sysklogd v2.4.1

Changes

• Fake microsecond timestamp to allow for improved log sorting:
  • in RFC3164 messages (that don't have this resolution)
  • in untrusted kernel messages
• Dropped debian/ directory (moved to separate branch), to ease
  re-packaging by downstream
• libsyslog now supports logging to remote servers, bypassing syslogd
• Major updates to logger:
  • Support for logging to a remote host, -h HOST and -P PORT
  • Support for logging in RFC3164 format, -b, mostly for remote
    logging to syslog servers that do not support RFC5424
  • Support for overriding hostname -H NAME
  • Support for custom PID, e.g., a shell scripts PID, -I PID

Fixes

• Fix #52: Prevent over-read when scanning a new-style kernel message.
  Found and fixed by Edward K. McGuire
• Fix #53: prevent log file corruption when kernel messages contain
  control codes, notably \n. Instead, preserve kernel protective
  C-style hex encoding. For example, \n embedded in a message by a
  kernel-level facility is received as \x0a. Found and fixed by
  Edward K. McGuire
• Fix #56: logging to remote machine stops after receiving a few
  SIGHUPs. Open remote socket count was not reset properly on SIGHUP.
  Problem introduced in v2.4.0. Reported by Edward K. McGuire
• Fix gettimeofday() error handling to use same fallback to time()
• Fix libsyslog opening and connecting to syslogd when LOG_NLOG is set
• Fix libsyslog so it honors LOG_PTRIM when logging to stderr
• Fix issue in RFC3164 output where the tag field could overflow.
  Spec. mandates tag never exceeds 32 characters

sysklogd v2.4.0

Changes

• Add support for secure_mode=[0,1,2] to syslog.conf, same as -s but easier to use and activate with SIGHUP
• Enable secure_mode=1 (only log to remote servers) in default syslog.conf
• Disable debug messages, in default syslog.conf, from /var/log/syslog
• Rename option -K to -t for trusting kernel timestamp, issue #42
• Add option -K to disable kernel logging, issue #48
• Rudimentary support for detecting if running in a container and then disable kernel logging automatically, issue #48
• Add support for notify PATH option to syslog.conf, for calling an external script on log rotation, by Steffen Nurpmeso, issue #45
• Add support for log rotation on SIGUSR2, by Steffen Nurpmeso, issue #46
• Update manual page for -b option description

Fixes

• Issue #41: add missing -H option to usage text
• Issue #44: option misspelled in man page
• Issue #47: do not lose file mode on rotated files, by Steffen Nurpmeso
• Issue #48: verify kernel log FIFO is a proper character device, for running in certain container setups
• Issue #49: add support for -8 command line option to allow 8-bit data to be logged -- this is a temporary fix until we have support for parsing the Unicode BOM, as defined in RFC5424
• Issue #50: fix issue with wall message, by Edward K. McGuire

sysklogd v2.3.0

Changes

• Add support for logger -k, early log to /dev/kmsg. Useful when
  logging from early system startup scripts before syslogd has started
• Support for extracting non-kernel log messages from /dev/kmsg
• Ignore EINVAL from kernel, caused warning message at first startup
• Use journald socket on systemd systems, not /dev/log
• Issue #38: add support for syslogd -C file to use file for caching
  the last seen kernel sequence number, default: /run/syslogd.cache.
  Note: syslogd relies on the location of this file to be wiped at
  system boot. The default, /run, is a RAM disk on modern systems

Fixes

• Issue #34: regression in v2.2.3, causing loss of syslogd log messages
  like syslogd v2.2.3: restart.
• Issue #35: man pages lists -v as verbose mode, is actually version
• Issue #36: retry DNS lookup of remote syslog servers with res_init()
  to ensure name resolution at bootup when a remote DNS may temporarily
  be unreachable. Retry at most every five seconds, to prevent syslogd
  from monopolizing the CPU when emptying the kernel ring buffer
• Issue #39: update tests to use -P fn and -C fn
• Issue #40: improve documentation for syslogd.cache file requirements
• Issue #41: add missing documentation for -H option
• Issue #42: add option (-K) to always trust kernel timestamp. By
  default syslogd only trusts the kernel timestamp for the initial
  emptying of the kernel ring buffer
• Issue #43: avoid asserting (exiting) on and around Jan 19, 2038, when
  the UNIX epoch wraps around on 32-bit time_t systems
• libsyslog: handle EOVERFLOW from gettimeofday() on Jan 19, 2038
• Avoid NULL pointers to internal logit() function, only triggered
  when in debug mode
• Replace \m with \n (missing newline) in logger usage text

Packages for Debian 10, or later, and compatible Ubuntu releases, available at https://deb.troglobit.com/

sysklogd v2.2.3

Bug fix release. The focus is still on tackling the fallout resulting in migrating from the old kernel log interface in /proc/kmsg to /dev/kmsg, introduced in v2.2.0.

Fixes

• Issue #28: log messages stuck in 1969. When not using libsyslog, or the bundled logger, the syslog() API in the C library is used, which may not necessarily set the timestamp. When sysklogd infers timestamp it was offset by the number of years since 1969, i.e., boot_time
• Issue #29: kernel messages repeated if syslogd is restarted at runtime. This introduces a new state file, /var/run/syslogd.cache, which saves the last seen/logged sequence id read from /dev/kmsg
• Issue #31: log message time calculation issue on 32-bit systems
• Issue #32: remote kernel messages being mapped to uucp instead of user
• Fix syslogd(8) manual page name of the syslogd PID file

sysklogd v2.2.2

Bug fix release.

Changes

• Load and reload timezone, with tzset(), on init/SIGHUP
• Logging from remote servers enabled by default in syslogd.service use /etc/default/syslogd to disable
• Initial Debian/Ubuntu packaging

Fixes

• Fix issue with parsing /dev/kmsg time, off by one error
• Fix spelling issues in syslogd and man pages, found by lintian

sysklogd v2.2.1

Bug fix release.

Fixes

• Issue #26: Liunx sends EPIPE when reading from /dev/kmsg if the kernel internal buffers are overrun. EPIPE is a heads-up message to
  userspace that at least one log message has been lost. Usually caused by a too small CONFIG_LOG_BUF_SHIFT value. sysklogd v2.2.0 treated the descriptor as faulty and closed it. The fix is to log the event and restart polling for more messages
• Issue #27: Linux log messages read from /dev/kmsg are formatted in a different way than its predecessor /proc/kmsg. sysklogd v2.2.0 failed to parse the priority field correctly, which caused matching problems with rules in /etc/syslog.conf
• Restore default install prefix, from / to /usr/local, which is the default for GNU configure based applications
• Drop %m gnuism from internal log macro (portability)
• logger: drop extra error message string, on error logging to a file

sysklogd v2.2.0

Minor feature and bug fix release.

Changes

• Issue #19: use /dev/kmsg instead of /proc/kmsg on Linux

Fixes

• Issue #17: Finally fix long-standing parallel build issue, big thanks to Windriver for sticking with it and finding a really good fix!
• Issue #24: O_CLOEXEC not available on all systems
• Fix build error; allow loop initial declarations, enable C99
• Fix build warning; missing initializer for field 'usec'

sysklogd v2.1.2

Bug fix release.

Fixes

• Issue #17: Windriver found and fixed a race between building lib/*.o files with and without -fPIC. This should be the final parallel build issue.

sysklogd v2.1.1

Bug fix release.

Changes

• Add unit test to verify rule option parsing
• Minor code cleanup and code de-duplication

Fixes

• Issue #11: Some users still reported problems with parallel build, which was worked-around with .NOTPARALLEL in v2.1. This v2 fix is a refactor of src/Makefile.am which removes libcompat and use the same objects for linking both syslogd and the user libsyslog API. Yet still protecting against symbol poisoning
• A Westermo customer reported problems sending to remote syslog sinks at startup. Turns out the handling if sendmsg() fails was the same as that if syslogd fails to resolve the IP from a DNS name. The fix is to just let sendmsg() retry on the next syslog message for all benign/common network errors; EHOSTUNREACHABLE, ENETUNREACH, etc.
• Fix timer reset for suspended remote sinks. All suspended (remote) sinks had their timeout mistakenly reset to 180 sec for each new incoming message

sysklogd v2.1

Relicensed under the 3-clause BSD license.

Changes

• klogd removed, replaced by native syslogd functionality
• Import pristine FreeBSD versions of syslogd and syslog.conf man pages, both under the 3-clause BSD license.
• With klogd removed and the original man pages replaced with FreeBSD versions, the only remaining GPL'ed material was the build system, which the copyright owner (undersigned) agrees to change to BSD as well. Hence, the GNU GPL could be dropped in favor of 3-clause BSD

Fixes

• Issue #8: Kernel messages duplicated to console. syslogd on Linux now calls klogctl() to disable kernel logging to console
• Earlier versions were slightly sensitive to time skips. I.e., when recording the last-change time on a log file and wall time changed backwards, syslogd would consider that log file to have a date in the future. This only affected buffering of multiple messages, and -- MARK -- so most users never would have noticed
• Issue #9: Kernel logging broken if syslogd started without -F
• Issue #10: Fix build on non-GLIBC Linux systems, by Khem Raj
• Issue #11: Fix nasty parallel build problem. Also reported by the Gentoo project, and Westermo
• Make sure log rotation cannot be enabled for non-file targets
• Use snprintf() rather than sprintf() in log rotation
• Fix variable names shadowing global/local defs, found by clang-tidy
• Handle multiple invocations of SIGHUP, respond to all of them
• Use correct #ifdef for checking on Linux or not