liblognorm 1.1.2 released

Monday, July 20th, 2015

We have just released liblognorm 1.1.2. This release contains new parser syntaxes and some fixes.

Version 1.1.2, 2015-07-20

  • permit newline inside parser definition
  • new parser “cisco-interface-spec”
  • new parser “json” to process json parts of the message
  • new parser “mac48” to process mac layer addresses
  • new parser “name-value-list” (currently inofficial, experimental)
  • some parsers did incorrectly report success when an error occurred
    this was caused by inconsistencies between various macros. We have
    changed the parser-generation macros to match the semantics of the
    broader CHKN/CHKR macros and also restructured/simplified the
    parser generation macros.
  • call “rest” parser only if nothing else matches.
    Versions prior to 1.1.2 did execute “rest” during regular parser
    processing, and thus parser matches have been more or less random.
    With 1.1.2 this is now always the last parser called. This may cause
    problems with existing rulesets, HOWEVER, adding any other rule or
    changing the load order would also have caused problems, so there
    really is no compatibility to preserve.
    see also:
  • new API to support error callbacks
    This permits callers to forward messages in regard to e.g. wrong rule
    bases to their users, which is very useful and actually missing in the
    previous code base. So far, we only have few error messages.
    However, we will review the code and add more. The important part is
    that callers can begin to use the new API and thus will benefit when
    we add more error messages.
  • testbench is now enabled by default
  • bugfix: misadressing on some constant values
    see also
    Thanks to github user ontholerian for the patch
  • bugfix: add missing function prototypes
    This could potentially lead to problems on some platforms,
    especially those with 64 bit pointers.


As always, feedback is appreciated.

Best regards,
Florian Riedl

On liblognorm 1.0.0

Thursday, November 28th, 2013

Liblognorm is a fast-samples based normalization library. It’s brand new version 1.0.0 will be released today. It is a major improvement over previous versions, but unfortunately we needed to change the API. So some notes are due.

Liblognorm evolves since several years and was intially meant to be used primarily with the Mitre CEE effort. Consequently, the initial version of liblognorm (0.x) uses the libee CEE support library in its API.

As time evolved, the initial CEE schema underwent considerable change. Even worse, Mitre lost funding for CEE. While the CEE ideas survived as part of Red Hat-driven “Project Lumberjack”, the data structures became greatly simplified and JSON based. That effectively made libee obsolete (and also in parts libestr, which was specifically written to support CEE’s initial requirement of embedded NUL chars in strings).

Recently, Pavel Levshin converted liblognorm to native JSON, which helped improve performance and simplicity for many client applications. Unfortunately, this change broke interface compatibility (and there was no way to avoid that, obviously…).

The current library is the result of that effort. Application developers are encouraged to switch to this version, as it provides the benefit of a simpler API. This version is now being tracked by the git master branch.

However, if you need to stick to the old API, there is a git branch liblognorm0, which contains the previous version of the library. This branch is also maintained for important bug fixes, so it is safe to use.

We recommend that packagers create packages both for liblognorm0 and liblognorm1. Note that liblognorm’s development packages cannot coexist on the same system as the PKGCONFIG system would get into trouble. Adiscon’s own packages follow this schema.

Note that rsyslog will soon begin to enjoy the benefits of liblognorm1. This resulst in a notable performance improvement for mmnormalize. Support will initially become available in v8.