Tuesday, August 16, 2005

phpLogCon being made public...

I have just announced phpLogCon on freshmeat and also announced it yesterday on icewalkers. I hope that this tool will evolve and bring even more attention to syslog. I know its a long way to go, and database performance is probably an issue, but if we don't start to solve problems ... they will always persist ;)

I am very interested to see how this tool will be accepted in a few months time.

You can also read in my adisconblog on some background with phpLogcon.

Monday, August 15, 2005

rsyslog 0.9.7 released

Rsyslog 0.9.6 caused some grief. The new build system wasn't that easy and the "improved doc" wasn't consistent with the previous one. Finally, I discovered this morning that MySQL support was crippled due to a bug in the make system. Might it be that I shouldn't have watched NASA TV during the release period ;) Anyhow, I now have released rsyslog 0.9.7 after a round of good testing. I hope that will really resolve all the issues. Now I just need to go back and release another version later this week, because I wanted to do some other minor enhancements...

Tuesday, August 09, 2005

Not syslog, space...

A totally off-topic posting: NASA's STS-114 mission is finally succesfully completed with the safe landing of orbiter Discovery at Edwards air force base. This was a historic mission, not only because it is the first mission after the shuttles were grounded. It als had the first in-orbit repair of a shuttle.

All in all, I would like to express a big CONGRATS to NASA! Not that I think writing this here makes a big difference - but I'll do it anyhow ;)

make syntax differences...

Isn't standardization a lovely thing. This morning, I thought I had a new rsyslog release ready. Then I did what was intended to be a quick test on FreeBSD. Guess what - nothing worked at all ;) The reason was that I made the makefile more user-friendly, enabling easier feature selection. For this, I needed to use make file conditionals. As it turned out, they are different between the standard make in Linux and that in FreeBSD. I guess I could have found a make tool for FreeBSD without these incompatibilites - but after all, I want to make it run as easy as possible, which means with as few prerequisites as possible.

I now have split the makefile into a common file and os-specific files in newly created os (or distro) subdirectories. I do not like this approach really much - but as far as I can see currently, it probably is the best. Eventually some Linux wizards will tell me a solution (or I will have a really bright idea), but for the time being, I will have to live with that.

Monday, August 08, 2005

-syslog-prottocol advancing...

Chris has this morning requested that -syslog-protocol (and the related -transport-udp) be published by the IETF. That's good news, nothing came up during WG last call. Now eventually the AD come up with something. As I've never been through this process, it is quite interesting to me how things progress from now on...

Thursday, August 04, 2005

rsyslogd prooves to be flexible...

A lot of small development today... For the first time in history (hehe), rsyslog prooves that it is really flexible. We can emulate syslog-ng database writing, so that php-syslog-ng can be used together with it. See the history forum post on using rsyslog with php-syslog-ng. ;)

IHE and syslog

I am abusing this blog a little as my lab notebook. I had an interesting discussion on IHE and syslog. The issue with that is that IHE defines log records of up to 32K, while syslog only allows records of up to 1k - at least in current standards. Thankfully, many syslog implementation to not take this limit as fixed and ignore the standard in that regard. Also, the upcoming new standard allows for larger messages, so this...

While writing the text, I found blogger to be a bit unhandy for this use. So I moved that over to a paper on our web sites. There it is now, entitled "IHE and syslog message size".

I keep the text in here as a reference.

Reliable syslog logging...

Some things iterate from time to time. So this summer's syslog reliability discussion has surfaced ;) While it for sure is an iteration, it might be slightly different this time. A lot of work has been done on the "reliability front" and much more experience is in the field (and also I have some additional experience and testing done with rsyslog).

Wednesday, August 03, 2005

New syslog to MySQL Tutorial...

Yesterday, I have written a syslog to MySQL tutorial . It describes everything one needs to know to put syslog data into MySQL. Actually, I hope that the description will attract some more people to rsyslog. Let's see how things evolve...

Monday, August 01, 2005

rsyslog 0.9.5 released

Actually, I didn't plan to release a new version of rsyslog today, but it somehow evolved. So I have released rsyslog 0.9.5. It fixes the "semicolon bug" and it also supports multiple rsyslogd instances on a single machine. I needed to support this for our demo system, but it might also be helpful for some secure configurations (I need to think a little bit more about this, but it "smells" like there is a point in this...).

Demo machine enhanced...

I've finally modified rsyslog so that it can run in multiple instances. With that, I could now set up the syslog demo machine so that it runs two instances of rsyslogd. One instance is the "real" rsyslogd, which listens locally. The other instance is the demo rsyslogd, which reads data from the network and shuffles it to the database. As the database was very silent, I were now able to add some rules to forward some events from the real rsyslogd to the demo one. I do this mostly with postfix messages. For demo purposes, I've set up a fake postfix. Whoever sends mail to it, gets a bounce back. But the good thing is that postfix has something to do and as such messages will be added to the (demo) system log. I am sure spammers will pick up the mail address from web pages like this one, so I will have a healthy flow of log messages shortly ;)