Category: News

liblognorm 2.0.6 released
We have just released liblognorm 2.0.6. This release mostly features enhancements and fixes to field type definitions like checkpoint-lea and cisco-interface-spec. Also liblognorm now builds on AIX. See the Changelog for details.
Version 2.0.6, 2018-11-06
- implement Checkpoint LEA transfer format
  … at least if we guess right that this is the format name. This
  type of format seems to be seen in syslog message. Checkpoint does
  not provide a spec, so everything is guesswork… 🙁
  closes https://github.com/rsyslog/liblognorm/issues/309
- made build on AIX
  Thanks to Philippe Duveau for the patch.
- fixes and improvements in bash scripting
  mostly based on shellcheck recommandations (via CodeFactor.com)
- string parser: add “lazy” matching mode
  This introduces paramter “matching.lazy”. See doc for details.
- bugfix: suppress invalid param error for field name “-”
  Suppress invalid param error for name for hexnumber, float, number,
  date-rfc3164 and date-rfc5424. It will just check if name is “-” to
  make sure that we only suppress the error message in case we do not
  want to capture something.
  Thanks to Sol Huebner for the patch.
  closes https://github.com/rsyslog/liblognorm/issues/270
- bugfix: cisco-interface-spec did not succeed when at end of line
  Thanks to Sol Huebner for the patch.
  closes https://github.com/rsyslog/liblognorm/issues/229
Download:
http://www.liblognorm.com/download/liblognorm-2-0-6/
As always, feedback is appreciated.
Best regards,
Florian Riedl
November 7, 2018
liblognorm 2.0.5 released
We have just released liblognorm 2.0.5. This new version mainly provides a fix so liblognorm can build and work on Solaris systems. See the Changelog for details.
Version 2.0.5, 2018-04-26
- bugfix: es_str2cstr leak in string-to v1 parser
  Thanks to Harshvardhan Shrivastava for the patch.
- make “make check” “succeed” on solaris 10
  actually, we just ignore the CI failures so that OpenCSW can build
  new packages. The problems actually exist on that platform, but
  testing has shown they always existed. We currently run out of time
  to really fixing this, plus we never had any bug report on Solaris
  (I assme nobody uses it on Solaris 10). However, that issues is a
  blocker to make new rsyslog versions available on OpenCSW for
  Solaris 10, so we go the dirty way of pretenting there is no
  problem. Note: the issues was orignally not seen, as the failing
  tests have been added later on. So the problem was always there,
  just not visible.
- some mostly cosmetic fixes detected by Coverity Scan
  e. g. memory leak if and only if system was completely out of memory
Download:
http://www.liblognorm.com/download/liblognorm-2-0-5/
As always, feedback is appreciated.
Best regards,
Florian Riedl
April 26, 2018
liblognorm 2.0.4 released
We have just released liblognorm 2.0.4. This new version mainly provides new parser support options, like different JSON number formats and unix timestamps. See the Changelog for details.
Version 2.0.4, 2017-10-04
- added support for native JSON number formats supported by parsers: number, float, hex
- added support for creating unix timestamps supported by parsers: date-rfc3164, date-rfc5424
- fixed build problems on Solaris
  … but there still seem to be some code issues, manifested in testbench failures. So use with care!
Download:
http://www.liblognorm.com/download/liblognorm-2-0-4/
As always, feedback is appreciated.
Best regards,
Florian Riedl
October 4, 2017
liblognorm 2.0.3 released
We have just released liblognorm 2.0.3. This new version provides some fixes for the the annotate function and adds a test for it. A few different issues have also been fixed. See the Changelog for details.
Changelog:Version 2.0.3, 2017-03-22
- add ability to load rulebase from a string
  introduces new API:
  int ln_loadSamplesFromString(ln_ctx ctx, const char *string);
  closes https://github.com/rsyslog/liblognorm/issues/239
- bugfix: string parser did not correctly parse word at end of line
- bugfix: literal parser does not always store value if name is specified
  if
  rule=:%{“type”:”literal”, “text”:”a”, “name”:”var”}%
  is used and matching message is provided, variable var ist not persisted.
  see also http://lists.adiscon.net/pipermail/rsyslog/2016-December/043985.html
Download:
http://www.liblognorm.com/download/liblognorm-2-0-3/
As always, feedback is appreciated.
Best regards,
Florian Riedl
March 23, 2017
liblognorm 2.0.2 released
We have just released liblognorm 2.0.2. This new version provides some fixes for the the annotate function and adds a test for it. A few different issues have also been fixed. See the Changelog for details.
Changelog:
Version 2.0.2, 2016-11-15
- bugfix: no error was emitted on invalid “annotate” line
- “annnotate”: permit inline comments
- fix a problem with cross-compilation
  see also: https://github.com/rsyslog/liblognorm/pull/221
  Thanks to Luca Boccassi for the patch
- bugfix: abort in literal path compaction when useing “alternative” parser
  When using the “alternative” parser, literals nodes could be created with
  multiple reference count. This is valid. However, literal path compaction
  did not consider this case, and so “merged” these nodes, which lead to
  pdag corruption and quickly to segfault.
  closes https://github.com/rsyslog/liblognorm/issues/220
  closes https://github.com/rsyslog/liblognorm/issues/153
- bugfix: lognormalizer could loop
  This also caused the testbench to fail on some platforms.
  due too incorrect data type
  Thanks to Michael Biebl for this fix.
- fix misleading compiler warning
  Thanks to Michael Biebl for this fix.
- testbench: add test for “annotate” functionality
Download:
http://www.liblognorm.com/download/liblognorm-2-0-2/
As always, feedback is appreciated.
Best regards,
Florian Riedl
November 15, 2016
liblognorm 2.0.1 released
We have just released liblognorm 2.0.1. This new version provides some fixes for the public headers als well as issues in pkgconfig file. Also it requires libfastjson (>=0.99.3) instead of json-c. See the Changelog for details.
Changelog:
Version 2.0.1, 2016-08-01
- fix public headers, which invalidly contained a strndup() definition
  Thanks to Michael Biebel for this fix.
- fix some issues in pkgconfig file
  Thanks to Michael Biebel for this fix.
- enhance build system to natively support systems with older autoconf versions and/or missing autoconf-archive. In this case we gracefully degrade functionality, but the build still is possible. Among others, this enables builds on CentOS 5.
Download:
http://www.liblognorm.com/download/liblognorm-2-0-1/
As always, feedback is appreciated.
Best regards,
Florian Riedl
August 1, 2016
liblognorm 2.0.0 released
We have just released liblognorm 2.0.0. This new version was completely rewritten and is much feature-enhanced. Also it requires libfastjson instead of json-c. See the Changelog for details.
Changelog:
- completely rewritten, much feature-enhanced version
- requires libfastjson instead of json-c
- big improvements to testbench runs, especially on travis
  among others, the static analyzer is now run and testbench throws
  an error if the static analyzer (via clang) is not clean
- lognormalizer tool can now handle lines larger 10k characters
  Thanks to Janmejay Singh for the patch
Download:
http://www.liblognorm.com/download/liblognorm-2-0-0/
As always, feedback is appreciated.
Best regards,
Florian Riedl
July 22, 2016
liblognorm 1.1.3 released
We have just released liblognorm 1.1.3. This release contains support for libfastjson and now works on Solaris. See the Changelog for details.
Changelog:
Version 1.1.3, 2016-03-07
- add support for libfastjson
- make work on Solaris
- check for runaway rules.
  A runaway rule is one that has unmatched percent signs and thus
  is not terminated properly at its end. This also means we no longer
  accept “rule=” at the first column of a continuation line, which is
  no problem (see doc for more information).
- fix: process last line if it misses the terminating LF
  This problem occurs with the very last line of a rulebase (at EOF).
  If it is not properly terminated (LF missing), it is silently ignored.
  Previous versions did obviously process lines in this case. While
  technically this is invalid input, we can’t outrule that such rulebases
  exist. For example, they do in the rsyslog testbench, which made
  us aware of the problem (see https://github.com/rsyslog/rsyslog/issues/489 )
  I think the proper way of addressing this is to process such lines without
  termination, as many other tools do as well.
  closes https://github.com/rsyslog/liblognorm/issues/135
Download:
http://www.liblognorm.com/download/liblognorm-1-1-3/
As always, feedback is appreciated.
Best regards,
Florian Riedl
March 7, 2016
liblognorm 1.1.2 released
We have just released liblognorm 1.1.2. This release contains new parser syntaxes and some fixes.
Changes:
Version 1.1.2, 2015-07-20
- permit newline inside parser definition
- new parser “cisco-interface-spec”
- new parser “json” to process json parts of the message
- new parser “mac48” to process mac layer addresses
- new parser “name-value-list” (currently inofficial, experimental)
- some parsers did incorrectly report success when an error occurred
  this was caused by inconsistencies between various macros. We have
  changed the parser-generation macros to match the semantics of the
  broader CHKN/CHKR macros and also restructured/simplified the
  parser generation macros.
  closes https://github.com/rsyslog/liblognorm/issues/41
- call “rest” parser only if nothing else matches.
  Versions prior to 1.1.2 did execute “rest” during regular parser
  processing, and thus parser matches have been more or less random.
  With 1.1.2 this is now always the last parser called. This may cause
  problems with existing rulesets, HOWEVER, adding any other rule or
  changing the load order would also have caused problems, so there
  really is no compatibility to preserve.
  see also:
  http://blog.gerhards.net/2015/04/liblognorms-rest-parser-now-more-useful.html
- new API to support error callbacks
  This permits callers to forward messages in regard to e.g. wrong rule
  bases to their users, which is very useful and actually missing in the
  previous code base. So far, we only have few error messages.
  However, we will review the code and add more. The important part is
  that callers can begin to use the new API and thus will benefit when
  we add more error messages.
- testbench is now enabled by default
- bugfix: misadressing on some constant values
  see also https://github.com/rsyslog/liblognorm/pull/67
  Thanks to github user ontholerian for the patch
- bugfix: add missing function prototypes
  This could potentially lead to problems on some platforms,
  especially those with 64 bit pointers.
Download:
http://www.liblognorm.com/download/liblognorm-1-1-2/
As always, feedback is appreciated.
Best regards,
Florian Riedl
July 20, 2015
liblognorm 1.1.1 released
We have just released liblognorm 1.1.1. This release contains new parser syntaxes and some fixes.
Changes:
Version 1.1.1, 2015-03-09
- fixed library version numbering
  Thanks to Tomas Heinreich for reporting the problem.
- added new parser syntaxes
  Thanks to Janmejay Singh for implementing most of them.
- bugfix: function ln_parseFieldDescr() returns state value due to unitialized variable. This can also lead to invalid returning no sample node where one would have to be created.
Download:
http://www.liblognorm.com/download/liblognorm-1-1-1/
As always, feedback is appreciated.
Best regards,
Florian Riedl
March 10, 2015