Posts - Rainer Gerhards

2020-09-302020-09-30

First Syslog Open Online Meeting a Success

Yesterday, we held the first open meeting for the (r)syslog community. It was announced on very short notice, but we still had more than 10 participants. Even more important, we had some great discussions. So I call the concept a “success” and plan for more to come.

For everyone who could not attend, here is the meeting recording:

Please accept YouTube cookies to play this video. By accepting you will be accessing content from YouTube, a service provided by an external third party.

YouTube privacy policy

If you accept this notice, your choice will be saved and the page will refresh.

2020-09-282020-09-29

Experiment: an open online meeting for rsyslog folks

I am thinking quite a while about doing online seminars or meetings for folks interested in rsyslog. After some prep work, I decided to do an experiment and invite all of you to the rsyslog community’s first open online meeting. It will be held at 2020-09-29 at 3p UTC (5p CEST, 11a EDT, 8a PDT). The meeting URL is https://meet.rainer -gerhards.de/syslogOpenMeeting. Meeting language is English.

Foto of Rainer Gerhards preparing a Video Conference — Rainer Gerhards preparing a Video Conference.

This is more than a community experiment. I have worked on setting up a decent self-hosted Jitsi Meet server (some background info in German). The meeting is also meant as one of the first test runs for this system. So it definitely helps if you are a bit adventurous when you attend.

2020-09-042020-09-04

rsyslog windows agent: new minor release

A lot of things are going on, but I also wanted to share news that we have just released a new version of the rsyslog Windows agent. It’s a minor bug-fixing release, so usually no need to rush.

Screenshot of Rsyslog Windows Agent in Config mode. — Rsyslog Windows agent configuration App. Here, creation of a TCP syslog forwarding rule is shown.

2020-09-022020-09-30

Corona: Vacation Season Effect on Infections (Germany)

Do you wonder if traveling and vacation season has some effect on Corona spread? German numbers suggest it has – and it can be seen in new cases.

German Corona Infections for three fedaral states. — New Corona Infections (7 day incidence) of three German federal states. The red lines show a state with early school holidays, whereas the blue and green plot show two states where summer break is late. (Plot: Rainer Gerhards, Data: RKI)

2020-08-252020-08-25

rsyslog 8.2008 released – packages delayed

While we have released rsyslog 8.2008 today, binary packages are not yet updated. They will follow follow “a bit” later.

Image of rsyslog being build via SUSE OBS — A rsyslog build via SUSE Open Build Service. This time the rsyslog package build process is delayed due to problems with upgrades to the package build process. (Image: Rainer Gerhards)

The rsyslog project usually publishes binary packages for many distributions alongside the regular (source) scheduled stable releases. So far, this was a mostly manual process. In the past couple of week, we have worked on a CI system for package build as well as additional automation. We have not yet fully reached our goals, but things look pretty well.

2020-08-242020-08-24

LIBRELP 1.7.0 release upcoming

Librelp 1.7 brings some memory leaks fixes, support for chained certificate files and a bit more. The official release is tomorrow. It will be co-released with rsyslog 8.2008.

LIBRELP is a library for reliable network event logging. (Image: Rainer Gerhards)

The memory leak is especially relevant for some load-balancers, including AWS. I highly recommend to use the new library in such environments. As a side-note, we have also finally done some library symbol cleanups. If you used non-API functions that will hurt you. However, to the best of my knowledge nobody does such dirty tricks.

Adiscon will also integrate the new librelp in to it’s Windows products (including WinSyslog and EventReporter)

About LIBRELP

Librelp is library for reliable network event logging, It provides syslog-like functionality with a drastically reduced risk of messages loss. Note that industry-standard TCP syslog is unreliable by design. Librelp was written to address these shortcomings.

Rainer Gerhards initiated the librelp open source project. It is primarily sponsored by Adiscon.

2020-08-202020-08-24

rsyslog template variables – where to find them

Did you search for “rsyslog template variables”? And landed here? Many folks do, so let me explain where you actually find them. TLDR: find them in the property doc.

Screenshot of rsyslog configuration — A screenshot of a rsyslog configuration snippet involving a somewhat more complex template. (Rainer Gerhards, 2020)

2020-08-102020-08-10

SEO: Getting into Google News – no longer Possible?

Many publishers love to get into the Google News index – it offers an extra source of traffic and can really boost a site. Unfortunately, getting into News is not as easy as it looks.

A Picture of Google News — Google News: many publisher would like use this as a source of extra traffic. However, the site must fit and offer journalistic content. (Screenshot done by Rainer Gerhards on 2020-08-10)

2019-10-092020-08-24

rsyslog: integrating Windows Event Log (via UDP)

This tutorial tells how to integrate data from Windows event log into our rsyslog configuration. We will do this integration via the UDP syslog protocol so that we finally can show this in a real case. No advanced topics are covered. We use CentOS 7 and Windows Server 2012 (because it still is in more widespread use). This is part of a rsyslog tutorial series.

Continue reading “rsyslog: integrating Windows Event Log (via UDP)”

2019-10-072019-10-07

rsyslog: relay messages only (no local storage)

This tutorials tells how rsyslog is configured to accept syslog messages over the network via UDP. No advanced topics are covered. We use CentOS 7. This is part of a rsyslog tutorial series.

Scope

We will configure LC to only relay messages received via UDP but not store them locally. Locally-generated messages will still be stored inside local log files. They, too, will be forwarded to LR. This is a very common use case. We still do not configure any sender to connect to LC.

To do all of this, we need to modify only LC local configuration. As such, our base lab scenario will remain in the following configuration:

Note that we still do not configure any system to actually send data to LC. This will be done the next tutorial. Note that if you did not complete the last tutorial, it may be wise to have a look at it. We will work with the configuration it generated. Continue reading “rsyslog: relay messages only (no local storage)”