Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

8.186. rsyslog

Updated rsyslog packages that fix several bugs are now available for Red Hat Enterprise Linux 6.
The rsyslog packages provide an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grain output format control.

Bug Fixes

The imgssapi module is initialized as soon as the configuration file reader encounters the $InputGSSServerRun directive in the /etc/rsyslog.conf configuration file. The supplementary options configured after $InputGSSServerRun are therefore ignored. For configuration to take effect, all imgssapi configuration options must be placed before $InputGSSServerRun. Previously, when this order was reversed, the rsyslogd daemon terminated unexpectedly with a segmentation fault. This bug has been fixed, and rsyslogd no longer crashes in the described scenario.
Rsyslog directives used for controlling the file owner or group (FileOwner, FileGroup, DirOwner, DirGroup) translate names to numerical IDs only during rsyslogs's initialization. Previously, when user data were not available at rsyslogs's startup, IDs where not assigned to these log files. With this update, new directives that do not depend on the translation process have been added (FileOwnerId, FileGroupId, DirOwnerId, DirGroupId). As a result, log files are assigned the correct user or group ID even when user information is not available during rsyslog's startup.
Due to a bug in the source code, the host name was replaced by an empty string if the $RepeatedMsgReduction directive was enabled. This bug has been fixed, and the host name is now stored correctly when $RepeatedMsgReduction is on.
Prior to this update, the $FileGroup directive did not process groups larger than a certain size. Consequently, when this size was reached, the rsyslogd daemon failed to set the requested group and the root user was left as the owner of a file. This bug has been fixed and $FileGroup now creates groups properly in the described case.
An erroneous patch in a previous release, which changed the implementation of the configuration file parser, caused the rsyslogd daemon to terminate unexpectedly with a segmentation fault for certain configurations. With this update, the patch has been removed, and file crashes no longer occur with the default configuration. However, the $IncludeConfig directive must be placed at the beginning of the /etc/rsyslog.conf configuration file before other directives. If there is need to use $IncludeConfig further in the file, users are advised to prepend it with a dummy action such as "syslog.debug /dev/null".
Prior to this update, a numerical value of the PRI property was appended to the pri-text variable. The resulting pri-text value looked for example like "≶164>". With this update the suffix has been removed. Now, the variable only contains textual facility and severity values.
Previously, an incorrect data type was set for the variable holding the spool file size limit. Consequently, the intended size limit was not accepted and a message loss could occur. With this update, the data type of the aforementioned variable has been corrected. As a result, spool files are set correctly with the user-defined size limit.
Users of rsyslog are advised to upgrade to these updated packages, which fix these bugs.