Wednesday, November 7th, 2018We have just released liblognorm 2.0.6. This release mostly features enhancements and fixes to field type definitions like checkpoint-lea and cisco-interface-spec. Also liblognorm now builds on AIX. See the Changelog for details.
Version 2.0.6, 2018-11-06
- implement Checkpoint LEA transfer format
… at least if we guess right that this is the format name. This
type of format seems to be seen in syslog message. Checkpoint does
not provide a spec, so everything is guesswork… 🙁
closes https://github.com/rsyslog/liblognorm/issues/309 - made build on AIX
Thanks to Philippe Duveau for the patch. - fixes and improvements in bash scripting
mostly based on shellcheck recommandations (via CodeFactor.com) - string parser: add “lazy” matching mode
This introduces paramter “matching.lazy”. See doc for details. - bugfix: suppress invalid param error for field name “-”
Suppress invalid param error for name for hexnumber, float, number,
date-rfc3164 and date-rfc5424. It will just check if name is “-” to
make sure that we only suppress the error message in case we do not
want to capture something.
Thanks to Sol Huebner for the patch.
closes https://github.com/rsyslog/liblognorm/issues/270 - bugfix: cisco-interface-spec did not succeed when at end of line
Thanks to Sol Huebner for the patch.
closes https://github.com/rsyslog/liblognorm/issues/229
Download:
http://www.liblognorm.com/download/liblognorm-2-0-6/
As always, feedback is appreciated.
Best regards,
Florian Riedl
Tags: 2.0.6, checkpoint-lea, cisco, liblognorm, release
Posted in News | Comments Off on liblognorm 2.0.6 released
Thursday, April 26th, 2018We have just released liblognorm 2.0.5. This new version mainly provides a fix so liblognorm can build and work on Solaris systems. See the Changelog for details.
Version 2.0.5, 2018-04-26
- bugfix: es_str2cstr leak in string-to v1 parser
Thanks to Harshvardhan Shrivastava for the patch. - make “make check” “succeed” on solaris 10
actually, we just ignore the CI failures so that OpenCSW can build
new packages. The problems actually exist on that platform, but
testing has shown they always existed. We currently run out of time
to really fixing this, plus we never had any bug report on Solaris
(I assme nobody uses it on Solaris 10). However, that issues is a
blocker to make new rsyslog versions available on OpenCSW for
Solaris 10, so we go the dirty way of pretenting there is no
problem. Note: the issues was orignally not seen, as the failing
tests have been added later on. So the problem was always there,
just not visible. - some mostly cosmetic fixes detected by Coverity Scan
e. g. memory leak if and only if system was completely out of memory
Download:
http://www.liblognorm.com/download/liblognorm-2-0-5/
As always, feedback is appreciated.
Best regards,
Florian Riedl
Tags: 2.0.5, liblognorm, release, Solaris
Posted in News | Comments Off on liblognorm 2.0.5 released
Wednesday, October 4th, 2017We have just released liblognorm 2.0.4. This new version mainly provides new parser support options, like different JSON number formats and unix timestamps. See the Changelog for details.
Version 2.0.4, 2017-10-04
- added support for native JSON number formats supported by parsers: number, float, hex
- added support for creating unix timestamps supported by parsers: date-rfc3164, date-rfc5424
- fixed build problems on Solaris
… but there still seem to be some code issues, manifested in testbench failures. So use with care!
Download:
http://www.liblognorm.com/download/liblognorm-2-0-4/
As always, feedback is appreciated.
Best regards,
Florian Riedl
Tags: 2.0.4, liblognorm, parser, rulebase
Posted in News | Comments Off on liblognorm 2.0.4 released
Thursday, March 23rd, 2017We have just released liblognorm 2.0.3. This new version provides some fixes for the the annotate function and adds a test for it. A few different issues have also been fixed. See the Changelog for details.
Changelog:Version 2.0.3, 2017-03-22
- add ability to load rulebase from a string
introduces new API:
int ln_loadSamplesFromString(ln_ctx ctx, const char *string);
closes https://github.com/rsyslog/liblognorm/issues/239 - bugfix: string parser did not correctly parse word at end of line
- bugfix: literal parser does not always store value if name is specified
if
rule=:%{“type”:”literal”, “text”:”a”, “name”:”var”}%
is used and matching message is provided, variable var ist not persisted.
see also http://lists.adiscon.net/pipermail/rsyslog/2016-December/043985.html
Download:
http://www.liblognorm.com/download/liblognorm-2-0-3/
As always, feedback is appreciated.
Best regards,
Florian Riedl
Tags: 2.0.3, bugfix, liblognorm, rulebase
Posted in News | Comments Off on liblognorm 2.0.3 released
Tuesday, November 15th, 2016We have just released liblognorm 2.0.2. This new version provides some fixes for the the annotate function and adds a test for it. A few different issues have also been fixed. See the Changelog for details.
Changelog:
Version 2.0.2, 2016-11-15
- bugfix: no error was emitted on invalid “annotate” line
- “annnotate”: permit inline comments
- fix a problem with cross-compilation
see also: https://github.com/rsyslog/liblognorm/pull/221
Thanks to Luca Boccassi for the patch - bugfix: abort in literal path compaction when useing “alternative” parser
When using the “alternative” parser, literals nodes could be created with
multiple reference count. This is valid. However, literal path compaction
did not consider this case, and so “merged” these nodes, which lead to
pdag corruption and quickly to segfault.
closes https://github.com/rsyslog/liblognorm/issues/220
closes https://github.com/rsyslog/liblognorm/issues/153 - bugfix: lognormalizer could loop
This also caused the testbench to fail on some platforms.
due too incorrect data type
Thanks to Michael Biebl for this fix. - fix misleading compiler warning
Thanks to Michael Biebl for this fix. - testbench: add test for “annotate” functionality
Download:
http://www.liblognorm.com/download/liblognorm-2-0-2/
As always, feedback is appreciated.
Best regards,
Florian Riedl
Tags: 2.0.2, annotate, bugfix, liblognorm, release
Posted in News | Comments Off on liblognorm 2.0.2 released
Monday, August 1st, 2016We have just released liblognorm 2.0.1. This new version provides some fixes for the public headers als well as issues in pkgconfig file. Also it requires libfastjson (>=0.99.3) instead of json-c. See the Changelog for details.
Changelog:
Version 2.0.1, 2016-08-01
- fix public headers, which invalidly contained a strndup() definition
Thanks to Michael Biebel for this fix. - fix some issues in pkgconfig file
Thanks to Michael Biebel for this fix. - enhance build system to natively support systems with older autoconf versions and/or missing autoconf-archive. In this case we gracefully degrade functionality, but the build still is possible. Among others, this enables builds on CentOS 5.
Download:
http://www.liblognorm.com/download/liblognorm-2-0-1/
As always, feedback is appreciated.
Best regards,
Florian Riedl
Tags: 2.0.1, libfastjson, liblognorm, release
Posted in News | Comments Off on liblognorm 2.0.1 released
Friday, July 22nd, 2016We have just released liblognorm 2.0.0. This new version was completely rewritten and is much feature-enhanced. Also it requires libfastjson instead of json-c. See the Changelog for details.
Changelog:
Version 2.0.0, 2016-07-21- completely rewritten, much feature-enhanced version
- requires libfastjson instead of json-c
- big improvements to testbench runs, especially on travis
among others, the static analyzer is now run and testbench throws
an error if the static analyzer (via clang) is not clean - lognormalizer tool can now handle lines larger 10k characters
Thanks to Janmejay Singh for the patch
Download:
http://www.liblognorm.com/download/liblognorm-2-0-0/
As always, feedback is appreciated.
Best regards,
Florian Riedl
Tags: 2.0.0, liblognorm, release
Posted in News | Comments Off on liblognorm 2.0.0 released
Monday, March 7th, 2016We have just released liblognorm 1.1.3. This release contains support for libfastjson and now works on Solaris. See the Changelog for details.
Changelog:
Version 1.1.3, 2016-03-07
- add support for libfastjson
- make work on Solaris
- check for runaway rules.
A runaway rule is one that has unmatched percent signs and thus
is not terminated properly at its end. This also means we no longer
accept “rule=” at the first column of a continuation line, which is
no problem (see doc for more information). - fix: process last line if it misses the terminating LF
This problem occurs with the very last line of a rulebase (at EOF).
If it is not properly terminated (LF missing), it is silently ignored.
Previous versions did obviously process lines in this case. While
technically this is invalid input, we can’t outrule that such rulebases
exist. For example, they do in the rsyslog testbench, which made
us aware of the problem (see https://github.com/rsyslog/rsyslog/issues/489 )
I think the proper way of addressing this is to process such lines without
termination, as many other tools do as well.
closes https://github.com/rsyslog/liblognorm/issues/135
Download:
http://www.liblognorm.com/download/liblognorm-1-1-3/
As always, feedback is appreciated.
Best regards,
Florian Riedl
Tags: 1.1.3, bugfix, libfastjson, liblognorm, Solaris
Posted in News | Comments Off on liblognorm 1.1.3 released
Monday, July 20th, 2015We have just released liblognorm 1.1.2. This release contains new parser syntaxes and some fixes.
Changes:
Version 1.1.2, 2015-07-20
- permit newline inside parser definition
- new parser “cisco-interface-spec”
- new parser “json” to process json parts of the message
- new parser “mac48” to process mac layer addresses
- new parser “name-value-list” (currently inofficial, experimental)
- some parsers did incorrectly report success when an error occurred
this was caused by inconsistencies between various macros. We have
changed the parser-generation macros to match the semantics of the
broader CHKN/CHKR macros and also restructured/simplified the
parser generation macros.
closes https://github.com/rsyslog/liblognorm/issues/41 - call “rest” parser only if nothing else matches.
Versions prior to 1.1.2 did execute “rest” during regular parser
processing, and thus parser matches have been more or less random.
With 1.1.2 this is now always the last parser called. This may cause
problems with existing rulesets, HOWEVER, adding any other rule or
changing the load order would also have caused problems, so there
really is no compatibility to preserve.
see also:
http://blog.gerhards.net/2015/04/liblognorms-rest-parser-now-more-useful.html - new API to support error callbacks
This permits callers to forward messages in regard to e.g. wrong rule
bases to their users, which is very useful and actually missing in the
previous code base. So far, we only have few error messages.
However, we will review the code and add more. The important part is
that callers can begin to use the new API and thus will benefit when
we add more error messages. - testbench is now enabled by default
- bugfix: misadressing on some constant values
see also https://github.com/rsyslog/liblognorm/pull/67
Thanks to github user ontholerian for the patch - bugfix: add missing function prototypes
This could potentially lead to problems on some platforms,
especially those with 64 bit pointers.
Download:
http://www.liblognorm.com/download/liblognorm-1-1-2/
As always, feedback is appreciated.
Best regards,
Florian Riedl
Tags: 1.1.2, bugfix, cisco, JSON, liblognorm, mac48, parser
Posted in News | Comments Off on liblognorm 1.1.2 released
Tuesday, March 10th, 2015We have just released liblognorm 1.1.1. This release contains new parser syntaxes and some fixes.
Changes:
Version 1.1.1, 2015-03-09
- fixed library version numbering
Thanks to Tomas Heinreich for reporting the problem. - added new parser syntaxes
Thanks to Janmejay Singh for implementing most of them. - bugfix: function ln_parseFieldDescr() returns state value due to unitialized variable. This can also lead to invalid returning no sample node where one would have to be created.
Download:
http://www.liblognorm.com/download/liblognorm-1-1-1/
As always, feedback is appreciated.
Best regards,
Florian Riedl
Tags: 1.1.1, bugfix, liblognorm, parser syntax
Posted in News | Comments Off on liblognorm 1.1.1 released
