July 2007 - Page 2 of 3 - Rainer Gerhards

2007-07-22

rsyslog output module interface

Rsyslog‘s output module interface begins to materialize. I have even begun to restructure the code modules, which currently mostly means shifting code to different places. However, there is much more behind this code-shuffling. I’ve been thinking quite a while about modularization of rsyslog. What happens now is the result of this thinking. In the end, we will have output modules running on independent threads, each being able to queue data when the output for some reason is suspended (e.g. the remote syslog server it sends data to is unavailable). And, of course, the module interface will also support plug-ins.

The current MySQL action will become such a plug-in. I need to adopt a way to tell current users a way to migrate to the loadable module interface. I guess, I’ll add a dummy statement like

$ModLoad MySQL

To the current configuration. Well, yes, let’s do that – I’ve created a feature tracker as I write down this blog entry.

The only effect it will have in current code is that it tells the config engine that the user cared about modules. In builds that will later support loadable modules, it will actually load the mysql plugin. Currently, its only function will be to warn users to apply it, when they did not do it. That should take care of a smooth transition.

2007-07-19

astronomy talk for kids

Live is not just about programming. Today, I took some time off to give an astronomy talk to elementary school kids. Their teacher had approached me some time ago and asked if I could give that talk at the end of their school excursion. Of course I could :)

It was a quite basic talk about the sun, moon and stars, with a focus on understanding our place in to solar system. Of course I covered all the nice planets and especially focused on Saturn (of course, because I am a SOC member ;)). We had big luck with the weather. Around noon, there was pouring rain and clouds, clouds, clouds. When I arrived at the school (they came over to our elementary school in Grossrinderfeld), the rain ceased somewhat.

We prepared and off went the talk. The kids were very interested and obviously had fun. And, believe it or not, by the time the talk completed, there was bright sunshine. So I could bring out my PST solar telescope and the kids could have a great look at our mother star (of course, the teachers liked it to).

To conclude the event, I dispersed NASA stickers (ESA doesn’t provide me some ;)) and left a lucky crowd.

Did I say this is a very rewarding activity? ;)

2007-07-18

rsyslog now in fedora 8

Read this mail message:

http://www.redhat.com/archives/fedora-devel-list/2007-July/msg00941.html

Rsyslog is now part of fedora 8. I hope that a lot of folks will try it out and contribute their experience back. This will definitely help us build the best syslogd ever.

As a side-note, I’ve today received another couple of patch contributions for rsyslog. It’s really fun seeing all those people look at the project. Thanks to everyone.

2007-07-18

Changed the scope of this blog…

I started this blog in 2003 as something purely about syslog. At that time, I also started some other blogs, which I now mostly have abandoned. The whole system was a bit clumsy, plus there was limited interest in the content (to phrase it mildly).

Things have evolved. Now blogger offers tags (called “label” there), which allow to keep track of different topics in a single blog. So I thought I give it a new try. I’ll use the blog in addition to my web sites and post small news here that do not make it onto the sites for whatever reason. I am not sure if that will finally work out, but it is at least worth a try.

2007-07-18

rsyslog and fedora 8

I looks like more and more sites pick up the news. A quite good review of it, together with the other F8 features, can be found at this site:

http://linuxupdate.blogspot.com/2007/07/proposed-fedora-8-features.html

I wonder if traffic will go up on the rsyslog site – this has not happened yet. The root question behind that question is if people really care about logging. I guess most people couldn’t care less than which syslogd is included in a distro. But I may be proved wrong.

In the mean time, I hope that the additional exposure will lead to more ideas, more testing and in the end result an even better rsyslog.

2007-07-172018-06-08

rsyslog 1.17.0

I had an extraordinary good day today. I managed to make rsyslog 1.17.0 nearly feature complete for the upcoming 2.0.0 release. I also see much more interest from the community, now that red hat thinks about moving rsyslog into Fedora 8. If all goes well, we’ll soon see it pushed to F7 as an extra. That would enable more people to play with it. And that’s important. We had a lot (a real looooot) of changes the past weeks. It’s now time that some folks seriously try to break the code, so that we can create a solid set of bug-fixes (not that I or my contributors made any mistakes – but you know: all these multi-bit errors messing up the source ;)).

Let’s stay tuned how things evolve. For the time being, will simply enjoy being satisfied ;)

2007-07-15

rsyslog and fedora…

The news is creeping around the net that rsyslog possible replaces sysklogd in Fedora 8. As far as I know, no definitive decision has jet been made by the Fedora folks. But a lot of them already contribute to the code and its packaging system. So no matter how they’ll finally decide, this is very good news for the project.

Currently, I have not “advertised” the fact because I think it is not yet finally decided. But now it looks it has left the mailing Fedora mailing lists:

http://liquidat.wordpress.com/2007/07/14/smolt-statistics-fedora-8-feature-list

2007-07-13

Why GPLv3? (rant on crippled commercial products with Open Source in them)

After writing about my intended move to GPLv3 yesterday, I was asked if that would really be clever to do it. Even more, I was pointed at http://www.builderau.com.au/blogs/syslog/viewblogpost.htm?p=339270811, which thinks GPlv3 is bad because it does limit what commercially can be done with the software.

Actually, I think that is a strength of GPLv3. I devote time for my projects. This time does not bring me any money. It’s fun, sure. It brings insight. Sure. Probably it has some side-effects, that fund the project somehow. Great. But I would not like to see someone taking my hard work and making money out of it without contributing back. I would not like to see rsyslog running on e.g. TIVO while that very same TIVO cripples my freedom and takes money from me. Why should I contribute to something that I do not like? Am I supposed to be a fool?

No folks, forget about it. Does that mean TIVO can not build products? NOT AT ALL! They are free to do whatever they want. They can even hire me to write a subsystem for their use, without any GPLv3 restrictions. All they are not permitted to do is use my work for free without contributing back. Much the same as I am not allowed to share my legally recorded videos. Why should I provide code for such? Again, they are not limited to do whatever they like to do. The music and movie industries as well as their helpers are marauding us and torturing even paid use with digital restrictions management (DRM). They obtain well enough money to do their own development. This is the way they should do it. And if they want something for free, then they need to contribute back. It’s that easy – and this is why I am a big fan of GPLv3 (yes, I know there will be subtle issue, but anyhow – these will be sorted out over time).

Now replace TIVO with “your-favorite-crippled-crap” and you got the full message ;)

Have fun!
Rainer

2007-07-12

GPLv3 and rsyslog

Did you know? GPLv3 is out. And I am seriously considering it for my rsyslog project. Why? I do not like Tivo-ization nor do I like software patents. So, isn’t then moving to a license unfriendly to those a good idea? I think it is. But of course, there are a number of subtleties that I need to check.

I guess version 2.0.0, due soon, will be released under GPLv3.

2007-07-12

Why are there so few messages from sysklogd itself?

Have you ever wondered why your logs do not contain anything from the syslog subsystem itself, except for maybe a message or two? Tina Bird has started an interesting new discussion on the loganalysis mailing list.

Of course, I couldn’t stand it and have added my 2cts. I’d like to reproduce it here in the blog, too:

> I have received a number of responses along these lines, obtained by
> grepping the source code or by running strings on the binary.
> These are far
> better than nothing, and I’m grateful for the help, but they miss an
> important piece of the picture. Especially in a piece of code
> as old and,
> uh, crufty as syslogd, there’s a high likelihood that many of
> the errors
> find themselves at the far ends of code paths that rarely (if
> ever) get
> executed, and therefore those errors never find themselves in
> the “outside”
> world, providing assistance (or confusion) to system administrators
> everywhere.

OK, I’ve once again done a real review of the sysklogd 1.14.1 source. I wanted to make sure I really tell the truth. The plain truth is that it is nearly impossible that anything goes wrong after syslogd is started. So you’ll observe a number of “config file invalid” messages, but only (hopefully;)) during initial setup. Once things run smoothly, you will see error message only when things go really wrong, e.g. when the hard disk dies. But then, in practice, will that ever occur? If the answer is yes, then you need to ask “will it be seen”? Of those systems where a hard disk failure is catastrophic, all of the logs are probably on that failed hard disk. Yes, exactly that disk our error message will be … ahem would be … written to ;) So you end up with just initialization and termination messages.

Is that the case because syslogd is such a perfect piece of software. Not really. The reason is that the stock implementation simply can not have any real problems once it runs: selector lines were either OK (and operating) or invalid (and disabled). And how about the network? Surely received packets are a trouble source. Formatting errors of all kind…

Let’s have a look at (informational RFC 3164):

##
4. Packet Format and Contents

The payload of any IP packet that has a UDP destination port of 514
MUST be treated as a syslog message.
##

Sweet – anything that is destined to 514 is a syslog message. No matter what the content is. Really? Am I kidding? Let’s read on:

##
Example 2

Use the BFG!

While this is a valid message, it has extraordinarily little useful
information.
##

Yeah… This is a valid message. This also: “HaHaHa”. So how will a parser need to complain when it processes the message. It doesn’t – and that’s why you won’t see many messages from sysklogd itself.

HOWEVER, things are improving. In rsyslogd, there are a lot more things that can go wrong. For example, IETF is standardizing the frame format if TLS is used. This provides a number of opportunities for emitting error messages. TCP itself gives ground to another set of messages. On the output side the same: rsyslog can do dynamic file names. That means files are created depending on incoming messages. Of course, things can go wrong here, providing another set of error messages.

I am talking about rsyslog, because I maintain this project. I think any other modern-day syslogd has a similar set of error messages. And these are possibly seen in practice. But now it is much more depending on how valid all parts of the system, including senders, work. With the majority of syslog-enabled applications still following the “I don’t need to obey any format” paradigm, the typical cause for error messages is not-existent for syslog servers.

I hope that clarifies. And there is even hope: syslogd’s will spit out more errors in the future ;) [and, yes, I have at least created a todo item to emit meaningful error identifiers together with them…]

Rainer