RHBA-2012:0228 - Bug Fix Advisory

Topic

Updated rsyslog packages that fix several bugs and add one enhancement are now
available for Red Hat Enterprise Linux 5.

Description

The rsyslog packages provide an enhanced, multi-threaded syslog daemon. It
supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any
message part, and fine grain output format control.

This update fixes the following bugs:

• Previously, rklogd, the daemon that provides kernel logging, was replaced with

a loadable module. However, the functionality was disabled in the configuration.
Consequently, rsyslog did not log any kernel messages. With this update, the
/etc/rsyslog.conf configuration file has been corrected to include the "$ModLoad
imklog" directive and the kernel messages are now logged as expected.
(BZ#592039, BZ#582288)

• The previous version of rsyslog introduced a patch, which fixed unexpected

termination that occurred when a large number of clients was sending their logs
to rsyslog. However, the patch was not applied due to the outdated Autoconf
package in the build environment. With this update, the package is no longer
needed during the build process and the patch is applied successfully.
(BZ#674450)

• The previous rsyslog release introduced a new format of the message time

stamps. However, some utilities, such as logwatch, were unable to parse such
message time stamps properly. This update adds the "$ActionFileDefaultTemplate
RSYSLOG_TraditionalFileFormat" directive to the /etc/rsyslog.conf configuration
file so that the old format is used by default and the respective utilities now
work correctly. (BZ#583621)

• Previously, some rsyslog modules were stored in the /usr/lib{,64} directory

tree. Consequently, rsyslog could fail to start if the /usr/ directory resided
on a different file system and the file system was unavailable during the daemon
startup. With this update, the module directory has been relocated to the
/lib{,64}/ directory and the modules are always accessible to rsyslog.
(BZ#546645)

• The omsnmp module was missing in the rsyslog package. Consequently, sending of

messages with Simple Network Management Protocol (SNMP) could not be used. This
update adds the omsnmp module to the package and the SNMP messages mechanism
works as expected. (BZ#601711)

• Wrong data types were used to hold some configuration values, which caused

rsyslog to ignore the values. This update changes the data types and the
configuration is now processed as expected. (BZ#746179)

• The retry limit was not checked correctly and suspended actions could fail to

resume. This update fixes the underlying code and suspended actions resume as
expected. (BZ#726525)

• The rsyslog utility failed to close the stdout and stderr streams properly

when running in background mode. This caused the operating system to become
unresponsive on system boot. The output streams are now closed properly, which
fixes this bug. (BZ#654379)

• The rsyslog process could consume excessive memory when using message

forwarding with Transport Layer Security (TLS) encryption. With this update, the
underlying code has been modified and the bug is fixed. (BZ#637959)

• The build script wrongly detected the MySQL support when building 32-bit

packages in a 64-bit multilib environment. Consequently, the building process
failed. With this update, the build script now uses the proper mysql_config
binary and the package is built successfully in this scenario. (BZ#694413)

• The lock file created by the rsyslog init script did not match the init script

name. Consequently, the system did not run the stop action to stop the process
on system shut down. With this update, the file is named correctly and the
daemon shuts down as expected. (BZ#650509)

In addition, this update adds the following enhancement:

• This update improves the package description in the 'Description' section.

(BZ#574620)

All rsyslog users are advised to upgrade to these updated packages, which fix
these bugs and adds this enhancement.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Affected Products

• Red Hat Enterprise Linux Server 5 x86_64
• Red Hat Enterprise Linux Server 5 ia64
• Red Hat Enterprise Linux Server 5 i386
• Red Hat Enterprise Linux Workstation 5 x86_64
• Red Hat Enterprise Linux Workstation 5 i386
• Red Hat Enterprise Linux Desktop 5 x86_64
• Red Hat Enterprise Linux Desktop 5 i386
• Red Hat Enterprise Linux for IBM z Systems 5 s390x
• Red Hat Enterprise Linux for Power, big endian 5 ppc
• Red Hat Enterprise Linux Server from RHUI 5 x86_64
• Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

• BZ - 546645 - rsyslogd has its modules in the /usr
• BZ - 574620 - Update %description for rsyslog
• BZ - 582288 - rsyslog does not capture kernel thread dumps
• BZ - 583621 - rsyslog 3.x has no longer old syslog timestamp by default
• BZ - 592039 - Rklogd is gone and kernel log messages are not being logged by rsyslog
• BZ - 637959 - Rsyslog with TLS enabled TCP logging eats CPU and memory
• BZ - 650509 - rsyslog creates invalid subsys lock file
• BZ - 654379 - service rsyslog start | cat hangs
• BZ - 674450 - rsyslog contains ineffectual unlimited select patch

CVEs

(none)

References

(none)