A lot of things are going on, but I also wanted to share news that we have just released a new version of the rsyslog Windows agent. It’s a minor bug-fixing release, so usually no need to rush.
rsyslog windows agent: new minor release
Corona: Vacation Season Effect on Infections (Germany)
Do you wonder if traveling and vacation season has some effect on Corona spread? German numbers suggest it has – and it can be seen in new cases.
rsyslog 8.2008 released – packages delayed
While we have released rsyslog 8.2008 today, binary packages are not yet updated. They will follow follow “a bit” later.
The rsyslog project usually publishes binary packages for many distributions alongside the regular (source) scheduled stable releases. So far, this was a mostly manual process. In the past couple of week, we have worked on a CI system for package build as well as additional automation. We have not yet fully reached our goals, but things look pretty well.
Continue reading “rsyslog 8.2008 released – packages delayed”LIBRELP 1.7.0 release upcoming
Librelp 1.7 brings some memory leaks fixes, support for chained certificate files and a bit more. The official release is tomorrow. It will be co-released with rsyslog 8.2008.
The memory leak is especially relevant for some load-balancers, including AWS. I highly recommend to use the new library in such environments. As a side-note, we have also finally done some library symbol cleanups. If you used non-API functions that will hurt you. However, to the best of my knowledge nobody does such dirty tricks.
Adiscon will also integrate the new librelp in to it’s Windows products (including WinSyslog and EventReporter)
About LIBRELP
Librelp is library for reliable network event logging, It provides syslog-like functionality with a drastically reduced risk of messages loss. Note that industry-standard TCP syslog is unreliable by design. Librelp was written to address these shortcomings.
Rainer Gerhards initiated the librelp open source project. It is primarily sponsored by Adiscon.
rsyslog template variables – where to find them
Did you search for “rsyslog template variables”? And landed here? Many folks do, so let me explain where you actually find them. TLDR: find them in the property doc.
SEO: Getting into Google News – no longer Possible?
Many publishers love to get into the Google News index – it offers an extra source of traffic and can really boost a site. Unfortunately, getting into News is not as easy as it looks.
rsyslog: integrating Windows Event Log (via UDP)
This tutorial tells how to integrate data from Windows event log into our rsyslog configuration. We will do this integration via the UDP syslog protocol so that we finally can show this in a real case. No advanced topics are covered. We use CentOS 7 and Windows Server 2012 (because it still is in more widespread use). This is part of a rsyslog tutorial series.
Continue reading “rsyslog: integrating Windows Event Log (via UDP)”
rsyslog: relay messages only (no local storage)
This tutorials tells how rsyslog is configured to accept syslog messages over the network via UDP. No advanced topics are covered. We use CentOS 7. This is part of a rsyslog tutorial series.
Scope
We will configure LC to only relay messages received via UDP but not store them locally. Locally-generated messages will still be stored inside local log files. They, too, will be forwarded to LR. This is a very common use case. We still do not configure any sender to connect to LC.
To do all of this, we need to modify only LC local configuration. As such, our base lab scenario will remain in the following configuration:
Note that we still do not configure any system to actually send data to LC. This will be done the next tutorial. Note that if you did not complete the last tutorial, it may be wise to have a look at it. We will work with the configuration it generated. Continue reading “rsyslog: relay messages only (no local storage)”
rsyslog beginner’s tutorial series
This multi-step tutorial series targets rsyslog beginners. It covers typical configuration steps which are done with minimal effort. I found that for beginners it is often very important to provide precise instructions for their specific environment. As such, I focus on CentOS 7, which is quite popular in enterprise environments.
If you do not usually use CentOS 7, I still suggest to download and install it on two lab machines. This permits you to follow the tutorial in exact steps. Once you know what you do, it should be fairly easy to translate that to other distributions like Ubuntu.
Note: I am currently writing the tutorials, so they will grow for the time being. The basic set will have around 10 tutorials (I already have the full outline).
Available Tutorials
For best experience, read tutorials in given order:
- Overview of lab environment (not yet done)
- configure a TCP syslog server
- forward messages to remote server (via TCP syslog)
- configure a UDP syslog server
- rsyslog: relay messages only (no local storage)
- rsyslog: integrating Windows Event Log (via UDP)
Note that if you are interested in a specific topic, you can also pick tutorials out of the order. Be warned, though, that there is some inter-dependency between the tutorials. For example, for forwarding messages, a server is needed. The forwarding tutorial as such assumes that the server was properly created. In suggested sequence, this is ensured.
There exist also some utility tutorials to help you understand the operating environment. They are linked to from the appropriate places.
Additional Info
Why is this tutorial series created and hosted here? Find the answer in this article. If you are interested in contributing to the effort, please let me know. Feedback of any kind is also very welcome. You can also use the comment fields to provide it.
rsyslog: configure syslog UDP reception
This tutorials tells how rsyslog is configured to accept syslog messages over the network via UDP. No advanced topics are covered. We use CentOS 7. This is part of a rsyslog tutorial series.
Scope
We will configure the relay system to accept UDP based syslog from remote ends. We do not, however, configure any sender to connect to it. We will use LC as UDP server, just so that we get some more variety into our lab with limited systems. In our base lab scenario, this will lead to the following configuration:
Note that we will accept incoming logs and store them into the same location as we do for local logs. Handling them different will be part of a later tutorial. Continue reading “rsyslog: configure syslog UDP reception”