input thread termination
This indicates a serious issue of which the user should be notified.
Was not done so far and caused grief when troubleshooting issues.
- core: refactored locking for json variable access
refactored the method so that it consistent in all functions and easier
to follow. Most importantly, now an as simple as possible locking paradigm
of lock ... unlock within the function. Hopefully easier to understand
both for humans and static code analyzers.
- core: refactored creation of UDP sockets
was very old, hard to follow code; streamlined that a bit
- core/dnscache: refactor locking
keep a simple lock ... unlock scheme within the function. That is
easier to follow for both humans as well as static analyzers.
Also removes Coverity scan CID 185419
- rainerscript: use crypto-grade random number generator for random() function
We now use /dev/urandom if available. If not, we fall back to the weak PRNG.
- imkafka: improve error reporting and cleanup refactoring
- imkafka bugfix: segfault if "broker" parameter is not specified
Now emits warning message instead and uses hardcoded default
(which usually matches where the kafka broker can be found).
fixes https://github.com/rsyslog/rsyslog/issues/2085
- omkafka: improve error reporting
- omkafka: slight speedup do to refactoring of LIST class
double-linked list was used for temporarily undeliverable message tracking
where singly-linked list was sufficient. Changed that.
- TCP syslog: support SNI when connecting as a client
This is done if a hostname is configured and turned off if an IP is used.
Thanks to Art O Cathain for the patch.
see also https://github.com/rsyslog/rsyslog/pull/1393
- msg variable bugfix: potential segfault on variable access
A segfault is likely to happen if during processing a variable with
more than one path component is accessed (e.g. $!path!var) and NO
variables oft hat kind (local, message, global) are defined at all.
closes https://github.com/rsyslog/rsyslog/issues/1920
- ratelimiting bugfix: data race in Linux-like ratelimiter
access to the Linux-like ratelimiter was not properly synchronized, and
the system rate-limiter was not using it in any case.
This could lead to the rate-limit settings not being properly
respected, but no "hard error".
- core/template bugfix: potential NULL pointer access at config load
could happen if the config was loaded and the parameters could not properly
be processed. If so, this occured only during the startup phase.
Detected by Coverity scan, CID 185318
- core/json var subsystem bugfix: segfault in MsgSetPropsViaJSON
Invalid libfastjson API use lead to double-free. This was most importantly
triggerred by mmexternal (but could potentially be triggered by other
uses as well)
closes https://github.com/rsyslog/rsyslog/issues/1822
- core/wrkr threads bugfix: race condition
During e.g. shutdown it could happen that a worker thread was started
and immediately be requested to terminate. In such situations there was
a race the prevented proper initialization. This could lead to follow-on
problems.
We believe (but could not proof) that this also could lead to a hang of
the termination process. Thus we claim to close an issue tracker down
here below, but are not 100% certain it really closes it (we hope for
user feedback on this). In any case, the thread debuger showed invalid
operations and this has been fixed, so it is useful in any case.
closes https://github.com/rsyslog/rsyslog/issues/1959
- core/wtp: potential hang during shutdown
when the wtp worker is cancelled in the final stage of shutting down
while the mutex is locked and there is one worker left, the system
will hang. The reason is that the cancelled thread could not free the
mutex that the other needs in order to shut down orderly.
Deteced with clang thread sanitizer.
- omfwd bugfix: generate error message on connection failure
- imtcp bugfix: "streamdriver.mode" parameter could not be set to 0
- imjournal bugfix: module was defunctional
The open function was broken by commit 92ac801, resulting in
no data being ever read from the journal.
patch bases on the idea of Radovan Sroka given here:
https://github.com/rsyslog/rsyslog/issues/1895#issuecomment-339017357
but follows the current imjournal-paradigm of having the journal
handle inside a global variable.
see also https://github.com/rsyslog/rsyslog/issues/1895
closes https://github.com/rsyslog/rsyslog/issues/1897
- imjournal: refactor error handling, fix error messages
imjournal did not try to recover from errors and used the error state
returned by journal functions incorrectly, resulting in misleading
error messages. Fixed this and also increased the number of error
messages so that it now is easier to diagnose problems with this module.
Also a little bit of internal brush-up.
-mmdblookup bugfix: fix potential segfault due to threading issues
libmaxminddb seems to have issues when running under multiple threads. As
a first measure, we prevent mmdblookup now from running on more than one
thread concurrently.
see also: https://github.com/rsyslog/rsyslog/issues/1885#issuecomment-344882616
- omkafka bugfixes
* statistics counter maxoutqsize could not be reset
Thanks to github user flisky for the patch.
* potential hang condition
omkafka did not release a mutex under some error conditions (most
notably out of memory on specific alloc calls). This lead to a hang
during actively processing messages or during shutdown (at latest).
This could happen only if dynamic topics were configured.
Detected by Coverity Scan, CID 185781 (originally 185721, detected
as a different issue by Coverity after code refactoring done in regard
to 185721 -- then the problem became more obvious).
* file handle leak, which could occur when local buffering
of messages was needed
* invalid load of failedmsg file on startup if disabled
error "rsyslogd: omkafka: could not load failed messages from "
"file (null) error -2027 - failed messages will not be resend."
occurs because, depite `keepFailedMessages="off"` as a default,
omkafka still tries to check for and load a `(none)` file which
triggers an IO error of sorts according to the 2027 link above.
Obviously, it probably shouldn't try load the file if
`keepFailedMessages` is not enabled.
Thanks to github user JPvRiel for a very good error report and
analysis.
closes https://github.com/rsyslog/rsyslog/issues/1765
* various config parameters did not work
These were not even recognized when used and lead to a config startup
error message:
~ closeTimeout
~ reopenOnHup
~ resubmitOnFailure
~ keepFailedMessages
~ failedMsgFile
closes https://github.com/rsyslog/rsyslog/issues/2052
* considerable memory leak
Whenever a message could (temporarily) not be delivered to kafka,
a non-trivial amount of memory was leaked. This could sum up to
quite a big memory leak.
fixes https://github.com/rsyslog/rsyslog/issues/1991
* some small memory leaks fixed
most of them cosmetic or a few bytes statically (not growing as
omkafka was used) -- thus we do not mention each one explicitely.
For more details, see git commit log or this pull request:
https://github.com/rsyslog/rsyslog/pull/2051
- kafka bugfix: problem on invalid kafka configuration values
omkafka ended up in an endless loop and high cpu.
imkafka tried to subscribe to a not connected kafka server.
closes https://github.com/rsyslog/rsyslog/issues/1806
- [io]mgssapi: fix build problems (regression from 8.30.0)
- [io]czmq: fix build problems on some platforms (namely gcc 7, clang 5)
- tcpsrv bugfix: potential hang during shutdown
- queue bugfix: potential hang during shutdown
- queue bugfix: NULL pointer dereference during config processing
If the queue parameters were incorrectly given, a NULL pointer derefernce
could happen during config parsing. Once post that stage, no problem could
occur.
Detected by Coverity scan, CID 185339
- imczmq bugfix: segfault
happened in a call to
371: zcert_destroy(&serverCert) called from rcvData().
Thanks to ~achiketa Prachanda for the patch.
- imfile: some small performance enhancements
Thanks to Peter Portante for the patch
- omfile: hande file open error via SUSPEND mode
For a while, an open file error lead to suspension as the error was
not detected by the rule engine. This has changed with fixes
in 8.30.0. I asked users what they prefer (and expect) and
everyone meant it should still be handled via suspension. See
github tracker below for more details.
closes https://github.com/rsyslog/rsyslog/issues/1832
- omfile bugfix: race during directory creation can lead to loop
There was a race where two threads were competing for directory creation
which could lead to none succeeding and a flood of error message like this
"error during config processing: omfile: creating parent directories for
file". This has been solved.
Thanks to Niko Kortström for the patch.
- imudp: improve error reporting
When udp listener cannot be created, an error message containing
the ip-address and port is put out.
closes https://github.com/rsyslog/rsyslog/issues/1899
- omrelp bugfix: incorrect error handling
if librelp with TLS but without Authentication was included, librelp
did not emit the correct error message due to invalid error code
check. It also did not err-out but instead suspended itself.
Detected by Coverity scan, CID 185362
- [io]mrelp bugfix: segfault on startup if configured cert not readable
When the certificate file specified in the omrelp/imrelp configuration
can't be accessed, e.g. because it doesn't exist or you don't have
permission to do so, a Segmentation Fault will appear when you start
Rsyslog. This commit fixes that problem.
closes https://github.com/rsyslog/rsyslog/issues/1869
- mmanon fix: make build under gcc 7
Thanks to William Dauchy for the patch
- mmpstrucdata bugfix: formatting error of ']' char
This was invalidly formatted as '"'. Thanks to github user
wu3396 for the error report including the patch idea.
closes https://github.com/rsyslog/rsyslog/issues/1826
- mmexternalb bugfix: memory leak
- core/stats bugfix: memory leak if sender stats or tracking are enabled
- core bugfix: potential segfault during startup
A NULL pointer could be accessed if there was a problem with the
timezone parameters. Affects only startup, once started, no problem
existed.
Detected by Coverty scan; CID 185414
- core bugfix: potential race in variable handling
Root of variable tree is accessed prior to locking access to it.
This introduces a race that may result in various kinds of
misadressing.
Found while reviewing code, no bug report exists.
- core bugfix: potential segfault when shutting down rsyslog
when rulesets are nested a segfault can occur when shutting down
rsyslog. the reason is that rule sets are destructed in load order,
which means a "later" ruleset may still be active when an "earlier"
one was already destructed. In these cases, a "call" can invalidly
call into the earlier ruleset, which is destructed and so leads to
invalid memory access. If a segfault actually happens depends on the
OS, but it is highly probable.
The cure is to split the queue shutdown sequence. In a first step,
all worker threads are terminated and the queue set to enqOnly.
While some are terminated, it is still possible that the others
enqueue messages into the queue (which are then just placed into the
queue, not processed). After this happens, a call can no longer
be issued (as there are no more workers). So then we can destruct
the rulesets in any order.
closes https://github.com/rsyslog/rsyslog/issues/1122
- core/action bugfix: potential misadressing when processing hard errors
For batches that did fail in an output module, the rsyslog core
tries to find offending messages that generate hard (non-recoverable)
errors. During this process, the action templates for each message
are copied into a temporary buffer. That copy was invalidly sized,
actually copying only the first template string. As such, outputs
that requested more template strings AND had erros in batch submission
received uninitialized pointers. This could lead to all sorts of
problems.
see also https://github.com/rsyslog/rsyslog/issues/1885
closes https://github.com/rsyslog/rsyslog/issues/1906
- template object bugfix: NULL pointer access on invalid parameters
could happen only during startup
Detected by Coverity scan, CID 185376
- omjournal bugfix: NULL pointer access on invalid parameters
could happen only during startup
- omelasticsearch bugfix: configured credentials not used during health check
Authentication credentials were not applied during health check,
permission to use unsigned CERTS was not applied to regular data post.
closes https://github.com/rsyslog/rsyslog/issues/1949
- omelasticsearch bugfix: abort on unavailable ES server
Depending on the state of unavailability (libcurl return code),
omelasticsearch tries to process a NULL return message, what
leads to a segfault.
This fixes the problem and introduces better error handling and
better error messages.
see also https://github.com/rsyslog/rsyslog/issues/1885
- omelasticsearch: fix memory leak and potential misadressing
Commit 96b5fce introduced regressions, leading to potential misadressing
and a very probable memory leak. This commit fixes the issues and
hardens the module to better detect some error cases in the
future.
It also adds valgrind-based testbench tests which ensure that no
pointer errors exist. If they had been in place, the regressions
would never have been undetected.
Note that commit 96b5fce was introduced in 8.23.0 on Nov, 15th 2016.
Many thanks to Yaroslav Bo for alerting me on the root problem and
providing a very good analysis and guidance.
see also https://github.com/rsyslog/rsyslog/issues/1906
see also https://github.com/rsyslog/rsyslog/issues/1964
closes https://github.com/rsyslog/rsyslog/issues/1962
- omelasticsearch bugfix: output from libcurl to stdout
omelasticsearch made libcurl output messages to stdout. This
commit fixes that. It also automatically enables libcurl verbose
mode during debug runs - it needs to be seen if this is smart or
not (previously, code needed to be commented in).
closes https://github.com/rsyslog/rsyslog/issues/1909
- iczmq bugfix: potential memory leak
- imptcp bugfix: potential misadressing
When during a connection request the remote peer could not be
identified, imptcp could misadress memory if it is configured
to emit messages on connection open.
Detected by clang 5.0 static analyzer.
- imptcp: potential buffer overflow
if the local hostname or IP is larger than NI_MAXHOST-1, an internal
buffer is overflowed. This is irrespective of any input data.
Detected by Coverity scan, CID 185390
- core/nsd_gtls: fix potential unitialized data access
could occur during certificate check
found by clang 5.0 static analyzer
- stats bugfix: potential program hang
due to missing unlock. This could only occur if pstats was set to
CEE-format logging (very uncommon) AND if the system runs out of
memory (in which case other things go pretty bad as well).
found by Coverty scan
- omfwd bugfix: memory leak if network namespaces are used
very seldom used feature, occurs only during error case
found by Coverty scan.
- core: potential misadressing when accessing JSON properties
When a JSON property is accessed in template processing, memory may
have been misadressed or a double-free may occur while obtaining the
propety.
This was detected by a Coverty scan.
- gcry crypto provider bugfixes: potential misadressing and memory leak
If the config parameters were invalid, a misadressing could occur. If so,
this happens only during startup.
Also, a memory leak existed when the crypto provider errored out. This could
build up if it were used in frequently-changing dynafiles. This was
detected by Coverity scan, CID 185360.
- core/file stream object bugfix: memory leak
If a multiline read errored out, a line buffer could be leaked.
Detected by Coverity scan, CID 185328
- imdiag bugfix: double mutex unlock when working with stats
Note: while this could potentially lead to a program hang, it affected
only testbench execution as imdiag is a testbench-only tool.
Detected by Coverity scan, CID 185348 and 185350
- fixed several minor and cosmetic issues found by Coverty scan
includding false positives. For details see "$ git log". All noteworthy
issues are seperately mentioned in this ChangeLog. The ones not mentioned
are for example problems that can only occur during out of memory
conditions, under which it is extremely likely tha the rsyslog process
will be killed in any case
- testbench:
* added compile-check for [io]mgssapi, mmcount
* harden tests against hanging previous instances
* re-enable RELP tests on Solaris
* added basic test for imjournal
* added threading tests via valgrind's helgrind tool
* added valgrind test for kafka modules
* added capability to run elasticsearch tests with
a) different ElasticSearch versions
b) independently from OS-installed version
This also sets base to enable more elaboreate ES tests
* further relaxed timing of dynstats tests, as they tend to create
false positives on slow machines
- CI: improved test coverage on FreeBSD
- Travis: clang static analyzer 5.0 now run over all source files
- build: make compile warning-free under gcc 7
------------------------------------------------------------------------------
Version 8.30.0 [v8-stable] 2017-10-17
- NEW BUILD REQUIREMENTS
* libfastjson 0.99.7 is now mandatory
the new version is required to support case-insensitive variable
comparisons, which are now the default
* when building imjournal, libsystemd-journal >= 234 is now recommended
This is to support the imjournal enhancement. Note that it is possible
to build with lower version, but this will degrade imjournal functionality.
- CHANGE OF BEHAVIOUR: all variables are now case-insensitive by default
Formerly, JSON based variables ($!, $., $/) were case-sensitive.
Turn old default back on: global(variables.casesensitve="on")
See ChangeLog entry below for more details.
- core: handle (JSON) variables in case-insensitive way
The variable system inside rsyslog is JSON based (for easy consumption
of JSON input, the prime source of structured data). In JSON, keys
("variable names") are case-sensitive. This causes constant problems
inside rsyslog configurations. A major nit is that case-insensitivity
option inside templates (even if turned on) does not work with JSON
keys because they of inner workings*1.
It is much more natural to treat keys in a case-INsensitive way (e.g.
"$!Key" and "$!key" are the same). We do not expect any real problems
out of this, as key names only differing in case is highly unlikely.
However, as it is possible we provide a way to enable case-sensitivity
via the global(variables.casesensitve="on") global config object.
Note that the default is to do case-insensitive matches. The reason
is that this is the right thing to do in almost all cases, and we do
not envision any problems at all in existing deployments.
*1 Note: case-insensitivity in rsyslog is achieved by converting all
names to lower case. So that the higher speed of strcmp() can be used.
The template option does actually that, convert the template keys to
lower case. Unfortunately, this does not work with JSON, as JSON keys
are NOT converted to lower case.
closes https://github.com/rsyslog/rsyslog/issues/1805
- imjournal: made switching to persistent journal in runtime possible
with this patch imjournal can continue logging after switch to
persistent journal without need to restart rsyslog service
Thanks to github user jvymazal for the patch
- mmanon: complete refactor and enhancements
- add pseudonymization mode
- add address randomization mode
- add support for IPv6 (this also supports various replacement modes)
closes https://github.com/rsyslog/rsyslog/issues/1614
also fixes bugs
- in IPv4 address recognition
closes https://github.com/rsyslog/rsyslog/issues/1720
- in IPv4 simple mode to-be-anonymized bits can get wrong
closes https://github.com/rsyslog/rsyslog/issues/1717
- imfile: add "fileoffset" metadata
This permits to send the offset from which the message was read together
with the message text.
Thanks to github user derekjsonar for the initial implementation which
we extended to use the message start offset.
- RainerScript: add ltrim and rtrim functions
closes https://github.com/rsyslog/rsyslog/issues/1711
- core: report module name when suspending action
Thanks to Orion Poplawski for the patch.
- core: add ability to limit number of error messages going to stderr
This permits to put a hard limit on the number of messages that can
go to stderr. If for nothing else, this capability is helpful for the
testbench. It permits to reduce spamming the test log while still
providing the ability to see initial error messages. Might also be
useful for some practical deployments.
global parameter: global(errorMessagesToStderr.maxNumber)
- tcpsrv subsystem: improvate clarity of some error messages
operating system error message are added to some messages, providing
better advise of what actually is the error cause
- imptcp: include module name in error msg
- imtcp: include module name in error msg
- tls improvement: better error message if certificate file cannot be read
- omfwd: slightly improved error messages during config parsing
They now contain config file/line number information where this was missing.
- ommysql improvements
* Return specifc code for unrecoverable errors. This makes retry processing
more performant and robust.
* error messages improved
* Update to utilize native v8 transactional interface. Previously, it used
the v7 interface with v8 emulation.
* treat server and client-generated messages differently
Server-generated error messages are considered non-recoverable, while
client generated once point into connection problems (which simply can
be retried). This is part of the improvements towards better
message-induced errors. Previous commits did only handle SQL parsing
errors, now we aim to address all of the message-induced error. We assume
that all server-generated errors are such - mysql API unfortunately does
not provide a clear indication of what type if error this is and it is
out of question to check for hundereds of error codes.
closes https://github.com/rsyslog/rsyslog/issues/1830
- ommysql bugfix: do not duplicate entries on failed transaction
If a multi-message batch contains data errors, messages may be
duplicated as connection close is implicit commit (not rollback).
This patch introduces a specific rollback request in those cases.
closes https://github.com/rsyslog/rsyslog/issues/1829
- imtcp bugfix: parameter priorityString was ignored
defaults were always used
- template/bugfix: invalid template option conflict detection
This prevented "option.casesenstive" to be used with the SQL and JSON
options.
- core/actions: fix handling of data-induced errors
Rsyslog core should try to detect data-induced (unrecoverable) errors
during action processing. An example of such is invalid SQL statements.
If the action returns a data error, rsyslog shall retry individual
messages from a batch in an effort to log those without errors. The others
shall be dropped.
This logic was temporarily disabled after the switch to the new v8
transaction interface. Now this bug is fixed and the testbench has been
ammended to detect problems in the future.
closes https://github.com/rsyslog/rsyslog/issues/974
- core/action bugfix: no "action suspended" message during retry processing
The action engine does not emit "action suspended" messages but "resumed"
ones in retry processing. This is wrong, as they are a strong indication
that something does not work correctly. Nevertheless, "resumed" messages
were emitted, which was very puzzling for the user.
This patch fixes it so that "suspend" messages are given during retry
processing. These do not contain a retry timestamp, providing evidence
that a retry is currently being tried.
coses https://github.com/rsyslog/rsyslog/issues/1069
- core/ratelimit bugfix: race can lead to segfault
There was a race in iminternalAddMsg(), where the mutex is
released and after that the passed message object is accessed.
If the mainloop iterates in between, the msg may have already
been deleted by this time, resulting in a segfault.
Most importantly, there is no need to release the mutex lock
early, as suggested by current code. Inside mainloop the mutex
is acquired when it is time to do so, so at worst we'll have a
very slight wait there (which really does not matter at all).
This only happens if a large number of internal messages are emitted.
closes https://github.com/rsyslog/rsyslog/issues/1828
- core bugfix: rsyslog aborts if errmsg is generated in early startup
Note that the segfault can occur only during early startup. Once
rsyslog has started, everything works reliably. This condition can
especially be triggerred by specifying invalid TLS default certificates.
closes https://github.com/rsyslog/rsyslog/issues/1783
closes https://github.com/rsyslog/rsyslog/issues/1786
- core bugfix: informational messages was logged with error severity
When the main loop reaped a child process (a normal action), this was
reported as an error. This caused user confusion. Now it is reported as
an informational message.
- core bugfix: --enable-debugless build was broken
This was a regression from the v8.29.0 debug enhancements
Thanks to Stephen Workman for the patch.
- queue bugfix: file write error message was incorrect
when a queue was restarted from disk file, it almost always
emitted a message claiming
"file opened for non-append write, but already contains xxx bytes"
This message was wrong and did not indicate a real error condition.
The predicate check was incorrect.
closes https://github.com/rsyslog/rsyslog/issues/170 (kind of)
- omrelp bugfix: segfault when rebindinterval parameter is used
- imudp bugfix: UDP oversize message not properly handled
When a message larger than supported by the UDP stack is to be sent,
EMSGSIZE is returned, but not specifically handled. That in turn
will lead to action suspension. However, this does not make sense
because messages over the UDP max message size simply cannot be sent.
closes https://github.com/rsyslog/rsyslog/issues/1654
- core bugfix: memory corruption during configuration parsing
when omfwd is used with the $streamdriverpermittedpeers legacy
parameter, a memory corruption can occur. This depends on the
length of the provided strings and probably the malloc subsystem.
Once config parsing succeeds, no problem can happen.
Thanks to Brent Douglas for initially reporting this issue and
providing great analysis.
Thanks to github user bwdoll for analyzing this bug and providing
a suggested fix (which is almost what this commit includes).
closes https://github.com/rsyslog/rsyslog/issues/1408
closes https://github.com/rsyslog/rsyslog/issues/1474
- core bugfix: race on worker thread termination during shutdown
The testbench got some occasionally failing tests. Review of
them brought up the idea that there is a race during worker
threat termination. Further investigation showed that this
might be a long-standing issue, but so far did not really
surface as the timing was almost always correct. However,
with the new functionality to emit a message on worker
shutdown (v8.29), the timing got more complex and now this
seemed to occasionally surface.
closes https://github.com/rsyslog/rsyslog/issues/1754
- omelasticsearch: avoid ES5 warnings while sending json in bulkmode
do this by adding proper content type header to ES request
Thanks to William Dauchy for the patch
- omelasticsearch bugfix: incompatibility with newer ElasticSearch version
ElasticSearch changed its API in newer versions. When "bulkmode" is enabled
in omelasticsearch, rsyslog seems to consider all responses from Elasticsearch
as errors, even the successful ones. As a consequence, every single request
ends up being logged into the error file.
closes https://github.com/rsyslog/rsyslog/issues/1731
Thanks to Vincent Quéméner for the patch.
- imptcp bugfix: invalid mutex addressing on some platforms
code did not compile on platforms without atomic instructions
Thanks to github user petiepooo for the patch
- imptcp bugfix: do not accept missing port in legacy listener definition
If legacy listener definition was used, a missing port was accepted during
the config read phase but errored out upon listener activation. This now
errors out directly when processing the config directive.
------------------------------------------------------------------------------
Version 8.29.0 [v8-stable] 2017-08-08
- imptcp: add experimental parameter "multiline"
This enables a heuristic to support multiline messages on raw tcp syslog
connections.
- imptcp: framing-related error messages now also indicate remote peer
This is the case e.g. for oversize messages.
- imtcp: framing-related error messages now also indicate remote peer
This is the case e.g. for oversize messages.
- imptcp: add session statistics conunter
- session.opened
- session.openfailed
- session.closed
- imtcp: add ability to specify GnuTLS priority string
This permits to set cipher details on a very low level.
- impstats: add new ressoure counter "openfiles"
- pmnormalize: new parser module
Parser module that uses liblognorm to parse incoming messages.
- core/queue: provide informational messages on thread startup and shutdown
This provides better insight into operational state of rsyslog and is useful
in monitoring system health. Note that this causes the emission of messages
not previously seen. They are of syslog.informational priority.
- omfwd/udp: improve error reporting, depricate maxerrormessages parameter
Generally improved udp-related error messages (e.g. they now contain the
socket number, which makes it easier to related them to errors reported by
net.c subsystem).
We also depricated (removed) the "maxerrormessages" configuration parameters.
It provided some very rough rate-limiting capabilities and was introduced
before we had native rate-limiters. The default was that only the first 5
error messages were actually reported. For long-running instances, that
meant that in many cases no errors were ever reported. We now use the default
internal message rate limter, which works far better and ensures that also
long-running instances will be able to emit error messages after prolonged
runtime. In contrast, this also means that users will see more error
messages from rsyslog, but that should actually improve the end user
experience.
- core: add parameters debug.file and debug.whitelist
allows to generate debug log output only of specific files
Background information available at:
https://www.linkedin.com/pulse/improving-rsyslog-debug-output-jan-gerhards
- core/net.c: improve UDP socket creation error messages
- omfwd/udp: add "udp.sendbuf" parameter
- core: make rsyslog internal message rate-limiter configurable
New parameters "internalmsg.ratelimit.interval" and "internalmsg.ratelimit.burst"
have been added.
- omelasticsearch bugfixes and changed ES5 API support:
* avoid 404 during health check
Omleasticsearch responds differently to HTTP HEAD and GET requests and
returns correct state only on GET requests. This patch works around
that ES bug and always does a GET request even when technically a HEAD
request would be sufficient.
* avoid ES5 warnings while sending json
ES5 is generating warnings when sending json without the proper header:
$ curl -i -H "Content-Type: text/json" -XGET 'http://elasticsearch5:9200/' \
-d '{}\n'
HTTP/1.1 200 OK
Warning: 299 Elasticsearch-5.4.3-eed30a8 "Content type detection for rest
requests is deprecated. Specify the content type using the [Content-Type]
header." "Wed, 26 Jul 2017 14:33:28 GMT"
no issue on previous version.
Now, the header is set as application/json. It works for all versions
(tested on ES2 and ES5) we also handle the bulkmode where it should be
set to application/x-ndjson
closes https://github.com/rsyslog/rsyslog/issues/1546
* bugfix for memomry leak while writing error file
Thanks to William Dauchy for providing the patches
- imfile bugfix: wildcard detection issue on path wildcards
Wildcards mode was not properly detected when wildcards
were only used in a directory name on startup.
This caused imfile not to create a propper dynamic filewatch.
closes: https://github.com/rsyslog/rsyslog/issues/1672
- omfwd bugfix: always give reason for suspension
In many cases, no error message were emitted when omfwd
went into action suspension, which was confusing for end
users. This patch enables explicit error messages in all
those cases.
closes https://github.com/rsyslog/rsyslog/issues/782
- omfwd bugfix: configured compression level was not properly used
Thanks to Harshvardhan Shrivastava for the patch.
- imptcp bugfix: potential socket leak on session shutdown
imptcp first tries to remove a to-be-shut-down socket from the
epoll set, and errors out if that does not work. In that case, the
underlying socket will be leaked.
This patch refactors the code; most importantly, it is not necessary
to remove the socket from the epoll set, as this happens automatically
on close. As such, we simply remove that part of the code, which
also removes the root cause of the socket leak.
- omfwd/omudpspoof bugfix: switch udp client sockets to nonblocking mode
On very busy systems, we see "udp send error 11" inside the logs, and the requesting
action is being suspended (and later resumed). During the suspension period (in
default configuration), messages are lost. Error 11 translates to EAGAIN and the
cause of this problem is that the system is running out of UDP buffer space. This
can happen on very busy systems (with busy networks).
It is not an error per se. Doing a short wait will resolve the issue. The real root
cause of the issue is that omfwd uses a nonblocking socket for sending. If it were
blocking, the OS would block until the situation is resolved. The need for a
non-blocking sockets is a purely historical one. In the days of single-threaded
processing (pre v3), everything needed to be done by multiplexing, and blocking was
not permitted. Since then, the engine has dramatically changed. Actions now run on
their own thread(s). As such, there is no longer a hard need to use non-blocking i/o
for sending data. Many other output plugins also do blocking wait (e.g. omelasticsearch).
As such, the real root cause of the trouble is unnecessarily using non-blocking mode,
and consequently the right solution is to change that.
Note that using blocking i/o might change some timeing inside rsyslog, especially
during shutdown. So theoretical there is regression potential in that area. However,
the core is designed to handle that situation (e.g. there is special shutdown code to
handle the blocking case), so this does not stand against the "proper" solution.
This patch applies the change on the rsyslog core level, within net.c. The only
users of the changed functionality are omfwd and omudpspoof. Imudp is unaffected as
it requests server sockets.
Note that according to the sendto() man page, there is a second cause for the EAGAIN
error, this is when the system temporarily runs out of emphermeral ports. It is not
100% clear if this can also happen in the blocking case. However, if so, we can argue
this is a case where we really want the default retry logic. So for the time being,
it is appropriate to not handle EAGAIN in a special case any longer.
closes https://github.com/rsyslog/rsyslog/issues/1665
- imklog: fix permitnonkernelfacility not working
- impstats bugfix: impstats does not handle HUP
If the parameter "log.file" is specified, impstats writes its own
log file. However, HUP is not handled for this file, which makes
the functionality unusable with log rotation. It is also counter-
intuitive for users.
This patch enables correct HUP processing. As a sideline, it also
introduces a generic HUP processing framework for non-action type
of loadable modules.
closes https://github.com/rsyslog/rsyslog/issues/1662
closes https://github.com/rsyslog/rsyslog/issues/1663
- core bugfix: segfault after configuration errors
- core/queue bugfixes:
* Fix behaviour of PersistStateInterval
If PersistStateInterval=1, then each log line read should cause the state file
to be updated, but this was not happening because nRecords was being post-increment.
Thanks to Anthony Howe for the patch.
* potential problem during deserialization
if queue object deserialization fails, invalid memory blocks might be
free'ed.
For more information see https://github.com/rsyslog/rsyslog/pull/1647
Thanks to Derek Smith for the patch.
- core bugfix: messsage garbled after message modification
The MsgDup() function will return a garbled message object under these
conditions: The message was originally created with message length equal or
larger to CONF_RAWMSG_BUFSIZE. This makes rsyslog store the message in
dynamically allocated buffer space. Then, a component reduces the message
size to a size lower than CONGF_RAWMSG_BUFSIZE. A frequent sample is the
parser removing a known-bad LF at the end of the messages. Then, MsgDup is
executed. It checks the message size and finds that it is below
CONF_RAWMSG_BUFSIZE, which make it copy the msg object internal buffer
instead of the dynamically allocated one. That buffer was not written to in
the first place, so unitialized data is copied. Note that no segfault can
happen, as the copied location was properly allocated, just not used in
this processing flow. In the end result, the new message object contains
garbage data. Whenever the new object is used (e.g. in a async ruleset or
action) that garbage will be used. Whenever the old object is accessed,
correct data will be used. Both types of access can happen inside the
same processing flow, which makes the problem appear to be random.
closes https://github.com/rsyslog/rsyslog/issues/1658
- lmsig_ksi: removed pre-KSI_LS12 components
As of GuardTime, the provider, these no longer work due to backend
changes. The lmsig_ksi_ls12 module shall be used instead. This is
available since 8.27.0.
- testbench bugfix: hang in tests if omstdout is not present
Many tests depend on omstdout. Given the fact that omstdout
is really only useful for the testbench (at least that's the intent),
we now require --enable-omstdout if --enable-testbench is given.
The alternative would have been to disable all those tests that
need it, which would have lead to considerable less testbench
coverage.
closes https://github.com/rsyslog/rsyslog/issues/1649
------------------------------------------------------------------------------
Version 8.28.0 [v8-stable] 2017-06-27
- NEW BUILD REQUIREMENT: librelp 1.2.14 (to build relp components)
This was necessary because imrelp requires an API introduced in 1.2.14.
- omfwd: add parameter "tcp_frameDelimiter"
- omkafka: large refactor of kafka subsystem
This offers improvements and greatly increases reliablity.
Closes https://github.com/rsyslog/rsyslog/issues/1559
Closes https://github.com/rsyslog/rsyslog/issues/1584
Closes https://github.com/rsyslog/rsyslog/issues/1515
Closes https://github.com/rsyslog/rsyslog/issues/1052
May fix https://github.com/rsyslog/rsyslog/issues/1230
- imfile: improved handling of atomically renamed file (w/ wildcards)
if a file is atomically renamed, the state file is also being renamed,
so processing continues as if the original name were kept.
see also: https://github.com/rsyslog/rsyslog/issues/1417
- imfile: add capability to truncate oversize messages or split into multiple
also in this case an error message is emitted. Both of these actions are
configurable. This also solves memory issues when an endregex does not
match for prolonged time. In that case, large parts of the file were
previously buffered, which could cause big problems in case e.g. the
endregex was simply wrong and never matched. For the later, see also
https://github.com/rsyslog/rsyslog/issues/1552
- mmdblookup
* upgraded from "contrib" to "fully supported" state
* refactored and simplified code
* added ability to specify custom names for extracted fields
* added ability to spehttp://www.landesrecht-bw.de/jportal/portal/t/6el/page/bsbawueprod.psml/action/portlets.jw.MainAction?p1=0&eventSubmit_doNavigate=searchInSubtreeTOC&showdoccase=1&doc.hl=0&doc.id=jlr-UmwVwGBWrahmen&doc.part=R&toc.poskey=#focuspointcify container name for extracted fields
* bugfix: fixed multiple memory leaks
- imptcp: add new parameter "flowControl"
- imrelp: add "maxDataSize" config parameter
Thanks to Nathan Brown for the patch.
- multiple modules: gtls: improve error if certificate file can't be opened
- omsnare: allow different tab escapes
Thanks to Shane P. Lawrence for the patch.
- omelasticsearch: converted to use libfastjson instead of json-c
json-c was used for historical purposes, and it's source included
within the rsyslog source tree. We now use libfastjson inside all
components.
- imjournal: _PID fallback
* added fallback for _PID proprety when SYSLOG_PID is not available
* introduced new option "usepid" which sets which property should
rsyslog use, it has 3 states system|syslog|both, default is both
* deprecated "usepidfromsystem" option, still can be used
and override the "usepid"
* it is possible to revert previous default with usepid="syslog"
Thanks to Radovan Sroka for the patch
- multiple modules: add better error messages when regcomp is failing
- omhiredis: fix build warnings
Thanks to Brian Knox for the fix.
- imfile bugfix: files mv-ed in into directory were not handled
Thanks to Zachary M. Zhao for the patch.
see also https://github.com/rsyslog/rsyslog/issues/1588
- omprog bugfix: execve() incorrectly called
this caused failures on some but not all platforms
Thanks to 張君天(Chun-Tien Chang) and Matthew Seaman for the patch.
- imfile bugfix: multiline timeout did not work if state file exists
The timeout feature for multiline reads does not correctly work for
files for which a state file existed. This is usually the case for files
that had been processed by a previous run and that still exist on the
new start. For all other files, especially those monitored by a
wildcard and newly created after the rsyslog start, timeout worked as
expected.
closes https://github.com/rsyslog/rsyslog/issues/1445
- lmsig_ksi-ls12 bugfix: build problems on some platforms
- core bugfix: invalid object type assertion
This lead to aborts due to failing assertion. Note that this could only
happen during debugging runs which includes runtime instrumentation,
something that never should be done in a stable production build.
So this did not affect ordinary users, only developers in with
deep debugging settings.
- regression fix: local hostname was not always detected properly...
... on early start (w/o network). Introduced in 8.27.0.
Thanks to github user jvymazal for the patch and whissi for
reporting and helping with the analysis.
- bugfix: format security issues in zmq3 modules
see also: https://github.com/rsyslog/rsyslog/pull/1565
Thanks to Thomas D. (whissi) for the patch.
- bugfix build system: add libksi only to those binaries that need it
Thanks to Allan Park for the patch.
- bugfix KSI ls12 components: invalid tree height calculation
Thanks to Allan Park for the patch.
- testbench/CI enhancements
* re-enable and add kafka tests
Kafka tests were disabled in 8.27.0 (a regression from imkafka).
* better testbench coverage for mmdblookup
* lmsig_ksi-ls12 is now being built at least on Centos7
------------------------------------------------------------------------------
Version 8.27.0 [v8-stable] 2017-05-16
- imkafka: add module
- imptcp enhancements:
* optionally emit an error message if incoming messages are truncated
* optionally emit connection tracking message (on connection create and
close)
* add "maxFrameSize" parameter to specify the maximum size permitted
in octet-counted mode
* add parameter "discardTruncatedMsg" to permit truncation of
oversize messages
* improve octect-counted mode detection: if the octet count is larger
then the set frame size (or overly large in general), it is now
assumed that octet-stuffing mode is used. This probably solves a
number of issues seen in real deployments.
- imtcp enhancements:
* add parameter "discardTruncatedMsg" to permit truncation of
oversize messages
* add "maxFrameSize" parameter to specify the maximum size permitted
in octet-counted mode
- imfile bugfix: "file not found error" repeatedly being reported
for configured non-existing file. In polling mode, this message
appeared once in each polling cycle, causing a potentially very large
amout of error messages. Note that they were usually emitted too
infrequently to trigger the error message rate limiter, albeit often
enough to be a major annoance.
- imfile: in inotify mode, add error message if configured file cannot
be found
- imfile: add parameter "fileNotFoundError" to optinally disable
"file not found" error messages
- core: replaced gethostbyname() with getaddrinfo() call
Gethostbyname() is generally considered obsolete, is not reentrant and
cannot really work with IPv6. Changed the only place in rsyslog where
this call remained.
Thanks to github user jvymazal for the patch
- omkafka: add "origin" field to stats output
See also https://github.com/rsyslog/rsyslog/issues/1508
Thanks to Yury Bushmelev for providing the patch.
- imuxsock: rate-limiting also uses process name
both for the actual limit procesing as well as warning messages emitted
see also https://github.com/rsyslog/rsyslog/pull/1520
Thanks to github user jvymazal for the patch
- Added new module: KSI log signing ver. 1.2 (lmsig_ksi_ls12)
- rsylsog base functionality now builds on osx (Mac)
Thanks to github user hdatma for his help in getting this done.
- build now works on solaris again
- imfile: fix cross-platform build issue
see also https://github.com/rsyslog/rsyslog/issues/1494
Thanks to Felix Janda for bug report and solution suggestion.
- bugfix core: segfault when no parser could parse message
This could happen if the default parser chain was changed and the
RFC3164 parser was not included. Never seen in practice, just by
experimenting in lab.
- bugfix core: rate-limit internal messages when going to external log system
Rate-limiting was only applied to messages processed internally.
While the external logging system probably also applies rate-limiting,
it would be preferrable that rsyslog applies the same policies on
internal messages, no matter where they go. This is now the case.
- bugfix core: when obtaining local hostname, a NULL pointer could be
accessed. This depends on many factors, among them that no local host
name is configured in rsyslog.conf AND the local system configuration
also is set to an empty hostname.
Thanks to github user jvymazal for the patch.
- bugfix core: on shutdown, stderr was written to, even if already closed
This lead to messages going to whatever was associated with file
descriptor two.
Thanks to Allan Park for the patch.
- bugfix core: perform MainqObj destruction only when not NULL already
This affects the config object; in theory may lead to misadressing during
config parsing.
Thanks to github user jvymazal for the patch
- bugfix core: memory leak when internal messages not processed internally
In this case, the message object is not destructed, resulting in
a memory leak. Usually, this is no problem due to the low number
of internal message, but it can become an issue if a large number
of messages is emitted.
closes https://github.com/rsyslog/rsyslog/issues/1548
closes https://github.com/rsyslog/rsyslog/issues/1531
- bugfix imptcp: potential overflow in octet count computation
when a very large octet count was specified, the counter could overflow
------------------------------------------------------------------------------
Version 8.26.0 [v8-stable] 2017-04-04
- NEW BUILD REQUIREMENT: liblognorm 2.0.3 is required for mmnormalize
If mmnormalize is not built, the build requirements are unchanged.
The new version is necessary because it contains an enhanced API for a
new mmnormalize feature.
- enable internal error messages at all times
This is an important change to the design of the rsyslog core internal
error message system. Previous code could deadlock if internal messages were
issued inside queue processing code, which effectively limited error-reporting
capabilities. This change makes it possible to call error messages from any
part of the code at any time.
As a side-effect, this also fixes an issue where rsyslog could deadlock if
imuxsock submited messages to the system log socket when that socket blocked.
This was a rare race, albeit consistently reproducible and also seen in
practice. The work-around for this issue was to set
global(processInternalMessages="on")
in rsyslog.conf. With the new code, this race can never happen again. The new
code also sets stage for emitting better error messages, especially in places
where we previously refrained from doing so and messages went only to the
debug log. For some file output and queue subsytem related messages, this
is already done, but there is still further work required.
Note well: this is a redesign of an important core component. While intensely
tested, this may still have some larger regeression potential than usual code
changes.
- core: added logging name of source of rate-limited messages
This adds the name to the rate-limiting message itself, making it easier
to identify the actual source of "spam" messages.
Thanks to github user jvymazal for the patch.
- omfwd: omfwd: add support for network namespaces
Thanks to Bastian Stender for the patch.
- imrelp: honor input name if provided when submitting to impstats
Thanks to Jon Henry for the patch.
- imptcp: add ability to set owner/group/access perms for uds
Thanks to Nathan Brown for implementing this feature.
- mmnormalize: add ability to load a rulebase from action() parameter
This is especially useful for small rulebases, as it avoids having
a separate rulebase file.
closes https://github.com/rsyslog/rsyslog/issues/625
- pmrfc3164 improvements
- permit to ignore leading space in MSG
- permit to use at-sign in host names
- permit to require tag to end in colon
Thanks to github user bdolez for the contribution
- add new global parameter "umask"
This is equivalent to "$umask" and permits to convert that construct
to new-style config format.
closes https://github.com/rsyslog/rsyslog/issues/1382
- core: make use of -T command line option more secure
When the -T option is used, a chdir is now done right after chroot. It must
be noted, though, that -T is a testing option and has no intent to provide
real security. So this change does not mean it actually is sufficiently
secure.
Thanks to github user jvymazal for the patch.
- omfile: add error if both file and dynafile are set
- bugfix: build problem on MacOS (not a supported platform)
Thanks to FX Coudert for the fix.
- regression fix: in 8.25, str2num() returned error on empty string
past behaviour was to return 0 in this case; past behavior was reinstanciated
Thanks to github user jvymazal for the patch.
- bugfix omsnmp: improper handling of new-style configuration parameters
Thanks to Radovan Sroka for the patch.
- bugfix: rsyslog identifies itself as "liblogging-stdlog" in internal messages
This occured when liblogging-stdlog was used, and was used by default (without
explicit configuration). This is a regression of the new default, which does
not correctly call stdlog_open() in the default case.
closes https://github.com/rsyslog/rsyslog/issues/1442
- bugfix imfile: wrong files were monitored when using multiple imfile inputs
The bug was introduced by the changes for the multilevel wildcard feature
in 8.25.0. We have to handle FileCreate events different if the directory
watch is configured or added dynamically.
closes https://github.com/rsyslog/rsyslog/issues/1452
- bugfix: setting net.aclResolveHostname/net.acladdhostnameonfail segfaults
When compiling using hardned gcc (gentoo), specifying net.aclResolveHostname
or net.acladdhostnameonfail results in rsyslogd segfaulting on startup.
Thanks to Radovan Sroka for the patch.
- bugfix: immark emitted error messages with text "imuxsock"
Thanks to Chris Pilkington for the patch.
- bugfix tcpflood: build failed if RELP was disabled
- fix gcc6 compiler warnings
This also fixes a small bug with incorrectly working deprecated -u
command line option.
Thanks to Nikola Pajkovsky for the patch.
- the output module array passing interface has been removed
It wasn't functional since the v8 update, and the only user was omoracle,
which is a contributed module that is no longer maintained. So we
removed that interface to streamline the code. Should it ever be needed
again, we could check the 8.25 code base. Note, though, that that code
still needs to be adjusted to the v8 engine.
- testbench:
* tcpflood now automatically enters silent mode during Travis CI testing
This reduces testbench output, which is limited under Travis.
* the libqpid-proton package is no longer available for Ubuntu trusty. As
such, we disabled its use in Travis on this platform. Right now, this
means omaqp1 module is no longer tested on trusty.