rsyslog 8.37.0 (v8-stable) released

Today, we release rsyslog 8.37.0.

This release has a lot of smaller changes and fixes. They mostly revolve around general improvements in terms of error output and handling. There were also several enhancements for modules like ommail, omfile, imjournal and imrelp.

Notably is the work that went into the refactoring of the testbench, with newly enhanced plumbing and re-writing of most of the existing tests for better overview and easier test development.

For more details, please check out the Changelog below.

There were also updated dependencies. The new release requires librelp 1.2.17 and the packages have the most current version of librdkafka statically linked.



As always, feedback is appreciated.

Best regards,
Florian Riedl

Support Forum Set to Read-Only Mode

Support forums have been a great way to communicate with users, but they have come out of style. Over the years, we have seen a steady decline in usage, and for the past couple of month postings have almost exclusively been spam. So we follow the trend and have set the forums to read-only mode. For support please use these channels:

Adiscon Products and Services: please mail

rsyslog open source project: use the rsyslog mailing list

New Logo Selected

The rsyslog community selected a new logo! The winner is logo 1, also shown here to the right. That logo won with an overwhelming majority, and lead the polls on the mailing list, our original logo selection post as well as a dedicated poll we created for easier and anonymous voting.

The logo was originally contributed in 2014 by “robert s”, whom unfortunately I am no longer able to contact. While before we never officially adopted it, it went into widespread use and is already often used to represent rsyslog. So in a sense the now-official selection let’s us keep consistent.

We are glad to have the community decision. I am right now implementing the new logo all over rsyslog web spaces. It will also be available via the rsyslog website github project (PR just created).

Many thanks to all who voted. It was a pleasant experience for us. This may have also set stage for future polls on different topics.

What are your thoughts regarding current and potential rsyslog support channels?


Traditionally the rsyslog community has sought and provided support through three main channels:

  • mailing list
  • forums
  • ticketing system (at one time Bugzilla, now GitHub)

Over the years, the community support options have shifted to the point that we are considering retiring the forums in order to best direct users that post there to other, more current options that better fit their needs. It would appear that aside from specific cases, the time of the web forum has passed.

That said, we would like to get your feedback to best determine the way to move forward. What follows are some initial ideas to get the conversation started. Please feel free to respond here, via Twitter, the mailing list or on GitHub. Thank you for your time.

Potential Support options

The following items are all “whiteboard” topics, listed in no real order in an effort to start discussion. Neither the order or presence in the list indicates that a decision has already been made by the team to pursue the support option. Please feel free to suggest your own entries.

Keep the forums, send notifications of new posts made on the forums to the mailing list

  • Note: Attempts to respond to those notifications would not result in the replies being posted to the original topic on the forums.
  • Would this truly result in any additional responses to those forum posts than are currently being provided now?

Set forums to read-only, direct visitors to GitHub for support

  • Could GitHub serve as a replacement for the forums? If so, what do you think about mixing general questions with bug reports in the main project (rsyslog/rsyslog)?
  • Would a dedicated “project” (e.g., rsyslog/rsyslog-support) be useful?

Set forums to read-only, direct visitors to StackOverflow

It would appear there is already solid participation there for questions tagged with rsyslog:

Official Twitter presence

followers are encouraged to retweet rsyslog related questions, guides, etc to their followers.

This is actually a “trick” entry of sorts! We already have a Twitter account that you can follow and interact with: @rsyslog

  • Do you already follow that account?
  • Would you retweet content from others?
  • Would you respond to help requests that are retweeted
  • If links to active GitHub issues are posted, will you take the time to go view them?

Official Facebook presence

Would you participate in discussions and support requests made there?

IRC, XMPP, Slack, …

  • Would you participate?
  • Do you feel this could replace the forums?
  • Would this be more useful to you than the mailing list?

Help select a logo…

We need a new, a real logo. We have some candidates. Note that  logo 1 was originally contributed in 2014 by “robert s” (whom I no longer able to contact…). Unfortunately, we did never officially adopt it, primarily due to failure on my part. Nevertheless it got pretty popular on the Internet and is often associated with rsyslog.

Please let us know what you like by leaving either a comment here or posting to the mailing list. Alternatively, you can also cast your ballot via this online vote form.

We are of course open for any additional suggestions. We are also not upset if you let us know that we are not great logo designers – we know we are not 😉

In order to avoid past errors, I ask anyone to provide feedback within one week, so we will draw a “winner” by Feb, 8th 2018. To help facilitate the decision I will experimentally put logo 1 into some places tomorrow if there is no strong objection in doing so.

If  you want to have a look at our old old ugly logo have a look at e.g.

My personal 2cts: I as rsyslog maintainer (@rgerhards) have to admit that I have a strong preference for either logo 1 or logo 2.  Pro-logo 1 speaks IMHO that it is already associated with rsyslog. Together with its stylish simplicity, this makes it an excellent choice. I also need to say that I am a bit skeptic in regard to logo 6, simply because it breaks “r” and “syslog”.

Major CentOS7 RPM changes

We made some major changes to the way the RPMs for CentOS7/RHEL7 are built. We have adapted the spec file definitions of the base repo to build our own RPMs after we detected some trouble with the last released version. That means, that some things will also change, so our RPMs are more like the official ones.

Stock CentOS 7 8.24.0 package to 8.32.0-1 package upgrade

The upgrade completes and the same functionality present before is present here. Because the syntax was obsolete legacy format before and the format is obsolete legacy format now the /etc/rsyslog.d/listen.conf file passes validation checks (rsyslogd -N6) without issue.

That said, the /etc/rsyslog.d/listen.conf file doesn’t really do anything because the /etc/rsyslog.conffile disables local logging and the /usr/lib/systemd/system/rsyslog.repo unit file doesn’t enable socket activation (basically the symlink from /etc/systemd/system/syslog.service to /usr/lib/systemd/system/rsyslog.service wasn’t created and systemd doesn’t create the /run/systemd/journal/syslog socket for rsyslog to read from).

Not a problem here because the conf file was stock before and is still stock (now upstream Adiscon copy), so imjournal is used to pull log messages (API?) instead of via a socket.

Adiscon repo 8.31.0-4 stable package (with unmodified Adiscon RPM config) to 8.32.0-1 package upgrade

After installing the 8.31.0-4 package (the last one), systemctl disable rsyslog; systemctl enable rsyslog and that workaround seemed to allow that version to function as expected (restart, start, stop). A now performed upgrade to the new package and rebooted. Prior to that, attempting to run systemctl status rsyslogwarned me that I should run systemctl daemon-reload (or restart) to sort things out.

After a restart, all stock settings appeared to function normally. The upgrade (yum install rsyslog) pulled in the needed libfastjson package version without my explicitly specifying to install that package. The /etc/rsyslog.conf file included in the previous stable version was replaced, but this was to be expected because I did not modify the previous conf file (thus the checksums match).

Adiscon repo 8.31.0-4 with custom config to 8.32.0-1 package upgrade

In short, the symlink from /etc/systemd/system/syslog.service to /usr/lib/systemd/system/rsyslog.service wasn’t created and systemd doesn’t create the /run/systemd/journal/syslog socket for rsyslog to read from. In a setup where imuxsock is used, not imjournal this means that rsyslog was not able to read from the socket. To restore this functionality, you have to create a drop-in to restore the socket activation.

Once you did that and either rebooted or ran systemctl daemon-reload, the /run/systemd/journal/syslogsocket was restored.


Unmodified configurations should continue to work as before, so there is that.

Users of rsyslog who are using the Adiscon RPMs for a while now, may notice a change in the available module packages because the modules are now incorporated in the basic rsyslog package as in the RPM from the base repo. The affected module packages are (now no longer needed):


RSyslog Windows Agent 4.0 Released

Adiscon is proud to announce the 4.0 release of RSyslog Windows Agent.

RSyslog Windows Agent now fully supports Windows Server 2016 and is ready to be used in the most demanding environments.

Also, the latest RELP subsystem is now supported. As another highlight, internationalization has been enhanced by even better support and automatic detection of various character sets, including for example Japanese.

Detailed information can be found in the version history below.

Build-IDs: Service, Client


  • Added Windows 2016 Support.
  • Updated Syslog RFC3195 liblogging library
  • Updated librelp library to 1.2.11
  • File Monitor: Added support for UTF16 Big Endian


  • File Configuration: Fixed an issue loading file configuration when invalid characters where within config files like UTF8 BOM.
  • Syslog Server: Fixed internal issue when receiving empty syslog messages.

Version 4.0 is a free download. Customers with existing 3.x keys can contact our Sales department for upgrade prices. If you have a valid Upgrade Insurance ID, you can request a free new key by sending your Upgrade Insurance ID to Please note that the download enables the free 30-day trial version if used without a key – so you can right now go ahead and evaluate it.