Re: [rsyslog] rsyslog 8.2406.0 released

[Michael Biebl via rsyslog]

Hi Florian,

the v8.2406.0 tarball appears to be missing at
https://www.rsyslog.com/downloads/download-v8-stable/

Am Di., 2. Juli 2024 um 17:44 Uhr schrieb Florian Riedl via rsyslog
:
>
> Hi all.
>
> We are happy to announce the release of rsyslog version 8.2406.0!
>
> This update enhances message reliability with PostgreSQL by retrying
> deliveries on failures. Debugging TLS is now easier with more detailed
> logs. You can also customize the default OpenSSL engine and test its
> performance with a new script.
>
> We've fixed a longstanding issue with how quoted command line parameters
> are handled, ensuring external programs receive them correctly.
> Additionally, time-related bugs on 32-bit systems have been addressed.
>
> For a complete and detailed list of changes, please refer to the official
> changelog. We encourage you to upgrade to rsyslog v8.2406.0 to benefit from
> the improvements and the resolved issues.
>
> ChangeLog:
> https://github.com/rsyslog/rsyslog/blob/v8-stable/ChangeLog
>
> Download:
> https://www.rsyslog.com/downloads/download-v8-stable/
>
> As always, feedback is appreciated.
>
> Florian
> ___
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
> sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T 
> LIKE THAT.
___
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] rsyslog 8.2404.0 released

[Michael Biebl via rsyslog]

Hi,

the latest upload triggered this:
https://buildd.debian.org/status/package.php?p=rsyslog

any ideas?

Am Di., 2. Apr. 2024 um 17:55 Uhr schrieb Florian Riedl via rsyslog
:
>
> Hi all.
>
> We are happy to announce the release of rsyslog version 8.2404.0!
>
> This release focuses on improvements to the popular omhttp plugin and
> includes several bug fixes to ensure smooth operation.
>
> The omhttp plugin, which allows you to send logs to HTTP endpoints,
> receives a significant boost in functionality. New configuration
> parameters provide greater control over retries, handling of specific
> HTTP status codes, and proxy settings. You can now define timeouts for
> REST paths, configure a list of retryable and ignorable status codes,
> and even set up a proxy for outgoing connections. Additionally, omhttp
> now captures more detailed statistics, including the number of
> requests, their status codes, transferred bytes, and processing time.
>
> In terms of bug fixes, this release addresses a regression that
> prevented TLS drivers from loading correctly under certain
> circumstances. The mmdblookup module, used for geolocation lookups, is
> now more resilient and will continue working even if it encounters an
> incompatible IP lookup situation. Finally, the distributed tarball has
> been corrected to include a missing file that was causing test
> failures.
>
> For a complete list of changes, please refer to the official
> changelog. We encourage you to upgrade to rsyslog v8.2404.0 to benefit
> from the improved omhttp plugin and the resolved issues.
>
> ChangeLog:
>
> https://github.com/rsyslog/rsyslog/blob/v8-stable/ChangeLog
>
> Download:
>
> https://www.rsyslog.com/downloads/download-v8-stable/
>
> As always, feedback is appreciated.
>
> Florian
> ___
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
> sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T 
> LIKE THAT.
___
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] [rsyslog/rsyslog-doc] documentation is hard to use and badly structured (#394)

[Michael Biebl via rsyslog]

Hi David,

documentation is definitely a sore point of rsyslog (and most other
opensource projects for that matter).
Writing good documentation is hard.
A notable exception I remember (even if its is obsolete by now), is
upstart which shipped its upstart cookbook.
The original documentation is unfortunately no longer available, only
a wayback snapshot
https://web.archive.org/web/20230322064449/https://upstart.ubuntu.com/cookbook/

I personally like this style of documentation.

Am Do., 2. Nov. 2023 um 12:41 Uhr schrieb David Lang via rsyslog
:
>
> We have received complaints about rsyslog documentation repeatedly, We have
> a lot of detail, but it's all written for someone already fairly familiar
> with things.
>
> Here is a 3am first pass from me at writing an overview of how rsyslog works,
> with the idea that this could be made pretty with diagrams, click through 
> links
> to more specific pages with detail, etc.
>
> I'm replying to the github issue to see if the user who complained about the
> documentation and RainerScript would find this more useful, but also to
> rsyslog-users to get feedback from others on this.
>
> some of the sections here should possibly be broken into sub-pages (some
> sub-pages already exist that cover some of these and can/should be 
> simplified),
> or it make make sense to have a simple version on an overview page with the
> ability to click down for the gory details.
>
> David Lang
>
>
>
> Rsyslog architecture is very straightforward, but in it's simplicity it hides 
> a lot of flexibility.
>
> Rsyslog has one or more inputs that each receive one or more messages and 
> pass the batch of messages to a ruleset
>
>Each input runs the incoming log through a stack of possible parser modules
> until it hits one that reports success in parsing the log (pointer to parser
> module documentation and the default stack)
>
>Multiple inputs can feed to the same ruleset (by default, all inputs feed 
> to
> the Default ruleset which uses the 'main' queue) [1]
>
> Worker threads pull batches of logs from a queue, then process the logs in the
> batch using the statements in a ruleset
>
> Conceptually, it really is that trivial. As always, looking at details makes 
> it
> seem more complicated.
>
>
>
> Rsyslog config file(s)
>
> Rsyslog reads in the config file and all included files and combines them 
> before
> evaluating anything (see -o option for how files are combined), which file a
> statement is in has no impact (other than as part of the ordering of
> statements).
>(insert link to Rainer's recent post on mis-use of config includes??)
>
> At startup time, Rsyslog evaluates the combined config and implements all 
> module
> loading, input definition, template definitions and other global settings.
>
> All other statements get put into the default ruleset unless a ruleset is
> specified. None of these statements are evaluated (beyond syntax checking) at
> startup.
>
> The Rsyslog team believes very strongly in maintaining backwards compatibility
> (a config that works should never break or change behavior when rsyslog is
> updated to a new version) as such there are multiple ways of doing the same
> thing, and some ways are no longer recommended. When you see that something
> is depriciated, that means it is recommended not to use it in a new
> configuration for confusion/feature reasons, not that it is scheduled to go
> away/break in a new version.
>
> The config statments that existed prior to v6 of rsyslog were an evolution of
> the syslog format from the 90's, doing complex things by setting a bunch of
> values that then got used by later statements. By v5 of rsyslog, this was
> resulting in such complex interactions that even core developers were having
> trouble understanding what complex configs did. V6 introduced RainerScript,
> which deliberately requires you to specify all options rather than 
> 'inheriting'
> them from prior statements. This can be significantly more verbose as it
> requires you to specify all options each time, but makes it much clearer 
> exactly
> what is happening. There are times when the old syntax is shorter and more
> obvious to use than the new syntax, and in those cases, it's recommended to 
> use
> the old syntax. But if the old syntax requires multiple lines to do something,
> you are probably better off using the new syntax.
>
>
>
> Rulesets are the heart of log processing, defining what happens with each log
> message. The statements in a ruleset are evaluated for every log message as it
> is processed.
>
> Rulesets and Actions can have a queue defined for them (insert link to queue
> turn lane post, possibnly with updates). The 'default' ruleset uses the 'main'
> queue.
>
> The contents of a ruleset are a series of statements, which can be:
>1. call an action to use an output module
>  1a. legacy formats:
>/var/log/messages (write to a file)
>@1.2.3.4 (send to a remote system via UDP
>

Re: [rsyslog] [RFC] locking down rsyslog.service on Debian

[Michael Biebl via rsyslog]

Am Di., 10. Okt. 2023 um 22:17 Uhr schrieb David Lang :
>
> On Tue, 10 Oct 2023, Michael Biebl wrote:
>
> > Am Di., 10. Okt. 2023 um 21:49 Uhr schrieb David Lang :
> >>
> >> I see people putting things in /etc/rsyslog.d besides configs, so locking 
> >> down
> >> /etc may trip them up.
> >
> > ProtectSystem=full will make /etc read-only.
> >
> > Do you have a use case in mind where rsyslog need to *write* to /etc ?
> >
> > Or am I missing something, i.e. what exactly do you mean by "things"?
>
> I've seen people thinking that /etc/rsyslog.d is a good place to use as a
> workdir (state of imfile progress, spool files, etc) rather than just a place 
> to
> have configs.
>
> It's a bad idea, but they see the include of *.conf that the distros tend to 
> use
> and think that means that they can put other stuff there that's not *.conf and
> it's a good idea.

Thanks for the feedback!
The (default) rsyslog config uses
$WorkDirectory /var/spool/rsyslog

I will add a note to NEWS.Debian, that if users overwrite this, they
will need to adjust rsyslog.service accordingly (e.g. via drop-in
snippet).

Regards,
Michael
___
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] [RFC] locking down rsyslog.service on Debian

[Michael Biebl via rsyslog]

Am Di., 10. Okt. 2023 um 21:49 Uhr schrieb David Lang :
>
> I see people putting things in /etc/rsyslog.d besides configs, so locking down
> /etc may trip them up.

ProtectSystem=full will make /etc read-only.

Do you have a use case in mind where rsyslog need to *write* to /etc ?

Or am I missing something, i.e. what exactly do you mean by "things"?
___
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] [RFC] locking down rsyslog.service on Debian

[Michael Biebl via rsyslog]

See the links for ProtectHome and ProtectSystem

Am Di., 10. Okt. 2023 um 20:35 Uhr schrieb David Lang :
>
> what directories will rsyslog be able to access (both read and write) with 
> this
> config?
>
> David Lang
>
> On Tue, 10 Oct 2023, Michael Biebl via rsyslog wrote:
>
> > Date: Tue, 10 Oct 2023 20:20:14 +0200
> > From: Michael Biebl via rsyslog 
> > To: rsyslog-users 
> > Cc: Michael Biebl 
> > Subject: [rsyslog] [RFC] locking down rsyslog.service on Debian
> >
> > Hi,
> >
> > Debian maintainer of rsyslog speaking.
> >
> > I intend to lock down rsyslog.service in Debian in one of the next
> > uploads using the following systemd directives
> >
> > PrivateTmp=yes
> > https://www.freedesktop.org/software/systemd/man/systemd.exec.html#PrivateTmp=
> >
> > PrivateDevices=yes
> > https://www.freedesktop.org/software/systemd/man/systemd.exec.html#PrivateDevices=
> >
> > ProtectHome=yes
> > https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectHome=
> >
> > ProtectSystem=full
> > https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectSystem=
> >
> > ProtectKernelTunables=yes
> > https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectKernelTunables=
> >
> > ProtectKernelModules=yes
> > https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectKernelModules=
> >
> > ProtectClock=yes
> > https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectClock=
> >
> > SystemCallFilter=@system-service
> > https://www.freedesktop.org/software/systemd/man/systemd.exec.html#SystemCallFilter=
> >
> > CapabilityBoundingSet=CAP_BLOCK_SUSPEND CAP_CHOWN CAP_LEASE
> > CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_SYS_ADMIN CAP_SYS_RESOURCE
> > CAP_SYSLOG
> > https://www.freedesktop.org/software/systemd/man/systemd.exec.html#CapabilityBoundingSet=
> >
> > The full rsyslog.service looks like this, in case you want to test it:
> > ```
> > [Unit]
> > Description=System Logging Service
> > Requires=syslog.socket
> > Documentation=man:rsyslogd(8)
> > Documentation=man:rsyslog.conf(5)
> > Documentation=https://www.rsyslog.com/doc/
> >
> > [Service]
> > Type=notify
> > ExecStart=/usr/sbin/rsyslogd -n -iNONE
> > StandardOutput=null
> > Restart=on-failure
> >
> > # Increase the default a bit in order to allow many simultaneous
> > # files to be monitored, we might need a lot of fds.
> > LimitNOFILE=16384
> >
> > PrivateTmp=yes
> > PrivateDevices=yes
> > ProtectHome=yes
> > ProtectSystem=full
> > ProtectKernelTunables=yes
> > ProtectKernelModules=yes
> > ProtectClock=yes
> > SystemCallFilter=@system-service
> > CapabilityBoundingSet=CAP_BLOCK_SUSPEND CAP_CHOWN CAP_LEASE
> > CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_SYS_ADMIN CAP_SYS_RESOURCE
> > CAP_SYSLOG
> >
> > [Install]
> > WantedBy=multi-user.target
> > Alias=syslog.service
> > ```
> >
> > While the attempt is to secure the default configuration of rsyslog, I
> > do not want to restrict it so much that it becomes unusable.
> > If you think, that one of those directives could cause issues with
> > commonly used setups, please let me know, so I can adjust the
> > configuration.
> >
> > Looking forward to your feedback.
> >
> > Michael
> > ___
> > rsyslog mailing list
> > https://lists.adiscon.net/mailman/listinfo/rsyslog
> > http://www.rsyslog.com/professional-services/
> > What's up with rsyslog? Follow https://twitter.com/rgerhards
> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
> > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T 
> > LIKE THAT.
> >
___
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

[rsyslog] [RFC] locking down rsyslog.service on Debian

[Michael Biebl via rsyslog]

Hi,

Debian maintainer of rsyslog speaking.

I intend to lock down rsyslog.service in Debian in one of the next
uploads using the following systemd directives

PrivateTmp=yes
https://www.freedesktop.org/software/systemd/man/systemd.exec.html#PrivateTmp=

PrivateDevices=yes
https://www.freedesktop.org/software/systemd/man/systemd.exec.html#PrivateDevices=

ProtectHome=yes
https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectHome=

ProtectSystem=full
https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectSystem=

ProtectKernelTunables=yes
https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectKernelTunables=

ProtectKernelModules=yes
https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectKernelModules=

ProtectClock=yes
https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectClock=

SystemCallFilter=@system-service
https://www.freedesktop.org/software/systemd/man/systemd.exec.html#SystemCallFilter=

CapabilityBoundingSet=CAP_BLOCK_SUSPEND CAP_CHOWN CAP_LEASE
CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_SYS_ADMIN CAP_SYS_RESOURCE
CAP_SYSLOG
https://www.freedesktop.org/software/systemd/man/systemd.exec.html#CapabilityBoundingSet=

The full rsyslog.service looks like this, in case you want to test it:
```
[Unit]
Description=System Logging Service
Requires=syslog.socket
Documentation=man:rsyslogd(8)
Documentation=man:rsyslog.conf(5)
Documentation=https://www.rsyslog.com/doc/

[Service]
Type=notify
ExecStart=/usr/sbin/rsyslogd -n -iNONE
StandardOutput=null
Restart=on-failure

# Increase the default a bit in order to allow many simultaneous
# files to be monitored, we might need a lot of fds.
LimitNOFILE=16384

PrivateTmp=yes
PrivateDevices=yes
ProtectHome=yes
ProtectSystem=full
ProtectKernelTunables=yes
ProtectKernelModules=yes
ProtectClock=yes
SystemCallFilter=@system-service
CapabilityBoundingSet=CAP_BLOCK_SUSPEND CAP_CHOWN CAP_LEASE
CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_SYS_ADMIN CAP_SYS_RESOURCE
CAP_SYSLOG

[Install]
WantedBy=multi-user.target
Alias=syslog.service
```

While the attempt is to secure the default configuration of rsyslog, I
do not want to restrict it so much that it becomes unusable.
If you think, that one of those directives could cause issues with
commonly used setups, please let me know, so I can adjust the
configuration.

Looking forward to your feedback.

Michael
___
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] rsyslog 8.2112.0 released

[Michael Biebl via rsyslog]

tags for 8.2112.0 are also missing

Am Do., 16. Dez. 2021 um 19:14 Uhr schrieb Michael Biebl :
>
> Is a git push missing?
> github appears to be outdated.
>
> Am Do., 16. Dez. 2021 um 17:31 Uhr schrieb Florian Riedl via rsyslog
> :
> >
> > Today, we release rsyslog 8.2112.0.
> >
> > This release mostly consists of bugfixes and smaller changes. For
> > example, it is now possible in imtcp to set permittedPeers on input()
> > level, omsnmp received an update to use current IP best practices and
> > mmanon received improved anonymization.
> >
> > Other notable fixes were applied to ommysql, rulesets and a few more.
> >
> > Please make sure to read the changelog to get more details about the
> > additions and an overview of all changes.
> >
> > ChangeLog:
> >
> > https://github.com/rsyslog/rsyslog/blob/v8-stable/ChangeLog
> >
> > Download:
> >
> > https://www.rsyslog.com/downloads/download-v8-stable/
> >
> > As always, feedback is appreciated.
> >
> > Florian
> > ___
> > rsyslog mailing list
> > https://lists.adiscon.net/mailman/listinfo/rsyslog
> > http://www.rsyslog.com/professional-services/
> > What's up with rsyslog? Follow https://twitter.com/rgerhards
> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
> > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T 
> > LIKE THAT.
___
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] rsyslog 8.2112.0 released

[Michael Biebl via rsyslog]

Is a git push missing?
github appears to be outdated.

Am Do., 16. Dez. 2021 um 17:31 Uhr schrieb Florian Riedl via rsyslog
:
>
> Today, we release rsyslog 8.2112.0.
>
> This release mostly consists of bugfixes and smaller changes. For
> example, it is now possible in imtcp to set permittedPeers on input()
> level, omsnmp received an update to use current IP best practices and
> mmanon received improved anonymization.
>
> Other notable fixes were applied to ommysql, rulesets and a few more.
>
> Please make sure to read the changelog to get more details about the
> additions and an overview of all changes.
>
> ChangeLog:
>
> https://github.com/rsyslog/rsyslog/blob/v8-stable/ChangeLog
>
> Download:
>
> https://www.rsyslog.com/downloads/download-v8-stable/
>
> As always, feedback is appreciated.
>
> Florian
> ___
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
> sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T 
> LIKE THAT.
___
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] rsyslog 8.2010.0 released

[Michael Biebl via rsyslog]

Also, the v8-stable branch appears to be outdated and the 8.2010.0 tag
is missing.

Am Di., 20. Okt. 2020 um 21:00 Uhr schrieb Michael Biebl :
>
> For any distro maintainers: The dist tarball is missing some files.
> So if you run "make check" as part of your packaging process, have a look at
> https://github.com/rsyslog/rsyslog/issues/4446
>
> Am Di., 20. Okt. 2020 um 16:31 Uhr schrieb Florian Riedl via rsyslog
> :
> >
> > Hi everyone.
> >
> > Today, we release rsyslog 8.2010.0. This release provides mostly
> > bugfixes for rsyslog.
> >
> > Notable fixes and additions are:
> >
> > New module imhttp which allows to receive log data via HTTP
> > fix for gnutls handshake error handling
> > fix for a potential segfault on query of PROGRAMNAME property
> > fix for potential hang when closing a gnutls session
> > and many more
> >
> > Please make sure to read the changelog to get an overview of all changes.
> >
> > ChangeLog:
> > https://github.com/rsyslog/rsyslog/blob/v8-stable/ChangeLog
> >
> > Download:
> > https://www.rsyslog.com/downloads/download-v8-stable/
> >
> > As always, feedback is appreciated.
> >
> > The Adiscon Team
> > ___
> > rsyslog mailing list
> > https://lists.adiscon.net/mailman/listinfo/rsyslog
> > http://www.rsyslog.com/professional-services/
> > What's up with rsyslog? Follow https://twitter.com/rgerhards
> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
> > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T 
> > LIKE THAT.
___
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] rsyslog 8.2010.0 released

[Michael Biebl via rsyslog]

For any distro maintainers: The dist tarball is missing some files.
So if you run "make check" as part of your packaging process, have a look at
https://github.com/rsyslog/rsyslog/issues/4446

Am Di., 20. Okt. 2020 um 16:31 Uhr schrieb Florian Riedl via rsyslog
:
>
> Hi everyone.
>
> Today, we release rsyslog 8.2010.0. This release provides mostly
> bugfixes for rsyslog.
>
> Notable fixes and additions are:
>
> New module imhttp which allows to receive log data via HTTP
> fix for gnutls handshake error handling
> fix for a potential segfault on query of PROGRAMNAME property
> fix for potential hang when closing a gnutls session
> and many more
>
> Please make sure to read the changelog to get an overview of all changes.
>
> ChangeLog:
> https://github.com/rsyslog/rsyslog/blob/v8-stable/ChangeLog
>
> Download:
> https://www.rsyslog.com/downloads/download-v8-stable/
>
> As always, feedback is appreciated.
>
> The Adiscon Team
> ___
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
> sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T 
> LIKE THAT.
___
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] Debian packages and what we can do better

[Michael Biebl via rsyslog]

Am Do., 4. Juli 2019 um 13:30 Uhr schrieb Peter Viskup via rsyslog
:
> The syslog infra is something which most of admins do not want to update on
> daily basis.
> I think this is not something we should expect from admins - and as you
> see, it was just proven. Also some bugs might occur after a while.
> Find it not appropriate to follow agile development principles on such
> crucial subsystem as syslog still is. This is user's point of view.


So if I understand you correctly you don't want the latest and
greatest but you would actually prefer the version that is shipped in
$stable and only apply targetted fixes?





-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] Debian packages and what we can do better

[Michael Biebl via rsyslog]

Am Do., 4. Juli 2019 um 09:50 Uhr schrieb Peter Viskup :
>
> Hello Michael,
> at first, thank you for your work done.
>
> Propose rsyslog-ossl (OpenSSL driver for TLS encryption) being built and put 
> into non-free if possible. Just to let people test or use it if they want.
> The libssl-dev is listed in BuildDepends list. Are there other parts of 
> rsyslog which are dependent on OpenSSL libraries? These are not
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930816

I'm not sure, if using non-free for rsyslog-openssl is the solution
here. Combining GPL and OpenSSL is a bit of an icky topic especially
when dlopen comes into play.
I'll need to get some help on this. Rest assured I have not forgotten
about this.

> Maybe backporting of some bugfixes for rsyslog in stable release should be 
> made.
> At the moment the 8.24.0-1 in current stable means there were no changes from 
> original source. Due to rsyslog release policies bugfixes are primarily 
> included in new releases only. At least some important bug might be 
> backported in my opinion.

I do provide backports for $stable-backports. See
https://packages.debian.org/source/stretch-backports/rsyslog
What's currently in testing I usually also upload to $stable-backports.

You are indeed correct that I'm somewhat limited what I can upload to
$stable by the stable release policies.

Michael
-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

[rsyslog] Debian packages and what we can do better

[Michael Biebl via rsyslog]

Hi everyone,

in case you don't know me, I'm the (official) maintainer of rsyslog in Debian.
I put the official in parenthesis as I know there are deb packages as
well provided by Adiscon directly.
While I appreciate the service that is done by Rainer and his folks, I
wonder if there is something we can improve on the Debian side. I try
to keep the Debian packages up-to-date [1] as well as I can given the
constraints that a distro like Debian has.
Is there anything else that you are missing?
Any recommendations how the Debian packages can be improved?

I'm happy to receive feedback here. Just keep in mind, that I have to
balance here, that rsyslog is installed on basically everyone's
(Debian) system.

Regards,
Michael

[1] https://tracker.debian.org/pkg/rsyslog

-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] 8.1905.0 Logging Stops

[Michael Biebl via rsyslog]

Am Di., 11. Juni 2019 um 19:26 Uhr schrieb Rainer Gerhards via rsyslog
:
>
> El mar., 11 jun. 2019 a las 19:23, Heaton, Tobias
> () escribió:
> >
> > Rainer,
> >
> > I traced my steps and allowed rsyslog to run for 45 minutes without seeing 
> > a failure.
> >
> > The debug puts considerable strain on the system, so much so that the log 
> > timestamps started drifting. I was seeing logs stamped at 13:18 EST at 
> > 13:31EST actual time.
> >
> > Furthermore the debug log is nearly 70GB, closing in on the available disk 
> > space.
> >
> > Is there anything else I can try to help troubleshoot this problem?
>
> Not really. Maybe the first 12 GiB actually contain info that get's us
> a bit closer. So if you could share that, it would be useful. We can
> fine-tune the debug output, but as we have not the slightest idea of
> what may be the root cause that's no option.
>

If the problem is reliably reproducible (which seems to be on affected
systems), maybe a git bisect would actually be the quickest way to
find the commit causing this.


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] rsyslog version numbering change

[Michael Biebl via rsyslog]

Am Sa., 15. Dez. 2018 um 15:02 Uhr schrieb Michael Biebl :
>
> Am Sa., 15. Dez. 2018 um 13:20 Uhr schrieb Rainer Gerhards
> :
> > Any concerns please let me know.
>
> Maybe interesting to you https://joeyh.name/blog/entry/version_numbers/
>
> This would translate to 8.MMDD in your case.
>
> Has the additional benefit, that should you decide to re-architect
> rsyslog in a significant way, you can use
> 9.MMDD
>
> If there is such a potential significant change in the future, there
> is some value to it, if a user can quickly see this.

One other benefit of keeping the 8. prefix would be, that should you
ever decide to change the versioning scheme again, you haven't burned
all version numbers up to 2018.


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] rsyslog version numbering change

[Michael Biebl via rsyslog]

Am Sa., 15. Dez. 2018 um 13:20 Uhr schrieb Rainer Gerhards
:
> Any concerns please let me know.

Maybe interesting to you https://joeyh.name/blog/entry/version_numbers/

This would translate to 8.MMDD in your case.

Has the additional benefit, that should you decide to re-architect
rsyslog in a significant way, you can use
9.MMDD

If there is such a potential significant change in the future, there
is some value to it, if a user can quickly see this.

Regards,
Michael
-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] Rsyslog Debian repository - outdated

[Michael Biebl via rsyslog]

I've uploaded 8.39.0 to stretch-backports.
It should be available at your mirrors soon.
Am Mi., 5. Dez. 2018 um 13:51 Uhr schrieb sophie.loewenthal--- via
rsyslog :
>
> > -Original Message-
> > Sent: Wednesday, December 05, 2018 1:50 PM
> > To: rsyslog-users
> >
> > Hi,
> >
> > The last version for the Debian repository was for Wheezy with 
> > rsyslog_8.27.0-
> > 1_amd64.deb  Is there a  Debian 9 repository with rsyslog 8.3.9?
> >
> > https://www.rsyslog.com/debian-repository/
> >
>
> Note that v 8.3.8 is available in Stretch backports, but it does mean that I 
> cannot have the latest, bar compiling it myself.
> This message and any attachments (the "message") is
> intended solely for the intended addressees and is confidential.
> If you receive this message in error,or are not the intended recipient(s),
> please delete it and any copies from your systems and immediately notify
> the sender. Any unauthorized view, use that does not comply with its purpose,
> dissemination or disclosure, either whole or partial, is prohibited. Since 
> the internet
> cannot guarantee the integrity of this message which may not be reliable, BNP 
> PARIBAS
> (and its subsidiaries) shall not be liable for the message if modified, 
> changed or falsified.
> Do not print this message unless it is necessary, consider the environment.
>
> --
>
> Ce message et toutes les pieces jointes (ci-apres le "message")
> sont etablis a l'intention exclusive de ses destinataires et sont 
> confidentiels.
> Si vous recevez ce message par erreur ou s'il ne vous est pas destine,
> merci de le detruire ainsi que toute copie de votre systeme et d'en avertir
> immediatement l'expediteur. Toute lecture non autorisee, toute utilisation de
> ce message qui n'est pas conforme a sa destination, toute diffusion ou toute
> publication, totale ou partielle, est interdite. L'Internet ne permettant pas 
> d'assurer
> l'integrite de ce message electronique susceptible d'alteration, BNP Paribas
> (et ses filiales) decline(nt) toute responsabilite au titre de ce message 
> dans l'hypothese
> ou il aurait ete modifie, deforme ou falsifie.
> N'imprimez ce message que si necessaire, pensez a l'environnement.
>
> ___
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
> sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T 
> LIKE THAT.



-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] issues in rsyslog-8.36.0 with systemd service file

[Michael Biebl via rsyslog]

2018-09-02 17:14 GMT+02:00 Chris Richmond :
>
> It took forever to figure out what was going on, but I could tell from the
> systemctl (and the actual things being logged) that
> the daemon was coming up just fine and systemd was the thing having the
> problem.  In the end I googled for the processes
> state (loaded active waiting) and came up with the thing that fixed the
> issue, which was changing the Type from =notify to =Simple

Type=notify is correct for rsyslog and the preferred mode. Unless you
built rsyslog without systemd support, which might be the case for
you, since you said you built it from sources.




-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

[rsyslog] environment variable TZ is not set, auto correcting this to TZ=/etc/localtime [v8.36.0 try http://www.rsyslog.com/e/2442 ]

[Michael Biebl via rsyslog]

Since some time now, I'm getting this warning message in my log files.

/etc/localtime is properly set up. Why does rsyslog complain so
loudly, that the TZ env var is not set?
This seems to be the common case, that TZ is not set.

Michael

-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] librelp 1.2.16 released

[Michael Biebl via rsyslog]

2018-05-16 14:38 GMT+02:00 Rainer Gerhards :
> As a side-note, I would like to change that behaviour for rsyslog at
> least, trying to select ports dynamically. That would potentially
> introduce a noticable speedup. But unfortunately there is so much too
> do...
>
> I think I remember there was a way to tell autoconf to run the tests
> in a given series, but I could not find the info when I just searched.
> Do you happen to know (the link)?

Not off-hand.

What I did for the time being is to tell debhelper to run the checks
without parallelism:

https://salsa.debian.org/debian/librelp/commit/ede9a6837cefd195315bb0044f49cb0c3cbce9eb

-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] librelp 1.2.16 released

[Michael Biebl via rsyslog]

2018-05-15 21:52 GMT+02:00 Michael Biebl <mbi...@gmail.com>:

> When running "make check" directly, the test-suite succeeds.
> Very strange...
>
> Does anyone have an idea?

Figured it out.
dpkg-buildpackage (or rather dh) by default uses j = num_cores and it seems
"make check" is not really designed to call the tests in parallel (as
they bind to the same port I guess).
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] librelp 1.2.16 released

[Michael Biebl via rsyslog]

I have some strange issues when trying the run the test-suite for
librelp 1.2.16.
make[3]: Verzeichnis
„/home/michael/debian/build-area/librelp-1.2.16/tests“ wird verlassen
make  check-TESTS
make[4]: Verzeichnis
„/home/michael/debian/build-area/librelp-1.2.16/tests“ wird betreten
FAIL: basic.sh
make[4]: Verzeichnis
„/home/michael/debian/build-area/librelp-1.2.16/tests“ wird verlassen
make[4]: Verzeichnis
„/home/michael/debian/build-area/librelp-1.2.16/tests“ wird betreten
PASS: tls-wrong-authname.sh
make[4]: Verzeichnis
„/home/michael/debian/build-area/librelp-1.2.16/tests“ wird verlassen
make[4]: Verzeichnis
„/home/michael/debian/build-area/librelp-1.2.16/tests“ wird betreten
PASS: tls-missing-param-sender.sh
make[4]: Verzeichnis
„/home/michael/debian/build-area/librelp-1.2.16/tests“ wird verlassen
make[4]: Verzeichnis
„/home/michael/debian/build-area/librelp-1.2.16/tests“ wird betreten
PASS: tls-missing-param-receiver.sh
make[4]: Verzeichnis
„/home/michael/debian/build-area/librelp-1.2.16/tests“ wird verlassen
make[4]: Verzeichnis
„/home/michael/debian/build-area/librelp-1.2.16/tests“ wird betreten
FAIL: tls-basic-anon.sh
make[4]: Verzeichnis
„/home/michael/debian/build-area/librelp-1.2.16/tests“ wird verlassen
make[4]: Verzeichnis
„/home/michael/debian/build-area/librelp-1.2.16/tests“ wird betreten
FAIL: tls-wrong-permittedPeer.sh
make[4]: Verzeichnis
„/home/michael/debian/build-area/librelp-1.2.16/tests“ wird verlassen
make[4]: Verzeichnis
„/home/michael/debian/build-area/librelp-1.2.16/tests“ wird betreten
FAIL: tls-basic.sh
make[4]: Verzeichnis
„/home/michael/debian/build-area/librelp-1.2.16/tests“ wird verlassen
make[4]: Verzeichnis
„/home/michael/debian/build-area/librelp-1.2.16/tests“ wird betreten
FAIL: long-msg.sh
make[4]: Verzeichnis
„/home/michael/debian/build-area/librelp-1.2.16/tests“ wird verlassen
make[4]: Verzeichnis
„/home/michael/debian/build-area/librelp-1.2.16/tests“ wird betreten
PASS: tls-basic-vg.sh
make[4]: Verzeichnis
„/home/michael/debian/build-area/librelp-1.2.16/tests“ wird verlassen
make[4]: Verzeichnis
„/home/michael/debian/build-area/librelp-1.2.16/tests“ wird betreten
FAIL: oversize-msg-abort-errmsg.sh
make[4]: Verzeichnis
„/home/michael/debian/build-area/librelp-1.2.16/tests“ wird verlassen
make[4]: Verzeichnis
„/home/michael/debian/build-area/librelp-1.2.16/tests“ wird betreten
FAIL: oversize-msg-accept-errmsg.sh
make[4]: Verzeichnis
„/home/michael/debian/build-area/librelp-1.2.16/tests“ wird verlassen
make[4]: Verzeichnis
„/home/michael/debian/build-area/librelp-1.2.16/tests“ wird betreten
FAIL: truncate-oversize-msg.sh
make[4]: Verzeichnis
„/home/michael/debian/build-area/librelp-1.2.16/tests“ wird verlassen
make[4]: Verzeichnis
„/home/michael/debian/build-area/librelp-1.2.16/tests“ wird betreten
==
   librelp 1.2.16: tests/test-suite.log
==

# TOTAL: 12
# PASS:  4
# SKIP:  0
# XFAIL: 0
# FAIL:  8
# XPASS: 0
# ERROR: 0

Looking a bit into the log file, it seems the tests fail with an error
like this:


Test: ./tls-basic.sh

Starting Receiver...
got receive pid 5295
startup wait 0
receive: error 'error while binding relp tcp socket on port '30514'',
object 'lstn 30514'
double free or corruption (fasttop)


This is when trying to build the Debian package using dpkg-buildpackage.

When running "make check" directly, the test-suite succeeds.
Very strange...

Does anyone have an idea?


2018-05-14 12:56 GMT+02:00 Florian Riedl :
> Hi all,
>
> we have now released librelp 1.2.16.
>
> This new release of librelp provides API changes that allow better
> handling of oversize messages, as well as defining the listener
> interface. In addition, a few bugfixes for memory leaks and several
> minor issues are included.
>
> More detailed information is available in the Changelog.
>
> Changelog and Download:
> http://www.librelp.com/2018/05/librelp-1216.html
>
> Best regards,
> Florian Riedl
> ___
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
> sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T 
> LIKE THAT.



-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you 

Re: [rsyslog] rsyslog 8.33.0 (v8-stable) released

[Michael Biebl via rsyslog]

2018-03-04 13:09 GMT+01:00 Rainer Gerhards :

> http://build.rsyslog.com/download/rsyslog-8.33.1.tar.gz
>
> I would appreciate if some could try it out and report back. The
> tarball will disappear from above URL some time after the official
> version is out.

looks ok and builds fine on Debian.
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] Workaround for lack of pid file in upstream rsyslog 8.33.0 packages

[Michael Biebl via rsyslog]

2018-02-23 18:37 GMT+01:00 Adam Chalkley :
> I don't know about other distros, but on Ubuntu and CentOS 7 after installing 
> the 8.33.0 package our systems quit saving log messages locally as soon as 
> the next morning's logrotate cron jobs ran. The problem is that the upstream 
> packages were not updated to include a new logrotate conf that works around 
> the change in behavior with the systemd unit file of not creating a pid file.
>
> See these GitHub issues for additional information:
>
> https://github.com/rsyslog/rsyslog-pkg-ubuntu/issues/74
> https://github.com/rsyslog/rsyslog-pkg-rhel-centos/issues/42
> https://github.com/rsyslog/rsyslog/issues/2143
>
> The workaround for our environment was to create a drop-in to restore the 
> previous behavior of creating a pid file:
>

Or you could have fixed the logrotate config to use
postrotate
   systemctl kill -s HUP rsyslog.service
endscript

That seems like the cleaner solution

Michael
-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] Debian Packages with recent rsyslog

[Michael Biebl via rsyslog]

Hi Rainer

2018-01-31 18:49 GMT+01:00 Rainer Gerhards :
> Hi all,
>
> by popular request:
>
>http://blog.gerhards.net/2018/01/experimental-debian-rsyslog-packages.html
>
> Feedback is appreciated.

Just wanted to add, that for Debian 9.0 (stretch), I usually provide
backports via the debian-backports archive. See
https://qa.debian.org/madison.php?package=rsyslog

I no longer provide backports of recent versions for Debian 8.0
(jessie) though. So thanks for that. I assume you had to backport
various build dependencies for Debian 8.0?

-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] rsyslog 8.31.0 (v8-stable) released

[Michael Biebl via rsyslog]

Please be aware that the test-suite now requires python to run due to
rscript_parse_time.sh which uses ./tests/rscript_parse_time_get-ts.py

Regards,
Michael

2017-11-28 13:00 GMT+01:00 Florian Riedl :
> Hi all,
>
> Today, we release rsyslog 8.31. This is probably one of the biggest
> releases in the past couple of years. While it also offers great new
> functionality, what really important about it is the focus on further
> improved software quality. For a more detailed description, please
> read Rainer’s blog post. Detailed information about the huge list of
> changes is available in the changelog.
>
> http://blog.gerhards.net/2017/11/rsyslog-831-important-release.html
>
> The packages have received some notable changes as well. First off, we
> were able to implement the Redis output module as a separate package
> on Ubuntu 14.04 and newer. Also there was a dependency change for the
> ommongo module, thus it is now only available on Ubuntu 16.04 or
> newer, but not on CentOS/RHEL anymore. Platform restrictions are
> unavoidable right now due to dependency availability.
>
> ChangeLog:
>
> https://github.com/rsyslog/rsyslog/blob/v8-stable/ChangeLog
>
> Download:
>
> http://www.rsyslog.com/downloads/download-v8-stable/
>
> As always, feedback is appreciated.
>
> Best regards,
> Florian Riedl
> ___
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
> sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T 
> LIKE THAT.



-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

[rsyslog] libfastjson 0.99.6 changes not pushed to github

[Michael Biebl via rsyslog]

Hi,

I notice that there has been a 0.99.6 release of libfastjson, yet the
corresponsing changes have not been pushed and there is no 0.99.6 tag
in Git.

Regards,
Michael

-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] configure / make flags for directory prefix

[Michael Biebl via rsyslog]

2017-05-05 16:18 GMT+02:00 Brian Knox via rsyslog :
> I'm working on an fpm-cookery recipe ( https://github.com/bernd/fpm-cookery )
> for  building rsyslog, and running  into issues getting rsyslog to honor
> prefix variables. I'm stuck in that any combination of --prefix vars I use,
> rsyslog is trying to place rsyslog.service in /lib/systemd/rsyslog.service.
>
> Is  there a way to get this file to go into another location, or disable
> installing the systemd service file altogether?
>  --with-systemdsystemeunitir= doesn't seem to be respected.

Looks like a typo.
The correct configure switch is --with-systemdsystemunitdir= and this
works fine:

--with-systemdsystemunitdir=no disables the installation of the .service file
--with-systemdsystemunitdir=/foo/bar/baz/ installs the service file as
/foo/bar/baz/rsyslog.service

-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] Feedback request: minimal log shipper project

[Michael Biebl]

2016-11-22 18:14 GMT+01:00 David Lang :
> On Tue, 22 Nov 2016, Rainer Gerhards wrote:
>
>> The current packages are very granular. You don't gain much by
>> re-packaging, at least this is what I think. If I am wrong, I am all
>> ears, as it should be fairly easy to change that at least for the
>> project-provided packages.
>
>
> The reasons I'm thinking of a diffeent package are:
>
> 1. compile out everything possible (let it use the rsyslog packages if the
> rsyslog package is included and the config is changed to need them)

I think most distros already split out the modules. See the various
binary packages in Debian for example:
https://tracker.debian.org/pkg/rsyslog

So the core rsyslog package is already pretty lean (dependency and
footprint wise)

> 2. change the default config file to something other than /etc/rsyslog.conf
>
> 3. include a very different default config file
>
> 4. changed binary name (something like logsend instead of rsyslogd)
>


I had requests in the past in Debian, to split out the default logging
rules into something like /etc/rsyslog.d/50-default.conf.

The default /etc/rsyslog.conf would then mostly be about sourcing
additional config from /etc/rsyslog.d/


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] Feedback request: minimal log shipper project

[Michael Biebl]

2016-11-22 16:35 GMT+01:00 David Lang :
> As per a discussion here a couple months ago, adding imjournal more than
> doubles the memory footprint of a running rsyslog instance, even if it's not
> used.

Do you have reference to that discussion.
I can't imagine that simply compiling in support for imjournal doubles
the memory footprint of rsyslog and you will actually have to load the
module.



-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] liblognorm 2.0.0 released

[Michael Biebl]

2016-07-25 14:16 GMT+02:00 Rainer Gerhards :
> All,
>
> I am exploring an option which might enable us to keep the old API
> interface in liblognorm, which would make the benefits of v2 available
> to some apps that insist on the old APIs for the time being. I
> probably need a day or two to explore that and will hold the new
> release until then.
>
> Given the fact that I have not yet seen any packages turn up, I think
> we could go back to the old soname. Or should we consider this as
> "game over"?

Strictly speaking, you bump the soname when the ABI changes in an
incompatible way.
Also there aren't that many reverse dependencies of liblognorm afaics
(Debian lists two: rsyslog and sagan), so please take that into
account before you invest too much time on that.

Michael



-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] liblognorm 2.0.0 released

[Michael Biebl]

Hi

2016-07-22 19:13 GMT+02:00 Rainer Gerhards :
> Maybe I accidently clicked close. I didn't see it as well before cutting
> the release. Will check as soon as possible.

Created

https://github.com/rsyslog/liblognorm/pull/216
and
https://github.com/rsyslog/liblognorm/pull/215

Please review and if possible make a new release with those fixes.

Regards,
Michael

-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] liblognorm 2.0.0 released

[Michael Biebl]

2016-07-22 18:55 GMT+02:00 Champ Clark III :
> Correct.  I submitted this a while back:
>
> https://github.com/rsyslog/liblognorm/issues/204

Didn't see this, because it was closed for some reason.
I've already filed
https://github.com/rsyslog/liblognorm/issues/214
in the mean time.

Regards,
Michael


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] liblognorm 2.0.0 released

[Michael Biebl]

This breaks the build of e.g. sagan:

make[2]: Entering directory '/tmp/sagan-1.0.1/src'
gcc -DHAVE_CONFIG_H -I. -I..  -I..  -I/usr/include/libfastjson-g
-O2 -MT sagan-sagan-config.o -MD -MP -MF .deps/sagan-sagan-config.Tpo
-c -o sagan-sagan-config.o `test -f 'sagan-config.c' || echo
'./'`sagan-config.c
In file included from /usr/include/string.h:630:0,
 from sagan-config.c:40:
/usr/include/liblognorm.h:262:8: error: expected identifier or '('
before '__extension__'
 char * strndup(const char *s, size_t n);
^
Makefile:588: recipe for target 'sagan-sagan-config.o' failed
make[2]: *** [sagan-sagan-config.o] Error 1
make[2]: Leaving directory '/tmp/sagan-1.0.1/src'
Makefile:390: recipe for target 'all-recursive' failed
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory '/tmp/sagan-1.0.1'
Makefile:331: recipe for target 'all' failed
make: *** [all] Error 2



-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] liblognorm 2.0.0 released

[Michael Biebl]

Hm, why has lognorm.h the following

#ifndef HAVE_STRNDUP
char * strndup(const char *s, size_t n);
#endif

That should not be part of the public API

2016-07-22 15:07 GMT+02:00 Florian Riedl :
> Hi all,
>
> We have just released liblognorm 2.0.0. This new version was
> completely rewritten and is much feature-enhanced. Also it requires
> libfastjson instead of json-c. See the Changelog for details.
>
> Changelog:
>
> Version 2.0.0, 2016-07-21
> - completely rewritten, much feature-enhanced version
> - requires libfastjson instead of json-c
> - big improvements to testbench runs, especially on travis
> among others, the static analyzer is now run and testbench throws
> an error if the static analyzer (via clang) is not clean
> - lognormalizer tool can now handle lines larger 10k characters
> Thanks to Janmejay Singh for the patch
>
> Download:
> http://www.liblognorm.com/download/liblognorm-2-0-0/
>
> As always, feedback is appreciated.
>
> Best regards,
> Florian Riedl
> ___
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
> sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T 
> LIKE THAT.



-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] libfastjson 0.99.3 released

[Michael Biebl]

2016-07-12 23:12 GMT+02:00 David Lang <da...@lang.hm>:
> On Tue, 12 Jul 2016, Michael Biebl wrote:
>
>> Fwiw, this is the first release I felt comfortable enough uploading to
>> Debian unstable.
>> It just hit the archive a few hours ago:
>> https://tracker.debian.org/pkg/libfastjson
>>
>> I hope we don't break the API that much anymore before 1.0.0.
>>
>> I'm now waiting for a liblognorm 1.1.4 release which compiles against
>> libfastjson 0.99.3.
>
>
> My understanding is that we are going to get liblognorm 2 this cycle (after
> being delayed for the last couple of cycles)
>


Ok, so what's the plan here? Which liblognorm version should I pick?
At least they currently released version doesn't compile against the
latest libfastjson release (which is not a surprise, after the API
rework, which I'm thankful for).

Regards,
Michael

-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] libfastjson 0.99.3 released

[Michael Biebl]

Hi,


2016-07-11 17:52 GMT+02:00 Florian Riedl :
> Hi all,
>
> We have released libfastjson 0.99.3.

Is there a timeframe for a new liblognorm release which compiles
against this version of libfastjson?

Regards,
Michael
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] Does rsyslog really need to start after basic.target on systemd ?

[Michael Biebl]

2016-04-02 9:14 GMT+02:00 Francis Moreau :
> On Fri, Apr 1, 2016 at 10:50 PM, David Lang  wrote:
>> On Fri, 1 Apr 2016, fmoreau wrote:
>>
>>> Hi,
>>>
>>> This question was  already asked in the past, see:
>>> http://permalink.gmane.org/gmane.comp.sysutils.rsyslog/9864
>>>
>>> But IMHO the answers given weren't satisfactory. So I'm asking again.
>>>
>>> If there's no reason and rsyslog only needs the local fs to be settled
>>> then
>>> it should be started earlier to avoid missing some early messages sent by
>>> systemd.
>>
>>
>> The trouble is that it depends a lot on exactly what you have rsyslog
>> configured to do. Since rsyslog can send logs over the network, to
>> databases, etc, there are potentially a lot of thigns that need to be
>> started first.
>
> But shouldn't rsyslog be prepared to handle these cases where network
> isn't yet ready and should start sending logs over the network as soon
> as the network becomes available for example ?

network is just one. logging to databases another. Those typically
have complexer requirements and aren't started in early boot.
As a distro we don't really know, what kind of configuration our users
will use, so we typically pick a safe default.

If you want to tweak your rsyslog.service locally to start earlier
during boot, considering all the circumstances, then this should be
fine.
I don't think it's something which should be shipped upstream or by
distros though.

Michael

-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] ppa:adiscon/v8-stable ==> 404

[Michael Biebl]

2016-04-01 14:33 GMT+02:00 Rainer Gerhards <rgerha...@hq.adiscon.com>:
> 2016-03-31 18:38 GMT+02:00 Michael Biebl <mbi...@gmail.com>:
>> This affects the packages in sid as well, which are currently stuck at 
>> 8.16.0.
>> One aspect I particularly don't like about the libfastjson/json-c fork
>> is, that the old namespace was kept.
>> This can become tricky once libjson-c and libfastjson are loaded into
>> the same process space. This can lead to unexpected behaviour.

Obviously, this only poses a problem if the ABI changes in
incompatible ways, like the type signature of a function.

> You are absolutely right, I did not completely think this through and
> screwed up in this regard. I need to move json-c compatibility to
> source level (via CPP macros), if at all required. Changing the native
> API from json_* to fjson_* is on my todo list, and probably it's a
> good time to initiate this now.

Either we rename it, or we promise to never break ABI compatibility
with json-c. The former is more work initially, but gives you more
freedom going onwards.
The latter is possible too, see libjpeg (from IJG) and libjpeg-turbo.
But it needs very careful maintenance of the library.

-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] ppa:adiscon/v8-stable ==> 404

[Michael Biebl]

2016-03-31 18:11 GMT+02:00 David Lang :
> One category of things is just the latest version of everything as it's
> released (and/or the nightly versions). This is not expected to be in the
> official Debian repo (although I could see each release going into Sid as a
> possibility)

Fwiw, I've published newer versions of rsyslog via
backports.debian.org in the past and I plan to do so in the futuren.
The current version there is 8.16.0 (currently stuck in the NEW queue
[1]), it should reach the backports archive soonish.

Newer versions are more problematic, due to their dependency on libfastjson.

[1] https://ftp-master.debian.org/new/rsyslog_8.16.0-1~bpo8+1.html

-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] ppa:adiscon/v8-stable ==> 404

[Michael Biebl]

2016-03-31 13:20 GMT+02:00 Ciprian Hacman :
> Hi Florian,
>
> We figured out that this was an error on our part. Sorry for that.
>
> One of our customers is trying to install Rsyslog on Debian Jessie, but
> seems that is not possible at the moment. The only Rsyslog repo is for
> Wheezy. Any plans to build Rsyslog for Jessie?

What exactly are you missing from the existing, official rsyslog
package in Debian?


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] advance notice for 8.16.0 release

[Michael Biebl]

2016-01-25 10:00 GMT+01:00 Rainer Gerhards :
> Hi all,
>
> please note that the (candidate) tarball for tomorrow's release is now
> available at
>
>http://www.rsyslog.com/files/download/rsyslog/rsyslog-8.16.0.tar.gz
>
> If you build packages, it would be nice if you could pick it up and see if
> it works for you. Any bug reports received within the next 24hrs could
> probably be solved in the actual release.
>
> Note that we do not yet require libfastjson but strongly recommend it.
> 8.17.0 will finally require it.


While I can understand the motivation, I do fear that ultimately you,
Rainer, take on another responsibility, i.e. maintaining another
library.
And resources are already stretched very thin.

This is my main concern of introducing yet another dependency.

Michael


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] hardening rsyslog using systemd features

[Michael Biebl]

2016-01-31 11:42 GMT+01:00 Thomas D. :
> On Gentoo we ship a default rsyslog configuration which will create an
> additional imuxsock (/var/empty/dev/log). Our default sshd requires the
> additional socket (used by the logging extension from the HPN patchset).
>
> Wouldn't PrivateDevices=yes break our setup?

I don't think it should. But should be easy to verify, right :-)


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] hardening rsyslog using systemd features

[Michael Biebl]

2016-01-30 2:56 GMT+01:00 David Lang :

>> PrivateTmp=yes
>
>
> what use of /tmp does rsyslog make? If none, can we just block access rather
> than going to all the effort of creating a custom version?
>
> This can also affect things that rsyslog runs through omprog/etc. so
> documentation is needed.

programs spawned by omprog would have access to the rsyslog tmpdir, so
that shouldn't be an issue.

The only problem I can see is, if you setup an external component to
e.g. log to /tmp/file and then let imfile read from that.
rsyslog wouldn't have access to /tmp/file in that case.
Do people do that in practice?

> Along similar lines, if rsyslog isn't creating /dev/log, can access to
> devices be disabled (PrivateDevices)?

Hm, that should indeed work, thanks for the hint. I think we should be
able to safely switch on
PrivateDevices=yes




-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] hardening rsyslog using systemd features

[Michael Biebl]

Ok, so with the feedback provided so far, restricting the capabilities
could lead to unexpected breakage when using one of the more
"flexible" plugins like omprog.

I would therefore suggest the following three as a start:

> [Service]
> ProtectSystem=full
> ProtectHome=yes
> PrivateTmp=yes

I think we can safely assume that rsyslog does not need to write to
/usr, /home and doesn't need /tmp as IPC with external processes.

Rainer, can you apply those changes upstream or do you want me to
create a PR for that?




-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] hardening rsyslog using systemd features

[Michael Biebl]

2016-01-27 23:37 GMT+01:00 Peter Portante :
>> As I can't look into the future, I'm just talking about the status-quo
>> in Debian:
>> We do install rsyslog by default in our current stable release
>> (Jessie, aka 8.0) and that's still the case for testing/unstable.
>> journald is setup to forward messages to rsyslog (aka. push model)
>
>
> We use imjournal in fedora, rhel, centos, with systemd listening for logs
> on /dev/log and then rsyslog pulling them.

imjournal only works halfway decently if you have a persistent
journal. As I mentioned, we don't use persistent journal in Debian
(for one, to avoid writing log messages to disk twice).

imjournal did also have quite some serious bugs in the past (like
getting stuck in a loop generating a flood of log messages filling up
the disk). So I'm not yet comfortable enabling that. Especially since
there is no official *upstream* support for imjournal.

I also wonder, what the performance overhead is for imjournal. I
suspect that the throughput using
ForwardToSyslog=yes is higher. If anyone has benchmarks for that, I'd
appreciate that.

Michael


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] hardening rsyslog using systemd features

[Michael Biebl]

2016-01-27 18:04 GMT+01:00 Thomas D. :
> I am wondering if any major distribution with systemd will install
> rsyslog per default or if they use systemd instead. So rsyslog will only
> be installed if you require a special setup, not? And if you require a
> special setup I am not sure if we can provide a well working hardened
> configuration for most users.

As I can't look into the future, I'm just talking about the status-quo
in Debian:
We do install rsyslog by default in our current stable release
(Jessie, aka 8.0) and that's still the case for testing/unstable.
journald is setup to forward messages to rsyslog (aka. push model) and
only logs to volatile memory (Storage=volatile [¹]).
We might change that eventually, but atm journal still seems not
mature enough for me to enable that by default only.

> But we can always provide an example in /usr/share... so users can copy
> this file to override the default unit. That's really a nice feature in
> systemd.

I'd like to ship a default rsyslog configuration which is more
restrictive. Not as example, but as default.
My train of thought here is that advanced users with special needs,
will have to configure rsyslog anyway, including the default systemd
service file.

But that depends on your feedback. If you think this is a bad idea,
just let me know.

Michael

[1] http://www.freedesktop.org/software/systemd/man/journald.conf.html#Storage=
-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] hardening rsyslog using systemd features

[Michael Biebl]

Another reason, why we don't use imjournal by default yet in Debian:

I want a configuration which I can ship on all our architectures,
including non-Linux/non-systemd.
That's not possible if it involves imjournal. At least I don't know how.

2016-01-28 0:06 GMT+01:00 Michael Biebl <mbi...@gmail.com>:
> 2016-01-27 23:37 GMT+01:00 Peter Portante <peter.a.porta...@gmail.com>:
>>> As I can't look into the future, I'm just talking about the status-quo
>>> in Debian:
>>> We do install rsyslog by default in our current stable release
>>> (Jessie, aka 8.0) and that's still the case for testing/unstable.
>>> journald is setup to forward messages to rsyslog (aka. push model)
>>
>>
>> We use imjournal in fedora, rhel, centos, with systemd listening for logs
>> on /dev/log and then rsyslog pulling them.
>
> imjournal only works halfway decently if you have a persistent
> journal. As I mentioned, we don't use persistent journal in Debian
> (for one, to avoid writing log messages to disk twice).
>
> imjournal did also have quite some serious bugs in the past (like
> getting stuck in a loop generating a flood of log messages filling up
> the disk). So I'm not yet comfortable enabling that. Especially since
> there is no official *upstream* support for imjournal.
>
> I also wonder, what the performance overhead is for imjournal. I
> suspect that the throughput using
> ForwardToSyslog=yes is higher. If anyone has benchmarks for that, I'd
> appreciate that.
>
> Michael
>
>
> --
> Why is it that all of the instruments seeking intelligent life in the
> universe are pointed away from Earth?



-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] hardening rsyslog using systemd features

[Michael Biebl]

2016-01-27 16:13 GMT+01:00 David Lang <da...@lang.hm>:
> On Wed, 27 Jan 2016, Michael Biebl wrote:
>> [Service]
>> ProtectSystem=full
>
>
> what does this do?

http://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectSystem=


>> ProtectHome=yes

http://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectHome=

>> PrivateTmp=yes

http://www.freedesktop.org/software/systemd/man/systemd.exec.html#PrivateTmp=

> If these prevent writes (or reads) to home directories or tmp, they should
> be ok most of the time. But rsyslog has lots of features that pull in files
> or output to arbitrary places configured by the admin. If you do something
> like this, please add comments in the defau;t rsyslog.conf file (and
> seriously think of adding them to a customized config file) warning the
> admin that if they need to access X they will need to change the systemd
> config file.
>
> We have enough trouble with SELinux and AppArmor already.
>
>> CapabilityBoundingSet=CAP_SYSLOG CAP_NET_BIND_SERVICE
>>
>> What potentially could cause problems is the limitation of the
>> capabilties via CapabilityBoundingSet [1].
>> Does anyone know, what capabilities [2] rsyslog needs beyond
>> CAP_SYSLOG and CAP_NET_BIND_SERVICE if you want to make use of all its
>> features?
>
>
> mmexternal, omprog, output channels can run arbitrary programs on the
> system, so yes, full use of features could require anything :-)

Hm, true. But that's a very specialised setup.
I wonder whether it makes sense to concentrate on the common case and
include some NEWS entry telling people how they could turn those
restrictions off.

> mmnormalize commonly pulls in rulesets from whereever the admin set them up
>
> lookup tables can read in data from files wherever the admin sets them up.
> These are designed to be updated by other programs and re-loaded into
> rsyslog on the fly (triggered by a specific log message)
>
> If you are going to start playing around with capabilities, then set the
> capability  to let rsyslog bind to a low port without being root and set the
> permissions on the log directories appropriately and run rsyslog as non-root
> (not privdrop to non-root, non-root from the beginning)

I was under the impression, that running under a different uid/gid was
still problematic.
Taking away capabilities via the systemd directives looked like a good
middle ground to me.


> Bupass mode:
>
>  journald doesn't grab /dev/log, allowing rsyslog to get the data
> directly from the app. This allows rsyslog to grab the metadata directly

That's already possible today. I thought I already posted how to do
this, but apparently I didn't

> JSON delivery:
>
>  carry a patch to journald to have it deliver logs to rsyslog with
> metadata in JSON (note that LP has said that he will refuse to accept a
> patch that does this, so it's something the distros will have to carry. I
> have this bookmarked on my office machine and can forward the link later
> today)

I'm concerned shipping such a patch downstream and deviating from upstream.

> I would also point out the issue of journald grabbing audit logs and the
> flood of messages that creates. It's a good option to have, but there needs
> to be an easy to find option to disable it, especially since traditionally
> this has not been part of the log flow and is high volume.

I think this can be disabled via audit=0 on he kernel command line.
But I might be misunderstanding you.

>> Are other distros interested in shipping such a more restrictive
>> configuration?
>
>
> I don't run anything in production with systemd yet, but since Ubuntu 16.04
> is going to include it, I was expecting to have to fight some of this and
> can do tests on my laptops with these options.

I'd be very interested in further feedback, before turning this on.

-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] hardening rsyslog using systemd features

[Michael Biebl]

2016-01-27 16:40 GMT+01:00 Peter Portante :
> Have you talked to the Fedora folks about these changes as well?  These
> seem pretty interesting and worth while.

Nope. I was assuming the Fedora maintainers read this mailing list as
well. So I didn't want to cross-post this.


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

[rsyslog] hardening rsyslog using systemd features

[Michael Biebl]

Hi everyone,


I'd like to make use of some of the systemd hardening features [0] in
the Debian rsyslog package.
I eventually want those changes to go upstream though, so I'm asking
for feedback here.
This is what I currently have in mind:


[Service]
ProtectSystem=full
ProtectHome=yes
PrivateTmp=yes
CapabilityBoundingSet=CAP_SYSLOG CAP_NET_BIND_SERVICE

What potentially could cause problems is the limitation of the
capabilties via CapabilityBoundingSet [1].
Does anyone know, what capabilities [2] rsyslog needs beyond
CAP_SYSLOG and CAP_NET_BIND_SERVICE if you want to make use of all its
features?

Are other distros interested in shipping such a more restrictive configuration?

Regards,
Michael


[0] http://0pointer.de/blog/projects/security.html
[1] 
http://www.freedesktop.org/software/systemd/man/systemd.exec.html#CapabilityBoundingSet=
[2] http://man7.org/linux/man-pages/man7/capabilities.7.html

-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] advance notice for 8.16.0 release

[Michael Biebl]

2016-01-25 21:38 GMT+01:00 David Lang :
> Thomas, does the debian infrastructure understand vX-pre or vX-alpha or
> something like that as being a special case to sort before vX in it's
> version comparisons? I seem to remember seeing some discussion of such a
> feature.

The ~ is what you want in this case.

8.16.0~rc1 will sort before 8.16.0

-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] release cycle - was: rsyslog 8.15.0 (v8-stable) released

[Michael Biebl]

I think Davids idea makes a lot of sense.
If a bug is detected 2 days before the next release, it makes no sense
to do a .1 release.
If we discover an important bug directly after a release, I don't see
a good reason *not* do a followup .1 release. That doesn't mean we
have to switch back to "as-needed" release schedule for new major
releases.


Regards,
Michael

2015-12-18 16:39 GMT+01:00 David Lang <da...@lang.hm>:
> On Fri, 18 Dec 2015, Rainer Gerhards wrote:
>
>> Date: Fri, 18 Dec 2015 14:46:34 +0100
>> From: Rainer Gerhards <rgerha...@hq.adiscon.com>
>> Reply-To: rsyslog-users <rsyslog@lists.adiscon.com>
>> To: rsyslog-users <rsyslog@lists.adiscon.com>
>> Subject: [rsyslog] release cycle - was: rsyslog 8.15.0 (v8-stable)
>> released
>>
>>
>> 2015-12-17 22:52 GMT+01:00 Michael Biebl <mbi...@gmail.com>:
>>>
>>> 2015-12-17 16:51 GMT+01:00 Rainer Gerhards <rgerha...@hq.adiscon.com>:
>>>>
>>>> 2015-12-17 16:47 GMT+01:00 Thomas D. <whi...@whissi.de>:
>>>>>
>>>>> Hi,
>>>>>
>>>>> I agree with Michael.
>>>>>
>>>>> While I understand Rainers concerns in general this is different: For
>>>>> you there are only test files missing. But for distributions there is
>>>>> no
>>>>> working v8.15 release (tests are really important for us).
>>>>
>>>>
>>>> Can't you apply a patch? I remeber well in that long discussion over a
>>>> year ago that you were on of the strong proponents of "it's easy to
>>>> patch if something is a small nit"?
>>>>
>>>> I just want to understand that change of position, if it is one.
>>>
>>>
>>> We run the test-suite as part of the Debian build (that's why I
>>> noticed the failure). So this is a serious issue for the Debian build.
>>> But sure, if it's too much of a hassle, I'll just add the missing
>>> files as a downstream patch.
>>
>>
>> I agree that it would be almost no work for me to do a re-release.
>> It's more a policy argument. Let me explain, especially as I consider
>> changing policy:
>>
>> Up until ~15 month ago, we released when there was need to. Need was
>> defined as
>>
>> - important enough (set of bugfixes)
>> - new functionality
>>
>> This resulted in various releases. We had the stable/devel releases.
>> Stable releases were rare, devel frequent.
>>
>> Now, we have scheduled releases. Actually, a release is triggered when
>> we hit a certain calender date, irrelevant of whether or not there is
>> need to release (there is always one or two minor fixes, so we will
>> probably never exprience a totally blank release). We also have
>> switched to stable releases only, and done so without grief (basically
>> because a) we have improved testing and b) users didn't use devel at
>> all).
>>
>> I just dug into the old discussion. A good entry point is probably
>> this here, where we talk about patches:
>>
>> http://lists.adiscon.net/pipermail/rsyslog/2014-October/038796.html
>>
>> The new system works reasonably well. It has it's quircks, though.
>> Let's look at a concrete example:
>>
>> 8.14.0, to me, was an absolutely horrible release. The worst we have
>> done in the past 2 to 3 years. I worked hard on fixing some real bad
>> race issues with JSON variables. Friday before the release I was ready
>> to release that work, which would be really useful for folks that make
>> heavy use of those variables. Then, over the weekend and Monday, it
>> turned out that we may get unwanted regressions that weren't detected
>> earlier (NO testbench can mimic a heavy-used production system, so
>> let's not get into "we need better tests" blurb). The end result was
>> that I pulled the plug on release day, and what we finally released
>> was 8.13.0 plus a few small things. All problems with variables
>> persisted. If I had have half a week to a week (don't remember
>> exactly) more, we could have done a real release instead of the 8.13
>> re-incarnation. But, hey, we run on a schedule.
>>
>> Now 8.15.0 fixes these problems (except for the json-c induced
>> segfault, which we cannot fix in rsyslog). I also has all other "8.14"
>> enhancements and fixes and so is actually worth 3 month of work. It is
>> a *very heavy* release. Usually, I'd never released such a fat release
>> shortly before the holiday period. Not that I distrust it, and we

Re: [rsyslog] rsyslog 8.15.0 (v8-stable) released

[Michael Biebl]

Hi Rainer

2015-12-17 15:30 GMT+01:00 Rainer Gerhards :
> This happens under travis and so is run for each commit. This should
> avoid any such problems in the future. In fact, it worked so well that
> it detected one more missing file ;)

Do you think you could release a 8.15.1 with the missing files included?


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] rsyslog 8.15.0 (v8-stable) released

[Michael Biebl]

The test-suite fails here:

make[5]: *** No rule to make target 'json_null_array.sh', needed by
'json_null_array.sh.log'.  Schluss.

Looks like a file is missing (once again) from the dist tarball, like in
https://github.com/rsyslog/rsyslog/issues/484

Regards,
Michael

2015-12-15 18:08 GMT+01:00 Florian Riedl :
> Hi all,
>
> We have released rsyslog 8.15.0.
>
> This release sports a lot of changes. Among the changes are a lot of
> bugfixes, changes to the KSI support, pmciscoios, omkafka, 0mq modules,
> omelasticsearch and many more.
>
> We have also release librelp 1.2.9, which has received some fixes as well.
>
> Packages for both releases will be made available as soon as possible.
> To get a full overview over the changes, please take a look at the
> Changelog.
>
> ChangeLog:
>
> http://www.rsyslog.com/changelog-for-8-15-0-v8-stable/
>
> Download:
>
> http://www.rsyslog.com/downloads/download-v8-stable/
>
> As always, feedback is appreciated.
>
> Best regards,
> Florian Riedl
> ___
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
> sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T 
> LIKE THAT.



-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] rsyslog 8.11.0 (v8-stable) released

[Michael Biebl]

Hi!

The doc download link seems to be broken / the tarball missing
http://www.rsyslog.com/files/download/rsyslog/rsyslog-doc-8.11.0.tar.gz
only gives a 404

2015-06-30 17:24 GMT+02:00 Florian Riedl fri...@adiscon.com:
 Hi all,

 We have released rsyslog 8.11.0.
 This release now provides a new signature provider for Keyless Signature
 Infrastructure (KSI) as well as quite a few fixes for imfile, omkafka, the
 build system and others.

  ChangeLog:

 http://www.rsyslog.com/changelog-for-8-11-0-v8-stable/

 Download:

 http://www.rsyslog.com/downloads/download-v8-stable/

 As always, feedback is appreciated.

 Best regards,
 Florian Riedl
 ___
 rsyslog mailing list
 http://lists.adiscon.net/mailman/listinfo/rsyslog
 http://www.rsyslog.com/professional-services/
 What's up with rsyslog? Follow https://twitter.com/rgerhards
 NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
 sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T 
 LIKE THAT.



-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] rsyslog 8.10.0 (v8-stable) released

[Michael Biebl]

The test-suite does not pass:

make[5]: *** No rule to make target 'rulesetmultiqueue.sh', needed by
'rulesetmultiqueue.sh.log'.  Schluss.
make[5]: Leaving directory
'/home/michael/debian/build-area/rsyslog-8.10.0/tests'
Makefile:1554: recipe for target 'check-TESTS' failed

Looks like the file rulesetmultiqueue.sh is missing from the dist-tarball.

Someone didn't run make distcheck it seems :-)


2015-05-19 17:35 GMT+02:00 Florian Riedl fri...@adiscon.com:
 Hi all,

 We have released rsyslog 8.10.0.
 This provides a number of new features and fixes in several modules, like
 imfile, zmq and others. It also adds a new contributed module omhttpfs for
 writing to HDFS via HTTP.
  ChangeLog:

 http://www.rsyslog.com/changelog-for-8-10-0-v8-stable/

 Download:

 http://www.rsyslog.com/downloads/download-v8-stable/

 As always, feedback is appreciated.

 Best regards,
 Florian Riedl
 ___
 rsyslog mailing list
 http://lists.adiscon.net/mailman/listinfo/rsyslog
 http://www.rsyslog.com/professional-services/
 What's up with rsyslog? Follow https://twitter.com/rgerhards
 NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
 sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T 
 LIKE THAT.



-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] build dependency issue not detected by configure

[Michael Biebl]

It looks like Thomas fix is not sufficient.

If you build from the tarball twice in a row, i.e.
./configure  make  make clean  ./configure  make
the build will fail, if flex/bison is not around.
This is due to ./grammar/grammar.[ch] beeing removed on make clean


2015-04-23 0:13 GMT+02:00 Thomas D. whi...@whissi.de:
 Hi,

 Rainer Gerhards wrote:
 This sounds like it doesn't break *my* scripts. Not sure about others.

 This won't break anything. Only environments which don't satisfy our
 build requirements. For example, I had to update .travis.xml, because
 rst2man was missing on Travis, too :)


 If it doesn't introduce any problems, it's probably a good way to go.
 Otherwise I would strongly opt for b). Flex/Bison always has been a
 hard requirement from my PoV.

 Are you willing to craft a patch?

 PR: https://github.com/rsyslog/rsyslog/pull/309


 -Thomas

 ___
 rsyslog mailing list
 http://lists.adiscon.net/mailman/listinfo/rsyslog
 http://www.rsyslog.com/professional-services/
 What's up with rsyslog? Follow https://twitter.com/rgerhards
 NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
 sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T 
 LIKE THAT.



-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] build dependency issue not detected by configure

[Michael Biebl]

Why don't we just make flex/bison a hard dependency?

2015-05-19 20:59 GMT+02:00 Thomas D. whi...@whissi.de:
 Hi,

 Michael wrote:
 It looks like Thomas fix is not sufficient.

 If you build from the tarball twice in a row, i.e.
 ./configure  make  make clean  ./configure  make
 the build will fail, if flex/bison is not around.
 This is due to ./grammar/grammar.[ch] beeing removed on make clean

 Mh, yes. I did not check for this test case (cleaning from release tarball).

 I would suggest that make clean should not remove any pre-generated files 
 if configure detected that we are running from release tarball. Any 
 objections?


 -Thomas


 ___
 rsyslog mailing list
 http://lists.adiscon.net/mailman/listinfo/rsyslog
 http://www.rsyslog.com/professional-services/
 What's up with rsyslog? Follow https://twitter.com/rgerhards
 NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
 sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T 
 LIKE THAT.



-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] build dependency issue not detected by configure

[Michael Biebl]

2015-05-19 20:59 GMT+02:00 Thomas D. whi...@whissi.de:
 Michael wrote:
 It looks like Thomas fix is not sufficient.

 If you build from the tarball twice in a row, i.e.
 ./configure  make  make clean  ./configure  make
 the build will fail, if flex/bison is not around.
 This is due to ./grammar/grammar.[ch] beeing removed on make clean

 Mh, yes. I did not check for this test case (cleaning from release tarball).

 I would suggest that make clean should not remove any pre-generated files 
 if configure detected that we are running from release tarball. Any 
 objections?

That's hard to detect. E.g. I commit the release tarballs to git and
build the packages from there. So the test for .git is not a
sufficient indication if yacc/flex will be needed or not.

What I do notice though, is that we have

CLEANFILES = grammar.h grammar.c

but we do not cleanup lexer.c. We should either do it for both, or
none, I think.

-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] make dist: file name is too long (max 99); not dumped

[Michael Biebl]

2015-04-21 17:43 GMT+02:00 Thomas D. whi...@whissi.de:
 1) Files should be renamed so we don't violate tar's specs [1]

Or we use a modern format like posix, which doesn't have the 99 char limit.


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] rsyslog 8.9.0 (v8-stable) released

[Michael Biebl]

2015-04-09 16:14 GMT+02:00 Thomas D. whi...@whissi.de:
 Hi,

 On 2015-04-07 16:35, Florian Riedl wrote:
 We have released rsyslog 8.9.0.
 This is primarily a bug-fixing release with a couple of improvements in
 omprog, imuxsock and the zero message queue plugins.

 Good job! Looks like a very good release. It has passed all our tests on
 different hardware/configuration so far on Gentoo (including the gzipwr*
 tests on i386).

Interesting. See my earlier reply about 8.9.0 failing on i386 [1].
Looks like the test-suite is still a bit flaky and fails at random.


[1] https://buildd.debian.org/status/package.php?p=rsyslogsuite=experimental
-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] rsyslog 8.9.0 (v8-stable) released

[Michael Biebl]

2015-04-07 16:35 GMT+02:00 Florian Riedl fri...@adiscon.com:
 Hi all,

 We have released rsyslog 8.9.0.

New test-suite results are in:

https://buildd.debian.org/status/package.php?p=rsyslogsuite=experimental

The failure on i386 is new (again).

-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] rsyslog and GnuTLS

[Michael Biebl]

I don't quite understand your question, but installing rsyslog-gnutls
under Debian wheezy, will provide you with the necessary module to
setup secure remote logging using GnuTLS.

2015-03-27 19:22 GMT+01:00 jonetsu jone...@teksavvy.com:
 Hello,

   What would be the earliest rsyslog release to support secure remote 
 syslogging using GnuTLS ?  I have a 'old' version here, 5.8.11 that has a 
 rsyslog-gnutls component, although I wonder: 1) If this could be a 'Debian 
 thing', if the same approach of having this rsyslog-gnutls component still in 
 effect today ?  If there is a new design, or any other significant change, 
 which earliest version could be used to upgrade, while having GnuTLS secure 
 connections ?

 Regards.


 ___
 rsyslog mailing list
 http://lists.adiscon.net/mailman/listinfo/rsyslog
 http://www.rsyslog.com/professional-services/
 What's up with rsyslog? Follow https://twitter.com/rgerhards
 NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
 sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T 
 LIKE THAT.



-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] failing test-suite for 8.8.8

[Michael Biebl]

2015-03-25 19:08 GMT+01:00 Michael Biebl mbi...@gmail.com:
 https://buildd.debian.org/status/package.php?p=rsyslogsuite=experimental
 looks better now. Still a few test-suite failures, especially on
 kfreebsd-*, but I guess we're getting there.

The test-suite failure on mips is new:

TEST: [imptcp_large.sh]: test imptcp with large-size messages
rsyslogd started with pid  20162
starting run 1
Sending 2 messages.
*** buffer overflow detected ***: ./tcpflood terminated
./diag.sh: line 180: 20174 Aborted (core dumped)
./tcpflood -c5 -m2 -r -d1 -P12


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] failing test-suite for 8.8.8

[Michael Biebl]

2015-03-20 4:04 GMT+01:00 Michael Biebl mbi...@gmail.com:
 Sorry, currently busy with other stuff.

 Will see, that I can apply the patch to the Debian package soonish.

https://buildd.debian.org/status/package.php?p=rsyslogsuite=experimental
looks better now. Still a few test-suite failures, especially on
kfreebsd-*, but I guess we're getting there.





-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] failing test-suite for 8.8.8

[Michael Biebl]

Sorry, currently busy with other stuff.

Will see, that I can apply the patch to the Debian package soonish.

Btw, it's the first time, that I heard of the amd686 or x386 architecture :-)

2015-03-17 11:58 GMT+01:00 Rainer Gerhards rgerha...@hq.adiscon.com:
 2015-03-17 9:45 GMT+01:00 Rainer Gerhards rgerha...@hq.adiscon.com:
 2015-03-16 20:01 GMT+01:00 Michael Biebl mbi...@gmail.com:
 2015-03-16 14:06 GMT+01:00 Rainer Gerhards rgerha...@hq.adiscon.com:
 2015-03-16 9:50 GMT+01:00 Rainer Gerhards rgerha...@hq.adiscon.com:
 I think I get closer to a solutions. Looks like an long long int vs.
 int64_t issue. I'll probably craft a small patch to test it out, which
 would address at least most cases that failed. If that works out, there is
 more to fix.

 Patch hopefully upcoming soon, but I thought I let you know in advance.

 Michael,

 as usual, the root cause is dumb, once you know it. Could you please
 apply this patch:

 https://github.com/rgerhards/rsyslog/commit/3b7bd0b7a7f0f5f1bf7609bdf34e7d9a32608ea6.patch

 and re-initiate the build. It should at least reduce the number of
 problems (there may be others, I haven't tried to identify that as a
 lot of the problems seem to be related to that patch).

 Thanks,
 Rainer
 ___
 rsyslog mailing list
 http://lists.adiscon.net/mailman/listinfo/rsyslog
 http://www.rsyslog.com/professional-services/
 What's up with rsyslog? Follow https://twitter.com/rgerhards
 NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
 sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T 
 LIKE THAT.



-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] need explicitely enable valgrind for testbench use?

[Michael Biebl]

2015-03-17 19:37 GMT+01:00 Thomas D. whi...@whissi.de:
 Hi,

 David wrote:
 In the valgrind case, this shouldn't be a binary option, it needs to be
 trinary.

 OFF   don't use, even if it is there
 AUTO use if it's there
 ON   don't compile if it isn't there

 AUTO is something *every* package maintainer wants to avoid/disable. :)

I wouldn't put it like that.
Ideally, you have

--enable-feature=enable|disable|auto

Having auto-detection as default is fine, but having an explicit
--enable which errors out hard the dependency is missing is good, so
is an explicit --disable switch, which ensures you don't accidentally
pick up new depedencies in a dirty build environment.



-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] failing test-suite for 8.8.8

[Michael Biebl]

2015-03-16 14:06 GMT+01:00 Rainer Gerhards rgerha...@hq.adiscon.com:
 2015-03-16 9:50 GMT+01:00 Rainer Gerhards rgerha...@hq.adiscon.com:
 I think I get closer to a solutions. Looks like an long long int vs.
 int64_t issue. I'll probably craft a small patch to test it out, which
 would address at least most cases that failed. If that works out, there is
 more to fix.

 Patch hopefully upcoming soon, but I thought I let you know in advance.

 It looks a bit crazy, not yet found the root cause. But the good thing
 is that I can reproduce it on Debian 7.8 32 bit. So I can now test
 myself...


Thanks Rainer!
If the test-suite results for the various architectures are useful,
I'll keep them enabled.

Cheers,
Michael


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] failing test-suite for 8.8.8

[Michael Biebl]

2015-03-11 14:01 GMT+01:00 Michael Biebl mbi...@gmail.com:
 New results are in
 If you go to 
 https://buildd.debian.org/status/package.php?p=rsyslogsuite=experimental,
 and click on Build-Attempted in the Status column, it will open the
 full log file.

Rainer, do the log messages help? Any thoughts yet, what's causing the
test-suite failures?

Michael


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] liblognorm 1.1.1 doesn't work with rsyslog

[Michael Biebl]

I do hope, the Debian packages were updated accordingly, i.e. if there
is a soname bump, you name it liblognorm2.
So if you rebuild rsyslog against liblognorm-dev 1.1.1, it would get a
dependency on liblognorm2. This way, it's ensured that you can't end
up with broken packages.

2015-03-12 14:55 GMT+01:00 Tomas Heinrich thein...@redhat.com:
 On 03/12/15 13:07, Thomas D. wrote:

 Rainer Gerhards wrote:

 that probably has to do with the fact that we fixed the library
 versioning.
 I admit we did it wrongly so far, so I have little experience with the
 proper way and its implications. I guess, we need to rebuild the rsyslog
 packages. Will initiate that.


 Right, you must rebuild against the the SO name version you are using.


 Yes, that needs to be done every time the value of
 first-digit-minus-third-digit of the soname changes.

 Don't forget to require liblognorm-1.1.1 in your packages if you build
 them against liblognorm-1.1.1 because if you link against
 liblognorm-1.1.1 you can't use previous versions anymore (or you have to
 rebuild...).


 Actually, at least for RPM, that is not necessary, generally speaking.
 During the build, dependency on a specific soname is automatically recorded
 in the depending package:

 $ rpm -qR rsyslog-mmnormalize | grep liblognorm
 liblognorm.so.2()(64bit)

 Upstream tracker shows[0] that 1.1.1 is backwards compatible to 1.1.0, so
 unless you need the symbols that were added in 1.1.1, versioning the
 dependency in the package shouldn't be required.

 (And looking at the actual soname - 2:0:0 - since the age part wasn't
 incremented, the library will be considered as not backwards compatible and
 the requirement has to be placed on the newest version.)

 Tomas

 http://upstream.rosalinux.ru/versions/liblognorm.html


 ___
 rsyslog mailing list
 http://lists.adiscon.net/mailman/listinfo/rsyslog
 http://www.rsyslog.com/professional-services/
 What's up with rsyslog? Follow https://twitter.com/rgerhards
 NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
 sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T
 LIKE THAT.



-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] liblognorm 1.1.1 doesn't work with rsyslog

[Michael Biebl]

An more advice:
Please always consider running lintian on the final package.

This would have caught simple errors like this one:

$ lintian liblognorm1_1.1.1-0adiscon1trusty1_amd64.deb
W: liblognorm1: package-name-doesnt-match-sonames liblognorm2
E: liblognorm1:
symbols-file-contains-current-version-with-debian-revision on symbol
descent_parser_data_constructor@Base and 73 others

It looks, like the symbols file isn't properly maintained either.

2015-03-12 15:10 GMT+01:00 Michael Biebl mbi...@gmail.com:
 Apparently, the liblognorm soname bump wasn't properly handled
 packaging wise looking at

 https://launchpad.net/~adiscon/+archive/ubuntu/v8-stable/+packages

 Packaging (and maintaining) libraries takes special effort to be done 
 properly.

 Please have a look at
 https://www.debian.org/doc/debian-policy/ch-sharedlibs.html
 https://www.debian.org/doc/manuals/maint-guide/advanced.en.html
 https://www.netfort.gr.jp/~dancer/column/libpkg-guide/libpkg-guide.html

 2015-03-12 15:05 GMT+01:00 Michael Biebl mbi...@gmail.com:
 I do hope, the Debian packages were updated accordingly, i.e. if there
 is a soname bump, you name it liblognorm2.
 So if you rebuild rsyslog against liblognorm-dev 1.1.1, it would get a
 dependency on liblognorm2. This way, it's ensured that you can't end
 up with broken packages.

 2015-03-12 14:55 GMT+01:00 Tomas Heinrich thein...@redhat.com:
 On 03/12/15 13:07, Thomas D. wrote:

 Rainer Gerhards wrote:

 that probably has to do with the fact that we fixed the library
 versioning.
 I admit we did it wrongly so far, so I have little experience with the
 proper way and its implications. I guess, we need to rebuild the rsyslog
 packages. Will initiate that.


 Right, you must rebuild against the the SO name version you are using.


 Yes, that needs to be done every time the value of
 first-digit-minus-third-digit of the soname changes.

 Don't forget to require liblognorm-1.1.1 in your packages if you build
 them against liblognorm-1.1.1 because if you link against
 liblognorm-1.1.1 you can't use previous versions anymore (or you have to
 rebuild...).


 Actually, at least for RPM, that is not necessary, generally speaking.
 During the build, dependency on a specific soname is automatically recorded
 in the depending package:

 $ rpm -qR rsyslog-mmnormalize | grep liblognorm
 liblognorm.so.2()(64bit)

 Upstream tracker shows[0] that 1.1.1 is backwards compatible to 1.1.0, so
 unless you need the symbols that were added in 1.1.1, versioning the
 dependency in the package shouldn't be required.

 (And looking at the actual soname - 2:0:0 - since the age part wasn't
 incremented, the library will be considered as not backwards compatible and
 the requirement has to be placed on the newest version.)

 Tomas

 http://upstream.rosalinux.ru/versions/liblognorm.html


 ___
 rsyslog mailing list
 http://lists.adiscon.net/mailman/listinfo/rsyslog
 http://www.rsyslog.com/professional-services/
 What's up with rsyslog? Follow https://twitter.com/rgerhards
 NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
 sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T
 LIKE THAT.



 --
 Why is it that all of the instruments seeking intelligent life in the
 universe are pointed away from Earth?



 --
 Why is it that all of the instruments seeking intelligent life in the
 universe are pointed away from Earth?



-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] liblognorm 1.1.1 doesn't work with rsyslog

[Michael Biebl]

2015-03-12 15:49 GMT+01:00 Florian Riedl fri...@adiscon.com:
 Interesting. I am currently taking a look at this. As far as I understood
 then, the current packages for RHEL/CentOS should be ok, but those for
 Debian and Ubuntu are not. Is this correct so far?

Since I don't have experience with RPM packaging, take my reply with a
grain of salt:

RPM library package names are usually unversioned and the dependencies
are calculated automatically based on the soname. If you want more
fine-grained dependency information (say symbol foo was introduced in
version 1.2.3), you need symbols versioning [1], for this to work
properly in RPM


Michael

[1] https://sourceware.org/binutils/docs/ld/VERSION.html



-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] liblognorm 1.1.1 doesn't work with rsyslog

[Michael Biebl]

Apparently, the liblognorm soname bump wasn't properly handled
packaging wise looking at

https://launchpad.net/~adiscon/+archive/ubuntu/v8-stable/+packages

Packaging (and maintaining) libraries takes special effort to be done properly.

Please have a look at
https://www.debian.org/doc/debian-policy/ch-sharedlibs.html
https://www.debian.org/doc/manuals/maint-guide/advanced.en.html
https://www.netfort.gr.jp/~dancer/column/libpkg-guide/libpkg-guide.html

2015-03-12 15:05 GMT+01:00 Michael Biebl mbi...@gmail.com:
 I do hope, the Debian packages were updated accordingly, i.e. if there
 is a soname bump, you name it liblognorm2.
 So if you rebuild rsyslog against liblognorm-dev 1.1.1, it would get a
 dependency on liblognorm2. This way, it's ensured that you can't end
 up with broken packages.

 2015-03-12 14:55 GMT+01:00 Tomas Heinrich thein...@redhat.com:
 On 03/12/15 13:07, Thomas D. wrote:

 Rainer Gerhards wrote:

 that probably has to do with the fact that we fixed the library
 versioning.
 I admit we did it wrongly so far, so I have little experience with the
 proper way and its implications. I guess, we need to rebuild the rsyslog
 packages. Will initiate that.


 Right, you must rebuild against the the SO name version you are using.


 Yes, that needs to be done every time the value of
 first-digit-minus-third-digit of the soname changes.

 Don't forget to require liblognorm-1.1.1 in your packages if you build
 them against liblognorm-1.1.1 because if you link against
 liblognorm-1.1.1 you can't use previous versions anymore (or you have to
 rebuild...).


 Actually, at least for RPM, that is not necessary, generally speaking.
 During the build, dependency on a specific soname is automatically recorded
 in the depending package:

 $ rpm -qR rsyslog-mmnormalize | grep liblognorm
 liblognorm.so.2()(64bit)

 Upstream tracker shows[0] that 1.1.1 is backwards compatible to 1.1.0, so
 unless you need the symbols that were added in 1.1.1, versioning the
 dependency in the package shouldn't be required.

 (And looking at the actual soname - 2:0:0 - since the age part wasn't
 incremented, the library will be considered as not backwards compatible and
 the requirement has to be placed on the newest version.)

 Tomas

 http://upstream.rosalinux.ru/versions/liblognorm.html


 ___
 rsyslog mailing list
 http://lists.adiscon.net/mailman/listinfo/rsyslog
 http://www.rsyslog.com/professional-services/
 What's up with rsyslog? Follow https://twitter.com/rgerhards
 NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
 sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T
 LIKE THAT.



 --
 Why is it that all of the instruments seeking intelligent life in the
 universe are pointed away from Earth?



-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] failing test-suite for 8.8.8

[Michael Biebl]

2015-03-11 7:51 GMT+01:00 Rainer Gerhards rgerha...@hq.adiscon.com:
 2015-03-11 0:48 GMT+01:00 Michael Biebl mbi...@gmail.com:

 FYI: After addressing the .rulesbase files and -lgcrypt linkage issue,
 I've uploaded the package to the Debian buildd network.
 The current state can be seen at
 https://buildd.debian.org/status/package.php?p=rsyslogsuite=experimental

 Looks like there is some work left to do:-)


 Is there any way to get hold of the contents of test-suite.log, so that we
 know what failed?

Unfortunately, the buildd's don't keep the files, which are produced
during the build, around after a failed build.
Only whats printed to stdout/stderr is stored in a build log which can
 be accessed.

I'll make another upload, which dumps the tests/test-suite.log to
stdout in case the test suite fails.

Results will be available today.

Cheers,
Michael


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] failing test-suite for 8.8.8

[Michael Biebl]

2015-03-11 12:11 GMT+01:00 Michael Biebl mbi...@gmail.com:
 I'll make another upload, which dumps the tests/test-suite.log to
 stdout in case the test suite fails.

New results are in
If you go to 
https://buildd.debian.org/status/package.php?p=rsyslogsuite=experimental,
and click on Build-Attempted in the Status column, it will open the
full log file.


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] failing test-suite for 8.8.8

[Michael Biebl]

2015-03-10 20:39 GMT+01:00 Michael Biebl mbi...@gmail.com:

 I want to start enabling and running the test bench as part of the
 regular debian build starting with 8.8.0.


Another problem:
The test-suite requires gcrypt, but configure doesn't check for it.
There the build fails when trying to link the tcpflood test binary:



make[3]: Entering directory '/tmp/buildd/rsyslog-8.8.0/tests'
  CC   ourtail.o
  CCLD ourtail
  CC   nettester.o
  CC   getline.o
  CCLD nettester
  CC   tcpflood-tcpflood.o
tcpflood.c:153:1: warning: 'gnutls_certificate_credentials' is
deprecated [-Wdeprecated-declarations]
 static gnutls_certificate_credentials tlscred;
 ^
tcpflood.c: In function 'initTLSSess':
tcpflood.c:806:41: warning: cast to pointer from integer of different
size [-Wint-to-pointer-cast]
  gnutls_transport_set_ptr(sessArray[i], (gnutls_transport_ptr_t) sockArray[i]);
 ^
  CCLD tcpflood
/usr/bin/ld: cannot find -lgcrypt
collect2: error: ld returned 1 exit status
Makefile:1391: recipe for target 'tcpflood' failed
make[3]: *** [tcpflood] Error 1
make[3]: Leaving directory '/tmp/buildd/rsyslog-8.8.0/tests'
Makefile:2932: recipe for target 'check-am' failed
make[2]: *** [check-am] Error 2
make[2]: Leaving directory '/tmp/buildd/rsyslog-8.8.0/tests'
Makefile:919: recipe for target 'check-recursive' failed
make[1]: *** [check-recursive] Error 1
make[1]: Leaving directory '/tmp/buildd/rsyslog-8.8.0'
dh_auto_test: make -j1 check returned exit code 2
debian/rules:9: recipe for target 'build' failed
make: *** [build] Error 2
dpkg-buildpackage: error: debian/rules build gave error exit status 2
E: Failed autobuilding of package



-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] failing test-suite for 8.8.8

[Michael Biebl]

2015-03-10 21:08 GMT+01:00 Michael Biebl mbi...@gmail.com:
 2015-03-10 20:39 GMT+01:00 Michael Biebl mbi...@gmail.com:

 I want to start enabling and running the test bench as part of the
 regular debian build starting with 8.8.0.


 Another problem:
 The test-suite requires gcrypt, but configure doesn't check for it.
 There the build fails when trying to link the tcpflood test binary:


tcpflood_SOURCES = tcpflood.c
tcpflood_CPPFLAGS = $(PTHREADS_CFLAGS) $(GNUTLS_CFLAGS)
tcpflood_LDADD = $(SOL_LIBS) $(PTHREADS_LIBS) $(GNUTLS_LIBS)
if ENABLE_GNUTLS
tcpflood_LDADD += -lgcrypt
endif


That looks broken. ENABLE_GNUTLS doesn't imply that gcrypt is
available and/or required.

I see that tests/tcpflood.c has

#ifdef ENABLE_GNUTLS
#   include gnutls/gnutls.h
#   if GNUTLS_VERSION_NUMBER = 0x020b00
#   include gcrypt.h
GCRY_THREAD_OPTION_PTHREAD_IMPL;
#   endif
#endif


Maybe it would be simpler to just require a recent enough version of gnutls?


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] failing test-suite for 8.8.8

[Michael Biebl]

2015-03-10 21:35 GMT+01:00 Michael Biebl mbi...@gmail.com:
 tcpflood_SOURCES = tcpflood.c
 tcpflood_CPPFLAGS = $(PTHREADS_CFLAGS) $(GNUTLS_CFLAGS)
 tcpflood_LDADD = $(SOL_LIBS) $(PTHREADS_LIBS) $(GNUTLS_LIBS)
 if ENABLE_GNUTLS
 tcpflood_LDADD += -lgcrypt
 endif


 That looks broken. ENABLE_GNUTLS doesn't imply that gcrypt is
 available and/or required.

 I see that tests/tcpflood.c has

 #ifdef ENABLE_GNUTLS
 #   include gnutls/gnutls.h
 #   if GNUTLS_VERSION_NUMBER = 0x020b00
 #   include gcrypt.h
 GCRY_THREAD_OPTION_PTHREAD_IMPL;
 #   endif
 #endif


 Maybe it would be simpler to just require a recent enough version of gnutls?


Also, other users of gnutls, e.g. runtime/nsd_gtls.c, also have similar includes

#include gnutls/gnutls.h
#include gnutls/x509.h
#if GNUTLS_VERSION_NUMBER = 0x020b00
#  include gcrypt.h
#endif

yet, there is no explicit linking against -lgcrypt:

if ENABLE_GNUTLS
pkglib_LTLIBRARIES += lmnsd_gtls.la
lmnsd_gtls_la_SOURCES = nsd_gtls.c nsd_gtls.h nsdsel_gtls.c  nsdsel_gtls.h
lmnsd_gtls_la_CPPFLAGS = $(PTHREADS_CFLAGS) $(RSRT_CFLAGS) $(GNUTLS_CFLAGS)
lmnsd_gtls_la_LDFLAGS = -module -avoid-version
lmnsd_gtls_la_LIBADD = $(GNUTLS_LIBS)
endif


Rainer, why was the explicit tcpflood_LDADD += -lgcrypt needed in
case of tcpflood but e.g. not for  lmnsd_gtls.la?

-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

[rsyslog] failing test-suite for 8.8.8

[Michael Biebl]

Hi,

I want to start enabling and running the test bench as part of the
regular debian build starting with 8.8.0.

I've built from the 8.8.0 tarball and I get the following result:

Testsuite summary for rsyslog 8.8.0

# TOTAL: 128
# PASS:  122
# SKIP:  4
# XFAIL: 0
# FAIL:  2
# XPASS: 0
# ERROR: 0

The failing tests are
FAIL: mmnormalize_variable.sh
FAIL: mmnormalize_tokenized.sh


FAIL: mmnormalize_variable.sh
=

===
[mmnormalize_variable.sh]: basic test for mmnormalize module variable-support
rsyslogd: error: normalization rulebase
'testsuites/mmnormalize_variable.rulebase' could not be loaded cannot
activate action [v8.8.0 try http://www.rsyslog.com/e/2310 ]
rsyslogd: error during parsing file
./testsuites/mmnormalize_variable.conf, on or before line 14: errors
occured in file './testsuites/mmnormalize_variable.conf' around line
14 [v8.8.0 try http://www.rsyslog.com/e/2207 ]
rsyslogd started with pid  8193
starting run 1
Sending file './testsuites/date_time_msg' 1 times.
^M0001 kb sent
runtime: 0.000
End of tcpflood Run
doing shutdown
imdiag[13500]: mainqueue empty
wait on shutdown
content-check failed

FAIL: mmnormalize_tokenized.sh
==

===
[mmnormalize_tokenized.sh]: test for mmnormalize tokenized field_type
rsyslogd: error: normalization rulebase
'testsuites/mmnormalize_tokenized.rulebase' could not be loaded cannot
activate action [v8.8.0 try http://www.rsyslog.com/e/2310 ]
rsyslogd: error during parsing file
./testsuites/mmnormalize_tokenized.conf, on or before line 11: errors
occured in file './testsuites/mmnormalize_tokenized.conf' around line
11 [v8.8.0 try http://www.rsyslog.com/e/2207 ]
rsyslogd started with pid  8241
starting run 1
Sending file './testsuites/tokenized_input' 1 times.
^M0001 kb sent
runtime: 0.000
End of tcpflood Run
doing shutdown
imdiag[13500]: mainqueue empty
wait on shutdown
content-check failed



If 'testsuites/mmnormalize_tokenized.rulebase'  is supposed to
reference a real file, I couldn't find such a file indeed.
-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] failing test-suite for 8.8.8

[Michael Biebl]

FYI: After addressing the .rulesbase files and -lgcrypt linkage issue,
I've uploaded the package to the Debian buildd network.
The current state can be seen at
https://buildd.debian.org/status/package.php?p=rsyslogsuite=experimental

Looks like there is some work left to do:-)

2015-03-10 22:59 GMT+01:00 Rainer Gerhards rgerha...@hq.adiscon.com:
 Sent from phone, thus brief.
 Am 10.03.2015 22:57 schrieb Michael Biebl mbi...@gmail.com:

 2015-03-10 21:50 GMT+01:00 Rainer Gerhards rgerha...@hq.adiscon.com:

  Rainer, why was the explicit tcpflood_LDADD += -lgcrypt needed in
  case of tcpflood but e.g. not for  lmnsd_gtls.la?
 
  Probably simply because it always worked. Tcpflood is a third-class
  citizen,  it's only a testing tool and I don't care much as long as it
  works - which so far it always did for me.  Now it looks like it needs a
  fix...

 I don't quite understand this answer. Was this -lgcrypt line added in
 the past to fix a link failure or has it been added by accident
 without anyone ever noticing?

 It probably was added when it was needed at those days. Or maybe later. I
 really don't remember.  Sorry.


 --
 Why is it that all of the instruments seeking intelligent life in the
 universe are pointed away from Earth?
 ___
 rsyslog mailing list
 http://lists.adiscon.net/mailman/listinfo/rsyslog
 http://www.rsyslog.com/professional-services/
 What's up with rsyslog? Follow https://twitter.com/rgerhards
 NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
 of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
 DON'T LIKE THAT.
 ___
 rsyslog mailing list
 http://lists.adiscon.net/mailman/listinfo/rsyslog
 http://www.rsyslog.com/professional-services/
 What's up with rsyslog? Follow https://twitter.com/rgerhards
 NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
 sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T 
 LIKE THAT.



-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] rsyslog and journald

[Michael Biebl]

2015-03-06 17:22 GMT+01:00 Tyson Whitehead twhiteh...@gmail.com:
  MODULES 
 # The imjournal module bellow is now used as a message source instead of 
 imuxsock.
 $ModLoad imuxsock # provides support for local system logging (e.g. via 
 logger command)

 $OmitLocalLogging on
 $IMJournalStateFile imjournal.state

 as this make no sense unless you know that rsyslog understands systemd socket 
 passing.


Afaik, rsyslog in Fedora does *not* actually pass the syslog socket to rsyslog
That's why Alias=syslog.socket is commented out in rsyslog.service
and therefor there is no
/etc/systemd/system/syslog.service symlink pointing at rsyslog.service.

rsyslog will start and simply pull the syslog messages from the
journal via imjournal.

Why the rsyslog.conf in Fedora loads imuxsock and has
$OmitLocalLogging on, I dunno.

Not sure if the Fedora maintainers follow this mailing list and can
chime in here.




-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] rsyslog and journald

[Michael Biebl]

2015-03-06 22:07 GMT+01:00 Tyson Whitehead twhiteh...@gmail.com:
 On March 6, 2015 15:45:09 Tyson Whitehead wrote:
 That makes a lot more sense now.

 Thanks so much to both you guys.

 BTW, am I correct to assume that the imuxsock module is a better match than 
 the imjournal module for trying to get any last dieing messages off the box 
 before it wedges itself up.

That's a good question. As long as the message is properly stored in
the journal and the journal file was not corrupted when the system
dies, imjournal/rsyslog should pick up those messages upon the next
(re)boot.

The journal is a bit prone though to corrupt the journal files if the
system is shutdown uncleanly and journald will rotate those corrupt
files away (You typically see those in /var/log/journal having a
journal~ file extension).

Theoretically, using imjournal, you should be able to capture more
messages from early boot and late shutdown, since journald is started
earliers and stopped later then rsyslog.

Michael
-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] imuxsock does not support RFC5424 header

[Michael Biebl]

Thanks for looking into this and keeping us updated.
Am 05.03.2015 15:16 schrieb Rainer Gerhards rgerha...@hq.adiscon.com:

 2015-03-03 17:07 GMT+01:00 Thomas D. whi...@whissi.de:

  Hi Rainer,
 
  thank you for the answers.
 
  Regarding journald (systemd):
  Gentoo is about choices. You can use Gentoo with systemd but you can
 stay
  with OpenRC (or use another init system of your choice). Many Gentoo
  desktop
  users are moving towards systemd. But especially for servers, many people
  keep OpenRC.
 
 
  I am currently concerned because I don't really understand the impact of
  the
  latest util-linux changes: Does it break typical setups which are relying
  on
  imuxsock usage? I.e. a chrooted service which has its own /dev/log in
  /chroot/service/dev/log using imuxsock?
 
  In other words: Would you, as upstream, recommend for the moment to
 enforce
  util-linux version 2.26 (=without RFC5424 per default) with rsyslog? Or
  should a normal user not be affected, only in special setups, so a
  warning/info should be enough?
 
 
 Now that I have reviewed the code of logger 2.26, I would *strongly*
 recommend to enforce  2.26 with rsyslog. There are multiple format issues
 in the new version, which will not only break rsyslog but probably others
 as well. This also happens when sending remotely. I am creating bug
 trackers and fixes at the util-linx project.

 Rainer
 ___
 rsyslog mailing list
 http://lists.adiscon.net/mailman/listinfo/rsyslog
 http://www.rsyslog.com/professional-services/
 What's up with rsyslog? Follow https://twitter.com/rgerhards
 NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
 of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
 DON'T LIKE THAT.

___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] imuxsock does not support RFC5424 header

[Michael Biebl]

2015-03-03 16:53 GMT+01:00 Rainer Gerhards rgerha...@hq.adiscon.com:
 I have recently lost most interest in imuxsock as all major distros have
 voiced to use journald, and journald recommends to use imjournal in
 contrast to imuxsock, so all topics related to imuxsock now have a very low
 priority. Given our discussion here, I will however see what it would take
 to make it optionally use the regular parser interface.

Fwiw, In Debian (jessie), we still use imuxsock by default. Simply
because this way I can ship a configuration which works with both
systemd and sysvinit and we still have sysloggers in Debian which
don't yet pull actively from the journal but rely on journald to
forward the messages via the syslog socket.

This might change in jessie+1, but before we switch to imjournal,
we'll need to give this further testing.
So a properly supported imuxsock is still valuable to us.

-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] *.emerg causes a warning?

[Michael Biebl]

2015-02-03 10:13 GMT+01:00 Rainer Gerhards rgerha...@hq.adiscon.com:
 2015-02-03 0:30 GMT+01:00 David Lang da...@lang.hm:


 On Mon, 2 Feb 2015, Otis Gospodnetic wrote:

  Hi,

 Just installed the very latest 8.7.0 on one machine and spotted this in
 the
 log:

 Feb  2 23:24:27 logsene-reports rsyslogd-2207: error during parsing file
 /etc/rsyslog.conf, on or before line 55: warnings occured in file
 '/etc/rsyslog.conf' around line 55 [try http://www.rsyslog.com/e/2207 ]



 didn't you get the other error message? This is what I see:

 2015-02-03T10:10:14.076337+01:00 ubuntu1404esp rsyslogd-2184: action '*'
 treated as ':omusrmsg:*' - please change syntax, '*' will not be supported
 in the future [v8.8.0.master try http://www.rsyslog.com/e/2184 ]
 2015-02-03T10:10:14.146723+01:00 ubuntu1404esp rsyslogd-2207: error during
 parsing file bluecoat.conf, on or before line 7: warnings occured in file
 '/bluecoat.conf' around line 7 [v8.8.0.master try
 http://www.rsyslog.com/e/2207 ]


Just in case, this wasn't obvious, please change the line to

*.emerg   :omusrmsg:*


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] rsyslog, journald and phplogcon

[Michael Biebl]

2015-02-03 20:32 GMT+01:00 David Lang da...@lang.hm:
 On Tue, 3 Feb 2015, Michael Biebl wrote:

 2015-02-03 20:12 GMT+01:00 David Lang da...@lang.hm:

 the module load for imjournal line polls the journal, asking for all logs
 since the last time it asked for logs. This is rather inefficient, but if
 you need the extra journald metadata, you need to do this since the
 journal
 won't send it otherwise.

 The alturnative to this is to have journald send the logs to rsyslog (for
 this, lookup the journald documentation where they say that they don't
 break
 syslog because they support delivering logs to syslog)


 It's only an alternative, if you don't need the additional metadata.
 In this mode, journald will forward the messages to
 /run/systemd/journal/syslog, and syslog will read from this socket
 instead of /dev/log.
 Those forwarded messages do not have any additional metadata.


 ok, then to read this (assuming that your version of journald is outputting
 it) should be:

 input(type=imuxsock socket=/run/systemd/journal/syslog)


Oh, no, you don't need this.
If rsyslog is activated by systemd, it will pass this socket as
environment variable to rsyslog and rsyslog will pick that up
automatically.

There is nothing you need to do.


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] rsyslog, journald and phplogcon

[Michael Biebl]

2015-02-03 20:52 GMT+01:00 Michael Biebl mbi...@gmail.com:
 Oh, no, you don't need this.
 If rsyslog is activated by systemd, it will pass this socket as

socket-activated, to be precise.

 environment variable to rsyslog and rsyslog will pick that up
 automatically.

 There is nothing you need to do.

If you look at a distro like Debian, which runs rsyslog under systemd,
you'll see that it simply ships a generic /etc/rsyslog.conf.

You just need to make sure to install and enable the rsyslog.service
file that is provided by rsyslog.
The magic bits are:

[Unit]
Requires=syslog.socket
...
[Alias]
Alias=syslog.service


This will make systemd start rsyslog if there is activity on /dev/log
and start rsyslog.service, passing it the syslog socket in the
LISTEN_FDS env variable, where rsyslog will pick it up automatically.

I'm happy to go into more detail, if there is interest.


Michael


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] rsyslog, journald and phplogcon

[Michael Biebl]

2015-02-03 20:12 GMT+01:00 David Lang da...@lang.hm:
 the module load for imjournal line polls the journal, asking for all logs
 since the last time it asked for logs. This is rather inefficient, but if
 you need the extra journald metadata, you need to do this since the journal
 won't send it otherwise.

 The alturnative to this is to have journald send the logs to rsyslog (for
 this, lookup the journald documentation where they say that they don't break
 syslog because they support delivering logs to syslog)

It's only an alternative, if you don't need the additional metadata.
In this mode, journald will forward the messages to
/run/systemd/journal/syslog, and syslog will read from this socket
instead of /dev/log.
Those forwarded messages do not have any additional metadata.
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] rsyslog, journald and phplogcon

[Michael Biebl]

2015-02-03 21:13 GMT+01:00 David Lang da...@lang.hm:
 It would be useful. Questions relating to interacting with the journal and
 systemd are common and going to be more common, but there aren't a lot of us
 here with experience with that environment.

Are you interested in the big picture or do you have specific questions?


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] Dealing with ancient rsyslog versions on new Linux distros

[Michael Biebl]

Hi,

speaking for Debian, I try to push new upstream versions to unstable
in a timely manner.
Unstable and the (hopefully) soon-to-be-released jessie will have 8.4.x.

The version in stable is based on 5.8, so indeed a bit dated.
I do provide official backports though whenever it's doable with
reasonable effort and there is demand.

Currently backports has 7.6. See [1] for the list of currently
available version.

If there is demand for 8.4 in wheezy/stable, I can certainly look into this.

Michael


[1] https://packages.debian.org/search?keywords=rsyslog

2014-10-10 4:37 GMT+02:00 Otis Gospodnetic otis.gospodne...@gmail.com:
 Hello,

 We recently had a new Logsene http://sematext.com/logsene/ user who had
 some issues tailing a file with application logs and sending them to our
 rsyslog.  After some digging we looked at the rsyslog version.  It turned
 out to be 5.x.  Ancient!  But even scarier was that this was on Ubuntu
 12.04, which I still think of as relatively new!  And then I looked at
 Ubuntu 14.04 and the upcoming 14.10 and it looks like they only have
 7.4.4.  I then looked at CentOS 7, which is really new, and that also has
 7.4.x!

 Aren't all of these quite old and quite different from 8.4.x?
 Are there *any* semi-common/popular Linux distros that have rsyslog 8.x?

 Finally, is there anything Adiscon could do or is doing to get 8.x into new
 versions of some of the more popular Linux distros?

 In case of Logsene, if we see people having trouble with rsyslog simply
 because their distros have very old versions of rsyslog, we may simply have
 to recommend Logstash, because when we recommend that we can be pretty sure
 people will either have or will get one of the more recent versions and
 this is probably much easier to install because, I assume, manually
 updating rsyslog is tricky because of dependencies, packages, etc.

 I was wondering if there is anything that could be done about this from
 rsyslog or Adiscon side?

 Thanks,
 Otis
 --
 Monitoring * Alerting * Anomaly Detection * Centralized Log Management
 Solr  Elasticsearch Support * http://sematext.com/
 ___
 rsyslog mailing list
 http://lists.adiscon.net/mailman/listinfo/rsyslog
 http://www.rsyslog.com/professional-services/
 What's up with rsyslog? Follow https://twitter.com/rgerhards
 NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
 sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T 
 LIKE THAT.



-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] rsyslog 8.4.0 (v8-stable) released

[Michael Biebl]

2014-08-19 16:00 GMT+02:00 Rainer Gerhards rgerha...@hq.adiscon.com:
 On Tue, Aug 19, 2014 at 3:38 PM, Rainer Gerhards rgerha...@hq.adiscon.com
 wrote:

 On Tue, Aug 19, 2014 at 3:18 PM, Michael Biebl mbi...@gmail.com wrote:

 2014-08-19 14:53 GMT+02:00 Michael Biebl mbi...@gmail.com:
 
  Reverting 6d668c915fdacbeea85348ba6b03958f8622e1a1 fixed the build on
  the mips porterbox.

 Not surprisingly, it also fixes the build on sparc



 yup, thx, this was a very good hint. I guess I looked at the wrong problem
 area. Probably a missing semicolon somewhere. Will work my way through it
 :-)

 yeah, got it. It's indeed semicolon trouble that you get as soon as you
 disable atomic instructions. Can now look in more depth for a proper fix.

The changes to runtime/statsobj.h [1] look wrong. Re-adding the
missing ; fixes the build


diff --git a/runtime/statsobj.h b/runtime/statsobj.h
index 347f639..d56485d 100644
--- a/runtime/statsobj.h
+++ b/runtime/statsobj.h
@@ -139,7 +139,7 @@ PROTOTYPEObj(statsobj);
  */
 #define STATSCOUNTER_DEF(ctr, mut) \
intctr_t ctr; \
-   DEF_ATOMIC_HELPER_MUT64(mut)
+   DEF_ATOMIC_HELPER_MUT64(mut);

 #define STATSCOUNTER_INIT(ctr, mut) \
INIT_ATOMIC_HELPER_MUT64(mut); \
-- 

[1] 
http://git.adiscon.com/?p=rsyslog.git;a=blobdiff;f=runtime/statsobj.h;h=347f639f8d735c37b25a578da6ca659c0f8fa47a;hp=d56485de11f57f70e8af23001c3be989a1b6757a;hb=6d668c915fdacbeea85348ba6b03958f8622e1a1;hpb=e61d8a88d081c35a4c3a5778e1fb9d23339dffd5
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] rsyslog 8.4.0 (v8-stable) released

[Michael Biebl]

2014-08-20 19:21 GMT+02:00 Michael Biebl mbi...@gmail.com:
 2014-08-19 16:00 GMT+02:00 Rainer Gerhards rgerha...@hq.adiscon.com:
 On Tue, Aug 19, 2014 at 3:38 PM, Rainer Gerhards rgerha...@hq.adiscon.com
 wrote:

 On Tue, Aug 19, 2014 at 3:18 PM, Michael Biebl mbi...@gmail.com wrote:

 2014-08-19 14:53 GMT+02:00 Michael Biebl mbi...@gmail.com:
 
  Reverting 6d668c915fdacbeea85348ba6b03958f8622e1a1 fixed the build on
  the mips porterbox.

 Not surprisingly, it also fixes the build on sparc



 yup, thx, this was a very good hint. I guess I looked at the wrong problem
 area. Probably a missing semicolon somewhere. Will work my way through it
 :-)

 yeah, got it. It's indeed semicolon trouble that you get as soon as you
 disable atomic instructions. Can now look in more depth for a proper fix.

 The changes to runtime/statsobj.h [1] look wrong. Re-adding the
 missing ; fixes the build


 diff --git a/runtime/statsobj.h b/runtime/statsobj.h
 index 347f639..d56485d 100644
 --- a/runtime/statsobj.h
 +++ b/runtime/statsobj.h
 @@ -139,7 +139,7 @@ PROTOTYPEObj(statsobj);
   */
  #define STATSCOUNTER_DEF(ctr, mut) \
 intctr_t ctr; \
 -   DEF_ATOMIC_HELPER_MUT64(mut)
 +   DEF_ATOMIC_HELPER_MUT64(mut);

  #define STATSCOUNTER_INIT(ctr, mut) \
 INIT_ATOMIC_HELPER_MUT64(mut); \
 --

 [1] 
 http://git.adiscon.com/?p=rsyslog.git;a=blobdiff;f=runtime/statsobj.h;h=347f639f8d735c37b25a578da6ca659c0f8fa47a;hp=d56485de11f57f70e8af23001c3be989a1b6757a;hb=6d668c915fdacbeea85348ba6b03958f8622e1a1;hpb=e61d8a88d081c35a4c3a5778e1fb9d23339dffd5


fwiw, I found it a bit confusing that the ; were shuffled around for
some defines, but not all.

E.g. you moved it for DEF_ATOMIC_HELPER_MUT, but not DEF_ATOMIC_HELPER_MUT64.
This is where this bug resulted from.

-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] rsyslog 8.4.0 (v8-stable) released

[Michael Biebl]

2014-08-19 12:08 GMT+02:00 Rainer Gerhards rgerha...@hq.adiscon.com:
 I am a bit at a loss. Could you lend me a helping hand?

 Look here (an example, the others are more or less the same):

 https://buildd.debian.org/status/fetch.php?pkg=rsyslogarch=sparcver=8.4.0-1stamp=1408392140file=log

 looks like intctr_t is not defined. There is a

 typedef uint64 intctr_t

 right in the same file (line 38).

 Then I checked where uint64 is typedef'ed. That's done in
 runtuime/typedefs.h, which is included in rsyslog.h, which in turn is
 included in rsyslogd.c right at the top (line 29), *before* wti.h, which
 then triggers the error. So in theory, the type should be available.

 Can it be that some platforms do not supoport long long unsigned and this
 leads to that error?

Reverting 6d668c915fdacbeea85348ba6b03958f8622e1a1 fixed the build on
the mips porterbox.



-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

[rsyslog] small systemd service file tweaks

[Michael Biebl]

Hi,

I suggest to add small tweaks to the systemd service file:


diff --git a/rsyslog.service.in b/rsyslog.service.in
index 8e2d64c..de37ff0 100644
--- a/rsyslog.service.in
+++ b/rsyslog.service.in
@@ -1,11 +1,14 @@
 [Unit]
 Description=System Logging Service
 Requires=syslog.socket
+Documentation=man:rsyslogd(8) man:rsyslog.conf(8)
+Documentation=http://www.rsyslog.com/doc/

 [Service]
 Type=notify
 ExecStart=@sbindir@/rsyslogd -n
 StandardOutput=null
+Restart=on-failure

 [Install]
 WantedBy=multi-user.target




The first one is adding a Documentation field. I'm a bit unsure if we
should actually add man:rsyslog.conf(8) here, since that file is
pretty outdated (in v8.4). Adding man:rsyslogd(8) at least seems fine
though.
Regarding the link to the documentation hosted on the web site: We can
use the unversioned
http://www.rsyslog.com/doc/ here or actually match the correct version
like in case of 8.4
http://www.rsyslog.com/doc/v8-stable/.

This would require though, to keep the rsyslog.service.in up-to-date
with each new release.



The result then looks like

rsyslog.service - System Logging Service
   Loaded: loaded (/lib/systemd/system/rsyslog.service; enabled)
   Active: active (running) since Di 2014-08-19 14:58:59 CEST; 15min ago
 Docs: man:rsyslogd(8)
   man:rsyslog.conf(8)
   http://www.rsyslog.com/doc/
 Main PID: 14416 (rsyslogd)
   CGroup: /system.slice/rsyslog.service
   └─14416 /usr/sbin/rsyslogd -n



The second is the addition of Restart=on-failure [1]
I think having rsyslog respawned when it crashes makes a lot of sense
for a syslogger.


Michael

[1] 
http://www.freedesktop.org/software/systemd/man/systemd.service.html#Restart=
-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] rsyslog 8.4.0 (v8-stable) released

[Michael Biebl]

2014-08-19 14:53 GMT+02:00 Michael Biebl mbi...@gmail.com:

 Reverting 6d668c915fdacbeea85348ba6b03958f8622e1a1 fixed the build on
 the mips porterbox.

Not surprisingly, it also fixes the build on sparc


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] rsyslog 8.4.0 (v8-stable) released

[Michael Biebl]

Hi Rainer,

you're ahead of me. Didn't check the buildd page yet. Thanks for
keeping an eye on that!



2014-08-18 22:30 GMT+02:00 Rainer Gerhards rgerha...@hq.adiscon.com:
 Thx a lot. I've also seen build errors on some platforms.  They look like
 bugs. Will look into that. If iI find something,  it would be great if you
 could try a new build. I'll keep you posted.

 Rainer

 Sent from phone, thus brief.
 Am 18.08.2014 22:17 schrieb Michael Biebl mbi...@gmail.com:

 uploaded rsyslog 8.4.0-1  and rsyslog-doc 8.4.0-1 to Debian unstable

 https://packages.qa.debian.org/r/rsyslog/news/20140818T163448Z.html
 https://packages.qa.debian.org/r/rsyslog-doc/news/20140818T165113Z.html

 2014-08-18 17:02 GMT+02:00 Florian Riedl fri...@adiscon.com:
  Hi all,
 
  We have just released 8.4.0 of the v8-stable branch.
 
  This release introduces the new stable version that inherits all the
  enhancements and improvements of rsyslog 8.3.
 
  Additionaly, the separated documentation is available as a tarball
 download
  on the download page.
  ChangeLog:
 
  http://www.rsyslog.com/changelog-for-8-4-0-v8-stable/
 
  Download:
 
  http://www.rsyslog.com/downloads/download-v8-stable/
 
  As always, feedback is appreciated.
 
  Best regards,
  Florian Riedl
  ___
  rsyslog mailing list
  http://lists.adiscon.net/mailman/listinfo/rsyslog
  http://www.rsyslog.com/professional-services/
  What's up with rsyslog? Follow https://twitter.com/rgerhards
  NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
 of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
 DON'T LIKE THAT.



 --
 Why is it that all of the instruments seeking intelligent life in the
 universe are pointed away from Earth?
 ___
 rsyslog mailing list
 http://lists.adiscon.net/mailman/listinfo/rsyslog
 http://www.rsyslog.com/professional-services/
 What's up with rsyslog? Follow https://twitter.com/rgerhards
 NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
 of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
 DON'T LIKE THAT.

 ___
 rsyslog mailing list
 http://lists.adiscon.net/mailman/listinfo/rsyslog
 http://www.rsyslog.com/professional-services/
 What's up with rsyslog? Follow https://twitter.com/rgerhards
 NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
 sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T 
 LIKE THAT.



-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] rsyslog 8.4.0 (v8-stable) released

[Michael Biebl]

2014-08-18 22:47 GMT+02:00 Michael Biebl mbi...@gmail.com:
 Hi Rainer,

 you're ahead of me. Didn't check the buildd page yet. Thanks for
 keeping an eye on that!

Just in case, anyone is interested, I was referring to
https://buildd.debian.org/status/package.php?p=rsyslogsuite=unstable


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Re: [rsyslog] Email notification in our rsyslog server

[Michael Biebl]

2014-07-18 7:01 GMT+02:00 Swapnil Chaudhary schaudh...@travelclick.com:
 Hi,

 We have to set up email notification in our rsyslog server.
 Kindly let me know how to configure it.

Please read the existing documentation and if then something is still
unclear, come back with a more detailed question.

Thanks,
Michael


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.