Re: [rsyslog] rsyslog 8.2406.0 released
Hi Florian, the v8.2406.0 tarball appears to be missing at https://www.rsyslog.com/downloads/download-v8-stable/ Am Di., 2. Juli 2024 um 17:44 Uhr schrieb Florian Riedl via rsyslog : > > Hi all. > > We are happy to announce the release of rsyslog version 8.2406.0! > > This update enhances message reliability with PostgreSQL by retrying > deliveries on failures. Debugging TLS is now easier with more detailed > logs. You can also customize the default OpenSSL engine and test its > performance with a new script. > > We've fixed a longstanding issue with how quoted command line parameters > are handled, ensuring external programs receive them correctly. > Additionally, time-related bugs on 32-bit systems have been addressed. > > For a complete and detailed list of changes, please refer to the official > changelog. We encourage you to upgrade to rsyslog v8.2406.0 to benefit from > the improvements and the resolved issues. > > ChangeLog: > https://github.com/rsyslog/rsyslog/blob/v8-stable/ChangeLog > > Download: > https://www.rsyslog.com/downloads/download-v8-stable/ > > As always, feedback is appreciated. > > Florian > ___ > rsyslog mailing list > https://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T > LIKE THAT. ___ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] rsyslog 8.2404.0 released
Hi, the latest upload triggered this: https://buildd.debian.org/status/package.php?p=rsyslog any ideas? Am Di., 2. Apr. 2024 um 17:55 Uhr schrieb Florian Riedl via rsyslog : > > Hi all. > > We are happy to announce the release of rsyslog version 8.2404.0! > > This release focuses on improvements to the popular omhttp plugin and > includes several bug fixes to ensure smooth operation. > > The omhttp plugin, which allows you to send logs to HTTP endpoints, > receives a significant boost in functionality. New configuration > parameters provide greater control over retries, handling of specific > HTTP status codes, and proxy settings. You can now define timeouts for > REST paths, configure a list of retryable and ignorable status codes, > and even set up a proxy for outgoing connections. Additionally, omhttp > now captures more detailed statistics, including the number of > requests, their status codes, transferred bytes, and processing time. > > In terms of bug fixes, this release addresses a regression that > prevented TLS drivers from loading correctly under certain > circumstances. The mmdblookup module, used for geolocation lookups, is > now more resilient and will continue working even if it encounters an > incompatible IP lookup situation. Finally, the distributed tarball has > been corrected to include a missing file that was causing test > failures. > > For a complete list of changes, please refer to the official > changelog. We encourage you to upgrade to rsyslog v8.2404.0 to benefit > from the improved omhttp plugin and the resolved issues. > > ChangeLog: > > https://github.com/rsyslog/rsyslog/blob/v8-stable/ChangeLog > > Download: > > https://www.rsyslog.com/downloads/download-v8-stable/ > > As always, feedback is appreciated. > > Florian > ___ > rsyslog mailing list > https://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T > LIKE THAT. ___ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] [rsyslog/rsyslog-doc] documentation is hard to use and badly structured (#394)
Hi David, documentation is definitely a sore point of rsyslog (and most other opensource projects for that matter). Writing good documentation is hard. A notable exception I remember (even if its is obsolete by now), is upstart which shipped its upstart cookbook. The original documentation is unfortunately no longer available, only a wayback snapshot https://web.archive.org/web/20230322064449/https://upstart.ubuntu.com/cookbook/ I personally like this style of documentation. Am Do., 2. Nov. 2023 um 12:41 Uhr schrieb David Lang via rsyslog : > > We have received complaints about rsyslog documentation repeatedly, We have > a lot of detail, but it's all written for someone already fairly familiar > with things. > > Here is a 3am first pass from me at writing an overview of how rsyslog works, > with the idea that this could be made pretty with diagrams, click through > links > to more specific pages with detail, etc. > > I'm replying to the github issue to see if the user who complained about the > documentation and RainerScript would find this more useful, but also to > rsyslog-users to get feedback from others on this. > > some of the sections here should possibly be broken into sub-pages (some > sub-pages already exist that cover some of these and can/should be > simplified), > or it make make sense to have a simple version on an overview page with the > ability to click down for the gory details. > > David Lang > > > > Rsyslog architecture is very straightforward, but in it's simplicity it hides > a lot of flexibility. > > Rsyslog has one or more inputs that each receive one or more messages and > pass the batch of messages to a ruleset > >Each input runs the incoming log through a stack of possible parser modules > until it hits one that reports success in parsing the log (pointer to parser > module documentation and the default stack) > >Multiple inputs can feed to the same ruleset (by default, all inputs feed > to > the Default ruleset which uses the 'main' queue) [1] > > Worker threads pull batches of logs from a queue, then process the logs in the > batch using the statements in a ruleset > > Conceptually, it really is that trivial. As always, looking at details makes > it > seem more complicated. > > > > Rsyslog config file(s) > > Rsyslog reads in the config file and all included files and combines them > before > evaluating anything (see -o option for how files are combined), which file a > statement is in has no impact (other than as part of the ordering of > statements). >(insert link to Rainer's recent post on mis-use of config includes??) > > At startup time, Rsyslog evaluates the combined config and implements all > module > loading, input definition, template definitions and other global settings. > > All other statements get put into the default ruleset unless a ruleset is > specified. None of these statements are evaluated (beyond syntax checking) at > startup. > > The Rsyslog team believes very strongly in maintaining backwards compatibility > (a config that works should never break or change behavior when rsyslog is > updated to a new version) as such there are multiple ways of doing the same > thing, and some ways are no longer recommended. When you see that something > is depriciated, that means it is recommended not to use it in a new > configuration for confusion/feature reasons, not that it is scheduled to go > away/break in a new version. > > The config statments that existed prior to v6 of rsyslog were an evolution of > the syslog format from the 90's, doing complex things by setting a bunch of > values that then got used by later statements. By v5 of rsyslog, this was > resulting in such complex interactions that even core developers were having > trouble understanding what complex configs did. V6 introduced RainerScript, > which deliberately requires you to specify all options rather than > 'inheriting' > them from prior statements. This can be significantly more verbose as it > requires you to specify all options each time, but makes it much clearer > exactly > what is happening. There are times when the old syntax is shorter and more > obvious to use than the new syntax, and in those cases, it's recommended to > use > the old syntax. But if the old syntax requires multiple lines to do something, > you are probably better off using the new syntax. > > > > Rulesets are the heart of log processing, defining what happens with each log > message. The statements in a ruleset are evaluated for every log message as it > is processed. > > Rulesets and Actions can have a queue defined for them (insert link to queue > turn lane post, possibnly with updates). The 'default' ruleset uses the 'main' > queue. > > The contents of a ruleset are a series of statements, which can be: >1. call an action to use an output module > 1a. legacy formats: >/var/log/messages (write to a file) >@1.2.3.4 (send to a remote system via UDP >
Re: [rsyslog] [RFC] locking down rsyslog.service on Debian
Am Di., 10. Okt. 2023 um 22:17 Uhr schrieb David Lang : > > On Tue, 10 Oct 2023, Michael Biebl wrote: > > > Am Di., 10. Okt. 2023 um 21:49 Uhr schrieb David Lang : > >> > >> I see people putting things in /etc/rsyslog.d besides configs, so locking > >> down > >> /etc may trip them up. > > > > ProtectSystem=full will make /etc read-only. > > > > Do you have a use case in mind where rsyslog need to *write* to /etc ? > > > > Or am I missing something, i.e. what exactly do you mean by "things"? > > I've seen people thinking that /etc/rsyslog.d is a good place to use as a > workdir (state of imfile progress, spool files, etc) rather than just a place > to > have configs. > > It's a bad idea, but they see the include of *.conf that the distros tend to > use > and think that means that they can put other stuff there that's not *.conf and > it's a good idea. Thanks for the feedback! The (default) rsyslog config uses $WorkDirectory /var/spool/rsyslog I will add a note to NEWS.Debian, that if users overwrite this, they will need to adjust rsyslog.service accordingly (e.g. via drop-in snippet). Regards, Michael ___ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] [RFC] locking down rsyslog.service on Debian
Am Di., 10. Okt. 2023 um 21:49 Uhr schrieb David Lang : > > I see people putting things in /etc/rsyslog.d besides configs, so locking down > /etc may trip them up. ProtectSystem=full will make /etc read-only. Do you have a use case in mind where rsyslog need to *write* to /etc ? Or am I missing something, i.e. what exactly do you mean by "things"? ___ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] [RFC] locking down rsyslog.service on Debian
See the links for ProtectHome and ProtectSystem Am Di., 10. Okt. 2023 um 20:35 Uhr schrieb David Lang : > > what directories will rsyslog be able to access (both read and write) with > this > config? > > David Lang > > On Tue, 10 Oct 2023, Michael Biebl via rsyslog wrote: > > > Date: Tue, 10 Oct 2023 20:20:14 +0200 > > From: Michael Biebl via rsyslog > > To: rsyslog-users > > Cc: Michael Biebl > > Subject: [rsyslog] [RFC] locking down rsyslog.service on Debian > > > > Hi, > > > > Debian maintainer of rsyslog speaking. > > > > I intend to lock down rsyslog.service in Debian in one of the next > > uploads using the following systemd directives > > > > PrivateTmp=yes > > https://www.freedesktop.org/software/systemd/man/systemd.exec.html#PrivateTmp= > > > > PrivateDevices=yes > > https://www.freedesktop.org/software/systemd/man/systemd.exec.html#PrivateDevices= > > > > ProtectHome=yes > > https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectHome= > > > > ProtectSystem=full > > https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectSystem= > > > > ProtectKernelTunables=yes > > https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectKernelTunables= > > > > ProtectKernelModules=yes > > https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectKernelModules= > > > > ProtectClock=yes > > https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectClock= > > > > SystemCallFilter=@system-service > > https://www.freedesktop.org/software/systemd/man/systemd.exec.html#SystemCallFilter= > > > > CapabilityBoundingSet=CAP_BLOCK_SUSPEND CAP_CHOWN CAP_LEASE > > CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_SYS_ADMIN CAP_SYS_RESOURCE > > CAP_SYSLOG > > https://www.freedesktop.org/software/systemd/man/systemd.exec.html#CapabilityBoundingSet= > > > > The full rsyslog.service looks like this, in case you want to test it: > > ``` > > [Unit] > > Description=System Logging Service > > Requires=syslog.socket > > Documentation=man:rsyslogd(8) > > Documentation=man:rsyslog.conf(5) > > Documentation=https://www.rsyslog.com/doc/ > > > > [Service] > > Type=notify > > ExecStart=/usr/sbin/rsyslogd -n -iNONE > > StandardOutput=null > > Restart=on-failure > > > > # Increase the default a bit in order to allow many simultaneous > > # files to be monitored, we might need a lot of fds. > > LimitNOFILE=16384 > > > > PrivateTmp=yes > > PrivateDevices=yes > > ProtectHome=yes > > ProtectSystem=full > > ProtectKernelTunables=yes > > ProtectKernelModules=yes > > ProtectClock=yes > > SystemCallFilter=@system-service > > CapabilityBoundingSet=CAP_BLOCK_SUSPEND CAP_CHOWN CAP_LEASE > > CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_SYS_ADMIN CAP_SYS_RESOURCE > > CAP_SYSLOG > > > > [Install] > > WantedBy=multi-user.target > > Alias=syslog.service > > ``` > > > > While the attempt is to secure the default configuration of rsyslog, I > > do not want to restrict it so much that it becomes unusable. > > If you think, that one of those directives could cause issues with > > commonly used setups, please let me know, so I can adjust the > > configuration. > > > > Looking forward to your feedback. > > > > Michael > > ___ > > rsyslog mailing list > > https://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com/professional-services/ > > What's up with rsyslog? Follow https://twitter.com/rgerhards > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T > > LIKE THAT. > > ___ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
[rsyslog] [RFC] locking down rsyslog.service on Debian
Hi, Debian maintainer of rsyslog speaking. I intend to lock down rsyslog.service in Debian in one of the next uploads using the following systemd directives PrivateTmp=yes https://www.freedesktop.org/software/systemd/man/systemd.exec.html#PrivateTmp= PrivateDevices=yes https://www.freedesktop.org/software/systemd/man/systemd.exec.html#PrivateDevices= ProtectHome=yes https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectHome= ProtectSystem=full https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectSystem= ProtectKernelTunables=yes https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectKernelTunables= ProtectKernelModules=yes https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectKernelModules= ProtectClock=yes https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectClock= SystemCallFilter=@system-service https://www.freedesktop.org/software/systemd/man/systemd.exec.html#SystemCallFilter= CapabilityBoundingSet=CAP_BLOCK_SUSPEND CAP_CHOWN CAP_LEASE CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_SYS_ADMIN CAP_SYS_RESOURCE CAP_SYSLOG https://www.freedesktop.org/software/systemd/man/systemd.exec.html#CapabilityBoundingSet= The full rsyslog.service looks like this, in case you want to test it: ``` [Unit] Description=System Logging Service Requires=syslog.socket Documentation=man:rsyslogd(8) Documentation=man:rsyslog.conf(5) Documentation=https://www.rsyslog.com/doc/ [Service] Type=notify ExecStart=/usr/sbin/rsyslogd -n -iNONE StandardOutput=null Restart=on-failure # Increase the default a bit in order to allow many simultaneous # files to be monitored, we might need a lot of fds. LimitNOFILE=16384 PrivateTmp=yes PrivateDevices=yes ProtectHome=yes ProtectSystem=full ProtectKernelTunables=yes ProtectKernelModules=yes ProtectClock=yes SystemCallFilter=@system-service CapabilityBoundingSet=CAP_BLOCK_SUSPEND CAP_CHOWN CAP_LEASE CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_SYS_ADMIN CAP_SYS_RESOURCE CAP_SYSLOG [Install] WantedBy=multi-user.target Alias=syslog.service ``` While the attempt is to secure the default configuration of rsyslog, I do not want to restrict it so much that it becomes unusable. If you think, that one of those directives could cause issues with commonly used setups, please let me know, so I can adjust the configuration. Looking forward to your feedback. Michael ___ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] rsyslog 8.2112.0 released
tags for 8.2112.0 are also missing Am Do., 16. Dez. 2021 um 19:14 Uhr schrieb Michael Biebl : > > Is a git push missing? > github appears to be outdated. > > Am Do., 16. Dez. 2021 um 17:31 Uhr schrieb Florian Riedl via rsyslog > : > > > > Today, we release rsyslog 8.2112.0. > > > > This release mostly consists of bugfixes and smaller changes. For > > example, it is now possible in imtcp to set permittedPeers on input() > > level, omsnmp received an update to use current IP best practices and > > mmanon received improved anonymization. > > > > Other notable fixes were applied to ommysql, rulesets and a few more. > > > > Please make sure to read the changelog to get more details about the > > additions and an overview of all changes. > > > > ChangeLog: > > > > https://github.com/rsyslog/rsyslog/blob/v8-stable/ChangeLog > > > > Download: > > > > https://www.rsyslog.com/downloads/download-v8-stable/ > > > > As always, feedback is appreciated. > > > > Florian > > ___ > > rsyslog mailing list > > https://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com/professional-services/ > > What's up with rsyslog? Follow https://twitter.com/rgerhards > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T > > LIKE THAT. ___ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] rsyslog 8.2112.0 released
Is a git push missing? github appears to be outdated. Am Do., 16. Dez. 2021 um 17:31 Uhr schrieb Florian Riedl via rsyslog : > > Today, we release rsyslog 8.2112.0. > > This release mostly consists of bugfixes and smaller changes. For > example, it is now possible in imtcp to set permittedPeers on input() > level, omsnmp received an update to use current IP best practices and > mmanon received improved anonymization. > > Other notable fixes were applied to ommysql, rulesets and a few more. > > Please make sure to read the changelog to get more details about the > additions and an overview of all changes. > > ChangeLog: > > https://github.com/rsyslog/rsyslog/blob/v8-stable/ChangeLog > > Download: > > https://www.rsyslog.com/downloads/download-v8-stable/ > > As always, feedback is appreciated. > > Florian > ___ > rsyslog mailing list > https://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T > LIKE THAT. ___ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] rsyslog 8.2010.0 released
Also, the v8-stable branch appears to be outdated and the 8.2010.0 tag is missing. Am Di., 20. Okt. 2020 um 21:00 Uhr schrieb Michael Biebl : > > For any distro maintainers: The dist tarball is missing some files. > So if you run "make check" as part of your packaging process, have a look at > https://github.com/rsyslog/rsyslog/issues/4446 > > Am Di., 20. Okt. 2020 um 16:31 Uhr schrieb Florian Riedl via rsyslog > : > > > > Hi everyone. > > > > Today, we release rsyslog 8.2010.0. This release provides mostly > > bugfixes for rsyslog. > > > > Notable fixes and additions are: > > > > New module imhttp which allows to receive log data via HTTP > > fix for gnutls handshake error handling > > fix for a potential segfault on query of PROGRAMNAME property > > fix for potential hang when closing a gnutls session > > and many more > > > > Please make sure to read the changelog to get an overview of all changes. > > > > ChangeLog: > > https://github.com/rsyslog/rsyslog/blob/v8-stable/ChangeLog > > > > Download: > > https://www.rsyslog.com/downloads/download-v8-stable/ > > > > As always, feedback is appreciated. > > > > The Adiscon Team > > ___ > > rsyslog mailing list > > https://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com/professional-services/ > > What's up with rsyslog? Follow https://twitter.com/rgerhards > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T > > LIKE THAT. ___ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] rsyslog 8.2010.0 released
For any distro maintainers: The dist tarball is missing some files. So if you run "make check" as part of your packaging process, have a look at https://github.com/rsyslog/rsyslog/issues/4446 Am Di., 20. Okt. 2020 um 16:31 Uhr schrieb Florian Riedl via rsyslog : > > Hi everyone. > > Today, we release rsyslog 8.2010.0. This release provides mostly > bugfixes for rsyslog. > > Notable fixes and additions are: > > New module imhttp which allows to receive log data via HTTP > fix for gnutls handshake error handling > fix for a potential segfault on query of PROGRAMNAME property > fix for potential hang when closing a gnutls session > and many more > > Please make sure to read the changelog to get an overview of all changes. > > ChangeLog: > https://github.com/rsyslog/rsyslog/blob/v8-stable/ChangeLog > > Download: > https://www.rsyslog.com/downloads/download-v8-stable/ > > As always, feedback is appreciated. > > The Adiscon Team > ___ > rsyslog mailing list > https://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T > LIKE THAT. ___ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] Debian packages and what we can do better
Am Do., 4. Juli 2019 um 13:30 Uhr schrieb Peter Viskup via rsyslog : > The syslog infra is something which most of admins do not want to update on > daily basis. > I think this is not something we should expect from admins - and as you > see, it was just proven. Also some bugs might occur after a while. > Find it not appropriate to follow agile development principles on such > crucial subsystem as syslog still is. This is user's point of view. So if I understand you correctly you don't want the latest and greatest but you would actually prefer the version that is shipped in $stable and only apply targetted fixes? -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] Debian packages and what we can do better
Am Do., 4. Juli 2019 um 09:50 Uhr schrieb Peter Viskup : > > Hello Michael, > at first, thank you for your work done. > > Propose rsyslog-ossl (OpenSSL driver for TLS encryption) being built and put > into non-free if possible. Just to let people test or use it if they want. > The libssl-dev is listed in BuildDepends list. Are there other parts of > rsyslog which are dependent on OpenSSL libraries? These are not > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930816 I'm not sure, if using non-free for rsyslog-openssl is the solution here. Combining GPL and OpenSSL is a bit of an icky topic especially when dlopen comes into play. I'll need to get some help on this. Rest assured I have not forgotten about this. > Maybe backporting of some bugfixes for rsyslog in stable release should be > made. > At the moment the 8.24.0-1 in current stable means there were no changes from > original source. Due to rsyslog release policies bugfixes are primarily > included in new releases only. At least some important bug might be > backported in my opinion. I do provide backports for $stable-backports. See https://packages.debian.org/source/stretch-backports/rsyslog What's currently in testing I usually also upload to $stable-backports. You are indeed correct that I'm somewhat limited what I can upload to $stable by the stable release policies. Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
[rsyslog] Debian packages and what we can do better
Hi everyone, in case you don't know me, I'm the (official) maintainer of rsyslog in Debian. I put the official in parenthesis as I know there are deb packages as well provided by Adiscon directly. While I appreciate the service that is done by Rainer and his folks, I wonder if there is something we can improve on the Debian side. I try to keep the Debian packages up-to-date [1] as well as I can given the constraints that a distro like Debian has. Is there anything else that you are missing? Any recommendations how the Debian packages can be improved? I'm happy to receive feedback here. Just keep in mind, that I have to balance here, that rsyslog is installed on basically everyone's (Debian) system. Regards, Michael [1] https://tracker.debian.org/pkg/rsyslog -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] 8.1905.0 Logging Stops
Am Di., 11. Juni 2019 um 19:26 Uhr schrieb Rainer Gerhards via rsyslog : > > El mar., 11 jun. 2019 a las 19:23, Heaton, Tobias > () escribió: > > > > Rainer, > > > > I traced my steps and allowed rsyslog to run for 45 minutes without seeing > > a failure. > > > > The debug puts considerable strain on the system, so much so that the log > > timestamps started drifting. I was seeing logs stamped at 13:18 EST at > > 13:31EST actual time. > > > > Furthermore the debug log is nearly 70GB, closing in on the available disk > > space. > > > > Is there anything else I can try to help troubleshoot this problem? > > Not really. Maybe the first 12 GiB actually contain info that get's us > a bit closer. So if you could share that, it would be useful. We can > fine-tune the debug output, but as we have not the slightest idea of > what may be the root cause that's no option. > If the problem is reliably reproducible (which seems to be on affected systems), maybe a git bisect would actually be the quickest way to find the commit causing this. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] rsyslog version numbering change
Am Sa., 15. Dez. 2018 um 15:02 Uhr schrieb Michael Biebl : > > Am Sa., 15. Dez. 2018 um 13:20 Uhr schrieb Rainer Gerhards > : > > Any concerns please let me know. > > Maybe interesting to you https://joeyh.name/blog/entry/version_numbers/ > > This would translate to 8.MMDD in your case. > > Has the additional benefit, that should you decide to re-architect > rsyslog in a significant way, you can use > 9.MMDD > > If there is such a potential significant change in the future, there > is some value to it, if a user can quickly see this. One other benefit of keeping the 8. prefix would be, that should you ever decide to change the versioning scheme again, you haven't burned all version numbers up to 2018. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] rsyslog version numbering change
Am Sa., 15. Dez. 2018 um 13:20 Uhr schrieb Rainer Gerhards : > Any concerns please let me know. Maybe interesting to you https://joeyh.name/blog/entry/version_numbers/ This would translate to 8.MMDD in your case. Has the additional benefit, that should you decide to re-architect rsyslog in a significant way, you can use 9.MMDD If there is such a potential significant change in the future, there is some value to it, if a user can quickly see this. Regards, Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] Rsyslog Debian repository - outdated
I've uploaded 8.39.0 to stretch-backports. It should be available at your mirrors soon. Am Mi., 5. Dez. 2018 um 13:51 Uhr schrieb sophie.loewenthal--- via rsyslog : > > > -Original Message- > > Sent: Wednesday, December 05, 2018 1:50 PM > > To: rsyslog-users > > > > Hi, > > > > The last version for the Debian repository was for Wheezy with > > rsyslog_8.27.0- > > 1_amd64.deb Is there a Debian 9 repository with rsyslog 8.3.9? > > > > https://www.rsyslog.com/debian-repository/ > > > > Note that v 8.3.8 is available in Stretch backports, but it does mean that I > cannot have the latest, bar compiling it myself. > This message and any attachments (the "message") is > intended solely for the intended addressees and is confidential. > If you receive this message in error,or are not the intended recipient(s), > please delete it and any copies from your systems and immediately notify > the sender. Any unauthorized view, use that does not comply with its purpose, > dissemination or disclosure, either whole or partial, is prohibited. Since > the internet > cannot guarantee the integrity of this message which may not be reliable, BNP > PARIBAS > (and its subsidiaries) shall not be liable for the message if modified, > changed or falsified. > Do not print this message unless it is necessary, consider the environment. > > -- > > Ce message et toutes les pieces jointes (ci-apres le "message") > sont etablis a l'intention exclusive de ses destinataires et sont > confidentiels. > Si vous recevez ce message par erreur ou s'il ne vous est pas destine, > merci de le detruire ainsi que toute copie de votre systeme et d'en avertir > immediatement l'expediteur. Toute lecture non autorisee, toute utilisation de > ce message qui n'est pas conforme a sa destination, toute diffusion ou toute > publication, totale ou partielle, est interdite. L'Internet ne permettant pas > d'assurer > l'integrite de ce message electronique susceptible d'alteration, BNP Paribas > (et ses filiales) decline(nt) toute responsabilite au titre de ce message > dans l'hypothese > ou il aurait ete modifie, deforme ou falsifie. > N'imprimez ce message que si necessaire, pensez a l'environnement. > > ___ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T > LIKE THAT. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] issues in rsyslog-8.36.0 with systemd service file
2018-09-02 17:14 GMT+02:00 Chris Richmond : > > It took forever to figure out what was going on, but I could tell from the > systemctl (and the actual things being logged) that > the daemon was coming up just fine and systemd was the thing having the > problem. In the end I googled for the processes > state (loaded active waiting) and came up with the thing that fixed the > issue, which was changing the Type from =notify to =Simple Type=notify is correct for rsyslog and the preferred mode. Unless you built rsyslog without systemd support, which might be the case for you, since you said you built it from sources. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
[rsyslog] environment variable TZ is not set, auto correcting this to TZ=/etc/localtime [v8.36.0 try http://www.rsyslog.com/e/2442 ]
Since some time now, I'm getting this warning message in my log files. /etc/localtime is properly set up. Why does rsyslog complain so loudly, that the TZ env var is not set? This seems to be the common case, that TZ is not set. Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] librelp 1.2.16 released
2018-05-16 14:38 GMT+02:00 Rainer Gerhards: > As a side-note, I would like to change that behaviour for rsyslog at > least, trying to select ports dynamically. That would potentially > introduce a noticable speedup. But unfortunately there is so much too > do... > > I think I remember there was a way to tell autoconf to run the tests > in a given series, but I could not find the info when I just searched. > Do you happen to know (the link)? Not off-hand. What I did for the time being is to tell debhelper to run the checks without parallelism: https://salsa.debian.org/debian/librelp/commit/ede9a6837cefd195315bb0044f49cb0c3cbce9eb -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] librelp 1.2.16 released
2018-05-15 21:52 GMT+02:00 Michael Biebl <mbi...@gmail.com>: > When running "make check" directly, the test-suite succeeds. > Very strange... > > Does anyone have an idea? Figured it out. dpkg-buildpackage (or rather dh) by default uses j = num_cores and it seems "make check" is not really designed to call the tests in parallel (as they bind to the same port I guess). ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] librelp 1.2.16 released
I have some strange issues when trying the run the test-suite for librelp 1.2.16. make[3]: Verzeichnis „/home/michael/debian/build-area/librelp-1.2.16/tests“ wird verlassen make check-TESTS make[4]: Verzeichnis „/home/michael/debian/build-area/librelp-1.2.16/tests“ wird betreten FAIL: basic.sh make[4]: Verzeichnis „/home/michael/debian/build-area/librelp-1.2.16/tests“ wird verlassen make[4]: Verzeichnis „/home/michael/debian/build-area/librelp-1.2.16/tests“ wird betreten PASS: tls-wrong-authname.sh make[4]: Verzeichnis „/home/michael/debian/build-area/librelp-1.2.16/tests“ wird verlassen make[4]: Verzeichnis „/home/michael/debian/build-area/librelp-1.2.16/tests“ wird betreten PASS: tls-missing-param-sender.sh make[4]: Verzeichnis „/home/michael/debian/build-area/librelp-1.2.16/tests“ wird verlassen make[4]: Verzeichnis „/home/michael/debian/build-area/librelp-1.2.16/tests“ wird betreten PASS: tls-missing-param-receiver.sh make[4]: Verzeichnis „/home/michael/debian/build-area/librelp-1.2.16/tests“ wird verlassen make[4]: Verzeichnis „/home/michael/debian/build-area/librelp-1.2.16/tests“ wird betreten FAIL: tls-basic-anon.sh make[4]: Verzeichnis „/home/michael/debian/build-area/librelp-1.2.16/tests“ wird verlassen make[4]: Verzeichnis „/home/michael/debian/build-area/librelp-1.2.16/tests“ wird betreten FAIL: tls-wrong-permittedPeer.sh make[4]: Verzeichnis „/home/michael/debian/build-area/librelp-1.2.16/tests“ wird verlassen make[4]: Verzeichnis „/home/michael/debian/build-area/librelp-1.2.16/tests“ wird betreten FAIL: tls-basic.sh make[4]: Verzeichnis „/home/michael/debian/build-area/librelp-1.2.16/tests“ wird verlassen make[4]: Verzeichnis „/home/michael/debian/build-area/librelp-1.2.16/tests“ wird betreten FAIL: long-msg.sh make[4]: Verzeichnis „/home/michael/debian/build-area/librelp-1.2.16/tests“ wird verlassen make[4]: Verzeichnis „/home/michael/debian/build-area/librelp-1.2.16/tests“ wird betreten PASS: tls-basic-vg.sh make[4]: Verzeichnis „/home/michael/debian/build-area/librelp-1.2.16/tests“ wird verlassen make[4]: Verzeichnis „/home/michael/debian/build-area/librelp-1.2.16/tests“ wird betreten FAIL: oversize-msg-abort-errmsg.sh make[4]: Verzeichnis „/home/michael/debian/build-area/librelp-1.2.16/tests“ wird verlassen make[4]: Verzeichnis „/home/michael/debian/build-area/librelp-1.2.16/tests“ wird betreten FAIL: oversize-msg-accept-errmsg.sh make[4]: Verzeichnis „/home/michael/debian/build-area/librelp-1.2.16/tests“ wird verlassen make[4]: Verzeichnis „/home/michael/debian/build-area/librelp-1.2.16/tests“ wird betreten FAIL: truncate-oversize-msg.sh make[4]: Verzeichnis „/home/michael/debian/build-area/librelp-1.2.16/tests“ wird verlassen make[4]: Verzeichnis „/home/michael/debian/build-area/librelp-1.2.16/tests“ wird betreten == librelp 1.2.16: tests/test-suite.log == # TOTAL: 12 # PASS: 4 # SKIP: 0 # XFAIL: 0 # FAIL: 8 # XPASS: 0 # ERROR: 0 Looking a bit into the log file, it seems the tests fail with an error like this: Test: ./tls-basic.sh Starting Receiver... got receive pid 5295 startup wait 0 receive: error 'error while binding relp tcp socket on port '30514'', object 'lstn 30514' double free or corruption (fasttop) This is when trying to build the Debian package using dpkg-buildpackage. When running "make check" directly, the test-suite succeeds. Very strange... Does anyone have an idea? 2018-05-14 12:56 GMT+02:00 Florian Riedl: > Hi all, > > we have now released librelp 1.2.16. > > This new release of librelp provides API changes that allow better > handling of oversize messages, as well as defining the listener > interface. In addition, a few bugfixes for memory leaks and several > minor issues are included. > > More detailed information is available in the Changelog. > > Changelog and Download: > http://www.librelp.com/2018/05/librelp-1216.html > > Best regards, > Florian Riedl > ___ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T > LIKE THAT. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
Re: [rsyslog] rsyslog 8.33.0 (v8-stable) released
2018-03-04 13:09 GMT+01:00 Rainer Gerhards: > http://build.rsyslog.com/download/rsyslog-8.33.1.tar.gz > > I would appreciate if some could try it out and report back. The > tarball will disappear from above URL some time after the official > version is out. looks ok and builds fine on Debian. ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] Workaround for lack of pid file in upstream rsyslog 8.33.0 packages
2018-02-23 18:37 GMT+01:00 Adam Chalkley: > I don't know about other distros, but on Ubuntu and CentOS 7 after installing > the 8.33.0 package our systems quit saving log messages locally as soon as > the next morning's logrotate cron jobs ran. The problem is that the upstream > packages were not updated to include a new logrotate conf that works around > the change in behavior with the systemd unit file of not creating a pid file. > > See these GitHub issues for additional information: > > https://github.com/rsyslog/rsyslog-pkg-ubuntu/issues/74 > https://github.com/rsyslog/rsyslog-pkg-rhel-centos/issues/42 > https://github.com/rsyslog/rsyslog/issues/2143 > > The workaround for our environment was to create a drop-in to restore the > previous behavior of creating a pid file: > Or you could have fixed the logrotate config to use postrotate systemctl kill -s HUP rsyslog.service endscript That seems like the cleaner solution Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] Debian Packages with recent rsyslog
Hi Rainer 2018-01-31 18:49 GMT+01:00 Rainer Gerhards: > Hi all, > > by popular request: > >http://blog.gerhards.net/2018/01/experimental-debian-rsyslog-packages.html > > Feedback is appreciated. Just wanted to add, that for Debian 9.0 (stretch), I usually provide backports via the debian-backports archive. See https://qa.debian.org/madison.php?package=rsyslog I no longer provide backports of recent versions for Debian 8.0 (jessie) though. So thanks for that. I assume you had to backport various build dependencies for Debian 8.0? -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] rsyslog 8.31.0 (v8-stable) released
Please be aware that the test-suite now requires python to run due to rscript_parse_time.sh which uses ./tests/rscript_parse_time_get-ts.py Regards, Michael 2017-11-28 13:00 GMT+01:00 Florian Riedl: > Hi all, > > Today, we release rsyslog 8.31. This is probably one of the biggest > releases in the past couple of years. While it also offers great new > functionality, what really important about it is the focus on further > improved software quality. For a more detailed description, please > read Rainer’s blog post. Detailed information about the huge list of > changes is available in the changelog. > > http://blog.gerhards.net/2017/11/rsyslog-831-important-release.html > > The packages have received some notable changes as well. First off, we > were able to implement the Redis output module as a separate package > on Ubuntu 14.04 and newer. Also there was a dependency change for the > ommongo module, thus it is now only available on Ubuntu 16.04 or > newer, but not on CentOS/RHEL anymore. Platform restrictions are > unavoidable right now due to dependency availability. > > ChangeLog: > > https://github.com/rsyslog/rsyslog/blob/v8-stable/ChangeLog > > Download: > > http://www.rsyslog.com/downloads/download-v8-stable/ > > As always, feedback is appreciated. > > Best regards, > Florian Riedl > ___ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T > LIKE THAT. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
[rsyslog] libfastjson 0.99.6 changes not pushed to github
Hi, I notice that there has been a 0.99.6 release of libfastjson, yet the corresponsing changes have not been pushed and there is no 0.99.6 tag in Git. Regards, Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] configure / make flags for directory prefix
2017-05-05 16:18 GMT+02:00 Brian Knox via rsyslog: > I'm working on an fpm-cookery recipe ( https://github.com/bernd/fpm-cookery ) > for building rsyslog, and running into issues getting rsyslog to honor > prefix variables. I'm stuck in that any combination of --prefix vars I use, > rsyslog is trying to place rsyslog.service in /lib/systemd/rsyslog.service. > > Is there a way to get this file to go into another location, or disable > installing the systemd service file altogether? > --with-systemdsystemeunitir= doesn't seem to be respected. Looks like a typo. The correct configure switch is --with-systemdsystemunitdir= and this works fine: --with-systemdsystemunitdir=no disables the installation of the .service file --with-systemdsystemunitdir=/foo/bar/baz/ installs the service file as /foo/bar/baz/rsyslog.service -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] Feedback request: minimal log shipper project
2016-11-22 18:14 GMT+01:00 David Lang: > On Tue, 22 Nov 2016, Rainer Gerhards wrote: > >> The current packages are very granular. You don't gain much by >> re-packaging, at least this is what I think. If I am wrong, I am all >> ears, as it should be fairly easy to change that at least for the >> project-provided packages. > > > The reasons I'm thinking of a diffeent package are: > > 1. compile out everything possible (let it use the rsyslog packages if the > rsyslog package is included and the config is changed to need them) I think most distros already split out the modules. See the various binary packages in Debian for example: https://tracker.debian.org/pkg/rsyslog So the core rsyslog package is already pretty lean (dependency and footprint wise) > 2. change the default config file to something other than /etc/rsyslog.conf > > 3. include a very different default config file > > 4. changed binary name (something like logsend instead of rsyslogd) > I had requests in the past in Debian, to split out the default logging rules into something like /etc/rsyslog.d/50-default.conf. The default /etc/rsyslog.conf would then mostly be about sourcing additional config from /etc/rsyslog.d/ -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] Feedback request: minimal log shipper project
2016-11-22 16:35 GMT+01:00 David Lang: > As per a discussion here a couple months ago, adding imjournal more than > doubles the memory footprint of a running rsyslog instance, even if it's not > used. Do you have reference to that discussion. I can't imagine that simply compiling in support for imjournal doubles the memory footprint of rsyslog and you will actually have to load the module. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] liblognorm 2.0.0 released
2016-07-25 14:16 GMT+02:00 Rainer Gerhards: > All, > > I am exploring an option which might enable us to keep the old API > interface in liblognorm, which would make the benefits of v2 available > to some apps that insist on the old APIs for the time being. I > probably need a day or two to explore that and will hold the new > release until then. > > Given the fact that I have not yet seen any packages turn up, I think > we could go back to the old soname. Or should we consider this as > "game over"? Strictly speaking, you bump the soname when the ABI changes in an incompatible way. Also there aren't that many reverse dependencies of liblognorm afaics (Debian lists two: rsyslog and sagan), so please take that into account before you invest too much time on that. Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] liblognorm 2.0.0 released
Hi 2016-07-22 19:13 GMT+02:00 Rainer Gerhards: > Maybe I accidently clicked close. I didn't see it as well before cutting > the release. Will check as soon as possible. Created https://github.com/rsyslog/liblognorm/pull/216 and https://github.com/rsyslog/liblognorm/pull/215 Please review and if possible make a new release with those fixes. Regards, Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] liblognorm 2.0.0 released
2016-07-22 18:55 GMT+02:00 Champ Clark III: > Correct. I submitted this a while back: > > https://github.com/rsyslog/liblognorm/issues/204 Didn't see this, because it was closed for some reason. I've already filed https://github.com/rsyslog/liblognorm/issues/214 in the mean time. Regards, Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] liblognorm 2.0.0 released
This breaks the build of e.g. sagan: make[2]: Entering directory '/tmp/sagan-1.0.1/src' gcc -DHAVE_CONFIG_H -I. -I.. -I.. -I/usr/include/libfastjson-g -O2 -MT sagan-sagan-config.o -MD -MP -MF .deps/sagan-sagan-config.Tpo -c -o sagan-sagan-config.o `test -f 'sagan-config.c' || echo './'`sagan-config.c In file included from /usr/include/string.h:630:0, from sagan-config.c:40: /usr/include/liblognorm.h:262:8: error: expected identifier or '(' before '__extension__' char * strndup(const char *s, size_t n); ^ Makefile:588: recipe for target 'sagan-sagan-config.o' failed make[2]: *** [sagan-sagan-config.o] Error 1 make[2]: Leaving directory '/tmp/sagan-1.0.1/src' Makefile:390: recipe for target 'all-recursive' failed make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory '/tmp/sagan-1.0.1' Makefile:331: recipe for target 'all' failed make: *** [all] Error 2 -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] liblognorm 2.0.0 released
Hm, why has lognorm.h the following #ifndef HAVE_STRNDUP char * strndup(const char *s, size_t n); #endif That should not be part of the public API 2016-07-22 15:07 GMT+02:00 Florian Riedl: > Hi all, > > We have just released liblognorm 2.0.0. This new version was > completely rewritten and is much feature-enhanced. Also it requires > libfastjson instead of json-c. See the Changelog for details. > > Changelog: > > Version 2.0.0, 2016-07-21 > - completely rewritten, much feature-enhanced version > - requires libfastjson instead of json-c > - big improvements to testbench runs, especially on travis > among others, the static analyzer is now run and testbench throws > an error if the static analyzer (via clang) is not clean > - lognormalizer tool can now handle lines larger 10k characters > Thanks to Janmejay Singh for the patch > > Download: > http://www.liblognorm.com/download/liblognorm-2-0-0/ > > As always, feedback is appreciated. > > Best regards, > Florian Riedl > ___ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T > LIKE THAT. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] libfastjson 0.99.3 released
2016-07-12 23:12 GMT+02:00 David Lang <da...@lang.hm>: > On Tue, 12 Jul 2016, Michael Biebl wrote: > >> Fwiw, this is the first release I felt comfortable enough uploading to >> Debian unstable. >> It just hit the archive a few hours ago: >> https://tracker.debian.org/pkg/libfastjson >> >> I hope we don't break the API that much anymore before 1.0.0. >> >> I'm now waiting for a liblognorm 1.1.4 release which compiles against >> libfastjson 0.99.3. > > > My understanding is that we are going to get liblognorm 2 this cycle (after > being delayed for the last couple of cycles) > Ok, so what's the plan here? Which liblognorm version should I pick? At least they currently released version doesn't compile against the latest libfastjson release (which is not a surprise, after the API rework, which I'm thankful for). Regards, Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] libfastjson 0.99.3 released
Hi, 2016-07-11 17:52 GMT+02:00 Florian Riedl: > Hi all, > > We have released libfastjson 0.99.3. Is there a timeframe for a new liblognorm release which compiles against this version of libfastjson? Regards, Michael ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] Does rsyslog really need to start after basic.target on systemd ?
2016-04-02 9:14 GMT+02:00 Francis Moreau: > On Fri, Apr 1, 2016 at 10:50 PM, David Lang wrote: >> On Fri, 1 Apr 2016, fmoreau wrote: >> >>> Hi, >>> >>> This question was already asked in the past, see: >>> http://permalink.gmane.org/gmane.comp.sysutils.rsyslog/9864 >>> >>> But IMHO the answers given weren't satisfactory. So I'm asking again. >>> >>> If there's no reason and rsyslog only needs the local fs to be settled >>> then >>> it should be started earlier to avoid missing some early messages sent by >>> systemd. >> >> >> The trouble is that it depends a lot on exactly what you have rsyslog >> configured to do. Since rsyslog can send logs over the network, to >> databases, etc, there are potentially a lot of thigns that need to be >> started first. > > But shouldn't rsyslog be prepared to handle these cases where network > isn't yet ready and should start sending logs over the network as soon > as the network becomes available for example ? network is just one. logging to databases another. Those typically have complexer requirements and aren't started in early boot. As a distro we don't really know, what kind of configuration our users will use, so we typically pick a safe default. If you want to tweak your rsyslog.service locally to start earlier during boot, considering all the circumstances, then this should be fine. I don't think it's something which should be shipped upstream or by distros though. Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] ppa:adiscon/v8-stable ==> 404
2016-04-01 14:33 GMT+02:00 Rainer Gerhards <rgerha...@hq.adiscon.com>: > 2016-03-31 18:38 GMT+02:00 Michael Biebl <mbi...@gmail.com>: >> This affects the packages in sid as well, which are currently stuck at >> 8.16.0. >> One aspect I particularly don't like about the libfastjson/json-c fork >> is, that the old namespace was kept. >> This can become tricky once libjson-c and libfastjson are loaded into >> the same process space. This can lead to unexpected behaviour. Obviously, this only poses a problem if the ABI changes in incompatible ways, like the type signature of a function. > You are absolutely right, I did not completely think this through and > screwed up in this regard. I need to move json-c compatibility to > source level (via CPP macros), if at all required. Changing the native > API from json_* to fjson_* is on my todo list, and probably it's a > good time to initiate this now. Either we rename it, or we promise to never break ABI compatibility with json-c. The former is more work initially, but gives you more freedom going onwards. The latter is possible too, see libjpeg (from IJG) and libjpeg-turbo. But it needs very careful maintenance of the library. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] ppa:adiscon/v8-stable ==> 404
2016-03-31 18:11 GMT+02:00 David Lang: > One category of things is just the latest version of everything as it's > released (and/or the nightly versions). This is not expected to be in the > official Debian repo (although I could see each release going into Sid as a > possibility) Fwiw, I've published newer versions of rsyslog via backports.debian.org in the past and I plan to do so in the futuren. The current version there is 8.16.0 (currently stuck in the NEW queue [1]), it should reach the backports archive soonish. Newer versions are more problematic, due to their dependency on libfastjson. [1] https://ftp-master.debian.org/new/rsyslog_8.16.0-1~bpo8+1.html -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] ppa:adiscon/v8-stable ==> 404
2016-03-31 13:20 GMT+02:00 Ciprian Hacman: > Hi Florian, > > We figured out that this was an error on our part. Sorry for that. > > One of our customers is trying to install Rsyslog on Debian Jessie, but > seems that is not possible at the moment. The only Rsyslog repo is for > Wheezy. Any plans to build Rsyslog for Jessie? What exactly are you missing from the existing, official rsyslog package in Debian? -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] advance notice for 8.16.0 release
2016-01-25 10:00 GMT+01:00 Rainer Gerhards: > Hi all, > > please note that the (candidate) tarball for tomorrow's release is now > available at > >http://www.rsyslog.com/files/download/rsyslog/rsyslog-8.16.0.tar.gz > > If you build packages, it would be nice if you could pick it up and see if > it works for you. Any bug reports received within the next 24hrs could > probably be solved in the actual release. > > Note that we do not yet require libfastjson but strongly recommend it. > 8.17.0 will finally require it. While I can understand the motivation, I do fear that ultimately you, Rainer, take on another responsibility, i.e. maintaining another library. And resources are already stretched very thin. This is my main concern of introducing yet another dependency. Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] hardening rsyslog using systemd features
2016-01-31 11:42 GMT+01:00 Thomas D.: > On Gentoo we ship a default rsyslog configuration which will create an > additional imuxsock (/var/empty/dev/log). Our default sshd requires the > additional socket (used by the logging extension from the HPN patchset). > > Wouldn't PrivateDevices=yes break our setup? I don't think it should. But should be easy to verify, right :-) -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] hardening rsyslog using systemd features
2016-01-30 2:56 GMT+01:00 David Lang: >> PrivateTmp=yes > > > what use of /tmp does rsyslog make? If none, can we just block access rather > than going to all the effort of creating a custom version? > > This can also affect things that rsyslog runs through omprog/etc. so > documentation is needed. programs spawned by omprog would have access to the rsyslog tmpdir, so that shouldn't be an issue. The only problem I can see is, if you setup an external component to e.g. log to /tmp/file and then let imfile read from that. rsyslog wouldn't have access to /tmp/file in that case. Do people do that in practice? > Along similar lines, if rsyslog isn't creating /dev/log, can access to > devices be disabled (PrivateDevices)? Hm, that should indeed work, thanks for the hint. I think we should be able to safely switch on PrivateDevices=yes -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] hardening rsyslog using systemd features
Ok, so with the feedback provided so far, restricting the capabilities could lead to unexpected breakage when using one of the more "flexible" plugins like omprog. I would therefore suggest the following three as a start: > [Service] > ProtectSystem=full > ProtectHome=yes > PrivateTmp=yes I think we can safely assume that rsyslog does not need to write to /usr, /home and doesn't need /tmp as IPC with external processes. Rainer, can you apply those changes upstream or do you want me to create a PR for that? -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] hardening rsyslog using systemd features
2016-01-27 23:37 GMT+01:00 Peter Portante: >> As I can't look into the future, I'm just talking about the status-quo >> in Debian: >> We do install rsyslog by default in our current stable release >> (Jessie, aka 8.0) and that's still the case for testing/unstable. >> journald is setup to forward messages to rsyslog (aka. push model) > > > We use imjournal in fedora, rhel, centos, with systemd listening for logs > on /dev/log and then rsyslog pulling them. imjournal only works halfway decently if you have a persistent journal. As I mentioned, we don't use persistent journal in Debian (for one, to avoid writing log messages to disk twice). imjournal did also have quite some serious bugs in the past (like getting stuck in a loop generating a flood of log messages filling up the disk). So I'm not yet comfortable enabling that. Especially since there is no official *upstream* support for imjournal. I also wonder, what the performance overhead is for imjournal. I suspect that the throughput using ForwardToSyslog=yes is higher. If anyone has benchmarks for that, I'd appreciate that. Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] hardening rsyslog using systemd features
2016-01-27 18:04 GMT+01:00 Thomas D.: > I am wondering if any major distribution with systemd will install > rsyslog per default or if they use systemd instead. So rsyslog will only > be installed if you require a special setup, not? And if you require a > special setup I am not sure if we can provide a well working hardened > configuration for most users. As I can't look into the future, I'm just talking about the status-quo in Debian: We do install rsyslog by default in our current stable release (Jessie, aka 8.0) and that's still the case for testing/unstable. journald is setup to forward messages to rsyslog (aka. push model) and only logs to volatile memory (Storage=volatile [¹]). We might change that eventually, but atm journal still seems not mature enough for me to enable that by default only. > But we can always provide an example in /usr/share... so users can copy > this file to override the default unit. That's really a nice feature in > systemd. I'd like to ship a default rsyslog configuration which is more restrictive. Not as example, but as default. My train of thought here is that advanced users with special needs, will have to configure rsyslog anyway, including the default systemd service file. But that depends on your feedback. If you think this is a bad idea, just let me know. Michael [1] http://www.freedesktop.org/software/systemd/man/journald.conf.html#Storage= -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] hardening rsyslog using systemd features
Another reason, why we don't use imjournal by default yet in Debian: I want a configuration which I can ship on all our architectures, including non-Linux/non-systemd. That's not possible if it involves imjournal. At least I don't know how. 2016-01-28 0:06 GMT+01:00 Michael Biebl <mbi...@gmail.com>: > 2016-01-27 23:37 GMT+01:00 Peter Portante <peter.a.porta...@gmail.com>: >>> As I can't look into the future, I'm just talking about the status-quo >>> in Debian: >>> We do install rsyslog by default in our current stable release >>> (Jessie, aka 8.0) and that's still the case for testing/unstable. >>> journald is setup to forward messages to rsyslog (aka. push model) >> >> >> We use imjournal in fedora, rhel, centos, with systemd listening for logs >> on /dev/log and then rsyslog pulling them. > > imjournal only works halfway decently if you have a persistent > journal. As I mentioned, we don't use persistent journal in Debian > (for one, to avoid writing log messages to disk twice). > > imjournal did also have quite some serious bugs in the past (like > getting stuck in a loop generating a flood of log messages filling up > the disk). So I'm not yet comfortable enabling that. Especially since > there is no official *upstream* support for imjournal. > > I also wonder, what the performance overhead is for imjournal. I > suspect that the throughput using > ForwardToSyslog=yes is higher. If anyone has benchmarks for that, I'd > appreciate that. > > Michael > > > -- > Why is it that all of the instruments seeking intelligent life in the > universe are pointed away from Earth? -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] hardening rsyslog using systemd features
2016-01-27 16:13 GMT+01:00 David Lang <da...@lang.hm>: > On Wed, 27 Jan 2016, Michael Biebl wrote: >> [Service] >> ProtectSystem=full > > > what does this do? http://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectSystem= >> ProtectHome=yes http://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectHome= >> PrivateTmp=yes http://www.freedesktop.org/software/systemd/man/systemd.exec.html#PrivateTmp= > If these prevent writes (or reads) to home directories or tmp, they should > be ok most of the time. But rsyslog has lots of features that pull in files > or output to arbitrary places configured by the admin. If you do something > like this, please add comments in the defau;t rsyslog.conf file (and > seriously think of adding them to a customized config file) warning the > admin that if they need to access X they will need to change the systemd > config file. > > We have enough trouble with SELinux and AppArmor already. > >> CapabilityBoundingSet=CAP_SYSLOG CAP_NET_BIND_SERVICE >> >> What potentially could cause problems is the limitation of the >> capabilties via CapabilityBoundingSet [1]. >> Does anyone know, what capabilities [2] rsyslog needs beyond >> CAP_SYSLOG and CAP_NET_BIND_SERVICE if you want to make use of all its >> features? > > > mmexternal, omprog, output channels can run arbitrary programs on the > system, so yes, full use of features could require anything :-) Hm, true. But that's a very specialised setup. I wonder whether it makes sense to concentrate on the common case and include some NEWS entry telling people how they could turn those restrictions off. > mmnormalize commonly pulls in rulesets from whereever the admin set them up > > lookup tables can read in data from files wherever the admin sets them up. > These are designed to be updated by other programs and re-loaded into > rsyslog on the fly (triggered by a specific log message) > > If you are going to start playing around with capabilities, then set the > capability to let rsyslog bind to a low port without being root and set the > permissions on the log directories appropriately and run rsyslog as non-root > (not privdrop to non-root, non-root from the beginning) I was under the impression, that running under a different uid/gid was still problematic. Taking away capabilities via the systemd directives looked like a good middle ground to me. > Bupass mode: > > journald doesn't grab /dev/log, allowing rsyslog to get the data > directly from the app. This allows rsyslog to grab the metadata directly That's already possible today. I thought I already posted how to do this, but apparently I didn't > JSON delivery: > > carry a patch to journald to have it deliver logs to rsyslog with > metadata in JSON (note that LP has said that he will refuse to accept a > patch that does this, so it's something the distros will have to carry. I > have this bookmarked on my office machine and can forward the link later > today) I'm concerned shipping such a patch downstream and deviating from upstream. > I would also point out the issue of journald grabbing audit logs and the > flood of messages that creates. It's a good option to have, but there needs > to be an easy to find option to disable it, especially since traditionally > this has not been part of the log flow and is high volume. I think this can be disabled via audit=0 on he kernel command line. But I might be misunderstanding you. >> Are other distros interested in shipping such a more restrictive >> configuration? > > > I don't run anything in production with systemd yet, but since Ubuntu 16.04 > is going to include it, I was expecting to have to fight some of this and > can do tests on my laptops with these options. I'd be very interested in further feedback, before turning this on. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] hardening rsyslog using systemd features
2016-01-27 16:40 GMT+01:00 Peter Portante: > Have you talked to the Fedora folks about these changes as well? These > seem pretty interesting and worth while. Nope. I was assuming the Fedora maintainers read this mailing list as well. So I didn't want to cross-post this. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
[rsyslog] hardening rsyslog using systemd features
Hi everyone, I'd like to make use of some of the systemd hardening features [0] in the Debian rsyslog package. I eventually want those changes to go upstream though, so I'm asking for feedback here. This is what I currently have in mind: [Service] ProtectSystem=full ProtectHome=yes PrivateTmp=yes CapabilityBoundingSet=CAP_SYSLOG CAP_NET_BIND_SERVICE What potentially could cause problems is the limitation of the capabilties via CapabilityBoundingSet [1]. Does anyone know, what capabilities [2] rsyslog needs beyond CAP_SYSLOG and CAP_NET_BIND_SERVICE if you want to make use of all its features? Are other distros interested in shipping such a more restrictive configuration? Regards, Michael [0] http://0pointer.de/blog/projects/security.html [1] http://www.freedesktop.org/software/systemd/man/systemd.exec.html#CapabilityBoundingSet= [2] http://man7.org/linux/man-pages/man7/capabilities.7.html -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] advance notice for 8.16.0 release
2016-01-25 21:38 GMT+01:00 David Lang: > Thomas, does the debian infrastructure understand vX-pre or vX-alpha or > something like that as being a special case to sort before vX in it's > version comparisons? I seem to remember seeing some discussion of such a > feature. The ~ is what you want in this case. 8.16.0~rc1 will sort before 8.16.0 -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] release cycle - was: rsyslog 8.15.0 (v8-stable) released
I think Davids idea makes a lot of sense. If a bug is detected 2 days before the next release, it makes no sense to do a .1 release. If we discover an important bug directly after a release, I don't see a good reason *not* do a followup .1 release. That doesn't mean we have to switch back to "as-needed" release schedule for new major releases. Regards, Michael 2015-12-18 16:39 GMT+01:00 David Lang <da...@lang.hm>: > On Fri, 18 Dec 2015, Rainer Gerhards wrote: > >> Date: Fri, 18 Dec 2015 14:46:34 +0100 >> From: Rainer Gerhards <rgerha...@hq.adiscon.com> >> Reply-To: rsyslog-users <rsyslog@lists.adiscon.com> >> To: rsyslog-users <rsyslog@lists.adiscon.com> >> Subject: [rsyslog] release cycle - was: rsyslog 8.15.0 (v8-stable) >> released >> >> >> 2015-12-17 22:52 GMT+01:00 Michael Biebl <mbi...@gmail.com>: >>> >>> 2015-12-17 16:51 GMT+01:00 Rainer Gerhards <rgerha...@hq.adiscon.com>: >>>> >>>> 2015-12-17 16:47 GMT+01:00 Thomas D. <whi...@whissi.de>: >>>>> >>>>> Hi, >>>>> >>>>> I agree with Michael. >>>>> >>>>> While I understand Rainers concerns in general this is different: For >>>>> you there are only test files missing. But for distributions there is >>>>> no >>>>> working v8.15 release (tests are really important for us). >>>> >>>> >>>> Can't you apply a patch? I remeber well in that long discussion over a >>>> year ago that you were on of the strong proponents of "it's easy to >>>> patch if something is a small nit"? >>>> >>>> I just want to understand that change of position, if it is one. >>> >>> >>> We run the test-suite as part of the Debian build (that's why I >>> noticed the failure). So this is a serious issue for the Debian build. >>> But sure, if it's too much of a hassle, I'll just add the missing >>> files as a downstream patch. >> >> >> I agree that it would be almost no work for me to do a re-release. >> It's more a policy argument. Let me explain, especially as I consider >> changing policy: >> >> Up until ~15 month ago, we released when there was need to. Need was >> defined as >> >> - important enough (set of bugfixes) >> - new functionality >> >> This resulted in various releases. We had the stable/devel releases. >> Stable releases were rare, devel frequent. >> >> Now, we have scheduled releases. Actually, a release is triggered when >> we hit a certain calender date, irrelevant of whether or not there is >> need to release (there is always one or two minor fixes, so we will >> probably never exprience a totally blank release). We also have >> switched to stable releases only, and done so without grief (basically >> because a) we have improved testing and b) users didn't use devel at >> all). >> >> I just dug into the old discussion. A good entry point is probably >> this here, where we talk about patches: >> >> http://lists.adiscon.net/pipermail/rsyslog/2014-October/038796.html >> >> The new system works reasonably well. It has it's quircks, though. >> Let's look at a concrete example: >> >> 8.14.0, to me, was an absolutely horrible release. The worst we have >> done in the past 2 to 3 years. I worked hard on fixing some real bad >> race issues with JSON variables. Friday before the release I was ready >> to release that work, which would be really useful for folks that make >> heavy use of those variables. Then, over the weekend and Monday, it >> turned out that we may get unwanted regressions that weren't detected >> earlier (NO testbench can mimic a heavy-used production system, so >> let's not get into "we need better tests" blurb). The end result was >> that I pulled the plug on release day, and what we finally released >> was 8.13.0 plus a few small things. All problems with variables >> persisted. If I had have half a week to a week (don't remember >> exactly) more, we could have done a real release instead of the 8.13 >> re-incarnation. But, hey, we run on a schedule. >> >> Now 8.15.0 fixes these problems (except for the json-c induced >> segfault, which we cannot fix in rsyslog). I also has all other "8.14" >> enhancements and fixes and so is actually worth 3 month of work. It is >> a *very heavy* release. Usually, I'd never released such a fat release >> shortly before the holiday period. Not that I distrust it, and we
Re: [rsyslog] rsyslog 8.15.0 (v8-stable) released
Hi Rainer 2015-12-17 15:30 GMT+01:00 Rainer Gerhards: > This happens under travis and so is run for each commit. This should > avoid any such problems in the future. In fact, it worked so well that > it detected one more missing file ;) Do you think you could release a 8.15.1 with the missing files included? -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] rsyslog 8.15.0 (v8-stable) released
The test-suite fails here: make[5]: *** No rule to make target 'json_null_array.sh', needed by 'json_null_array.sh.log'. Schluss. Looks like a file is missing (once again) from the dist tarball, like in https://github.com/rsyslog/rsyslog/issues/484 Regards, Michael 2015-12-15 18:08 GMT+01:00 Florian Riedl: > Hi all, > > We have released rsyslog 8.15.0. > > This release sports a lot of changes. Among the changes are a lot of > bugfixes, changes to the KSI support, pmciscoios, omkafka, 0mq modules, > omelasticsearch and many more. > > We have also release librelp 1.2.9, which has received some fixes as well. > > Packages for both releases will be made available as soon as possible. > To get a full overview over the changes, please take a look at the > Changelog. > > ChangeLog: > > http://www.rsyslog.com/changelog-for-8-15-0-v8-stable/ > > Download: > > http://www.rsyslog.com/downloads/download-v8-stable/ > > As always, feedback is appreciated. > > Best regards, > Florian Riedl > ___ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T > LIKE THAT. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] rsyslog 8.11.0 (v8-stable) released
Hi! The doc download link seems to be broken / the tarball missing http://www.rsyslog.com/files/download/rsyslog/rsyslog-doc-8.11.0.tar.gz only gives a 404 2015-06-30 17:24 GMT+02:00 Florian Riedl fri...@adiscon.com: Hi all, We have released rsyslog 8.11.0. This release now provides a new signature provider for Keyless Signature Infrastructure (KSI) as well as quite a few fixes for imfile, omkafka, the build system and others. ChangeLog: http://www.rsyslog.com/changelog-for-8-11-0-v8-stable/ Download: http://www.rsyslog.com/downloads/download-v8-stable/ As always, feedback is appreciated. Best regards, Florian Riedl ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] rsyslog 8.10.0 (v8-stable) released
The test-suite does not pass: make[5]: *** No rule to make target 'rulesetmultiqueue.sh', needed by 'rulesetmultiqueue.sh.log'. Schluss. make[5]: Leaving directory '/home/michael/debian/build-area/rsyslog-8.10.0/tests' Makefile:1554: recipe for target 'check-TESTS' failed Looks like the file rulesetmultiqueue.sh is missing from the dist-tarball. Someone didn't run make distcheck it seems :-) 2015-05-19 17:35 GMT+02:00 Florian Riedl fri...@adiscon.com: Hi all, We have released rsyslog 8.10.0. This provides a number of new features and fixes in several modules, like imfile, zmq and others. It also adds a new contributed module omhttpfs for writing to HDFS via HTTP. ChangeLog: http://www.rsyslog.com/changelog-for-8-10-0-v8-stable/ Download: http://www.rsyslog.com/downloads/download-v8-stable/ As always, feedback is appreciated. Best regards, Florian Riedl ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] build dependency issue not detected by configure
It looks like Thomas fix is not sufficient. If you build from the tarball twice in a row, i.e. ./configure make make clean ./configure make the build will fail, if flex/bison is not around. This is due to ./grammar/grammar.[ch] beeing removed on make clean 2015-04-23 0:13 GMT+02:00 Thomas D. whi...@whissi.de: Hi, Rainer Gerhards wrote: This sounds like it doesn't break *my* scripts. Not sure about others. This won't break anything. Only environments which don't satisfy our build requirements. For example, I had to update .travis.xml, because rst2man was missing on Travis, too :) If it doesn't introduce any problems, it's probably a good way to go. Otherwise I would strongly opt for b). Flex/Bison always has been a hard requirement from my PoV. Are you willing to craft a patch? PR: https://github.com/rsyslog/rsyslog/pull/309 -Thomas ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] build dependency issue not detected by configure
Why don't we just make flex/bison a hard dependency? 2015-05-19 20:59 GMT+02:00 Thomas D. whi...@whissi.de: Hi, Michael wrote: It looks like Thomas fix is not sufficient. If you build from the tarball twice in a row, i.e. ./configure make make clean ./configure make the build will fail, if flex/bison is not around. This is due to ./grammar/grammar.[ch] beeing removed on make clean Mh, yes. I did not check for this test case (cleaning from release tarball). I would suggest that make clean should not remove any pre-generated files if configure detected that we are running from release tarball. Any objections? -Thomas ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] build dependency issue not detected by configure
2015-05-19 20:59 GMT+02:00 Thomas D. whi...@whissi.de: Michael wrote: It looks like Thomas fix is not sufficient. If you build from the tarball twice in a row, i.e. ./configure make make clean ./configure make the build will fail, if flex/bison is not around. This is due to ./grammar/grammar.[ch] beeing removed on make clean Mh, yes. I did not check for this test case (cleaning from release tarball). I would suggest that make clean should not remove any pre-generated files if configure detected that we are running from release tarball. Any objections? That's hard to detect. E.g. I commit the release tarballs to git and build the packages from there. So the test for .git is not a sufficient indication if yacc/flex will be needed or not. What I do notice though, is that we have CLEANFILES = grammar.h grammar.c but we do not cleanup lexer.c. We should either do it for both, or none, I think. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] make dist: file name is too long (max 99); not dumped
2015-04-21 17:43 GMT+02:00 Thomas D. whi...@whissi.de: 1) Files should be renamed so we don't violate tar's specs [1] Or we use a modern format like posix, which doesn't have the 99 char limit. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] rsyslog 8.9.0 (v8-stable) released
2015-04-09 16:14 GMT+02:00 Thomas D. whi...@whissi.de: Hi, On 2015-04-07 16:35, Florian Riedl wrote: We have released rsyslog 8.9.0. This is primarily a bug-fixing release with a couple of improvements in omprog, imuxsock and the zero message queue plugins. Good job! Looks like a very good release. It has passed all our tests on different hardware/configuration so far on Gentoo (including the gzipwr* tests on i386). Interesting. See my earlier reply about 8.9.0 failing on i386 [1]. Looks like the test-suite is still a bit flaky and fails at random. [1] https://buildd.debian.org/status/package.php?p=rsyslogsuite=experimental -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] rsyslog 8.9.0 (v8-stable) released
2015-04-07 16:35 GMT+02:00 Florian Riedl fri...@adiscon.com: Hi all, We have released rsyslog 8.9.0. New test-suite results are in: https://buildd.debian.org/status/package.php?p=rsyslogsuite=experimental The failure on i386 is new (again). -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] rsyslog and GnuTLS
I don't quite understand your question, but installing rsyslog-gnutls under Debian wheezy, will provide you with the necessary module to setup secure remote logging using GnuTLS. 2015-03-27 19:22 GMT+01:00 jonetsu jone...@teksavvy.com: Hello, What would be the earliest rsyslog release to support secure remote syslogging using GnuTLS ? I have a 'old' version here, 5.8.11 that has a rsyslog-gnutls component, although I wonder: 1) If this could be a 'Debian thing', if the same approach of having this rsyslog-gnutls component still in effect today ? If there is a new design, or any other significant change, which earliest version could be used to upgrade, while having GnuTLS secure connections ? Regards. ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] failing test-suite for 8.8.8
2015-03-25 19:08 GMT+01:00 Michael Biebl mbi...@gmail.com: https://buildd.debian.org/status/package.php?p=rsyslogsuite=experimental looks better now. Still a few test-suite failures, especially on kfreebsd-*, but I guess we're getting there. The test-suite failure on mips is new: TEST: [imptcp_large.sh]: test imptcp with large-size messages rsyslogd started with pid 20162 starting run 1 Sending 2 messages. *** buffer overflow detected ***: ./tcpflood terminated ./diag.sh: line 180: 20174 Aborted (core dumped) ./tcpflood -c5 -m2 -r -d1 -P12 -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] failing test-suite for 8.8.8
2015-03-20 4:04 GMT+01:00 Michael Biebl mbi...@gmail.com: Sorry, currently busy with other stuff. Will see, that I can apply the patch to the Debian package soonish. https://buildd.debian.org/status/package.php?p=rsyslogsuite=experimental looks better now. Still a few test-suite failures, especially on kfreebsd-*, but I guess we're getting there. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] failing test-suite for 8.8.8
Sorry, currently busy with other stuff. Will see, that I can apply the patch to the Debian package soonish. Btw, it's the first time, that I heard of the amd686 or x386 architecture :-) 2015-03-17 11:58 GMT+01:00 Rainer Gerhards rgerha...@hq.adiscon.com: 2015-03-17 9:45 GMT+01:00 Rainer Gerhards rgerha...@hq.adiscon.com: 2015-03-16 20:01 GMT+01:00 Michael Biebl mbi...@gmail.com: 2015-03-16 14:06 GMT+01:00 Rainer Gerhards rgerha...@hq.adiscon.com: 2015-03-16 9:50 GMT+01:00 Rainer Gerhards rgerha...@hq.adiscon.com: I think I get closer to a solutions. Looks like an long long int vs. int64_t issue. I'll probably craft a small patch to test it out, which would address at least most cases that failed. If that works out, there is more to fix. Patch hopefully upcoming soon, but I thought I let you know in advance. Michael, as usual, the root cause is dumb, once you know it. Could you please apply this patch: https://github.com/rgerhards/rsyslog/commit/3b7bd0b7a7f0f5f1bf7609bdf34e7d9a32608ea6.patch and re-initiate the build. It should at least reduce the number of problems (there may be others, I haven't tried to identify that as a lot of the problems seem to be related to that patch). Thanks, Rainer ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] need explicitely enable valgrind for testbench use?
2015-03-17 19:37 GMT+01:00 Thomas D. whi...@whissi.de: Hi, David wrote: In the valgrind case, this shouldn't be a binary option, it needs to be trinary. OFF don't use, even if it is there AUTO use if it's there ON don't compile if it isn't there AUTO is something *every* package maintainer wants to avoid/disable. :) I wouldn't put it like that. Ideally, you have --enable-feature=enable|disable|auto Having auto-detection as default is fine, but having an explicit --enable which errors out hard the dependency is missing is good, so is an explicit --disable switch, which ensures you don't accidentally pick up new depedencies in a dirty build environment. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] failing test-suite for 8.8.8
2015-03-16 14:06 GMT+01:00 Rainer Gerhards rgerha...@hq.adiscon.com: 2015-03-16 9:50 GMT+01:00 Rainer Gerhards rgerha...@hq.adiscon.com: I think I get closer to a solutions. Looks like an long long int vs. int64_t issue. I'll probably craft a small patch to test it out, which would address at least most cases that failed. If that works out, there is more to fix. Patch hopefully upcoming soon, but I thought I let you know in advance. It looks a bit crazy, not yet found the root cause. But the good thing is that I can reproduce it on Debian 7.8 32 bit. So I can now test myself... Thanks Rainer! If the test-suite results for the various architectures are useful, I'll keep them enabled. Cheers, Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] failing test-suite for 8.8.8
2015-03-11 14:01 GMT+01:00 Michael Biebl mbi...@gmail.com: New results are in If you go to https://buildd.debian.org/status/package.php?p=rsyslogsuite=experimental, and click on Build-Attempted in the Status column, it will open the full log file. Rainer, do the log messages help? Any thoughts yet, what's causing the test-suite failures? Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] liblognorm 1.1.1 doesn't work with rsyslog
I do hope, the Debian packages were updated accordingly, i.e. if there is a soname bump, you name it liblognorm2. So if you rebuild rsyslog against liblognorm-dev 1.1.1, it would get a dependency on liblognorm2. This way, it's ensured that you can't end up with broken packages. 2015-03-12 14:55 GMT+01:00 Tomas Heinrich thein...@redhat.com: On 03/12/15 13:07, Thomas D. wrote: Rainer Gerhards wrote: that probably has to do with the fact that we fixed the library versioning. I admit we did it wrongly so far, so I have little experience with the proper way and its implications. I guess, we need to rebuild the rsyslog packages. Will initiate that. Right, you must rebuild against the the SO name version you are using. Yes, that needs to be done every time the value of first-digit-minus-third-digit of the soname changes. Don't forget to require liblognorm-1.1.1 in your packages if you build them against liblognorm-1.1.1 because if you link against liblognorm-1.1.1 you can't use previous versions anymore (or you have to rebuild...). Actually, at least for RPM, that is not necessary, generally speaking. During the build, dependency on a specific soname is automatically recorded in the depending package: $ rpm -qR rsyslog-mmnormalize | grep liblognorm liblognorm.so.2()(64bit) Upstream tracker shows[0] that 1.1.1 is backwards compatible to 1.1.0, so unless you need the symbols that were added in 1.1.1, versioning the dependency in the package shouldn't be required. (And looking at the actual soname - 2:0:0 - since the age part wasn't incremented, the library will be considered as not backwards compatible and the requirement has to be placed on the newest version.) Tomas http://upstream.rosalinux.ru/versions/liblognorm.html ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] liblognorm 1.1.1 doesn't work with rsyslog
An more advice: Please always consider running lintian on the final package. This would have caught simple errors like this one: $ lintian liblognorm1_1.1.1-0adiscon1trusty1_amd64.deb W: liblognorm1: package-name-doesnt-match-sonames liblognorm2 E: liblognorm1: symbols-file-contains-current-version-with-debian-revision on symbol descent_parser_data_constructor@Base and 73 others It looks, like the symbols file isn't properly maintained either. 2015-03-12 15:10 GMT+01:00 Michael Biebl mbi...@gmail.com: Apparently, the liblognorm soname bump wasn't properly handled packaging wise looking at https://launchpad.net/~adiscon/+archive/ubuntu/v8-stable/+packages Packaging (and maintaining) libraries takes special effort to be done properly. Please have a look at https://www.debian.org/doc/debian-policy/ch-sharedlibs.html https://www.debian.org/doc/manuals/maint-guide/advanced.en.html https://www.netfort.gr.jp/~dancer/column/libpkg-guide/libpkg-guide.html 2015-03-12 15:05 GMT+01:00 Michael Biebl mbi...@gmail.com: I do hope, the Debian packages were updated accordingly, i.e. if there is a soname bump, you name it liblognorm2. So if you rebuild rsyslog against liblognorm-dev 1.1.1, it would get a dependency on liblognorm2. This way, it's ensured that you can't end up with broken packages. 2015-03-12 14:55 GMT+01:00 Tomas Heinrich thein...@redhat.com: On 03/12/15 13:07, Thomas D. wrote: Rainer Gerhards wrote: that probably has to do with the fact that we fixed the library versioning. I admit we did it wrongly so far, so I have little experience with the proper way and its implications. I guess, we need to rebuild the rsyslog packages. Will initiate that. Right, you must rebuild against the the SO name version you are using. Yes, that needs to be done every time the value of first-digit-minus-third-digit of the soname changes. Don't forget to require liblognorm-1.1.1 in your packages if you build them against liblognorm-1.1.1 because if you link against liblognorm-1.1.1 you can't use previous versions anymore (or you have to rebuild...). Actually, at least for RPM, that is not necessary, generally speaking. During the build, dependency on a specific soname is automatically recorded in the depending package: $ rpm -qR rsyslog-mmnormalize | grep liblognorm liblognorm.so.2()(64bit) Upstream tracker shows[0] that 1.1.1 is backwards compatible to 1.1.0, so unless you need the symbols that were added in 1.1.1, versioning the dependency in the package shouldn't be required. (And looking at the actual soname - 2:0:0 - since the age part wasn't incremented, the library will be considered as not backwards compatible and the requirement has to be placed on the newest version.) Tomas http://upstream.rosalinux.ru/versions/liblognorm.html ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] liblognorm 1.1.1 doesn't work with rsyslog
2015-03-12 15:49 GMT+01:00 Florian Riedl fri...@adiscon.com: Interesting. I am currently taking a look at this. As far as I understood then, the current packages for RHEL/CentOS should be ok, but those for Debian and Ubuntu are not. Is this correct so far? Since I don't have experience with RPM packaging, take my reply with a grain of salt: RPM library package names are usually unversioned and the dependencies are calculated automatically based on the soname. If you want more fine-grained dependency information (say symbol foo was introduced in version 1.2.3), you need symbols versioning [1], for this to work properly in RPM Michael [1] https://sourceware.org/binutils/docs/ld/VERSION.html -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] liblognorm 1.1.1 doesn't work with rsyslog
Apparently, the liblognorm soname bump wasn't properly handled packaging wise looking at https://launchpad.net/~adiscon/+archive/ubuntu/v8-stable/+packages Packaging (and maintaining) libraries takes special effort to be done properly. Please have a look at https://www.debian.org/doc/debian-policy/ch-sharedlibs.html https://www.debian.org/doc/manuals/maint-guide/advanced.en.html https://www.netfort.gr.jp/~dancer/column/libpkg-guide/libpkg-guide.html 2015-03-12 15:05 GMT+01:00 Michael Biebl mbi...@gmail.com: I do hope, the Debian packages were updated accordingly, i.e. if there is a soname bump, you name it liblognorm2. So if you rebuild rsyslog against liblognorm-dev 1.1.1, it would get a dependency on liblognorm2. This way, it's ensured that you can't end up with broken packages. 2015-03-12 14:55 GMT+01:00 Tomas Heinrich thein...@redhat.com: On 03/12/15 13:07, Thomas D. wrote: Rainer Gerhards wrote: that probably has to do with the fact that we fixed the library versioning. I admit we did it wrongly so far, so I have little experience with the proper way and its implications. I guess, we need to rebuild the rsyslog packages. Will initiate that. Right, you must rebuild against the the SO name version you are using. Yes, that needs to be done every time the value of first-digit-minus-third-digit of the soname changes. Don't forget to require liblognorm-1.1.1 in your packages if you build them against liblognorm-1.1.1 because if you link against liblognorm-1.1.1 you can't use previous versions anymore (or you have to rebuild...). Actually, at least for RPM, that is not necessary, generally speaking. During the build, dependency on a specific soname is automatically recorded in the depending package: $ rpm -qR rsyslog-mmnormalize | grep liblognorm liblognorm.so.2()(64bit) Upstream tracker shows[0] that 1.1.1 is backwards compatible to 1.1.0, so unless you need the symbols that were added in 1.1.1, versioning the dependency in the package shouldn't be required. (And looking at the actual soname - 2:0:0 - since the age part wasn't incremented, the library will be considered as not backwards compatible and the requirement has to be placed on the newest version.) Tomas http://upstream.rosalinux.ru/versions/liblognorm.html ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] failing test-suite for 8.8.8
2015-03-11 7:51 GMT+01:00 Rainer Gerhards rgerha...@hq.adiscon.com: 2015-03-11 0:48 GMT+01:00 Michael Biebl mbi...@gmail.com: FYI: After addressing the .rulesbase files and -lgcrypt linkage issue, I've uploaded the package to the Debian buildd network. The current state can be seen at https://buildd.debian.org/status/package.php?p=rsyslogsuite=experimental Looks like there is some work left to do:-) Is there any way to get hold of the contents of test-suite.log, so that we know what failed? Unfortunately, the buildd's don't keep the files, which are produced during the build, around after a failed build. Only whats printed to stdout/stderr is stored in a build log which can be accessed. I'll make another upload, which dumps the tests/test-suite.log to stdout in case the test suite fails. Results will be available today. Cheers, Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] failing test-suite for 8.8.8
2015-03-11 12:11 GMT+01:00 Michael Biebl mbi...@gmail.com: I'll make another upload, which dumps the tests/test-suite.log to stdout in case the test suite fails. New results are in If you go to https://buildd.debian.org/status/package.php?p=rsyslogsuite=experimental, and click on Build-Attempted in the Status column, it will open the full log file. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] failing test-suite for 8.8.8
2015-03-10 20:39 GMT+01:00 Michael Biebl mbi...@gmail.com: I want to start enabling and running the test bench as part of the regular debian build starting with 8.8.0. Another problem: The test-suite requires gcrypt, but configure doesn't check for it. There the build fails when trying to link the tcpflood test binary: make[3]: Entering directory '/tmp/buildd/rsyslog-8.8.0/tests' CC ourtail.o CCLD ourtail CC nettester.o CC getline.o CCLD nettester CC tcpflood-tcpflood.o tcpflood.c:153:1: warning: 'gnutls_certificate_credentials' is deprecated [-Wdeprecated-declarations] static gnutls_certificate_credentials tlscred; ^ tcpflood.c: In function 'initTLSSess': tcpflood.c:806:41: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast] gnutls_transport_set_ptr(sessArray[i], (gnutls_transport_ptr_t) sockArray[i]); ^ CCLD tcpflood /usr/bin/ld: cannot find -lgcrypt collect2: error: ld returned 1 exit status Makefile:1391: recipe for target 'tcpflood' failed make[3]: *** [tcpflood] Error 1 make[3]: Leaving directory '/tmp/buildd/rsyslog-8.8.0/tests' Makefile:2932: recipe for target 'check-am' failed make[2]: *** [check-am] Error 2 make[2]: Leaving directory '/tmp/buildd/rsyslog-8.8.0/tests' Makefile:919: recipe for target 'check-recursive' failed make[1]: *** [check-recursive] Error 1 make[1]: Leaving directory '/tmp/buildd/rsyslog-8.8.0' dh_auto_test: make -j1 check returned exit code 2 debian/rules:9: recipe for target 'build' failed make: *** [build] Error 2 dpkg-buildpackage: error: debian/rules build gave error exit status 2 E: Failed autobuilding of package -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] failing test-suite for 8.8.8
2015-03-10 21:08 GMT+01:00 Michael Biebl mbi...@gmail.com: 2015-03-10 20:39 GMT+01:00 Michael Biebl mbi...@gmail.com: I want to start enabling and running the test bench as part of the regular debian build starting with 8.8.0. Another problem: The test-suite requires gcrypt, but configure doesn't check for it. There the build fails when trying to link the tcpflood test binary: tcpflood_SOURCES = tcpflood.c tcpflood_CPPFLAGS = $(PTHREADS_CFLAGS) $(GNUTLS_CFLAGS) tcpflood_LDADD = $(SOL_LIBS) $(PTHREADS_LIBS) $(GNUTLS_LIBS) if ENABLE_GNUTLS tcpflood_LDADD += -lgcrypt endif That looks broken. ENABLE_GNUTLS doesn't imply that gcrypt is available and/or required. I see that tests/tcpflood.c has #ifdef ENABLE_GNUTLS # include gnutls/gnutls.h # if GNUTLS_VERSION_NUMBER = 0x020b00 # include gcrypt.h GCRY_THREAD_OPTION_PTHREAD_IMPL; # endif #endif Maybe it would be simpler to just require a recent enough version of gnutls? -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] failing test-suite for 8.8.8
2015-03-10 21:35 GMT+01:00 Michael Biebl mbi...@gmail.com: tcpflood_SOURCES = tcpflood.c tcpflood_CPPFLAGS = $(PTHREADS_CFLAGS) $(GNUTLS_CFLAGS) tcpflood_LDADD = $(SOL_LIBS) $(PTHREADS_LIBS) $(GNUTLS_LIBS) if ENABLE_GNUTLS tcpflood_LDADD += -lgcrypt endif That looks broken. ENABLE_GNUTLS doesn't imply that gcrypt is available and/or required. I see that tests/tcpflood.c has #ifdef ENABLE_GNUTLS # include gnutls/gnutls.h # if GNUTLS_VERSION_NUMBER = 0x020b00 # include gcrypt.h GCRY_THREAD_OPTION_PTHREAD_IMPL; # endif #endif Maybe it would be simpler to just require a recent enough version of gnutls? Also, other users of gnutls, e.g. runtime/nsd_gtls.c, also have similar includes #include gnutls/gnutls.h #include gnutls/x509.h #if GNUTLS_VERSION_NUMBER = 0x020b00 # include gcrypt.h #endif yet, there is no explicit linking against -lgcrypt: if ENABLE_GNUTLS pkglib_LTLIBRARIES += lmnsd_gtls.la lmnsd_gtls_la_SOURCES = nsd_gtls.c nsd_gtls.h nsdsel_gtls.c nsdsel_gtls.h lmnsd_gtls_la_CPPFLAGS = $(PTHREADS_CFLAGS) $(RSRT_CFLAGS) $(GNUTLS_CFLAGS) lmnsd_gtls_la_LDFLAGS = -module -avoid-version lmnsd_gtls_la_LIBADD = $(GNUTLS_LIBS) endif Rainer, why was the explicit tcpflood_LDADD += -lgcrypt needed in case of tcpflood but e.g. not for lmnsd_gtls.la? -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
[rsyslog] failing test-suite for 8.8.8
Hi, I want to start enabling and running the test bench as part of the regular debian build starting with 8.8.0. I've built from the 8.8.0 tarball and I get the following result: Testsuite summary for rsyslog 8.8.0 # TOTAL: 128 # PASS: 122 # SKIP: 4 # XFAIL: 0 # FAIL: 2 # XPASS: 0 # ERROR: 0 The failing tests are FAIL: mmnormalize_variable.sh FAIL: mmnormalize_tokenized.sh FAIL: mmnormalize_variable.sh = === [mmnormalize_variable.sh]: basic test for mmnormalize module variable-support rsyslogd: error: normalization rulebase 'testsuites/mmnormalize_variable.rulebase' could not be loaded cannot activate action [v8.8.0 try http://www.rsyslog.com/e/2310 ] rsyslogd: error during parsing file ./testsuites/mmnormalize_variable.conf, on or before line 14: errors occured in file './testsuites/mmnormalize_variable.conf' around line 14 [v8.8.0 try http://www.rsyslog.com/e/2207 ] rsyslogd started with pid 8193 starting run 1 Sending file './testsuites/date_time_msg' 1 times. ^M0001 kb sent runtime: 0.000 End of tcpflood Run doing shutdown imdiag[13500]: mainqueue empty wait on shutdown content-check failed FAIL: mmnormalize_tokenized.sh == === [mmnormalize_tokenized.sh]: test for mmnormalize tokenized field_type rsyslogd: error: normalization rulebase 'testsuites/mmnormalize_tokenized.rulebase' could not be loaded cannot activate action [v8.8.0 try http://www.rsyslog.com/e/2310 ] rsyslogd: error during parsing file ./testsuites/mmnormalize_tokenized.conf, on or before line 11: errors occured in file './testsuites/mmnormalize_tokenized.conf' around line 11 [v8.8.0 try http://www.rsyslog.com/e/2207 ] rsyslogd started with pid 8241 starting run 1 Sending file './testsuites/tokenized_input' 1 times. ^M0001 kb sent runtime: 0.000 End of tcpflood Run doing shutdown imdiag[13500]: mainqueue empty wait on shutdown content-check failed If 'testsuites/mmnormalize_tokenized.rulebase' is supposed to reference a real file, I couldn't find such a file indeed. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] failing test-suite for 8.8.8
FYI: After addressing the .rulesbase files and -lgcrypt linkage issue, I've uploaded the package to the Debian buildd network. The current state can be seen at https://buildd.debian.org/status/package.php?p=rsyslogsuite=experimental Looks like there is some work left to do:-) 2015-03-10 22:59 GMT+01:00 Rainer Gerhards rgerha...@hq.adiscon.com: Sent from phone, thus brief. Am 10.03.2015 22:57 schrieb Michael Biebl mbi...@gmail.com: 2015-03-10 21:50 GMT+01:00 Rainer Gerhards rgerha...@hq.adiscon.com: Rainer, why was the explicit tcpflood_LDADD += -lgcrypt needed in case of tcpflood but e.g. not for lmnsd_gtls.la? Probably simply because it always worked. Tcpflood is a third-class citizen, it's only a testing tool and I don't care much as long as it works - which so far it always did for me. Now it looks like it needs a fix... I don't quite understand this answer. Was this -lgcrypt line added in the past to fix a link failure or has it been added by accident without anyone ever noticing? It probably was added when it was needed at those days. Or maybe later. I really don't remember. Sorry. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] rsyslog and journald
2015-03-06 17:22 GMT+01:00 Tyson Whitehead twhiteh...@gmail.com: MODULES # The imjournal module bellow is now used as a message source instead of imuxsock. $ModLoad imuxsock # provides support for local system logging (e.g. via logger command) $OmitLocalLogging on $IMJournalStateFile imjournal.state as this make no sense unless you know that rsyslog understands systemd socket passing. Afaik, rsyslog in Fedora does *not* actually pass the syslog socket to rsyslog That's why Alias=syslog.socket is commented out in rsyslog.service and therefor there is no /etc/systemd/system/syslog.service symlink pointing at rsyslog.service. rsyslog will start and simply pull the syslog messages from the journal via imjournal. Why the rsyslog.conf in Fedora loads imuxsock and has $OmitLocalLogging on, I dunno. Not sure if the Fedora maintainers follow this mailing list and can chime in here. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] rsyslog and journald
2015-03-06 22:07 GMT+01:00 Tyson Whitehead twhiteh...@gmail.com: On March 6, 2015 15:45:09 Tyson Whitehead wrote: That makes a lot more sense now. Thanks so much to both you guys. BTW, am I correct to assume that the imuxsock module is a better match than the imjournal module for trying to get any last dieing messages off the box before it wedges itself up. That's a good question. As long as the message is properly stored in the journal and the journal file was not corrupted when the system dies, imjournal/rsyslog should pick up those messages upon the next (re)boot. The journal is a bit prone though to corrupt the journal files if the system is shutdown uncleanly and journald will rotate those corrupt files away (You typically see those in /var/log/journal having a journal~ file extension). Theoretically, using imjournal, you should be able to capture more messages from early boot and late shutdown, since journald is started earliers and stopped later then rsyslog. Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] imuxsock does not support RFC5424 header
Thanks for looking into this and keeping us updated. Am 05.03.2015 15:16 schrieb Rainer Gerhards rgerha...@hq.adiscon.com: 2015-03-03 17:07 GMT+01:00 Thomas D. whi...@whissi.de: Hi Rainer, thank you for the answers. Regarding journald (systemd): Gentoo is about choices. You can use Gentoo with systemd but you can stay with OpenRC (or use another init system of your choice). Many Gentoo desktop users are moving towards systemd. But especially for servers, many people keep OpenRC. I am currently concerned because I don't really understand the impact of the latest util-linux changes: Does it break typical setups which are relying on imuxsock usage? I.e. a chrooted service which has its own /dev/log in /chroot/service/dev/log using imuxsock? In other words: Would you, as upstream, recommend for the moment to enforce util-linux version 2.26 (=without RFC5424 per default) with rsyslog? Or should a normal user not be affected, only in special setups, so a warning/info should be enough? Now that I have reviewed the code of logger 2.26, I would *strongly* recommend to enforce 2.26 with rsyslog. There are multiple format issues in the new version, which will not only break rsyslog but probably others as well. This also happens when sending remotely. I am creating bug trackers and fixes at the util-linx project. Rainer ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] imuxsock does not support RFC5424 header
2015-03-03 16:53 GMT+01:00 Rainer Gerhards rgerha...@hq.adiscon.com: I have recently lost most interest in imuxsock as all major distros have voiced to use journald, and journald recommends to use imjournal in contrast to imuxsock, so all topics related to imuxsock now have a very low priority. Given our discussion here, I will however see what it would take to make it optionally use the regular parser interface. Fwiw, In Debian (jessie), we still use imuxsock by default. Simply because this way I can ship a configuration which works with both systemd and sysvinit and we still have sysloggers in Debian which don't yet pull actively from the journal but rely on journald to forward the messages via the syslog socket. This might change in jessie+1, but before we switch to imjournal, we'll need to give this further testing. So a properly supported imuxsock is still valuable to us. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] *.emerg causes a warning?
2015-02-03 10:13 GMT+01:00 Rainer Gerhards rgerha...@hq.adiscon.com: 2015-02-03 0:30 GMT+01:00 David Lang da...@lang.hm: On Mon, 2 Feb 2015, Otis Gospodnetic wrote: Hi, Just installed the very latest 8.7.0 on one machine and spotted this in the log: Feb 2 23:24:27 logsene-reports rsyslogd-2207: error during parsing file /etc/rsyslog.conf, on or before line 55: warnings occured in file '/etc/rsyslog.conf' around line 55 [try http://www.rsyslog.com/e/2207 ] didn't you get the other error message? This is what I see: 2015-02-03T10:10:14.076337+01:00 ubuntu1404esp rsyslogd-2184: action '*' treated as ':omusrmsg:*' - please change syntax, '*' will not be supported in the future [v8.8.0.master try http://www.rsyslog.com/e/2184 ] 2015-02-03T10:10:14.146723+01:00 ubuntu1404esp rsyslogd-2207: error during parsing file bluecoat.conf, on or before line 7: warnings occured in file '/bluecoat.conf' around line 7 [v8.8.0.master try http://www.rsyslog.com/e/2207 ] Just in case, this wasn't obvious, please change the line to *.emerg :omusrmsg:* -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] rsyslog, journald and phplogcon
2015-02-03 20:32 GMT+01:00 David Lang da...@lang.hm: On Tue, 3 Feb 2015, Michael Biebl wrote: 2015-02-03 20:12 GMT+01:00 David Lang da...@lang.hm: the module load for imjournal line polls the journal, asking for all logs since the last time it asked for logs. This is rather inefficient, but if you need the extra journald metadata, you need to do this since the journal won't send it otherwise. The alturnative to this is to have journald send the logs to rsyslog (for this, lookup the journald documentation where they say that they don't break syslog because they support delivering logs to syslog) It's only an alternative, if you don't need the additional metadata. In this mode, journald will forward the messages to /run/systemd/journal/syslog, and syslog will read from this socket instead of /dev/log. Those forwarded messages do not have any additional metadata. ok, then to read this (assuming that your version of journald is outputting it) should be: input(type=imuxsock socket=/run/systemd/journal/syslog) Oh, no, you don't need this. If rsyslog is activated by systemd, it will pass this socket as environment variable to rsyslog and rsyslog will pick that up automatically. There is nothing you need to do. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] rsyslog, journald and phplogcon
2015-02-03 20:52 GMT+01:00 Michael Biebl mbi...@gmail.com: Oh, no, you don't need this. If rsyslog is activated by systemd, it will pass this socket as socket-activated, to be precise. environment variable to rsyslog and rsyslog will pick that up automatically. There is nothing you need to do. If you look at a distro like Debian, which runs rsyslog under systemd, you'll see that it simply ships a generic /etc/rsyslog.conf. You just need to make sure to install and enable the rsyslog.service file that is provided by rsyslog. The magic bits are: [Unit] Requires=syslog.socket ... [Alias] Alias=syslog.service This will make systemd start rsyslog if there is activity on /dev/log and start rsyslog.service, passing it the syslog socket in the LISTEN_FDS env variable, where rsyslog will pick it up automatically. I'm happy to go into more detail, if there is interest. Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] rsyslog, journald and phplogcon
2015-02-03 20:12 GMT+01:00 David Lang da...@lang.hm: the module load for imjournal line polls the journal, asking for all logs since the last time it asked for logs. This is rather inefficient, but if you need the extra journald metadata, you need to do this since the journal won't send it otherwise. The alturnative to this is to have journald send the logs to rsyslog (for this, lookup the journald documentation where they say that they don't break syslog because they support delivering logs to syslog) It's only an alternative, if you don't need the additional metadata. In this mode, journald will forward the messages to /run/systemd/journal/syslog, and syslog will read from this socket instead of /dev/log. Those forwarded messages do not have any additional metadata. ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] rsyslog, journald and phplogcon
2015-02-03 21:13 GMT+01:00 David Lang da...@lang.hm: It would be useful. Questions relating to interacting with the journal and systemd are common and going to be more common, but there aren't a lot of us here with experience with that environment. Are you interested in the big picture or do you have specific questions? -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] Dealing with ancient rsyslog versions on new Linux distros
Hi, speaking for Debian, I try to push new upstream versions to unstable in a timely manner. Unstable and the (hopefully) soon-to-be-released jessie will have 8.4.x. The version in stable is based on 5.8, so indeed a bit dated. I do provide official backports though whenever it's doable with reasonable effort and there is demand. Currently backports has 7.6. See [1] for the list of currently available version. If there is demand for 8.4 in wheezy/stable, I can certainly look into this. Michael [1] https://packages.debian.org/search?keywords=rsyslog 2014-10-10 4:37 GMT+02:00 Otis Gospodnetic otis.gospodne...@gmail.com: Hello, We recently had a new Logsene http://sematext.com/logsene/ user who had some issues tailing a file with application logs and sending them to our rsyslog. After some digging we looked at the rsyslog version. It turned out to be 5.x. Ancient! But even scarier was that this was on Ubuntu 12.04, which I still think of as relatively new! And then I looked at Ubuntu 14.04 and the upcoming 14.10 and it looks like they only have 7.4.4. I then looked at CentOS 7, which is really new, and that also has 7.4.x! Aren't all of these quite old and quite different from 8.4.x? Are there *any* semi-common/popular Linux distros that have rsyslog 8.x? Finally, is there anything Adiscon could do or is doing to get 8.x into new versions of some of the more popular Linux distros? In case of Logsene, if we see people having trouble with rsyslog simply because their distros have very old versions of rsyslog, we may simply have to recommend Logstash, because when we recommend that we can be pretty sure people will either have or will get one of the more recent versions and this is probably much easier to install because, I assume, manually updating rsyslog is tricky because of dependencies, packages, etc. I was wondering if there is anything that could be done about this from rsyslog or Adiscon side? Thanks, Otis -- Monitoring * Alerting * Anomaly Detection * Centralized Log Management Solr Elasticsearch Support * http://sematext.com/ ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] rsyslog 8.4.0 (v8-stable) released
2014-08-19 16:00 GMT+02:00 Rainer Gerhards rgerha...@hq.adiscon.com: On Tue, Aug 19, 2014 at 3:38 PM, Rainer Gerhards rgerha...@hq.adiscon.com wrote: On Tue, Aug 19, 2014 at 3:18 PM, Michael Biebl mbi...@gmail.com wrote: 2014-08-19 14:53 GMT+02:00 Michael Biebl mbi...@gmail.com: Reverting 6d668c915fdacbeea85348ba6b03958f8622e1a1 fixed the build on the mips porterbox. Not surprisingly, it also fixes the build on sparc yup, thx, this was a very good hint. I guess I looked at the wrong problem area. Probably a missing semicolon somewhere. Will work my way through it :-) yeah, got it. It's indeed semicolon trouble that you get as soon as you disable atomic instructions. Can now look in more depth for a proper fix. The changes to runtime/statsobj.h [1] look wrong. Re-adding the missing ; fixes the build diff --git a/runtime/statsobj.h b/runtime/statsobj.h index 347f639..d56485d 100644 --- a/runtime/statsobj.h +++ b/runtime/statsobj.h @@ -139,7 +139,7 @@ PROTOTYPEObj(statsobj); */ #define STATSCOUNTER_DEF(ctr, mut) \ intctr_t ctr; \ - DEF_ATOMIC_HELPER_MUT64(mut) + DEF_ATOMIC_HELPER_MUT64(mut); #define STATSCOUNTER_INIT(ctr, mut) \ INIT_ATOMIC_HELPER_MUT64(mut); \ -- [1] http://git.adiscon.com/?p=rsyslog.git;a=blobdiff;f=runtime/statsobj.h;h=347f639f8d735c37b25a578da6ca659c0f8fa47a;hp=d56485de11f57f70e8af23001c3be989a1b6757a;hb=6d668c915fdacbeea85348ba6b03958f8622e1a1;hpb=e61d8a88d081c35a4c3a5778e1fb9d23339dffd5 ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] rsyslog 8.4.0 (v8-stable) released
2014-08-20 19:21 GMT+02:00 Michael Biebl mbi...@gmail.com: 2014-08-19 16:00 GMT+02:00 Rainer Gerhards rgerha...@hq.adiscon.com: On Tue, Aug 19, 2014 at 3:38 PM, Rainer Gerhards rgerha...@hq.adiscon.com wrote: On Tue, Aug 19, 2014 at 3:18 PM, Michael Biebl mbi...@gmail.com wrote: 2014-08-19 14:53 GMT+02:00 Michael Biebl mbi...@gmail.com: Reverting 6d668c915fdacbeea85348ba6b03958f8622e1a1 fixed the build on the mips porterbox. Not surprisingly, it also fixes the build on sparc yup, thx, this was a very good hint. I guess I looked at the wrong problem area. Probably a missing semicolon somewhere. Will work my way through it :-) yeah, got it. It's indeed semicolon trouble that you get as soon as you disable atomic instructions. Can now look in more depth for a proper fix. The changes to runtime/statsobj.h [1] look wrong. Re-adding the missing ; fixes the build diff --git a/runtime/statsobj.h b/runtime/statsobj.h index 347f639..d56485d 100644 --- a/runtime/statsobj.h +++ b/runtime/statsobj.h @@ -139,7 +139,7 @@ PROTOTYPEObj(statsobj); */ #define STATSCOUNTER_DEF(ctr, mut) \ intctr_t ctr; \ - DEF_ATOMIC_HELPER_MUT64(mut) + DEF_ATOMIC_HELPER_MUT64(mut); #define STATSCOUNTER_INIT(ctr, mut) \ INIT_ATOMIC_HELPER_MUT64(mut); \ -- [1] http://git.adiscon.com/?p=rsyslog.git;a=blobdiff;f=runtime/statsobj.h;h=347f639f8d735c37b25a578da6ca659c0f8fa47a;hp=d56485de11f57f70e8af23001c3be989a1b6757a;hb=6d668c915fdacbeea85348ba6b03958f8622e1a1;hpb=e61d8a88d081c35a4c3a5778e1fb9d23339dffd5 fwiw, I found it a bit confusing that the ; were shuffled around for some defines, but not all. E.g. you moved it for DEF_ATOMIC_HELPER_MUT, but not DEF_ATOMIC_HELPER_MUT64. This is where this bug resulted from. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] rsyslog 8.4.0 (v8-stable) released
2014-08-19 12:08 GMT+02:00 Rainer Gerhards rgerha...@hq.adiscon.com: I am a bit at a loss. Could you lend me a helping hand? Look here (an example, the others are more or less the same): https://buildd.debian.org/status/fetch.php?pkg=rsyslogarch=sparcver=8.4.0-1stamp=1408392140file=log looks like intctr_t is not defined. There is a typedef uint64 intctr_t right in the same file (line 38). Then I checked where uint64 is typedef'ed. That's done in runtuime/typedefs.h, which is included in rsyslog.h, which in turn is included in rsyslogd.c right at the top (line 29), *before* wti.h, which then triggers the error. So in theory, the type should be available. Can it be that some platforms do not supoport long long unsigned and this leads to that error? Reverting 6d668c915fdacbeea85348ba6b03958f8622e1a1 fixed the build on the mips porterbox. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
[rsyslog] small systemd service file tweaks
Hi, I suggest to add small tweaks to the systemd service file: diff --git a/rsyslog.service.in b/rsyslog.service.in index 8e2d64c..de37ff0 100644 --- a/rsyslog.service.in +++ b/rsyslog.service.in @@ -1,11 +1,14 @@ [Unit] Description=System Logging Service Requires=syslog.socket +Documentation=man:rsyslogd(8) man:rsyslog.conf(8) +Documentation=http://www.rsyslog.com/doc/ [Service] Type=notify ExecStart=@sbindir@/rsyslogd -n StandardOutput=null +Restart=on-failure [Install] WantedBy=multi-user.target The first one is adding a Documentation field. I'm a bit unsure if we should actually add man:rsyslog.conf(8) here, since that file is pretty outdated (in v8.4). Adding man:rsyslogd(8) at least seems fine though. Regarding the link to the documentation hosted on the web site: We can use the unversioned http://www.rsyslog.com/doc/ here or actually match the correct version like in case of 8.4 http://www.rsyslog.com/doc/v8-stable/. This would require though, to keep the rsyslog.service.in up-to-date with each new release. The result then looks like rsyslog.service - System Logging Service Loaded: loaded (/lib/systemd/system/rsyslog.service; enabled) Active: active (running) since Di 2014-08-19 14:58:59 CEST; 15min ago Docs: man:rsyslogd(8) man:rsyslog.conf(8) http://www.rsyslog.com/doc/ Main PID: 14416 (rsyslogd) CGroup: /system.slice/rsyslog.service └─14416 /usr/sbin/rsyslogd -n The second is the addition of Restart=on-failure [1] I think having rsyslog respawned when it crashes makes a lot of sense for a syslogger. Michael [1] http://www.freedesktop.org/software/systemd/man/systemd.service.html#Restart= -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] rsyslog 8.4.0 (v8-stable) released
2014-08-19 14:53 GMT+02:00 Michael Biebl mbi...@gmail.com: Reverting 6d668c915fdacbeea85348ba6b03958f8622e1a1 fixed the build on the mips porterbox. Not surprisingly, it also fixes the build on sparc -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] rsyslog 8.4.0 (v8-stable) released
Hi Rainer, you're ahead of me. Didn't check the buildd page yet. Thanks for keeping an eye on that! 2014-08-18 22:30 GMT+02:00 Rainer Gerhards rgerha...@hq.adiscon.com: Thx a lot. I've also seen build errors on some platforms. They look like bugs. Will look into that. If iI find something, it would be great if you could try a new build. I'll keep you posted. Rainer Sent from phone, thus brief. Am 18.08.2014 22:17 schrieb Michael Biebl mbi...@gmail.com: uploaded rsyslog 8.4.0-1 and rsyslog-doc 8.4.0-1 to Debian unstable https://packages.qa.debian.org/r/rsyslog/news/20140818T163448Z.html https://packages.qa.debian.org/r/rsyslog-doc/news/20140818T165113Z.html 2014-08-18 17:02 GMT+02:00 Florian Riedl fri...@adiscon.com: Hi all, We have just released 8.4.0 of the v8-stable branch. This release introduces the new stable version that inherits all the enhancements and improvements of rsyslog 8.3. Additionaly, the separated documentation is available as a tarball download on the download page. ChangeLog: http://www.rsyslog.com/changelog-for-8-4-0-v8-stable/ Download: http://www.rsyslog.com/downloads/download-v8-stable/ As always, feedback is appreciated. Best regards, Florian Riedl ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] rsyslog 8.4.0 (v8-stable) released
2014-08-18 22:47 GMT+02:00 Michael Biebl mbi...@gmail.com: Hi Rainer, you're ahead of me. Didn't check the buildd page yet. Thanks for keeping an eye on that! Just in case, anyone is interested, I was referring to https://buildd.debian.org/status/package.php?p=rsyslogsuite=unstable -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: [rsyslog] Email notification in our rsyslog server
2014-07-18 7:01 GMT+02:00 Swapnil Chaudhary schaudh...@travelclick.com: Hi, We have to set up email notification in our rsyslog server. Kindly let me know how to configure it. Please read the existing documentation and if then something is still unclear, come back with a more detailed question. Thanks, Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? ___ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.