ChangeLog

------------------------------------------------------------------------------
Version 8.36.0 [v8-stable] 2018-06-26
- build system change:
  Liblogging-stdlog was introduced to provide a broader ability to send rsyslog
  internal logs to different sources. However, most distros did not pick up
  that capability and so instead we do a regular syslog() call. We assume that
  the actual functionality is never used in practice, so we plan to retire it.
  That makes building rsyslog from source easier.
  The plan is to disable use of liblogging-stdlog by default during
  configure. So users (and distros!) can still opt-in to have it enabled if
  they desire.
  A couple of releases later, we want to completely remove the functionality,
  except if there has desire been shown in the meantime which justifies to keep
  liblogging-stdlog.
  This version disabled liblogging-stdlog by default. We now also
  emit a warning message ("liblogging-stdlog will go away") so that users
  know what is going on and my react.
  closes https://github.com/rsyslog/rsyslog/issues/2705
  see also https://github.com/rsyslog/rsyslog/issues/2706
- lookup tables: reload message now with "info" severity (was "error")
  thanks to Adam Chalkley for the patch
- imjournal: add statistics counter
  following statistics counter are now supported by imjournal
  - submitted = total number of messages submitted for processing
  closes https://github.com/rsyslog/rsyslog/issues/2549
- config: permit 4-digit file creation modes
  permit 4-digit file creation modes (actually 5 with the leading zero) so
  that the setgid bit can also be set (and anything else on that position.
  closes https://github.com/rsyslog/rsyslog/issues/1092
- imrelp bugfix: error message "librelp too old" is always emitted ...
  ... even if librelp is current. The codition check was actually missing.
  This commit adds it.
  closes https://github.com/rsyslog/rsyslog/issues/2712
- imrelp: segfault on startup when cert without priv key is configured
  closes https://github.com/rsyslog/rsyslog/issues/2747
- omrelp bugfix: segfault on first message sent when authmode was wrong
  A segfault could occur if the authmode was configured to an invalid value.
  This is now caught during config processing and an error is reported.
  closes https://github.com/rsyslog/rsyslog/issues/2743
- imfile/core bugfix: potential misadressing in string copy routine
  This can be exposed via imfile, as follows:
  - use a regex to process multiline messages
  - configure timeouts
  - make sure imfile reads a partial message
  - wait so that at least one timeout occurs
  - add the message termination sequence
  This leads to a misadressing, which may have no obvious effects potentially
  up to a segfault.
  closes https://github.com/rsyslog/rsyslog/issues/2661
- core: fix undefined behaviour (unsigned computation may lead to value < 0)
  This was detected by LLVM UBSAN. On some platforms re-setting the rawmsg
  inside the message object could lead to invalid computation due to the
  fact the the computation was carried out as unsigned and only then
  converted to integer.
  No known problem in practice.
------------------------------------------------------------------------------
Version 8.35.0 [v8-stable] 2018-05-15
- imptcp: add ability to configure socket backlog
  this can be useful under heavy load.
  For a detailled discussion see https://github.com/rsyslog/rsyslog/pull/2561
  Thanks to Maxime Graff for implementing this.
- omfile: do not permit filename that only consists of whitespace
- fmhash: new hash function module
  implements hash32() and hash64() functions
  Thanks to Harshvardhan Shrivastava for implementing these
- some better error messages
- imklog: add ratelimiting capability
  On Linux kernel logs are ratelimited only for messages using
  printk_ratelimit().  Some logs do not use this facility, so
  we ratelimit kernel ourselves.
  Thanks to Berend De Schouwer for the patch.
- omkafka: added impstats counters for librdkafka returned statistics
  Adds:
  * statscallback counters
  * librdkafka failure and error counters
  * acked message counter
  Thanks to Abdul Waheed for implementing this.
- imudp
  * use rsyslog message rate-limiter instead of home-grown one
    imudp introduced it's own (feature-limited) rate-limiting capability for
    message on disallowed senders before we had central rate-limiters
    inside rsyslog. Also, that code evolved from running on a single
    thread to running on multiple threads, which introduced data races
    and so made unreliable.
    Now we removed the old rate-limiting capability and depend on the
    system rate limiter for internal rsyslog messages.
    closes https://github.com/rsyslog/rsyslog/issues/2467
  * add stats counter "disallowed"
    counts the number of messages discarded due to being received from
    disallowed senders
    see also https://github.com/rsyslog/rsyslog/issues/2467
- imrelp: add parameter "oversizeMode"
  Permits to instruct librelp how to handle oversize messages. The new default
  is to truncate messages. Previously, the connection was aborted, what often
  lead to stuck messages at the sender side. Now, there are three options passed
  down to librelp:
  * abort - same behavior as previously, connection is aborted on error
  * truncate - do not abort but instead truncate oversize message to
               configured max size
  * accept - accept all oversize messages (note: this can cause security issues,
             see doc for details)
  see also https://github.com/rsyslog/rsyslog/pull/1525#issuecomment-384179393
  see also https://github.com/rsyslog/rsyslog/issues/2190
  closes https://github.com/rsyslog/rsyslog/issues/2633
  closes https://github.com/rsyslog/rsyslog/issues/1741
  closes https://github.com/rsyslog/rsyslog/issues/1782
  closes https://github.com/rsyslog/rsyslog/issues/2496
- core: consistent handling of oversize input messages
  In the community we frequently discuss handling of oversize messages.
  David Lang rightfully suggested to create a central capability inside
  rsyslog core to handle them.
  We need to make a distinction between input and output messages. Also,
  input messages frequently need to have some size restrictions done at
  a lower layer (e.g. protocol layer) for security reasons. Nevertheless,
  we should have a central capability
  * for cases where it need not be handled at a lower level
  * as a safeguard when a module invalidly emits it (imfile is an example,
    see https://github.com/rsyslog/rsyslog/pull/2632 for a try to fix it
    on the module level - we will replace that with the new capability
    described here).
  The central capability works on message submission, and so cannot be
  circumvented. It has these capabilities:
  * overisze message handling modes:
    - truncate message
    - split message
      this is of questionable use, but also often requested. In that mode,
      the oversize message content is split into multiple messages. Usually,
      this ends up with message segments where all but the first is lost
      anyhow as the regular filter rules do not match the other fragments.
      As it is requested, we still implemented it.
    - accept message as is, even if oversize
      This may be required for some cases. Most importantly, it makes
      quite some sense when writing messages to file, where oversize
      does not matter (accept from a DoS PoV).
  * report message to a special "oversize message log file" (not via the
    regular engine, as that would obviously cause another oversize message)
  This commit, as the title says, handles oversize INPUT messages.
  see also https://github.com/rsyslog/rsyslog/issues/2190
  closes https://github.com/rsyslog/rsyslog/issues/2681
  closes https://github.com/rsyslog/rsyslog/issues/498
  Note: this commit adds global parameters:
   * "oversizemsg.errorfile",
     is used to specify the location of the oversize message log file.
   * "oversizemsg.report",
     is used to control if an error shall be reported when an oversize
     message is seen. The default it "on".
   * add global parameter "oversizemsg.input.mode"
     is used to specify the mode with which oversized messages will
     be handled.
- omfwd: add support for bind-to-address for UDP
  To allow the same source address to be used regardless of the egress
  interface taken, an option is added for an address to bind the datagram
  socket to. Similarly to imudp, it is necessary to add an ipfreebind
  option which is set by default, so as to avoid an excess of errors at
  startup before the network interface has come up. This enhancement
  allows a usecase on networking devices, by which a source interface
  that is typically a loopback is specified, on which an address to bind
  to is configured. This is so that the same source address is used for
  all packets from rsyslog.
  Thanks to Mike Manning for the patch.
- template systemd service file proposes higher permitted file handle limit
  Especially on busy systems the default are too low. Please keep in mind
  that on a very busy system even the now-proposed setting may be too low.
  Thanks to github user jvymazal for the patch.
- imuxsock: replace select() call by poll()
  While extremely unlikely, imuxsock could abort if a file descriptor
  > 1024 was received during the startup phase (never occured in
  practice, but theoretically could if imfile monitored a large number
  of files and were loaded before imuxsock - and maybe other
  strange cases).
  see also https://github.com/rsyslog/rsyslog/issues/2615
- nsdsel_ptcp: replace select() by poll()
  This removes us of problems with fds > 1024. The performance will
  probably also increase in most cases.
  Note this is not a replacement for the epoll drivers, but a general
  stability improvement when epoll() is not available for some reason.
  see also https://github.com/rsyslog/rsyslog/issues/2615
  closes https://github.com/rsyslog/rsyslog/issues/1728
  closes https://github.com/rsyslog/rsyslog/issues/1459
- omprog: refactor tests, fix child closing issues
  Refactor omprog tests. Fix sync issues in these tests by
  using the feedback mode (confirmMessages=on) to synchronize
  the test with the external program. Closes #2403 (I hope)
  Fix omprog not properly closing child process when
  signalOnClose=on. Needed for the new tests. Closes #2599
  Fix omprog not waiting for the child process to terminate
  when signalOnClose=off. Needed for the new tests. Closes #2600
  Close all fds before executing the child even when valgrind
  is enabled (--enable-valgrind). Needed for the new tests.
  Fix memory leak when the xxxTransactionMark parameters were
  used.
  Thanks to Joan Sala for the patch.
- core: config optimizer did not handle call_indirect
  This also caused the emission of an "internal error" error message
  closes https://github.com/rsyslog/rsyslog/issues/2665
- debug support: add capability to print testbench-specific timeout reports
  done by setting RSYSLOG_DEBUG_TIMEOUTS_TO_STDERR to "on"
  this is by default activated inside the testbench
- mmgrok: fix potential segfault
  The modules used strtok(), which is not thread-safe. So it will potentially
  segfault when multiple instances are spawned (what e.g. happens on busy
  systems).
  This patch replaces strtok() with its thread-safe counterpart
  strtok_r().
  see also https://github.com/rsyslog/rsyslog/issues/1359
- imrelp bugfix: maxDataSize could be set lower than maxMessageSize
  maxDataSize specifies the length which will still be accepted
  It previously could be set to any value, including values lower than the
  configured rsyslog max message size, which makes no sense. Now this is
  checked an error message is emitted if the size is set too low.
- build system bugfix: build broken if liblogging-stdlog installed in custom path
  Thanks to Dirk Hörner for the patch.
- core bugfix: segfault on queue shutdown
  if a ruleset queue is in direct mode, a segfault can occur during
  rsyslog shutdown. The root cause is that a direct queue does not
  have an associated worker thread pool, but the ruleset destructor
  does not anticipate that and tries to destruct the worker thread
  pool. It needs to do this itself, as otherwise we get a race
  between rulesets on shutdown.
  This was a regression from
    https://github.com/rsyslog/rsyslog/commit/3fbd901b3e6300010
  closes https://github.com/rsyslog/rsyslog/issues/2480
- imfile bugfix: statefiles contain invalid JSON
  When imfile rewrites state files, it does not truncate previous
  content. If the new content is smaller than the existing one, the
  existing part will not be overwritten, resulting in invalid json.
  That in turn can lead to some other failures.
  closes https://github.com/rsyslog/rsyslog/issues/2662
- omfile bugfix: segfault if empty filename was given
  closes https://github.com/rsyslog/rsyslog/issues/2417
- fix build issues when atomic operations are not present
  for details, see https://github.com/rsyslog/rsyslog/pull/2604
- lmsig_ksils12 bugfix: build and static analyzer issues
  The module had a couple of problems building as well as some potential
  errors detected by clang static analyzer. These have been fixed.
  Thanks to Allan Park for the patch.
  closes https://github.com/rsyslog/rsyslog/issues/2517
- impstats bugfix: segfault if bound to non-existing ruleset
  segfault happens during shutdown; up until unload of impstats,
  rsyslog works correctly, except that no pstats are emitted. This
  can be considered to be expected, because the error message
  indicates the default ruleset is used instead. This is what
  now actually happens.
  closes https://github.com/rsyslog/rsyslog/issues/2645
- mmjsonparse bugfix: invalid container name was not detected
  in debug builds, this will trigger an assertion. In production
  builds, an rsyslog internal error is logged, but rsyslog
  continues to run.
  closes https://github.com/rsyslog/rsyslog/issues/2584
- mmkubernetes bugfixes: fix lnrules, add defaults, add test
  - Fix lnrules for CONTAINER_NAME
  - Add pkg check for lognorm >= 2.0.3 so we can set the macro
    to enable ln_loadSamplesFromString
  - Add some reasonable default values for parameters, such as
    kubernetesurl https://kubernetes.default.svc.cluster.local:443
  - Clean up sample.conf configuration file
  Thanks to Richard Megginson for the patch set.
- build system bugfix: --enable-atomic-operations did not work
  closes https://github.com/rsyslog/rsyslog/pull/2604
- bugfix: rsyslog aborts on startup when specific config errors are made 
  The following errors must be made in rsyslog.conf:
  * no action present
  * a call statement is used on an undefined ruleset
  In this case, rsyslog emits an error message on the missing actions and
  then segfaults. Depending on memory layout, it may also continue to run
  but do nothing except accepting messages as no action is configured.
  This patch make rsyslog properly terminate after the error message. It
  is a change in behavior, but there really is no reason why a defunct
  instance should be kept running.
  closes https://github.com/rsyslog/rsyslog/issues/2399
- build system: remove no longer needed --enable-libcurl configure switch
  The --enable-libcurl switch was added to be able to disable libcurl
  functionality inside the rsyslog core, see 46f4f43. As libcurl is no
  longer used inside the core (due to introducing function modules),
  --enable-libcurl needs to be removed.
  closes https://github.com/rsyslog/rsyslog/issues/2628
- QA/CI
  * fixed races in some tests; root cause was that default enq timeout was too
    low - we may also see in the future that other tests also need adjustment
    (note that this is not a code problem but rather slow CI environments,
    so increasing the timeout to get to a stable test state is the absoulutely
    correct thing to do)
  * enabled some additional useful compiler warnings
  * new test for diskqueue hitting configured disk space limit
  * new tests for omfile
  * added tests for mmkubernetes
  * added tests for some script functions that were missing them
  * made far more test compatible with FreeBSD, so that we now have fuller
    coverage there
------------------------------------------------------------------------------
Version 8.34.0 [v8-stable] 2018-04-03
- mmkubernetes: new module
  Thanks to Richard Megginson and Peter Portante for contributing the module.
- rsyslog script: introduce loadable function modules
  rsyslog scripting can now also be extended via loadable modules - they
  provides functions (just like loadable input, output, ... modules)
  see also http://jan.gerhards.net/2018/03/loadable-rainerscript-functions.html
- imfile: large refactoring of complete module
  This commit greatly refactors imfile internal workings. It changes the
  handling of inotify, FEN, and polling modes. Mostly unchanged is the
  processing of the way a file is read and state files are kept.
  This is about a 50% rewrite of the module.
  Polling, inotify, and FEN modes now use greatly unified code. Some
  differences still exists and may be changed with further commits. The
  internal handling of wildcards and file detection has been completely
  re-written from scratch. For example, previously when multi-level
  wildcards were used these were not reliably detected. The code also
  now provides much of the same functionality in all modes, most importantly
  wildcards are now also supported in polling mode.
  The refactoring sets ground for further enhancements and smaller
  refactorings. This commit provides the same feature set that imfile
  had previously and all existing CI tests pass, as do some newly
  created tests.
  Some specific changes:
  - bugfix: module parameter "sortfiles" ignored
    This parameter only works in Solaris FEN mode, but is otherwise
    ignored.  Most importantly it is ignored under Linux.
    fixes https://github.com/rsyslog/rsyslog/issues/2528
  - bugfix: imfile did not pick up all files when not present
    at startup
    fixes https://github.com/rsyslog/rsyslog/issues/2241
    fixes https://github.com/rsyslog/rsyslog/issues/2230
    fixes https://github.com/rsyslog/rsyslog/issues/2354
    fixes https://github.com/rsyslog/rsyslog/issues/1716
  - bugfix: directories only support "*" wildcard, no others
    fixes https://github.com/rsyslog/rsyslog/issues/2303
  - bugfix: parameter "sortfiles" did only work in FEN mode
    fixes https://github.com/rsyslog/rsyslog/issues/2528
  - provides the ability to dynamically add and remove files via
    multi-level wildcards
    see also https://github.com/rsyslog/rsyslog/issues/1280
  - the state file name currently has been changed to inode number
    This will further be worked on in upcoming PRs
    see also https://github.com/rsyslog/rsyslog/issues/2231
  - some enhancements were also done to CI tests, most importantly
    they were made more compatibile with BSD
  Note that most of the mentioned bug fixes cannot be applied to older
  versions, as they fix design issues which are solved by the refactoring.
  Thus there are not separate commits for them.
  There are probably also a number of different issues fixed, which have
  not yet been full confirmed. Especially anyone having troubles with imfile
  and wildcards will benefit from the refactoring.
  closes https://github.com/rsyslog/rsyslog/issues/2359
- omelasticsearch: add support for CA cert, client cert auth
  This allows omelasticsearch to perform client cert based authentication
  to Elasticsearch.
  adds parameters: tls.cacert, tls.mycert, tls.myprivkey
  Thanks to Richard Megginson for the patch.
- omfile-hardening: new contributed module for "omfile hardened operations"
  This extends omfile with features considered useful for hardening. Comes
  at the expense of performance loss and changed semantics.
  Thanks to Mikko Kortalainen for contributing this work.
- stream/bugfix: memory leak on stream open if filename as already generated
  this can happen if imfile reads a state file. On each open, memory for the
  file name can be lost.
  We detected this while working on imfile refactoring, so there is no related
  bug report. No specific test has been crafted, as the refactored imfile
  tests catch it (as soon as they are merged).
- bugfix/omkafka: did not build on platforms without atomic operations
  Thanks to github user bruce87en for the patch
- bugfix/core/ratelimiting: SystemLogRateLimitBurst was limited to 65535
  rsyslog uses unsigned short for configuration setting SystemLogRateLimitBurst.
  Being just 16 bits, unsigned short cannot hold values bigger than 65535. in a
  practical setting rsyslog misbehaved with SystemLogRateLimitBurst being bigger
  than 65535.
  Thanks to github user KaleviKolttonen for the patch.
- bugfix imfile: memory leak in readMode 0
  closes https://github.com/rsyslog/rsyslog/issues/2421
- bugfix omfile: some error messages had parameters in wrong order
  which made the message look strange, but still readable
  Thanks to Hans Rakers for the patch.
- bugfix omprog: file handle leak
  There was a fd leak in the feedback feature added in v8.31.0 (github PR #1753).
  The leak occurred when omprog was used with the confirmMessages=on setting
  and no output setting. One fd was leaked every time the external program was
  started.
  Thanks to Joan Sala for the patch.
- bugfix imuxsock: data alignment problems
  gcc did rightly complain that the cred and ts pointers would cause
  alignment problems, so they were converted to structs and the necessary
  data was memcpy()'ed to them.
  the aux[] buffer was also potentially misaligned, so making a union
  out of it and struct cmsghdr insured it was properly aligned.
  The problems were especially visible on alpha and ia64 machines.
  Thanks to Jason Duerstock for the fix.
- bugfix testbench: some test were accidently not executed
  Thanks to Kasumi Hanazuki for the patch.
- bugfix tcp subsystem: keepalive settings mixed up
  TCPKeepAliveIntvl and TPCKeepAliveTime were switched. This is now correct and
  thus causes a CHANGE OF BeHAVIOR of these settings. We applied this change only
  after careful consideration of the effect. The contributor Alexandre Pierret
  explained the situation as such:
  "From my side, I work with thousands of servers centralizing logs to rsyslog
  servers in tcp. All of them are running RHEL 6 and 7. The default rsyslog settings
  in RHEL is TCPKeepAlive off. Since there are thousands of connections on the
  rsyslog servers, I had to turn the TCPKeepAlive on to setup an agressive policy
  regarding ghost connections (following firewall tcp-timeout issue). Basically,
  I set up: intvl=10 - probe=5 - time=2 If intvl and time are switched, it won't
  break anything. It will just send 5 more empty tcp packets for 10 seconds (5
  probe x 2 seconds), which is painless (any professional grade 100€ router can
  send more than 1.000.000 PPS). For 3000 servers, it means 3000 pps for 5
  seconds (3000 servers x 2 back-and-forth / 2 seconds). Let's take another worst
  example: intvl=3600 - probe=5 - time=1. It means one keepalive every hour and
  a 5 retry every 1s after a network issue. If the time and intvl values are
  switched, it will generate 1 keepalive every seconds, It's a LOT more, but
  after 5 probe or packet, it will stop. To summarize, I think it won't
  break anything:
  * Keepalive is off by default is many linux distribution
  * When we enable it, it's to set up an agressive policy. And setting up a
    10-5-1, 60-5-2, 2-5-60 or 1-20-1 policy is almost the same.
  Bonus: For people setting up their rsyslog from the documentation, it will
  now work as expected."
  This was convincing, and we actually think that the fast majority of users set
  up keepalive based on the doc and did never verify it actually worked as
  excpected. So we think that in all those cases, rsyslog will finally work as
  intended. So we consider it justified to "change the behavior" here.
  full discussion in PR: https://github.com/rsyslog/rsyslog/pull/2367
  Thanks to Alexandre Pierret for analyzing the situation and providing the
  patch.
- fix some cosmetic issues found by lgtm.com static code analyzer
  e.g. header file guard not correctly set - if you really are interested in
  details, check git log
- CI
  * add build test without atomic operations - now catches missing mutex macros
  * add lgtm.com static analyzer (automatically called via GitHub PR)
  * improved stability of global-umask.sh test, which unnecessarily used
    wildcards for test output file checking.
    Thanks to Kasumi Hanazuki for the patch.
  * added some test for omprog with transactional interface
    Thanks to Joan Sala for the new tests.
  * fixed some omjournal tests which did not properly check result
------------------------------------------------------------------------------
Version 8.33.1 [v8-stable] 2018-03-06
- 8.33.0 tarball release was actually pre-8.33.0
  ... and so did not contain all features. This alone made a re-release
  necessary, which is what now happens with 8.33.1.
  Note: the git 8.33.0 label was correctly applied, "just" the tarball
  was wrong.
- devcontainer: use some more sensible defaults
  and add ability to specify generic docker run options
  this makes integration into CI (and other scripting) easier
- fix problems with make dist
  make dist did not package everything that was needed for CI, thus
  resulting in make check failures if build from tarball.
  Thanks to Thomas D. (whissi), and Michael Biebl for alerting us on the
  problem, providing advise and some of the patches. We also added addt'l
  patches ourselves. The problem occured as the CI check for tarball
  completeness was more or less disabled a couple of weeks ago, which
  unfortunately went unnoticed. We have also applied some more safeguards
  to detect such problems in the future.
------------------------------------------------------------------------------
Version 8.33.0 [v8-stable] 2018-02-20
- auto-detect if running inside a container (as pid 1)
  adjust defaults in this case to be more container-friendly
- config: add include() script object
  This permits to include files (like legacy $IncludeConfig) via a
  script object. Needless to say, the script object offers more
  features:
  - include files can now be
    - required, with rsyslog aborting when not present
    - required, with rsyslog emitting an error message but otherwise
      continuing when not present
    - optional, which means non-present include files will be
      skipped without notice
    This is controlled by the "mode" parameter.
  - text can be included form e.g. an environment variable
    --> ex: include(text=`echo $ENVVAR`)
  This finally really obsoletes $IncludeConfig.
  closes https://github.com/rsyslog/rsyslog/issues/2151
- template: add option to generate json "container"
  This enables easy JSON generation via template.
  This commit also corrects an issue with the constant "jsonf"
  format. That was recently added, and the implementation problem
  only became visible when used inside a larger json object. No
  officially released code is affected, thought - so it rellay
  is just a side-note.
  closes https://github.com/rsyslog/rsyslog/issues/2347
- core/template: add format jsonf to constant template entries
  closes https://github.com/rsyslog/rsyslog/issues/2348
- config: add ability to disable config parameter ("config.enabled")
  For auto-generated configs, it is useful to have the ability to disable some
  config constructs even though they may be specified inside the config. This
  can now be done via the ```config.enabled``` parameter, applicable to all
  script objects. If set to ```on``` or not specified, the construct will be
  used, if set to any other value, it will be ignored. This can be used
  together with the backtick functionality to configure enable and disable
  from either a file or environment variable.
  closes https://github.com/rsyslog/rsyslog/issues/2431
- script: permit to use environment variables during configuration
  new constant string type "backticks", inspired by sh
  (sample: `echo $VARNAME`).
- new global config parameter "shutdown.enable.ctlc"
  permits to shutdown rsyslog via ctl-c; useful e.g. in containers
- config optimizer: detect totally empty "if" statements and optimize
  them out
- template: constant entry can now also be formatted as json field
  This enhancements permits to craft clean templates that generate JSON,
  e.g. for ElasticSearch consumption (or any other REST API)
- omstdout: support for new-style configuration parameters added
- core: set TZ on startup if not already set
  In theory, TZ should be set by the OS. Unfortuantely, this seems
  to be not the case any longer on many Linux distros. We now check
  it and set it appropriate if not already given.
  Thanks to github user JPvRiel for providing an excellent explanation
  of the reasoning for this and how to work around it.
  closes https://github.com/rsyslog/rsyslog/issues/2054
- imjournal bugfix: file handle leak during journal rotation
  Thanks to Peter Portante for the patch
  see also: https://github.com/rsyslog/rsyslog/pull/2437
- lmsig_ksils12 bugfix: dirOwner and dirGroup config was not respected
- script bugfix: replace() function worked incorrectly in some cases
  If the end of the message was similar to the replacement string, parts
  of the string could (not always) be missing.
  Thanks to Yaroslav Bo for the patch.
- build system bugfix: --disable-libcurl did not work
  Thanks to Dan Molik, Thomas D. (whissi), and Michael Biebl for the patches.
- fixed build issues on Alpine Linux
- core bugfix: misadressing in external command parser
  This parser is used whenever a module (e.g. omprog) needs to process
  command lines. If command parameters were given, memory misadressing
  occured. This could lead to a segfault.
  This is a regression in 8.32.0.
  closes https://github.com/rsyslog/rsyslog/issues/2408
- core bugfix: small memory leak in external command parser
  This parser is used whenever a module (e.g. omprog) needs to process
  command lines. On each action definitions for actions that use the
  parser a small amount of memory was leakd. It is an uncritical leak
  as it only occurs during config parsing. So it leaks a couple of
  KiB during startup but does not grow during actual message processing.
  This is a regression in 8.32.0.
- core bugfix: string not properly terminated when RFC5424 MSGID is used
  This could lead to misadressing when the jsonmesg property was used.
  closes https://github.com/rsyslog/rsyslog/issues/2396
- bugfix: strndup() compatibility layer func copies too much
  The function did not obey the upper limit, effectively becoming
  a strdup(). This was only noticed when the compatibility layer
  was required, most importantly on Solaris 10.
- CI system
  - we now use well-defined containers for parts of the CI runs
  - now also build test under Alpine Linux
  - test added for omprog feedback feature
------------------------------------------------------------------------------
Version 8.32.0 [v8-stable] 2018-01-09
- NEW BUILD REQUIREMENTs:
  * libfastjson 0.99.8 is now required; older versions lead to bugs in rsyslog
  * libczmq >= 3.0.2 is now required for omczmq
    This was actually required for quite some while, but not properly checked
    during configure run. If the lib was older, build failed. Now configure
    detects this and emits the appropiate error message.
  * libcurl is now needed for rsyslog core
    due to new script function http_request(). This can be turned off by the
    new configure option --disable-libcurl. If so, http_request() is not
    available.
- rsyslogd: add capability to specify that no pid file shall be written
  Command line option -iNONE provides this capability. This utilizes the
  pre-existing -i option, but uses the special name "NONE" to turn of the
  pid file check feature. Turning off is useful for systems where this no
  longer is needed (e.g. systemd based).
  closes https://github.com/rsyslog/rsyslog/issues/2143
- ompgsql: considerable enhancements
  The PostgreSQL output module was woefully out-of-date the following
  list is changes made to update the module to current Rsyslog standards.
    * allow for v6 configuration syntax
    * configurable ports
    * support transactional interface
    * push db connection into workers (libpq is threadsafe)
    * enable module testing on travis
    * ensure configuration syntax backwards compatibility
    * formatting around postgres core templating
    * use new test conventions
    * add new configuration syntax test
    * add valgrind tests for new and old syntax
    * add threading tests
    * add action queue long running tests
    * add action queue valgrind test
  Thanks to Dan Molik for contributing this great enhancement!
- build system: removed --enable-rtinst configure option
  This was a historic debugging option which has been superseeded by
  newer tools like valgrind, helgrind, ASAN, TSAN, etc...
- pmrfc3164: support for headerless messages
  pmrfc3164 now detects if the first non-SP, non-HT character is either
  '{' or '[' and if so assume that no header (TAG, HOSTNAME, DATE) is
  given. If so, it uses defaults for these values. The full message is
  used as the MSG part in that case. Note that an initial PRI may still
  be specified.
  This follows the trend to send JSON messages via syslog without any
  header. We use default header values in this case.
  This right now is a bit experimental; we may roll it back if
  problems show up in practice.
  closes https://github.com/rsyslog/rsyslog/issues/2030
- omhiredis: add option to use RPUSH instead of LPUSH
  see also https://github.com/rsyslog/rsyslog/issues/1625
- mmexternal improvements
  * better error reporting if to-be-executed script cannot be executed
  * some general cleanup
  * better redirection of stdin/out/err for the executed script
  * bugfix: argv[0] of the script was missing if command line parameters
    were not specified
- omprog: refactored, code shared with mmexternal moved to common object
- logctl tool: refactor to support newer rsyslog standards
  * Made the logctl usertool ISO C90 compliant.
  * Made the logctl usertool use a homogeneous coding style.
  Thanks to Hugo Soszynski for contributing this work (as well as
  suggesting some workarounds related to libmongoc/libbson).
- imfile: added support for Solaris File Event notification (FEN)
  also improves performance under Solaris, with FEN imfile provides
  features equivalent to inotify mode
- core/action: new parameter "action.errorfile"
  permits to write failed messages to an "error file" so that they
  can be reviewed and potentially be reprocessed
- imfile: added new module parameter "sortFiles"
  This permits to process newly created files in sorted order.
- imuxsock: improved status reporting: socket name received from systemd
  Providing an indication of what we got from systemd facilitates problem
  analysis.
- build system: added new testbench configure switches
  now --enable-testbench1 and --enable-testbench2 exists which permit
  to enable/disable parts of the testbench. By default, both are on
  when --enable-testbench is given. For full testbench coverage, both
  options must be given. These options are necessary because under
  Travis we hit the max runtime for tests and needed to split tests
  over multiple incarnations.
- mmpstrucdata: new parameter "sd_name.lowercase"
  to permit preserving case for structured data identifiers
  Special thanks to github user alanrobson for the intial commit that
  preseves case (on which we based other work).
- omfile: add module-global option "dynafile.donotsuspend"
  this permits to enable SUSPENDing dynafile actions. Traditionally,
  SUSPEND mode was never entered for dynafiles as it would have blocked
  overall processing flow. Default is not to suspend (and thus block).
  closes https://github.com/rsyslog/rsyslog/issues/2236
- testbench: add a capability to turn off libfaketime tests via configure
  Unfortunately, libfaketime becomes more and more problematic in newer
  versions and causes aborts on some platforms. This provides the ability
  to turn it off via --disable-libfaketime.
  In the longer term, we should consider writing our own replacement.
- testbench: name valgrind tests consistently
  all valgrind tests now end in -vg.sh
- RainerScript: add function parse_json()
- RainerScript: add function substring()
- RainerScript: add function http_request()
- RainerScript: add function previous_is_suspended()
  This function returns a boolean indicating if the previous action is
  suspended (0 - no, 1 - yes). This is useful if arbitrary processing
  (other than calling actions) should be made depending on that state.
  A prime example for this is probably calling a ruleset.
  closes https://github.com/rsyslog/rsyslog/issues/1939
- Patches from BSD projects have been imported
  ... as far as they still apply. Some patches that patched BSD-specific
  code were broadened to be more generic.
- script bugfix: invalid function names were silently ignored
  no error message was produced
  thanks to Matt Ezell for providing the patch.
- rainerscript: add int2hex() function
- rainerscript: add is_time() function
  Thanks to Stephen Workman for implementing this.
- RainerScript: add function script_error() and error-reporting support
  This permits script functions that could fail to report errors back, so
  that the user can handle them if desired. We use an errno-style of
  interface. That means script_error() needs to be called after functions
  that supports it. It will return either 0 (all OK) or something else
  (an error condition).
  The commit also modifies the parse_time() function to use the new
  interface. First of all, this is useful for users, and secondly we
  needed a capability to craft a testbench test.
  closes https://github.com/rsyslog/rsyslog/issues/1978
- testbench: fixed build problem of testbench tools under Alpine Linux
- added --enable-libsystemd configure option to enforce use of libsystemd
  so we can fail the build on platforms where this is required
- core/glbl: remove long-unused option $optimizeforuniprocessor
  This was still available, but had no effect (for ~10 years or so). The
  plumbing is now removed. If someone tries to use the option, an
  error message is generated.
  closes https://github.com/rsyslog/rsyslog/issues/2280
- core/queue: emit better status messages at rsyslog shutdown
  this helps to diagnose issue - unfortunately we need more work to ensure
  that the messages always make it to the user. This is a start and
  hopefully useful at least for the testbench, possibly more.
- fixed a couple of build issues with gcc-7 (in less frequently used modules)
- fixed a couple of build issues on the arm platform (actually raspbian)
- impstats: fix invalid counter definitions for getrusage() reporting 
  some of the counters were defined as  int (32 bit) vs. intctr_t (64 bit).
  On some platforms "long" seems to be 64bit, and getrusage() provides
  what we store as int via long. So this caused truncation and/or overflow.
  This had undefined effects. Most often, everything worked fine
  for values smaller than 2^31 but sometimes we got negative values.
  closes https://github.com/rsyslog/rsyslog/issues/1517
- imudp bugfix: potential segfault in ratelimiting
  The rate-limiter inside imudp was not set to be thread safe, but was
  used across multiple threads. This worked in default configuration,
  but failed when RepeatedMsgReduction was set to "on".
  Note that it in general is a bug to use a rate-limiter in
  non-threadsafe mode across multiple threads. This also causes invalid
  rate limiting counts in the default case.
  closes https://github.com/rsyslog/rsyslog/issues/441
  fixes https://github.com/rsyslog/rsyslog/issues/2132
- imptcp bugfix: access to free'ed memory
  When notifyconnectionclose was on, a string buffer was accessed immediately
  after it was freed (as part of the connection close operation).
  Detected by LLVM ASAN.
- mmanon bugfix: fix wrong ipv6 embedded recognition
  mmanon recognized IPv6 with embedded IPv4 that have too few (16 bit) fields.
  example: 13:abd:45:0.0.0.0
  closes https://github.com/rsyslog/rsyslog/issues/2357
- imfile bugfix: not detecting files in directory when wildcards are used.
  When directories and files are created at the same time,
  imfile may missed subdirs or file if the machine is on high load.
  The handling has been enhanced to scan newly created directories ALWAYS for
  matching files.
  fixes https://github.com/rsyslog/rsyslog/issues/2271
  However there still exist problems with multilevel directory configurations.
  Details are discussed in https://github.com/rsyslog/rsyslog/issues/2354
  Fixes for the remaining issues are expected for 8.33.0.
- script bugfix: improper string-to-number conversion for negative numbers
- core/action bugfix: 100% CPU utilization on suspension of output module
    Triggering condition:
    * output module using the legacy transaction interface
      (e.g. omelasticsearch, omlibdbi)
    * output module needs to suspend itself
  In these cases, rsyslog enters a busy loop trying to resolve the
  suspend condition. The bug is rooted in rsyslog core action code.
  This patch fixes it by inserting a 1-second sleep during calls
  to the resume handler.
  Note: we cannot sleep exactly as long as tryResume needs. This
  would require larger refactoring, which probably is not worth for
  the legacy interface. The current solution is almost as good, as
  the one second sleep has very little overhead on a real system.
  Thus we have choosen that approach.
  This patch now also ensures that failed messages are properly
  handled and do not cause eternal hang.
  closes https://github.com/rsyslog/rsyslog/issues/2113
- core/variables bugfix: bare $! cannot be used in set statement
  fixes https://github.com/rsyslog/rsyslog/issues/326
- core bugfix: auto commit of actions improperly handled
  The internal state variable bHadAutoCommit was handled in thread-unsafe way
  and most probably caused (hard to see) issues when action instances were
  run on multiple worker threads. It looks like the state variable was
  forgotten to move over to worker state when action workers were introduced.
  closes https://github.com/rsyslog/rsyslog/issues/2046
- core bugfix: filename length limitation of 199 bytes
  file names (including path names) longer than 199 bytes could not be
  handled at many places. This has now been uplifted to 4KiB after careful
  review for the largest size supported among all relevant platforms.
- core bugfix: undefined behavior due to integer overflow
  when searching strings, we may have an (unsigned) interger overflow
  which can lead to misadressing.
  Detected by clang ubsan.
- core bugfix: race on LocalHostIP property during startup
  The way the default was set could lead to a race if e.g. two internal
  messages were emitted at startup when the property was not yet set. This
  has been seen to happen in practice. It had no bad effect except a very
  small stationary memory leak, but made using thread analyzers unreliable
  (as it was rightfully detected as a problem).
  closes https://github.com/rsyslog/rsyslog/issues/2012
- bugfix: potential segfault on startup
  timezone info table was "sorted" even though it may be NULL. There is
  no practical case known where this lead to an actual abort, but in
  theory it would be possible. If so, it would happen immediately on
  startup.
  Detected by clang ubsan.
- omhiredis bugfix: rsyslog segfault on startup if no template is specified
- omprog bugfix: argv[0] not set when using binary without arguments
  When using the omprog plugin with a binary without arguments, argv[0] (the
  name of the binary) is not set, causing binaries that depend on this value
  being set to crash or misbehave.
  This patch also mildly refactors omprog argv[] creations, albeit some more
  refactoring would be useful.
  closes https://github.com/rsyslog/rsyslog/issues/1858
- core: refactoring of rsyslog's cstr "class"
  Function cstrGetSzStrNoNULL shall modified the string buffer on each call,
  albeit it is considered a "read-only" function. It currently adds a '\0'
  at the end. This is bad, especially when multiple threads access the same
  string. As always the same data is written, it was not causing real issues
  (except unnecessary cache writes), but it polluted the thread debugger and
  as such prevent more elaborate automatted tests.
- parent directory creation function refactored
  This should not cause any change of behavior, but is worth noting in case
  we see a regression not caught by the CI system.
- mmsnmptrapd bugfix: potential misadressing
  This only occured in situations when the system was totally out of memory.
- imkafka: fix potential small ressource leak
  If rdkafka handle cannot fully populated, cleanup is added. Previously, we
  could leak a handle if e.g. no brokers were avaiable. Note that this was
  a cosmetic leak, as proper processing is not possible in any case and the
  leak is once per listener, so not growing. But we now also ensure that
  proper error reporting and handling is done in any case. Previously, we
  may have some misleading error messages if the defunct kafka handle was
  used.
  closes https://github.com/rsyslog/rsyslog/issues/2084
- imkafka bugfix: do not emit error message on regular state
  This was misunderstood as an error state and could spam the system
  log considerably. Regression from 8.31.0.
- omkafka: expose operational status to user where useful
  omkafka emits many useful operational status messages only to the debug
  log. After careful review, we have exposed many of these as user error
  and warning message (ex: librdkafka queue full, so user knows why we
  suspend the plugin temporarily). This may have made the module too
  chatty. If so, one can always filter out messages via configuration. And
  if we really went overboard, we can undo those parts with the next
  release. So it's better to give a bit more than less, as this definitely
  eases troubleshooting for users.
  closes https://github.com/rsyslog/rsyslog/pull/2334
- omkafka bugfix: potential message duplication
  If a message that already failed in librdkafka was resubmitted and that
  resubmit also failed, it got duplicated.
- omkafka: fix multithreading
  omkafka has several issue if multiple worker instances are used. This commit
  actually make the module use a single worker thread at max. Reasoning:
  Librdkafka creates background threads itself. So omkafka basically needs to move
  memory buffers over to librdkafka, which then does the heavy hauling. As such, we
  think that it is best to run max one wrkr instance of omkafka -- otherwise we just
  get additional locking (contention) overhead without any real gain. As such,
  we use a global mutex for doAction which ensures only one worker can be active
  at any given time. That mutex is also used to guard utility functions (like
  tryResume) which may also be accessed by multiple workers in parallel.
  Note: shall this method be changed, the kafka connection/suspension handling needs
  to be refactored. The current code assumes that all workers share state information
  including librdkafka handles.
  closes https://github.com/rsyslog/rsyslog/issues/2313
- omkafka bugfix: potential misadressing
  The failed message list is improperly cleaned. This is a regression
  from recent commit 4eae19e089b5a83da679fe29398c6b2c10003793, which
  was introduced in 8.31.0.
  This problem is more likely to happen under heavy load or bad
  connectivity, when the local librdkafka queue overruns or message
  delivery times out.
  closes https://github.com/rsyslog/rsyslog/issues/2184
  closes https://github.com/rsyslog/rsyslog/issues/2067
- omkafka bugfix: build fails with older versions of librdkafka
  closes https://github.com/rsyslog/rsyslog/issues/2168
- omgssapi bugfix: fix compiler warnings with gcc-7
  closes https://github.com/rsyslog/rsyslog/issues/2097
- dnscache bugfix: entries were cached based on IP AND port number
  That  hash key which is used to find out already cached dns entry gets
  incorrectly computed from the whole sockaddr_storage
  (sockaddr_in/sockaddr_in6) structure including a sin_port (which doesn't
  have a static value) instead of only an address, thus creating redundant
  dns cache entries/consuming more space. This lead to potentially high memory
  usage and ineffectiveness of the case. It could be considered a memory leak.
  Thanks to Martin Osvald for the patch.
  see also: https://github.com/rsyslog/rsyslog/pull/2160
- omkafka bugfix: fixed memory leak
  a memory leak occurred when librdkafka communicated error/status information
  to omkafka. this seems to happen relatively frequently, so this leak
  could be pretty problematic.
- mmdblookup bugfix: replace thread-unsafe strtok() by thread-safe counterpart
  Many thanks to Will Storey (github user @horgh) for mentioning this and
  his phantastic help in debugging this rsyslog problem!
- pmnormalize bugfix: remove unsave "strcat" implementation
- rainerscript bugfix: ltrim() and rtrim function misadressing
  This could lead to a segfault and was triggerred by certain input data
  schemes. For example, a ltrim(" a") could lead to the fault.
- imklog bugfix: local host IP was hardcoded to 127.0.0.1
  This is now taken from the global localHostIP setting, which is used
  consistent accross all modules.
  Also, the removed (2012?) directive $klogLocalIPIF has been added
  again but directly marked as removed. That way, an informative error
  message is generated if someone tries to use it.
  closes https://github.com/rsyslog/rsyslog/issues/2276
- cleanup: remove obsolete pre-KSI GuardTime signature interface
  this is no longer functional starting Jan 2018 as it reached end of life
  closes https://github.com/rsyslog/rsyslog/issues/2128
- cleanup: obsolete defintion SOL_TCP replaced by newer IPPROTO_TCP
  this should not have any effect at all except better portability, but is
  worth mentioning in the ChangeLog nevertheless.
- lookup tables: fixed undefined behavior detected by UBSan
- CI testing
  - ARM (via Raspberry PI) added to CI system
  - Debian 9 added to CI system
  - omgssapi and usertools components are now also tested in Travis
  - test coverage on BSD has been enhanced
------------------------------------------------------------------------------
Version 8.31.0 [v8-stable] 2017-11-28
- NEW BUILD DEPENDENCY: ommongodb now requires libmongo-c
  instead of deprecated libmongo-client.
- remove systemd embedded code, use libsystemd instead
  Since the early days rsyslog used the orginal systemd embedded
  interface code. This version now uses libsystemd where available.
  If we do not find libsystemd, we assume the system does not use
  systemd, which is a safe assumption nowadays. This ensures we use the
  fresh interface code and also removes bloat from our project.
  closes https://github.com/rsyslog/rsyslog/issues/1933
- mmanon: add support for IPv6 adresses with embedded IPv4 address
  While this format is uncommon, it may still be present in logs and as
  such should be supported. It is configurable via individual settings,
  though. Especially the number of bits to anonymize may be desired to
  be different than in pure IPv6.
- ommongodb: big refactoring, more or less a feature-enhanced rewrite
  New features are :
  * Handle TLS connexion to mongodb
  * Handle MongoDB Replicasets
  * Added the 'ssl_ca' and 'ssl_cert' directives to configure tls connexion
  * Added 'uristr' directive to configure the connection uri in the form
    of 'mongodb://...'
  Now uses the official mongo-c-driver library instead of the deprecated
  mongo-client library
  Special thanks to Hugo Soszynski and Jérémie Jourdin for there hard work
  to make this a reality!
  See also: https://github.com/rsyslog/rsyslog/pull/1917
- rainerscript: add parse_time() function
  Thanks to Stephen Workman for implementing this.
- omelasticsearch: add LF to every elastic response for error file
  error file content was written without LF after each message, making
  it hard to work with and monitor.
  Thanks to Yaroslav Bo for the patch.
- omelasticsearch: add pipeline support
  supports static and dynamic ElasticSearch pipeline parameter.
  closes https://github.com/rsyslog/rsyslog/issues/1411
  Thanks to github users scibi and WaeCo for the implementation.
- lmsig_ksi_ls12: support asynchronous mode of libksi
- omprog: added error handling and transaction support for external plugins
  This permits much better integration of external output modules.
  Special thanks to Joan Sala for providing this work!
- imzmq3/omzmq3: marked as deprecated, modules will be remove in v8.41
  see also: https://github.com/rsyslog/rsyslog/issues/2100
- imzmq3/omzmq3: fixed build issues with gcc-7
- core: emit error message on abnormal input thread termination
  This indicates a serious issue of which the user should be notified.
  Was not done so far and caused grief when troubleshooting issues.
- core: refactored locking for json variable access
  refactored the method so that it consistent in all functions and easier
  to follow. Most importantly, now an as simple as possible locking paradigm
  of lock ... unlock within the function. Hopefully easier to understand
  both for humans and static code analyzers.
- core: refactored creation of UDP sockets
  was very old, hard to follow code; streamlined that a bit
- core/dnscache: refactor locking
  keep a simple lock ... unlock scheme within the function. That is
  easier to follow for both humans as well as static analyzers.
  Also removes Coverity scan CID 185419
- rainerscript: use crypto-grade random number generator for random() function
  We now use /dev/urandom if available. If not, we fall back to the weak PRNG.
- imkafka: improve error reporting and cleanup refactoring
- imkafka bugfix: segfault if "broker" parameter is not specified
  Now emits warning message instead and uses hardcoded default
  (which usually matches where the kafka broker can be found).
  fixes https://github.com/rsyslog/rsyslog/issues/2085
- omkafka: improve error reporting
- omkafka: slight speedup do to refactoring of LIST class
  double-linked list was used for temporarily undeliverable message tracking
  where singly-linked list was sufficient. Changed that.
- TCP syslog: support SNI when connecting as a client
  This is done if a hostname is configured and turned off if an IP is used.
  Thanks to Art O Cathain for the patch.
  see also https://github.com/rsyslog/rsyslog/pull/1393
- msg variable bugfix: potential segfault on variable access
  A segfault is likely to happen if during processing a variable with
  more than one path component is accessed (e.g. $!path!var) and NO
  variables oft hat kind (local, message, global) are defined at all.
  closes https://github.com/rsyslog/rsyslog/issues/1920
- ratelimiting bugfix: data race in Linux-like ratelimiter
  access to the Linux-like ratelimiter was not properly synchronized, and
  the system rate-limiter was not using it in any case.
  This could lead to the rate-limit settings not being properly
  respected, but no "hard error".
- core/template bugfix: potential NULL pointer access at config load
  could happen if the config was loaded and the parameters could not properly
  be processed. If so, this occured only during the startup phase.
  Detected by Coverity scan, CID 185318
- core/json var subsystem bugfix: segfault in MsgSetPropsViaJSON
  Invalid libfastjson API use lead to double-free. This was most importantly
  triggerred by mmexternal (but could potentially be triggered by other
  uses as well)
  closes https://github.com/rsyslog/rsyslog/issues/1822
- core/wrkr threads bugfix: race condition
  During e.g. shutdown it could happen that a worker thread was started
  and immediately be requested to terminate. In such situations there was
  a race the prevented proper initialization. This could lead to follow-on
  problems.
  We believe (but could not proof) that this also could lead to a hang of
  the termination process. Thus we claim to close an issue tracker down
  here below, but are not 100% certain it really closes it (we hope for
  user feedback on this). In any case, the thread debuger showed invalid
  operations and this has been fixed, so it is useful in any case.
  closes https://github.com/rsyslog/rsyslog/issues/1959
- core/wtp: potential hang during shutdown
  when the wtp worker is cancelled in the final stage of shutting down
  while the mutex is locked and there is one worker left, the system
  will hang. The reason is that the cancelled thread could not free the
  mutex that the other needs in order to shut down orderly.
  Deteced with clang thread sanitizer.
- omfwd bugfix: generate error message on connection failure
- imtcp bugfix: "streamdriver.mode" parameter could not be set to 0
- imjournal bugfix: module was defunctional
  The open function was broken by commit 92ac801, resulting in
  no data being ever read from the journal.
  patch bases on the idea of Radovan Sroka given here:
  https://github.com/rsyslog/rsyslog/issues/1895#issuecomment-339017357
  but follows the current imjournal-paradigm of having the journal
  handle inside a global variable.
  see also https://github.com/rsyslog/rsyslog/issues/1895
  closes https://github.com/rsyslog/rsyslog/issues/1897
- imjournal: refactor error handling, fix error messages
  imjournal did not try to recover from errors and used the error state
  returned by journal functions incorrectly, resulting in misleading
  error messages. Fixed this and also increased the number of error
  messages so that it now is easier to diagnose problems with this module.
  Also a little bit of internal brush-up.
 -mmdblookup bugfix: fix potential segfault due to threading issues
  libmaxminddb seems to have issues when running under multiple threads. As
  a first measure, we prevent mmdblookup now from running on more than one
  thread concurrently.
  see also: https://github.com/rsyslog/rsyslog/issues/1885#issuecomment-344882616
- omelasticsearch bugfix: operational error messages not passed to user
  This lead to sometimes hard to diagnose problem. Note that for obvious
  raesons the amont of messages from omelasticsearch has increased; this
  is not a sign of a problem in itself -- but it may reveal problems that
  existed before and went unnoticed. Also note that too-verbose messages
  can be filtered out via regular rsyslog methods (e.g. message discarding
  based on content).
- omkafka bugfixes
  * statistics counter maxoutqsize could not be reset
    Thanks to github user flisky for the patch.
  * potential hang condition
    omkafka did not release a mutex under some error conditions (most
    notably out of memory on specific alloc calls). This lead to a hang
    during actively processing messages or during shutdown (at latest).
    This could happen only if dynamic topics were configured.
    Detected by Coverity Scan, CID  185781 (originally 185721, detected
    as a different issue by Coverity after code refactoring done in regard
    to 185721 -- then the problem became more obvious).
  * file handle leak, which could occur when local buffering
    of messages was needed
  * invalid load of failedmsg file on startup if disabled
    error "rsyslogd: omkafka: could not load failed messages from "
    "file (null) error -2027 - failed messages will not be resend."
    occurs because, depite `keepFailedMessages="off"` as a default,
    omkafka still tries to check for and load a `(none)` file which
    triggers an IO error of sorts according to the 2027 link above.
    Obviously, it probably shouldn't try load the file if
    `keepFailedMessages` is not enabled.
    Thanks to github user JPvRiel for a very good error report and
    analysis.
    closes https://github.com/rsyslog/rsyslog/issues/1765
  * various config parameters did not work
    These were not even recognized when used and lead to a config startup
    error message:
    ~ closeTimeout
    ~ reopenOnHup
    ~ resubmitOnFailure
    ~ keepFailedMessages
    ~ failedMsgFile
    closes https://github.com/rsyslog/rsyslog/issues/2052
  * considerable memory leak
    Whenever a message could (temporarily) not be delivered to kafka,
    a non-trivial amount of memory was leaked. This could sum up to
    quite a big memory leak.
    fixes https://github.com/rsyslog/rsyslog/issues/1991
  * some small memory leaks fixed
    most of them cosmetic or a few bytes statically (not growing as
    omkafka was used) -- thus we do not mention each one explicitely.
    For more details, see git commit log or this pull request:
    https://github.com/rsyslog/rsyslog/pull/2051
- kafka bugfix: problem on invalid kafka configuration values
  omkafka ended up in an endless loop and high cpu.
  imkafka tried to subscribe to a not connected kafka server.
  closes https://github.com/rsyslog/rsyslog/issues/1806
- [io]mgssapi: fix build problems (regression from 8.30.0)
- [io]czmq: fix build problems on some platforms (namely gcc 7, clang 5)
- tcpsrv bugfix: potential hang during shutdown
- queue bugfix: potential hang during shutdown
- queue bugfix: NULL pointer dereference during config processing
  If the queue parameters were incorrectly given, a NULL pointer derefernce
  could happen during config parsing. Once post that stage, no problem could
  occur.
  Detected by Coverity scan, CID 185339
- imczmq bugfix: segfault
  happened in a call to
    371: zcert_destroy(&serverCert) called from rcvData().
  Thanks to ~achiketa Prachanda for the patch.
- imfile: some small performance enhancements
  Thanks to Peter Portante for the patch
- omfile: hande file open error via SUSPEND mode
  For a while, an open file error lead to suspension as the error was
  not detected by the rule engine. This has changed with fixes
  in 8.30.0. I asked users what they prefer (and expect) and
  everyone meant it should still be handled via suspension. See
  github tracker below for more details.
  closes https://github.com/rsyslog/rsyslog/issues/1832
- omfile bugfix: race during directory creation can lead to loop
  There was a race where two threads were competing for directory creation
  which could lead to none succeeding and a flood of error message like this
  "error during config processing: omfile: creating parent directories for
  file". This has been solved.
  Thanks to Niko Kortström for the patch.
- imudp: improve error reporting
  When udp listener cannot be created, an error message containing
  the ip-address and port is put out.
  closes https://github.com/rsyslog/rsyslog/issues/1899
- omrelp bugfix: incorrect error handling
  if librelp with TLS but without Authentication was included, librelp
  did not emit the correct error message due to invalid error code
  check. It also did not err-out but instead suspended itself.
  Detected by Coverity scan, CID 185362
- [io]mrelp bugfix: segfault on startup if configured cert not readable
  When the certificate file specified in the omrelp/imrelp configuration
  can't be accessed, e.g. because it doesn't exist or you don't have
  permission to do so, a Segmentation Fault will appear when you start
  Rsyslog. This commit fixes that problem.
  closes https://github.com/rsyslog/rsyslog/issues/1869
- mmanon fix: make build under gcc 7
  Thanks to William Dauchy for the patch
- mmpstrucdata bugfix: formatting error of ']' char
  This was invalidly formatted as '"'. Thanks to github user
  wu3396 for the error report including the patch idea.
  closes https://github.com/rsyslog/rsyslog/issues/1826
- mmexternalb bugfix: memory leak
- core/stats bugfix: memory leak if sender stats or tracking are enabled
- core bugfix: potential segfault during startup
  A NULL pointer could be accessed if there was a problem with the
  timezone parameters.  Affects only startup, once started, no problem
  existed.
  Detected by Coverty scan; CID 185414
- core bugfix: potential race in variable handling
  Root of variable tree is accessed prior to locking access to it.
  This introduces a race that may result in various kinds of
  misadressing.
  Found while reviewing code, no bug report exists.
- core bugfix: potential segfault when shutting down rsyslog
  when rulesets are nested a segfault can occur when shutting down
  rsyslog. the reason is that rule sets are destructed in load order,
  which means a "later" ruleset may still be active when an "earlier"
  one was already destructed. In these cases, a "call" can invalidly
  call into the earlier ruleset, which is destructed and so leads to
  invalid memory access. If a segfault actually happens depends on the
  OS, but it is highly probable.
  The cure is to split the queue shutdown sequence. In a first step,
  all worker threads are terminated and the queue set to enqOnly.
  While some are terminated, it is still possible that the others
  enqueue messages into the queue (which are then just placed into the
  queue, not processed). After this happens, a call can no longer
  be issued (as there are no more workers). So then we can destruct
  the rulesets in any order.
  closes https://github.com/rsyslog/rsyslog/issues/1122
- core/action bugfix: potential misadressing when processing hard errors
  For batches that did fail in an output module, the rsyslog core
  tries to find offending messages that generate hard (non-recoverable)
  errors. During this process, the action templates for each message
  are copied into a temporary buffer. That copy was invalidly sized,
  actually copying only the first template string. As such, outputs
  that requested more template strings AND had erros in batch submission
  received uninitialized pointers. This could lead to all sorts of
  problems.
  see also https://github.com/rsyslog/rsyslog/issues/1885
  closes https://github.com/rsyslog/rsyslog/issues/1906
- template object bugfix: NULL pointer access on invalid parameters
  could happen only during startup
  Detected by Coverity scan, CID 185376
- omjournal bugfix: NULL pointer access on invalid parameters
  could happen only during startup
- omelasticsearch bugfix: configured credentials not used during health check
  Authentication credentials were not applied during health check,
  permission to use unsigned CERTS was not applied to regular data post.
  closes https://github.com/rsyslog/rsyslog/issues/1949
- omelasticsearch bugfix: abort on unavailable ES server
  Depending on the state of unavailability (libcurl return code),
  omelasticsearch tries to process a NULL return message, what
  leads to a segfault.
  This fixes the problem and introduces better error handling and
  better error messages.
  see also https://github.com/rsyslog/rsyslog/issues/1885
- omelasticsearch: fix memory leak and potential misadressing
  Commit 96b5fce introduced regressions, leading to potential misadressing
  and a very probable memory leak. This commit fixes the issues and
  hardens the module to better detect some error cases in the
  future.
  It also adds valgrind-based testbench tests which ensure that no
  pointer errors exist. If they had been in place, the regressions
  would never have been undetected.
  Note that commit 96b5fce was introduced in 8.23.0 on Nov, 15th 2016.
  Many thanks to Yaroslav Bo for alerting me on the root problem and
  providing a very good analysis and guidance.
  see also https://github.com/rsyslog/rsyslog/issues/1906
  see also https://github.com/rsyslog/rsyslog/issues/1964
  closes https://github.com/rsyslog/rsyslog/issues/1962
- omelasticsearch bugfix: output from libcurl to stdout
  omelasticsearch made libcurl output messages to stdout. This
  commit fixes that. It also automatically enables libcurl verbose
  mode during debug runs - it needs to be seen if this is smart or
  not (previously, code needed to be commented in).
  closes https://github.com/rsyslog/rsyslog/issues/1909
- iczmq bugfix: potential memory leak
- imptcp bugfix: potential misadressing
  When during a connection request the remote peer could not be
  identified, imptcp could misadress memory if it is configured
  to emit messages on connection open.
  Detected by clang 5.0 static analyzer.
- imptcp: potential buffer overflow
  if the local hostname or IP is larger than NI_MAXHOST-1, an internal
  buffer is overflowed. This is irrespective of any input data.
  Detected by Coverity scan, CID 185390
- core/nsd_gtls: fix potential unitialized data access
  could occur during certificate check
  found by clang 5.0 static analyzer
- stats bugfix: potential program hang
  due to missing unlock. This could only occur if pstats was set to
  CEE-format logging (very uncommon) AND if the system runs out of
  memory (in which case other things go pretty bad as well).
  found by Coverty scan
- omfwd bugfix: memory leak if network namespaces are used
  very seldom used feature, occurs only during error case
  found by Coverty scan.
- core: potential misadressing when accessing JSON properties
  When a JSON property is accessed in template processing, memory may
  have been misadressed or a double-free may occur while obtaining the
  propety.
  This was detected by a Coverty scan.
- gcry crypto provider bugfixes: potential misadressing and memory leak
  If the config parameters were invalid, a misadressing could occur. If so,
  this happens only during startup.
  Also, a memory leak existed when the crypto provider errored out. This could
  build up if it were used in frequently-changing dynafiles. This was
  detected by Coverity scan, CID 185360.
- core/file stream object bugfix: memory leak
  If a multiline read errored out, a line buffer could be leaked.
  Detected by Coverity scan, CID 185328
- imdiag bugfix: double mutex unlock when working with stats
  Note: while this could potentially lead to a program hang, it affected
  only testbench execution as imdiag is a testbench-only tool.
  Detected by Coverity scan, CID 185348 and 185350
- fixed several minor and cosmetic issues found by Coverty scan
  includding false positives. For details see "$ git log". All noteworthy
  issues are seperately mentioned in this ChangeLog. The ones not mentioned
  are for example problems that can only occur during out of memory
  conditions, under which it is extremely likely tha the rsyslog process
  will be killed in any case
- testbench:
  * added compile-check for [io]mgssapi, mmcount
  * harden tests against hanging previous instances
  * re-enable RELP tests on Solaris
  * added basic test for imjournal
  * added threading tests via valgrind's helgrind tool
  * added valgrind test for kafka modules
  * added capability to run elasticsearch tests with
    a) different ElasticSearch versions
    b) independently from OS-installed version
    This also sets base to enable more elaboreate ES tests
  * further relaxed timing of dynstats tests, as they tend to create
    false positives on slow machines
- CI: improved test coverage on FreeBSD
- Travis: clang static analyzer 5.0 now run over all source files
- build: make compile warning-free under gcc 7
------------------------------------------------------------------------------
Version 8.30.0 [v8-stable] 2017-10-17
- NEW BUILD REQUIREMENTS
  * libfastjson 0.99.7 is now mandatory
    the new version is required to support case-insensitive variable
    comparisons, which are now the default
  * when building imjournal, libsystemd-journal >= 234 is now recommended
    This is to support the imjournal enhancement. Note that it is possible
    to build with lower version, but this will degrade imjournal functionality.
- CHANGE OF BEHAVIOUR: all variables are now case-insensitive by default
  Formerly, JSON based variables ($!, $., $/) were case-sensitive.
  Turn old default back on: global(variables.casesensitve="on")
  See ChangeLog entry below for more details.
- core: handle (JSON) variables in case-insensitive way
  The variable system inside rsyslog is JSON based (for easy consumption
  of JSON input, the prime source of structured data). In JSON, keys
  ("variable names") are case-sensitive. This causes constant problems
  inside rsyslog configurations. A major nit is that case-insensitivity
  option inside templates (even if turned on) does not work with JSON
  keys because they of inner workings*1.
  It is much more natural to treat keys in a case-INsensitive way (e.g.
  "$!Key" and "$!key" are the same). We do not expect any real problems
  out of this, as key names only differing in case is highly unlikely.
  However, as it is possible we provide a way to enable case-sensitivity
  via the global(variables.casesensitve="on") global config object.
  Note that the default is to do case-insensitive matches. The reason
  is that this is the right thing to do in almost all cases, and we do
  not envision any problems at all in existing deployments.
  *1 Note: case-insensitivity in rsyslog is achieved by converting all
  names to lower case. So that the higher speed of strcmp() can be used.
  The template option does actually that, convert the template keys to
  lower case. Unfortunately, this does not work with JSON, as JSON keys
  are NOT converted to lower case.
  closes https://github.com/rsyslog/rsyslog/issues/1805
- imjournal: made switching to persistent journal in runtime possible
  with this patch imjournal can continue logging after switch to
  persistent journal without need to restart rsyslog service
  Thanks to github user jvymazal for the patch
- mmanon: complete refactor and enhancements
  - add pseudonymization mode
  - add address randomization mode
  - add support for IPv6 (this also supports various replacement modes)
    closes https://github.com/rsyslog/rsyslog/issues/1614
  also fixes bugs
  - in IPv4 address recognition
    closes https://github.com/rsyslog/rsyslog/issues/1720
  - in IPv4 simple mode to-be-anonymized bits can get wrong
    closes https://github.com/rsyslog/rsyslog/issues/1717
- imfile: add "fileoffset" metadata
  This permits to send the offset from which the message was read together
  with the message text.
  Thanks to github user derekjsonar for the initial implementation which
  we extended to use the message start offset.
- RainerScript: add ltrim and rtrim functions
  closes https://github.com/rsyslog/rsyslog/issues/1711
- core: report module name when suspending action
  Thanks to Orion Poplawski for the patch.
- core: add ability to limit number of error messages going to stderr
  This permits to put a hard limit on the number of messages that can
  go to stderr. If for nothing else, this capability is helpful for the
  testbench. It permits to reduce spamming the test log while still
  providing the ability to see initial error messages. Might also be
  useful for some practical deployments.
  global parameter: global(errorMessagesToStderr.maxNumber)
- tcpsrv subsystem: improvate clarity of some error messages
  operating system error message are added to some messages, providing
  better advise of what actually is the error cause
- imptcp: include module name in error msg
- imtcp: include module name in error msg
- tls improvement: better error message if certificate file cannot be read
- omfwd: slightly improved error messages during config parsing
  They now contain config file/line number information where this was missing.
- ommysql improvements
  * Return specifc code for unrecoverable errors. This makes retry processing
    more performant and robust.
  * error messages improved
  * Update to utilize native v8 transactional interface. Previously, it used
    the v7 interface with v8 emulation.
  * treat server and client-generated messages differently
    Server-generated error messages are considered non-recoverable, while
    client generated once point into connection problems (which simply can
    be retried). This is part of the improvements towards better
    message-induced errors. Previous commits did only handle SQL parsing
    errors, now we aim to address all of the message-induced error. We assume
    that all server-generated errors are such - mysql API unfortunately does
    not provide a clear indication of what type if error this is and it is
    out of question to check for hundereds of error codes.
    closes https://github.com/rsyslog/rsyslog/issues/1830
- ommysql bugfix: do not duplicate entries on failed transaction
  If a multi-message batch contains data errors, messages may be
  duplicated as connection close is implicit commit (not rollback).
  This patch introduces a specific rollback request in those cases.
  closes https://github.com/rsyslog/rsyslog/issues/1829
- imtcp bugfix: parameter priorityString was ignored
  defaults were always used
- template/bugfix: invalid template option conflict detection
  This prevented "option.casesenstive" to be used with the SQL and JSON
  options.
- core/actions: fix handling of data-induced errors
  Rsyslog core should try to detect data-induced (unrecoverable) errors
  during action processing. An example of such is invalid SQL statements.
  If the action returns a data error, rsyslog shall retry individual
  messages from a batch in an effort to log those without errors. The others
  shall be dropped.
  This logic was temporarily disabled after the switch to the new v8
  transaction interface. Now this bug is fixed and the testbench has been
  ammended to detect problems in the future.
  closes https://github.com/rsyslog/rsyslog/issues/974
- core/action bugfix: no "action suspended" message during retry processing
  The action engine does not emit "action suspended" messages but "resumed"
  ones in retry processing. This is wrong, as they are a strong indication
  that something does not work correctly. Nevertheless, "resumed" messages
  were emitted, which was very puzzling for the user.
  This patch fixes it so that "suspend" messages are given during retry
  processing. These do not contain a retry timestamp, providing evidence
  that a retry is currently being tried.
  coses https://github.com/rsyslog/rsyslog/issues/1069
- core/ratelimit bugfix: race can lead to segfault
  There was a race in iminternalAddMsg(), where the mutex is
  released and after that the passed message object is accessed.
  If the mainloop iterates in between, the msg may have already
  been deleted by this time, resulting in a segfault.
  Most importantly, there is no need to release the mutex lock
  early, as suggested by current code. Inside mainloop the mutex
  is acquired when it is time to do so, so at worst we'll have a
  very slight wait there (which really does not matter at all).
  This only happens if a large number of internal messages are emitted.
  closes https://github.com/rsyslog/rsyslog/issues/1828
- core bugfix: rsyslog aborts if errmsg is generated in early startup
  Note that the segfault can occur only during early startup. Once
  rsyslog has started, everything works reliably. This condition can
  especially be triggerred by specifying invalid TLS default certificates.
  closes https://github.com/rsyslog/rsyslog/issues/1783
  closes https://github.com/rsyslog/rsyslog/issues/1786
- core bugfix: informational messages was logged with error severity
  When the main loop reaped a child process (a normal action), this was
  reported as an error. This caused user confusion. Now it is reported as
  an informational message.
- core bugfix: --enable-debugless build was broken
  This was a regression from the v8.29.0 debug enhancements
  Thanks to Stephen Workman for the patch.
- queue bugfix: file write error message was incorrect
  when a queue was restarted from disk file, it almost always
  emitted a message claiming
  "file opened for non-append write, but already contains xxx bytes"
  This message was wrong and did not indicate a real error condition.
  The predicate check was incorrect.
  closes https://github.com/rsyslog/rsyslog/issues/170 (kind of)
- omrelp bugfix:  segfault when rebindinterval parameter is used
- imudp bugfix: UDP oversize message not properly handled
  When a message larger than supported by the UDP stack is to be sent,
  EMSGSIZE is returned, but not specifically handled. That in turn
  will lead to action suspension. However, this does not make sense
  because messages over the UDP max message size simply cannot be sent.
  closes https://github.com/rsyslog/rsyslog/issues/1654
- core bugfix: memory corruption during configuration parsing
  when omfwd is used with the $streamdriverpermittedpeers legacy
  parameter, a memory corruption can occur. This depends on the
  length of the provided strings and probably the malloc subsystem.
  Once config parsing succeeds, no problem can happen.
  Thanks to Brent Douglas for initially reporting this issue and
  providing great analysis.
  Thanks to github user bwdoll for analyzing this bug and providing
  a suggested fix (which is almost what this commit includes).
  closes https://github.com/rsyslog/rsyslog/issues/1408
  closes https://github.com/rsyslog/rsyslog/issues/1474
- core bugfix: race on worker thread termination during shutdown
  The testbench got some occasionally failing tests. Review of
  them brought up the idea that there is a race during worker
  threat termination. Further investigation showed that this
  might be a long-standing issue, but so far did not really
  surface as the timing was almost always correct. However,
  with the new functionality to emit a message on worker
  shutdown (v8.29), the timing got more complex and now this
  seemed to occasionally surface.
  closes https://github.com/rsyslog/rsyslog/issues/1754
- omelasticsearch: avoid ES5 warnings while sending json in bulkmode
  do this by adding proper content type header to ES request
  Thanks to William Dauchy for the patch
- omelasticsearch bugfix: incompatibility with newer ElasticSearch version
  ElasticSearch changed its API in newer versions. When "bulkmode" is enabled
  in omelasticsearch, rsyslog seems to consider all responses from Elasticsearch
  as errors, even the successful ones. As a consequence, every single request
  ends up being logged into the error file.
  closes https://github.com/rsyslog/rsyslog/issues/1731
  Thanks to Vincent Quéméner for the patch.
- imptcp bugfix: invalid mutex addressing on some platforms
  code did not compile on platforms without atomic instructions
  Thanks to github user petiepooo for the patch
- imptcp bugfix: do not accept missing port in legacy listener definition
  If legacy listener definition was used, a missing port was accepted during
  the config read phase but errored out upon listener activation. This now
  errors out directly when processing the config directive.
------------------------------------------------------------------------------
Version 8.29.0 [v8-stable] 2017-08-08
- imptcp: add experimental parameter "multiline"
  This enables a heuristic to support multiline messages on raw tcp syslog
  connections.
- imptcp: framing-related error messages now also indicate remote peer
  This is the case e.g. for oversize messages.
- imtcp: framing-related error messages now also indicate remote peer
  This is the case e.g. for oversize messages.
- imptcp: add session statistics conunter
    - session.opened
    - session.openfailed
    - session.closed
- imtcp: add ability to specify GnuTLS priority string
  This permits to set cipher details on a very low level.
- impstats: add new ressoure counter "openfiles"
- pmnormalize: new parser module
  Parser module that uses liblognorm to parse incoming messages.
- core/queue: provide informational messages on thread startup and shutdown
  This provides better insight into operational state of rsyslog and is useful
  in monitoring system health. Note that this causes the emission of messages
  not previously seen. They are of syslog.informational priority.
- omfwd/udp: improve error reporting, depricate maxerrormessages parameter
  Generally improved udp-related error messages (e.g. they now contain the
  socket number, which makes it easier to related them to errors reported by
  net.c subsystem).
  We also depricated (removed) the "maxerrormessages" configuration parameters.
  It provided some very rough rate-limiting capabilities and was introduced
  before we had native rate-limiters. The default was that only the first 5
  error messages were actually reported. For long-running instances, that
  meant that in many cases no errors were ever reported. We now use the default
  internal message rate limter, which works far better and ensures that also
  long-running instances will be able to emit error messages after prolonged
  runtime. In contrast, this also means that users will see more error
  messages from rsyslog, but that should actually improve the end user
  experience.
- core: add parameters debug.file and debug.whitelist
  allows to generate debug log output only of specific files
  Background information available at:
  https://www.linkedin.com/pulse/improving-rsyslog-debug-output-jan-gerhards
- core/net.c: improve UDP socket creation error messages
- omfwd/udp: add "udp.sendbuf" parameter
- core: make rsyslog internal message rate-limiter configurable
  New parameters "internalmsg.ratelimit.interval" and "internalmsg.ratelimit.burst"
  have been added.
- omelasticsearch bugfixes and changed ES5 API support:
  * avoid 404 during health check
    Omleasticsearch responds differently to HTTP HEAD and GET requests and
    returns correct state only on GET requests. This patch works around
    that ES bug and always does a GET request even when technically a HEAD
    request would be sufficient.
  * avoid ES5 warnings while sending json
    ES5 is generating warnings when sending json without the proper header:
    $ curl -i -H "Content-Type: text/json" -XGET 'http://elasticsearch5:9200/' \
      -d '{}\n'
    HTTP/1.1 200 OK
    Warning: 299 Elasticsearch-5.4.3-eed30a8 "Content type detection for rest
    requests is deprecated. Specify the content type using the [Content-Type]
    header." "Wed, 26 Jul 2017 14:33:28 GMT"
    no issue on previous version.
    Now, the header is set as application/json. It works for all versions
    (tested on ES2 and ES5) we also handle the bulkmode where it should be
    set to application/x-ndjson
    closes https://github.com/rsyslog/rsyslog/issues/1546
  * bugfix for memomry leak while writing error file
  Thanks to William Dauchy for providing the patches
- imfile bugfix: wildcard detection issue on path wildcards
  Wildcards mode was not properly detected when wildcards
  were only used in a directory name on startup.
  This caused imfile not to create a propper dynamic filewatch.
  closes: https://github.com/rsyslog/rsyslog/issues/1672
- omfwd bugfix: always give reason for suspension
  In many cases, no error message were emitted when omfwd
  went into action suspension, which was confusing for end
  users. This patch enables explicit error messages in all
  those cases.
  closes https://github.com/rsyslog/rsyslog/issues/782
- omfwd bugfix: configured compression level was not properly used
  Thanks to Harshvardhan Shrivastava for the patch.
- imptcp bugfix: potential socket leak on session shutdown
  imptcp first tries to remove a to-be-shut-down socket from the
  epoll set, and errors out if that does not work. In that case, the
  underlying socket will be leaked.
  This patch refactors the code; most importantly, it is not necessary
  to remove the socket from the epoll set, as this happens automatically
  on close. As such, we simply remove that part of the code, which
  also removes the root cause of the socket leak.
- omfwd/omudpspoof bugfix: switch udp client sockets to nonblocking mode
  On very busy systems, we see "udp send error 11" inside the logs, and the requesting
  action is being suspended (and later resumed). During the suspension period (in
  default configuration), messages are lost. Error 11 translates to EAGAIN and the
  cause of this problem is that the system is running out of UDP buffer space. This
  can happen on very busy systems (with busy networks).
  It is not an error per se. Doing a short wait will resolve the issue. The real root
  cause of the issue is that omfwd uses a nonblocking socket for sending. If it were
  blocking, the OS would block until the situation is resolved. The need for a
  non-blocking sockets is a purely historical one. In the days of single-threaded
  processing (pre v3), everything needed to be done by multiplexing, and blocking was
  not permitted. Since then, the engine has dramatically changed. Actions now run on
  their own thread(s). As such, there is no longer a hard need to use non-blocking i/o
  for sending data. Many other output plugins also do blocking wait (e.g. omelasticsearch).
  As such, the real root cause of the trouble is unnecessarily using non-blocking mode,
  and consequently the right solution is to change that.
  Note that using blocking i/o might change some timeing inside rsyslog, especially
  during shutdown. So theoretical there is regression potential in that area. However,
  the core is designed to handle that situation (e.g. there is special shutdown code to
  handle the blocking case), so this does not stand against the "proper" solution.
  This patch applies the change on the rsyslog core level, within net.c. The only
  users of the changed functionality are omfwd and omudpspoof. Imudp is unaffected as
  it requests server sockets.
  Note that according to the sendto() man page, there is a second cause for the EAGAIN
  error, this is when the system temporarily runs out of emphermeral ports. It is not
  100% clear if this can also happen in the blocking case. However, if so, we can argue
  this is a case where we really want the default retry logic. So for the time being,
  it is appropriate to not handle EAGAIN in a special case any longer.
  closes https://github.com/rsyslog/rsyslog/issues/1665
- imklog: fix permitnonkernelfacility not working
- impstats bugfix: impstats does not handle HUP
  If the parameter "log.file" is specified, impstats writes its own
  log file. However, HUP is not handled for this file, which makes
  the functionality unusable with log rotation. It is also counter-
  intuitive for users.
  This patch enables correct HUP processing. As a sideline, it also
  introduces a generic HUP processing framework for non-action type
  of loadable modules.
  closes https://github.com/rsyslog/rsyslog/issues/1662
  closes https://github.com/rsyslog/rsyslog/issues/1663
- core bugfix: segfault after configuration errors
- core/queue bugfixes:
  * Fix behaviour of PersistStateInterval
    If PersistStateInterval=1, then each log line read should cause the state file
    to be updated, but this was not happening because nRecords was being post-increment.
    Thanks to Anthony Howe for the patch.
  * potential problem during deserialization
    if queue object deserialization fails, invalid memory blocks might be
    free'ed.
    For more information see https://github.com/rsyslog/rsyslog/pull/1647
    Thanks to Derek Smith for the patch.
- core bugfix: messsage garbled after message modification
  The MsgDup() function will return a garbled message object under these
  conditions: The message was originally created with message length equal or
  larger to CONF_RAWMSG_BUFSIZE. This makes rsyslog store the message in
  dynamically allocated buffer space. Then, a component reduces the message
  size to a size lower than CONGF_RAWMSG_BUFSIZE. A frequent sample is the
  parser removing a known-bad LF at the end of the messages. Then, MsgDup is
  executed. It checks the message size and finds that it is below
  CONF_RAWMSG_BUFSIZE, which make it copy the msg object internal buffer
  instead of the dynamically allocated one. That buffer was not written to in
  the first place, so unitialized data is copied. Note that no segfault can
  happen, as the copied location was properly allocated, just not used in
  this processing flow. In the end result, the new message object contains
  garbage data. Whenever the new object is used (e.g. in a async ruleset or
  action) that garbage will be used. Whenever the old object is accessed,
  correct data will be used. Both types of access can happen inside the
  same processing flow, which makes the problem appear to be random.
  closes https://github.com/rsyslog/rsyslog/issues/1658
- lmsig_ksi: removed pre-KSI_LS12 components
  As of GuardTime, the provider, these no longer work due to backend
  changes. The lmsig_ksi_ls12 module shall be used instead. This is
  available since 8.27.0.
- testbench bugfix: hang in tests if omstdout is not present
  Many tests depend on omstdout. Given the fact that omstdout
  is really only useful for the testbench (at least that's the intent),
  we now require --enable-omstdout if --enable-testbench is given.
  The alternative would have been to disable all those tests that
  need it, which would have lead to considerable less testbench
  coverage.
  closes https://github.com/rsyslog/rsyslog/issues/1649
------------------------------------------------------------------------------
Version 8.28.0 [v8-stable] 2017-06-27
- NEW BUILD REQUIREMENT: librelp 1.2.14 (to build relp components)
  This was necessary because imrelp requires an API introduced in 1.2.14.
- omfwd: add parameter "tcp_frameDelimiter"
- omkafka: large refactor of kafka subsystem
  This offers improvements and greatly increases reliablity.
  Closes https://github.com/rsyslog/rsyslog/issues/1559
  Closes https://github.com/rsyslog/rsyslog/issues/1584
  Closes https://github.com/rsyslog/rsyslog/issues/1515
  Closes https://github.com/rsyslog/rsyslog/issues/1052
  May fix https://github.com/rsyslog/rsyslog/issues/1230
- imfile: improved handling of atomically renamed file (w/ wildcards)
  if a file is atomically renamed, the state file is also being renamed,
  so processing continues as if the original name were kept.
  see also: https://github.com/rsyslog/rsyslog/issues/1417
- imfile: add capability to truncate oversize messages or split into multiple
  also in this case an error message is emitted. Both of these actions are
  configurable. This also solves memory issues when an endregex does not
  match for prolonged time. In that case, large parts of the file were
  previously buffered, which could cause big problems in case e.g. the
  endregex was simply wrong and never matched. For the later, see also
  https://github.com/rsyslog/rsyslog/issues/1552
- mmdblookup
  * upgraded from "contrib" to "fully supported" state
  * refactored and simplified code
  * added ability to specify custom names for extracted fields
  * added ability to spehttp://www.landesrecht-bw.de/jportal/portal/t/6el/page/bsbawueprod.psml/action/portlets.jw.MainAction?p1=0&eventSubmit_doNavigate=searchInSubtreeTOC&showdoccase=1&doc.hl=0&doc.id=jlr-UmwVwGBWrahmen&doc.part=R&toc.poskey=#focuspointcify container name for extracted fields
  * bugfix: fixed multiple memory leaks
- imptcp: add new parameter "flowControl"
- imrelp: add "maxDataSize" config parameter
  Thanks to Nathan Brown for the patch.
- multiple modules: gtls: improve error if certificate file can't be opened
- omsnare: allow different tab escapes
  Thanks to Shane P. Lawrence for the patch.
- omelasticsearch: converted to use libfastjson instead of json-c
  json-c was used for historical purposes, and it's source included
  within the rsyslog source tree. We now use libfastjson inside all
  components.
- imjournal: _PID fallback
  * added fallback for _PID proprety when SYSLOG_PID is not available
  * introduced new option "usepid" which sets which property should
    rsyslog use, it has 3 states system|syslog|both, default is both
  * deprecated "usepidfromsystem" option, still can be used
    and override the "usepid"
  * it is possible to revert previous default with usepid="syslog"
  Thanks to Radovan Sroka for the patch
- multiple modules: add better error messages when regcomp is failing
- omhiredis: fix build warnings
  Thanks to Brian Knox for the fix.
- imfile bugfix: files mv-ed in into directory were not handled
  Thanks to Zachary M. Zhao for the patch.
  see also https://github.com/rsyslog/rsyslog/issues/1588
- omprog bugfix: execve() incorrectly called
  this caused failures on some but not all platforms
  Thanks to 張君天(Chun-Tien Chang) and Matthew Seaman for the patch.
- imfile bugfix: multiline timeout did not work if state file exists
  The timeout feature for multiline reads does not correctly work for
  files for which a state file existed. This is usually the case for files
  that had been processed by a previous run and that still exist on the
  new start. For all other files, especially those monitored by a
  wildcard and newly created after the rsyslog start, timeout worked as
  expected.
  closes https://github.com/rsyslog/rsyslog/issues/1445
- lmsig_ksi-ls12 bugfix: build problems on some platforms
- core bugfix: invalid object type assertion
  This lead to aborts due to failing assertion. Note that this could only
  happen during debugging runs which includes runtime instrumentation,
  something that never should be done in a stable production build.
  So this did not affect ordinary users, only developers in with
  deep debugging settings.
- regression fix: local hostname was not always detected properly...
  ... on early start (w/o network). Introduced in 8.27.0.
  Thanks to github user jvymazal for the patch and whissi for
  reporting and helping with the analysis.
- bugfix: format security issues in zmq3 modules
  see also: https://github.com/rsyslog/rsyslog/pull/1565
  Thanks to Thomas D. (whissi) for the patch.
- bugfix build system: add libksi only to those binaries that need it
  Thanks to Allan Park for the patch.
- bugfix KSI ls12 components: invalid tree height calculation
  Thanks to Allan Park for the patch.
- testbench/CI enhancements
  * re-enable and add kafka tests
    Kafka tests were disabled in 8.27.0 (a regression from imkafka).
  * better testbench coverage for mmdblookup
  * lmsig_ksi-ls12 is now being built at least on Centos7
------------------------------------------------------------------------------
Version 8.27.0 [v8-stable] 2017-05-16
- imkafka: add module
- imptcp enhancements:
  * optionally emit an error message if incoming messages are truncated
  * optionally emit connection tracking message (on connection create and
    close)
  * add "maxFrameSize" parameter to specify the maximum size permitted
    in octet-counted mode
  * add parameter "discardTruncatedMsg" to permit truncation of
    oversize messages
  * improve octect-counted mode detection: if the octet count is larger
    then the set frame size (or overly large in general), it is now
    assumed that octet-stuffing mode is used. This probably solves a
    number of issues seen in real deployments.
- imtcp enhancements:
  * add parameter "discardTruncatedMsg" to permit truncation of
    oversize messages
  * add "maxFrameSize" parameter to specify the maximum size permitted
    in octet-counted mode
- imfile bugfix: "file not found error" repeatedly being reported
  for configured non-existing file. In polling mode, this message
  appeared once in each polling cycle, causing a potentially very large
  amout of error messages. Note that they were usually emitted too
  infrequently to trigger the error message rate limiter, albeit often
  enough to be a major annoance.
- imfile: in inotify mode, add error message if configured file cannot
  be found
- imfile: add parameter "fileNotFoundError" to optinally disable
  "file not found" error messages
- core: replaced gethostbyname() with getaddrinfo() call
  Gethostbyname() is generally considered obsolete, is not reentrant and
  cannot really work with IPv6. Changed the only place in rsyslog where
  this call remained.
  Thanks to github user jvymazal for the patch
- omkafka: add "origin" field to stats output
  See also https://github.com/rsyslog/rsyslog/issues/1508
  Thanks to Yury Bushmelev for providing the patch.
- imuxsock: rate-limiting also uses process name
  both for the actual limit procesing as well as warning messages emitted
  see also https://github.com/rsyslog/rsyslog/pull/1520
  Thanks to github user jvymazal for the patch
- Added new module: KSI log signing ver. 1.2 (lmsig_ksi_ls12)
- rsylsog base functionality now builds on osx (Mac)
  Thanks to github user hdatma for his help in getting this done.
- build now works on solaris again
- imfile: fix cross-platform build issue
  see also https://github.com/rsyslog/rsyslog/issues/1494
  Thanks to Felix Janda for bug report and solution suggestion.
- bugfix core: segfault when no parser could parse message
  This could happen if the default parser chain was changed and the
  RFC3164 parser was not included. Never seen in practice, just by
  experimenting in lab.
- bugfix core: rate-limit internal messages when going to external log system
  Rate-limiting was only applied to messages processed internally.
  While the external logging system probably also applies rate-limiting,
  it would be preferrable that rsyslog applies the same policies on
  internal messages, no matter where they go. This is now the case.
- bugfix core: when obtaining local hostname, a NULL pointer could be
  accessed. This depends on many factors, among them that no local host
  name is configured in rsyslog.conf AND the local system configuration
  also is set to an empty hostname.
  Thanks to github user jvymazal for the patch.
- bugfix core: on shutdown, stderr was written to, even if already closed
  This lead to messages going to whatever was associated with file
  descriptor two.
  Thanks to Allan Park for the patch.
- bugfix core: perform MainqObj destruction only when not NULL already
  This affects the config object; in theory may lead to misadressing during
  config parsing.
  Thanks to github user jvymazal for the patch
- bugfix core: memory leak when internal messages not processed internally
  In this case, the message object is not destructed, resulting in
  a memory leak. Usually, this is no problem due to the low number
  of internal message, but it can become an issue if a large number
  of messages is emitted.
  closes https://github.com/rsyslog/rsyslog/issues/1548
  closes https://github.com/rsyslog/rsyslog/issues/1531
- bugfix imptcp: potential overflow in octet count computation
  when a very large octet count was specified, the counter could overflow
------------------------------------------------------------------------------
Version 8.26.0 [v8-stable] 2017-04-04
- NEW BUILD REQUIREMENT: liblognorm 2.0.3 is required for mmnormalize
  If mmnormalize is not built, the build requirements are unchanged.
  The new version is necessary because it contains an enhanced API for a
  new mmnormalize feature.
- enable internal error messages at all times
  This is an important change to the design of the rsyslog core internal
  error message system. Previous code could deadlock if internal messages were
  issued inside queue processing code, which effectively limited error-reporting
  capabilities. This change makes it possible to call error messages from any
  part of the code at any time.
  As a side-effect, this also fixes an issue where rsyslog could deadlock if
  imuxsock submited messages to the system log socket when that socket blocked.
  This was a rare race, albeit consistently reproducible and also seen in
  practice. The work-around for this issue was to set
     global(processInternalMessages="on")
  in rsyslog.conf. With the new code, this race can never happen again. The new
  code also sets stage for emitting better error messages, especially in places
  where we previously refrained from doing so and messages went only to the
  debug log. For some file output and queue subsytem related messages, this
  is already done, but there is still further work required.
  Note well: this is a redesign of an important core component. While intensely
  tested, this may still have some larger regeression potential than usual code
  changes.
- core: added logging name of source of rate-limited messages
  This adds the name to the rate-limiting message itself, making it easier
  to identify the actual source of "spam" messages.
  Thanks to github user jvymazal for the patch.
- omfwd: omfwd: add support for network namespaces
  Thanks to Bastian Stender for the patch.
- imrelp: honor input name if provided when submitting to impstats
  Thanks to Jon Henry for the patch.
- imptcp: add ability to set owner/group/access perms for uds
  Thanks to Nathan Brown for implementing this feature.
- mmnormalize: add ability to load a rulebase from action() parameter
  This is especially useful for small rulebases, as it avoids having
  a separate rulebase file.
  closes https://github.com/rsyslog/rsyslog/issues/625
- pmrfc3164 improvements
  - permit to ignore leading space in MSG
  - permit to use at-sign in host names
  - permit to require tag to end in colon
  Thanks to github user bdolez for the contribution
- add new global parameter "umask"
  This is equivalent to "$umask" and permits to convert that construct
  to new-style config format.
  closes https://github.com/rsyslog/rsyslog/issues/1382
- core: make use of -T command line option more secure
  When the -T option is used, a chdir is now done right after chroot. It must
  be noted, though, that -T is a testing option and has no intent to provide
  real security. So this change does not mean it actually is sufficiently
  secure.
  Thanks to github user jvymazal for the patch.
- omfile: add error if both file and dynafile are set
- bugfix: build problem on MacOS (not a supported platform)
  Thanks to FX Coudert for the fix.
- regression fix: in 8.25, str2num() returned error on empty string
  past behaviour was to return 0 in this case; past behavior was reinstanciated
  Thanks to github user jvymazal for the patch.
- bugfix omsnmp: improper handling of new-style configuration parameters
  Thanks to Radovan Sroka for the patch.
- bugfix: rsyslog identifies itself as "liblogging-stdlog" in internal messages
  This occured when liblogging-stdlog was used, and was used by default (without
  explicit configuration). This is a regression of the new default, which does
  not correctly call stdlog_open() in the default case.
  closes https://github.com/rsyslog/rsyslog/issues/1442
- bugfix imfile: wrong files were monitored when using multiple imfile inputs
  The bug was introduced by the changes for the multilevel wildcard feature
  in 8.25.0. We have to handle FileCreate events different if the directory
  watch is configured or added dynamically.
  closes https://github.com/rsyslog/rsyslog/issues/1452
- bugfix: setting net.aclResolveHostname/net.acladdhostnameonfail segfaults
  When compiling using hardned gcc (gentoo), specifying net.aclResolveHostname
  or net.acladdhostnameonfail results in rsyslogd segfaulting on startup.
  Thanks to Radovan Sroka for the patch.
- bugfix: immark emitted error messages with text "imuxsock"
  Thanks to Chris Pilkington for the patch.
- bugfix tcpflood: build failed if RELP was disabled
- fix gcc6 compiler warnings
  This also fixes a small bug with incorrectly working deprecated -u
  command line option.
  Thanks to Nikola Pajkovsky for the patch.
- the output module array passing interface has been removed
  It wasn't functional since the v8 update, and the only user was omoracle,
  which is a contributed module that is no longer maintained. So we
  removed that interface to streamline the code. Should it ever be needed
  again, we could check the 8.25 code base. Note, though, that that code
  still needs to be adjusted to the v8 engine.
- testbench:
  * tcpflood now automatically enters silent mode during Travis CI testing
    This reduces testbench output, which is limited under Travis.
  * the libqpid-proton package is no longer available for Ubuntu trusty. As
    such, we disabled its use in Travis on this platform. Right now, this
    means omaqp1 module is no longer tested on trusty.
------------------------------------------------------------------------------
Version 8.25.0 [v8-stable] 2017-02-21
- imfile: add support for wildcards in directory names
  This now permits to monitor newly created directories without altering
  the configuration.
- add new global option "parser.PermitSlashInProgramname"
- mmdblookup: fix build issues, code cleanup
  Thanks to Dan Molik for the patch.
- improved debug output for queue corruption cases
- an error message is now displayed when a directory owner cannot be set
  This mostly happens with omfile and dynafils. The new messages
  facilitates troubleshooting.
- rainerscript:
  * add new function ipv42num
  * add new function num2ipv4
- bugfix: ratelimiter does not work correctly is time is set back
  Thanks to github user hese10 for the patch.
  see also https://github.com/rsyslog/rsyslog/issues/1354
- core: fix potential message loss in old-style transactional interface
  This was experienced for example by omrelp. Could loose one message per
  broken connection, iff that message did not make it to the unacked list.
- bugfix queue subsystem: queue corrupted if certain msg props are used
  The core issues was in the msg object deserializer, which had the wrong
  deserialization sequence. That in turn lead to queue corruption issues.
  Corruption of disk queue (or disk part of DA queue) always happens if
  the "json" property (message variables) is present and "structured-data"
  property is also present. This causes rsyslog to serialize to the
  queue in wrong property sequence, which will lead to error -2308 on
  deserialization.
  Seems to be a long-standing bug. Depending on version used, some or
  all messages in disk queue may be lost.
  closes https://github.com/rsyslog/rsyslog/issues/1404
- bugfix imjournal: fixed situation when time goes backwards
  This is resolving the situation when system is after reboot and
  boot_id doesn't match so cursor pointing into "future".
  Usually sd_journal_next jump to head of journal due to journal
  aproximation, but when system time goes backwards and cursor is
  still invalid, rsyslog stops logging.
  We use sd_journal_get_cursor to validate our cursor.
  When cursor is invalid we are trying to jump to the head of journal
  This problem with time should not affect persistent journal,
  but if cursor has been intentionally compromised it could stop
  logging even with persistent journal.
- bugfix: bFlushOnTxEnd == 0 not honored when writing w/o async writer
  If bFlushOnTXEnd is set, we need to flush on transaction end - in
  any case. It is not relevant if this is using background writes
  (which then become pretty slow) or not. And, similarly, no flush
  happens when it is not set.
  see also https://github.com/rsyslog/rsyslog/issues/1297
- bugfix core: str2num mishandling empty strings
  If str2num() receives an empty string, misadressing happens.
  This theoretically can lead to a segfault if a RainerScript function
  is used inside the configuration which calls code that could trigger
  this bug.
  closes https://github.com/rsyslog/rsyslog/issues/1412
- bugfix rainerscript: set/unset statement do not check variable name validity
  Only JSON-based variables can be use with set and unset. Unfortunately,
  this restriction is not checked. If an invalid variable is given
  (e.g. $invalid), this is not detected upon config processing on
  startup. During execution phase, this can lead to a segfault, a
  memory leak or other types of problems.
  Thanks to github user mostolog for reporting and helping to analyze
  this issue.
  see also https://github.com/rsyslog/rsyslog/issues/1376
  closes https://github.com/rsyslog/rsyslog/issues/1377
- bugfix mmrm1stspace: last character of rawmsg property was doubled
- bugfix: rsyslog loops on freebsd when trying to write /dev/console
  Rsyslog 8.23.0 loops on FreeBSD when trying to access a (now revoked)
  /dev/console file descriptor, as per Alexandre's original bug report [1].
  The original patch fixes the problem when tryTTYRecover() sees errno 6 ENXIO.
  Running FreeBSD 10-stable here and getting errno 5 EIO, same as Xavier gets
  in his 2016 bug report [2].
  New patch [3] includes errno 5 to tryTTYRecover() in runtime/stream.c and
  fixes the problem for me, on multiple machines.
  [1] https://github.com/rsyslog/rsyslog/issues/371
  [2] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211033
  [3] https://bz-attachments.freebsd.org/attachment.cgi?id=178452
  closes https://github.com/rsyslog/rsyslog/issues/1351
  Thanks to Damien Fleuriot for the patch.
- bugfix imtcp: fix very small (cosmetic) memory leak
  For each listener, the name of an assigned ruleset is not freed. This
  is cosmetic, because it is a very small static leak AND it needs to
  be kept until end of run anyways (and at end of run the OS frees it).
  However, the leak breaks memleak checks in the testbench.
- fix build issues on some platforms (detected on newer Fedora)
------------------------------------------------------------------------------
Version 8.24.0 [v8-stable] 2017-01-10
- rsyslog now builds on AIX
  see also: https://github.com/rsyslog/rsyslog/pull/1247
  Thanks to github user purnimam1 and the team at IBM
  Note: the rsyslog project has no AIX platform to ensure that future versions
  will remain buildable on AIX. If you would like to contribute ressources,
  please contact the rsyslog team.
- mmdblookup: new maxminddb lookup message modify plugin
  Thanks to 饶琛琳 (github user chenryn) for the contribution
- mmrm1stspace: new module; removes first space in MSG if present
- KSI signature provider: file permissions can now be specified
  This happens via parameters equal to those used by omfile itself.
  Note that KSI files can have different permissions/owner than the log
  files themself.
  Thanks to Allan Park for the patch.
- omzmq: new features
  Thanks to Brian Knox for the patch.
- change: when the hostname is empty, we now use "localhost-empty-hostname"
  In 8.23.0, "localhost" was used in this case, but that could be misleading.
  The new name makes the error condition (gethostname() should always return
  a non-empty name) more obvious.
- omelasticsearch: remove "asyncrepl" config parameter
  The _bulk index endpoint on ElasticSearch 5.0 no longer
  ignores the ?replication=async query parameter. It was deprecated
  since 1.5 and silently ignored in 2.x but passing it to a 5.x
  instance breaks omeleastisearch with a 400 response.
  closes https://github.com/rsyslog/rsyslog/issues/1250
- omfwd: Add support for bind-to-device (see below on same for imudp)
- imudp: Add support for bind-to-device
  Add support for bind-to-device option to omfwd and imudp modules.
  Configured using device="name". Only new syntax format is supported.
  e.g.,
  input(type="imudp" port=["10514"] device="eth0" name="udp")
  Action(type="omfwd" Target="192.168.1.23" Port="10514" Device="eth0")
  see also https://github.com/rsyslog/rsyslog/pull/1261
  Thanks to David Ahern for the patch.
- imudp: limit rcvbufsize parameter to max 1GiB
- rainerscript: implement new "call_indirect" statement
- bugfix imjournal: make state file handling more robust
  There is a bug in rsyslog which is caused by not very atomic writes of
  imjournal statefile. It's hardly reproducible but there is a way.
  fscanf error appears only when rsyslog reads an empty statefile which
  causes that imjournal is stopped so no logging from journal is
  performed. When the statefile contains random bytes error appears
  again but from journal and imjournal is stopped too.
  In this patch Rsyslog writes imjournal statefile more atomically and
  secure. Reading the statefile is more robust and doesn't affect
  imjournal module so when corrupted statefile is read imjournal
  ignores statefile, continues with logging and it doesn't stop. Logger
  can be used as a test if it's logging or not.
  Patch introduces a new option with both old and new config format
  "IgnoreNonValidStateFile" which is "on" by default and it can turn
  off ignorance of non valid statefile.
  Thanks to github user tomassykora for the patch.
- bugfix core: lookup table reload was not properly integrated
  The opcode was not handled, what lead to misleading messages
  in debug log. Since we run debug builds more strictly, it also
  causes an assertion to trigger, thus aborting the test
- bugfix core: potential dealock on shutdown
  could happen when rsyslog was started and quickly shut down OR when
  co-incidently a new thread was spawend "with bad timing" around the time
  of shutdown.
  See also https://github.com/rsyslog/rsyslog/pull/1274
  Thanks to github user tomassykora for the final patch and Rado Sroka for
  the analysis and an initial patch.
- bugfix ommongodb: did not work in v8 due to invalid indirection
  Thanks to Benoit Dolez for the patch.
- bugfix ommongodb: fix tryResume handling
  To make tryResume working, the connection to mongodb need to be closed.
  Thus close it on "insert error".
  Thanks to Benoit Dolez for the patch.
- bugfix omfwd: retry processing was not done correctly, could stall
  see also https://github.com/rsyslog/rsyslog/pull/1261
  Thanks to David Ahern for the patch.
- bugfix imuxsock: segfault non shutdown when $OmitLocalLogging is on
  Imuxsock tries to close socket on index 0 which ends with segfault.
  Thanks to Tomas Sykora for the patch.
- testbench:
  * empty-hostname test did not work correctly
  * improve debugging by better output
------------------------------------------------------------------------------
Version 8.23.0 [v8-stable] 2016-11-15
- NEW BUILD REQUIREMENT: libfastjson 0.99.3
  This was introduced in 8.20.0 as a suggestion and has now become a hard
  requirement. See 8.20.0 ChangeLog entry for more details.
- KSI signatures: removed SHA2-224 hash algorithm
  This is considered insecure and no longer supported by the underlying
  KSI library. If still used within a configuration, a descriptive error
  message is emitted during config processing.
  Thanks to Henri Lakk for the initial patch.
- imfile: new timeout feature for multi-line reads
  When using startmsg.regex, messages are held until the next one is written.
  We now provide a "readTimeout" parameter family (see doc) to timeout such
  reads and ensure messages are not held for a very long time.
  see also https://github.com/rsyslog/rsyslog/issues/1133
- omfile: improve robustness against network file system failures
  in case of failure, a close and re-open is tried, which often solves the
  issue (and wasn't handle before this patch).
  see also https://github.com/rsyslog/rsyslog/pull/1161
  Thanks to github user hese10 for the patch.
- pmaixforwardedfrom: support for AIX syslogd -s option
  if syslog in AIX started with "-s" option, AIX syslog adds only "From "
  instead of "Message forwarded from ". With this patch, both are now
  detected.
  Thanks to github user patelritesh for the patch.
- omelasticsearch: add ability to specify max http request size
  This permits to keep batches below ES-configured limits.
  Thanks to github user barakshechter for the patch.
- omelasticsearch: high availability addressing of ElasticSearch cluster
  allow to specify an array of servers, which is tried until a working
  one is found (and given up only if none works).
  Thanks to github user barakshechter for the patch.
- omelasticsearch: make compatible with ElasticSearch 2.x and 5.x
  fixes omelasticsearch logs response from ElasticSearch 5.0 _bulk
  endpoint as error
  See also https://github.com/rsyslog/rsyslog/pull/1253
  Thanks to Christian Rodemeyer for the patch.
- omhiredis: add dynakey attribute.
  If set to on, this causes omhiredis to treat the key attribute as the
  name of a template so that you can build a dynamic redis queue name
  or list key.
  see also: https://github.com/rsyslog/rsyslog/pull/1218
  Thanks to github user bobthemighty for the patch
- omtcl: new contributed module
  see also https://github.com/rsyslog/rsyslog/pull/1041
  Please note: contributed modules are not directly supported by the 
  project. You might want to contact the author for questions.
  Thanks to Francisco Castro for contributing it.
- RainerScript: provide a capability to set environment variables
  via 'global(environment="var=val")' config statement.
  This is most importantly for things like HTTP_PROXY.
  see also https://github.com/rsyslog/rsyslog/issues/1209
- lookup tables: improved error checking
  Thanks to Janmejay Singh for the patch.
- queue subsystem: add configuration parameter "queue.samplinginterval"
  Supports sampling of messages (as often used in data transmission).
  Thanks to Zachary M. Zhao for the patch.
- bugfix core: errmsg.LogError now switches to dfltErrLogger just before shutdown
  Thanks to Janmejay Singh for the patches.
- bugfix core: fixed un-freed memory in non-transactional action using string-passing
  closes https://github.com/rsyslog/rsyslog/issues/968
  Thanks to Janmejay Singh for the patches.
- rsgtutil: option to specify KSI publications file certificate constraints
  see also https://github.com/rsyslog/rsyslog/issues/1207
- omprog: bugfixes and enhancements
  - omprog resource leak fix (fd leak)
  - omprog got ability to force-kill process if it doesn't die in 5 seconds
    (linux specific)
  - child-process lifecycle debugging aid (in form of logs) (mainLoop and
    omprog cleanup both log pid at child-death, mainLoop reaping is now
    visible to user, as opposed to being a mystery, because omprog didn't
    seem to anticipate it in terms of code)
  Thanks to Janmejay Singh for the patches.
  see also https://github.com/rsyslog/rsyslog/pull/1155
- bugfix imfile: ReopenOnTruncate processing, file open processing
  This fixes
   * ReopenOnTrucate was only honored when a state file existed
      see https://github.com/rsyslog/rsyslog/issues/1090
    * open processing could run into a loop
      see https://github.com/rsyslog/rsyslog/issues/1174
  This is done via refactoring the open file handling, which provides
  overall cleaner and easier-to-follow code.
  Thanks to Owen Smith for analyzing the problem and providing a
  prototype PR which greatly helped towards the final solution.
- bugfix omlibdbi: libdbi-driver-sqlite3/2 requires to provide a path to
  database split into two strings:
  * absolute path, where the database file sits
  * database filename itself.
  This was previously not done.
  Thanks to github user aleek for the patch.
- bugfix RainerScript: issue in prifilt() function
  Initialize func-data(and to-be-freed flag) correctly for prifilt
  function-node
  Thanks to Janmejay Singh for the patch.
- bugfix omrelp: invalid module name imrelp was used in some error messages
  Thanks to Chris Pilkington for the patch.
- bugfix core: abort when persisting object state
  This causes a segfault. It happens whenever an object state larger
  than 4095 byte is persisted. Then, incorrectly a try to rollover to
  a new state file is tried, which will lead to a division by zero
  as the necessary variables for this operation are not set because we
  are NOT in circular mode.
  This problem can happen wherever state files are written. It has been
  experienced with imfile and queue files.
  Many thanks to github user mostolog for his help in reproducing the issue,
  which was very important to finally nail down this long-standing bug.
  closes https://github.com/rsyslog/rsyslog/issues/1239
  closes https://github.com/rsyslog/rsyslog/issues/1162
  closes https://github.com/rsyslog/rsyslog/issues/1074
- bugfix: segfault if hostname is unset on system
  happens when gethostname() returns empty string. This will cause
  the createon of the localhostname prop_t to fail, which in turn
  leads to a NULL pointer dereference when emitting local messages.
  As we emit a startup message by default, this had usually lead
  to a segfault on startup.
  Thanks to Erik Potter and github user mostolog for their help
  in analyzing this problem.
  closes https://github.com/rsyslog/rsyslog/issues/1040
  closes https://github.com/rsyslog/rsyslog/issues/335
- bugfix external module perl skeleton: did not work properly
  Thanks to github user Igorjan666 for the patch.
- bugfix build system: Fix detection of pthread_setschedparam() on platforms
  such as FreeBSD
  see also https://github.com/rsyslog/rsyslog/pull/1147
  Thanks to Matthew Seaman for the patch.
- bugfix omelasticsearch: modifies constant memory under some circumstances
  Function computeBaseUrl may modify its serverParam parameter, but
  this may contain the constant string "localhost". Depending on the
  platform, this can lead to a segfault.
  Noticed while working on compiler warnings, not seen in practice.
- "bugfix": theoretical queue file corruption when more than MAX_INT files
  closes https://github.com/rsyslog/rsyslog/issues/1202
- bug fix/KSI: LOGSIG11 missing in the beginning of KSI log signature file
  When logging with KSI is not working properly for whatever reason, an
  empty .ksisig file is created (which by itself is not an issue). However,
  later it looks like this file is re-used, but it is not checked whether it
  already contains the magic LOGSIG11 in the beginning of the file. This leads
  to a log signature file which has correct content but is missing the
  LOGSIG11 magic in the beginning.
- bugfix template processor: missing escaping of backslash in json mode
  Thanks to github user mostolog for providing the patch.
- build environment: --enable-debug now defaults to new "auto" mode
  previously, DEBUG mode (and thus assert() macros) was disabled by default
  and explicitly needed to be enabled by providing the --enable-debug
  ./configure switch. Now, a new --enable-debug=auto mode has been added
  and made the default. It enables DEBUG mode if we build from git and only
  disables it when a release build is done (from the release tarball). This
  aims at better error checking during testbench runs and developer testing.
- testbench improvements
  * improved testbench file generation tool
    Thanks to Pascal Withopf for the patch.
  * added some plumbing for extended tests which work by overriding OS APIs
  * imfile ReopenOnTruncate option is now being tested
  * the CI environment now runs most tests in debug mode, but some in
    release mode to cover potential release-mode races
  * template json option is now being tested
  * object state persisting received a basic test
  * added test for empty hostnames
  * added tests for omprog
------------------------------------------------------------------------------
Version 8.22.0 [v8-stable] 2016-10-04
- ompgsql: add template support
  Thanks to Radu Gheorghe for implementing this.
- generate somewhat better error message on config file syntax error
  a common case (object at invalid location) has received it's own error
  message; for the rest we still rely on the generic flex/bison handler
- bugfix:omhiredis reconnects after failure
  previously it could loose messages under such conditions.
  Thanks to Bob Gregory for the patch.
- general cleanup and code improvement
  mostly guided by compiler warnings induced by newer opensuse builbot
  environment
------------------------------------------------------------------------------
Version 8.21.0 [v8-stable] 2016-08-23
- CHANGE OF BEHAVIOUR:
  by default, internal messages are no longer logged via the internal
  bridge to rsyslog but via the syslog() API call [either directly or
  via liblogging). For the typical single-rsyslogd-instance installation this
  is mostly unnoticable (except for some additional latency). If multiple
  instances are run, only the "main" (the one processing system log messages)
  will see all messages. To return to the old behaviour, do either of those
  two:
  1) add in rsyslog.conf:
     global(processInternalMessages="on")
  2) export the environment variable RSYSLOG_DFLT_LOG_INTERNAL=1 
     This will set a new default - the value can still be overwritten via
     rsyslog.conf (method 1). Note that the environment variable must be
     set in your **startup script**.
  For more information, please visit
  http://www.rsyslog.com/rsyslog-error-reporting-improved/
- slightly improved TLS syslog error messages
- queue subsystem: improved robustness
  The .qi file is now persisted whenever an existing queue file is fully
  written and a new file is begun. This helps with rsyslog aborts, including
  the common case where the OS issues kill -9 because of insufficiently
  configured termination timout (this is an OS config error, but a frequent
  one). Also, a situation where an orphaned empty file could be left in the
  queue work directory has been fixed. We expect that this change causes
  fewer permanent queue failures.
- bugfix: build failed on some platforms due to missing include files
------------------------------------------------------------------------------
Version 8.20.0 [v8-stable] 2016-07-12
- NEW BUILD REQUIREMENT: librelp, was 1.2.5, now is 1.2.12
  This is only needed if --enable-relp is used. The new version is needed
  to support the new timeout parameter in omrelp.
- NEW BUILD SUGGESTION: libfastjson 0.99.3
  while not strictly necessary, previous versions of libfastjson have a bug
  in unicode processing that can result in non US-ASCII characters to be
  improperly encoded and may (very unlikely) also cause a segfault.
  This version will become mandatory in rsyslog 8.23.0
- omrelp: add configurable connection timeout
  Thanks to Nathan Brown for implementing this feature.
- pmrfc3164: add support for slashes in hostname
  added parameter "permit.slashesinhostname" to support this, off by default
  [Note that the RFC5424 always supported this, as 5424 is a different
  standard]
- bugfix omfile: handle chown() failure correctly
  If the file creation succeeds, but chown() failed, the file was
  still writen, even if the user requested that this should be treated
  as a failure case. This is corrected now.
  Also, some refactoring was done to create better error messages.
- omfile now better conveys status of unwritable files back to core
- config files recursively including themselfes are now detected
  and an error message is emitted in that case; Previously, this
  misconfiguration resulted in rsyslog loop and abort during startup.
  closes https://github.com/rsyslog/rsyslog/issues/1058
- refactored code to not emit compiler warnings in "strict mode"
  We changed the compiler warning settings to be rather strict and cleaned up
  the code to work without generating any warning messages.
  This results in an overall even more improved code quality, which will now
  also be enforced via our CI systems.
- bugfix: fix some issues with action CommitTransaction() handling
  An action that returns an error from CommitTransaction() caused a
  loop in rsyslog action processing. Similarly, retry processing was not
  properly handled in regard to CommitTransaction().
  This is a first shot at fixing the situation. It solves the
  immediate problems, but does not implement the full desired
  functionality (like error file).
  see also https://github.com/rsyslog/rsyslog/issues/974
  see also https://github.com/rsyslog/rsyslog/issues/500
- bugfix omqmqp1: connecting to the message bus fails on nonstandard port
  Thanks to Ken Giusti for the patch.
  see also: https://github.com/rsyslog/rsyslog/pull/1064
- testbench/CI enhancements
  * new tests for RELP components
  * new tests for core action processing and retry
  * travis tests now also run against all unstable versions of supporting
    libraries. This helps to track interdependency problems early.
  * new tests for hostname parsing
  * new tests for RainerScript comparisons
------------------------------------------------------------------------------
Version 8.19.0 [v8-stable] 2016-05-31
- NEW BUILD REQUIREMENT: autoconf-archive
- omelasticsearch: add option to permit unsigned certs (experimentally)
  This adds plumbing as suggested by Joerg Heinemann and Radu Gheorghe,
  but is otherwise untested. Chances are good it works. If you use it,
  please let us know your experience and most importantly any bug
  reports you may have.
  closes https://github.com/rsyslog/rsyslog/issues/89
- imrelp: better error codes on unvailablity of TLS options
  Most importantly, we will tell the user in clear words if specific TLS
  options are not available due to too-old GnuTLS.
  closes https://github.com/rsyslog/rsyslog/issues/1019
- default stack size for inputs has been explicitely set to 4MiB
  for most platforms, this means a reduction from the default of 10MiB, hower
  it may mean an increas for micro-libc's (some may have as low as 80KiB by
  default).
- testbench: We are now using libfaketime instead of faketime command line
  tool. Make sure you have installed the library and not just the binary!
- refactor stringbuf
  * use only a single string buffer
    ... both for the internal representation as well as the C-String one.
    The module originally tried to support embedded NUL characters, which
    over time has prooven to be not necessary. Rsyslog always encodes
    NUL into escape sequences.
    Also, the dual buffers were used inconsistently, which could lead to
    subtle bugs. With the single buffer, this does no longer happen and
    we also get some improved performance (should be noticable)
    and reduced memory use (a bit).
    closes https://github.com/rsyslog/rsyslog/issues/1033
  * removed no longer used code
  * internal API changes to reflect new needs
  * performance improvements
  * miscellaneous minor cleanup
- fix: potential misadressing in template config processing
  This could cause segfault on startup. Happens when template name shorter
  than two chars and outname is not set. Once we are over startup, things
  work reliably.
- bugfix omfile: async output file writing does not respect flushing
  neither parameter flushInterval nor flushOnTXEnd="on" was respected.
  closes https://github.com/rsyslog/rsyslog/issues/1054
- bugfix imfile: corrupted multi-line message when state data was persisted
  see also https://github.com/rsyslog/rsyslog/issues/874
  Thanks to Magnus Hyllander for the analysis and a patch suggestion.
- bugfix imfile: missing newline after first line of multiline message
  see also https://github.com/rsyslog/rsyslog/issues/843
  Thanks to Magnus Hyllander for the patch.
- bugfix: dynstats unusedMetricTtl bug
  Thanks to Janmejay Singh for fixing this.
- bugfix build system: build was broken on SunOS
  Thanks to Filip Hajny for the patch.
- bugfix: afterRun entry point not correctly called
  The entry point was called at the wrong spot, only when the thread
  had not already terminated by itself. This could cause various
  cleanup to not be done. This affected e.g. imjournal.
  closes https://github.com/rsyslog/rsyslog/issues/882
- bugfix dynstats: do not leak file handles
  Thanks to Janmejay Singh for the patch.
- bugfix omelasticsearch: disable libCURL signal handling
  previously, this could lead to segfaults on connection timeout
  see also https://github.com/rsyslog/rsyslog/pull/1007
  Thanks to Sai Ke WANG for the patch.
- bugfix omelasticsearc: some regressions were fixed
  * error file was no longer written
  * fix for some potential misaddressings
- improved wording: gnutls error message points to potential cause
  What GnutTLS returns us is very unspecific and somehwat misleading, so
  we point to what it most probably is (broken connect).
  see also https://github.com/rsyslog/rsyslog/issues/846
- some general code improvements
  * "fixed" cosmetic memory leaks at shutdown
- build system bugfix: configure can't find gss_acquire_cred on Solaris
  Thanks to github user vlmarek for the patch.
- improvements to the CI environment
  * improvements on the non-raciness of some tests
  * imdiag: avoid races in detecting queue empty status
    This reslolves cases where the testbench terminated rsyslog too early,
    resulting in potential message loss and test failure.
  * omkafka has now dynamic tests
    Thanks to Janmejay Singh for implementing them.
  * try to merge PR to master and run tests; this guards against cross-PR
    regressions and wasn't caught previously. Note that we skip this test
    if we cannot successfully merge. So this is not a replacement for a
    daily full "all-project integration test run".
  * travis has finally enabled elasticsearch tests
    ES was unfortunately not being regularly tested for quite a while due to
    missing environment. This lead to some regressions becoming undetected.
    These were now discovered thanks to the new support on travis. Also, this
    guards against future regressions.
  * imfile has now additional tests and overall better coverage
  * omfile has now additional tests
------------------------------------------------------------------------------
Version 8.18.0 [v8-stable] 2016-04-19
- testbench: When running privdrop tests testbench tries to drop
  user to "rsyslog", "syslog" or "daemon" when running as root and
  you don't explict set RSYSLOG_TESTUSER environment variable.
  Make sure the unprivileged testuser can write into tests/ dir!
- templates: add option to convert timestamps to UTC
  closes https://github.com/rsyslog/rsyslog/issues/730
- omjournal: fix segfault (regression in 8.17.0)
- imptcp: added AF_UNIX support
  Thanks to Nathan Brown for implementing this feature.
- new template options
  * compressSpace
  * date-utc
- redis: support for authentication
  Thanks to Manohar Ht for the patch
- omkafka: makes kafka-producer on-HUP restart optional 
  As of now, omkafka kills and re-creates kafka-producer on HUP. This
  is not always desirable. This change introduces an action param
  (reopenOnHup="on|off") which allows user to control re-cycling of
  kafka-producer.
  It defaults to on (for backward compatibility). Off allows user to
  ignore HUP as far as kafka-producer is concerned.
  Thanks to Janmejay Singh for implementing this feature
- imfile: new "FreshStartTail" input parameter
  Thanks to Curu Wong for implementing this.
- omjournal: fix libfastjson API issues
  This module accessed private data members of libfastjson
- ommongodb: fix json API issues
  This module accessed private data members of libfastjson
- testbench improvements (more tests and more thourough tests)
  among others:
  - tests for omjournal added
  - tests for KSI subsystem
  - tests for priviledge drop statements
  - basic test for RELP with TLS
  - some previously disabled tests have been re-enabled
- dynamic stats subsystem: a couple of smaller changes
  they also involve the format, which is slightly incompatible to
  previous version. As this was out only very recently (last version),
  we considered this as acceptable.
  Thanks to Janmejay Singh for developing this.
- foreach loop: now also iterates over objects (not just arrays)
  Thanks to Janmejay Singh for developing this.
- improvements to the CI environment
- enhancement: queue subsystem is more robst in regard to some corruptions
  It is now detected if a .qi file states that the queue contains more
  records than there are actually inside the queue files. Previously this
  resulted in an emergency switch to direct mode, now the problem is only
  reported but processing continues.
- enhancement: Allow rsyslog to bind UDP ports even w/out specific
  interface being up at the moment.
  Alternatively, rsyslog could be ordered after networking, however,
  that might have some negative side effects. Also IP_FREEBIND is
  recommended by systemd documentation.
  Thanks to Nirmoy Das and Marius Tomaschewski for the patch.
- cleanup: removed no longer needed json-c compatibility layer
  as we now always use libfastjson, we do not need to support old
  versions of json-c (libfastjson was based on the newest json-c
  version at the time of the fork, which is the newest in regard
  to the compatibility layer)
- new External plugin for sending metrics to SPM Monitoring SaaS
  Thanks to Radu Gheorghe for the patch.
- bugfix imfile: fix memory corruption bug when appending @cee
  Thanks to Brian Knox for the patch.
- bugfix: memory misallocation if position.from and position.to is used
  a negative amount of memory is tried to be allocated if position.from
  is smaller than the buffer size (at least with json variables). This
  usually leads to a segfault.
  closes https://github.com/rsyslog/rsyslog/issues/915
- bugfix: fix potential memleak in TCP allowed sender definition
  depending on circumstances, a very small leak could happen on each
  HUP. This was caused by an invalid macro definition which did not rule
  out side effects.
- bugfix: $PrivDropToGroupID actually did a name lookup
  ... instead of using the provided ID
- bugfix: small memory leak in imfile
  Thanks to Tomas Heinrich for the patch.
- bugfix: double free in jsonmesg template
  There has to be actual json data in the message (from mmjsonparse,
  mmnormalize, imjournal, ...) to trigger the crash.
  Thanks to Tomas Heinrich for the patch.
- bugfix: incorrect formatting of stats when CEE/Json format is used
  This lead to ill-formed json being generated
- bugfix omfwd: new-style keepalive action parameters did not work 
  due to being inconsistently spelled inside the code. Note that legacy
  parameters $keepalive... always worked
  see also: https://github.com/rsyslog/rsyslog/issues/916
  Thanks to Devin Christensen for alerting us and an analysis of the
  root cause.
- bugfix: memory leaks in logctl utility
  Detected by clang static analyzer. Note that these leaks CAN happen in
  practice and may even be pretty large. This was probably never detected
  because the tool is not often used.
- bugfix omrelp: fix segfault if no port action parameter was given
  closes https://github.com/rsyslog/rsyslog/issues/911
- bugfix imtcp: Messages not terminated by a NL were discarded 
  ... upon connection termination.
  Thanks to Tomas Heinrich for the patch.
------------------------------------------------------------------------------
Version 8.17.0 [v8-stable] 2016-03-08
- NEW REQUIREMENT: libfastjson
  see also:
  http://blog.gerhards.net/2015/12/rsyslog-and-liblognorm-will-switch-to.html
- new testbench requirement: faketime command line tool
  This is used to generate a controlled environment for time-based tests; if
  not available, tests will gracefully be skipped.
- improve json variable performance
  We use libfastjson's alternative hash function, which has been
  proven to be much faster than the default one (which stems
  back to libjson-c). This should bring an overall performance
  improvement for all operations involving variable processing.
  closes https://github.com/rsyslog/rsyslog/issues/848
- new experimental feature: lookup table suport
  Note that at this time, this is an experimental feature which is not yet
  fully supported by the rsyslog team. It is introduced in order to gain
  more feedback and to make it available as early as possible because many
  people consider it useful.
  Thanks to Janmejay Singh for implementing this feature
- new feature: dynamic statistics counters
  which may be changed during rule processing
  Thanks to Janmejay Singh for suggesting and implementing this feature
- new contributed plugin: omampq1 for AMQP 1.0-compliant brokers
  Thanks to Ken Giusti for this module
- new set of UTC-based $now family of variables ($now-utc, $year-utc, ...)
- simplified locking when accessing message and local variables
  this simlifies the code and slightly increases performance if such
  variables are heavily accessed.
- new global parameter "debug.unloadModules"
  This permits to disable unloading of modules, e.g.  to make valgrind
  reports more useful (without a need to recompile).
- timestamp handling: guard against invalid dates
  We do not permit dates outside of the year 1970..2100
  interval. Note that network-receivers do already guard
  against this, so the new guard only guards against invalid
  system time.
- imfile: add "trimlineoverbytes" input paramter
  Thanks to github user JindongChen for the patch.
- ommongodb: add support for extended json format for dates
  Thanks to Florian Bücklers for the patch.
- omjournal: add support for templates
  see also: https://github.com/rsyslog/rsyslog/pull/770
  Thanks to github user bobthemighty for the patch
- imuxsock: add "ruleset" input parameter
- testbench: framework improvement: configs can be included in test file
  they do no longer need to be in a separate file, which saves a bit
  of work when working with them. This is supported for simple tests with
  a single running rsyslog instance
  Thanks to Janmejay Singh for inspiring me with a similar method in
  liblognorm testbench.
- imptcp: performance improvements
  Thanks to Janmejay Singh for implementing this improvement
- made build compile (almost) without warnings
  still some warnings are suppressed where this is currently required
- improve interface definition in some modules, e.g. mmanon, mmsequence
  This is more an internal cleanup and should have no actual affect to
  the end user.
- solaris build: MAXHOSTNAMELEN properly detected
- build system improvement: ability to detect old hiredis libs
  This permits to automatically build omhiredis on systems where the
  hiredis libs do not provide a pkgconfig file. Previsouly, this
  required manual configuration.
  Thanks to github user jaymell for the patch.
- rsgtutil: dump mode improvements
  * auto-detect signature file type
  * ability to dump hash chains for log extraction files
- build system: fix build issues with clang
  clang builds often failed with a missing external symbol
  "rpl_malloc". This was caused by checks in configure.ac,
  which checked for specific GNU semantics. As we do not need
  them (we never ask malloc for zero bytes), we can safely
  remove the macros.
  Note that we routinely run clang static analyer in CI and
  it also detects such calls as invalid.
  closes https://github.com/rsyslog/rsyslog/issues/834
- bugfix: unixtimestamp date format was incorrectly computed
  The problem happened in leap year from March til then end
  of year and healed itself at the begining of the next year.
  During the problem period, the timestamp was 24 hours too low.
  fixes https://github.com/rsyslog/rsyslog/issues/830
- bugfix: date-ordinal date format was incorrectly computed
  same root cause aus for unixtimestamp and same triggering
  condition. During the affected perido, the ordinal was one
  too less.
- bugfix: some race when shutting down input module threads
  this had little, if at all, effect on real deployments as it resulted
  in a small leak right before rsyslog termination. However, it caused
  trouble with the testbench (and other QA tools).
  Thanks to Peter Portante for the patch and both Peter and Janmejay
  Singh for helping to analyze what was going on.
- bugfix tcpflood: did not handle connection drops correct in TLS case
  note that tcpflood is a testbench too. The bug caused some testbench
  instability, but had no effect on deplyments.
- bugfix: abort if global parameter value was wrong 
  If so, the abort happened during startup. Once started,
  all was stable.
- bugfix omkafka: fix potential NULL pointer addressing
  this happened when the topic cache was full and an entry
  needed to be evicted
- bugfix impstats: @cee cookie was prefixed to wrong fromat (json vs. cee)
  Thanks to Volker Fröhlich for the fix.
- bugfix imfile: fix race during startup that could lead to some duplication
  If a to-be-monitored file was created after inotify was initialized
  but before startup was completed, the first chunk of data from this
  file could be duplicated. This should have happened very rarely in
  practice, but caused occasional testbench failures.
  see also: https://github.com/rsyslog/rsyslog/issues/791
- bugfix: potential loss of single message at queue shutdown
  see also: https://github.com/rsyslog/rsyslog/issues/262
- bugfix: potential deadlock with heavy variable access
  When making havy use of global, local and message variables, a deadlock
  could occur. While it is extremly unlikely to happen, we have at least
  seen one incarnation of this problem in practice.
- bugfix ommysql: on some platforms, serverport parameter had no effect
  This was caused by an invalid code sequence which's outcome depends on
  compiler settings.
- bugfix omelasticsearch: invalid pointer dereference
  The actual practical impact is not clear. This came up when working
  on compiler warnings.
  Thanks to David Lang for the patch.
- bugfix omhiredis: serverport config parameter did not reliably work
  depended on environment/compiler used to build
- bugfix rsgtutil: -h command line option did not work
  Thanks to Henri Lakk for the patch.
- bugfix lexer: hex numbers were not properly represented
  see: https://github.com/rsyslog/rsyslog/pull/771
  Thanks to Sam Hanes for the patch.
- bugfix TLS syslog: intermittent errors while sending data
  Regression from commit 1394e0b. A symptom often seen was the message
  "unexpected GnuTLS error -50 in nsd_gtls.c:530"
- bugfix imfile: abort on startup if no slash was present in file name param
  Thanks to Brian Knox for the patch.
- bugfix rsgtutil: fixed abort when using short command line options
  Thanks to Henri Lakk 
- bugfix rsgtutil: invalid computation of log record extraction file
  This caused verification to fail because the hash chain was actually
  incorrect. Depended on the input data set.
  closes https://github.com/rsyslog/rsyslog/issues/832
- bugfix build system: KSI components could only be build if in default path
------------------------------------------------------------------------------
Version 8.16.0 [v8-stable] 2016-01-26
- rsgtutil: Added extraction support including loglines and hash chains. 
  More details on how to extract loglines can be found in the rsgtutil
  manpage. See also: https://github.com/rsyslog/rsyslog/issues/561   
- clean up doAction output module interface
  We started with char * pointers, but used different types of pointers
  over time. This lead to alignment warnings. In practice, I think this
  should never cause any problems (at least there have been no reports
  in the 7 or so years we do this), but it is not clean. The interface is
  now cleaned up. We do this in a way that does not require modifications
  to modules that just use string parameters. For those with message
  parameters, have a look at e.g. mmutf8fix to see how easy the
  required change is.
- new system properties for $NOW properties based on UTC
  This permits to express current system time in UTC.
  See also https://github.com/rsyslog/rsyslog/issues/729
- impstats: support broken ElasticSearch JSON implementation
  ES 2.0 no longer supports valid JSON and disallows dots inside names.
  This adds a new "json-elasticsearch" format option which replaces
  those dots by the bang ("!") character. So "discarded.full" becomes
  "discarded!full".
  This is a workaroud. A method that will provide more control over
  replacements will be implemented some time in the future. For
  details, see below-quoted issue tracker.
  closes https://github.com/rsyslog/rsyslog/issues/713
- omelasticsearch: craft better URLs
  Elasticsearch is confused by url's ending in a bare '?' or '&'. While
  this is valid, those are no longer produced.
  Thanks to Benno Evers for the patch.
- imfile: add experimental "reopenOnTruncate" parameter
  Thanks to Matthew Wang for the patch.
- bugfix imfile: proper handling of inotify initialization failure
  Thanks to Zachary Zhao for the patch.
- bugfix imfile: potential segfault due to improper handling of ev var
  This occurs in inotify mode, only.
  Thanks to Zachary Zhao and Peter Portante for the patch.
  closes https://github.com/rsyslog/rsyslog/issues/718
- bugfix imfile: potential segfault under heavey load.
  This occurs in inotify mode when using wildcards, only.
  The root cause is dropped IN_IGNOPRED inotify events which be dropped
  in circumstance of high input pressure and frequent rotation, and
  according to wikipeida, they can also be dropped in other conditions.
  Thanks to Zachary Zhao for the patch.
  closes https://github.com/rsyslog/rsyslog/issues/723
- bugfix ommail: invalid handling of server response
  if that response was split into different read calls. Could lead to
  error-termination of send operation. Problem is pretty unlikely to
  occur in standard setups (requires slow connection to SMTP server).
  Thank to github user haixingood for the patch.
- bugfix omelasticsearch: custom serverport was ignored on some platforms
  Thanks to Benno Evers for the patch.
- bugfix: tarball did not include some testbench files
  Thanks to Thomas D. (whissi) for the patch.
- bugfix: memory misadressing during config parsing string template
  This occurred if an (invalid) template option larger than 63 characters
  was given.
  Thanks to git hub user c6226 for the patch.
- bugfix imzmq: memory leak
  Thanks to Jeremy Liang for the patch.
- bugfix imzmq: memory leak
  Thanks to github user xushengping for the patch.
- bugfix omzmq: memory leak
  Thanks to Jack Lin for the patch.
- some code improvement and cleanup
------------------------------------------------------------------------------
Version 8.15.0 [v8-stable] 2015-12-15
- KSI Lib: Updated code to run with libksi 3.4.0.5 
  Also libksi 3.4.0.x is required to build rsyslog if ksi support
  is enabled. New libpackages have been build as well. 
- KSI utilities: Added option to ser publication url.
  Since libksi 3.4.0.x, there is no default publication url anymore. 
  The publication url has to be set using the --publications-server
  Parameter, otherwise the ksi signature cannot be verified. UserID
  and UserKey can also be set by parameter now.   
  Closes https://github.com/rsyslog/rsyslog/issues/581
- KSI Lib: Fixed wrong TLV container for KSI signatures from 0905 to 0906. 
  closes https://github.com/rsyslog/rsyslog/issues/587
- KSI/GT Lib: Fixed multiple issues found using static analyzer 
- performance improvement for configs with heavy use of JSON variables
  Depending on the config, this can be a very big gain in performance.
- added pmpanngfw: contributed module for translating Palo Alto Networks logs. 
  see also: https://github.com/rsyslog/rsyslog/pull/573
  Thanks to Luigi Mori for the contribution. 
- testbench: Changed valgrind option for imtcp-tls-basic-vg.sh
  For details see: https://github.com/rsyslog/rsyslog/pull/569
- pmciscoios: support for asterisk before timestamp added
  thanks to github user c0by for the patch
  see also: https://github.com/rsyslog/rsyslog/pull/583
- solr external output plugin much enhanced
  see also: https://github.com/rsyslog/rsyslog/pull/529
  Thanks to Radu Gheorghe for the patch.
- omrabbitmq: improvements
  thanks to Luigi Mori for the patch
  see also: https://github.com/rsyslog/rsyslog/pull/580
- add support for libfastjson (as a replacement for json-c)
- KSI utilities: somewhat improved error messages
  Thanks to Henri Lakk for the patch.
  see also: https://github.com/rsyslog/rsyslog/pull/588
- pmciscoios: support for some format variations
  Thanks to github user c0by for the patch
- support grok via new contributed module mmgrok
  Thanks to 饶琛琳 (github user chenryn) for the contribution.
- omkafka: new statistics counter "maxoutqsize"
  Thanks to 饶琛琳 (github user chenryn) for the contribution.
- improvments for 0mq modules:
  * omczmq - suspend / Retry handling - the output plugin can now recover
    from some error states due to issues with plugin startup or message sending
  * omczmq - refactored topic handling code for ZMQ_PUB output to be a little
    more efficient
  * omczmq - added ability to set a timeout for sends
  * omczmq - set topics can be in separate frame (default) or part of message
    frame (configurable)
  * omcmzq - code cleanup
  * imczmq - code cleanup
  * imczmq - fixed a couple of cases where vars could be used uninitialized
  * imczmq - ZMQ_ROUTER support
  * imczmq - Fix small memory leak from not freeing sockets  when done with them
  * allow creation of on demand ephemeral CurveZMQ certs for encryption.
    Clients may specify clientcertpath="*" to indicate they want an on
    demand generated cert.
  Thanks to Brian Knox for the contributions.
- cleanup on code to unset a variable
  under extreme cases (very, very unlikely), the old code could also lead
  to errornous processing
- omelasticsearch: build on FreeBSD
  Thanks to github user c0by for the patch
- pmciscoios: fix some small issues clang static analyzer detected
- testbench: many improvements and some new tests
  note that there still is a number of tests which are somewhat racy
- overall code improvements thanks to clang static analyzer
- gnutls fix: Added possible fix for gnutls issue #575
  see also: https://github.com/rsyslog/rsyslog/issues/575
  Thanks to Charles Southerland for the patch
- bugfix omkafka: restore ability to build on all platforms
  Undo commit aea09800643343ab8b6aa205b0f10a4be676643b
  because that lead to build failures on various important platforms.
  This means it currently is not possible to configure the location
  of librdkafka, but that will affect far fewer people.
  closes: https://github.com/rsyslog/rsyslog/issues/596
- bugfix omkafka: fix potentially negative partition number
  Thanks to Tait Clarridge for providing a patch.
- bugfix: solve potential race in creation of additional action workers
  Under extreme circumstances, this could lead to segfault. Note that we
  detected this problem thanks to ASAN address sanitzier in combination
  with a very exterme testbench test. We do not think that this issue
  was ever reported in practice.
- bugfix: potential memory leak in config parsing
  Thanks to github user linmujia for the patch
- bugfix: small memory leak in loading template config
  This happened when a plugin was used inside the template. Then, the
  memory for the template name was never freed.
  Thanks to github user xushengping for the fix.
- bugfix: fix extra whitespace in property expansions
  Address off-by-one issues introduced in f3bd7a2 resulting in extra
  whitespace in property expansions
  Thanks to Matthew Gabeler-Lee for the patch.
- bugfix: mmfields leaked memory if very large messages were processed
  detected by clang static analyzer
- bugfix: mmfields could add garbagge data to field
  this happened when very large fields were to be processed.
  Thanks to Peter Portante for reporting this.
- bugfix: omhttpfs now also compiles with older json-c lib
- bugfix: memory leak in (contributed) module omhttpfs
  Thanks to git hub user c6226 for the patch.
- bugfix: parameter mismatch in error message for wrap() function
- bugfix: parameter mismatch in error message for random() function
- bugfix: divide by zero if max() function was provided zero
- bugfix: invalid mutex handling in omfile async write mode
  could lead to segfault, even though highly unlikely (caught by
  testbench on a single platform)
- bugfix: fix inconsistent number processing
  Unfortunately, previous versions of the rule engine tried to
  support oct and hex, but that wasn't really the case.
  Everything based on JSON was just dec-converted. As this was/is
  the norm, we fix that inconsistency by always using dec.
  Luckly, oct and hex support was never documented and could
  probably only have been activated by constant numbers.
- bugfix: timezone() object: fix NULL pointer dereference
  This happened during startup when the offset or id parameter was not
  given. Could lead to a segfault at startup.
  Detected by clang static analyzer.
- bugfix omfile: memory addressing error if very long outchannel name used
  Thanks to github user c6226 for the patch.
------------------------------------------------------------------------------
Version 8.14.0 [v8-stable] 2015-11-03
- Added possibility to customize librdkafka location
  see also: https://github.com/rsyslog/rsyslog/pull/502
  Thanks to Matthew Wang for the patch.
- add property "rawmsg-after-pri"
- bugfix: potential misadresseing in imfile
  Could happen when wildcards were used.
  see also https://github.com/rsyslog/rsyslog/issues/532
  see also https://github.com/rsyslog/rsyslog/issues/534
  Thanks to zhangdaoling for the bugfix.
- bugfix: re_extract RainerScript function did not work
  Thanks to Janmejay Singh for the patch
------------------------------------------------------------------------------
Version 8.13.0 [v8-stable] 2015-09-22
- ZeroMQ enhancements:
  * Added the ability to set a static publishing topic per action as an
    alternative to constructing topics with templates
    Contributor: Luca Bocassi
  * ZMQ_PUB socket now defaults to bind and ZMQ_SUB socket now defaults to
    connect - Contributor: Luca Bocassi
- Redis enhancements:
  * Can now LPUSH to a Redis list in "queue" mode - Contributor: Brian Knox
  * Can now PUBLISH to a Redis channel in "publish" mode
    Contributor: Brian Knox
- build requirement for rsyslog/mmnormalize is now liblognorm 1.1.2 or above
- mmnormalize: liblognorm error messages are now emitted via regular
  rsyslog error reporting mechanism (aka "are now logged")
  This is possible due to a new API in liblognorm 1.1.2;
  Note that the amount of error messages depends on the version of
  liblognorm used.
- add support for TCP client side keep-alives
  Thanks to github user tinselcity for the patch.
- bugfix: imtcp/TLS hangs on dropped packets
  see also https://github.com/rsyslog/rsyslog/issues/318
  Thanks to github user tinselcity for the patch.
- bugfix testbench: some tests using imptcp are run if module is disabled
  Thanks to Michael Biebl for reporting this
  see also https://github.com/rsyslog/rsyslog/issues/524
- bugfix omkafka: Fixes a bug not accepting new messages anymore. 
  see also: https://github.com/rsyslog/rsyslog/pull/472
  Thanks to Janmejay Singh
- bugfix: Parallel build issue "cannot find ../runtime/.libs/librsyslog.a:
  No such file or directory" (#479) fixed.
  Thanks to Thomas D. (Whissi) for the patch.
- bugfix: Added missing mmpstructdata testfiles into makefile.
  see also: https://github.com/rsyslog/rsyslog/issues/484
- bugfix: Reverted FIX for issue #392 as it had unexpected side effects.
  The new fix duplicates the Listener object for static files (like
  done for dynamic files already), resolving issue #392 and #490. 
  see also https://github.com/rsyslog/rsyslog/pull/490 
- bugfix: issues in queue subsystem if syncqueuefiles was enabled
  * Error 14 was generated on the .qi file directory handle.
    As the .qi filestream does not have a directory set, fsync
    was called on an empty directory causing a error 14 in debug log.
  * When queue files existed on startup, the bSyncQueueFiles
    strm property was not set to 1. This is now done in the
    qqueueLoadPersStrmInfoFixup function.
- bugfix/testbench: tcpflood tool could abort when random data was added
  see also: https://github.com/rsyslog/rsyslog/issues/506
  Thanks to Louis Bouchard for the fix
- rscryutil: Added support to decrypt a not closed log file.
  Thanks to wizard1024 for the patch.
------------------------------------------------------------------------------
Version 8.12.0 [v8-stable] 2015-08-11
- Harmonize resetConfigVariables values and defaults
  see also https://github.com/rsyslog/rsyslog/pull/413
  Thanks to Tomas Heinrich for the patch.
- GT/KSI: fix some issues in signature file format and add conversion tool
  The file format is incompatible to previous format, but tools have been
  upgraded to handle both and also an option been added to convert from
  old to new format.
- bugfix: ommysql did not work when gnutls was enabled
  as it turned out, this was due to a check for GnuTLS functions
  with the side-effect that
  AC_CHECK_LIB, by default, adds the lib to LIBS, if there is no
  explicit action, what was the case here. So everything was now
  linked against GnuTLS, which in turn made ommysql fail.
  Thanks to Thomas D. (whissi) for the analysis of the ommysql/gnutls
  problem and Thomas Heinrich for pointing out that AC_CHECK_LIB might
  be the culprit.
- bugfix omfile: potential memory leak on file close
  see also: https://github.com/rsyslog/rsyslog/pull/423
  Thanks to Robert Schiele for the patch.
- bugfix omfile: potential race in dynafile detection/creation
  This could lead to a segfault.
  Thanks to Tomas Heinrich for the patch.
- bugfix omfile: Fix race-condition detection in path-creation code
  The affected code is used to detect a race condition in between
  testing for the existence of a directory and creating it if it didn't
  exist.  The variable tracking the number of attempts wasn't reset for
  subsequent elements in the path, thus limiting the number of
  reattempts to one per the whole path, instead of one per each path
  element.
  This solution was provided by Martin Poole.
- bugfix parser subsystem: potential misadressing in SanitizeMsg()
  could lead to a segfault
  Thanks to Tomas Heinrich for the patch.
- imfile: files moved outside of directory are now (properly) handled
- bugfix: imfile: segfault when using startmsg.regex if first log line
  doesn't match 
  Thanks to Ciprian Hacman for the patch.
- bugfix imfile: file table was corrupted when on file deletion
  This could happen when a file that was statically configured (not via an
  wildcard) was deleted.
- bugfix ompgsql: transaction were improperly handled
  now transaction support is solidly disabled until we have enough requests
  to implement it again. Module still works fine in single insert mode.
  closes https://github.com/rsyslog/rsyslog/issues/399
- bugfix mmjsonparse: memory leak if non-cee-json message is processed
  see also https://github.com/rsyslog/rsyslog/pull/383
  Thanks to Anton Matveenko for the patch
- testbench: remove raciness from UDP based tests
- testbench: added bash into all scripts makign it mandatory
- bugfix testbench: Fixed problem building syslog_caller util when 
  liblogging-stdlog is not available. 
  Thanks to Louis Bouchard for the patch
- bugfix rscryutil.1: Added fix checking for generate_man_pages condition
  Thanks to Radovan Sroka for the patch
- bugfix freebsd console: \n (NL) is prepended with \r (CR) in console
  output on freebsd only. For more details see here: 
  https://github.com/rsyslog/rsyslog/issues/372
  Thanks to AlexandreFenyo for the patch
------------------------------------------------------------------------------
Version 8.11.0 [v8-stable] 2015-06-30
- new signature provider for Keyless Signature Infrastructure (KSI) added
- build system: re-enable use of "make distcheck"
- add new signature provider for Kesless Signature Infrastructure (KSI)
  This has also been added to existing tooling; KSI is kind of v2 of
  the Guardtime functionality and has been added in the appropriate
  places.
- bugfix imfile: regex multiline mode ignored escapeLF option
  Thanks to Ciprian Hacman for reporting the problem
  closes https://github.com/rsyslog/rsyslog/issues/370
- bugfix omkafka: fixed several concurrency issues, most of them related
  to dynamic topics.
  Thanks to Janmejay Singh for the patch.
- bugfix: execonlywhenpreviousissuspended did not work correctly
  This especially caused problems when an action with this attribute was
  configured with an action queue.
- bugfix core engine: ensured global variable atomicity
  This could lead to problems in RainerScript, as well as probably in other
  areas where global variables are used inside rsyslog. I wouldn't outrule
  it could lead to segfaults.
  Thanks to Janmejay Singh for the patch.
- bugfix imfile: segfault when using startmsg.regex because of empty log line
  closes https://github.com/rsyslog/rsyslog/issues/357
  Thanks to Ciprian Hacman for the patch.
- bugfix: build problem on Solaris
  Thanks to Dagobert Michelsen for reporting this and getting us up to
  speed on the openCWS build farm.
- bugfix: build system strndup was used even if not present
  now added compatibility function. This came up on Solaris builds.
  Thanks to Dagobert Michelsen for reporting the problem.
  closes https://github.com/rsyslog/rsyslog/issues/347
- bugfix imjournal: do not pass empty messages to rsyslog core
  this causes a crash of the daemon
  see also https://github.com/rsyslog/rsyslog/pull/412
  Thanks to Tomas Heinrich for the patch.
- bugfix imjournal: cosmetic memory leak
  very small and an shutdown only, so did not affect operations
  see also https://github.com/rsyslog/rsyslog/pull/411
  Thanks to Tomas Heinrich for the patch.
------------------------------------------------------------------------------
Version 8.10.0 [v8-stable] 2015-05-19
- imfile: add capability to process multi-line messages based on regex
  input parameter "endmsg.regex" was added for that purpose. The new
  mode provides much more power in processing different multiline-formats.
- pmrfc3164: add new parameters
  * "detect.yearAfterTimestamp"
    This supports timestamps as generated e.g. by some Aruba Networks
    equipment.
  * "permit.squareBracesInHostname"
    Permits to use "hostnames" in the form of "[127.0.0.1]"; also seen in
    Aruba Networks equipment, but we strongly assume this can also happen
    in other cases, especially with IPv6.
- supplementary groups are now set when dropping privileges
  closes https://github.com/rsyslog/rsyslog/issues/296
  Thanks to Zach Lisinski for the patch.
- imfile: added brace glob expansion to wildcard
  Thanks to Zach Lisinski for the patch.
- zmq: add the ability for zeromq input and outputs to advertise their
  presence on UDP via the zbeacon API.
  Thanks to Brian Knox for the contribution.
- added omhttpfs: contributed module for writing to HDFS via HTTP
  Thanks to sskaje for the contribution.
- Configure option "--disable-debug-symbols" added which is disabled per
  default. If you set the new option, configure won't set the appropriate
  compiler flag to generate debug symbols anymore.
- When building from git source we now require rst2man and yacc (or a
  replacement like bison).
  That isn't any new requirement, we only added missing configure checks.
- Configure option "--enable-generate-man-pages" is now disabled for non git
  source builds per default but enforced when building from git source.
- mmpstrucdata: some code cleanup
  removed lots of early development debug outputs
- bugfix imuxsock: fix a memory leak that happened with large messages
  ... when annotation was enabled.
  Thanks to github user c6226 for the patch
- bugfix omhttpfs: memory leak
  Thanks to github user c6226 for the patch
- bugfix imuxsock: fix a crash when setting a hostname
  Setting a hostname via the legacy directive would lead to a crash
  during shutdown caused by a double-free.
  Thanks to Tomas Heinrich for the patch.
- bugfix: memory leak in mmpstrucdata
  Thanks to Grégoire Seux for reporting this issue.
  closes https://github.com/rsyslog/rsyslog/issues/310
- bugfix (minor): default action name: assigned number was one off
  see also https://github.com/rsyslog/rsyslog/pull/340
  Thanks to Tomas Heinrich for the patch.
- bugfix: memory leak in imfile
  A small leak happened each time a new file was monitored based on
  a wildcard. Depending on the rate of file creation, this could result
  in a serious memory leak.
------------------------------------------------------------------------------
Version 8.9.0 [v8-stable] 2015-04-07
- omprog: add option "hup.forward" to forwards HUP to external plugins
  This was suggested by David Lang so that external plugins (and other
  programs) can also do HUP-specific processing. The default is not
  to forward HUP, so no change of behavior by default.
- imuxsock: added capability to use regular parser chain
  Previously, this was a fixed format, that was known to be spoken on
  the system log socket. This also adds new parameters:
  - sysSock.useSpecialParser module parameter
  - sysSock.parseHostname module parameter
  - useSpecialParser input parameter
  - parseHostname input parameter
- 0mq: improvements in input and output modules
  See module READMEs, part is to be considered experimental.
  Thanks to Brian Knox for the contribution.
- imtcp: add support for ip based bind for imtcp -> param "address"
  Thanks to github user crackytsi for the patch.
- bugfix: MsgDeserialize out of sync with MsgSerialize for StrucData
  This lead to failure of disk queue processing when structured data was
  present. Thanks to github user adrush for the fix.
- bugfix imfile: partial data loss, especially in readMode != 0
  closes https://github.com/rsyslog/rsyslog/issues/144
- bugfix: potential large memory consumption with failed actions
  see also https://github.com/rsyslog/rsyslog/issues/253
- bugfix: omudpspoof: invalid default send template in RainerScript format
  The file format template was used, which obviously does not work for
  forwarding. Thanks to Christopher Racky for alerting us.
  closes https://github.com/rsyslog/rsyslog/issues/268
- bugfix: size-based legacy config statements did not work properly
  on some platforms, they were incorrectly handled, resulting in all
  sorts of "interesting" effects (up to segfault on startup)
- build system: added option --without-valgrind-testbench
  ... which provides the capability to either enforce or turn off
  valgrind use inside the testbench. Thanks to whissi for the patch.
- rsyslogd: fix misleading typos in error messages
  Thanks to Ansgar Püster for the fixes.
------------------------------------------------------------------------------
Version 8.8.0 [v8-stable] 2015-02-24
- omkafka: add support for dynamic topics and auto partitioning
  Thanks to Tait Clarridge for the patches.
- imtcp/imptcp: support for broken Cisco ASA TCP syslog framing
- omfwd: more detailled error messages in case of UDP send error
- TLS syslog: enable capability to turn on GnuTLS debug logging
  This provides better diagnostics in hard-to-diagnose cases,
  especially when GnuTLS is extra-picky about certificates.
- bugfix: $AbortOnUncleanConfig did not work
- improve rsyslogd -v output and error message with meta information
  version number is now contained in error message and build platform in
  version output. This helps to gets rid of the usual "which version"
  question on mailing list, support forums, etc...
- bugfix imtcp: octet-counted framing cannot be turned off
- bugfix: build problems on Illuminos
  Thanks to Andrew Stormont for the patch
- bugfix: invalid data size for iMaxLine global property
  It was defined as int, but inside the config system it was declared as
  size type, which uses int64_t. With legacy config statements, this could
  lead to misadressing, which usually meant the another config variable was
  overwritten (depending on memory layout).
  closes https://github.com/rsyslog/rsyslog/issues/205
- bugfix: negative values for maxMessageSize global parameter were permitted
------------------------------------------------------------------------------
Version 8.7.0 [v8-stable] 2015-01-13
- add message metadata "system" to msg object
  this permits to store metadata alongside the message
- imfile: add support for "filename" metadata
  this is useful in cases where wildcards are used
- imptcp: make stats counter names consistent with what imudp, imtcp uses
- added new module "omkafka" to support writing to Apache Kafka
- omfwd: add new "udp.senddelay" parameter
- mmnormalize enhancements
  Thanks to Janmejay Singh for the patch.
- RainerScript "foreach" iterator and array reading support
  Thanks to Janmejay Singh for the patch.
- now requires liblognorm >= 1.0.2
- add support for systemd >= 209 library names
- BSD "ntp" facility (value 12) is now also supported in filter
  Thanks to Douglas K. Rand of Iteris, Inc. for the patch.
  Note: this patch was released under ASL 2.0 (see email-conversation).
- bugfix: global(localHostName="xxx") was not respected in all modules
- bugfix: emit correct error message on config-file-not-found
  closes https://github.com/rsyslog/rsyslog/issues/173
- bugfix: impstats emitted invalid JSON format (if JSON was selected)
- bugfix: (small) memory leak in omfile's outchannel code
  Thanks to Koral Ilgun for reporting this issue.
- bugfix: imuxsock did not deactivate some code not supported by platform
  Among potential other problemns, this caused build failure under Solaris.
  Note that this build problem just made a broader problem appear that so
  far always existed but was not visible.
  closes https://github.com/rsyslog/rsyslog/issues/185
------------------------------------------------------------------------------
Version 8.6.0 [v8-stable] 2014-12-02
NOTE: This version also incorporates all changes and enhancements made for
v8.5.0, but in a stable release. For details see immediately below.
- configuration-setting rsyslogd command line options deprecated
  For most of them, there are now proper configuration objects. Some few
  will be completely dropped if nobody insists on them.  Additional info at
  http://blog.gerhards.net/2014/11/phasing-out-legacy-command-line-options.html
- new and enhanced plugins for 0mq. These are currently experimantal.
  Thanks to Brian Knox who contributed the modules and is their author.
- empty rulesets have been permitted. They no longer raise a syntax error.
- add parameter -N3 to enable config check of partial config file
  Use for config include files. Disables checking if any action exists at
  all.
- rsyslogd -e option has finally been removed
  It is deprectated since many years.
- testbench improvements
  Testbench is now more robust and has additional tests.
- testbench is now by default disabled
  To enable it, use --enable-testbench. This was done as the testbench now
  does better checking if required modules are present and this in turn
  would lead to configure error messages where non previously were if we
  would leave --enable-testbench on by default. Thus we have turned it off.
  This should not be an issue for those few testbench users.
- add new RainerScript functions warp() and replace()
  Thanks to Singh Janmejay for the patch.
- mmnormalize can now also work on a variable
  Thanks to Singh Janmejay for the patch.
- new property date options for day ordinal and week number
  Thanks to github user arrjay for the patch
- remove --enable-zlib configure option, we always require it
  It's hard to envision a system without zlib, so we turn this off
  closes https://github.com/rsyslog/rsyslog/issues/76
- slight source-tree restructuring: contributed modules are now in their
  own ./contrib directory. The idea is to make it clearer to the end user
  which plugins are supported by the rsyslog project (those in ./plugins).
- bugfix: imudp makes rsyslog hang on shutdown when more than 1 thread used
  closes https://github.com/rsyslog/rsyslog/issues/126
- bugfix: not all files closed on auto-backgrounding startup
  This could happen when not running under systemd. Some low-numbered
  fds were not closed in that case.
- bugfix: typo in queue configuration parameter
  made parameter unusable
  Thanks to Bojan Smojver for the patch.
- bugfix: unitialized buffer off-by-one error in hostname generation
  The DNS cache used uninitialized memory, which could lead to
  invalid hostname generation.
  Thanks to Jarrod Sayers for alerting us and provinding analysis and
  patch recommendations.
- bugfix imuxsock: possible segfault when SysSock.Use="off"
  Thanks to alexjfisher for reporting this issue.
  closes https://github.com/rsyslog/rsyslog/issues/140
- bugfix: RainerScript: invalid ruleset names were accepted
  during ruleset defintion, but could of course not be used when
  e.g. calling a ruleset.
  IMPORTANT: this may cause existing configurations to error out on start,
  as they invalid names could also be used e.g. when assigning rulesets.
- bugfix: some module entry points were not called for all modules
  callbacks like endCnfLoad() were primarily being called for input
  modules. This has been corrected. Note that this bugfix has some
  regression potential.
- bugfix omlibdbi: connection was taken down in wrong thread
  this could have consequences depending on the driver being used. In
  general, it looks more like a cosmetic issue. For example, with
  MySQL it lead to a small memory but also an annoying message about
  a thread not properly torn down.
- imttcp was removed because it was an incompleted experimental module
- pmrfc3164sd because it was a custom module nobody used
  We used to keep this as a sample inside the tree, but whoever wants
  to look at it can check in older versions inside git.
- omoracle was removed because it was orphaned and did not build/work
  for quite some years and nobody was interested in fixing it
---------------------------------------------------------------------------
Version 8.5.0 [v8-stable] 2014-10-24
- imfile greatly refactored and support for wildcards added
- PRI-handling code refactored for more clarity and robustness
- ommail: add support for RainerScript config system [action() object]
  This finally adds support for the new config style. Also, we now permit
  to set a constant subject text without the need to create a template for
  it.
- refactored the auto-backgrounding method
  The code is now more robust and also offers possibilities for enhanced
  error reporting in the future. This is also assumed to fix some races
  where a system startup script hang due to "hanging" rsyslogd.
- make gntls tcp syslog driver emit more error messages
  Messages previously emitted only to the debug log are now emitted as
  syslog error messages. It has shown that they contain information 
  helpful to the user for troubleshooting config issues. Note that this
  change is a bit experimental, as we are not sure if there are situations
  where large amounts of error messages may be emitted.
- bugfix: imfile did not complain if configured file did not exist
  closes https://github.com/rsyslog/rsyslog/issues/137
- bugfix: build failure on systems which don't have json_tokener_errors
  Older versions of json-c need to use a different API (which don't exists
  on newer versions, unfortunately...)
  Thanks to Thomas D. for reporting this problem.
- imgssapi: log remote peer address in some error messages
  Thanks to Bodik for the patch.
---------------------------------------------------------------------------
Version 8.4.3 [v8-stable] 2014-10-??
- ommail: minor bugfixes & improvements
  * timestamps were 1 hour out when using daylight saving times when
    viewing emails in most email clients due to incorrect date format
  * X-Mailer header had a typo in it
  * To: header was duplicated once per recipient (this is permitted,
    but an address list is a better choice nowadays)
  Thanks to github user cacheus for the patches.
- bugfix imkmsg: infinite loop on OpenVZ VMs 
  Thanks to github user PaulSD for the patch
  closes https://github.com/rsyslog/rsyslog/pull/138
- bugfix: typo in queue configuration parameter made parameter unusable
  Thanks to Bojan Smojver for the patch.
- bugfix: unitialized buffer off-by-one error in hostname generation
  The DNS cache used uninitialized memory, which could lead to
  invalid hostname generation.
  Thanks to Jarrod Sayers for alerting us and provinding analysis and
  patch recommendations.
- bugfix imfile: segfault on startup in "inotify" mode
  A segfault happened when more than one file was monitored.
- bugfix imfile: could make rsyslog exit in inotify mode
- bugfix: rsgtutil sometimes crashed in verify mode if file did not exist
- bugfix imklog: pri was miscalculated
  actually, the pri was totally off the real value for PRIs > 9
- bugfix imfile:file processing in inotify mode was stalled sometimes
  closes https://github.com/rsyslog/rsyslog/issues/134
- bugfix: imjournal did not build properly
  The build succeeded, but the module did not load due to a type in
  a support function name, which kept unresolved during load.
- bugfix: mmcount did no longer build
  note that this is untested -- users of this module should file a bug if
  the new (trivial) code is broken [if there are any users, thus I did not
  invest time in testing...]
  closes https://github.com/rsyslog/rsyslog/issues/129
- bugfix imuxsock: possible segfault when SysSock.Use="off"
  Thanks to alexjfisher for reporting this issue.
  closes https://github.com/rsyslog/rsyslog/issues/140
---------------------------------------------------------------------------
Version 8.4.2 [v8-stable] 2014-10-02
- bugfix: the fix for CVE-2014-3634 did not handle all cases
  This is corrected now.
  see also: CVE-2014-3683
- fixed a build problem on some platforms
  Thanks to Olaf for the patch
- behaviour change: "msg" of messages with invalid PRI set to "rawmsg"
  When the PRI is invalid, the rest of the header cannot be valid. So
  we move all of it to MSG and do not try to parse it out. Note that
  this is not directly related to the security issue but rather done
  because it makes most sense.
---------------------------------------------------------------------------
Version 8.4.1 [v8-stable] 2014-09-30
- imudp: add for bracketing mode, which makes parsing stats easier
- permit at-sign in variable names
  closes: https://github.com/rsyslog/rsyslog/issues/110
- bugfix: fix syntax error in anon_cc_numbers.py script
  Thanks to github user anthcourtney for the patch.
  closes: https://github.com/rsyslog/rsyslog/issues/109
- bugfix: ompgsql: don't loose uncomitted data on retry
  Thanks to Jared Johnson and Axel Rau for the patch.
- bugfix: imfile: if a state file for a different file name was set,
  that different file (name) was monitored instead of the configured
  one. Now, the state file is deleted and the correct file monitored.
  closes: https://github.com/rsyslog/rsyslog/issues/103
- bugfix: omudpspoof: source port was invalid
  Thanks to Pavel Levshin for the patch
- bugfix: build failure on systems which don't have json_tokener_errors
  Older versions of json-c need to use a different API (which don't exists
  on newer versions, unfortunately...)
  Thanks to Thomas D. for reporting this problem.
- bugfix: omelasticsearch does not work with broken/changed ES 1.0+ API
  closes: https://github.com/rsyslog/rsyslog/issues/104
- bugfix: mmanon did not properly anonymize IP addresses starting with '9'
  Thanks to defa-at-so36.net for reporting this problem.
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=529
- bugfix: build problems on SuSe Linux
  Thanks Andreas Stieger for the patch
- bugfix: omelasticsearch error file did not work correctly on ES 1.0+
  due to a breaking change in the ElasticSearch API.
  see also: https://github.com/rsyslog/rsyslog/issues/104
- bugfix: potential abort when a message with PRI > 191 was processed
  if the "pri-text" property was used in active templates, this could
  be abused to a remote denial of service from permitted senders
  see also: CVE-2014-3634
---------------------------------------------------------------------------
Version 8.4.0 [v8-stable] 2014-08-18
- this is the new stable branch, which incorporates all enhancements of
  rsyslog 8.3.
---------------------------------------------------------------------------
Version 8.3.5 [v8-devel] 2014-08-05
- mmjsonparse: support selectable cookie and target containers
  This permits to put different meanings into a json formatted syslog
  message, e.g. the "traditional" cee or cim data.
- bugfix: mmjsonparse did not build with json-c < 0.10
  This was a regression introduced some time in the past in order to
  support API changes in json-c. Now we check for the version and use
  proper code.
- omprog: emit error message via syslog() if loading binary fails
  This happens after forking, so omprog has no longer access to rsyslog's
  regular error reporting functions. Previously, this meant any error
  message was lost. Now it is emitted via regular syslog (which may end up
  in a different instance, if multiple instances run...)
- couple of patches imported from v7-stable (7.6.4)
---------------------------------------------------------------------------
Version 8.3.4 [v8-devel] 2014-07-11
- new pmciscoios parser supporting various Cisco IOS formats
- RFC3164 timestamp parser now accepts timezones and subsecond resolution
  ... at least for some common formats and where we could do so without
  running risk of breaking proper formats (or introducing regressions)
- new parser config object -- permits to define custom parser definitions
- new tzinfo config object -- permits to define time zone offsets
  This is a utility object that currently is being used by some parsers.
- bugfix: mishandling of input modules not supporting new input instances
  If they did not support this, accidently the output module part of the
  module union was written, leading to unpredictable results. Note: all
  core modules do support this interface, but some contributed or very
  old ones do not.
- bugfix: double-free when ruleset() parser parameters were used
  While unlikely, this could cause stability issues even after the
  config phase.
---------------------------------------------------------------------------
Version 8.3.3 [v8-devel] 2014-06-26
- unify input object naming
  imudp now supports "name" parameter, as other inputs do. "inputname" has
  been deprecated, but can still be used. Same applies to "appendport"
  subparameter". Thanks to "Nick Syslog" for the suggestion.
- made the missing (contributed) modules build under v8 [import from 8.2.2]
  Modules:
  * mmrfc5424addhmac
  * omrabbitmq
  * omgssapi
  * omhdfs
  * omzmq3
- added a cleanup process (janitor); permits to close omfile files after a
  timeout
- make omgssapi build under v8.3 [import vom v8.2]
  note that we could do this to the stable, because there is NO regression
  chance at all: only omgssapi was changed, and this module did NOT work
  previously.
- removed obsolete --disable-fsstnd configure option
  Thanks to Thomas D. for alerting us.
  Closes: https://github.com/rsyslog/rsyslog/issues/72
---------------------------------------------------------------------------
Version 8.3.2 [v8-devel] 2014-05-02
- new template options for date extraction:
  - year
  - month
  - day
  - wday
  - hour
  - minute
  - second
  - tzoffshour
  - tzoffsmin
  - tzoffsdirection
  - wdayname
  For string templates, these are property options and they are 
  prefixed with "date-" (e.g. "date-year", "date-month", ...)
  see also: https://github.com/rsyslog/rsyslog/issues/65
- bugfix: mmexternal remove framing char before processing JSON reply
  This did not have any real bad effects, but caused unnecessary
  processing, as empty replies were not properly detected. Otherwise,
  the bug was not noticible from the user's PoV.
- bugfix: mmexternal segfault due to invalid free in non-json input mode
  closes: https://github.com/rsyslog/rsyslog/issues/70
- bugfix: mmexternal segfault when external plugin sent invalid reply
  ... or no reply at all. This happened if the reply was imporper JSON.
  Now, we emit an error message in those cases.
  see also: https://github.com/rsyslog/rsyslog/issues/69
- bugfix: mmexternal did potentially pass incomplete data to restarted
  external plugin
  This could happen if EPIPE was returned "too late", in which case the
  beginning of the data could be lost.
- bugfix: mmexternal did not properly process messages over 4KiB
  The data to be passed to the external plugin was truncated after 4KiB.
  see: https://github.com/rsyslog/rsyslog/issues/64
- imrelp: added support for per-listener ruleset and inputname
  see: https://github.com/rsyslog/rsyslog/pull/63
  Thanks to bobthesecurityguy github user for the patch
---------------------------------------------------------------------------
Version 8.3.1 [v8-devel] 2014-04-24
- external message modification interface now support modifying message PRI
- "jsonmesg" property will include uuid only if one was previously generated
  This is primarily a performance optimization. Whenever the message uuid
  is gotten, it is generated when not already present. As we used the
  regular setter, this means that always the uuid was generated, which is
  quite time-consuming. This has now been changed so that it only is
  generated if it already exists. That also matches more closly the 
  semantics, as "jsonmesg" should not make modifications to the message.
  Note that the same applies to "fulljson" passing mode for external
  plugins.
- added plugin to rewrite message facility and/or severity
  Name: fac-sever-rewrite.py
- permits to build against json-c 0.12
  Unfortunately, json-c had an ABI breakage, so this is necessary. Note
  that versions prior to 0.12 had security issues (CVE-2013-6370,
  CVE-2013-6371) and so it is desirable to link against the new version.
  Thanks to Thomas D. for the patch. Note that at least some distros
  have fixed the security issue in older versions of json-c, so this
  seems to apply mostly when building from sources.
- bugfix: using UUID property could cause segfault
- bugfix/mmexternal: memory leak
- bugfix: memory leak when using "jsonmesg" property
- bugfix: mmutf8fix did not detect two invalid sequences
  Thanks to Axel Rau for the patch.
- bugfix: build problems with lexer.l on some platforms
  For some reason, the strdup() prototype and others are missing. I admit
  that I don't know why, as this happens only in 8.3.0+ and there is no
  indication of changes to the affected files. In any case, we need to
  fix this, and the current solution works at least as an interim one.
---------------------------------------------------------------------------
Version 8.3.0 [v8-devel] 2014-04-10
- new plugin for anonymizing credit card numbers
  Thanks to Peter Slavov for providing the code.
- external message modification modules are now supported
  They are bound via the new native module "mmexternal". Also, a sample
  skeleton for an external python message modification module has been
  added.
- new $jsonmesg property with JSON representation of whole message object
  closes: https://github.com/rsyslog/rsyslog/issues/19
- improved error message for invalid field extraction in string template
  see also:
  http://kb.monitorware.com/problem-with-field-based-extraction-t12299.html
- fix build problems on Solaris
- NOTE: a json-c API that we begun to use requires the compiler to be in
  c99 mode. By default, we select it automatically. If you modify this and
  use gcc, be sure to include "-std=c99" in your compiler flags. This seems
  to be necessary only for older versions of gcc.
---------------------------------------------------------------------------
Version 8.2.3 [v8-stable] 2014-??-??
- bugfix: ommysql: handle/mem leak upon termination of worker thread
  This could become bad if the (instance) worker threads are often
  started and terminated. But it takes quite a while to show effect.
---------------------------------------------------------------------------
Version 8.2.2 [v8-stable] 2014-06-02
- made the missing (contributed) modules build under v8
  Note that we could do this to the stable, because there is NO regression
  chance at all: only the modules themselves were changed, and they did
  NOT work at all previously. Please also note that most of these modules
  did not yet receive real testing. As we don't have the necessary
  environments (easily enough available), we depend on users submitting
  error reports and helping to iron out any issues that may arise.
  Modules:
  * mmrfc5424addhmac
  * omrabbitmq
  * omgssapi
  * omhdfs
  * omzmq3
---------------------------------------------------------------------------
Version 8.2.1 [v8-stable] 2014-04-17
- permits to build against json-c 0.12
  Unfortunately, json-c had an ABI breakage, so this is necessary. Note
  that versions prior to 0.12 had security issues (CVE-2013-6370,
  CVE-2013-6371) and so it is desirable to link against the new version.
  Thanks to Thomas D. for the patch. Note that at least some distros
  have fixed the security issue in older versions of json-c, so this
  seems to apply mostly when building from sources.
- doc is no longer shipped as part of the rsyslog tarball
  Instead, the rsyslog-doc project creates its own tarball. This is the
  result of a mailing list discussion after the 8.2.0 release with a
  tarball-in-tarball approach, which was disliked by almost all distro
  maintainers. This move also has the advantage of de-coupling the
  release cycles of both projects a bit (which turned out to be a bit
  problematic in practice).
- bugfix: mmutf8fix did not detect two invalid sequences
  Thanks to Axel Rau for the patch.
---------------------------------------------------------------------------
Version 8.2.0 [v8-stable] 2014-04-02
This starts a new stable branch based on 8.1.6 plus the following changes:
- we now use doc from the rsyslog-doc project
  As such, the ./doc subtree has been removed. Instead, a cache of the
  rsyslog-doc project's files has been included in ./rsyslog-doc.tar.gz.
  Note that the exact distribution mode for the doc is still under
  discussion and may change in future releases.
  This was agreed upon on the rsyslog mailing list. For doc issues
  and corrections, be sure to work with the rsyslog-doc project. It is
  currently hosted at https://github.com/rsyslog/rsyslog-doc
- add support for specifying the liblogging-stdlog channel spec
  new global parameter "stdlog.channelspec"
- add "defaultnetstreamdrivercertfile" global variable to set a default
  for the certfile. 
  Thanks to Radu Gheorghe for the patch.
- omelasticsearch: add new "usehttps" parameter for secured connections
  Thanks to Radu Gheorghe for the patch.
- "action resumed" message now also specifies module type
  which makes troubleshooting a bit easier. Note that we cannot output all
  the config details (like destination etc) as this would require much more
  elaborate code changes, which we at least do not like to do in the
  stable version.
- add capability to override GnuTLS path in build process
  Thanks to Clayton Shotwell for the patch
- better and more consistent action naming, action queues now always 
  contain the word "queue" after the action name
- bugfix: ompipe did resume itself even when it was still in error
  See: https://github.com/rsyslog/rsyslog/issues/35
  Thanks to github user schplat for reporting
- bugfix: ompipe used invalid default template
  This is a regression from an old change (didn't track it down precisely,
  but over a year ago). It used the Forwarding template instead of
  the file template (so we have a full syslog header). This fix corrects
  it back to previous behaviour, but new scripts that used the wrong
  format may now need to have the RSYSLOG_ForwardingFormat template
  explicitely be applied.
  closes: https://github.com/rsyslog/rsyslog/issues/50
---------------------------------------------------------------------------
Version 8.1.6 [release candidate] 2014-02-20
- omfile: permit to set global defaults for action parameters
  Thanks to Nathan Brown for the patch.
  See also: https://github.com/rsyslog/rsyslog/pull/23
- add capability to escape control characters in the C way of doing it
  adds new global parameter "parser.escapeControlCharactersCStyle"
  Thanks to Nathan Brown for the patch.
  See also: https://github.com/rsyslog/rsyslog/pull/13
- parser global parameters can now be set using RainerScript global()
  Thanks to Nathan Brown for the patch.
  See also: https://github.com/rsyslog/rsyslog/pull/23
- omprog: guard program-to-be-executed against CTL-C
  This can frequently happen in debug mode, where rsyslog is terminated
  by ctl-c. In any case, SIGINT is not meant to control the child process,
  so it should be blocked.
- omprog bugfix: parameter "forceSingleInstance" is NOT mandatory
- add new jsonr property replacer option
  Thanks to Nathan Brown for the patch.
- added external plugin interface
- ommongodb: add authentication support (untested)
  Thanks to JT for the patch.
  See also: https://github.com/rsyslog/rsyslog/pull/17
- bugfix: json templates are improperly created
  Strings miss the terminating NUL character, which obviously can lead
  to all sorts of problems.
  See also: https://github.com/rsyslog/rsyslog/issues/27
  Thanks to Alain for the analysis and the patch.
- ompgsql bugfix: improper handling of auto-backgrounding mode 
  If rsyslog was set to auto-background itself (default code behaviour, but
  many distros now turn it off for good reason), ompgsql could not
  properly connect. This could even lead to a segfault. The core reason
  was that a PG session handle was kept open over a fork, something that
  is explicitely forbidden in the PG API.
  Thanks to Alain for the analysis and the patch.
- bugfix: ommongodb's template parameter was mandatory but should have
  been optional
  Thanks to Alain for the analysis and the patch.
- bugfix: end of batch processing was not 100% correct. Could lead to
  outputs not properly wirting messages. At least omelasticsearch did not
  write anything to the database due to this bug.
  See: https://github.com/rsyslog/rsyslog/issues/10
  Thanks to Radu Gheorghe for reporting the issue.
---------------------------------------------------------------------------
Version 8.1.5 [devel] 2014-01-24
- omprog: ability to execute multiple program instances per action
  It can now execute one program instance per worker thread. This is
  generally a very good thing the have performance wise. Usually, this
  should cause no problems with the invoked program. For that reason,
  we have decided to make this the default mode of operation. If not
  desired, it can be turned off via the 'forceSingleInstance="on"'
  action parameter.
  CHANGE OF BEHAVIOUR: previous versions did always execute only one
  instance per action, no matter how many workers were active. If
  your program has special needs, you need to change your configuration.
- imfile now supports inotify (but must be explicitely turned on)
- imfile no longer has a limit on number of monitored files
- added ProcessInternalMessages global system parameter
  This permits to inject rsyslog status messages into *another* main
  syslogd or the journal.
- new dependency: liblogging-stdlog (for submitting to external logger)
- bugfix: imuxsock input parameters were not accepted
  due to copy&paste error. Thanks to Andy Goldstein for the fix.
---------------------------------------------------------------------------
Version 8.1.4 [devel] 2014-01-10
- add exec_template() RainerScript function
- imrelp: support for TCP KEEPALIVE added
- bumped librelp dependency to 1.2.2 to support new KEEPALIVE feature
- Add directives for numerically specifying GIDs/UIDs
  The already present directives (FileOwner, FileGroup, DirOwner,
  DirGroup) translate names to numerical IDs, which depends on the user
  information being available during rsyslog's startup. This can fail if
  the information is obtained over a network or from a service such as
  SSSD. The new directives provide a way to specify the numerical IDs
  directly and bypass the lookup.
  Thanks to Tomas Heinrich for the patch.
- bugfix: action commitTransaction() processing did not properly handle
  suspended actions
- bugfix: omelasticsearch fail.es stats counter was improperly maitained
---------------------------------------------------------------------------
Version 8.1.3 [devel] 2013-12-06

THIS VERSION CAN BE CONSIDERED A "NORMAL" DEVEL RELEASE. It's no longer
highly experimental. This assertion is based on real-world feedback.

- changes to the strgen module interface
- new output module interface for transactional modules
- performance improvements
  * reduced number of malloc/frees due to further changes to the
    output module interface
  * reduced number of malloc/frees during string template processing
    We now re-use once allocated string template memory for as long
    as the worker thread exists. This saves us from doing new memory
    allocs (and their free counterpart) when the next message is
    processed. The drawback is that the cache always is the size of
    the so-far largest message processed. This is not considered a
    problem, as in any case a single messages' memory footprint should
    be far lower than that of a whole set of messages (especially on
    busy servers).
  * used variable qualifiers (const, __restrict__) to hopefully help
    the compiler generate somewhat faster code
- failed action detection more precisely for a number of actions
  If an action  uses string parameter passing but is non-transactional 
  it can be executed immediately, giving a quicker indicatio of
  action failure.
- bugfix: limiting queue disk space did not work properly
  * queue.maxdiskspace actually initializes queue.maxfilesize
  * total size of queue files was not checked against
    queue.maxdiskspace for disk assisted queues.
  Thanks to Karol Jurak for the patch.
---------------------------------------------------------------------------
Version 8.1.2 [experimental] 2013-11-28
- support for liblognorm1 added - results in performance improvements
  Thanks to Pavel Levshin for his work in this regard.
- support for jemalloc added via --enable-jemalloc
  Thanks to Pavel Levshin for suggesting jemalloc
  Note that build system is experimental at this stage.
- queue defaults have changed
  * high water mark is now dynamically 90% of queue size
  * low water makr is now dynamically 70% of queue size
  * queue.discardMark is now dynamically 98% of queue size
  * queue.workerThreadMinimumMessage set to queue.size / num workers
  For queues with very low queue.maxSize (< 100), "emergency" defaults
  will be used.
- bugfix: disk queues created files in wrong working directory
  if the $WorkDirectory was changed multiple times, all queues only
  used the last value set.
- bugfix: legacy directive $ActionQueueWorkerThreads was not honored
- bugfix: mmrfc5424addhmac: "key" parameter was not properly processed
---------------------------------------------------------------------------
Version 8.1.1 [experimental] 2013-11-19
- bugfix: STOP/discard(~) was mostly NOT honored
  This lead to execution of config code that was not meant to be executed.
- bugfix: memory leak on worker thread termination
- bugfix: potential segfault in omfile under heavy load
  Thanks to Pavel Levshin for alerting us.
- bugfix: mmsequence: instance mode did not work
  Thanks to Pavel Levshin for the patch
- bugfix: segfault on startup when certain script constructs are used
  e.g. "if not $msg ..."
- omhiredis: now supports v8 output module interface and works again
  Thanks to Pavel Levshin for the patch
- mmaudit: now supports v8 output module interface and work again
- bugfix: potential abort on startup in debug mode
  This depends on template type being used. The root cause was a 
  non-necessary debug output, which were at the wrong spot (leftover from
  initial testing).
  Thanks to Pavel Levshin for alerting us and providing a patch
  proposal.
---------------------------------------------------------------------------
Version 8.1.0 [experimental] 2013-11-15
- rewritten core engine for higher performance and new features
  In detail:
  * completely rewritten rule execution engine
  * completely changed output module interface
  * remodelled output module interface
  * enabled important output modules to support full concurrent
    operation
  The core engine has been considerably changed and must be considered
  experimental at this stage. Note that it does not yet include all
  features planned for v8, but is close to this goal. In theory, the
  engine should perform much better, especially on complex configurations
  and busy servers. Most importantly, actions instances can now be called
  concurrently from worker threads and many important output modules
  support multiple concurrent action instances natively.
- module omruleset is no longer enabled by default.
  Note that it has been deprecated in v7 and been replaced by the "call"
  statement. Also, it can still be build without problems, the option must
  just explicitely be given.
---------------------------------------------------------------------------
Version 7.6.8 [v7.6-stable] 2014-10-??
- bugfix: typo in queue configuration parameter made parameter unusable
  Thanks to Bojan Smojver for the patch.
- bugfix imuxsock: possible segfault when SysSock.Use="off"
  Thanks to alexjfisher for reporting this issue.
  closes https://github.com/rsyslog/rsyslog/issues/140
- bugfix: unitialized buffer off-by-one error in hostname generation
  The DNS cache used uninitialized memory, which could lead to
  invalid hostname generation.
  Thanks to Jarrod Sayers for alerting us and provinding analysis and
  patch recommendations.
- remove zpipe (a testing tool) from --enable-diagtools
  This tool is no longer maintained and currently not used inside the
  testbench. We keep it in the source tree for the time being in case that
  it may be used in the future.
- bugfix: imjournal did not build properly
  The build succeeded, but the module did not load due to a type in
  a support function name, which kept unresolved during load.
- bugfix imklog: pri was miscalculated
  actually, the pri was totally off the real value for PRIs > 9
- bugfix rsgtutil: sometimes crashed in verify mode if file did not exist
- bugfix rsgtutil: some errors/problems at end of file were not reported
  * The verification function in rsgtutil tool did not report deletion of
    whole signed blocks of lines from the end of the log file.
  * The verification function in rsgtutil tool did not report extra
    (unsigned) lines at the end of the log file. 
  Thanks to Henri Lakk for the patch.
- bugfix: error: json_tokener_errors undeclared when overriding PKGCONFIG
  If PKGCONFIG settings for json-c were overriden, presence of
  json_tokener_errors was not properly detected.
  closes: https://github.com/rsyslog/rsyslog/issues/143
  Thanks to Alex Fisher for alerting us and the patch.
---------------------------------------------------------------------------
Version 7.6.7 [v7.6-stable] 2014-10-02
- bugfix: the fix for CVE-2014-3634 did not handle all cases
  This is corrected now.
  see also: CVE-2014-3683
- fixed a build problem on some platforms
  Thanks to Olaf for the patch
- behaviour change: "msg" of messages with invalid PRI set to "rawmsg"
  When the PRI is invalid, the rest of the header cannot be valid. So
  we move all of it to MSG and do not try to parse it out. Note that
  this is not directly related to the security issue but rather done
  because it makes most sense.
---------------------------------------------------------------------------
Version 7.6.6 [v7.6-stable] 2014-09-30
- bugfix: potential abort when a message with PRI > 191 was processed
  if the "pri-text" property was used in active templates, this could
  be abused to a remote denial of service from permitted senders
  see also: CVE-2014-3634
- bugfix: potential segfault on startup on 64 bit systems
  This happened immediately on startup during config processing. Once
  rsyslog got past this stage, it could not happen.
- bugfix: build problems on SuSe Linux
  Thanks Andreas Stieger for the patch
---------------------------------------------------------------------------
Version 7.6.5 [v7.6-stable] 2014-09-17
- bugfix: in 7.6.4, pri-based filters did not work correctly
  messages were distributed to the wrong bins.
- bugfix: build problems on systems without atomic instructons
  e.g. RHEL 5; backport from v8
---------------------------------------------------------------------------
Version 7.6.4 [v7.6-stable] 2014-09-12
- add --enable-generate-man-pages configure switch (default: enabled)
  This forces generation of man pages, even if cached ones exists. This
  "fixes" a typical release tarball nit. While it is hackish, the
  benefit is clear given the history of failed tarball releases since
  we changed the cached man page handling. It was just too easy to get
  that wrong.
- removed obsolete --disable-fsstnd configure option
  Thanks to Thomas D. for alerting us.
  Closes: https://github.com/rsyslog/rsyslog/issues/72
- permits to build against json-c 0.12
  Unfortunately, json-c had an ABI breakage, so this is necessary. Note
  that versions prior to 0.12 had security issues (CVE-2013-6370,
  CVE-2013-6371) and so it is desirable to link against the new version.
  Thanks to Thomas D. for the patch. Note that at least some distros
  have fixed the security issue in older versions of json-c, so this
  seems to apply mostly when building from sources.
- new omfile default module parameters
  * filecreatemode
  * fileowner
  * fileownernum
  * filegroup
  * filegroupnum
  * dirowner
  * dirownernum
  * dirgroup
  * dirgroupnum
  Thanks to Karol Jurak for the patch.
- bugfix: memory leak in TCP TLS mode
- bugfix: imfile: if a state file for a different file name was set,
  that different file (name) was monitored instead of the configured
  one. Now, the state file is deleted and the correct file monitored.
  closes: https://github.com/rsyslog/rsyslog/issues/103
- bugfix: using UUID property could cause segfault
- bugfix: mmutf8fix did not detect two invalid sequences
  Thanks to Axel Rau for the patch.
- bugfix: file descriptor leak with Guardtime signatures
  When a .gtstate file is opened it is never closed. This is especially
  bad when dynafiles frequently get evicted from dynafile cache and be
  re-opened again.
- bugfix: busy loop in tcp listener when running out of file descriptors
  Thanks to Susant Sahani for the patch.
- bugfix: mishandling of input modules not supporting new input instances
  If they did not support this, accidently the output module part of the
  module union was written, leading to unpredictable results. Note: all
  core modules do support this interface, but some contributed or very
  old ones do not.
- bugfix: double-free when ruleset() parser parameters were used
  While unlikely, this could cause stability issues even after the
  config phase.
- bugfix: output modules with parameters with multiple passing modes
  could caused strange behaviour including aborts
  This was due to the fact that the action module only preserved and
  processed the last set passing mode. Note that this was not a problem
  for the plugins provided by the rsyslog git: none of them uses different
  passing modes.
  Thanks to Tomas Heinrich for providing a very detailled bug report.
- various fixes after coverty scan
  These do not address issues seen in practice but those seen by the tool.
  Some of them may affect practical deployments.
  Thanks to Tomas Heinrich for the patches.
- bugfix imuxsock: "Last message repeated..." was not emitted at shutdown
  The "Last message repeated..." notice didn't get printed if rsyslog was
  shut down before the repetition was broken.
  Thanks to Tomas Heinrich for the patch.
- bugfix: make dist failed when GUARDTIME or LIBGCRYPT feature was disabled
- bugfix: mmjsonparse did not build with json-c < 0.10
  This was a regression introduced some time in the past in order to
  support API changes in json-c. Now we check for the version and use
  proper code.
- bugfix: mmanon did not properly anonymize IP addresses starting with '9'
  Thanks to defa-at-so36.net for reporting this problem.
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=529
---------------------------------------------------------------------------
Version 7.6.3 [v7.6-stable] 2014-03-27
- add capability to override GnuTLS path in build process
  Thanks to Clayton Shotwell for the patch
- support for librelp 1.2.5
  Support new return states of librelp 1.2.5 to emit better error messages
  For obvious reasons, librelp 1.2.5 is now required.
- bugfix: ompipe used invalid default template
  This is a regression from an old change (didn't track it down precisely,
  but over a year ago). It used the Forwarding template instead of
  the file template (so we have a full syslog header). This fix corrects
  it back to previous behaviour, but new scripts that used the wrong
  format may now need to have the RSYSLOG_ForwardingFormat template
  explicitely be applied.
  closes: https://github.com/rsyslog/rsyslog/issues/50
- bugfix: ompipe did emit many suspension messages for /dev/xconsole
  (hopefully now) closes: https://github.com/rsyslog/rsyslog/issues/35
  When it was present, but nobody reading from it. The problem
  is the way the rsyslog v7 engine tries to resolve failures in outputs.
  It does some retries, and along those lines some state information gets
  lost and it is close to impossible to retain it. However, the actual
  root problem is that ompipe does not reliably detect if it is able to
  recover. The problem here is that it actually does not know this
  before it does an actual write. These two things together mess up the
  logic that suppresses invalid resumption/suspension messages
  (actually, the plugin switches state really that often).
  Nevertheless, the prime problem with /dev/xconsole (and probably
  most other pipes as well) is that it gets full. So I have now added
  code that checks, during resume processing, if the pipe is writable.
  If it is not, resume is deferred. That should address the case.
---------------------------------------------------------------------------
Version 7.6.2 [v7.6-stable] 2014-03-17
- support for librelp 1.2.4
  This was necessary due to the problems with librelp 1.2.3 API stability.
  We now use the new native 1.2.4 APIs to learn about the state of
  librelp's TLS support.
  For obvious reasons, librelp 1.2.4 is now required.
---------------------------------------------------------------------------
Version 7.6.1 [v7.6-stable] 2014-03-13
- added "action.reportSuspension" action parameter
  This now permits to control handling on a per-action basis rather to
  the previous "global setting only".
- "action resumed" message now also specifies module type
  which makes troubleshooting a bit easier. Note that we cannot output all
  the config details (like destination etc) as this would require much more
  elaborate code changes, which we at least do not like to do in the
  stable version.
- better and more consistent action naming, action queues now always 
  contain the word "queue" after the action name
- add support for "tls-less" librelp
  we now require librelp 1.2.3, as we need the new error code definition
  See also: https://github.com/rsyslog/librelp/issues/1
- build system improvements
  * autoconf subdir option
  * support for newer json-c packages
  Thanks to Michael Biebl for the patches.
- imjournal enhancements:
  * log entries with empty message field are no longer ignored
  * invalid facility and severity values are replaced by defaults
  * new config parameters to set default facility and severity
  Thanks to Tomas Heinrich for implementing this
- bugfix: ompipe did resume itself even when it was still in error
  See: https://github.com/rsyslog/rsyslog/issues/35
  Thanks to github user schplat for reporting
- bugfix: "action xxx suspended" did report incorrect error code
- bugfix: ommongodb's template parameter was mandatory but should have
  been optional
  Thanks to Alain for the analysis and the patch.
- bugfix: only partial doc was put into distribution tarball
  Thanks to Michael Biebl for alerting us.
  see also: https://github.com/rsyslog/rsyslog/issues/31
- bugfix: async ruleset did process already-deleted messages
  Thanks to John Novotny for the patch.
---------------------------------------------------------------------------
Version 7.6.0 [v7.6-stable] 2014-02-12
This starts a new stable branch based on 7.5.8 plus the following changes:
- bugfix: imuxsock input parameters were not accepted
  due to copy&paste error. Thanks to Andy Goldstein for the fix.
- added ProcessInternalMessages global system parameter
  This permits to inject rsyslog status messages into *another* main
  syslogd or the journal.
- new dependency: liblogging-stdlog (for submitting to external logger)
- bugfix: json templates are improperly created
  Strings miss the terminating NUL character, which obviously can lead
  to all sorts of problems.
  See also: https://github.com/rsyslog/rsyslog/issues/27
  Thanks to Alain for the analysis and the patch.
- ompgsql bugfix: improper handling of auto-backgrounding mode 
  If rsyslog was set to auto-background itself (default code behaviour, but
  many distros now turn it off for good reason), ompgsql could not
  properly connect. This could even lead to a segfault. The core reason
  was that a PG session handle was kept open over a fork, something that
  is explicitely forbidden in the PG API.
  Thanks to Alain for the analysis and the patch.
---------------------------------------------------------------------------
Version 7.5.8 [v7-release candidate] 2014-01-09
- add exec_template() RainerScript function
- add debug.onShutdown and debug.logFile global parameters
  These enebale the new "debug on shutdown" mode, which can be used to
  track hard to find problems that occur during system shutdown.
- Add directives for numerically specifying GIDs/UIDs
  The already present directives (FileOwner, FileGroup, DirOwner,
  DirGroup) translate names to numerical IDs, which depends on the user
  information being available during rsyslog's startup. This can fail if
  the information is obtained over a network or from a service such as
  SSSD. The new directives provide a way to specify the numerical IDs
  directly and bypass the lookup.
  Thanks to Tomas Heinrich for the patch.
- actions now report if they suspend and resume themselves
  this is by default on and controllable by the action.reportSuspension
  global parameter
- bugfix: omelasticsearch fail.es stats counter was improperly maintained
- bugfix: mmrfc5424addhmac: "key" parameter was not properly processed
- add new impstats action counters:
  * suspended
  * suspended.duration
  * resumed
---------------------------------------------------------------------------
Version 7.5.7 [v7-devel] 2013-11-25
- queue defaults have changed
  * high water mark is now dynamically 90% of queue size
  * low water makr is now dynamically 70% of queue size
  * queue.discardMark is now dynamically 98% of queue size
  * queue.workerThreadMinimumMessage set to queue.size / num workers
  For queues with very low queue.maxSize (< 100), "emergency" defaults
  will be used.
- worker thread pool handling has been improved
  Among others, permits pool to actually shrink (was quite hard with
  previous implementation. This will also improve performance and/or
  lower system overhead on busy systems.
  Thanks to Pavel Levshin for the enhancement.
- bugfix: mmpstrucdata generated inaccessible properties
- bugfix: RainerScript optimizer did not optimize PRI filters
  things like "if $syslogfacility-text == "local3"" were not converted
  to PRIFILT. This was a regression introduced in 7.5.6.
- bugfix: legacy directive $ActionQueueWorkerThreads was not honored
- bugfix: segfault on startup when certain script constructs are used
  e.g. "if not $msg ..."
- bugfix: ommysql lost configfile/section parameters after first close
  This means that when a connection was broken, it was probably
  re-instantiated with different parameters than configured.
- bugfix: regression in template processing with subtrees in templates
  Thanks to Pavel Levshin for the fix
- bugfix: regular worker threads are not properly (re)started if DA
  mode is active.
  This occurs only under rare conditions, but definitely is a bug that
  needed to be addressed. It probably is present since version 4.
  Note that this patch has not been applied to v7.4-stable, as it
  is very unlikely to happen and the fix itself has some regression
  potential (the fix looks very solid, but it addresses a core component).
  Thanks to Pavel Levshin for the fix
- now emit warning message if om with msg passing mode uses action queue
  These can modify the message, and this causes races.
- bugfix: $SystemLogUseSysTimeStamp/$SystemLogUsePIDFromSystem did not work
  Thanks to Tomas Heinrich for the patch.
---------------------------------------------------------------------------
Version 7.5.6 [devel] 2013-10-29
- impstats: add capability to bind to a ruleset
- improved performance of RainerScript variable access
  by refactoring the whole body of variable handling code. This also
  solves some of the anomalies experienced in some versions of rsyslog.
  All variable types are now handled in unified code, including
  access via templates.
- RainerScript: make use of 64 bit for numbers where available
  Thanks to Pavel Levshin for enhancement.
- slight performance optimization if GCC is used
  We give branch prediction hints for the frequent RETiRet macro which is
  used for error handling. Some slight performance gain is to be expected
  from that.
- removed global variable support
  The original idea was not well thought out and global variables, as
  implemented, worked far different from what anybody would expect. As
  such, we consider the current approach as an experiment that did not
  work out and opt to removing it, clearing the way for a better future
  solution. Note: global vars were introduced in 7.5.3 on Sept, 11th 2013.
- new module mmsequence, primarily used for action load balancing
  Thanks to Pavel Levshin for contributing this module.
- bugfix: unset statement always worked on message var, even if local
  var was given
- imudp: support for binding to ruleset added
- bugfix: segfault if variable was assigned to non-container subtree
  Thanks to Pavel Levshin for the fix
- bugfix: imuxsock did not suport addtl sockets if syssock was disabled
  Thanks to Pavel Levshin for the fix
- bugfix: running imupd on multiple threads lead to segfault if recvmmsg
  is available
- bugfix: imudp when using recvmmsg could report wrong sender IP
- bugfix: segfault if re_extract() function was used and no match found
- bugfix: omelasticsearch did not compile on platforms without atomic
  instructions
- bugfix: potential misadressing on startup if property-filter was used
  This could happen if the property name was longer than 127 chars, a case
  that would not happen in practice.
- bugfix: invalid property filter was not properly disabled in ruleset
  Note: the cosmetic memory leak introduced with that patch in 7.4.5 is
  now also fixed.
- imported bugfixes from 7.4.6 stable release
---------------------------------------------------------------------------
Version 7.5.5 [devel] 2013-10-16
- imfile: permit to monitor an unlimited number of files
- imptcp: add "defaultTZ" input parameter
- imudp: support for multiple receiver threads added
- imudp: add "dfltTZ" input config parameter
- bugfix: memory leak in mmnormalize
- bugfix: mmutf8fix did not properly handle invalid UTF-8 at END of message
  if the very last character sequence was too long, this was not detected
  Thanks to Risto Vaarandi for reporting this problem.
- mmanon: removed the check for specific "terminator characters" after 
  last octet. As it turned out, this didn't work in practice as there
  was an enormous set of potential terminator chars -- so removing
  them was the best thing to do. Note that this may change behaviour of
  existing installations. Yet, we still consider this an important
  bugfix, that should be applied to the stable branch.
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=477
  Thanks to Muri Cicanor for initiating the discussion
- now requires libestr 0.1.7 as early versions had a nasty bug in
  string comparisons
- bugfix: mmanon did not detect all IP addresses in rewrite mode
  The problem occured if two IPs were close to each other and the first one
  was shrunk.
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=485
  Thanks to micah-at-riseup.net for reporting this bug
- bugfix: mmanon sometimes used invalid replacement char in simple mode
  depending on configuration sequence, the replacement character was set
  to 's' instead of the correct value. Most importantly, it was set to
  's' if simple mode was selected and no replacement char set.
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=484
  Thanks to micah-at-riseup.net for reporting this bug
- bugfix: memory leak in mmnormalize
- bugfix: array-based ==/!= comparisions lead to invalid results
  This was a regression introduced in 7.3.5 bei the PRI optimizer
---------------------------------------------------------------------------
Version 7.5.4 [devel] 2013-10-07
- mmpstrucdata: new module to parse RFC5424 structured data into json
  message properties
- change main/ruleset queue defaults to be more enterprise-like
  new defaults are queue.size 100,000 max workers 2, worker
  activation after 40,000 msgs are queued, batch size 256. These settings
  are much more useful for enterprises and will not hurt low-end systems
  that much. This is part of our re-focus on enterprise needs.
- omfwd: new action parameter "maxErrorMessages" added
- omfile: new module parameters to set action defaults added
  * dirCreateMode
  * fileCreateMode
- mmutf8fix: new module to fix invalid UTF-8 sequences
- imuxsock: handle unlimited number of additional listen sockets
- doc: improve usability by linking to relevant web ressources
  The idea is to enable users to quickly find additional information,
  samples, HOWTOs and the like on the main site.
  At the same time, (very) slightly remove memory footprint when
  few listeners are monitored.
- bugfix: omfwd parameter streamdrivermmode was not properly handled
  it was always overwritten by whatever value was set via the 
  legacy directive $ActionSendStreamDriverMode
- imtcp: add streamdriver.name module parameter
  permits overriding the system default stream driver (gtls, ptcp)
- bugfix: build system: libgcrypt.h needed even if libgrcypt was disabled
  Thanks to Jonny Törnbom for reporting this problem
- imported bugfixes from 7.4.4
---------------------------------------------------------------------------
Version 7.5.3 [devel] 2013-09-11
- imfile: support for escaping LF characters added
  embedded LF in syslog messages cause a lot of trouble. imfile now has
  the capability to escape them to "#012" (just like the regular control
  character escape option). This requires new-style input statements to be
  used. If legacy configuration statements are used, LF escaping is always
  turned off to preserve compatibility.
  NOTE: if input() statements were already used, there is a CHANGE OF
        BEHAVIOUR: starting with this version, escaping is enabled by
	default. So if you do not want it, you need to add
	escapeLF="off"
	to the input statement. Given the trouble LFs cause and the fact
	that the majority of installations still use legacy config, we
	considered this behaviour change acceptable and useful.
  see also: http://blog.gerhards.net/2013/09/imfile-multi-line-messages.html
- add support for global and local variables
- bugfix: queue file size was not correctly processed
  this could lead to using one queue file per message for sizes >2GiB
  Thanks to Tomas Heinrich for the patch.
- add main_queue() configuration object to configure main message queue
- bugfix: stream compression in imptcp caused timestamp to be corrupted
- imudp: add ability to specify SO_RCVBUF size (rcvbufSize parameter)
- imudp: use inputname for statistics, if configured
- impstats: add process resource usage counters [via getrusage()]
- impstats: add parameter "resetCounters" to report delta values
  possible for most, but not all, counters. See doc for details.
- librelp 1.2.0 is now required
- make use of new librelp generic error reporting facility
  This leads to more error messages being passed to the user and
  thus simplified troubleshooting.
- bugfix: very small memory leak in imrelp
  more or less cosmetic, a single memory block was not freed, but this
  only happens immediately before termination (when the OS automatically
  frees all memory). Still an annoyance e.g. in valgrind.
- fix compile problem in debug build
- imported fixes from 7.4.4
---------------------------------------------------------------------------
Version 7.5.2 [devel] 2013-07-04
- librelp 1.1.4 is now required
  We use API extensions for better error reporting and higher performance.
- omrelp: use transactional mode to make imrelp emit bulk sends
- omrelp: add "windowSize" parameter to set custom RELP window size
- bugfix: double-free in omelasticsearch
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=461
  a security advisory for this bug is available at:
     http://www.lsexperts.de/advisories/lse-2013-07-03.txt
  CVE: CVE-2013-4758 
  PLEASE NOTE: This issue only existed if omelasticsearch was used
  in a non-default configuration, where the "errorfile" parameter
  was specified. Without that parameter set, the bug could not
  be triggered.
  Thanks to Markus Vervier and Marius Ionescu for providing a detailled
  bug report. Special thanks to Markus for coordinating his security
  advisory with us.
- doc: fixed various typos
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=391
  Thanks to Georgi Georgiev for the patch.
---------------------------------------------------------------------------
Version 7.5.1 [devel] 2013-06-26
- librelp 1.1.3 is required - older versions can lead to a segfault
- add mmfields, which among others supports easy parsing of CEF messages
- omrelp:
  * new parameter "compression.prioritystring" to control encryption
    parameters used by GnuTLS
- imrelp:
  * new parameter "compression.dhbits" to control the number of
    bits being used for Diffie-Hellman key generation
  * new parameter "compression.prioritystring" to control encryption
    parameters used by GnuTLS
  * support for impstats added
  * support for setting permitted peers (client authentication) added
  * bugfix: potential segfault at startup on invalid config parameters
- imjournal: imported patches from 7.4.1
- omprog: add support for command line parameters
- added experimental TCP stream compression (imptcp only, currently)
- added BSD-specific syslog facilities
  * "console"
  * "bsd_security" - this is called "security" under BSD, but that name
    was unfortunately already taken by some standard facility. So I 
    did the (hopefully) second-best thing and renamed it a little.
- imported fixes from 7.4.2 (especially build problems on FreeBSD)
- bugfix: imptcp did not properly initialize compression status variable
  could lead to segfault if stream:always compression mode was selected
---------------------------------------------------------------------------
Version 7.5.0 [devel] 2013-06-11
- imrelp: implement "ruleset" module parameter
- imrelp/omrelp: add TLS & compression (zip) support
- omrelp: add "rebindInterval" parameter
- add -S command line option to specify IP address to use for RELP client
  connections
  Thanks to Axel Rau for the patch.
---------------------------------------------------------------------------
Version 7.4.11  [v7.4-stable] *never released*
- imjournal enhancements:
  * log entries with empty message field are no longer ignored
  * invalid facility and severity values are replaced by defaults
  * new config parameters to set default facility and severity
  Thanks to Tomas Heinrich for implementing this
---------------------------------------------------------------------------
Version 7.4.10  [v7.4-stable] 2014-02-12
- bugfix: json templates are improperly created
  Strings miss the terminating NUL character, which obviously can lead
  to all sorts of problems.
  See also: https://github.com/rsyslog/rsyslog/issues/27
  Thanks to Alain for the analysis and the patch.
- ompgsql bugfix: improper handling of auto-backgrounding mode 
  If rsyslog was set to auto-background itself (default code behaviour, but
  many distros now turn it off for good reason), ompgsql could not
  properly connect. This could even lead to a segfault. The core reason
  was that a PG session handle was kept open over a fork, something that
  is explicitely forbidden in the PG API.
  Thanks to Alain for the analysis and the patch.
---------------------------------------------------------------------------
Version 7.4.9  [v7.4-stable] 2014-01-22
- added ProcessInternalMessages global system parameter
  This permits to inject rsyslog status messages into *another* main
  syslogd or the journal.
- new dependency: liblogging-stdlog (for submitting to external logger)
- bugfix: imuxsock input parameters were not accepted
  due to copy&paste error. Thanks to Andy Goldstein for the fix.
- bugfix: potential double-free in RainerScript equal comparison
  happens if the left-hand operand is JSON object and the right-hand
  operand is a non-string that does not convert to a number (for
  example, it can be another JSON object, probably the only case that
  could happen in practice). This is very unlikely to be triggered.
- bugfix: some RainerScript Json(Variable)/string comparisons were wrong
---------------------------------------------------------------------------
Version 7.4.8  [v7.4-stable] 2014-01-08
- rsgtutil provides better error messages on unfinished signature blocks
- bugfix: guard against control characters in internal (error) messages
  Thanks to Ahto Truu for alerting us.
- bugfix: immark did emit messages under kern.=info instead of syslog.=info
  Note that his can potentially break exisiting configurations that
  rely on immark sending as kern.=info. Unfortunately, we cannot leave
  this unfixed as we never should emit messages under the kern facility.
---------------------------------------------------------------------------
Version 7.4.7  [v7.4-stable] 2013-12-10
- bugfix: limiting queue disk space did not work properly
  * queue.maxdiskspace actually initializes queue.maxfilesize
  * total size of queue files was not checked against
    queue.maxdiskspace for disk assisted queues.
  Thanks to Karol Jurak for the patch.
- bugfix: linux kernel-like ratelimiter did not work properly with all
  inputs (for example, it did not work with imdup). The reason was that
  the PRI value was used, but that needed parsing of the message, which
  was done too late.
- bugfix: disk queues created files in wrong working directory
  if the $WorkDirectory was changed multiple times, all queues only
  used the last value set.
- bugfix: legacy directive $ActionQueueWorkerThreads was not honored
- bugfix: segfault on startup when certain script constructs are used
  e.g. "if not $msg ..."
- bugfix: imuxsock: UseSysTimeStamp config parameter did not work correctly
  Thanks to Tomas Heinrich for alerting us and provinding a solution
  suggestion.
- bugfix: $SystemLogUseSysTimeStamp/$SystemLogUsePIDFromSystem did not work
  Thanks to Tomas Heinrich for the patch.
- improved checking of queue config parameters on startup
- bugfix: call to ruleset with async queue did not use the queue
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=443
- bugfix: if imtcp is loaded and no listeners are configured (which is
  uncommon), rsyslog crashes during shutdown.
---------------------------------------------------------------------------
Version 7.4.6  [v7.4-stable] 2013-10-31
- bugfix: potential abort during HUP
  This could happen when one of imklog, imzmq3, imkmsg, impstats,
  imjournal, or imuxsock were under heavy load during a HUP.
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=489
  Thanks to Guy Rozendorn for reporting the problem and Peval Levhshin for
  his analysis.
- bugfix: imtcp flowControl parameter incorrectly defaulted to "off"
  This could cause message loss on systems under heavy load and was
  a change-of-behaviour to previous version. This is a regression
  most probably introduced in 5.9.0 (but did not try hard to find the
  exact point of its introduction).
- now requires libestr 0.1.9 as earlier versions lead to problems with
  number handling in RainerScript
- bugfix: memory leak in strlen() RainerScript function
  Thanks to Gregoire Seux for reportig this bug.
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=486
- bugfix: buffer overrun if re_extract function was called for submatch 50
  Thanks to Pavel Levshin for reporting the problem and its location.
- bugfix: memleak in re_extract() function
  Thanks to Pavel Levshin for reporting this problem.
- bugfix: potential abort in RainerScript optimizer
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=488
  Thanks to Thomas Doll for reporting the problem and Pavel Levshin for
  fixing it.
- bugfix: memory leak in omhiredis
  Thanks to Pavel Levshin for the fix
- bugfix: segfault if variable was assigned to non-container subtree
  Thanks to Pavel Levshin for the fix
---------------------------------------------------------------------------
Version 7.4.5  [v7.4-stable] 2013-10-22
- mmanon: removed the check for specific "terminator characters" after 
  last octet. As it turned out, this didn't work in practice as there
  was an enormous set of potential terminator chars -- so removing
  them was the best thing to do. Note that this may change behaviour of
  existing installations. Yet, we still consider this an important
  bugfix, that should be applied to the stable branch.
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=477
  Thanks to Muri Cicanor for initiating the discussion
- now requires libestr 0.1.8 as early versions had a nasty bug in
  string comparisons
- omelasticsearch: add failed.httprequests stats counter
- bugfix: invalid property filter was not properly disabled in ruleset
  Note that this bugfix introduces a very slight memory leak, which is
  cosmetic, as it just holds data until termination that is no longer
  needed. It is just the part of the config that was invalid. We will
  "fix" this "issue" in the devel version first, as the fix is a bit
  too intrusive to do without hard need in the stable version.
- bugfix: segfault if re_extract() function was used and no match found
- bugfix: potential misadressing on startup if property-filter was used
  This could happen if the property name was longer than 127 chars, a case
  that would not happen in practice.
- bugfix: omelasticsearch: correct failed.http stats counter
- bugfix: omelasticsearch: did not correctly initialize stats counters
- bugfix: omelasticsearch: failed.es counter was only maintained in bulk mode
  This usually did not lead to any problems, because they are in static
  memory, which is initialized to zero by the OS when the plugin is
  loaded. But it may cause problems especially on systems that do not
  support atomic instructions - in this case the associated mutexes also
  did not get properly initialized.
- bugfix: mmanon did not detect all IP addresses in rewrite mode
  The problem occured if two IPs were close to each other and the first one
  was shrunk.
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=485
  Thanks to micah-at-riseup.net for reporting this bug
- bugfix: mmanon sometimes used invalid replacement char in simple mode
  depending on configuration sequence, the replacement character was set
  to 's' instead of the correct value. Most importantly, it was set to
  's' if simple mode was selected and no replacement char set.
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=484
  Thanks to micah-at-riseup.net for reporting this bug
- bugfix: memory leak in mmnormalize
- bugfix: array-based ==/!= comparisions lead to invalid results
  This was a regression introduced in 7.3.5 bei the PRI optimizer
- bugfix: omprog blocked signals to executed programs
  The made it impossible to send signals to programs executed via
  omprog.
  Thanks to Risto Vaarandi for the analysis and a patch.
- bugfix: doc: imuxsock legacy param $SystemLogSocketParseTrusted was
  misspelled
  Thanks to David Lang for alerting us
- bugfix: imfile "facility" input parameter improperly handled
  caused facility not to be set, and severity to be overwritten with
  the facility value.
  Thanks to forum user dmunny for reporting this bug.
- bugfix: small memory leak in imfile when $ResetConfigVariables was used
  Thanks to Grégory Nuyttens for reporting this bug and providig a fix
- bugfix: segfault on startup if TLS was used but no CA cert set
- bugfix: segfault on startup if TCP TLS was used but no cert or key set
- bugfix: some more build problems with newer json-c versions
  Thanks to Michael Biebl for mentioning the problem.
- bugfix: build system: libgcrypt.h needed even if libgrcypt was disabled
  Thanks to Jonny Törnbom for reporting this problem
---------------------------------------------------------------------------
Version 7.4.4  [v7.4-stable] 2013-09-03
- better error messages in GuardTime signature provider
  Thanks to Ahto Truu for providing the patch.
- make rsyslog use the new json-c pkgconfig file if available
  Thanks to the Gentoo team for the patches.
- bugfix: imfile parameter "persistStateInterval" was unusable
  due to a case typo in imfile; work-around was to use legacy config
  Thanks to Brandon Murphy for reporting this bug.
- bugfix: TLV16 flag encoding error in signature files from GT provider
  This fixes a problem where the TLV16 flag was improperly encoded.
  Unfortunately, existing files already have the bug and may not properly
  be processed. The fix uses constants from the GuardTime API lib to
  prevent such problems in the future.
  Thanks to Ahto Truu for providing the patch.
- bugfix: slightly malformed SMTP handling in ommail
- bugfix: segfault in omprog if no template was provided (now dflt is used)
- bugfix: segfault in ompipe if no template was provided (now dflt is used)
- bugfix: segfault in omsnmp if no template was provided (now dflt is used)
- bugfix: some omsnmp optional config params were flagged as mandatory
- bugfix: segfault in omelasticsearch when resuming queued messages
  after restarting Elasticsearch
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=464
- bugfix: imtcp addtlframedelimiter could not be set to zero
  Thanks to Chris Norton for alerting us.
- doc bugfix: remove no-longer existing omtemplate from developer doc
  was specifically mentioned as a sample for creating new plugins
  Thanks to Yannick Brosseau for alerting us of this problem.
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=473
---------------------------------------------------------------------------
Version 7.4.3  [v7.4-stable] 2013-07-18
- bugfix: queue file size was not correctly processed
  this could lead to using one queue file per message for sizes >2GiB
  Thanks to Tomas Heinrich for the patch.
- bugfix: $QHOUR/$HHOUR were always "00" or "01"
  regression some time between v5 and here
  Thanks to forum user rjmcinty for reporting this bug
- bugfix: testbench tool chkseq did improperly report invalid file
  This happened when permitted duplicate values existed in the very
  last lines, right before end-of-file.
  Thanks to Radu Gheorghe for reporting this bug.
---------------------------------------------------------------------------
Version 7.4.3  [v7.4-stable] 2013-07-18
- bugfix: memory leak if disk queues were used and json data present
- bugfix: CEE/json data was lost during disk queue operation
- bugfix: potential segfault during startup on invalid config
  could happen if invalid actions were present, which could lead
  to improper handling in optimizer.
- bugfix: 100% CPU utilization when DA queue became full
- bugfix: omlibdbi did not properly close connection on some errors
  This happened to errors occuring in Begin/End Transaction entry
  points.
- cosmetic bugfix: file name buffer was not freed on disk queue destruction
  This was an extremely small one-time per run memleak, so nothing of
  concern. However, it bugs under valgrind and similar memory debuggers.
- fix build on FreeBSD
  Thanks to Christiano Rolim for the patch
---------------------------------------------------------------------------
Version 7.4.2  [v7.4-stable] 2013-07-04
- bugfix: in RFC5425 TLS, multiple wildcards in auth could cause segfault
- bugfix: RainerScript object required parameters were not properly
  checked - this clould result to segfaults on startup if parameters
  were missing.
- bugfix: double-free in omelasticsearch
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=461
  a security advisory for this bug is available at:
     http://www.lsexperts.de/advisories/lse-2013-07-03.txt
  CVE: CVE-2013-4758 
  PLEASE NOTE: This issue only existed if omelasticsearch was used
  in a non-default configuration, where the "errorfile" parameter
  was specified. Without that parameter set, the bug could not
  be triggered.
  Thanks to Markus Vervier and Marius Ionescu for providing a detailled
  bug report. Special thanks to Markus for coordinating his security
  advisory with us.
- bugfix: omrelp potential segfault at startup on invalid config parameters
- bugfix: small memory leak when $uptime property was used
- bugfix: potential segfault on rsyslog termination in imudp
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=456
- bugfix: lmsig_gt abort on invalid configuration parameters
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=448
  Thanks to Risto Laanoja for the patch.
- imtcp: fix typo in "listner" parameter, which is "listener"
  Currently, both names are accepted.
- solved build problems on FreeBSD
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=457
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=458
  Thanks to Christiano for reproting and suggesting patches
- solved build problems on CENTOS5
---------------------------------------------------------------------------
Version 7.4.1  [v7.4-stable] 2013-06-17
- imjournal: add ratelimiting capability
  The original imjournal code did not support ratelimiting at all. We
  now have our own ratelimiter. This can mitigate against journal
  database corruption, when the journal re-sends old data. This is a
  current bug in systemd journal, but we won't outrule this to happen
  in the future again. So it is better to have a safeguard in place.
  By default, we permit 20,000 messages witin 10 minutes. This may
  be a bit restrictive, but given the risk potential it seems reasonable.
  Users requiring larger traffic flows can always adjust the value.
- bugfix: potential loop in rate limiting
  if the message that tells about rate-limiting gets rate-limited itself,
  it will potentially create and endless loop
- bugfix: potential segfault in imjournal if journal DB is corrupted
- bugfix: prevent a segfault in imjournal if state file is not defined
- bugfix imzmq3: potential segfault on startup
  if no problem happend at startup, everything went fine
  Thanks to Hongfei Cheng and Brian Knox for the patch
---------------------------------------------------------------------------
Version 7.4.0  [v7.4-stable] 2013-06-06
This starts a new stable branch based on 7.3.15 plus the following changes:
- add --enable-cached-man-pages ./configure option
  permits to build rsyslog on a system where rst2man is not installed. In
  that case, cached versions of the man pages are used (they were built
  during "make dist", so they should be current for the version in
  question.
- doc bugfix: ReadMode wrong in imfile doc, two values were swapped
  Thanks to jokajak@gmail.com for mentioning this
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=450
- imjournal: no longer do periodic wakeup
- bugfix: potential hang *in debug mode* on rsyslogd termination
  This ONLY affected rsyslogd if it were running with debug output
  enabled.
- bugfix: $template statement with multiple spaces lead to invalid tpl name
  If multiple spaces were used in front of the template name, all but one
  of them became actually part of the template name. So
  $template   a,"..." would be name "  a", and as such "a" was not
  available, e.g. in 
  *.* /var/log/file;a
  This is a legacy config problem. As it was unreported for many years,
  no backport of the fix to old versions will happen.
  This is a long-standing bug that was only recently reported by forum
  user mc-sim.
  Reference: http://kb.monitorware.com/post23448.html
- 0mq fixes; credits to Hongfei Cheng and Brian Knox
---------------------------------------------------------------------------
Version 7.3.15  [beta] 2013-05-15
- bugfix: problem in build system (especially when cross-compiling)
  Thanks to Tomas Heinrich and winfried_mb2@xmsnet.nl for the patch.
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=445
- bugfix: imjournal had problem with systemd journal API change
- imjournal: now obtain and include PID
- bugfix: .logsig files had tlv16 indicator bit at wrong offset
- bugfix: omrelp legacy config parameters set a timeout of zero
  which lead the legacy config to be unusable.
- bugfix: segfault on startup if a disk queue was configure without file
  name
  Now this triggers an error message and the queue is changed to
  linkedList type.
- bugfix: invalid addressing in string class (recent regression)
---------------------------------------------------------------------------
Version 7.3.14  [beta] 2013-05-06
- bugfix: some man pages were not properly installed
  either rscryutil or rsgtutil man was installed, but not both
  Thanks to Marius Tomaschewski for the patch.
- bugfix: potential segfault on startup when builtin module was specified
  in module() statement.
  Thanks to Marius Tomaschewski for reporting the bug.
- bugfix: segfault due to invalid dynafile cache handling
  Accidently, the old-style cache size parameter was used when the
  dynafile cache was created in a RainerScript action. If the old-style
  size was lower than the one actually set, this lead to misadressing
  when the size was overrun, and that could lead to all kinds of
  "interesting things", often in segfaults.
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=440
---------------------------------------------------------------------------
Version 7.3.13  [beta] 2013-04-29
- added omrabbitmq module (contributed, untested)
  Note: this is unsupported and as such was moved immediately into the
  beta version.
  Thanks to Vaclav Tomec for providing this module.
- bugfix: build problem when --enable-encryption was not selected
  Thanks to Michael Biebl for fixing this.
- doc bugfix: omfile parameter "VeryRobustZip" was documentas as
  "VeryReliableZip"
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=437
  Thanks to Thomas Doll for reporting this.
---------------------------------------------------------------------------
Version 7.3.12  [devel] 2013-04-25
- added doc for omelasticsearch
  Thanks to Radu Gheorghe for the doc contribution.
- omelasticsearch: _id field support for bulk operations
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=392
  Thanks to Jérôme Renard for the idea and patches.
- max number of templates for plugin use has been increased to five
- platform compatibility enhancement: solve compile issue with libgcrypt
  do not use GCRY_CIPHER_MODE_AESWRAP where not available
- fix compile on Solaris
  Thanks to Martin Carpenter for the patch.
- bugfix: off-by-one error in handling local FQDN name (regression)
  A remporary buffer was allocated one byte too small. Did only
  affect startup, not actual operations. Came up during routine tests,
  and can have no effect once the engine runs. Bug was introduced in
  7.3.11.
- bugfix: build problems on Solaris
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=436
- bugfix: block size limit was not properly honored
- bugfix: potential segfault in guardtime signature provider
  it could segfault if an error was reported by the GuardTime API, because
  an invalid free could happen then
---------------------------------------------------------------------------
Version 7.3.11  [devel] 2013-04-23
- added support for encrypting log files
- omhiredis: added support for redis pipeline support
  Thanks to Brian Knox for the patch.
- bugfix:  $PreserveFQDN is not properly working
  Thanks to Louis Bouchard for the patch
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=426
- bugfix: imuxsock aborted due to problem in ratelimiting code
  Thanks to Tomas Heinrich for the patch.
- bugfix: imuxsock aborted under some conditions
  regression from ratelimiting enhancements - this was a different one
  to the one Tomas Heinrich patched.
- bugfix: timestamp problems in imkmsg
---------------------------------------------------------------------------
Version 7.3.10  [devel] 2013-04-10
- added RainerScript re_extract() function
- omrelp: added support for RainerScript-based configuration
- omrelp: added ability to specify session timeout
- templates now permit substring extraction relative to end-of-string
- bugfix: failover/action suspend did not work correctly
  This was experienced if the retry action took more than one second
  to complete. For suspending, a cached timestamp was used, and if the
  retry took longer, that timestamp was already in the past. As a 
  result, the action never was kept in suspended state, and as such
  no failover happened. The suspend functionalit now does no longer use
  the cached timestamp (should not have any performance implication, as
  action suspend occurs very infrequently).
- bugfix: gnutls RFC5425 driver had some undersized buffers
  Thanks to Tomas Heinrich for the patch.
- bugfix: nested if/prifilt conditions did not work properly
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=415
- bugfix: imuxsock aborted under some conditions
  regression from ratelimiting enhancements
- bugfix: build problems on Solaris
  Thanks to Martin Carpenter for the patches.
---------------------------------------------------------------------------
Version 7.3.9  [devel] 2013-03-27
- support for signing logs added
- imudp: now supports user-selectable inputname
- omlibdbi: now supports transaction interface
  if recent enough lbdbi is present
- imuxsock: add ability to NOT create/delete sockets during startup and
  shutdown
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=259
- imfile: errors persisting state file are now reported
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=292
- imfile: now detects file change when rsyslog was inactive
  Previosly, this case could not be detected, so if a file was overwritten
  or rotated away while rsyslog was stopped, some data was missing. This
  is now detected and the new file being forwarded right from the
  beginning.
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=228
- updated systemd files to match current systemd source
- bugfix: imudp scheduling parameters did affect main thread, not imudp
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=409
- bugfix: build problem on platforms without GLOB_NOMAGIC
- bugfix: build problems on non-Linux platforms
- bugfix: stdout/stderr were not closed on forking
  but were closed when running in the forground - this was just reversed
  of what it should be. This is a regression of a recent change.
---------------------------------------------------------------------------
Version 7.3.8  [devel] 2013-03-18
- imrelp: now supports listening to IPv4/v6 only instead of always both
  build now requires librelp 1.0.2
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=378
- bugfix: mmanon did not build on some platforms (e.g. Ubuntu)
- bugfix: segfault in expression optimizer
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=423
- bugfix: imuxsock was missing SysSock.ParseTrusted module parameter
  To use that functionality, legacy rsyslog.conf syntax had to be used.
  Also, the doc was missing information on the "ParseTrusted" set of
  config directives.
- bugfix: include files got included in the wrong order
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=411
  This happens if an $IncludeConfig directive was done on multiple
  files (e.g. the distro default of $IncludeConfig /etc/rsyslog.d/*.conf).
  In that case, the order of include file processing is reversed, which
  could lead to all sorts of problems.
  Thanks to Nathan Stratton Treadway for his great analysis of the problem,
  which made bug fixing really easy.
---------------------------------------------------------------------------
Version 7.3.7  [devel] 2013-03-12
- add support for anonymizing IPv4 addresses
- add support for writing to the Linux Journal (omjournal)
- imuxsock: add capability to ignore messages from ourselfes
  This helps prevent message routing loops, and is vital to have
  if omjournal is used together with traditional syslog.
- field() function now supports a string as field delimiter
- added ability to configure debug system via rsyslog.conf
- bugfix: imuxsock segfault when system log socket was used
- bugfix: mmjsonparse segfault if new-style config was used
- bugfix: script == comparison did not work properly on JSON objects
- bugfix: field() function did never return "***FIELD NOT FOUND***"
  instead it returned "***ERROR in field() FUNCTION***" in that case
---------------------------------------------------------------------------
Version 7.3.6  [devel] 2013-01-28
- greatly improved speed of large-array  [N]EQ RainerScript comparisons
  Thanks to David Lang for a related discussion that inspired the idea
  to do this with a much simpler (yet sufficient) approach than orignally
  planned for.
- greatly improved speed of DNS cache for large cache sizes
- general performance improvements
- omfile: added stats counters for dynafile caches
- omfile: improved async writing, finally enabled full async write
  also fixed a couple of smaller issues along that way
- impstats: added ability to write stats records to local file
  and avoid going through the syslog log stream. syslog logging can now
  also be turned off (see doc for details).
- bugfix: imklog issued wrong facility in error messages
  ...what could lead to problems in other parts of the code
- fix compile problem in imklog
- added capability to output thread-id-to-function debug info
  This is a useful debug aid, but nothing of concern for regular users.
---------------------------------------------------------------------------
Version 7.3.5  [devel] 2012-12-19
- ommysql: addded batching/transaction support
- enhanced script optimizer to optimize common PRI-based comparisons
  These constructs are especially used in SUSE default config files,
  but also by many users (as they are more readable than the equivalent
  PRI-based filter).
- omudpspoof: add support for new config system
- omudpspoof: add support for packets larger than 1472 bytes
  On Ethernet, they need to be transmitted in multiple fragments. While
  it is known that fragmentation can cause issues, it is the best choice
  to be made in that case. Also improved debug output.
- bugfix: omudpspoof failed depending on the execution environment
  The v7 engine closes fds, and closed some of libnet's fds as well, what
  lead to problems (unfortunately, at least some libnet versions do not
  report a proper error state but still "success"...). The order of libnet
  calls has been adjusted to by in sync with what the core engine does.
- bugfix: segfault on imuxsock startup if system log socket is used
  and no ratelimiting supported. Happens only during initial config
  read phase, once this is over, everything works stable.
- bugfix: mmnormalize build problems
- bugfix: mmnormalize could abort rsyslog if config parameter was in error
- bugfix: no error message for invalid string template parameters
  rather a malformed template was generated, and error information emitted
  at runtime. However, this could be quite confusing. Note that with this
  "bugfix" user experience changes: formerly, rsyslog and the affected
  actions properly started up, but the actions did not produce proper
  data. Now, there are startup error messages and the actions are NOT
  executed (due to missing template due to template error).
- bugfix[minor]: invalid error code when mmnormalize could not access
  rulebase
- bugfix(kind of): script optimizer did not work for complex boolean
  expressions
- doc bugfix: corrections and improvements in mmnormalize html doc page
- bugfix: some message properties could be garbled due to race condition
  This happened only on very high volume systems, if the same message was
  being processed by two different actions. This was a regression caused
  by the new config processor, which did no longer properly enable msg
  locking in multithreaded cases. The bugfix is actually a refactoring of
  the msg locking code - we no longer do unlocked operations, as the use
  case for it has mostly gone away. It is potentially possible only at
  very low-end systems, and there the small additional overhead of doing
  the locking does not really hurt. Instead, the removal of that 
  capability can actually slightly improve performance in common cases,
  as the code path is smaller and requires slightly less memory writes.
  That probably outperforms the extra locking overhead (which in the 
  low-end case always happens in user space, without need for kernel
  support as we can always directly aquire the lock - there is no
  contention at all).
- build system cleanup (thanks to Michael Biebl for this!)
- bugfix: omelasticsearch did not properly compile on some platforms
  due to missing libmath. Thanks to Michael Biebl for the fix
---------------------------------------------------------------------------
Version 7.3.4  [devel] 2012-11-23
- further (and rather drastically) improved disk queue performance
  we now save one third of the IO calls
- imklog: added ParseKernelTimestamp parameter (import from 5.10.2)
  Thanks to Marius Tomaschewski for the patch.
- imklog: added KeepKernelTimestamp parameter (import from 5.10.2)
  Thanks to Marius Tomaschewski for the patch.
- bugfix: improper handling of backslash in string-type template()s
- bugfix: leading quote (") in string-type template() lead to thight loop
  on startup
- bugfix: no error msg on invalid field option in legacy/string template
- bugfix: imklog mistakenly took kernel timestamp subseconds as nanoseconds
  ... actually, they are microseconds. So the fractional part of the 
  timestamp was not properly formatted. (import from 5.10.2)
  Thanks to Marius Tomaschewski for the bug report and the patch idea.
---------------------------------------------------------------------------
Version 7.3.3  [devel] 2012-11-07
- improved disk queue performance
- bugfix: dynafile zip files could be corrupted
  This could happen if a dynafile was destructed before the first write.
  In practice, this could happen if few lines were written to a file and
  it then became evicted from the dynafile cache. This would probably
  look very random, because it depended on the timing in regard to 
  message volume and dynafile cache size.
---------------------------------------------------------------------------
Version 7.3.2  [devel] 2012-10-30
- mmnormalize: support for v6+ config interface added
- mmjsonparse: support for v6+ config interface added
---------------------------------------------------------------------------
Version 7.3.2  [devel] 2012-10-30
- totally reworked ratelimiting and "last message repeated n times"
  all over rsyslog code. Each of the supported inputs now supports 
  linux-like ratelimiting (formerly only imuxsock did). Also, the
  "last message repeated n times" is now processed at the input side
  and no longer at the output side of rsyslog processing. This 
  provides the basis for new future additions as well as usually more
  performance and a much simpler output part (which can be even further
  refactored).
- imtcp: support for Linux-Type ratelimiting added
- imptcp: support for Linux-Type ratelimiting added
- imudp enhancements:
  * support for input batching added (performance improvement)
  * support for Linux-Type ratelimiting added
- permited action-like statements (stop, call, ...) in action lists
- bugfix: segfault on startup when modules using MSG_PASSING mode are used
- omelasticsearch: support for writing data errors to local file added
- omelasticsearch: fix check for bulk processing status response
---------------------------------------------------------------------------
Version 7.3.1  [devel] 2012-10-19
- optimized template processing performance, especially for $NOW family
  of properties
- change lumberjack cookie to "@cee:" from "@cee: "
  CEE originally specified the cookie with SP, whereas other lumberjack
  tools used it without space. In order to keep interop with lumberjack,
  we now use the cookie without space as well. I hope this can be changed
  in CEE as well when it is released at a later time.
  Thanks to Miloslav Trmač for pointing this out and a similiar v7 patch.
- bugfix: imuxsock and imklog truncated head of received message
  This happened only under some circumstances. Thanks to Marius
  Tomaschewski, Florian Piekert and Milan Bartos for their help in
  solving this issue.
- bugfix: imuxsock did not properly honor $LocalHostIPIF
---------------------------------------------------------------------------
Version 7.3.0  [devel] 2012-10-09
- omlibdbi improvements, added
  * support for config load phases & module() parameters
  * support for default templates
  * driverdirectory is now cleanly a global parameter, but can no longer
    be specified as an action parameter. Note that in previous versions
    this parameter was ignored in all but the first action definition
- improved omfile zip writer to increase compression
  This was achieved by somewhat reducing the robustness of the zip archive.
  This is controlled by the new action parameter "VeryReliableZip".
----------------------------------------------------------------------------
Version 7.2.8  [v7-stable] 2013-0?-??
- bugfix: potential segfault on startup when builtin module was specified
  in module() statement.
  Thanks to Marius Tomaschewski for reporting the bug.
- bugfix: segfault due to invalid dynafile cache handling
  Accidently, the old-style cache size parameter was used when the
  dynafile cache was created in a RainerScript action. If the old-style
  size was lower than the one actually set, this lead to misadressing
  when the size was overrun, and that could lead to all kinds of
  "interesting things", often in segfaults.
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=440
----------------------------------------------------------------------------
Version 7.2.7  [v7-stable] 2013-04-17
- rsyslogd startup information is now properly conveyed back to init
  when privileges are beging dropped
  Actually, we have moved termination of the parent in front of the
  priv drop. So it shall work now in all cases. See code comments in
  commit for more details.
- If forking, the parent now waits for a maximum of 60 seconds for
  termination by the child
- improved debugging support in forked (auto-backgrounding) mode
  The rsyslog debug log file is now continued to be written across the
  fork.
- updated systemd files to match current systemd source
- bugfix: failover/action suspend did not work correctly
  This was experienced if the retry action took more than one second
  to complete. For suspending, a cached timestamp was used, and if the
  retry took longer, that timestamp was already in the past. As a 
  result, the action never was kept in suspended state, and as such
  no failover happened. The suspend functionalit now does no longer use
  the cached timestamp (should not have any performance implication, as
  action suspend occurs very infrequently).
- bugfix: nested if/prifilt conditions did not work properly
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=415
- bugfix: script == comparison did not work properly on JSON objects
  [backport from 7.3 branch]
- bugfix: imudp scheduling parameters did affect main thread, not imudp
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=409
- bugfix: imuxsock rate-limiting could not be configured via legacy conf
  Rate-limiting for the system socket could not be configured via legacy
  configuration directives. However, the new-style RainerScript config
  options worked.
  Thanks to Milan Bartos for the patch.
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=390
- bugfix: using group resolution could lead to endless loop
  Thanks to Tomas Heinrich for the patch.
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=310
- bugfix: $mmnormalizeuseramsg parameter was specified with wrong type
  Thank to Renzhong Zhang for alerting us of the problem.
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=420
- bugfix: RainerScript getenv() function caused segfault when var was
  not found.
  Thanks to Philippe Muller for the patch.
- bugfix: several issues in imkmsg
  see bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=421#c8
- bugfix: imuxsock was missing SysSock.ParseTrusted module parameter
  To use that functionality, legacy rsyslog.conf syntax had to be used.
  Also, the doc was missing information on the "ParseTrusted" set of
  config directives.
- bugfix: parameter action.execOnlyWhenPreviousIsSuspended was accidently 
  of integer-type. For obvious reasons, it needs to be boolean. Note
  that this change can break existing configurations if they circumvented
  the problem by using 0/1 values.
- doc bugfix: rsyslog.conf man page had invalid file format info
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=418
----------------------------------------------------------------------------
Version 7.2.6  [v7-stable] 2013-03-05
- slightly improved config parser error messages when invalid escapes happen
- bugfix: include files got included in the wrong order
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=411
  This happens if an $IncludeConfig directive was done on multiple
  files (e.g. the distro default of $IncludeConfig /etc/rsyslog.d/*.conf).
  In that case, the order of include file processing is reversed, which
  could lead to all sorts of problems.
  Thanks to Nathan Stratton Treadway for his great analysis of the problem,
  which made bug fixing really easy.
- bugfix: omelasticsearch failed when authentication data was provided
  ... at least in most cases it emitted an error message:
  "snprintf failed when trying to build auth string"
  Thanks to Joerg Heinemann for alerting us.
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=404
- bugfix: some property-based filter were incorrectly parsed
  This usually lead to a syntax error on startup and rsyslogd not actually
  starting up. The problem was the regex, which did not care for double
  quote characters to follow in the action part - unfortunately something
  that can frequently happen with v6+ format. An example:
  :programname, isequal, "as" {action(type="omfile" ...) }
  Here, the part 
  :programname, isequal, "as" {action(type="omfile"
  was treated as the property filter, and the rest as action part.
  Obviously, this did not work out. Unfortunately, such situations usually
  resulted in very hard to understand error messages.
----------------------------------------------------------------------------
Version 7.2.5  [v7-stable] 2013-01-08
- build system cleanup (thanks to Michael Biebl for this!)
- bugfix: omelasticsearch did not properly compile on some platforms
  due to missing libmath. Thanks to Michael Biebl for the fix
- bugfix: invalid DST handling under Solaris
  Thanks to Scott Severtson for the patch.
- bugfix: on termination, actions were incorrectly called
  The problem was that incomplete fiter evaluation was done *during the
  shutdown phase*. This affected only the LAST batches being processed. No
  problem existed during the regular run. Could usually only happen on
  very busy systems, which were still busy during shutdown.
- bugfix: very large memory consumption (and probably out of memory) when
  FromPos was specified in template, but ToPos not.
  Thanks to Radu Gheorghe for alerting us of this bug.
- bugfix: timeval2syslogTime cause problems on some platforms
  due to invalid assumption on structure data types.
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=394
  Thanks to David Hill for the patch [under ASL2.0 as per email conversation
  2013-01-03].
- bugfix: compile errors in im3195
  Thanks to Martin Körper for the patch
- bugfix: doGetFileCreateMode() had invalid validity check ;)
  Thanks to Chandler Latour for the patch.
- bugfix: mmjsonparse errornously returned action error when no CEE cookie
  was present.
----------------------------------------------------------------------------
Version 7.2.4  [v7-stable] 2012-12-07
- enhance: permit RFC3339 timestamp in local log socket messages
  Thanks to Sebastien Ponce for the patch.
- imklog: added ParseKernelTimestamp parameter (import from 5.10.2)
  Thanks to Marius Tomaschewski for the patch.
- fix missing functionality: ruleset(){} could not specify ruleset queue
  The "queue.xxx" parameter set was not supported, and legacy ruleset
  config statements did not work (by intention). The fix introduces the
  "queue.xxx" parameter set. It has some regression potential, but only
  for the new functionality. Note that using that interface it is possible
  to specify duplicate queue file names, which will cause trouble. This
  will be solved in v7.3, because there is a too-large regression
  potential for the v7.2 stable branch.
- imklog: added KeepKernelTimestamp parameter (import from 5.10.2)
  Thanks to Marius Tomaschewski for the patch.
- bugfix: imklog mistakenly took kernel timestamp subseconds as nanoseconds
  ... actually, they are microseconds. So the fractional part of the 
  timestamp was not properly formatted. (import from 5.10.2)
  Thanks to Marius Tomaschewski for the bug report and the patch idea.
- bugfix: supportoctetcountedframing parameter did not work in imptcp
- bugfix: modules not (yet) supporting new conf format were not properly
  registered. This lead to a "module not found" error message instead of
  the to-be-expected "module does not support new style" error message.
  That invalid error message could be quite misleading and actually stop
  people from addressing the real problem (aka "go nuts" ;))
- bugfix: template "type" parameter is mandatory (but was not)
- bugfix: some message properties could be garbled due to race condition
  This happened only on very high volume systems, if the same message was
  being processed by two different actions. This was a regression caused
  by the new config processor, which did no longer properly enable msg
  locking in multithreaded cases. The bugfix is actually a refactoring of
  the msg locking code - we no longer do unlocked operations, as the use
  case for it has mostly gone away. It is potentially possible only at
  very low-end systems, and there the small additional overhead of doing
  the locking does not really hurt. Instead, the removal of that 
  capability can actually slightly improve performance in common cases,
  as the code path is smaller and requires slightly less memory writes.
  That probably outperforms the extra locking overhead (which in the 
  low-end case always happens in user space, without need for kernel
  support as we can always directly aquire the lock - there is no
  contention at all).
----------------------------------------------------------------------------
Version 7.2.3  [v7-stable] 2012-10-21
- regression fix: rsyslogd terminated when wild-card $IncludeConfig did not
  find actual include files. For example, if this directive is present:
  $IncludeConfig /etc/rsyslog.d/*.conf
  and there are no *.conf files in /etc/rsyslog.d (but rsyslog.d exists),
  rsyslogd will emit an error message and terminate. Previous (and expected)
  behaviour is that an empty file set is no problem. HOWEVER, if the
  directory itself does not exist, this is flagged as an error and will
  load to termination (no startup).
  Unfortunately, this is often the case by default in many distros, so this
  actually prevents rsyslog startup.
----------------------------------------------------------------------------
Version 7.2.2  [v7-stable] 2012-10-16
- doc improvements
- enabled to build without libuuid, at loss of uuid functionality
  this enables smoother builds on older systems that do not support
  libuuid. Loss of functionality should usually not matter too much as
  uuid support has only recently been added and is very seldom used.
- bugfix: omfwd did not properly support "template" parameter
- bugfix: potential segfault when re_match() function was used
  Thanks to oxpa for the patch.
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=371
- bugfix: potential abort of imtcp on rsyslogd shutdown
- bugfix: imzmq3 segfault with PULL subscription
  Thanks to Martin Nilsson for the patch.
- bugfix: improper handling of backslash in string-type template()s
- bugfix: leading quote (") in string-type template() lead to thight loop
  on startup
- bugfix: no error msg on invalid field option in legacy/string template
- bugfix: potential segfault due to invalid param handling in comparisons
  This could happen in RainerScript comparisons (like contains); in some
  cases an unitialized variable was accessed, which could lead to an
  invalid free and in turn to a segfault.
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=372
  Thanks to Georgi Georgiev for reporting this bug and his great help
  in solving it.
- bugfix: no error msg on unreadable $IncludeConfig path
- bugfix: $IncludeConfig did not correctly process directories
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=376
  The testbench was also enhanced to check for these cases.
  Thanks to Georgi Georgiev for the bug report.
- bugfix: make rsyslog compile on kfreebsd again
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=380
  Thanks to Guillem Jover for the patch.
- bugfix: garbled message if field name was used with jsonf property option
  The length for the field name was invalidly computed, resulting in either
  truncated field names or including extra random data. If the random data
  contained NULs, the rest of the message became unreadable.
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=374
- bugfix: potential segfault at startup with property-based filter
  If the property name was followed by a space before the comma, rsyslogd
  aborted on startup. Note that no segfault could happen if the initial
  startup went well (this was a problem with the config parser).
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=381
- bugfix: imfile discarded some file parts
  File lines that were incomplete (LF missing) *at the time imfile polled
  the file* were partially discarded. That part of the line that was read 
  without the LF was discarded, and the rest of the line was submitted in
  the next polling cycle. This is now changed so that the partial content
  is saved until the complete line is read. Note that the patch affects
  only read mode 0.
  Thanks to Milan Bartos for providing the base idea for the solution.
----------------------------------------------------------------------------
Version 7.2.1  [v7-stable] 2012-10-29
- bugfix: ruleset()-object did only support a single statement
- added -D rsyslogd option to enable config parser debug mode
- improved syntax error messages by outputting the error token
- the rsyslog core now suspeneds actions after 10 failures in a row
  This was former the case after 1,000 failures and could cause rsyslog
  to be spammed/ressources misused. See the v6 compatibility doc for more
  details.
- ommongodb rate-limits error messages to prevent spamming the syslog
  closes (for v7.2): http://bugzilla.adiscon.com/show_bug.cgi?id=366
----------------------------------------------------------------------------
Version 7.2.0  [v7-stable] 2012-10-22
This starts a new stable branch based on 7.1.12 plus the following changes:
- bugfix: imuxsock did not properly honor $LocalHostIPIF
- omruleset/omdiscard do no longer issue "deprecated" warings, as 7.1
  grammar does not permit to use the replacements under all circumstances
----------------------------------------------------------------------------
Version 7.1.12  [beta] 2012-10-18
- minor updates to better support newer systemd developments
  Thanks to Michael Biebl for the patches.
- build system cleanup
  Thanks to Michael Biebl for the patch series.
- cleanup: removed remains of -c option (compatibility mode)
  both from code & doc and emitted warning message if still used
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=361
  Thanks to Michael Biebl for reporting & suggestions
- bugfix: imklog truncated head of received message
  This happened only under some circumstances. Thanks to Marius
  Tomaschewski and Florian Piekert for their help in solving this issue.
----------------------------------------------------------------------------
Version 7.1.11  [beta] 2012-10-16
- bugfix: imuxsock truncated head of received message
  This happened only under some circumstances. Thanks to Marius
  Tomaschewski, Florian Piekert and Milan Bartos for their help in
  solving this issue.
- bugfix: do not crash if set statement is used with date field
  Thanks to Miloslav Trmač for the patch.
- change lumberjack cookie to "@cee:" from "@cee: "
  CEE originally specified the cookie with SP, whereas other lumberjack
  tools used it without space. In order to keep interop with lumberjack,
  we now use the cookie without space as well. I hope this can be changed
  in CEE as well when it is released at a later time.
  Thanks to Miloslav Trmač for pointing this out and a similiar v7 patch.
- added deprecated note to omruleset (plus clue to use "call")
- added deprecated note to discard action (plus clue to use "stop")
---------------------------------------------------------------------------
Version 7.1.10  [beta] 2012-10-11
 - bugfix: m4 directory was not present in release tarball
 - bugfix: small memory leak with string-type templates
 - bugfix: small memory leak when template was specified in omfile
 - bugfix: some config processing warning messages were treated as errors
 - bugfix: small memory leak when processing action() statements
 - bugfix: unknown action() parameters were not reported
---------------------------------------------------------------------------
Version 7.1.9  [beta] 2012-10-09
- bugfix: comments inside objects (e.g. action()) were not properly handled
- bugfix: in (non)equal comparisons the position of arrays influenced result
  This behaviour is OK for "contains"-type of comparisons (which have quite
  different semantics), but not for == and <>, which shall be commutative.
  This has been fixed now, so there is no difference any longer if the
  constant string array is the left or right hand operand. We solved this
  via the optimizer, as it keeps the actual script execution code small.
---------------------------------------------------------------------------
Version 7.1.8  [beta] 2012-10-02
- bugfix: ruleset(){} directive errornously changed default ruleset
  much like the $ruleset legacy conf statement. This potentially lead
  to statements being assigned to the wrong ruleset.
- improved module doc
- added "parser" parameter to ruleset(), so that parser chain can be
  configured
- implemented "continue" RainerScript statement
---------------------------------------------------------------------------
Version 7.1.7  [devel] 2012-10-01
- implemented RainerScript "call" statement
- implemented RainerScript array-based string comparison operations
- implemented imtcp "permittedPeers" module-global parameter
- imudp: support for specifying multiple ports via array added
---------------------------------------------------------------------------
Version 7.1.6  [devel] 2012-09-28
- implemented RainerScript input() statement, including support for it
  in major input plugins
- implemented RainerScript ruleset() statement
---------------------------------------------------------------------------
Version 7.1.5  [devel] 2012-09-25
- implemented RainerScript prifield() function
- implemented RainerScript field() function
- added new module imkmsg to process structured kernel log
  Thanks to Milan Bartos for contributing this module
- implemented basic RainerScript optimizer, which will speed up script
  operations
- bugfix: invalid free if function re_match() was incorrectly used
  if the config file parser detected that param 2 was not constant, some
  data fields were not initialized. The destructor did not care about that.
  This bug happened only if rsyslog startup was unclean.
---------------------------------------------------------------------------
Version 7.1.4  [devel] 2012-09-19
- implemented ability for CEE-based properties to be stored in disk queues
- implemented string concatenation in expressions via &-operator
- implemented json subtree copy in variable assignment
- implemented full JSON support for variable manipulation
- introduced "subtree"-type templates
- bugfix: omfile action did not respect "template" parameter
  ... and used default template in all cases
- bugfix: MsgDup() did not copy CEE structure
  This function was called at various places, most importantly during
  "last messages repeated n times" processing and omruleset. If CEE(JSON)
  data was present, it was lost as part of the copy process.
- bugfix: debug output indicated improper queue type
---------------------------------------------------------------------------
Version 7.1.3  [devel] 2012-09-17
- introduced "set" and "unset" config statements
- bugfix: missing support for escape sequences in RainerScript
  only \' was supported. Now the usual set is supported. Note that v5
  used \x as escape where x was any character (e.g. "\n" meant "n" and NOT
  LF). This also means there is some incompatibility to v5 for well-know
  sequences. Better break it now than later.
- bugfix: invalid property name in property-filter could cause abort
  if action chaining (& operator) was used
  http://bugzilla.adiscon.com/show_bug.cgi?id=355
  Thanks to pilou@gmx.com for the bug report
---------------------------------------------------------------------------
Version 7.1.2  [devel] 2012-09-12
- bugfix: messages were duplicated, sometimes massively
  regression from new code in 7.1.1 and reason for early release
- bugfix: remove invalid socket option call from imuxsock
  Thanks to Cristian Ionescu-Idbohrn and Jonny Törnbom 
- bugfix: abort when invalid property name was configured
  in property-based filter
- bugfix: multiple rulesets did no longer work correctly (7.1.1 regression)
---------------------------------------------------------------------------
Version 7.1.1  [devel] 2012-09-11
- MAJOR NEW FEATURE: rulengine now fully supports nesting
  including if ... then ... else ... constructs. This is a big change
  and it obviously has a lot of bug potential.
- BSD-style (filter) blocks are no longer supported
  see http://www.rsyslog.com/g/BSD for details and solution
- imuxsock now stores trusted properties by default in the CEE root
  This was done in order to keep compatible with other implementations of
  the lumberjack schema
  Thanks to Miloslav Trmač for pointing to this.
- bugfix: string-generating templates caused abort if CEE field could not
  be found
---------------------------------------------------------------------------
Version 7.1.0  [devel] 2012-09-06
- added support for hierarchical properties (CEE/lumberjack)
- added pure JSON output plugin parameter passing mode
- ommongodb now supports templates
- bugfix: imtcp could abort on exit due to invalid free()
- imported bugfixes from 6.4.1
---------------------------------------------------------------------------
Version 6.6.1  [v6-stable] 2012-10-??
- bugfix: build problems on some platforms
- bugfix: misaddressing of $mmnormalizeuserawmsg parameter
  On many platforms, this has no effect at all. At some, it may cause
  a segfault. The problem occurs only during config phase, no segfault
  happens when rsyslog has fully started.
- fix API "glitch" in some plugins
  This did not affect users, but could have caused trouble in the future
  for developers.
- bugfix: no error msg on invalid field option in legacy/string template
- bugfix: no error msg on unreadable $IncludeConfig path
- bugfix: $IncludeConfig did not correctly process directories
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=376
  The testbench was also enhanced to check for these cases.
  Thanks to Georgi Georgiev for the bug report.
- bugfix: spurios error messages from imuxsock about (non-error) EAGAIN
  Thanks to Marius Tomaschewski for the patch.
- imklog: added $klogParseKernelTimestamp option
  When enabled, kernel message [timestamp] is converted for message time.
  Default is to use receive time as in 5.8.x and before, because the clock
  used to create the timestamp is not supposed to be as accurate as the
  monotonic clock (depends on hardware and kernel) resulting in differences
  between kernel and system messages which occurred at same time.
  Thanks to Marius Tomaschewski for the patch.
- imklog: added $klogKeepKernelTimestamp option
  When enabled, the kernel [timestamp] remains at begin of
  each message, even it is used for the message time too.
  Thanks to Marius Tomaschewski for the patch.
- bugfix: imklog mistakenly took kernel timestamp subseconds as nanoseconds
  ... actually, they are microseconds. So the fractional part of the 
  timestamp was not properly formatted.
  Thanks to Marius Tomaschewski for the bug report and the patch idea.
- bugfix: hostname set in rsyslog.conf was not picked up until HUP
  which could also mean "never" or "not for a very long time".
  Thanks to oxpa for providing analysis and a patch
- bugfix: some message properties could be garbled due to race condition
  This happened only on very high volume systems, if the same message was
  being processed by two different actions. This was a regression caused
  by the new config processor, which did no longer properly enable msg
  locking in multithreaded cases. The bugfix is actually a refactoring of
  the msg locking code - we no longer do unlocked operations, as the use
  case for it has mostly gone away. It is potentially possible only at
  very low-end systems, and there the small additional overhead of doing
  the locking does not really hurt. Instead, the removal of that 
  capability can actually slightly improve performance in common cases,
  as the code path is smaller and requires slightly less memory writes.
  That probably outperforms the extra locking overhead (which in the 
  low-end case always happens in user space, without need for kernel
  support as we can always directly aquire the lock - there is no
  contention at all).
- bugfix: invalid DST handling under Solaris
  Thanks to Scott Severtson for the patch.
---------------------------------------------------------------------------
Version 6.6.0  [v6-stable] 2012-10-22
This starts a new stable branch, based on the 6.5.x series, plus:
- bugfix: imuxsock did not properly honor $LocalHostIPIF
---------------------------------------------------------------------------
Version 6.5.1  [beta] 2012-10-11
- added tool "logctl" to handle lumberjack logs in MongoDB
- imfile ported to new v6 config interface
- imfile now supports config parameter for maximum number of submits
  which is a fine-tuning parameter in regard to input baching
- added pure JSON output plugin parameter passing mode
- ommongodb now supports templates
- bugfix: imtcp could abort on exit due to invalid free()
- bugfix: remove invalid socket option call from imuxsock
  Thanks to Cristian Ionescu-Idbohrn and Jonny Törnbom 
- added pure JSON output plugin parameter passing mode
- ommongodb now supports templates
- bugfix: imtcp could abort on exit due to invalid free()
- bugfix: missing support for escape sequences in RainerScript
  only \' was supported. Now the usual set is supported. Note that v5
  used \x as escape where x was any character (e.g. "\n" meant "n" and NOT
  LF). This also means there is some incompatibility to v5 for well-know
  sequences. Better break it now than later.
- bugfix: small memory leaks in template() statements
  these were one-time memory leaks during startup, so they did NOT grow
  during runtime
- bugfix: config validation run did not always return correct return state
- bugfix: config errors did not always cause statement to fail
  This could lead to startup with invalid parameters.
---------------------------------------------------------------------------
Version 6.5.0  [devel] 2012-08-28
- imrelp now supports non-cancel thread termination
  (but now requires at least librelp 1.0.1)
- implemented freeCnf() module interface
  This was actually not present in older versions, even though some modules
  already used it. The implementation was now done, and not in 6.3/6.4 
  because the resulting memory leak was ultra-slim and the new interface
  handling has some potential to seriously break things. Not the kind of
  thing you want to add in late beta state, if avoidable.
- added --enable-debugless configure option for very high demanding envs
  This actually at compile time disables a lot of debug code, resulting
  in some speedup (but serious loss of debugging capabilities)
- added new 0mq plugins (via czmq lib)
  Thanks to David Kelly for contributing these modules
- bugfix: omhdfs did no longer compile
- bugfix: SystemLogSocketAnnotate did not work correctly
  Thanks to Miloslav Trmač for the patch
- $SystemLogParseTrusted config file option
  Thanks to Milan Bartos for the patch
- added template config directive
- added new uuid message property
  Thanks to Jérôme Renard for the idea and patches.
  Note: patches were released under ASL 2.0, see
  http://bugzilla.adiscon.com/show_bug.cgi?id=353
---------------------------------------------------------------------------
Version 6.4.3  [V6-STABLE/NEVER RELEASED] 2012-??-??
This version was never released as 6.6.0 came quickly enough. Note that
all these patches here are present in 6.6.0.
- cleanup: removed remains of -c option (compatibility mode)
  both from code & doc and emitted warning message if still used
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=361
  Thanks to Michael Biebl for reporting & suggestions
- bugfix: imuxsock and imklog truncated head of received message
  This happened only under some circumstances. Thanks to Marius
  Tomaschewski, Florian Piekert and Milan Bartos for their help in
  solving this issue.
- change lumberjack cookie to "@cee:" from "@cee: "
  CEE originally specified the cookie with SP, whereas other lumberjack
  tools used it without space. In order to keep interop with lumberjack,
  we now use the cookie without space as well. I hope this can be changed
  in CEE as well when it is released at a later time.
  Thanks to Miloslav Trmač for pointing this out and a similiar v7 patch.
- bugfix: comments inside objects (e.g. action()) were not properly handled
- bugfix: sysklogd-emulating standard template was no longer present in v6
  This was obviously lost during the transition to the new config format.
  Thanks to Milan Bartos for alerting us and a patch!
- bugfix: some valid legacy PRI filters were flagged as errornous
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=358
  This happend to filters of the style "local0,local1.*", where the 
  multiple facilities were comma-separated.
- bugfix: imuxsock did not properly honor $LocalHostIPIF
---------------------------------------------------------------------------
Version 6.4.2  [V6-STABLE] 2012-09-20
- bugfix: potential abort, if action queue could not be properly started
  This most importantly could happen due to configuration errors.
- bugfix: remove invalid socket option call from imuxsock
  Thanks to Cristian Ionescu-Idbohrn and Jonny Törnbom 
- bugfix: missing support for escape sequences in RainerScript
  only \' was supported. Now the usual set is supported. Note that v5
  used \x as escape where x was any character (e.g. "\n" meant "n" and NOT
  LF). This also means there is some incompatibility to v5 for well-know
  sequences. Better break it now than later.
- bugfix: config validation run did not always return correct return state
---------------------------------------------------------------------------
Version 6.4.1  [V6-STABLE] 2012-09-06
- bugfix: multiple main queues with same queue file name were not detected
  This lead to queue file corruption. While the root cause is a config
  error, it is a bug that this important and hard to find config error
  was not detected by rsyslog.
- bugfix: "jsonf" property replacer option did generate invalid JSON
  in JSON, we have "fieldname":"value", but the option emitted 
  "fieldname"="value". Interestingly, this was accepted by a couple
  of sinks, most importantly elasticsearch. Now the correct format is
  emitted, which causes a remote chance that some things that relied on
  the wrong format will break.
  Thanks to Miloslav Trmač for the patch
- change $!all-json did emit an empty (thus non-JSON) string if no libee
  data was present. It now emits {} and thus valid JSON. There is a
  small risk that this may break some things that relied on the previous
  inconsistency.
  Thanks to Miloslav Trmač for the patch
- bugfix: omusrsmsg incorrect return state & config warning handling
  During config file processing, Omusrmsg often incorrectly returned a
  warning status, even when no warning was present (caused by
  uninitialized variable). Also, the core handled warning messages
  incorrectly, and treated them as errors. As a result, omusrmsg
  (most often) could not properly be loaded. Note that this only
  occurs with legacy config action syntax. This was a regression
  caused by an incorrect merge in to the 6.3.x codebase.
  Thanks to Stefano Mason for alerting us of this bug.
- bugfix: Fixed TCP CheckConnection handling in omfwd.c. Interface needed 
  to be changed in lower stream classes. Syslog TCP Sending is now resumed
  properly. Unfixed, that lead to non-detection of downstate of remote
  hosts.
---------------------------------------------------------------------------
Version 6.4.0  [V6-STABLE] 2012-08-20
- THIS IS THE FIRST VERSION OF THE 6.4.x STABLE BRANCH
  It includes all enhancements made in 6.3.x plus what is written in the
  ChangeLog below. 
- omelasticsearch: support for parameters parent & dynparent added
- bugfix: imtcp aborted when more than 2 connections were used.
  Incremented pthread stack size to 4MB for imtcp, imptcp and imttcp
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=342
- bugfix: imptcp aborted when $InputPTCPServerBindRuleset was used
- bugfix: problem with cutting first 16 characters from message with
  bAnnotate
  Thanks to Milan Bartos for the patch.
---------------------------------------------------------------------------
Version 6.3.12  [BETA] 2012-07-02
- support for elasticsearch via omelasticsearch added
  Note that this module has been tested quite well by a number of folks,
  and this is why we merge in new functionality in a late beta stage.
  Even if problems would exist, only users of omelasticsearch would
  experience them, making it a pretty safe addition.
- bugfix: $ActionName was not properly honored
  Thanks to Abby Edwards for alerting us
---------------------------------------------------------------------------
Version 6.3.11  [BETA] 2012-06-18
- bugfix: expression-based filters with AND/OR could segfault
  due to a problem with boolean shortcut operations. From the user's
  perspective, the segfault is almost non-deterministic (it occurs when
  a shortcut is used).
  Thanks to Lars Peterson for providing the initial bug report and his
  support in solving it.
- bugfix: "last message repeated n times" message was missing hostname
  Thanks to Zdenek Salvet for finding this bug and to Bodik for reporting
---------------------------------------------------------------------------
Version 6.3.10  [BETA] 2012-06-04
- bugfix: delayble source could block action queue, even if there was
  a disk queue associated with it. The root cause of this problem was
  that it makes no sense to delay messages once they arrive in the 
  action queue - the "input" that is being held in that case is the main
  queue worker, what makes no sense.
  Thanks to Marcin for alerting us on this problem and providing 
  instructions to reproduce it.
- bugfix: invalid free in imptcp could lead to abort during startup
- bugfix: if debug message could end up in log file when forking
  if rsyslog was set to auto-background (thus fork, the default) and debug
  mode to stdout was enabled, debug messages ended up in the first log file
  opened. Currently, stdout logging is completely disabled in forking mode
  (but writing to the debug log file is still possible). This is a change 
  in behaviour, which is under review. If it causes problems to you,
  please let us know.
  Thanks to Tomas Heinrich for the patch.
- bugfix: --enable-smcustbindcdr configure directive did not work
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=330
  Thanks to Ultrabug for the patch.
- bugfix: made rsyslog compile when libestr ist not installed in /usr
  Thanks to Miloslav Trmač for providing patches and suggestions
---------------------------------------------------------------------------
Version 6.3.9  [BETA] 2012-05-22
- bugfix: imtcp could cause hang during reception
  this also applied to other users of core file tcpsrv.c, but imtcp was
  by far the most prominent and widely-used, the rest rather exotic
  (like imdiag)
- added capability to specify substrings for field extraction mode
- added the "jsonf" property replacer option (and fieldname)
- bugfix: omudpspoof did not work correctly if no spoof hostname was
  configured
- bugfix: property replacer option "json" could lead to content loss
  message was truncated if escaping was necessary
- bugfix: assigned ruleset was lost when using disk queues
  This looked quite hard to diagnose for disk-assisted queues, as the
  pure memory part worked well, but ruleset info was lost for messages
  stored inside the disk queue.
- bugfix/imuxsock: solving abort if hostname was not set; configured
  hostname was not used (both merge regressions)
 -bugfix/omfile: template action parameter was not accepted
  (and template name set to "??" if the parameter was used)
  Thanks to Brian Knox for alerting us on this bug.
- bugfix: ommysql did not properly init/exit the mysql runtime library
  this could lead to segfaults. Triggering condition: multiple action
  instances using ommysql.  Thanks to Tomas Heinrich for reporting this
  problem and providing an initial patch (which my solution is based on,
  I need to add more code to clean the mess up).
- bugfix: rsyslog did not terminate when delayable inputs were blocked
  due to unvailable sources. Fixes:
  http://bugzilla.adiscon.com/show_bug.cgi?id=299
  Thanks to Marcin M for bringing up this problem and Andre Lorbach
  for helping to reproduce and fix it.
- added capability to specify substrings for field extraction mode
- bugfix: disk queue was not persisted on shutdown, regression of fix to
  http://bugzilla.adiscon.com/show_bug.cgi?id=299
  The new code also handles the case of shutdown of blocking light and 
  full delayable sources somewhat smarter and permits, assuming sufficient
  timouts, to persist message up to the max queue capacity. Also some nits
  in debug instrumentation have been fixed.
---------------------------------------------------------------------------
Version 6.3.8  [DEVEL] 2012-04-16
- added $PStatJSON directive to permit stats records in JSON format
- added "date-unixtimestamp" property replacer option to format as a
  unix timestamp (seconds since epoch)
- added "json" property replacer option to support JSON encoding on a
  per-property basis
- added omhiredis (contributed module)
- added mmjsonparse to support recognizing and parsing JSON enhanced syslog
  messages
- upgraded more plugins to support the new v6 config format:
  - ommysql
  - omlibdbi
  - omsnmp
- added configuration directives to customize queue light delay marks
  $MainMsgQueueLightDelayMark, $ActionQueueLightDelayMark; both
  specify number of messages starting at which a delay happens.
- added message property parsesuccess to indicate if the last run
  higher-level parser could successfully parse the message or not
  (see property replacer html doc for details)
- bugfix: abort during startup when rsyslog.conf v6+ format was used in
  a certain way
- bugfix: property $!all-json made rsyslog abort if no normalized data
  was available
- bugfix: memory leak in array passing output module mode
- added configuration directives to customize queue light delay marks
- permit size modifiers (k,m,g,...) in integer config parameters
  Thanks to Jo Rhett for the suggestion.
- bugfix: hostname was not requeried on HUP
  Thanks to Per Jessen for reporting this bug and Marius Tomaschewski for
  his help in testing the fix.
- bugfix: imklog invalidly computed facility and severity
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=313
- added configuration directive to disable octet-counted framing
  for imtcp, directive is $InputTCPServerSupportOctetCountedFraming 
  for imptcp, directive is $InputPTCPServerSupportOctetCountedFraming 
- added capability to use a local interface IP address as fromhost-ip for
  locally originating messages. New directive $LocalHostIPIF
---------------------------------------------------------------------------
Version 6.3.7  [DEVEL] 2012-02-02
- imported refactored v5.9.6 imklog linux driver, now combined with BSD
  driver
- removed imtemplate/omtemplate template modules, as this was waste of time
  The actual input/output modules are better copy templates. Instead, the
  now-removed modules cost time for maintenance AND often caused confusion
  on what their role was.
- added a couple of new stats objects
- improved support for new v6 config system. The build-in output modules
  now all support the new config language
- bugfix: facility local<x> was not correctly interpreted in legacy filters
  Was only accepted if it was the first PRI in a multi-filter PRI.
  Thanks to forum user Mark for bringing this to our attention.
- bugfix: potential abort after reading invalid X.509 certificate
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=290
  Thanks to Tomas Heinrich for the patch
- bufgix: legacy parsing of some filters did not work correctly
- bugfix: rsyslog aborted during startup if there is an error in loading
  an action and legacy configuration mode is used
- bugfix: bsd klog driver did no longer compile
- relicensed larger parts of the code under Apache (ASL) 2.0
---------------------------------------------------------------------------
Version 6.3.6  [DEVEL] 2011-09-19
- added $InputRELPServerBindRuleset directive to specify rulesets for RELP
- bugfix: config parser did not support properties with dashes in them
  inside property-based filters. Thanks to Gerrit Seré for reporting this.
---------------------------------------------------------------------------
Version 6.3.5  [DEVEL] (rgerhards/al), 2011-09-01
- bugfix/security: off-by-two bug in legacy syslog parser, CVE-2011-3200
- bugfix: mark message processing did not work correctly
- imudp&imtcp now report error if no listener at all was defined
  Thanks to Marcin for suggesting this error message.
- bugfix: potential misadressing in property replacer
---------------------------------------------------------------------------
Version 6.3.4  [DEVEL] (rgerhards), 2011-08-02
- added support for action() config object
  * in rsyslog core engine
  * in omfile
  * in omusrmsg
- bugfix: omusrmsg format usr1,usr2 was no longer supported
- bugfix: misaddressing in config handler
  In theory, can cause segfault, in practice this is extremely unlikely
  Thanks to Marcin for alertig me.
---------------------------------------------------------------------------
Version 6.3.3  [DEVEL] (rgerhards), 2011-07-13
- rsyslog.conf format: now parsed by RainerScript parser
  this provides the necessary base for future enhancements as well as some
  minor immediate ones. For details see:
  http://blog.gerhards.net/2011/07/rsyslog-633-config-format-improvements.html
- performance of script-based filters notably increased
- removed compatibility mode as we expect people have adjusted their
  confs by now
- added support for the ":omfile:" syntax for actions
---------------------------------------------------------------------------
Version 6.3.2  [DEVEL] (rgerhards), 2011-07-06
- added support for the ":omusrmsg:" syntax in configuring user messages
- systemd support: set stdout/stderr to null - thx to Lennart for the patch
- added support for obtaining timestamp for kernel message from message
  If the kernel time-stamps messages, time is now take from that
  timestamp instead of the system time when the message was read. This
  provides much better accuracy. Thanks to Lennart Poettering for
  suggesting this feature and his help during implementation.
- added support for obtaining timestamp from system for imuxsock
  This permits to read the time a message was submitted to the system
  log socket. Most importantly, this is provided in microsecond resolution.
  So we are able to obtain high precision timestampis even for messages
  that were - as is usual - not formatted with them. This also simplifies
  things in regard to local time calculation in chroot environments.
  Many thanks to Lennart Poettering for suggesting this feature,
  providing some guidance on implementing it and coordinating getting the
  necessary support into the Linux kernel.
- bugfix: timestamp was incorrectly calculated for timezones with minute
  offset
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=271
- bugfix: memory leak in imtcp & subsystems under some circumstances
  This leak is tied to error conditions which lead to incorrect cleanup
  of some data structures.
---------------------------------------------------------------------------
Version 6.3.1  [DEVEL] (rgerhards), 2011-06-07
- added a first implementation of a DNS name cache
  this still has a couple of weaknesses, like no expiration of entries,
  suboptimal algorithms -- but it should perform much better than
  what we had previously. Implementation will be improved based on
  feedback during the next couple of releases
---------------------------------------------------------------------------
Version 6.3.0  [DEVEL] (rgerhards), 2011-06-01
- introduced new config system
  http://blog.gerhards.net/2011/06/new-rsyslog-config-system-materializes.html
---------------------------------------------------------------------------
Version 6.2.2  [v6-stable], 2012-06-13
- build system improvements and spec file templates
  Thanks to Abby Edwards for providing these enhancements
- bugfix: disk queue was not persisted on shutdown, regression of fix to
  http://bugzilla.adiscon.com/show_bug.cgi?id=299
  The new code also handles the case of shutdown of blocking light and 
  full delayable sources somewhat smarter and permits, assuming sufficient
  timouts, to persist message up to the max queue capacity. Also some nits
  in debug instrumentation have been fixed.
- bugfix: --enable-smcustbindcdr configure directive did not work
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=330
  Thanks to Ultrabug for the patch.
- add small delay (50ms) after sending shutdown message
  There seem to be cases where the shutdown message is otherwise not
  processed, not even on an idle system. Thanks to Marcin for
  bringing this problem up.
- support for resolving huge groups
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=310
  Thanks to Alec Warner for the patch
- bugfix: potential hang due to mutex deadlock
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=316
  Thanks to Andreas Piesk for reporting&analyzing this bug as well as
  providing patches and other help in resolving it.
- bugfix: property PROCID empty instead of proper nilvalue if not present
  If it is not present, it must have the nilvalue "-" as of RFC5424
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=332
  Thanks to John N for reporting this issue.
- bugfix: did not compile under solaris due to $uptime property code
  For the time being, $uptime is not supported on Solaris
- bugfix: "last message repeated n times" message was missing hostname
  Thanks to Zdenek Salvet for finding this bug and to Bodik for reporting
---------------------------------------------------------------------------
Version 6.2.1  [v6-stable], 2012-05-10
- change plugin config interface to be compatible with pre-v6.2 system
  The functionality was already removed (because it is superseeded by the
  v6.3+ config language), but code was still present. I have now removed
  those parts that affect interface. Full removal will happen in v6.3, in
  order to limit potential regressions. However, it was considered useful
  enough to do the interface change in v6-stable; this also eases merging
  branches!
- re-licensed larger parts of the codebase under the Apache license 2.0
- bugfix: omprog made rsyslog abort on startup if not binary to
  execute was configured
- bugfix: imklog invalidly computed facility and severity
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=313
- bugfix: stopped DA queue was never processed after a restart due to a
  regression from statistics module
- bugfix: memory leak in array passing output module mode
- bugfix: ommysql did not properly init/exit the mysql runtime library
  this could lead to segfaults. Triggering condition: multiple action
  instances using ommysql.  Thanks to Tomas Heinrich for reporting this
  problem and providing an initial patch (which my solution is based on,
  I need to add more code to clean the mess up).
- bugfix: rsyslog did not terminate when delayable inputs were blocked
  due to unvailable sources. Fixes:
  http://bugzilla.adiscon.com/show_bug.cgi?id=299
  Thanks to Marcin M for bringing up this problem and Andre Lorbach
  for helping to reproduce and fix it.
- bugfix/tcpflood: sending small test files did not work correctly
---------------------------------------------------------------------------
Version 6.2.0  [v6-stable], 2012-01-09
- bugfix (kind of): removed numerical part from pri-text
  see v6 compatibility document for reasons
- bugfix: race condition when extracting program name, APPNAME, structured
  data and PROCID (RFC5424 fields) could lead to invalid characters e.g.
  in dynamic file names or during forwarding (general malfunction of these
  fields in templates, mostly under heavy load)
- bugfix: imuxsock did no longer ignore message-provided timestamp, if
  so configured (the *default*). Lead to no longer sub-second timestamps.
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=281
- bugfix: omfile returns fatal error code for things that go really wrong
  previously, RS_RET_RESUME was returned, which lead to a loop inside the
  rule engine as omfile could not really recover.
- bugfix: potential abort after reading invalid X.509 certificate
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=290
  Thanks to Tomas Heinrich for the patch
- enhanced module loader to not rely on PATH_MAX
- imuxsock: added capability to "annotate" messages with "trusted
  information", which contains some properties obtained from the system
  and as such sure to not be faked. This is inspired by the similiar idea
  introduced in systemd.
---------------------------------------------------------------------------
Version 6.1.12  [BETA], 2011-09-01
- bugfix/security: off-by-two bug in legacy syslog parser, CVE-2011-3200
- bugfix: mark message processing did not work correctly
- bugfix: potential misadressing in property replacer
- bugfix: memcpy overflow can occur in allowed sender checkig
  if a name is resolved to IPv4-mapped-on-IPv6 address
  Found by Ismail Dönmez at suse
- bugfix: The NUL-Byte for the syslogtag was not copied in MsgDup (msg.c)
- bugfix: fixed incorrect state handling for Discard Action (transactions)
  Note: This caused all messages in a batch to be set to COMMITTED, 
  even if they were discarded. 
---------------------------------------------------------------------------
Version 6.1.11  [BETA] (rgerhards), 2011-07-11
- systemd support: set stdout/stderr to null - thx to Lennart for the patch
- added support for the ":omusrmsg:" syntax in configuring user messages
- added support for the ":omfile:" syntax in configuring user messages
---------------------------------------------------------------------------
Version 6.1.10  [BETA] (rgerhards), 2011-06-22
- bugfix: problems in failover action handling
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=270
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=254
- bugfix: mutex was invalidly left unlocked during action processing
  At least one case where this can occur is during thread shutdown, which
  may be initiated by lower activity. In most cases, this is quite
  unlikely to happen. However, if it does, data structures may be 
  corrupted which could lead to fatal failure and segfault. I detected
  this via a testbench test, not a user report. But I assume that some
  users may have had unreproducable aborts that were cause by this bug.
---------------------------------------------------------------------------
Version 6.1.9  [BETA] (rgerhards), 2011-06-14
- bugfix: problems in failover action handling
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=270
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=254
- bugfix: mutex was invalidly left unlocked during action processing
  At least one case where this can occur is during thread shutdown, which
  may be initiated by lower activity. In most cases, this is quite
  unlikely to happen. However, if it does, data structures may be 
  corrupted which could lead to fatal failure and segfault. I detected
  this via a testbench test, not a user report. But I assume that some
  users may have had unreproducable aborts that were cause by this bug.
- bugfix/improvement:$WorkDirectory now gracefully handles trailing slashes
- bugfix: memory leak in imtcp & subsystems under some circumstances
  This leak is tied to error conditions which lead to incorrect cleanup
  of some data structures. [backport from v6.3]
- bugfix: $ActionFileDefaultTemplate did not work
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=262
---------------------------------------------------------------------------
Version 6.1.8  [BETA] (rgerhards), 2011-05-20
- official new beta version (note that in a sense 6.1.7 was already beta,
  so we may release the first stable v6 earlier than usual)
- new module mmsnmptrapd, a sample message modification module
- import of minor bug fixes from v4 & v5
---------------------------------------------------------------------------
Version 6.1.7  [DEVEL] (rgerhards), 2011-04-15
- added log classification capabilities (via mmnormalize & tags)
- speeded up tcp forwarding by reducing number of API calls
  this especially speeds up TLS processing
- somewhat improved documentation index
- bugfix: enhanced imudp config processing code disabled due to wrong
  merge (affected UDP realtime capabilities)
- bugfix (kind of): memory leak with tcp reception epoll handler
  This was an extremely unlikely leak and, if it happend, quite small.
  Still it is better to handle this border case.
- bugfix: IPv6-address could not be specified in omrelp
  this was due to improper parsing of ":"
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=250
- bugfix: do not open files with full privileges, if privs will be dropped
  This make the privilege drop code more bulletproof, but breaks Ubuntu's
  work-around for log files created by external programs with the wrong
  user and/or group. Note that it was long said that this "functionality"
  would break once we go for serious privilege drop code, so hopefully
  nobody still depends on it (and, if so, they lost...).
- bugfix: pipes not opened in full priv mode when privs are to be dropped
---------------------------------------------------------------------------
Version 6.1.6  [DEVEL] (rgerhards), 2011-03-14
- enhanced omhdfs to support batching mode. This permits to increase
  performance, as we now call the HDFS API with much larger message
  sizes and far more infrequently
- improved testbench
  among others, life tests for ommysql (against a test database) have
  been added, valgrind-based testing enhanced, ...
- bugfix: minor memory leak in omlibdbi (< 1k per instance and run)
- bugfix: (regression) omhdfs did no longer compile
- bugfix: omlibdbi did not use password from rsyslog.con
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=203
- systemd support somewhat improved (can now take over existing log sockt)
- bugfix: discard action did not work under some circumstances
  fixes: http://bugzilla.adiscon.com/show_bug.cgi?id=217
- bugfix: file descriptor leak in gnutls netstream driver
  fixes: http://bugzilla.adiscon.com/show_bug.cgi?id=222
- fixed compile problem in imtemplate
  fixes: http://bugzilla.adiscon.com/show_bug.cgi?id=235
---------------------------------------------------------------------------
Version 6.1.5  [DEVEL] (rgerhards), 2011-03-04
- improved testbench
- enhanced imtcp to use a pool of worker threads to process incoming
  messages. This enables higher processing rates, especially in the TLS
  case (where more CPU is needed for the crypto functions)
- added support for TLS (in anon mode) to tcpflood
- improved TLS error reporting
- improved TLS startup (Diffie-Hellman bits do not need to be generated,
  as we do not support full anon key exchange -- we always need certs)
- bugfix: fixed a memory leak and potential abort condition
  this could happen if multiple rulesets were used and some output batches
  contained messages belonging to more than one ruleset.
  fixes: http://bugzilla.adiscon.com/show_bug.cgi?id=226
  fixes: http://bugzilla.adiscon.com/show_bug.cgi?id=218
- bugfix: memory leak when $RepeatedMsgReduction on was used
  bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=225
- bugfix: potential abort condition when $RepeatedMsgReduction set to on
  as well as potentially in a number of other places where MsgDup() was
  used. This only happened when the imudp input module was used and it
  depended on name resolution not yet had taken place. In other words,
  this was a strange problem that could lead to hard to diagnose 
  instability. So if you experience instability, chances are good that
  this fix will help.
---------------------------------------------------------------------------
Version 6.1.4  [DEVEL] (rgerhards), 2011-02-18
- bugfix/omhdfs: directive $OMHDFSFileName rendered unusable 
  due to a search and replace-induced bug ;)
- bugfix: minor race condition in action.c - considered cosmetic
  This is considered cosmetic as multiple threads tried to write exactly
  the same value into the same memory location without sync. The method
  has been changed so this can no longer happen.
- added pmsnare parser module (written by David Lang)
- enhanced imfile to support non-cancel input termination
- improved systemd socket activation thanks to Marius Tomaschewski
- improved error reporting for $WorkDirectory
  non-existance and other detectable problems are now reported,
  and the work directory is NOT set in this case
- bugfix: pmsnare causded abort under some conditions
- bugfix: abort if imfile reads file line of more than 64KiB
  Thanks to Peter Eisentraut for reporting and analysing this problem.
  bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=221
- bugfix: queue engine did not properly slow down inputs in FULL_DELAY mode
  when in disk-assisted mode. This especially affected imfile, which
  created unnecessarily queue files if a large set of input file data was
  to process.
- bugfix: very long running actions could prevent shutdown under some
  circumstances. This has now been solved, at least for common
  situations.
- bugfix: fixed compile problem due to empty structs
  this occured only on some platforms/compilers. thanks to Dražen Kačar 
  for the fix
---------------------------------------------------------------------------
Version 6.1.3  [DEVEL] (rgerhards), 2011-02-01
- experimental support for monogodb added
- added $IMUDPSchedulingPolicy and $IMUDPSchedulingPriority config settings
- added $LocalHostName config directive
- improved tcpsrv performance by enabling multiple-entry epoll
  so far, we always pulled a single event from the epoll interface. 
  Now 128, what should result in performance improvement (less API
  calls) on busy systems. Most importantly affects imtcp.
- imptcp now supports non-cancel termination mode, a plus in stability
- imptcp speedup: multiple worker threads can now be used to read data
- new directive $InputIMPTcpHelperThreads added
- bugfix: fixed build problems on some platforms
  namely those that have 32bit atomic operations but not 64 bit ones
- bugfix: local hostname was pulled too-early, so that some config 
  directives (namely FQDN settings) did not have any effect
- enhanced tcpflood to support multiple sender threads
  this is required for some high-throughput scenarios (and necessary to
  run some performance tests, because otherwise the sender is too slow).
- added some new custom parsers (snare, aix, some Cisco "specialities")
  thanks to David Lang
---------------------------------------------------------------------------
Version 6.1.2  [DEVEL] (rgerhards), 2010-12-16
- added experimental support for log normalizaton (via liblognorm)
  support for normalizing log messages has been added in the form of
  mmnormalize. The core engine (property replacer, filter engine) has
  been enhanced to support properties from normalized events.
  Note: this is EXPERIMENTAL code. It is currently know that
  there are issues if the functionality is used with
  - disk-based queues
  - asynchronous action queues
  You can not use the new functionality together with these features.
  This limitation will be removed in later releases. However, we 
  preferred to release early, so that one can experiment with the new
  feature set and accepted the price that this means the full set of
  functionality is not yet available. If not used together with
  these features, log normalizing should be pretty stable.
- enhanced testing tool tcpflood
  now supports sending via UDP and the capability to run multiple
  iterations and generate statistics data records
- bugfix: potential abort when output modules with different parameter
  passing modes were used in configured output modules
---------------------------------------------------------------------------
Version 6.1.1  [DEVEL] (rgerhards), 2010-11-30
- bugfix(important): problem in TLS handling could cause rsyslog to loop
  in a tight loop, effectively disabling functionality and bearing the
  risk of unresponsiveness of the whole system.
  Bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=194
- support for omhdfs officially added (import from 5.7.1)
- merged imuxsock improvements from 5.7.1 (see there)
- support for systemd officially added (import from 5.7.0)
- bugfix: a couple of problems that imfile had on some platforms, namely
  Ubuntu (not their fault, but occured there)
- bugfix: imfile utilizes 32 bit to track offset. Most importantly,
  this problem can not experienced on Fedora 64 bit OS (which has
  64 bit long's!)
- a number of other bugfixes from older versions imported
---------------------------------------------------------------------------
Version 6.1.0  [DEVEL] (rgerhards), 2010-08-12

*********************************** NOTE **********************************
The v6 versions of rsyslog feature a greatly redesigned config system 
which, among others, supports scoping. However, the initial version does
not contain the whole new system. Rather it will evolve. So it is
expected that interfaces, even new ones, break during the initial
6.x.y releases.
*********************************** NOTE **********************************

- added $Begin, $End and $ScriptScoping config scope statments
  (at this time for actions only).
- added imptcp, a simplified, Linux-specific and potentielly fast
  syslog plain tcp input plugin (NOT supporting TLS!)
  [ported from v4]
---------------------------------------------------------------------------
Version 5.10.2  [V5-STABLE], 201?-??-??
- bugfix: queue file size was not correctly processed
  this could lead to using one queue file per message for sizes >2GiB
  Thanks to Tomas Heinrich for the patch.
- updated systemd files to match current systemd source
- bugfix: spurios error messages from imuxsock about (non-error) EAGAIN
  Thanks to Marius Tomaschewski for the patch.
- imklog: added $klogParseKernelTimestamp option
  When enabled, kernel message [timestamp] is converted for message time.
  Default is to use receive time as in 5.8.x and before, because the clock
  used to create the timestamp is not supposed to be as accurate as the
  monotonic clock (depends on hardware and kernel) resulting in differences
  between kernel and system messages which occurred at same time.
  Thanks to Marius Tomaschewski for the patch.
- imklog: added $klogKeepKernelTimestamp option
  When enabled, the kernel [timestamp] remains at begin of
  each message, even it is used for the message time too.
  Thanks to Marius Tomaschewski for the patch.
- bugfix: imklog mistakenly took kernel timestamp subseconds as nanoseconds
  ... actually, they are microseconds. So the fractional part of the 
  timestamp was not properly formatted.
  Thanks to Marius Tomaschewski for the bug report and the patch idea.
- imklog: added $klogKeepKernelTimestamp option
  When enabled, the kernel [timestamp] remains at begin of
  each message, even it is used for the message time too.
  Thanks to Marius Tomaschewski for the patch.
- bugfix: imklog mistakenly took kernel timestamp subseconds as nanoseconds
  ... actually, they are microseconds. So the fractional part of the 
  timestamp was not properly formatted.
  Thanks to Marius Tomaschewski for the bug report and the patch idea.
- bugfix: invalid DST handling under Solaris
  Thanks to Scott Severtson for the patch.
- bugfix: invalid decrement in pm5424 could lead to log truncation
  Thanks to Tomas Heinrich for the patch.
- bugfix[kind of]: omudpspoof discarded messages >1472 bytes (MTU size)
  it now truncates these message, but ensures they are sent. Note that
  7.3.5+ will switch to fragmented UDP messages instead (up to 64K)
---------------------------------------------------------------------------
Version 5.10.1  [V5-STABLE], 2012-10-17
- bugfix: imuxsock and imklog truncated head of received message
  This happened only under some circumstances. Thanks to Marius
  Tomaschewski, Florian Piekert and Milan Bartos for their help in
  solving this issue.
- enable DNS resolution in imrelp
  Thanks to Apollon Oikonomopoulos for the patch
- bugfix: invalid property name in property-filter could cause abort
  if action chaining (& operator) was used
  http://bugzilla.adiscon.com/show_bug.cgi?id=355
  Thanks to pilou@gmx.com for the bug report
- bugfix: remove invalid socket option call from imuxsock
  Thanks to Cristian Ionescu-Idbohrn and Jonny Törnbom 
- bugfix: fixed wrong bufferlength for snprintf in tcpflood.c when using 
  the -f (dynafiles) option. 
- fixed issues in build system (namely related to cust1 dummy plugin)
---------------------------------------------------------------------------
Version 5.10.0  [V5-STABLE], 2012-08-23

NOTE: this is the new rsyslog v5-stable, incorporating all changes from the
      5.9.x series. In addition to that, it contains the fixes and
      enhancements listed below in this entry.

- bugfix: delayble source could block action queue, even if there was
  a disk queue associated with it. The root cause of this problem was
  that it makes no sense to delay messages once they arrive in the 
  action queue - the "input" that is being held in that case is the main
  queue worker, what makes no sense.
  Thanks to Marcin for alerting us on this problem and providing 
  instructions to reproduce it.
- bugfix: disk queue was not persisted on shutdown, regression of fix to
  http://bugzilla.adiscon.com/show_bug.cgi?id=299
  The new code also handles the case of shutdown of blocking light and 
  full delayable sources somewhat smarter and permits, assuming sufficient
  timouts, to persist message up to the max queue capacity. Also some nits
  in debug instrumentation have been fixed.
- add small delay (50ms) after sending shutdown message
  There seem to be cases where the shutdown message is otherwise not
  processed, not even on an idle system. Thanks to Marcin for
  bringing this problem up.
- support for resolving huge groups
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=310
  Thanks to Alec Warner for the patch
- bugfix: potential hang due to mutex deadlock
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=316
  Thanks to Andreas Piesk for reporting&analyzing this bug as well as
  providing patches and other help in resolving it.
- bugfix: property PROCID empty instead of proper nilvalue if not present
  If it is not present, it must have the nilvalue "-" as of RFC5424
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=332
  Thanks to John N for reporting this issue.
- bugfix: "last message repeated n times" message was missing hostname
  Thanks to Zdenek Salvet for finding this bug and to Bodik for reporting
- bugfix: multiple main queues with same queue file name was not detected
  This lead to queue file corruption. While the root cause is a config
  error, it is a bug that this important and hard to find config error
  was not detected by rsyslog.
---------------------------------------------------------------------------
Version 5.9.7  [V5-BETA], 2012-05-10
- added capability to specify substrings for field extraction mode
- bugfix: ommysql did not properly init/exit the mysql runtime library
  this could lead to segfaults. Triggering condition: multiple action
  instances using ommysql.  Thanks to Tomas Heinrich for reporting this
  problem and providing an initial patch (which my solution is based on,
  I need to add more code to clean the mess up).
- bugfix: rsyslog did not terminate when delayable inputs were blocked
  due to unvailable sources. Fixes:
  http://bugzilla.adiscon.com/show_bug.cgi?id=299
  Thanks to Marcin M for bringing up this problem and Andre Lorbach
  for helping to reproduce and fix it.
- bugfix/tcpflood: sending small test files did not work correctly
---------------------------------------------------------------------------
Version 5.9.6  [V5-BETA], 2012-04-12
- added configuration directives to customize queue light delay marks
- permit size modifiers (k,m,g,...) in integer config parameters
  Thanks to Jo Rhett for the suggestion.
- bugfix: hostname was not requeried on HUP
  Thanks to Per Jessen for reporting this bug and Marius Tomaschewski for
  his help in testing the fix.
- bugfix: imklog invalidly computed facility and severity
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=313
- bugfix: imptcp input name could not be set
  config directive was accepted, but had no effect
- added configuration directive to disable octet-counted framing
  for imtcp, directive is $InputTCPServerSupportOctetCountedFraming 
  for imptcp, directive is $InputPTCPServerSupportOctetCountedFraming 
- added capability to use a local interface IP address as fromhost-ip for
  locally originating messages. New directive $LocalHostIPIF
- added configuration directives to customize queue light delay marks
  $MainMsgQueueLightDelayMark, $ActionQueueLightDelayMark; both
  specify number of messages starting at which a delay happens.
---------------------------------------------------------------------------
Version 5.9.5  [V5-DEVEL], 2012-01-27
- improved impstats subsystem, added many new counters
- enhanced module loader to not rely on PATH_MAX
- refactored imklog linux driver, now combined with BSD driver
  The Linux driver no longer supports outdated kernel symbol resolution,
  which was disabled by default for very long. Also overall cleanup,
  resulting in much smaller code. Linux and BSD are now covered by a
  single small driver.
- $IMUXSockRateLimitInterval DEFAULT CHANGED, was 5, now 0
  The new default turns off rate limiting. This was chosen as people
  experienced problems with rate-limiting activated by default. Now it
  needs an explicit opt-in by setting this parameter.
  Thanks to Chris Gaffney for suggesting to make it opt-in; thanks to
  many unnamed others who already had complained at the time Chris made
  the suggestion ;-)
---------------------------------------------------------------------------
Version 5.9.4  [V5-DEVEL], 2011-11-29
- imuxsock: added capability to "annotate" messages with "trusted
  information", which contains some properties obtained from the system
  and as such sure to not be faked. This is inspired by the similiar idea
  introduced in systemd.
- removed dependency on gcrypt for recently-enough GnuTLS
  see: http://bugzilla.adiscon.com/show_bug.cgi?id=289
- bugfix: imuxsock did no longer ignore message-provided timestamp, if
  so configured (the *default*). Lead to no longer sub-second timestamps.
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=281
- bugfix: omfile returns fatal error code for things that go really wrong
  previously, RS_RET_RESUME was returned, which lead to a loop inside the
  rule engine as omfile could not really recover.
- bugfix: rsyslogd -v always said 64 atomics were not present
  thanks to mono_matsuko for the patch
---------------------------------------------------------------------------
Version 5.9.3  [V5-DEVEL], 2011-09-01
- bugfix/security: off-by-two bug in legacy syslog parser, CVE-2011-3200
- bugfix: mark message processing did not work correctly
- added capability to emit config error location info for warnings 
  otherwise, omusrmsg's warning about new config format was not
  accompanied by problem location.
- bugfix: potential misadressing in property replacer
- bugfix: MSGID corruption in RFC5424 parser under some circumstances
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=275
- bugfix: The NUL-Byte for the syslogtag was not copied in MsgDup (msg.c)
---------------------------------------------------------------------------
Version 5.9.2  [V5-DEVEL] (rgerhards), 2011-07-11
- systemd support: set stdout/stderr to null - thx to Lennart for the patch
- added support for the ":omusrmsg:" syntax in configuring user messages
- added support for the ":omfile:" syntax for actions
---------------------------------------------------------------------------
Version 5.9.1  [V5-DEVEL] (rgerhards), 2011-06-30
- added support for obtaining timestamp for kernel message from message
  If the kernel time-stamps messages, time is now take from that
  timestamp instead of the system time when the message was read. This
  provides much better accuracy. Thanks to Lennart Poettering for
  suggesting this feature and his help during implementation.
- added support for obtaining timestamp from system for imuxsock
  This permits to read the time a message was submitted to the system
  log socket. Most importantly, this is provided in microsecond resolution.
  So we are able to obtain high precision timestampis even for messages
  that were - as is usual - not formatted with them. This also simplifies
  things in regard to local time calculation in chroot environments.
  Many thanks to Lennart Poettering for suggesting this feature,
  providing some guidance on implementing it and coordinating getting the
  necessary support into the Linux kernel.
- bugfix: timestamp was incorrectly calculated for timezones with minute
  offset
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=271
- bugfix: problems in failover action handling
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=270
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=254
- bugfix: mutex was invalidly left unlocked during action processing
  At least one case where this can occur is during thread shutdown, which
  may be initiated by lower activity. In most cases, this is quite
  unlikely to happen. However, if it does, data structures may be 
  corrupted which could lead to fatal failure and segfault. I detected
  this via a testbench test, not a user report. But I assume that some
  users may have had unreproducable aborts that were cause by this bug.
- bugfix: memory leak in imtcp & subsystems under some circumstances
  This leak is tied to error conditions which lead to incorrect cleanup
  of some data structures. [backport from v6]
- bugfix/improvement:$WorkDirectory now gracefully handles trailing slashes
---------------------------------------------------------------------------
Version 5.9.0  [V5-DEVEL] (rgerhards), 2011-06-08
- imfile: added $InputFileMaxLinesAtOnce directive
- enhanced imfile to support input batching
- added capability for imtcp and imptcp to activate keep-alive packets
  at the socket layer. This has not been added to imttcp, as the latter is
  only an experimental module, and one which did not prove to be useful.
  reference: http://kb.monitorware.com/post20791.html
- added support to control KEEPALIVE settings in imptcp
  this has not yet been added to imtcp, but could be done on request.
- $ActionName is now also used for naming of queues in impstats
  as well as in the debug output
- bugfix: do not open files with full privileges, if privs will be dropped
  This make the privilege drop code more bulletproof, but breaks Ubuntu's
  work-around for log files created by external programs with the wrong
  user and/or group. Note that it was long said that this "functionality"
  would break once we go for serious privilege drop code, so hopefully
  nobody still depends on it (and, if so, they lost...).
- bugfix: pipes not opened in full priv mode when privs are to be dropped
- this begins a new devel branch for v5
- better handling of queue i/o errors in disk queues. This is kind of a
  bugfix, but a very intrusive one, this it goes into the devel version
  first. Right now, "file not found" is handled and leads to the new
  emergency mode, in which disk action is stopped and the queue run
  in direct mode. An error message is emited if this happens.
- added support for user-level PRI provided via systemd
- added new config directive $InputTCPFlowControl to select if tcp
  received messages shall be flagged as light delayable or not.
- enhanced omhdfs to support batching mode. This permits to increase
  performance, as we now call the HDFS API with much larger message
  sizes and far more infrequently
- bugfix: failover did not work correctly if repeated msg reduction was on
  affected directive was: $ActionExecOnlyWhenPreviousIsSuspended on
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=236
---------------------------------------------------------------------------
Version 5.8.13  [V5-stable] 2012-08-22
- bugfix: DA queue could cause abort
- bugfix: "last message repeated n times" message was missing hostname
  Thanks to Zdenek Salvet for finding this bug and to Bodik for reporting
- bugfix "$PreserveFQDN on" was not honored in some modules
  Thanks to bodik for reporting this bug.
- bugfix: randomized IP option header in omudpspoof caused problems
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=327
  Thanks to Rick Brown for helping to test out the patch.
- bugfix: potential abort if output plugin logged message during shutdown
  note that none of the rsyslog-provided plugins does this
  Thanks to bodik and Rohit Prasad for alerting us on this bug and
  analyzing it.
  fixes: http://bugzilla.adiscon.com/show_bug.cgi?id=347
- bugfix: multiple main queues with same queue file name was not detected
  This lead to queue file corruption. While the root cause is a config
  error, it is a bug that this important and hard to find config error
  was not detected by rsyslog.
---------------------------------------------------------------------------
Version 5.8.12  [V5-stable] 2012-06-06
- add small delay (50ms) after sending shutdown message
  There seem to be cases where the shutdown message is otherwise not
  processed, not even on an idle system. Thanks to Marcin for
  bringing this problem up.
- support for resolving huge groups
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=310
  Thanks to Alec Warner for the patch
- bugfix: delayble source could block action queue, even if there was
  a disk queue associated with it. The root cause of this problem was
  that it makes no sense to delay messages once they arrive in the 
  action queue - the "input" that is being held in that case is the main
  queue worker, what makes no sense.
  Thanks to Marcin for alerting us on this problem and providing 
  instructions to reproduce it.
- bugfix: disk queue was not persisted on shutdown, regression of fix to
  http://bugzilla.adiscon.com/show_bug.cgi?id=299
  The new code also handles the case of shutdown of blocking light and 
  full delayable sources somewhat smarter and permits, assuming sufficient
  timouts, to persist message up to the max queue capacity. Also some nits
  in debug instrumentation have been fixed.
- bugfix/omudpspoof: problems, including abort, happend when run on
  multiple threads. Root cause is that libnet is not thread-safe. 
  omudpspoof now guards libnet calls with their own mutex.
- bugfix: if debug message could end up in log file when forking
  if rsyslog was set to auto-background (thus fork, the default) and debug
  mode to stdout was enabled, debug messages ended up in the first log file
  opened. Currently, stdout logging is completely disabled in forking mode
  (but writing to the debug log file is still possible). This is a change 
  in behaviour, which is under review. If it causes problems to you,
  please let us know.
  Thanks to Tomas Heinrich for the patch.
- bugfix/tcpflood: sending small test files did not work correctly
- bugfix: potential hang due to mutex deadlock
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=316
  Thanks to Andreas Piesk for reporting&analyzing this bug as well as
  providing patches and other help in resolving it.
- bugfix: property PROCID empty instead of proper nilvalue if not present
  If it is not present, it must have the nilvalue "-" as of RFC5424
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=332
  Thanks to John N for reporting this issue.
---------------------------------------------------------------------------
Version 5.8.11  [V5-stable] 2012-05-03
- bugfix: ommysql did not properly init/exit the mysql runtime library
  this could lead to segfaults. Triggering condition: multiple action
  instances using ommysql.  Thanks to Tomas Heinrich for reporting this
  problem and providing an initial patch (which my solution is based on,
  I need to add more code to clean the mess up).
- bugfix: rsyslog did not terminate when delayable inputs were blocked
  due to unvailable sources. Fixes:
  http://bugzilla.adiscon.com/show_bug.cgi?id=299
  Thanks to Marcin M for bringing up this problem and Andre Lorbach
  for helping to reproduce and fix it.
- bugfix: active input in "light delay state" could block rsyslog
  termination, at least for prolonged period of time
- bugfix: imptcp input name could not be set
  config directive was accepted, but had no effect
- bugfix: assigned ruleset was lost when using disk queues
  This looked quite hard to diagnose for disk-assisted queues, as the
  pure memory part worked well, but ruleset info was lost for messages
  stored inside the disk queue.
- bugfix: hostname was not requeried on HUP
  Thanks to Per Jessen for reporting this bug and Marius Tomaschewski for
  his help in testing the fix.
- bugfix: inside queue.c, some thread cancel states were not correctly
  reset. While this is a bug, we assume it did have no practical effect
  because the reset as it was done was set to the state the code actually
  had at this point. But better fix this...
---------------------------------------------------------------------------
Version 5.8.10  [V5-stable] 2012-04-05
- bugfix: segfault on startup if $actionqueuefilename was missing for disk
  queue config
  Thanks to Tomas Heinrich for the patch.
- bugfix: segfault if disk-queue was started up with old queue file
  Thanks to Tomas Heinrich for the patch.
- bugfix: memory leak in array passing output module mode
---------------------------------------------------------------------------
Version 5.8.9  [V5-stable] 2012-03-15
- added tool to recover disk queue if .qi file is missing (recover_qi.pl)
  Thanks to Kaiwang Chen for contributing this tool
- bugfix: stopped DA queue was never processed after a restart due to a
  regression from statistics module
- added better doc for statsobj interface
  Thanks to Kaiwang Chen for his suggestions and analysis in regard to the
  stats subsystem.
---------------------------------------------------------------------------
Version 5.8.8  [V5-stable] 2012-03-05
- added capability to use a local interface IP address as fromhost-ip for
  imuxsock imklog
  new config directives: $IMUXSockLocalIPIF, $klogLocalIPIF
- added configuration directives to customize queue light delay marks
  $MainMsgQueueLightDelayMark, $ActionQueueLightDelayMark; both
  specify number of messages starting at which a delay happens.
- bugfix: omprog made rsyslog abort on startup if not binary to
  execute was configured
- bugfix: imklog invalidly computed facility and severity
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=313
---------------------------------------------------------------------------
Version 5.8.7  [V5-stable] 2012-01-17
- bugfix: instabilities when using RFC5424 header fields
  Thanks to Kaiwang Chen for the patch
- bugfix: imuxsock did truncate part of received message if it did not
  contain a proper date. The truncation occured because we removed that
  part of the messages that was expected to be the date.
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=295
- bugfix: potential abort after reading invalid X.509 certificate
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=290
  Thanks to Tomas Heinrich for the patch
- bugfix: stats counter were not properly initialized on creation
- FQDN hostname for multihomed host was not always set to the correct name
  if multiple aliases existed. Thanks to Tomas Heinreich for the patch.
- re-licensed larger parts of the codebase under the Apache license 2.0
---------------------------------------------------------------------------
Version 5.8.6  [V5-stable] 2011-10-21
- bugfix: missing whitespace after property-based filter was not detected
- bugfix: $OMFileFlushInterval period was doubled - now using correct value
- bugfix: ActionQueue could malfunction due to index error
  Thanks to Vlad Grigorescu for the patch
- bugfix: $ActionExecOnlyOnce interval did not work properly
  Thanks to Tomas Heinrich for the patch
- bugfix: race condition when extracting program name, APPNAME, structured
  data and PROCID (RFC5424 fields) could lead to invalid characters e.g.
  in dynamic file names or during forwarding (general malfunction of these
  fields in templates, mostly under heavy load)
- bugfix: imuxsock did no longer ignore message-provided timestamp, if
  so configured (the *default*). Lead to no longer sub-second timestamps.
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=281
- bugfix: omfile returns fatal error code for things that go really wrong
  previously, RS_RET_RESUME was returned, which lead to a loop inside the
  rule engine as omfile could not really recover.
- bugfix: imfile did invalid system call under some circumstances
  when a file that was to be monitored did not exist BUT the state file
  actually existed. Mostly a cosmetic issue. Root cause was incomplete
  error checking in stream.c; so patch may affect other code areas.
- bugfix: rsyslogd -v always said 64 atomics were not present
  thanks to mono_matsuko for the patch
---------------------------------------------------------------------------
Version 5.8.5  [V5-stable] (rgerhards/al), 2011-09-01
- bugfix/security: off-by-two bug in legacy syslog parser, CVE-2011-3200
- bugfix: mark message processing did not work correctly
- bugfix: potential hang condition during tag emulation
- bugfix: too-early string termination during tag emulation
- bugfix: The NUL-Byte for the syslogtag was not copied in MsgDup (msg.c)
- bugfix: fixed incorrect state handling for Discard Action (transactions)
  Note: This caused all messages in a batch to be set to COMMITTED, 
  even if they were discarded. 
---------------------------------------------------------------------------
Version 5.8.4  [V5-stable] (al), 2011-08-10
- bugfix: potential misadressing in property replacer
- bugfix: memcpy overflow can occur in allowed sender checkig
  if a name is resolved to IPv4-mapped-on-IPv6 address
  Found by Ismail Dönmez at suse
- bugfix: potential misadressing in property replacer
- bugfix: MSGID corruption in RFC5424 parser under some circumstances
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=275
---------------------------------------------------------------------------
Version 5.8.3  [V5-stable] (rgerhards), 2011-07-11
- systemd support: set stdout/stderr to null - thx to Lennart for the patch
- added support for the ":omusrmsg:" syntax in configuring user messages
- added support for the ":omfile:" syntax for actions
  Note: previous outchannel syntax will generate a warning message. This
  may be surprising to some users, but it is quite urgent to alert them
  of the new syntax as v6 can no longer support the previous one.
---------------------------------------------------------------------------
Version 5.8.2  [V5-stable] (rgerhards), 2011-06-21
- bugfix: problems in failover action handling
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=270
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=254
- bugfix: mutex was invalidly left unlocked during action processing
  At least one case where this can occur is during thread shutdown, which
  may be initiated by lower activity. In most cases, this is quite
  unlikely to happen. However, if it does, data structures may be 
  corrupted which could lead to fatal failure and segfault. I detected
  this via a testbench test, not a user report. But I assume that some
  users may have had unreproducable aborts that were cause by this bug.
- bugfix: memory leak in imtcp & subsystems under some circumstances
  This leak is tied to error conditions which lead to incorrect cleanup
  of some data structures. [backport from v6]
- bugfix/improvement:$WorkDirectory now gracefully handles trailing slashes
---------------------------------------------------------------------------
Version 5.8.1  [V5-stable] (rgerhards), 2011-05-19
- bugfix: invalid processing in QUEUE_FULL condition
  If the the multi-submit interface was used and a QUEUE_FULL condition
  occured, the failed message was properly destructed. However, the
  rest of the input batch, if it existed, was not processed. So this
  lead to potential loss of messages and a memory leak. The potential
  loss of messages was IMHO minor, because they would have been dropped
  in most cases due to the queue remaining full, but very few lucky ones
  from the batch may have made it. Anyhow, this has now been changed so
  that the rest of the batch is properly tried to be enqueued and, if
  not possible, destructed.
- new module mmsnmptrapd, a sample message modification module
  This can be useful to reformat snmptrapd messages and also serves as
  a sample for how to write message modification modules using the
  output module interface. Note that we introduced this new 
  functionality directly into the stable release, as it does not 
  modify the core and as such cannot have any side-effects if it is
  not used (and thus the risk is solely on users requiring that
  functionality).
- bugfix: rate-limiting inside imuxsock did not work 100% correct
  reason was that a global config variable was invalidly accessed where a
  listener variable should have been used.
  Also performance-improved the case when rate limiting is turned off (this
  is a very unintrusive change, thus done directly to the stable version).
- bugfix: $myhostname not available in RainerScript (and no error message)
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=233
- bugfix: memory and file descriptor leak in stream processing
  Leaks could occur under some circumstances if the file stream handler
  errored out during the open call. Among others, this could cause very
  big memory leaks if there were a problem with unreadable disk queue
  files. In regard to the memory leak, this
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=256
- bugfix: doc for impstats had wrong config statements
  also, config statements were named a bit inconsistent, resolved that
  problem by introducing an alias and only documenting the consistent
  statements
  Thanks to Marcin for bringing up this problem.
- bugfix: IPv6-address could not be specified in omrelp
  this was due to improper parsing of ":"
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=250
- bugfix: TCP connection invalidly aborted when messages needed to be
  discarded (due to QUEUE_FULL or similar problem)
- bugfix: $LocalHostName was not honored under all circumstances
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=258
- bugfix(minor): improper template function call in syslogd.c
---------------------------------------------------------------------------
Version 5.8.0  [V5-stable] (rgerhards), 2011-04-12

This is the new v5-stable branch, importing all feature from the 5.7.x
versions. To see what has changed in regard to the previous v5-stable,
check the Changelog for 5.7.x below.

- bugfix: race condition in deferred name resolution
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=238
  Special thanks to Marcin for his persistence in helping to solve this
  bug.
- bugfix: DA queue was never shutdown once it was started
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=241
---------------------------------------------------------------------------
Version 5.7.10  [V5-BETA] (rgerhards), 2011-03-29
- bugfix: ompgsql did not work properly with ANSI SQL strings
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=229
- bugfix: rsyslog did not build with --disable-regexp configure option
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=243
- bugfix: PRI was invalid on Solaris for message from local log socket
- enhance: added $BOM system property to ease writing byte order masks
- bugfix: RFC5424 parser confused by empty structured data
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=237
- bugfix: error return from strgen caused abort, now causes action to be
  ignored (just like a failed filter)
- new sample plugin for a strgen to generate sql statement consumable
  by a database plugin
- bugfix: strgen could not be used together with database outputs
  because the sql/stdsql option could not be specified. This has been
  solved by permitting the strgen to include the opton inside its name.
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=195
---------------------------------------------------------------------------
Version 5.7.9  [V5-BETA] (rgerhards), 2011-03-16
- improved testbench
  among others, life tests for ommysql (against a test database) have
  been added, valgrind-based testing enhanced, ...
- enhance: fallback *at runtime* to epoll_create if epoll_create1 is not
  available. Thanks to Michael Biebl for analysis and patch!
- bugfix: failover did not work correctly if repeated msg reduction was on
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=236
  affected directive was: $ActionExecOnlyWhenPreviousIsSuspended on
- bugfix: minor memory leak in omlibdbi (< 1k per instance and run)
- bugfix: (regression) omhdfs did no longer compile
- bugfix: omlibdbi did not use password from rsyslog.conf
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=203
---------------------------------------------------------------------------
Version 5.7.8  [V5-BETA] (rgerhards), 2011-03-09
- systemd support somewhat improved (can now take over existing log sockt)
- bugfix: discard action did not work under some circumstances
  fixes: http://bugzilla.adiscon.com/show_bug.cgi?id=217
- bugfix: file descriptor leak in gnutls netstream driver
  fixes: http://bugzilla.adiscon.com/show_bug.cgi?id=222
---------------------------------------------------------------------------
Version 5.7.7  [V5-BETA] (rgerhards), 2011-03-02
- bugfix: potential abort condition when $RepeatedMsgReduction set to on
  as well as potentially in a number of other places where MsgDup() was
  used. This only happened when the imudp input module was used and it
  depended on name resolution not yet had taken place. In other words,
  this was a strange problem that could lead to hard to diagnose 
  instability. So if you experience instability, chances are good that
  this fix will help.
---------------------------------------------------------------------------
Version 5.7.6  [V5-BETA] (rgerhards), 2011-02-25
- bugfix: fixed a memory leak and potential abort condition
  this could happen if multiple rulesets were used and some output batches
  contained messages belonging to more than one ruleset.
  fixes: http://bugzilla.adiscon.com/show_bug.cgi?id=226
  fixes: http://bugzilla.adiscon.com/show_bug.cgi?id=218
- bugfix: memory leak when $RepeatedMsgReduction on was used
  bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=225
---------------------------------------------------------------------------
Version 5.7.5  [V5-BETA] (rgerhards), 2011-02-23
- enhance: imfile did not yet support multiple rulesets, now added
  we do this directly in the beta because a) it does not affect existing
  functionality and b) one may argue that this missing functionality is
  close to a bug.
- improved testbench, added tests for imuxsock
- bugfix: imuxsock did no longer sanitize received messages
  This was a regression from the imuxsock partial rewrite. Happened
  because the message is no longer run through the standard parsers. 
  bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=224
- bugfix: minor race condition in action.c - considered cosmetic
  This is considered cosmetic as multiple threads tried to write exactly
  the same value into the same memory location without sync. The method
  has been changed so this can no longer happen.
---------------------------------------------------------------------------
Version 5.7.4  [V5-BETA] (rgerhards), 2011-02-17
- added pmsnare parser module (written by David Lang)
- enhanced imfile to support non-cancel input termination
- improved systemd socket activation thanks to Marius Tomaschewski
- improved error reporting for $WorkDirectory
  non-existance and other detectable problems are now reported,
  and the work directory is NOT set in this case
- bugfix: pmsnare causded abort under some conditions
- bugfix: abort if imfile reads file line of more than 64KiB
  Thanks to Peter Eisentraut for reporting and analysing this problem.
  bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=221
- bugfix: queue engine did not properly slow down inputs in FULL_DELAY mode
  when in disk-assisted mode. This especially affected imfile, which
  created unnecessarily queue files if a large set of input file data was
  to process.
- bugfix: very long running actions could prevent shutdown under some
  circumstances. This has now been solved, at least for common
  situations.
- bugfix: fixed compile problem due to empty structs
  this occured only on some platforms/compilers. thanks to Dražen Kačar 
  for the fix
---------------------------------------------------------------------------
Version 5.7.3  [V5-BETA] (rgerhards), 2011-02-07
- added support for processing multi-line messages in imfile
- added $IMUDPSchedulingPolicy and $IMUDPSchedulingPriority config settings
- added $LocalHostName config directive
- bugfix: fixed build problems on some platforms
  namely those that have 32bit atomic operations but not 64 bit ones
- bugfix: local hostname was pulled too-early, so that some config 
  directives (namely FQDN settings) did not have any effect
- bugfix: imfile did duplicate messages under some circumstances
- added $OMMySQLConfigFile config directive
- added $OMMySQLConfigSection config directive
---------------------------------------------------------------------------
Version 5.7.2  [V5-DEVEL] (rgerhards), 2010-11-26
- bugfix(important): problem in TLS handling could cause rsyslog to loop
  in a tight loop, effectively disabling functionality and bearing the
  risk of unresponsiveness of the whole system.
  Bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=194
- bugfix: imfile state file was not written when relative file name
  for it was specified
- bugfix: compile failed on systems without epoll_create1()
  Thanks to David Hill for providing a fix.
- bugfix: atomic increment for msg object may not work correct on all
  platforms. Thanks to Chris Metcalf for the patch
- bugfix: replacements for atomic operations for non-int sized types had
  problems. At least one instance of that problem could potentially lead
  to abort (inside omfile).
---------------------------------------------------------------------------
Version 5.7.1  [V5-DEVEL] (rgerhards), 2010-10-05
- support for Hadoop's HDFS added (via omhdfs)
- imuxsock now optionally use SCM_CREDENTIALS to pull the pid from the log
  socket itself
  (thanks to Lennart Poettering for the suggesting this feature)
- imuxsock now optionally uses per-process input rate limiting, guarding the
  user against processes spamming the system log
  (thanks to Lennart Poettering for suggesting this feature)
- added new config statements
  * $InputUnixListenSocketUsePIDFromSystem 
  * $SystemLogUsePIDFromSystem 
  * $SystemLogRateLimitInterval
  * $SystemLogRateLimitBurst
  * $SystemLogRateLimitSeverity
  * $IMUxSockRateLimitInterval
  * $IMUxSockRateLimitBurst
  * $IMUxSockRateLimitSeverity
- imuxsock now supports up to 50 different sockets for input
- some code cleanup in imuxsock (consider this a release a major
  modification, especially if problems show up)
- bugfix: /dev/log was unlinked even when passed in from systemd
  in which case it should be preserved as systemd owns it
---------------------------------------------------------------------------
Version 5.7.0  [V5-DEVEL] (rgerhards), 2010-09-16
- added module impstat to emit periodic statistics on rsyslog counters
- support for systemd officially added
  * acquire /dev/log socket optionally from systemd
    thanks to Lennart Poettering for this patch
  * sd-systemd API added as part of rsyslog runtime library
---------------------------------------------------------------------------
Version 5.6.5  [V5-STABLE] (rgerhards), 2011-03-22
- bugfix: failover did not work correctly if repeated msg reduction was on
  affected directive was: $ActionExecOnlyWhenPreviousIsSuspended on
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=236
- bugfix: omlibdbi did not use password from rsyslog.con
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=203
- bugfix(kind of): tell users that config graph can currently not be
  generated
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=232
- bugfix: discard action did not work under some circumstances
  fixes: http://bugzilla.adiscon.com/show_bug.cgi?id=217
  (backport from 5.7.8)
---------------------------------------------------------------------------
Version 5.6.4  [V5-STABLE] (rgerhards), 2011-03-03
- bugfix: potential abort condition when $RepeatedMsgReduction set to on
  as well as potentially in a number of other places where MsgDup() was
  used. This only happened when the imudp input module was used and it
  depended on name resolution not yet had taken place. In other words,
  this was a strange problem that could lead to hard to diagnose 
  instability. So if you experience instability, chances are good that
  this fix will help.
- bugfix: fixed a memory leak and potential abort condition
  this could happen if multiple rulesets were used and some output batches
  contained messages belonging to more than one ruleset.
  fixes: http://bugzilla.adiscon.com/show_bug.cgi?id=226
  fixes: http://bugzilla.adiscon.com/show_bug.cgi?id=218
- bugfix: memory leak when $RepeatedMsgReduction on was used
  bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=225
---------------------------------------------------------------------------
Version 5.6.3  [V5-STABLE] (rgerhards), 2011-01-26
- bugfix: action processor released memory too early, resulting in
  potential issue in retry cases (but very unlikely due to another
  bug, which I also fixed -- only after the fix this problem here
  became actually visible).
- bugfix: batch processing flagged invalid message as "bad" under some
  circumstances
- bugfix: unitialized variable could cause issues under extreme conditions
  plus some minor nits. This was found after a clang static code analyzer
  analysis (great tool, and special thanks to Marcin for telling me about
  it!)
- bugfix: batches which had actions in error were not properly retried in
  all cases
- bugfix: imfile did duplicate messages under some circumstances
- bugfix: testbench was not activated if no Java was present on system
  ... what actually was a left-over. Java is no longer required.
---------------------------------------------------------------------------
Version 5.6.2  [V5-STABLE] (rgerhards), 2010-11-30
- bugfix: compile failed on systems without epoll_create1()
  Thanks to David Hill for providing a fix.
- bugfix: atomic increment for msg object may not work correct on all
  platforms. Thanks to Chris Metcalf for the patch
- bugfix: replacements for atomic operations for non-int sized types had
  problems. At least one instance of that problem could potentially lead
  to abort (inside omfile).
- added the $InputFilePersistStateInterval config directive to imfile
- changed imfile so that the state file is never deleted (makes imfile
  more robust in regard to fatal failures)
- bugfix: a slightly more informative error message when a TCP
  connections is aborted
---------------------------------------------------------------------------
Version 5.6.1  [V5-STABLE] (rgerhards), 2010-11-24
- bugfix(important): problem in TLS handling could cause rsyslog to loop
  in a tight loop, effectively disabling functionality and bearing the
  risk of unresponsiveness of the whole system.
  Bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=194
- permitted imptcp to work on systems which support epoll(), but not
  epoll_create().
  Bug: http://bugzilla.adiscon.com/show_bug.cgi?id=204
  Thanks to Nicholas Brink for reporting this problem.
- bugfix: testbench failed if imptcp was not enabled
- bugfix: segfault when an *empty* template was used
  Bug: http://bugzilla.adiscon.com/show_bug.cgi?id=206
  Thanks to David Hill for alerting us.
- bugfix: compile failed with --enable-unlimited-select
  thanks varmojfekoj for the patch
---------------------------------------------------------------------------
Version 5.6.0  [V5-STABLE] (rgerhards), 2010-10-19

This release brings all changes and enhancements of the 5.5.x series
to the v5-stable branch.

- bugfix: a couple of problems that imfile had on some platforms, namely
  Ubuntu (not their fault, but occured there)
- bugfix: imfile utilizes 32 bit to track offset. Most importantly,
  this problem can not experienced on Fedora 64 bit OS (which has
  64 bit long's!)
---------------------------------------------------------------------------
Version 5.5.7  [V5-BETA] (rgerhards), 2010-08-09
- changed omudpspoof default spoof address to simplify typical use case
  thanks to David Lang for suggesting this
- doc bugfix: pmlastmsg doc samples had errors
- bugfix[minor]: pmrfc3164sd had invalid name (resided in rsyslog name 
  space, what should not be the case for a contributed module)
- added omuxsock, which permits to write message to local Unix sockets
  this is the counterpart to imuxsock, enabling fast local forwarding
---------------------------------------------------------------------------
Version 5.5.6  [DEVEL] (rgerhards), 2010-07-21
- added parser modules
  * pmlastmsg, which supports the notoriously malformed "last message
    repeated n times" messages from some syslogd's (namely sysklogd)
  * pmrfc3164sd (contributed), supports RFC5424 structured data in 
    RFC3164 messages [untested]
- added new module type "string generator", used to speed up output
  processing. Expected speedup for (typical) rsyslog processing is
  roughly 5 to 6 percent compared to using string-based templates.
  They may also be used to do more complex formatting with custom
  C code, what provided greater flexibility and probably far higher
  speed, for example if using multiple regular expressions within a 
  template.
- added 4 string generators for
  * RSYSLOG_FileFormat
  * RSYSLOG_TraditionalFileFormat
  * RSYSLOG_ForwardFormat
  * RSYSLOG_TraditionalForwardFormat
- bugfix: mutexes used to simulate atomic instructions were not destructed
- bugfix: regression caused more locking action in msg.c than necessary
- bugfix: "$ActionExecOnlyWhenPreviousIsSuspended on" was broken
- bugfix: segfault on HUP when "HUPIsRestart" was set to "on"
  thanks varmojfekoj for the patch
- bugfix: default for $OMFileFlushOnTXEnd was wrong ("off").
  This, in default mode, caused buffered writing to be used, what
  means that it looked like no output were written or partial
  lines. Thanks to Michael Biebl for pointing out this bug.
- bugfix: programname filter in ! configuration can not be reset
  Thanks to Kiss Gabor for the patch.
---------------------------------------------------------------------------
Version 5.5.5  [DEVEL] (rgerhards), 2010-05-20
- added new cancel-reduced action thread termination method
  We now manage to cancel threads that block inside a retry loop to
  terminate without the need to cancel the thread. Avoiding cancellation
  helps keep the system complexity minimal and thus provides for better
  stability. This also solves some issues with improper shutdown when
  inside an action retry loop.
---------------------------------------------------------------------------
Version 5.5.4  [DEVEL] (rgerhards), 2010-05-03
- This version offers full support for Solaris on Intel and Sparc
- bugfix: problems with atomic operations emulation
  replaced atomic operation emulation with new code. The previous code
  seemed to have some issue and also limited concurrency severely. The
  whole atomic operation emulation has been rewritten.
- bugfix: netstream ptcp support class was not correctly build on systems
  without epoll() support
- bugfix: segfault on Solaris/Sparc
---------------------------------------------------------------------------
Version 5.5.3  [DEVEL] (rgerhards), 2010-04-09
- added basic but functional support for Solaris
- imported many bugfixes from 3.6.2/4.6.1 (see ChangeLog below!)
- added new property replacer option "date-rfc3164-buggyday" primarily
  to ease migration from syslog-ng. See property replacer doc for
  details.
- added capability to turn off standard LF delimiter in TCP server
  via new directive "$InputTCPServerDisableLFDelimiter on"
- bugfix: failed to compile on systems without epoll support
- bugfix: comment char ('#') in literal terminated script parsing
  and thus could not be used.
  but tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=119
  [merged in from v3.22.2]
- imported patches from 4.6.0:
  * improved testbench to contain samples for totally malformed messages
    which miss parts of the message content
  * bugfix: some malformed messages could lead to a missing LF inside files
    or some other missing parts of the template content.
  * bugfix: if a message ended immediately with a hostname, the hostname
    was mistakenly interpreted as TAG, and localhost be used as hostname
---------------------------------------------------------------------------
Version 5.5.2  [DEVEL] (rgerhards), 2010-02-05
- applied patches that make rsyslog compile under Apple OS X.
  Thanks to trey for providing these.
- replaced data type "bool" by "sbool" because this created some
  portability issues.
- added $Escape8BitCharactersOnReceive directive
  Thanks to David Lang for suggesting it.
- worked around an issue where omfile failed to compile on 32 bit platforms
  under some circumstances (this smells like a gcc problem, but a simple
  solution was available). Thanks to Kenneth Marshall for some advice.
- extended testbench
---------------------------------------------------------------------------
Version 5.5.1  [DEVEL] (rgerhards), 2009-11-27
- introduced the ablity for netstream drivers to utilize an epoll interface
  This offers increased performance and removes the select() FDSET size
  limit from imtcp. Note that we fall back to select() if there is no
  epoll netstream drivers. So far, an epoll driver has only been
  implemented for plain tcp syslog, the rest will follow once the code
  proves well in practice AND there is demand.
- re-implemented $EscapeControlCharacterTab config directive
  Based on Jonathan Bond-Caron's patch for v4. This now also includes some
  automatted tests.
- bugfix: enabling GSSServer crashes rsyslog startup
  Thanks to Tomas Kubina for the patch [imgssapi]
- bugfix (kind of): check if TCP connection is still alive if using TLS
  Thanks to Jonathan Bond-Caron for the patch.
---------------------------------------------------------------------------
Version 5.5.0  [DEVEL] (rgerhards), 2009-11-18
- moved DNS resolution code out of imudp and into the backend processing
  Most importantly, DNS resolution now never happens if the resolved name
  is not required. Note that this applies to imudp - for the other inputs,
  DNS resolution almost comes for free, so we do not do it there. However,
  the new method has been implemented in a generic way and as such may 
  also be used by other modules in the future.
- added option to use unlimited-size select() calls
  Thanks to varmjofekoj for the patch
  This is not done in imudp, as it natively supports epoll().
- doc: improved description of what loadable modules can do
---------------------------------------------------------------------------
Version 5.4.2  [v5-stable] (rgerhards), 2010-03-??
- bugfix(kind of): output plugin retry behaviour could cause engine to loop
  The rsyslog engine did not guard itself against output modules that do
  not properly convey back the tryResume() behaviour. This then leads to
  what looks like an endless loop. I consider this to be a bug of the 
  engine not only because it should be hardened against plugin misbehaviour,
  but also because plugins may not be totally able to avoid this situation
  (depending on the type of and processing done by the plugin).
- bugfix: testbench failed when not executed in UTC+1 timezone
  accidently, the time zone information was kept inside some
  to-be-checked-for responses
- temporary bugfix replaced by permanent one for
  message-induced off-by-one error (potential segfault) (see 4.6.2)
  The analysis has been completed and a better fix been crafted and 
  integrated.
- bugfix(minor): status variable was uninitialized
  However, this would have caused harm only if NO parser modules at
  all were loaded, which would lead to a defunctional configuration
  at all. And, even more important, this is impossible as two parser
  modules are built-in and thus can not be "not loaded", so we always
  have a minimum of two.
---------------------------------------------------------------------------
Version 5.4.1  [v5-stable] (rgerhards), 2010-03-??
- added new property replacer option "date-rfc3164-buggyday" primarily
  to ease migration from syslog-ng. See property replacer doc for
  details. [backport from 5.5.3 because urgently needed by some]
- imported all bugfixes vom 4.6.2 (see below)
---------------------------------------------------------------------------
Version 5.4.0  [v5-stable] (rgerhards), 2010-03-08
***************************************************************************
* This is a new stable v5 version. It contains all fixes and enhancements *
* made during the 5.3.x phase as well as those listed below.              *
* Note that the 5.2.x series was quite buggy and as such all users are    *
* strongly advised to upgrade to 5.4.0.                                   *
***************************************************************************
- bugfix: omruleset failed to work in many cases
  bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=179
  Thanks to Ryan B. Lynch for reporting this issue.
- bugfix: comment char ('#') in literal terminated script parsing
  and thus could not be used.
  but tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=119
  [merged in from v3.22.2]
---------------------------------------------------------------------------
Version 5.3.7  [BETA] (rgerhards), 2010-01-27
- bugfix: queues in direct mode could case a segfault, especially if an
  action failed for action queues. The issue was an invalid increment of
  a stack-based pointer which lead to destruction of the stack frame and
  thus a segfault on function return.
  Thanks to Michael Biebl for alerting us on this problem.
- bugfix: hostname accidently set to IP address for some message sources,
  for example imudp. Thanks to Anton for reporting this bug. [imported v4]
- bugfix: ompgsql had problems with transaction support, what actually 
  rendered it unsuable. Thanks to forum user "horhe" for alerting me
  on this bug and helping to debug/fix it! [imported from 5.3.6]
- bugfix: $CreateDirs variable not properly initialized, default thus
  was random (but most often "on") [imported from v3]
- bugfix: potential segfaults during queue shutdown
  (bugs require certain non-standard settings to appear)
  Thanks to varmojfekoj for the patch [imported from 4.5.8]
  [backport from 5.5.2]
- bugfix: wrong memory assignment for a config variable (probably
  without causing any harm) [backport from 5.2.2]
- bugfix: rsyslog hangs when writing to a named pipe which nobody was
  reading. Thanks to Michael Biebl for reporting this bug.
  Bugzilla entry: http://bugzilla.adiscon.com/show_bug.cgi?id=169
  [imported from 4.5.8]
---------------------------------------------------------------------------
Version 5.3.6  [BETA] (rgerhards), 2010-01-13
- bugfix: ompgsql did not properly check the server connection in
  tryResume(), which could lead to rsyslog running in a thight loop
- bugfix: suspension during beginTransaction() was not properly handled
  by rsyslog core
- bugfix: omfile output was only written when buffer was full, not at
  end of transaction
- bugfix: commit transaction was not properly conveyed to message layer,
  potentially resulting in non-message destruction and thus hangs
- bugfix: enabling GSSServer crashes rsyslog startup
  Thanks to Tomas Kubina for the patch [imgssapi]
- bugfix (kind of): check if TCP connection is still alive if using TLS
  Thanks to Jonathan Bond-Caron for the patch.
- bugfix: $CreateDirs variable not properly initialized, default thus
  was random (but most often "on") [imported from v3]
- bugfix: ompgsql had problems with transaction support, what actually 
  rendered it unsuable. Thanks to forum user "horhe" for alerting me
  on this bug and helping to debug/fix it!
- bugfix: memory leak when sending messages in zip-compressed format
  Thanks to Naoya Nakazawa for analyzing this issue and providing a patch.
- worked around an issue where omfile failed to compile on 32 bit platforms
  under some circumstances (this smells like a gcc problem, but a simple
  solution was available). Thanks to Kenneth Marshall for some advice.
  [backported from 5.5.x branch]
---------------------------------------------------------------------------
Version 5.3.5  [BETA] (rgerhards), 2009-11-13
- some light performance enhancement by replacing time() call with much
  faster (at least under linux) gettimeofday() calls.
- some improvement of omfile performance with dynafiles
  saved costly time() calls by employing a logical clock, which is 
  sufficient for the use case
- bugfix: omudpspoof miscalculated source and destination ports
  while this was probably not noticed for source ports, it resulted in
  almost all destination ports being wrong, except for the default port
  of 514, which by virtue of its binary representation was calculated 
  correct (and probably thus the bug not earlier detected).
- bugfixes imported from earlier releases
  * bugfix: named pipes did no longer work (they always got an open error)
    this was a regression from the omfile rewrite in 4.5.0
  * bugfix(testbench): sequence check was not always performed correctly,
    that could result in tests reporting success when they actually failed
- improved testbench: added tests for UDP forwarding and omudpspoof
- doc bugfix: omudpspoof had wrong config command names ("om" missing)
- bugfix [imported from 4.4.3]: $ActionExecOnlyOnceEveryInterval did
  not work.
- [inport v4] improved testbench, contains now tcp and gzip test cases
- [import v4] added a so-called "On Demand Debug" mode, in which debug
  output can be generated only after the process has started, but not right
  from the beginning. This is assumed to be useful for hard-to-find bugs.
  Also improved the doc on the debug system.
- bugfix: segfault on startup when -q or -Q option was given
  [imported from v3-stable]
---------------------------------------------------------------------------
Version 5.3.4  [DEVEL] (rgerhards), 2009-11-04
- added the ability to create custom message parsers
- added $RulesetParser config directive that permits to bind specific
  parsers to specific rulesets
- added omruleset output module, which provides great flexibility in 
  action processing. THIS IS A VERY IMPORTANT ADDITION, see its doc
  for why.
- added the capability to have ruleset-specific main message queues
  This offers considerable additional flexibility AND superior performance
  (in cases where multiple inputs now can avoid lock contention)
- bugfix: correct default for escape ('#') character restored
  This was accidently changed to '\\', thanks to David Lang for reporting
- bugfix(testbench): testcase did not properly wait for rsyslogd shutdown
  thus some unpredictable behavior and a false negative test result
  could occur.
---------------------------------------------------------------------------
Version 5.3.3  [DEVEL] (rgerhards), 2009-10-27
- simplified and thus speeded up the queue engine, also fixed some
  potential race conditions (in very unusual shutdown conditions)
  along the way. The threading model has seriously changes, so there may
  be some regressions.
- enhanced test environment (inlcuding testbench): support for enhancing
  probability of memory addressing failure by using non-NULL default
  value for malloced memory (optional, only if requested by configure
  option). This helps to track down some otherwise undetected issues
  within the testbench.
- bugfix: potential abort if inputname property was not set 
  primarily a problem of imdiag
- bugfix: message processing states were not set correctly in all cases
  however, this had no negative effect, as the message processing state
  was not evaluated when a batch was deleted, and that was the only case
  where the state could be wrong.
---------------------------------------------------------------------------
Version 5.3.2  [DEVEL] (rgerhards), 2009-10-21
- enhanced omfile to support transactional interface. This will increase
  performance in many cases.
- added multi-ruleset support to imudp
- re-enabled input thread termination handling that does avoid thread
  cancellation where possible. This provides a more reliable mode of
  rsyslogd termination (canceling threads my result in not properly
  freed resouces and potential later hangs, even though we perform
  proper cancel handling in our code). This is part of an effort to
  reduce thread cancellation as much as possible in rsyslog.
  NOTE: the code previously written code for this functionality had a
  subtle race condition. The new code solves that.
- enhanced immark to support non-cancel input module termination
- improved imudp so that epoll can be used in more environments,
  fixed potential compile time problem if EPOLL_CLOEXEC is not available.
- some cleanup/slight improvement:
  * changed imuxsock to no longer use deprecated submitAndParseMsg() IF
  * changed submitAndParseMsg() interface to be a wrapper around the new
    way of message creation/submission. This enables older plugins to be
    used together with the new interface. The removal also enables us to
    drop a lot of duplicate code, reducing complexity and increasing
    maintainability.
- bugfix: segfault when starting up with an invalid .qi file for a disk queue
  Failed for both pure disk as well as DA queues. Now, we emit an error
  message and disable disk queueing facility.
- bugfix: potential segfault on messages with empty MSG part. This was a
  recently introduced regression.
- bugfix: debug string larger than 1K were improperly displayed. Max size
  is now 32K, and if a string is even longer it is meaningfully truncated.
---------------------------------------------------------------------------
Version 5.3.1  [DEVEL] (rgerhards), 2009-10-05
- added $AbortOnUncleanConfig directive - permits to prevent startup when
  there are problems with the configuration file. See it's doc for
  details.
- included some important fixes from v4-stable:
  * bugfix: invalid handling of zero-sized messages
  * bugfix: zero-sized UDP messages are no longer processed
  * bugfix: random data could be appended to message
  * bugfix: reverse lookup reduction logic in imudp do DNS queries too often
- bugfixes imported from 4.5.4:
  * bugfix: potential segfault in stream writer on destruction
  * bugfix: potential race in object loader (obj.c) during use/release
  * bugfixes: potential problems in out file zip writer
---------------------------------------------------------------------------
Version 5.3.0  [DEVEL] (rgerhards), 2009-09-14
- begun to add simple GUI programs to gain insight into running rsyslogd
  instances and help setup and troubleshooting (active via the
  --enable-gui ./configure switch)
- changed imudp to utilize epoll(), where available. This shall provide
  slightly better performance (just slightly because we called select()
  rather infrequently on a busy system)
---------------------------------------------------------------------------
Version 5.2.2  [v5-stable] (rgerhards), 2009-11-??
- bugfix: enabling GSSServer crashes rsyslog startup
  Thanks to Tomas Kubina for the patch [imgssapi]
---------------------------------------------------------------------------
Version 5.2.1  [v5-stable] (rgerhards), 2009-11-02
- bugfix [imported from 4.4.3]: $ActionExecOnlyOnceEveryInterval did
  not work.
- bugfix: segfault on startup when -q or -Q option was given
  [imported from v3-stable]
---------------------------------------------------------------------------
Version 5.2.0  [v5-stable] (rgerhards), 2009-11-02
This is a re-release of version 5.1.6 as stable after we did not get any bug 
reports during the whole beta phase. Still, this first v5-stable may not be 
as stable as one hopes for, I am not sure if we did not get bug reports
just because nobody tried it. Anyhow, we need to go forward and so we
have the initial v5-stable.
---------------------------------------------------------------------------
Version 5.1.6  [v5-beta] (rgerhards), 2009-10-15
- feature imports from v4.5.6
- bugfix: potential race condition when queue worker threads were
  terminated
- bugfix: solved potential (temporary) stall of messages when the queue was
  almost empty and few new data added (caused testbench to sometimes hang!)
- fixed some race condition in testbench
- added more elaborate diagnostics to parts of the testbench
- bugfixes imported from 4.5.4:
  * bugfix: potential segfault in stream writer on destruction
  * bugfix: potential race in object loader (obj.c) during use/release
  * bugfixes: potential problems in out file zip writer
- included some important fixes from 4.4.2:
  * bugfix: invalid handling of zero-sized messages
  * bugfix: zero-sized UDP messages are no longer processed
  * bugfix: random data could be appended to message
  * bugfix: reverse lookup reduction logic in imudp do DNS queries too often
---------------------------------------------------------------------------
Version 5.1.5  [v5-beta] (rgerhards), 2009-09-11
- added new config option $ActionWriteAllMarkMessages
  this option permites to process mark messages under all circumstances,
  even if an action was recently called. This can be useful to use mark
  messages as a kind of heartbeat.
- added new config option $InputUnixListenSocketCreatePath
  to permit the auto-creation of pathes to additional log sockets. This
  turns out to be useful if they reside on temporary file systems and
  rsyslogd starts up before the daemons that create these sockets
  (rsyslogd always creates the socket itself if it does not exist).
- added $LogRSyslogStatusMessages configuration directive
  permitting to turn off rsyslog start/stop/HUP messages. See Debian
  ticket http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463793
- bugfix: hostnames with dashes in them were incorrectly treated as
  malformed, thus causing them to be treated as TAG (this was a regression
  introduced from the "rfc3164 strict" change in 4.5.0). Testbench has been
  updated to include a smaple message with a hostname containing a dash.
- bugfix: strings improperly reused, resulting in some message properties
  be populated with strings from previous messages. This was caused by
  an improper predicate check.
- added new config directive $omfileForceChown [import from 4.7.0]
---------------------------------------------------------------------------
Version 5.1.4  [DEVEL] (rgerhards), 2009-08-20
- legacy syslog parser changed so that it now accepts date stamps in
  wrong case. Some devices seem to create them and I do not see any harm
  in supporting that.
- added $InputTCPMaxListeners directive - permits to specify how many 
  TCP servers shall be possible (default is 20).
- bugfix: memory leak with some input modules. Those inputs that
  use parseAndSubmitMsg() leak two small memory blocks with every message.
  Typically, those process only relatively few messages, so the issue 
  does most probably not have any effect in practice.
- bugfix: if tcp listen port could not be created, no error message was
  emitted
- bugfix: discard action did not work (did not discard messages)
- bugfix: discard action caused segfault
- bugfix: potential segfault in output file writer (omfile)
  In async write mode, we use modular arithmetic to index the output
  buffer array. However, the counter variables accidently were signed,
  thus resulting in negative indizes after integer overflow. That in turn
  could lead to segfaults, but was depending on the memory layout of 
  the instance in question (which in turn depended on a number of
  variables, like compile settings but also configuration). The counters
  are now unsigned (as they always should have been) and so the dangling
  mis-indexing does no longer happen. This bug potentially affected all
  installations, even if only some may actually have seen a segfault.
---------------------------------------------------------------------------
Version 5.1.3  [DEVEL] (rgerhards), 2009-07-28
- architecture change: queue now always has at least one worker thread
  if not running in direct mode. Previous versions could run without 
  any active workers. This simplifies the code at a very small expense.
  See v5 compatibility note document for more in-depth discussion.
- enhance: UDP spoofing supported via new output module omudpspoof
  See the omudpspoof documentation for details and samples
- bugfix: message could be truncated after TAG, often when forwarding
  This was a result of an internal processing error if maximum field
  sizes had been specified in the property replacer.
- bugfix: minor static memory leak while reading configuration
  did NOT leak based on message volume
- internal: added ability to terminate input modules not via pthread_cancel
  but an alternate approach via pthread_kill. This is somewhat safer as we
  do not need to think about the cancel-safeness of all libraries we use.
  However, not all inputs can easily supported, so this now is a feature
  that can be requested by the input module (the most important ones
  request it).
---------------------------------------------------------------------------
Version 5.1.2  [DEVEL] (rgerhards), 2009-07-08
- bugfix: properties inputname, fromhost, fromhost-ip, msg were lost when
  working with disk queues
- some performance enhancements
- bugfix: abort condition when RecvFrom was not set and message reduction
  was on. Happend e.g. with imuxsock.
- added $klogConsoleLogLevel directive which permits to set a new
  console log level while rsyslog is active
- some internal code cleanup
---------------------------------------------------------------------------
Version 5.1.1  [DEVEL] (rgerhards), 2009-07-03
- bugfix: huge memory leak in queue engine (made rsyslogd unusable in
  production). Occured if at least one queue was in direct mode 
  (the default for action queues)
- imported many performance optimizations from v4-devel (4.5.0)
- bugfix: subtle (and usually irrelevant) issue in timout processing
  timeout could be one second too early if nanoseconds wrapped
- set a more sensible timeout for shutdow, now 1.5 seconds to complete
  processing (this also removes those cases where the shutdown message
  was not written because the termination happened before it)
---------------------------------------------------------------------------
Version 5.1.0  [DEVEL] (rgerhards), 2009-05-29

*********************************** NOTE **********************************
The v5 versions of rsyslog feature a greatly redesigned queue engine. The
major theme for the v5 release is twofold:

a) greatly improved performance
b) enable audit-grade processing

Here, audit-grade processing means that rsyslog, if used together with
audit-grade transports and configured correctly, will never lose messages
that already have been acknowledged, not even in fatal failure cases like
sudden loss of power.

Note that large parts of rsyslog's important core components have been
restructured to support these design goals. As such, early versions of
the engine will probably be less stable than the v3/v4 engine.

Also note that the initial versions do not cover all and everything. As
usual, the code will evolve toward the final goal as version numbers
increase.
*********************************** NOTE **********************************

- redesigned queue engine so that it supports ultra-reliable operations
  This resulted in a rewrite of large parts. The new capability can be
  used to build audit-grade systems on the basis of rsyslog.
- added $MainMsgQueueDequeueBatchSize and $ActionQueueDequeueBatchSize 
  configuration directives
- implemented a new transactional output module interface which provides
  superior performance (for databases potentially far superior performance)
- increased ompgsql performance by adapting to new transactional
  output module interface
---------------------------------------------------------------------------
Version 4.8.1  [v4-stable], 2011-09-??
- increased max config file line size to 64k
  We now also emit an error message if even 64k is not enough (not
  doing so previously may rightfully be considered as a bug)
- bugfix: omprog made rsyslog abort on startup if not binary to
  execute was configured
- bugfix: $ActionExecOnlyOnce interval did not work properly
  Thanks to Tomas Heinrich for the patch
- bugfix: potential abort if ultra-large file io buffers are used and
  dynafile cache exhausts address space (primarily a problem on 32 bit
  platforms)
- bugfix: potential abort after reading invalid X.509 certificate
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=290
  Thanks to Tomas Heinrich for the patch.
- bugfix: potential fatal abort in omgssapi
  Thanks to Tomas Heinrich for the patch.
- added doc for omprog
- FQDN hostname for multihomed host was not always set to the correct name
  if multiple aliases existed. Thanks to Tomas Heinreich for the patch.
- re-licensed larger parts of the codebase under the Apache license 2.0
---------------------------------------------------------------------------
Version 4.8.0  [v4-stable] (rgerhards), 2011-09-07
***************************************************************************
* This is a new stable v4 version. It contains all fixes and enhancements *
* made during the 4.7.x phase as well as those listed below.              *
* Note: major new development to v4 is concluded  and will only be done   *
*       for custom projects.                                              *
***************************************************************************
There are no changes compared to 4.7.5, just a re-release with the new
version number as new v4-stable. The most important new feature is Solaris
support.
---------------------------------------------------------------------------
Version 4.7.5  [v4-beta], 2011-09-01
- bugfix/security: off-by-two bug in legacy syslog parser, CVE-2011-3200
- bugfix: potential misadressing in property replacer
- bugfix: The NUL-Byte for the syslogtag was not copied in MsgDup (msg.c)
---------------------------------------------------------------------------
Version 4.7.4  [v4-beta] (rgerhards), 2011-07-11
- added support for the ":omusrmsg:" syntax in configuring user messages
- added support for the ":omfile:" syntax in configuring user messages
- added $LocalHostName config directive
- bugfix: PRI was invalid on Solaris for message from local log socket
Version 4.7.3  [v4-devel] (rgerhards), 2010-11-25
- added omuxsock, which permits to write message to local Unix sockets
  this is the counterpart to imuxsock, enabling fast local forwarding
- added imptcp, a simplified, Linux-specific and potentielly fast
  syslog plain tcp input plugin (NOT supporting TLS!)
- bugfix: a couple of problems that imfile had on some platforms, namely
  Ubuntu (not their fault, but occured there)
- bugfix: imfile utilizes 32 bit to track offset. Most importantly,
  this problem can not experienced on Fedora 64 bit OS (which has
  64 bit long's!)
- added the $InputFilePersistStateInterval config directive to imfile
- changed imfile so that the state file is never deleted (makes imfile
  more robust in regard to fatal failures)
---------------------------------------------------------------------------
Version 4.7.2  [v4-devel] (rgerhards), 2010-05-03
- bugfix: problems with atomic operations emulaton
  replaced atomic operation emulation with new code. The previous code
  seemed to have some issue and also limited concurrency severely. The
  whole atomic operation emulation has been rewritten.
- added new $Sleep directive to hold processing for a couple of seconds
  during startup
- bugfix: programname filter in ! configuration can not be reset
  Thanks to Kiss Gabor for the patch.
---------------------------------------------------------------------------
Version 4.7.1  [v4-devel] (rgerhards), 2010-04-22
- Solaris support much improved -- was not truely usable in 4.7.0
  Solaris is no longer supported in imklog, but rather there is a new
  plugin imsolaris, which is used to pull local log sources on a Solaris
  machine.
- testbench improvement: Java is no longer needed for testing tool creation
---------------------------------------------------------------------------
Version 4.7.0  [v4-devel] (rgerhards), 2010-04-14
- new: support for Solaris added (but not yet the Solaris door API)
- added function getenv() to RainerScript
- added new config option $InputUnixListenSocketCreatePath
  to permit the auto-creation of pathes to additional log sockets. This
  turns out to be useful if they reside on temporary file systems and
  rsyslogd starts up before the daemons that create these sockets
  (rsyslogd always creates the socket itself if it does not exist).
- added $LogRSyslogStatusMessages configuration directive
  permitting to turn off rsyslog start/stop/HUP messages. See Debian
  ticket http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463793
- added new config directive $omfileForceChown to (try to) fix some broken
  system configs.
  See ticket for details: http://bugzilla.adiscon.com/show_bug.cgi?id=150
- added $EscapeControlCharacterTab config directive
  Thanks to Jonathan Bond-Caron for the patch.
- added option to use unlimited-size select() calls
  Thanks to varmjofekoj for the patch
- debugondemand mode caused backgrounding to fail - close to a bug, but I'd
  consider the ability to background in this mode a new feature...
- bugfix (kind of): check if TCP connection is still alive if using TLS
  Thanks to Jonathan Bond-Caron for the patch.
- imported changes from 4.5.7 and below
- bugfix: potential segfault when -p command line option was used
  Thanks for varmojfekoj for pointing me at this bug.
- imported changes from 4.5.6 and below
---------------------------------------------------------------------------
Version 4.6.8  [v4-stable] (rgerhards), 2011-09-01
- bugfix/security: off-by-two bug in legacy syslog parser, CVE-2011-3200
- bugfix: potential misadressing in property replacer
- bugfix: memcpy overflow can occur in allowed sender checking
  if a name is resolved to IPv4-mapped-on-IPv6 address
  Found by Ismail Dönmez at suse
- bugfix: The NUL-Byte for the syslogtag was not copied in MsgDup (msg.c)
---------------------------------------------------------------------------
Version 4.6.7  [v4-stable] (rgerhards), 2011-07-11
- added support for the ":omusrmsg:" syntax in configuring user messages
- added support for the ":omfile:" syntax for actions
---------------------------------------------------------------------------
Version 4.6.6  [v4-stable] (rgerhards), 2011-06-24
- bugfix: memory leak in imtcp & subsystems under some circumstances
  This leak is tied to error conditions which lead to incorrect cleanup
  of some data structures. [backport from v6, limited testing under v4]
- bugfix: invalid processing in QUEUE_FULL condition
  If the the multi-submit interface was used and a QUEUE_FULL condition
  occured, the failed message was properly destructed. However, the
  rest of the input batch, if it existed, was not processed. So this
  lead to potential loss of messages and a memory leak. The potential
  loss of messages was IMHO minor, because they would have been dropped
  in most cases due to the queue remaining full, but very few lucky ones
  from the batch may have made it. Anyhow, this has now been changed so
  that the rest of the batch is properly tried to be enqueued and, if
  not possible, destructed.
- bugfix: invalid storage type for config variables
- bugfix: stream driver mode was not correctly set on tcp ouput on big
  endian systems.
  thanks varmojfekoj for the patch
- bugfix: IPv6-address could not be specified in omrelp
  this was due to improper parsing of ":"
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=250
- bugfix: memory and file descriptor leak in stream processing
  Leaks could occur under some circumstances if the file stream handler
  errored out during the open call. Among others, this could cause very
  big memory leaks if there were a problem with unreadable disk queue
  files. In regard to the memory leak, this
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=256
- bugfix: imfile potentially duplicates lines
  This can happen when 0 bytes are read from the input file, and some
  writer appends data to the file BEFORE we check if a rollover happens.
  The check for rollover uses the inode and size as a criterion. So far,
  we checked for equality of sizes, which is not given in this scenario,
  but that does not indicate a rollover. From the source code comments:
     Note that when we check the size, we MUST NOT check for equality.
     The reason is that the file may have been written right after we
     did try to read (so the file size has increased). That is NOT in
     indicator of a rollover (this is an actual bug scenario we 
     experienced). So we need to check if the new size is smaller than
     what we already have seen!
  Also, under some circumstances an invalid truncation was detected. This
  code has now been removed, a file change (and thus resent) is only
  detected if the inode number changes.
- bugfix: a couple of problems that imfile had on some platforms, namely
  Ubuntu (not their fault, but occured there)
- bugfix: imfile utilizes 32 bit to track offset. Most importantly,
  this problem can not experienced on Fedora 64 bit OS (which has
  64 bit long's!)
- bugfix: abort if imfile reads file line of more than 64KiB
  Thanks to Peter Eisentraut for reporting and analysing this problem.
  bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=221
- bugfix: omlibdbi did not use password from rsyslog.con
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=203
- bugfix: TCP connection invalidly aborted when messages needed to be
  discarded (due to QUEUE_FULL or similar problem)
- bugfix: a slightly more informative error message when a TCP
  connections is aborted
- bugfix: timestamp was incorrectly calculated for timezones with minute
  offset
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=271
- some improvements thanks to clang's static code analyzer
  o overall cleanup (mostly unnecessary writes and otherwise unused stuff)
  o bugfix: fixed a very remote problem in msg.c which could occur when
    running under extremely low memory conditions
---------------------------------------------------------------------------
Version 4.6.5  [v4-stable] (rgerhards), 2010-11-24
- bugfix(important): problem in TLS handling could cause rsyslog to loop
  in a tight loop, effectively disabling functionality and bearing the
  risk of unresponsiveness of the whole system.
  Bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=194
---------------------------------------------------------------------------
Version 4.6.4  [v4-stable] (rgerhards), 2010-08-05
- bugfix: zero-sized (empty) messages were processed by imtcp
  they are now dropped as they always should have been
- bugfix: programname filter in ! configuration can not be reset
  Thanks to Kiss Gabor for the patch.
---------------------------------------------------------------------------
Version 4.6.3  [v4-stable] (rgerhards), 2010-07-07
- improvded testbench
  - added test with truly random data received via syslog to test
    robustness
  - added new configure option that permits to disable and enable an
    extended testbench
- bugfix: segfault on HUP when "HUPIsRestart" was set to "on"
  thanks varmojfekoj for the patch
- bugfix: default for $OMFileFlushOnTXEnd was wrong ("off").
  This, in default mode, caused buffered writing to be used, what
  means that it looked like no output were written or partial
  lines. Thanks to Michael Biebl for pointing out this bug.
- bugfix: testbench failed when not executed in UTC+1 timezone
  accidently, the time zone information was kept inside some
  to-be-checked-for responses
- temporary bugfix replaced by permanent one for
  message-induced off-by-one error (potential segfault) (see 4.6.2)
  The analysis has been completed and a better fix been crafted and 
  integrated.
- bugfix: the T/P/E config size specifiers did not work properly under
  all 32-bit platforms
- bugfix: local unix system log socket was deleted even when it was
  not configured
- some doc fixes; incorrect config samples could cause confusion
  thanks to Anthony Edwards for pointing the problems out
---------------------------------------------------------------------------
Version 4.6.2  [v4-stable] (rgerhards), 2010-03-26
- new feature: "." action type added to support writing files to relative
  pathes (this is primarily meant as a debug aid)
- added replacements for atomic instructions on systems that do not
  support them. [backport of Stefen Sledz' patch for v5)
- new feature: $OMFileAsyncWriting directive added
  it permits to specifiy if asynchronous writing should be done or not
- bugfix(temporary): message-induced off-by-one error (potential segfault)
  Some types of malformed messages could trigger an off-by-one error
  (for example, \0 or \n as the last character, and generally control
  character escaption is questionable). This is due to not strictly
  following a the \0 or string counted string paradigm (during the last
  optimization on the cstring class). As a temporary fix, we have 
  introduced a proper recalculation of the size. However, a final
  patch is expected in the future. See bug tracker for further details
  and when the final patch will be available:
  http://bugzilla.adiscon.com/show_bug.cgi?id=184
  Note that the current patch is considered sufficient to solve the
  situation, but it requires a bit more runtime than desirable.
- bugfix: potential segfault in dynafile cache
  This bug was triggered by an open failure. The the cache was full and
  a new entry needed to be placed inside it, a victim for eviction was
  selected. That victim was freed, then the open of the new file tried. If
  the open failed, the victim entry was still freed, and the function
  exited. However, on next invocation and cache search, the victim entry
  was used as if it were populated, most probably resulting in a segfault.
- bugfix: race condition during directory creation
  If multiple files try to create a directory at (almost) the same time,
  some of them may fail. This is a data race and also exists with other
  processes that may create the same directory. We do now check for this
  condition and gracefully handle it.
- bugfix: potential re-use of free()ed file stream object in omfile
  when dynaCache is enabled, the cache is full, a new entry needs to
  be allocated, thus the LRU discarded, then a new entry is opend and that
  fails. In that case, it looks like the discarded stream may be reused
  improperly (based on code analysis, test case and confirmation pending)
- added new property replacer option "date-rfc3164-buggyday" primarily
  to ease migration from syslog-ng. See property replacer doc for
  details. [backport from 5.5.3 because urgently needed by some]
- improved testbench
- bugfix: invalid buffer write in (file) stream class
  currently being accessed buffer could be overwritten with new data.
  While this probably did not cause access violations, it could case loss
  and/or duplication of some data (definitely a race with no deterministic
  outcome)
- bugfix: potential hang condition during filestream close
  predicate was not properly checked when waiting for the background file
  writer
- bugfix: improper synchronization when "$OMFileFlushOnTXEnd on" was used
  Internal data structures were not properly protected due to missing
  mutex calls.
- bugfix: potential data loss during file stream shutdown
- bugfix: potential problems during file stream shutdown
  The shutdown/close sequence was not clean, what potentially (but
  unlikely) could lead to some issues. We have not been able to describe
  any fatal cases, but there was some bug potential. Sequence has now
  been straighted out.
- bugfix: potential problem (loop, abort) when file write error occured
  When a write error occured in stream.c, variable iWritten had the error
  code but this was handled as if it were the actual number of bytes
  written. That was used in pointer arithmetic later on, and thus could
  lead to all sorts of problems. However, this could only happen if the
  error was EINTR or the file in question was a tty. All other cases were
  handled properly. Now, iWritten is reset to zero in such cases, resulting
  in proper retries.
- bugfix: $omfileFlushOnTXEnd was turned on when set to off and vice
  versa due to an invalid check
- bugfix: recent patch to fix small memory leak could cause invalid free.
  This could only happen during config file parsing.
- bugfix(minor): handling of extremely large strings in dbgprintf() fixed
  Previously, it could lead to garbagge output and, in extreme cases, also
  to segfaults. Note: this was a problem only when debug output was 
  actually enabled, so it caused no problem in production use.
- bugfix(minor): BSD_SO_COMPAT query function had some global vars not
  properly initialized. However, in practice the loader initializes them 
  with zero, the desired value, so there were no actual issue in almost 
  all cases.
---------------------------------------------------------------------------
Version 4.6.1  [v4-stable] (rgerhards), 2010-03-04
- re-enabled old pipe output (using new module ompipe, built-in) after
  some problems with pipes (and especially in regard to xconsole) were
  discovered. Thanks to Michael Biebl for reporting the issues.
- bugfix: potential problems with large file support could cause segfault
  ... and other weird problems. This seemed to affect 32bit-platforms
  only, but I can not totally outrule there were issues on other
  platforms as well. The previous code could cause system data types
  to be defined inconsistently, and that could lead to various 
  troubles. Special thanks go to the Mandriva team for identifying
  an initial problem, help discussing it and ultimately a fix they
  contributed.
- bugfix: fixed problem that caused compilation on FreeBSD 9.0 to fail.
  bugtracker: http://bugzilla.adiscon.com/show_bug.cgi?id=181
  Thanks to Christiano for reporting.
- bugfix: potential segfault in omfile when a dynafile open failed
  In that case, a partial cache entry was written, and some internal
  pointers (iCurrElt) not correctly updated. In the next iteration, that
  could lead to a segfault, especially if iCurrElt then points to the
  then-partial record. Not very likely, but could happen in practice.
- bugfix (theoretical): potential segfault in omfile under low memory
  condition. This is only a theoretical bug, because it would only 
  happen when strdup() fails to allocate memory - which is highly 
  unlikely and will probably lead to all other sorts of errors.
- bugfix: comment char ('#') in literal terminated script parsing
  and thus could not be used.
  but tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=119
  [merged in from v3.22.2]
---------------------------------------------------------------------------
Version 4.6.0  [v4-stable] (rgerhards), 2010-02-24
***************************************************************************
* This is a new stable v4 version. It contains all fixes and enhancements *
* made during the 4.5.x phase as well as those listed below.              *
* Note: this version is scheduled to conclude the v4 development process. *
*       Do not expect any more new developments in v4. The focus is now   *
*       on v5 (what also means we have a single devel branch again).      *
*       ("development" means new feature development, bug fixes are of    *
*       course provided for v4-stable)                                    *
***************************************************************************
- improved testbench to contain samples for totally malformed messages
  which miss parts of the message content
- bugfix: some malformed messages could lead to a missing LF inside files
  or some other missing parts of the template content.
- bugfix: if a message ended immediately with a hostname, the hostname
  was mistakenly interpreted as TAG, and localhost be used as hostname
- bugfix: message without MSG part could case a segfault
  [backported from v5 commit 98d1ed504ec001728955a5bcd7916f64cd85f39f]
  This actually was a "recent" regression, but I did not realize that it
  was introduced by the performance optimization in v4-devel. Shame on
  me for having two devel versions at the same time...
---------------------------------------------------------------------------
Version 4.5.8  [v4-beta] (rgerhards), 2010-02-10
- enhanced doc for using PostgreSQL
  Thanks to Marc Schiffbauer for the new/updated doc
- bugfix: property replacer returned invalid parameters under some (unusual)
  conditions. In extreme cases, this could lead to garbled logs and/or
  a system failure.
- bugfix: invalid length returned (often) when using regular expressions
  inside the property replacer
- bugfix: submatch regex in property replacer did not honor "return 0 on
  no match" config case
- bugfix: imuxsock incorrectly stated inputname "imudp"
  Thanks to Ryan Lynch for reporting this.
- (slightly) enhanced support for FreeBSD by setting _PATH_MODDIR to
  the correct value on FreeBSD.
  Thanks to Cristiano for the patch.
- bugfix: -d did not enable display of debug messages
  regression from introduction of "debug on demand" mode
  Thanks to Michael Biebl for reporting this bug
- bugfix: blanks inside file names did not terminate file name parsing.
  This could reslult in the whole rest of a line (including comments)
  to be treated as file name in "write to file" actions.
  Thanks to Jack for reporting this issue.
- bugfix: rsyslog hang when writing to a named pipe which nobody was
  reading. Thanks to Michael Biebl for reporting this bug.
  Bugzilla entry: http://bugzilla.adiscon.com/show_bug.cgi?id=169
- bugfix: potential segfaults during queue shutdown
  (bugs require certain non-standard settings to appear)
  Thanks to varmojfekoj for the patch
---------------------------------------------------------------------------
Version 4.5.7  [v4-beta] (rgerhards), 2009-11-18
- added a so-called "On Demand Debug" mode, in which debug output can
  be generated only after the process has started, but not right from
  the beginning. This is assumed to be useful for hard-to-find bugs.
  Also improved the doc on the debug system.
- bugfix (kind of): check if TCP connection is still alive if using TLS
  Thanks to Jonathan Bond-Caron for the patch.
- bugfix: hostname accidently set to IP address for some message sources,
  for example imudp. Thanks to Anton for reporting this bug.
- bugfix [imported from 4.4.3]: $ActionExecOnlyOnceEveryInterval did
  not work.
---------------------------------------------------------------------------
Version 4.5.6  [v4-beta] (rgerhards), 2009-11-05
- bugfix: named pipes did no longer work (they always got an open error)
  this was a regression from the omfile rewrite in 4.5.0
- bugfix(minor): diag function returned wrong queue memeber count
  for the main queue if an active DA queue existed. This had no relevance
  to real deployments (assuming they are not running the debug/diagnostic
  module...), but sometimes caused grief and false alerts in the 
  testbench.
- included some important fixes from v4-stable:
  * bugfix: invalid handling of zero-sized messages
  * bugfix: zero-sized UDP messages are no longer processed
  * bugfix: random data could be appended to message
  * bugfix: reverse lookup reduction logic in imudp do DNS queries too often
- bugfix(testbench): testcase did not properly wait for rsyslod shutdown
  thus some unpredictable behavior and a false negative test result
  could occur. [BACKPORTED from v5]
- bugfix(testbench): sequence check was not always performed correctly,
  that could result in tests reporting success when they actually failed
---------------------------------------------------------------------------
Version 4.5.5  [v4-beta] (rgerhards), 2009-10-21
- added $InputTCPServerNotifyOnConnectionClose config directive
  see doc for details
- bugfix: debug string larger than 1K were improperly displayed. Max size
  is now 32K
- bugfix: invalid storage class selected for some size config parameters.
  This resulted in wrong values. The most prominent victim was the
  directory creation mode, which was set to zero in some cases. For 
  details, see related blog post:
  http://blog.gerhards.net/2009/10/another-note-on-hard-to-find-bugs.html
---------------------------------------------------------------------------
Version 4.5.4  [v4-beta] (rgerhards), 2009-09-29
- bugfix: potential segfault in stream writer on destruction
  Most severely affected omfile. The problem was that some buffers were
  freed before the asynchronous writer thread was shut down. So the
  writer thread accessed invalid data, which may even already be
  overwritten. Symptoms (with omfile) were segfaults, grabled data
  and files with random names placed around the file system (most
  prominently into the root directory). Special thanks to Aaron for
  helping to track this down.
- bugfix: potential race in object loader (obj.c) during use/release
  of object interface
- bugfixes: potential problems in out file zip writer. Problems could
  lead to abort and/or memory leak. The module is now hardened in a very
  conservative way, which is sub-optimal from a performance point of view.
  This should be improved if it has proven reliable in practice.
---------------------------------------------------------------------------
Version 4.5.3  [v4-beta] (rgerhards), 2009-09-17
- bugfix: repeated messages were incorrectly processed
  this could lead to loss of the repeated message content. As a side-
  effect, it could probably also be possible that some segfault occurs
  (quite unlikely). The root cause was that some counters introduced
  during the malloc optimizations were not properly duplicated in
  MsgDup(). Note that repeated message processing is not enabled
  by default.
- bugfix: message sanitation had some issues:
  - control character DEL was not properly escaped
  - NUL and LF characters were not properly stripped if no control
    character replacement was to be done
  - NUL characters in the message body were silently dropped (this was
    a regeression introduced by some of the recent optimizations)
- bugfix: strings improperly reused, resulting in some message properties
  be populated with strings from previous messages. This was caused by
  an improper predicate check. [backported from v5]
- fixed some minor portability issues
- bugfix: reverse lookup reduction logic in imudp do DNS queries too often
  [imported from 4.4.2]
---------------------------------------------------------------------------
Version 4.5.2  [v4-beta] (rgerhards), 2009-08-21
- legacy syslog parser changed so that it now accepts date stamps in
  wrong case. Some devices seem to create them and I do not see any harm
  in supporting that.
- added $InputTCPMaxListeners directive - permits to specify how many 
  TCP servers shall be possible (default is 20).
- bugfix: memory leak with some input modules. Those inputs that
  use parseAndSubmitMsg() leak two small memory blocks with every message.
  Typically, those process only relatively few messages, so the issue 
  does most probably not have any effect in practice.
- bugfix: if tcp listen port could not be created, no error message was
  emitted
- bugfix: potential segfault in output file writer (omfile)
  In async write mode, we use modular arithmetic to index the output
  buffer array. However, the counter variables accidently were signed,
  thus resulting in negative indizes after integer overflow. That in turn
  could lead to segfaults, but was depending on the memory layout of 
  the instance in question (which in turn depended on a number of
  variables, like compile settings but also configuration). The counters
  are now unsigned (as they always should have been) and so the dangling
  mis-indexing does no longer happen. This bug potentially affected all
  installations, even if only some may actually have seen a segfault.
- bugfix: hostnames with dashes in them were incorrectly treated as
  malformed, thus causing them to be treated as TAG (this was a regression
  introduced from the "rfc3164 strict" change in 4.5.0).
---------------------------------------------------------------------------
Version 4.5.1  [DEVEL] (rgerhards), 2009-07-15
- CONFIG CHANGE: $HUPisRestart default is now "off". We are doing this
  to support removal of restart-type HUP in v5.
- bugfix: fromhost-ip was sometimes truncated
- bugfix: potential segfault when zip-compressed syslog records were
  received (double free)
- bugfix: properties inputname, fromhost, fromhost-ip, msg were lost when
  working with disk queues
- performance enhancement: much faster, up to twice as fast (depending
  on configuration)
- bugfix: abort condition when RecvFrom was not set and message reduction
  was on. Happend e.g. with imuxsock.
- added $klogConsoleLogLevel directive which permits to set a new
  console log level while rsyslog is active
- bugfix: message could be truncated after TAG, often when forwarding
  This was a result of an internal processing error if maximum field
  sizes had been specified in the property replacer.
- added ability for the TCP output action to "rebind" its send socket after
  sending n messages (actually, it re-opens the connection, the name is 
  used because this is a concept very similiar to $ActionUDPRebindInterval).
  New config directive $ActionSendTCPRebindInterval added for the purpose.
  By default, rebinding is disabled. This is considered useful for load
  balancers.
- testbench improvements
---------------------------------------------------------------------------
Version 4.5.0  [DEVEL] (rgerhards), 2009-07-02
- activation order of inputs changed, they are now activated only after
  privileges are dropped. Thanks to Michael Terry for the patch.
- greatly improved performance
- greatly reduced memory requirements of msg object
  to around half of the previous demand. This means that more messages can
  be stored in core! Due to fewer cache misses, this also means some
  performance improvement.
- improved config error messages: now contain a copy of the config line
  that (most likely) caused the error
- reduced max value for $DynaFileCacheSize to 1,000 (the former maximum
  of 10,000 really made no sense, even 1,000 is very high, but we like
  to keep the user in control ;)).
- added capability to fsync() queue disk files for enhanced reliability
  (also add's speed, because you do no longer need to run the whole file
  system in sync mode)
- more strict parsing of the hostname in rfc3164 mode, hopefully
  removes false positives (but may cause some trouble with hostname
  parsing). For details, see this bug tracker:
  http://bugzilla.adiscon.com/show_bug.cgi?id=126
- omfile rewrite to natively support zip files (includes large extension
  of the stream class)
- added configuration commands (see doc for explanations)
  * $OMFileZipLevel
  * $OMFileIOBufferSize
  * $OMFileFlushOnTXEnd
  * $MainMsgQueueSyncQueueFiles
  * $ActionQueueSyncQueueFiles
- done some memory accesses explicitely atomic
- bugfix: subtle (and usually irrelevant) issue in timout processing
  timeout could be one second too early if nanoseconds wrapped
- set a more sensible timeout for shutdow, now 1.5 seconds to complete
  processing (this also removes those cases where the shutdown message
  was not written because the termination happened before it)
- internal bugfix: object pointer was only reset to NULL when an object
  was actually destructed. This most likely had no effect to existing code,
  but it may also have caused trouble in remote cases. Similarly, the fix
  may also cause trouble...
- bugfix: missing initialization during timestamp creation
  This could lead to timestamps written in the wrong format, but not to
  an abort
---------------------------------------------------------------------------
Version 4.4.3  [v4-stable] (rgerhards), 2009-10-??
- bugfix: several smaller bugs resolved after flexelint review
  Thanks to varmojfekoj for the patch.
- bugfix: $ActionExecOnlyOnceEveryInterval did not work.
  This was a regression from the time() optimizations done in v4.
  Bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=143
  Thanks to Klaus Tachtler for reporting this bug.
- bugfix: potential segfault on queue shutdown
  Thanks to varmojfekoj for the patch.
- bugfix: potential hang condition on queue shutdown
  [imported from v3-stable]
- bugfix: segfault on startup when -q or -Q option was given
  [imported from v3-stable]
---------------------------------------------------------------------------
Version 4.4.2  [v4-stable] (rgerhards), 2009-10-09
- bugfix: invalid handling of zero-sized messages, could lead to mis-
  addressing and potential memory corruption/segfault
- bugfix: zero-sized UDP messages are no longer processed
  until now, they were forwarded to processing, but this makes no sense
  Also, it looks like the system seems to provide a zero return code
  on a UDP recvfrom() from time to time for some internal reasons. These
  "receives" are now silently ignored.
- bugfix: random data could be appended to message, possibly causing
  segfaults
- bugfix: reverse lookup reduction logic in imudp do DNS queries too often
  A comparison was done between the current and the former source address.
  However, this was done on the full sockaddr_storage structure and not
  on the host address only. This has now been changed for IPv4 and IPv6.
  The end result of this bug could be a higher UDP message loss rate than
  necessary (note that UDP message loss can not totally be avoided due
  to the UDP spec)
---------------------------------------------------------------------------
Version 4.4.1  [v4-stable] (rgerhards), 2009-09-02
- features requiring Java are automatically disabled if Java is not
  present (thanks to Michael Biebl for his help!)
- bugfix: invalid double-quoted PRI, among others in outgoing messages
  This causes grief with all receivers.
  Bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=147
- bugfix: Java testing tools were required, even if testbench was disabled
  This resulted in build errors if no Java was present on the build system,
  even though none of the selected option actually required Java.
  (I forgot to backport a similar fix to newer releases).
- bugfix (backport): omfwd segfault
  Note that the orginal (higher version) patch states this happens only
  when debugging mode is turned on. That statement is wrong: if debug
  mode is turned off, the message is not being emitted, but the division
  by zero in the actual parameters still happens.
---------------------------------------------------------------------------
Version 4.4.0  [v4-stable] (rgerhards), 2009-08-21
- bugfix: stderr/stdout were not closed to be able to emit error messages,
  but this caused ssh sessions to hang. Now we close them after the 
  initial initialization. See forum thread:
  http://kb.monitorware.com/controlling-terminal-issues-t9875.html
- bugfix: sending syslog messages with zip compression did not work
---------------------------------------------------------------------------
Version 4.3.2  [v4-beta] (rgerhards), 2009-06-24
- removed long-obsoleted property UxTradMsg
- added a generic network stream server (in addition to rather specific
  syslog tcp server)
- added ability for the UDP output action to rebind its send socket after
  sending n messages. New config directive $ActionSendUDPRebindInterval
  added for the purpose. By default, rebinding is disabled. This is 
  considered useful for load balancers.
- bugfix: imdiag/imtcp had a race condition
- improved testbench (now much better code design and reuse)
- added config switch --enable-testbench=no to turn off testbench
---------------------------------------------------------------------------
Version 4.3.1  [DEVEL] (rgerhards), 2009-05-25
- added capability to run multiple tcp listeners (on different ports)
- performance enhancement: imtcp calls parser no longer on input thread
  but rather inside on of the potentially many main msg queue worker
  threads (an enhancement scheduled for all input plugins where this is
  possible)
- added $GenerateConfigGraph configuration command which can be used
  to generate nice-looking (and very informative) rsyslog configuration
  graphs.
- added $ActionName configuration directive (currently only used for
  graph generation, but may find other uses)
- improved doc
  * added (hopefully) easier to grasp queue explanation
- improved testbench
  * added tests for queue disk-only mode (checks disk queue logic)
- bugfix: light and full delay watermarks had invalid values, badly
  affecting performance for delayable inputs
- build system improvements - thanks to Michael Biebl
- added new testing module imdiag, which enables to talk to the 
  rsyslog core at runtime. The current implementation is only a 
  beginning, but can be expanded over time
---------------------------------------------------------------------------
Version 4.3.0  [DEVEL] (rgerhards), 2009-04-17
- new feature: new output plugin omprog, which permits to start program
  and feed it (via its stdin) with syslog messages. If the program
  terminates, it is restarted.
- improved internal handling of RainerScript functions, building the
  necessary plumbing to support more functions with decent runtime
  performance. This is also necessary towards the long-term goal
  of loadable library modules.
- added new RainerScript function "tolower"
- improved testbench
  * added tests for tcp-based reception
  * added tcp-load test (1000 connections, 20,000 messages)
- added $MaxOpenFiles configuration directive
- bugfix: solved potential memory leak in msg processing, could manifest
  itself in imtcp
- bugfix: ompgsql did not detect problems in sql command execution
  this could cause loss of messages. The handling was correct if the
  connection broke, but not if there was a problem with statement
  execution. The most probable case for such a case would be invalid
  sql inside the template, and this is now much easier to diagnose.
---------------------------------------------------------------------------
Version 4.2.0  [v4-stable] (rgerhards), 2009-06-23
- bugfix: light and full delay watermarks had invalid values, badly
  affecting performance for delayable inputs
- imported all patches from 3.22.1 as of today (see below)
- bugfix: compile problems in im3195
---------------------------------------------------------------------------
Version 4.1.7  [BETA] (rgerhards), 2009-04-22
- bugfix: $InputTCPMaxSessions config directive was accepted, but not
  honored. This resulted in a fixed upper limit of 200 connections.
- bugfix: the default for $DirCreateMode was 0644, and as such wrong.
  It has now been changed to 0700. For some background, please see
  http://lists.adiscon.net/pipermail/rsyslog/2009-April/001986.html
- bugfix: ompgsql did not detect problems in sql command execution
  this could cause loss of messages. The handling was correct if the
  connection broke, but not if there was a problem with statement
  execution. The most probable case for such a case would be invalid
  sql inside the template, and this is now much easier to diagnose.
---------------------------------------------------------------------------
Version 4.1.6  [DEVEL] (rgerhards), 2009-04-07
- added new "csv" property replacer options to enable simple creation
  of CSV-formatted outputs (format from RFC4180 is used)
- implemented function support in RainerScript. That means the engine
  parses and compile functions, as well as executes a few build-in
  ones. Dynamic loading and registration of functions is not yet
  supported - but we now have a good foundation to do that later on.
- implemented the strlen() RainerScript function
- added a template output module
- added -T rsyslogd command line option, enables to specify a directory
  where to chroot() into on startup. This is NOT a security feature but
  introduced to support testing. Thus, -T does not make sure chroot()
  is used in a secure way. (may be removed later)
- added omstdout module for testing purposes. Spits out all messages to
  stdout - no config option, no other features
- added a parser testing suite (still needs to be extended, but a good
  start)
- modified $ModLoad statement so that for modules whom's name starts with
  a dot, no path is prepended (this enables relative-pathes and should
  not break any valid current config)
- fixed a bug that caused action retries not to work correctly
  situation was only cleared by a restart
- bugfix: closed dynafile was potentially never written until another
  dynafile name was generated - potential loss of messages
- improved omfile so that it properly suspends itself if there is an
  i/o or file name generation error. This enables it to be used with
  the full high availability features of rsyslog's engine
- bugfix: fixed some segaults on Solaris, where vsprintf() does not
  check for NULL pointers
- improved performance of regexp-based filters
  Thanks to Arnaud Cornet for providing the idea and initial patch.
- added a new way how output plugins may be passed parameters. This is
  more effcient for some outputs. They new can receive fields not only
  as a single string but rather in an array where each string is seperated.
- added (some) developer documentation for output plugin interface
- bugfix: potential abort with DA queue after high watermark is reached
  There exists a race condition that can lead to a segfault. Thanks
  go to vbernetr, who performed the analysis and provided patch, which
  I only tweaked a very little bit.
- bugfix: imtcp did incorrectly parse hostname/tag
  Thanks to Luis Fernando Muñoz Mejías for the patch.
---------------------------------------------------------------------------
Version 4.1.5  [DEVEL] (rgerhards), 2009-03-11
- bugfix: parser did not correctly parse fields in UDP-received messages
- added ERE support in filter conditions
  new comparison operation "ereregex"
- added new config directive $RepeatedMsgContainsOriginalMsg so that the
  "last message repeated n times" messages, if generated, may
  have an alternate format that contains the message that is being repeated
---------------------------------------------------------------------------
Version 4.1.4  [DEVEL] (rgerhards), 2009-01-29
- bugfix: inconsistent use of mutex/atomic operations could cause segfault
  details are too many, for full analysis see blog post at:
  http://blog.gerhards.net/2009/01/rsyslog-data-race-analysis.html
- bugfix: unitialized mutex was used in msg.c:getPRI
  This was subtle, because getPRI is called as part of the debugging code
  (always executed) in syslogd.c:logmsg.
- bufgix: $PreserveFQDN was not properly handled for locally emitted
  messages
---------------------------------------------------------------------------
Version 4.1.3  [DEVEL] (rgerhards), 2008-12-17
- added $InputTCPServerAddtlFrameDelimiter config directive, which
  enables to specify an additional, non-standard message delimiter
  for processing plain tcp syslog. This is primarily a fix for the invalid
  framing used in Juniper's NetScreen products. Credit to forum user
  Arv for suggesting this solution.
- added $InputTCPServerInputName property, which enables a name to be
  specified that will be available during message processing in the
  inputname property. This is considered useful for logic that treats
  messages differently depending on which input received them.
- added $PreserveFQDN config file directive
  Enables to use FQDNs in sender names where the legacy default
  would have stripped the domain part.
  Thanks to BlinkMind, Inc. http://www.blinkmind.com for sponsoring this
  development.
- bugfix: imudp went into an endless loop under some circumstances
  (but could also leave it under some other circumstances...)
  Thanks to David Lang and speedfox for reporting this issue.
---------------------------------------------------------------------------
Version 4.1.2  [DEVEL] (rgerhards), 2008-12-04
- bugfix: code did not compile without zlib
- security bugfix: $AllowedSender was not honored, all senders were
  permitted instead (see http://www.rsyslog.com/Article322.phtml)
- security fix: imudp emitted a message when a non-permitted sender
  tried to send a message to it. This behaviour is operator-configurable.
  If enabled, a message was emitted each time. That way an attacker could
  effectively fill the disk via this facility. The message is now
  emitted only once in a minute (this currently is a hard-coded limit,
  if someone comes up with a good reason to make it configurable, we
  will probably do that).
- doc bugfix: typo in v3 compatibility document directive syntax
  thanks to Andrej for reporting
- imported other changes from 3.21.8 and 3.20.1 (see there)
---------------------------------------------------------------------------
Version 4.1.1  [DEVEL] (rgerhards), 2008-11-26
- added $PrivDropToGroup, $PrivDropToUser, $PrivDropToGroupID,
  $PrivDropToUserID config directives to enable dropping privileges.
  This is an effort to provide a security enhancement. For the limits of this
  approach, see http://wiki.rsyslog.com/index.php/Security
- re-enabled imklog to compile on FreeBSD (brought in from beta)
---------------------------------------------------------------------------
Version 4.1.0  [DEVEL] (rgerhards), 2008-11-18

********************************* WARNING *********************************
This version has a slightly different on-disk format for message entries.
As a consequence, old queue files being read by this version may have
an invalid output timestamp, which could result to some malfunction inside
the output driver. It is recommended to drain queues with the previous
version before switching to this one.
********************************* WARNING *********************************

- greatly enhanced performance when compared to v3.
- added configuration directive "HUPisRestart" which enables to configure
  HUP to be either a full restart or "just" a leightweight way to
  close open files.
- enhanced legacy syslog parser to detect year if part of the timestamp
  the format is based on what Cisco devices seem to emit.
- added a setting "$OptimizeForUniprocessor" to enable users to turn off
  pthread_yield calls which are counter-productive on multiprocessor 
  machines (but have been shown to be useful on uniprocessors)
- reordered imudp processing. Message parsing is now done as part of main
  message queue worker processing (was part of the input thread)
  This should also improve performance, as potentially more work is
  done in parallel.
- bugfix: compressed syslog messages could be slightly mis-uncompressed
  if the last byte of the compressed record was a NUL
- added $UDPServerTimeRequery option which enables to work with
  less acurate timestamps in favor of performance. This enables querying
  of the time only every n-th time if imudp is running in the tight
  receive loop (aka receiving messsages at a high rate)
- doc bugfix: queue doc had wrong parameter name for setting controlling
  worker thread shutdown period
- restructured rsyslog.conf documentation
- bugfix: memory leak in ompgsql
  Thanks to Ken for providing the patch
---------------------------------------------------------------------------
Version 3.22.4 [v3-stable] (rgerhards), 2010-??-??
- bugfix: action resume interval incorrectly handled, thus took longer to
  resume
- bugfix: cosmetic: proper constant used instead of number in open call
- bugfix: timestamp was incorrectly calculated for timezones with minute
  offset
  closes: http://bugzilla.adiscon.com/show_bug.cgi?id=271
- improved some code based on clang static analyzer results
- bugfix: potential misadressing in property replacer
- bugfix: improper handling of invalid PRI values
  references: CVE-2014-3634
---------------------------------------------------------------------------
Version 3.22.3 [v3-stable] (rgerhards), 2010-11-24
- bugfix(important): problem in TLS handling could cause rsyslog to loop
  in a tight loop, effectively disabling functionality and bearing the
  risk of unresponsiveness of the whole system.
  Bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=194
---------------------------------------------------------------------------
Version 3.22.2 [v3-stable] (rgerhards), 2010-08-05
- bugfix: comment char ('#') in literal terminated script parsing
  and thus could not be used.
  but tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=119
- enhance: imrelp now also provides remote peer's IP address 
  [if librelp != 1.0.0 is used]
- bugfix: sending syslog messages with zip compression did not work
- bugfix: potential hang condition on queue shutdown
- bugfix: segfault on startup when -q or -Q option was given
  bug tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=157
  Thanks to Jonas Nogueira for reporting this bug.
- clarified use of $ActionsSendStreamDriver[AuthMode/PermittedPeers]
  in doc set (require TLS drivers)
- bugfix: $CreateDirs variable not properly initialized, default thus
  was random (but most often "on")
- bugfix: potential segfault when -p command line option was used
  thanks to varmojfekoj for pointing me at this bug
- bugfix: programname filter in ! configuration can not be reset
  Thanks to Kiss Gabor for the patch.
---------------------------------------------------------------------------
Version 3.22.1 [v3-stable] (rgerhards), 2009-07-02
- bugfix: invalid error message issued if $inlcudeConfig was on an empty
  set of files (e.g. *.conf, where none such files existed)
  thanks to Michael Biebl for reporting this bug
- bugfix: when run in foreground (but not in debug mode), a 
  debug message ("DoDie called") was emitted at shutdown. Removed.
  thanks to Michael Biebl for reporting this bug
- bugfix: some garbagge was emitted to stderr on shutdown. This
  garbage consisted of file names, which were written during 
  startup (key point: not a pointer error)
  thanks to Michael Biebl for reporting this bug
- bugfix: startup and shutdown message were emitted to stdout
  thanks to Michael Biebl for reporting this bug
- bugfix: error messages were not emitted to stderr in forked mode
  (stderr and stdo are now kept open across forks)
- bugfix: internal messages were emitted to whatever file had fd2 when
  rsyslogd ran in forked mode (as usual!)
  Thanks to varmojfekoj for the patch
- small enhancement: config validation run now exits with code 1 if an
  error is detected. This change is considered important but small enough
  to apply it directly to the stable version. [But it is a border case,
  the change requires more code than I had hoped. Thus I have NOT tried
  to actually catch all cases, this is left for the current devel
  releases, if necessary]
- bugfix: light and full delay watermarks had invalid values, badly
  affecting performance for delayable inputs
- bugfix: potential segfault issue when multiple $UDPServerRun directives
  are specified. Thanks to Michael Biebl for helping to debug this one.
- relaxed GnuTLS version requirement to 1.4.0 after confirmation from the
  field that this version is sufficient
- bugfix: parser did not properly handle empty structured data
- bugfix: invalid mutex release in msg.c (detected under thread debugger,
  seems not to have any impact on actual deployments)
---------------------------------------------------------------------------
Version 3.22.0 [v3-stable] (rgerhards), 2009-04-21
This is the first stable release that includes the full functionality
of the 3.21.x version tree.
- bugfix: $InputTCPMaxSessions config directive was accepted, but not
  honored. This resulted in a fixed upper limit of 200 connections.
- bugfix: the default for $DirCreateMode was 0644, and as such wrong.
  It has now been changed to 0700. For some background, please see
  http://lists.adiscon.net/pipermail/rsyslog/2009-April/001986.html
- bugfix: ompgsql did not detect problems in sql command execution
  this could cause loss of messages. The handling was correct if the
  connection broke, but not if there was a problem with statement
  execution. The most probable case for such a case would be invalid
  sql inside the template, and this is now much easier to diagnose.
---------------------------------------------------------------------------
Version 3.21.11 [BETA] (rgerhards), 2009-04-03
- build system improvements contributed by Michael Biebl - thx!
- all patches from 3.20.5 incorporated (see it's ChangeLog entry)
---------------------------------------------------------------------------
Version 3.21.10 [BETA] (rgerhards), 2009-02-02
- bugfix: inconsistent use of mutex/atomic operations could cause segfault
  details are too many, for full analysis see blog post at:
  http://blog.gerhards.net/2009/01/rsyslog-data-race-analysis.html
- the string "Do Die" was accidently emited upon exit in non-debug mode
  This has now been corrected. Thanks to varmojfekoj for the patch.
- some legacy options were not correctly processed.
  Thanks to varmojfekoj for the patch.
- doc bugfix: v3-compatiblity document had typo in config directive
  thanks to Andrej for reporting this
---------------------------------------------------------------------------
Version 3.21.9 [BETA] (rgerhards), 2008-12-04
- re-release of 3.21.8 with an additional fix, that could also lead
  to DoS; 3.21.8 has been removed from the official download archives
- security fix: imudp emitted a message when a non-permitted sender
  tried to send a message to it. This behaviour is operator-configurable.
  If enabled, a message was emitted each time. That way an attacker could
  effectively fill the disk via this facility. The message is now
  emitted only once in a minute (this currently is a hard-coded limit,
  if someone comes up with a good reason to make it configurable, we
  will probably do that).
---------------------------------------------------------------------------
Version 3.21.8  [BETA] (rgerhards), 2008-12-04
- bugfix: imklog did not compile on FreeBSD
- security bugfix: $AllowedSender was not honored, all senders were
  permitted instead (see http://www.rsyslog.com/Article322.phtml)
- merged in all other changes from 3.20.1 (see there)
---------------------------------------------------------------------------
Version 3.21.7  [BETA] (rgerhards), 2008-11-11
- this is the new beta branch, based on the former 3.21.6 devel
- new functionality: ZERO property replacer nomatch option (from v3-stable)
---------------------------------------------------------------------------
Version 3.21.6  [DEVEL] (rgerhards), 2008-10-22
- consolidated time calls during msg object creation, improves performance
  and consistency
- bugfix: solved a segfault condition
- bugfix: subsecond time properties generated by imfile, imklog and
  internal messages could be slightly inconsistent
- bugfix: (potentially big) memory leak on HUP if queues could not be
  drained before timeout - thanks to David Lang for pointing this out
- added capability to support multiple module search pathes. Thank
  to Marius Tomaschewski for providing the patch.
- bugfix: im3195 did no longer compile
- improved "make distcheck" by ensuring everything relevant is recompiled
---------------------------------------------------------------------------
Version 3.21.5  [DEVEL] (rgerhards), 2008-09-30
- performance optimization: unnecessary time() calls during message
  parsing removed - thanks to David Lang for his excellent performance
  analysis
- added new capability to property replacer: multiple immediately
  successive field delimiters are treated as a single one.
  Thanks to Zhuang Yuyao for the patch.
- added message property "inputname", which contains the name of the
  input (module) that generated it. Presence is depending on suport in
  each input module (else it is blank).
- added system property "$myhostname", which contains the name of the
  local host as it knows itself.
- imported a number of fixes and enhancements from the stable and
  devel branches, including a fix to a potential segfault on HUP
  when using UDP listners
- re-enabled gcc builtin atomic operations and added a proper
  ./configure check
- bugfix: potential race condition when adding messages to queue
  There was a wrong order of mutex lock operations. It is hard to
  believe that really caused problems, but in theory it could and with
  threading we often see that theory becomes practice if something is only
  used long enough on a fast enough machine with enough CPUs ;)
- cleaned up internal debug system code and made it behave better
  in regard to multi-threading
---------------------------------------------------------------------------
Version 3.21.4  [DEVEL] (rgerhards), 2008-09-04
- removed compile time fixed message size limit (was 2K), limit can now
  be set via $MaxMessageSize global config directive (finally gotten rid
  of MAXLINE ;))
- enhanced doc for $ActionExecOnlyEveryNthTimeTimeout
- integrated a number of patches from 3.18.4, namely
  - bugfix: order-of magnitude issue with base-10 size definitions
    in config file parser. Could lead to invalid sizes, constraints
    etc for e.g. queue files and any other object whose size was specified
    in base-10 entities. Did not apply to binary entities. Thanks to
    RB for finding this bug and providing a patch.
  - bugfix: action was not called when system time was set backwards
    (until the previous time was reached again). There are still some
    side-effects when time is rolled back (A time rollback is really a bad
    thing to do, ideally the OS should issue pseudo time (like NetWare did)
    when the user tries to roll back time). Thanks to varmojfekoj for this
    patch.
  - doc bugfix: rsyslog.conf man page improved and minor nit fixed
    thanks to Lukas Kuklinek for the patch.
---------------------------------------------------------------------------
Version 3.21.3  [DEVEL] (rgerhards), 2008-08-13
- added ability to specify flow control mode for imuxsock
- added ability to execute actions only after the n-th call of the action
  This also lead to the addition of two new config directives:
  $ActionExecOnlyEveryNthTime and $ActionExecOnlyEveryNthTimeTimeout
  This feature is useful, for example, for alerting: it permits you to
  send an alert only after at least n occurences of a specific message
  have been seen by rsyslogd. This protectes against false positives
  due to waiting for additional confirmation.
- bugfix: IPv6 addresses could not be specified in forwarding actions
  New syntax @[addr]:port introduced to enable that. Root problem was IPv6
  addresses contain colons.
- somewhat enhanced debugging messages
- imported from 3.18.3:
  - enhanced ommysql to support custom port to connect to server
    Port can be set via new $ActionOmmysqlServerPort config directive
    Note: this was a very minor change and thus deemed appropriate to be
    done in the stable release.
  - bugfix: misspelled config directive, previously was
    $MainMsgQueueWorkeTimeoutrThreadShutdown, is now
    $MainMsgQueueWorkerTimeoutThreadShutdown. Note that the misspelled
    directive is not preserved - if the misspelled directive was used
    (which I consider highly unlikely), the config file must be changed.
    Thanks to lperr for reporting the bug.
---------------------------------------------------------------------------
Version 3.21.2  [DEVEL] (rgerhards), 2008-08-04
- added $InputUnixListenSocketHostName config directive, which permits to
  override the hostname being used on a local unix socket. This is useful
  for differentiating "hosts" running in several jails. Feature was
  suggested by David Darville, thanks for the suggestion.
- enhanced ommail to support multiple email recipients. This is done by
  specifying $ActionMailTo multiple times. Note that this introduces a
  small incompatibility to previous config file syntax: the recipient
  list is now reset for each action (we honestly believe that will
  not cause any problem - apologies if it does).
- enhanced troubleshooting documentation
---------------------------------------------------------------------------
Version 3.21.1  [DEVEL] (rgerhards), 2008-07-30
- bugfix: no error was reported if the target of a $IncludeConfig
  could not be accessed.
- added testbed for common config errors
- added doc for -u option to rsyslogd man page
- enhanced config file checking - no active actions are detected
- added -N rsyslogd command line option for a config validation run
  (which does not execute actual syslogd code and does not interfere
  with a running instance)
- somewhat improved emergency configuration. It is now also selected
  if the config contains no active actions
- rsyslogd error messages are now reported to stderr by default. can be
  turned off by the new "$ErrorMessagesToStderr off" directive
 Thanks to HKS for suggesting the new features.
---------------------------------------------------------------------------
Version 3.21.0  [DEVEL] (rgerhards), 2008-07-18
- starts a new devel branch
- added a generic test driver for RainerScript plus some test cases
  to the testbench
- added a small diagnostic tool to obtain result of gethostname() API
- imported all changes from 3.18.1 until today (some quite important,
  see below)
---------------------------------------------------------------------------
Version 3.20.6 [v3-stable] (rgerhards), 2009-04-16
- this is the last v3-stable for the 3.20.x series
- bugfix: $InputTCPMaxSessions config directive was accepted, but not
  honored. This resulted in a fixed upper limit of 200 connections.
- bugfix: the default for $DirCreateMode was 0644, and as such wrong.
  It has now been changed to 0700. For some background, please see
  http://lists.adiscon.net/pipermail/rsyslog/2009-April/001986.html
---------------------------------------------------------------------------
Version 3.20.5 [v3-stable] (rgerhards), 2009-04-02
- bugfix: potential abort with DA queue after high watermark is reached
  There exists a race condition that can lead to a segfault. Thanks
  go to vbernetr, who performed the analysis and provided patch, which
  I only tweaked a very little bit.
- fixed bugs in RainerScript:
  o when converting a number and a string to a common type, both were 
    actually converted to the other variable's type.
  o the value of rsCStrConvertToNumber() was miscalculated.
  Thanks to varmojfekoj for the patch
- fixed a bug in configure.ac which resulted in problems with
  environment detection - thanks to Michael Biebl for the patch
- fixed a potential segfault problem in gssapi code
  thanks to varmojfekoj for the patch
- doc enhance: provide standard template for MySQL module and instructions
  on how to modify schema
---------------------------------------------------------------------------
Version 3.20.4 [v3-stable] (rgerhards), 2009-02-09
- bugfix: inconsistent use of mutex/atomic operations could cause segfault
  details are too many, for full analysis see blog post at:
  http://blog.gerhards.net/2009/01/rsyslog-data-race-analysis.html
- bugfix: invalid ./configure settings for RFC3195
  thanks to Michael Biebl for the patch
- bugfix: invalid mutex access in msg.c
- doc bugfix: dist tarball missed 2 files, had one extra file that no
  longer belongs into it. Thanks to Michael Biebl for pointing this out.
---------------------------------------------------------------------------
Version 3.20.3 [v3-stable] (rgerhards), 2009-01-19
- doc bugfix: v3-compatiblity document had typo in config directive
  thanks to Andrej for reporting this
- fixed a potential segfault condition with $AllowedSender directive
  On HUP, the root pointers were not properly cleaned up. Thanks to
  Michael Biebl, olgoat, and Juha Koho for reporting and analyzing
  the bug.
---------------------------------------------------------------------------
Version 3.20.2 [v3-stable] (rgerhards), 2008-12-04
- re-release of 3.20.1 with an additional fix, that could also lead
  to DoS; 3.20.1 has been removed from the official download archives
- security fix: imudp emitted a message when a non-permitted sender
  tried to send a message to it. This behaviour is operator-configurable.
  If enabled, a message was emitted each time. That way an attacker could
  effectively fill the disk via this facility. The message is now
  emitted only once in a minute (this currently is a hard-coded limit,
  if someone comes up with a good reason to make it configurable, we
  will probably do that).
---------------------------------------------------------------------------
Version 3.20.1 [v3-stable] (rgerhards), 2008-12-04
- security bugfix: $AllowedSender was not honored, all senders were
  permitted instead
- enhance: regex nomatch option "ZERO" has been added
  This allows to return the string 0 if a regular expression is
  not found. This is probably useful for storing numerical values into
  database columns.
- bugfix: memory leak in gtls netstream driver fixed
  memory was lost each time a TLS session was torn down. This could 
  result in a considerable memory leak if it happened quite frequently
  (potential system crash condition)
- doc update: documented how to specify multiple property replacer
  options + link to new online regex generator tool added
- minor bufgfix: very small memory leak in gtls netstream driver
  around a handful of bytes (< 20) for each HUP
- improved debug output for regular expressions inside property replacer
  RE's seem to be a big trouble spot and I would like to have more
  information inside the debug log. So I decided to add some additional
  debug strings permanently.
---------------------------------------------------------------------------
Version 3.20.0 [v3-stable] (rgerhards), 2008-11-05
- this is the inital release of the 3.19.x branch as a stable release
- bugfix: double-free in pctp netstream driver. Thank to varmojfeko
  for the patch
---------------------------------------------------------------------------
Version 3.19.12 [BETA] (rgerhards), 2008-10-16
- bugfix: subseconds where not correctly extracted from a timestamp
  if that timestamp did not contain any subsecond information (the
  resulting string was garbagge but should have been "0", what it
  now is).
- increased maximum size of a configuration statement to 4K (was 1K)
- imported all fixes from the stable branch (quite a lot)
- bugfix: (potentially big) memory leak on HUP if queues could not be
  drained before timeout - thanks to David Lang for pointing this out
---------------------------------------------------------------------------
Version 3.19.11 [BETA] (rgerhards), 2008-08-25
This is a refresh of the beta. No beta-specific fixes have been added.
- included fixes from v3-stable (most importantly 3.18.3)
---------------------------------------------------------------------------
Version 3.19.10 [BETA] (rgerhards), 2008-07-15
- start of a new beta branch based on former 3.19 devel branch
- bugfix: bad memory leak in disk-based queue modes
- bugfix: UDP syslog forwarding did not work on all platforms
  the ai_socktype was incorrectly set to 1. On some platforms, this
  lead to failing name resolution (e.g. FreeBSD 7). Thanks to HKS for
  reporting the bug.
- bugfix: priority was incorrectly calculated on FreeBSD 7,
  because the LOG_MAKEPRI() C macro has a different meaning there (it
  is just a simple addition of faciltity and severity). I have changed
  this to use own, consistent, code for PRI calculation. Thank to HKS
  for reporting this bug.
- bugfix (cosmetical): authorization was not checked when gtls handshake
  completed immediately. While this sounds scary, the situation can not
  happen in practice. We use non-blocking IO only for server-based gtls
  session setup. As TLS requires the exchange of multiple frames before
  the handshake completes, it simply is impossible to do this in one
  step. However, it is useful to have the code path correct even for 
  this case - otherwise, we may run into problems if the code is changed
  some time later (e.g. to use blocking sockets). Thanks to varmojfekoj
  for providing the patch.
- important queue bugfix from 3.18.1 imported (see below)
- cleanup of some debug messages
---------------------------------------------------------------------------
Version 3.19.9 (rgerhards), 2008-07-07
- added tutorial for creating a TLS-secured syslog infrastructure
- rewritten omusrmsg to no longer fork() a new process for sending messages
  this caused some problems with the threading model, e.g. zombies. Also,
  it was far less optimal than it is now.
- bugfix: machine certificate was required for client even in TLS anon mode
  Reference: http://bugzilla.adiscon.com/show_bug.cgi?id=85
  The fix also slightly improves performance by not storing certificates in
  client sessions when there is no need to do so.
- bugfix: RainerScript syntax error was not always detected
---------------------------------------------------------------------------
Version 3.19.8 (rgerhards), 2008-07-01
- bugfix: gtls module did not correctly handle EGAIN (and similar) recv()
  states. This has been fixed by introducing a new abstraction layer inside
  gtls.
- added (internal) error codes to error messages; added redirector to
  web description of error codes
  closes bug http://bugzilla.adiscon.com/show_bug.cgi?id=20
- disabled compile warnings caused by third-party libraries
- reduced number of compile warnings in gcc's -pedantic mode
- some minor documentation improvements
- included all fixes from beta 3.17.5
---------------------------------------------------------------------------
Version 3.19.7 (rgerhards), 2008-06-11
- added new property replacer option "date-subseconds" that enables
  to query just the subsecond part of a high-precision timestamp
- somewhat improved plain tcp syslog reliability by doing a connection
  check before sending. Credits to Martin Schuette for providing the
  idea. Details are available at
  http://blog.gerhards.net/2008/06/reliable-plain-tcp-syslog-once-again.html
- made rsyslog tickless in the (usual and default) case that repeated
  message reduction is turned off. More info:
  http://blog.gerhards.net/2008/06/coding-to-save-environment.html
- some build system cleanup, thanks to Michael Biebl
- bugfix: compile under (Free)BSD failed due to some invalid library
  definitions - this is fixed now. Thanks to Michael Biebl for the patch.
---------------------------------------------------------------------------
Version 3.19.6 (rgerhards), 2008-06-06
- enhanced property replacer to support multiple regex matches
- bugfix: part of permittedPeer structure was not correctly initialized
  thanks to varmojfekoj for spotting this
- bugfix: off-by-one bug during certificate check
- bugfix: removed some memory leaks in TLS code
---------------------------------------------------------------------------
Version 3.19.5 (rgerhards), 2008-05-30
- enabled Posix ERE expressions inside the property replacer
  (previously BRE was permitted only)
- provided ability to specify that a regular expression submatch shall
  be used inside the property replacer
- implemented in property replacer: if a regular expression does not match,
  it can now either return "**NO MATCH** (default, as before), a blank
  property or the full original property text
- enhanced property replacer to support multiple regex matches
---------------------------------------------------------------------------
Version 3.19.4 (rgerhards), 2008-05-27
- implemented x509/certvalid gtls auth mode
- implemented x509/name gtls auth mode (including wildcards)
- changed fingerprint gtls auth mode to new format fingerprint
- protected gtls error string function by a mutex. Without it, we
  could have a race condition in extreme cases. This was very remote,
  but now can no longer happen.
- changed config directive name to reflect different use
  $ActionSendStreamDriverCertFingerprint is now
  $ActionSendStreamDriverPermittedPeer and can be used both for
  fingerprint and name authentication (similar to the input side)
- bugfix: sender information (fromhost et al) was missing in imudp
  thanks to sandiso for reporting this bug
- this release fully inplements IETF's syslog-transport-tls-12 plus
  the latest text changes Joe Salowey provided via email. Not included
  is ipAddress subjectAltName authentication, which I think will be
  dropped from the draft. I don't think there is any real need for it.
This release also includes all bug fix up to today from the beta
and stable branches. Most importantly, this means the bugfix for
100% CPU utilization by imklog.
---------------------------------------------------------------------------
Version 3.19.3 (rgerhards), 2008-05-21
- added ability to authenticate the server against its certificate
  fingerprint
- added ability for client to provide its fingerprint
- added ability for server to obtain client cert's fingerprint
- bugfix: small mem leak in omfwd on exit (strmdriver name was not freed)
- bugfix: $ActionSendStreamDriver had no effect
- bugfix: default syslog port was no longer used if none was
  configured. Thanks to varmojfekoj for the patch
- bugfix: missing linker options caused build to fail on some
  systems. Thanks to Tiziano Mueller for the patch.
---------------------------------------------------------------------------
Version 3.19.2 (rgerhards), 2008-05-16
- bugfix: TCP input modules did incorrectly set fromhost property
  (always blank)
- bugfix: imklog did not set fromhost property
- added "fromhost-ip" property
  Note that adding this property changes the on-disk format for messages.
  However, that should not have any bad effect on existing spool files.
  But you will run into trouble if you create a spool file with this
  version and then try to process it with an older one (after a downgrade).
  Don't do that ;)
- added "RSYSLOG_DebugFormat" canned template
- bugfix: hostname and fromhost were swapped when a persisted message
  (in queued mode) was read in
- bugfix: lmtcpclt, lmtcpsrv and lmgssutil did all link to the static
  runtime library, resulting in a large size increase (and potential
  "interesting" effects). Thanks to Michael Biebl for reporting the size
  issue.
- bugfix: TLS server went into an endless loop in some situations.
  Thanks to Michael Biebl for reporting the problem.
- fixed potential segfault due to invalid call to cfsysline
  thanks to varmojfekoj for the patch
---------------------------------------------------------------------------
Version 3.19.1 (rgerhards), 2008-05-07
- configure help for --enable-gnutls wrong - said default is "yes" but
  default actually is "no" - thanks to darix for pointing this out
- file dirty.h was missing - thanks to darix for pointing this out
- bugfix: man files were not properly distributed - thanks to
  darix for reporting and to Michael Biebl for help with the fix
- some minor cleanup
---------------------------------------------------------------------------
Version 3.19.0 (rgerhards), 2008-05-06
- begins new devel branch version
- implemented TLS for plain tcp syslog (this is also the world's first
  implementation of IETF's upcoming syslog-transport-tls draft)
- partly rewritten and improved omfwd among others, now loads TCP
  code only if this is actually necessary
- split of a "runtime library" for rsyslog - this is not yet a clean
  model, because some modularization is still outstanding. In theory,
  this shall enable other utilities but rsyslogd to use the same
  runtime
- implemented im3195, the RFC3195 input as a plugin
- changed directory structure, files are now better organized
- a lot of cleanup in regard to modularization
- -c option no longer must be the first option - thanks to varmjofekoj
  for the patch
---------------------------------------------------------------------------
Version 3.18.7 (rgerhards), 2008-12-??
- bugfix: the default for $DirCreateMode was 0644, and as such wrong.
  It has now been changed to 0700. For some background, please see
  http://lists.adiscon.net/pipermail/rsyslog/2009-April/001986.html
- fixed a potential segfault condition with $AllowedSender directive
  On HUP, the root pointers were not properly cleaned up. Thanks to
  Michael Biebl, olgoat, and Juha Koho for reporting and analyzing
  the bug.
- some legacy options were not correctly processed.
  Thanks to varmojfekoj for the patch.
- doc bugfix: some spelling errors in man pages corrected. Thanks to
  Geoff Simmons for the patch.
---------------------------------------------------------------------------
Version 3.18.6 (rgerhards), 2008-12-08
- security bugfix: $AllowedSender was not honored, all senders were
  permitted instead (see http://www.rsyslog.com/Article322.phtml)
  (backport from v3-stable, v3.20.9)
- minor bugfix: dual close() call on tcp session closure
---------------------------------------------------------------------------
Version 3.18.5 (rgerhards), 2008-10-09
- bugfix: imudp input module could cause segfault on HUP
  It did not properly de-init a variable acting as a linked list head.
  That resulted in trying to access freed memory blocks after the HUP.
- bugfix:  rsyslogd could hang on HUP
  because getnameinfo() is not cancel-safe, but was not guarded against
  being cancelled. pthread_cancel() is routinely being called during
  HUP processing.
- bugfix[minor]: if queue size reached light_delay mark, enqueuing
  could potentially be blocked for a longer period of time, which
  was not the behaviour desired.
- doc bugfix: $ActionExecOnlyWhenPreviousIsSuspended was still misspelled
  as $...OnlyIfPrev... in some parts of the documentation. Thanks to 
  Lorenzo M. Catucci for reporting this bug.
- added doc on malformed messages, cause and how to work-around, to the
  doc set
- added doc on how to build from source repository
---------------------------------------------------------------------------
Version 3.18.4 (rgerhards), 2008-09-18
- bugfix: order-of magnitude issue with base-10 size definitions
  in config file parser. Could lead to invalid sizes, constraints
  etc for e.g. queue files and any other object whose size was specified
  in base-10 entities. Did not apply to binary entities. Thanks to
  RB for finding this bug and providing a patch.
- bugfix: action was not called when system time was set backwards
  (until the previous time was reached again). There are still some
  side-effects when time is rolled back (A time rollback is really a bad
  thing to do, ideally the OS should issue pseudo time (like NetWare did)
  when the user tries to roll back time). Thanks to varmojfekoj for this
  patch.
- doc bugfix: rsyslog.conf man page improved and minor nit fixed
  thanks to Lukas Kuklinek for the patch.
- bugfix: error code -2025 was used for two different errors. queue full
  is now -2074 and -2025 is unique again. (did cause no real problem
  except for troubleshooting)
- bugfix: default discard severity was incorrectly set to 4, which lead
  to discard-on-queue-full to be enabled by default. That could cause
  message loss where non was expected.  The default has now been changed
  to the correct value of 8, which disables the functionality. This
  problem applied both to the main message queue and the action queues.
  Thanks to Raoul Bhatia for pointing out this problem.
- bugfix: option value for legacy -a option could not be specified,
  resulting in strange operations. Thanks to Marius Tomaschewski
  for the patch.
- bugfix: colon after date should be ignored, but was not. This has
  now been corrected. Required change to the internal ParseTIMESTAMP3164()
  interface.
---------------------------------------------------------------------------
Version 3.18.3 (rgerhards), 2008-08-18
- bugfix: imfile could cause a segfault upon rsyslogd HUP and termination
  Thanks to lperr for an excellent bug report that helped detect this
  problem.
- enhanced ommysql to support custom port to connect to server
  Port can be set via new $ActionOmmysqlServerPort config directive
  Note: this was a very minor change and thus deemed appropriate to be
  done in the stable release.
- bugfix: misspelled config directive, previously was
  $MainMsgQueueWorkeTimeoutrThreadShutdown, is now
  $MainMsgQueueWorkerTimeoutThreadShutdown. Note that the misspelled
  directive is not preserved - if the misspelled directive was used
  (which I consider highly unlikely), the config file must be changed.
  Thanks to lperr for reporting the bug.
- disabled flow control for imuxsock, as it could cause system hangs
  under some circumstances. The devel (3.21.3 and above) will
  re-enable it and provide enhanced configurability to overcome the
  problems if they occur.
---------------------------------------------------------------------------
Version 3.18.2 (rgerhards), 2008-08-08
- merged in IPv6 forwarding address bugfix from v2-stable
---------------------------------------------------------------------------
Version 3.18.1 (rgerhards), 2008-07-21
- bugfix: potential segfault in creating message mutex in non-direct queue
  mode. rsyslogd segfaults on freeeBSD 7.0 (an potentially other platforms)
  if an action queue is running in any other mode than non-direct. The
  same problem can potentially be triggered by some main message queue
  settings. In any case, it will manifest during rsylog's startup. It is
  unlikely to happen after a successful startup (the only window of
  exposure may be a relatively seldom executed action running in queued
  mode). This has been corrected. Thank to HKS for point out the problem.
- bugfix: priority was incorrectly calculated on FreeBSD 7,
  because the LOG_MAKEPRI() C macro has a different meaning there (it
  is just a simple addition of faciltity and severity). I have changed
  this to use own, consistent, code for PRI calculation. [Backport from
  3.19.10]
- bugfix: remove PRI part from kernel message if it is present
  Thanks to Michael Biebl for reporting this bug
- bugfix: mark messages were not correctly written to text log files
  the markmessageinterval was not correctly propagated to all places
  where it was needed. This resulted in rsyslog using the default
  (20 minutes) in some code pathes, what looked to the user like mark
  messages were never written.
- added a new property replacer option "sp-if-no-1st-sp" to cover
  a problem with RFC 3164 based interpreation of tag separation. While
  it is a generic approach, it fixes a format problem introduced in
  3.18.0, where kernel messages no longer had a space after the tag.
  This is done by a modifcation of the default templates.
  Please note that this may affect some messages where there intentionally
  is no space between the tag and the first character of the message
  content. If so, this needs to be worked around via a specific
  template. However, we consider this scenario to be quite remote and,
  even if it exists, it is not expected that it will actually cause
  problems with log parsers (instead, we assume the new default template
  behaviour may fix previous problems with log parsers due to the 
  missing space).
- bugfix: imklog module was not correctly compiled for GNU/kFreeBSD.
  Thanks to Petr Salinger for the patch
- doc bugfix: property replacer options secpath-replace and
  secpath-drop were not documented
- doc bugfix: fixed some typos in rsyslog.conf man page
- fixed typo in source comment  - thanks to Rio Fujita
- some general cleanup (thanks to Michael Biebl)
---------------------------------------------------------------------------
Version 3.18.0 (rgerhards), 2008-07-11
- begun a new v3-stable based on former 3.17.4 beta plus patches to
  previous v3-stable
- bugfix in RainerScript: syntax error was not always detected
---------------------------------------------------------------------------
Version 3.17.5 (rgerhards), 2008-06-27
- added doc: howto set up a reliable connection to remote server via
  queued mode (and plain tcp protocol)
- bugfix: comments after actions were not properly treated. For some
  actions (e.g. forwarding), this could also lead to invalid configuration
---------------------------------------------------------------------------
Version 3.17.4 (rgerhards), 2008-06-16
- changed default for $KlogSymbolLookup to "off". The directive is
  also scheduled for removal in a later version. This was necessary
  because on kernels >= 2.6, the kernel does the symbol lookup itself. The
  imklog lookup logic then breaks the log message and makes it unusable.
---------------------------------------------------------------------------
Version 3.17.3 (rgerhards), 2008-05-28
- bugfix: imklog went into an endless loop if a PRI value was inside
  a kernel log message (unusual case under Linux, frequent under BSD)
---------------------------------------------------------------------------
Version 3.17.2 (rgerhards), 2008-05-04
- this version is the new beta, based on 3.17.1 devel feature set
- merged in imklog bug fix from v3-stable (3.16.1)
---------------------------------------------------------------------------
Version 3.17.1 (rgerhards), 2008-04-15
- removed dependency on MAXHOSTNAMELEN as much as it made sense.
  GNU/Hurd does not define it (because it has no limit), and we have taken
  care for cases where it is undefined now. However, some very few places
  remain where IMHO it currently is not worth fixing the code. If it is
  not defined, we have used a generous value of 1K, which is above IETF
  RFC's on hostname length at all. The memory consumption is no issue, as
  there are only a handful of this buffers allocated *per run* -- that's
  also the main reason why we consider it not worth to be fixed any further.
- enhanced legacy syslog parser to handle slightly malformed messages
  (with a space in front of the timestamp) - at least HP procurve is
  known to do that and I won't outrule that others also do it. The 
  change looks quite unintrusive and so we added it to the parser.
- implemented klogd functionality for BSD
- implemented high precision timestamps for the kernel log. Thanks to
  Michael Biebl for pointing out that the kernel log did not have them.
- provided ability to discard non-kernel messages if they are present
  in the kernel log (seems to happen on BSD)
- implemented $KLogInternalMsgFacility config directive
- implemented $KLogPermitNonKernelFacility config directive
Plus a number of bugfixes that were applied to v3-stable and beta
branches (not mentioned here in detail).
---------------------------------------------------------------------------
Version 3.17.0 (rgerhards), 2008-04-08
- added native ability to send mail messages
- removed no longer needed file relptuil.c/.h
- added $ActionExecOnlyOnceEveryInterval config directive
- bugfix: memory leaks in script engine
- bugfix: zero-length strings were not supported in object
  deserializer
- properties are now case-insensitive everywhere (script, filters,
  templates)
- added the capability to specify a processing (actually dequeue)
  timeframe with queues - so things can be configured to be done
  at off-peak hours
- We have removed the 32 character size limit (from RFC3164) on the
  tag. This had bad effects on existing envrionments, as sysklogd didn't
  obey it either (probably another bug in RFC3164...). We now receive
  the full size, but will modify the outputs so that only 32 characters
  max are used by default. If you need large tags in the output, you need
  to provide custom templates.
- changed command line processing. -v, -M, -c options are now parsed
  and processed before all other options. Inter-option dependencies
  have been relieved. Among others, permits to specify intial module
  load path via -M only (not the environment) which makes it much
  easier to work with non-standard module library locations. Thanks
  to varmojfekoj for suggesting this change. Matches bugzilla bug 55.
- bugfix: some messages were emited without hostname
Plus a number of bugfixes that were applied to v3-stable and beta
branches (not mentioned here in detail).
---------------------------------------------------------------------------
Version 3.16.3 (rgerhards), 2008-07-11
- updated information on rsyslog packages
- bugfix: memory leak in disk-based queue modes
---------------------------------------------------------------------------
Version 3.16.2 (rgerhards), 2008-06-25
- fixed potential segfault due to invalid call to cfsysline
  thanks to varmojfekoj for the patch
- bugfix: some whitespaces where incorrectly not ignored when parsing
  the config file. This is now corrected. Thanks to Michael Biebl for
  pointing out the problem.
---------------------------------------------------------------------------
Version 3.16.1 (rgerhards), 2008-05-02
- fixed a bug in imklog which lead to startup problems (including
  segfault) on some platforms under some circumsances. Thanks to
  Vieri for reporting this bug and helping to troubleshoot it.
---------------------------------------------------------------------------
Version 3.16.0 (rgerhards), 2008-04-24
- new v3-stable (3.16.x) based on beta 3.15.x (RELP support)
- bugfix: omsnmp had a too-small sized buffer for hostname+port. This
  could not lead to a segfault, as snprintf() was used, but could cause
  some trouble with extensively long hostnames.
- applied patch from Tiziano Müller to remove some compiler warnings
- added gssapi overview/howto thanks to Peter Vrabec
- changed some files to grant LGPLv3 extended persmissions on top of GPLv3
  this also is the first sign of something that will evolve into a
  well-defined "rsyslog runtime library"
---------------------------------------------------------------------------
Version 3.15.1 (rgerhards), 2008-04-11
- bugfix: some messages were emited without hostname
- disabled atomic operations for the time being because they introduce some
  cross-platform trouble - need to see how to fix this in the best 
  possible way
- bugfix: zero-length strings were not supported in object
  deserializer
- added librelp check via PKG_CHECK thanks to Michael Biebl's patch
- file relputil.c deleted, is not actually needed
- added more meaningful error messages to rsyslogd (when some errors
  happens during startup)
- bugfix: memory leaks in script engine
- bugfix: $hostname and $fromhost in RainerScript did not work
This release also includes all changes applied to the stable versions
up to today.
---------------------------------------------------------------------------
Version 3.15.0 (rgerhards), 2008-04-01
- major new feature: imrelp/omrelp support reliable delivery of syslog
  messages via the RELP protocol and librelp (http://www.librelp.com).
  Plain tcp syslog, so far the best reliability solution, can lose
  messages when something goes wrong or a peer goes down. With RELP,
  this can no longer happen. See imrelp.html for more details.
- bugfix: rsyslogd was no longer build by default; man pages are 
  only installed if corresponding option is selected. Thanks to
  Michael Biebl for pointing these problems out.
---------------------------------------------------------------------------
Version 3.14.2 (rgerhards), 2008-04-09
- bugfix: segfault with expression-based filters
- bugfix: omsnmp did not deref errmsg object on exit (no bad effects caused)
- some cleanup
- bugfix: imklog did not work well with kernel 2.6+. Thanks to Peter
  Vrabec for patching it based on the development in sysklogd - and thanks
  to the sysklogd project for upgrading klogd to support the new
  functionality
- some cleanup in imklog
- bugfix: potential segfault in imklog when kernel is compiled without
  /proc/kallsyms and the file System.map is missing. Thanks to
  Andrea Morandi for pointing it out and suggesting a fix.
- bugfixes, credits to varmojfekoj:
  * reset errno before printing a warning message
  * misspelled directive name in code processing legacy options
- bugfix: some legacy options not correctly interpreted - thanks to
  varmojfekoj for the patch
- improved detection of modules being loaded more than once
  thanks to varmojfekoj for the patch
---------------------------------------------------------------------------
Version 3.14.1 (rgerhards), 2008-04-04
- bugfix: some messages were emited without hostname
- bugfix: rsyslogd was no longer build by default; man pages are 
  only installed if corresponding option is selected. Thanks to
  Michael Biebl for pointing these problems out.
- bugfix: zero-length strings were not supported in object
  deserializer
- disabled atomic operations for this stable build as it caused
  platform problems
- bugfix: memory leaks in script engine
- bugfix: $hostname and $fromhost in RainerScript did not work
- bugfix: some memory leak when queue is runing in disk mode
- man pages improved thanks to varmofekoj and Peter Vrabec
- We have removed the 32 character size limit (from RFC3164) on the
  tag. This had bad effects on existing envrionments, as sysklogd didn't
  obey it either (probably another bug in RFC3164...). We now receive
  the full size, but will modify the outputs so that only 32 characters
  max are used by default. If you need large tags in the output, you need
  to provide custom templates.
- bugfix: some memory leak when queue is runing in disk mode
---------------------------------------------------------------------------
Version 3.14.0 (rgerhards), 2008-04-02
An interim version was accidently released to the web. It was named 3.14.0.
To avoid confusion, we have not assigned this version number to any
official release. If you happen to use 3.14.0, please update to 3.14.1.
---------------------------------------------------------------------------
Version 3.13.0-dev0 (rgerhards), 2008-03-31
- bugfix: accidently set debug option in 3.12.5 reset to production
  This option prevented dlclose() to be called. It had no real bad effects,
  as the modules were otherwise correctly deinitialized and dlopen()
  supports multiple opens of the same module without any memory footprint.
- removed --enable-mudflap, added --enable-valgrind ./configure setting
- bugfix: tcp receiver could segfault due to uninitialized variable
- docfix: queue doc had a wrong directive name that prevented max worker
  threads to be correctly set
- worked a bit on atomic memory operations to support problem-free
  threading (only at non-intrusive places)
- added a --enable/disable-rsyslogd configure option so that
  source-based packaging systems can build plugins without the need
  to compile rsyslogd
- some cleanup
- test of potential new version number scheme
---------------------------------------------------------------------------
Version 3.12.5 (rgerhards), 2008-03-28
- changed default for "last message repeated n times", which is now
  off by default
- implemented backward compatibility commandline option parsing
- automatically generated compatibility config lines are now also
  logged so that a user can diagnose problems with them
- added compatibility mode for -a, -o and -p options
- compatibility mode processing finished
- changed default file output format to include high-precision timestamps
- added a buid-in template for previous syslogd file format
- added new $ActionFileDefaultTemplate directive
- added support for high-precision timestamps when receiving legacy
  syslog messages
- added new $ActionForwardDefaultTemplate directive
- added new $ActionGSSForwardDefaultTemplate directive
- added build-in templates for easier configuration
- bugfix: fixed small memory leak in tcpclt.c
- bugfix: fixed small memory leak in template regular expressions
- bugfix: regular expressions inside property replacer did not work
  properly
- bugfix: QHOUR and HHOUR properties were wrongly calculated
- bugfix: fixed memory leaks in stream class and imfile
- bugfix: $ModDir did invalid bounds checking, potential overlow in
  dbgprintf() - thanks to varmojfekoj for the patch
- bugfix: -t and -g legacy options max number of sessions had a wrong
  and much too high value
---------------------------------------------------------------------------
Version 3.12.4 (rgerhards), 2008-03-25
- Greatly enhanced rsyslogd's file write performance by disabling
  file syncing capability of output modules by default. This
  feature is usually not required, not useful and an extreme performance
  hit (both to rsyslogd as well as the system at large). Unfortunately,
  most users enable it by default, because it was most intuitive to enable
  it in plain old sysklogd syslog.conf format. There is now the
  $ActionFileEnableSync config setting which must be enabled in order to
  support syncing. By default it is off. So even if the old-format config
  lines request syncing, it is not done unless explicitely enabled. I am
  sure this is a very useful change and not a risk at all. I need to think
  if I undo it under compatibility mode, but currently this does not
  happen (I fear a lot of lazy users will run rsyslogd in compatibility
  mode, again bringing up this performance problem...).
- added flow control options to other input sources
- added $HHOUR and $QHOUR system properties - can be used for half- and
  quarter-hour logfile rotation
- changed queue's discard severities default value to 8 (do not discard)
  to prevent unintentional message loss
- removed a no-longer needed callback from the output module 
  interface. Results in reduced code complexity.
- bugfix/doc: removed no longer supported -h option from man page
- bugfix: imklog leaked several hundered KB on each HUP. Thanks to
  varmojfekoj for the patch
- bugfix: potential segfault on module unload. Thanks to varmojfekoj for
  the patch
- bugfix: fixed some minor memory leaks
- bugfix: fixed some slightly invalid memory accesses
- bugfix: internally generated messages had "FROMHOST" property not set
---------------------------------------------------------------------------
Version 3.12.3 (rgerhards), 2008-03-18
- added advanced flow control for congestion cases (mode depending on message
  source and its capablity to be delayed without bad side effects)
- bugfix: $ModDir should not be reset on $ResetConfig - this can cause a lot
  of confusion and there is no real good reason to do so. Also conflicts with
  the new -M option and environment setting.
- bugfix: TCP and GSSAPI framing mode variable was uninitialized, leading to
  wrong framing (caused, among others, interop problems)
- bugfix: TCP (and GSSAPI) octet-counted frame did not work correctly in all
  situations. If the header was split across two packet reads, it was invalidly
  processed, causing loss or modification of messages.
- bugfix: memory leak in imfile
- bugfix: duplicate public symbol in omfwd and omgssapi could lead to
  segfault. thanks to varmojfekoj for the patch.
- bugfix: rsyslogd aborted on sigup - thanks to varmojfekoj for the patch
- some more internal cleanup ;)
- begun relp modules, but these are not functional yet
- Greatly enhanced rsyslogd's file write performance by disabling
  file syncing capability of output modules by default. This
  feature is usually not required, not useful and an extreme performance
  hit (both to rsyslogd as well as the system at large). Unfortunately,
  most users enable it by default, because it was most intuitive to enable
  it in plain old sysklogd syslog.conf format. There is now a new config
  setting which must be enabled in order to support syncing. By default it
  is off. So even if the old-format config lines request syncing, it is
  not done unless explicitely enabled. I am sure this is a very useful
  change and not a risk at all. I need to think if I undo it under
  compatibility mode, but currently this does not happen (I fear a lot of
  lazy users will run rsyslogd in compatibility mode, again bringing up
  this performance problem...).
---------------------------------------------------------------------------
Version 3.12.2 (rgerhards), 2008-03-13
- added RSYSLOGD_MODDIR environment variable
- added -M rsyslogd option (allows to specify module directory location)
- converted net.c into a loadable library plugin
- bugfix: debug module now survives unload of loadable module when
  printing out function call data
- bugfix: not properly initialized data could cause several segfaults if
  there were errors in the config file - thanks to varmojfekoj for the patch
- bugfix: rsyslogd segfaulted when imfile read an empty line - thanks
  to Johnny Tan for an excellent bug report
- implemented dynamic module unload capability (not visible to end user)
- some more internal cleanup
- bugfix: imgssapi segfaulted under some conditions; this fix is actually
  not just a fix but a change in the object model. Thanks to varmojfekoj
  for providing the bug report, an initial fix and lots of good discussion
  that lead to where we finally ended up.
- improved session recovery when outbound tcp connection breaks, reduces
  probability of message loss at the price of a highly unlikely potential
  (single) message duplication
---------------------------------------------------------------------------
Version 3.12.1 (rgerhards), 2008-03-06
- added library plugins, which can be automatically loaded
- bugfix: actions were not correctly retried; caused message loss
- changed module loader to automatically add ".so" suffix if not
  specified (over time, this shall also ease portability of config
  files)
- improved debugging support; debug runtime options can now be set via
  an environment variable
- bugfix: removed debugging code that I forgot to remove before releasing
  3.12.0 (does not cause harm and happened only during startup)
- added support for the MonitorWare syslog MIB to omsnmp
- internal code improvements (more code converted into classes)
- internal code reworking of the imtcp/imgssapi module
- added capability to ignore client-provided timestamp on unix sockets and
  made this mode the default; this was needed, as some programs (e.g. sshd)
  log with inconsistent timezone information, what messes up the local
  logs (which by default don't even contain time zone information). This
  seems to be consistent with what sysklogd did for the past four years.
  Alternate behaviour may be desirable if gateway-like processes send
  messages via the local log slot - in this case, it can be enabled
  via the $InputUnixListenSocketIgnoreMsgTimestamp and
  $SystemLogSocketIgnoreMsgTimestamp config directives
- added ability to compile on HP UX; verified that imudp worked on HP UX;
  however, we are still in need of people trying out rsyslogd on HP UX,
  so it can not yet be assumed it runs there
- improved session recovery when outbound tcp connection breaks, reduces
  probability of message loss at the price of a highly unlikely potential
  (single) message duplication
---------------------------------------------------------------------------
Version 3.12.0 (rgerhards), 2008-02-28
- added full expression support for filters; filters can now contain
  arbitrary complex boolean, string and arithmetic expressions
---------------------------------------------------------------------------
Version 3.11.6 (rgerhards), 2008-02-27
- bugfix: gssapi libraries were still linked to rsyslog core, what should
  no longer be necessary. Applied fix by Michael Biebl to solve this.
- enabled imgssapi to be loaded side-by-side with imtcp
- added InputGSSServerPermitPlainTCP config directive
- split imgssapi source code somewhat from imtcp
- bugfix: queue cancel cleanup handler could be called with
  invalid pointer if dequeue failed
- bugfix: rsyslogd segfaulted on second SIGHUP
  tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=38
- improved stability of queue engine
- bugfix: queue disk file were not properly persisted when 
  immediately after closing an output file rsyslog was stopped
  or huped (the new output file open must NOT have happend at
  that point) - this lead to a sparse and invalid queue file
  which could cause several problems to the engine (unpredictable
  results). This situation should have happened only in very
  rare cases. tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=40
- bugfix: during queue shutdown, an assert invalidly triggered when
  the primary queue's DA worker was terminated while the DA queue's
  regular worker was still executing. This could result in a segfault
  during shutdown.
  tracker: http://bugzilla.adiscon.com/show_bug.cgi?id=41
- bugfix: queue properties sizeOnDisk, bytesRead were persisted to 
  disk with wrong data type (long instead of int64) - could cause
  problems on 32 bit machines
- bugfix: queue aborted when it was shut down, DA-enabled, DA mode
  was just initiated but not fully initialized (a race condition)
- bugfix: imfile could abort under extreme stress conditions
  (when it was terminated before it could open all of its
  to be monitored files)
- applied patch from varmojfekoj to fix an issue with compatibility 
  mode and default module directories (many thanks!):
  I've also noticed a bug in the compatibility code; the problem is that 
  options are parsed before configuration file so options which need a 
  module to be loaded will currently ignore any $moddir directive. This 
  can be fixed by moving legacyOptsHook() after config file parsing. 
  (see the attached patch) This goes against the logical order of 
  processing, but the legacy options are only few and it doesn't seem to 
  be a problem.
- bugfix: object property deserializer did not handle negative numbers
---------------------------------------------------------------------------
Version 3.11.5 (rgerhards), 2008-02-25
- new imgssapi module, changed imtcp module - this enables to load/package
  GSSAPI support separately - thanks to varmojfekoj for the patch
- compatibility mode (the -c option series) is now at least partly
  completed - thanks to varmojfekoj for the patch
- documentation for imgssapi and imtcp added
- duplicate $ModLoad's for the same module are now detected and
  rejected -- thanks to varmojfekoj for the patch
---------------------------------------------------------------------------
Version 3.11.4 (rgerhards), 2008-02-21
- bugfix: debug.html was missing from release tarball - thanks to Michael
  Biebl for bringing this to my attention
- some internal cleanup on the stringbuf object calling interface
- general code cleanup and further modularization
- $MainMessageQueueDiscardSeverity can now also handle textual severities
  (previously only integers)
- bugfix: message object was not properly synchronized when the 
  main queue had a single thread and non-direct action queues were used
- some documentation improvements
---------------------------------------------------------------------------
Version 3.11.3 (rgerhards), 2008-02-18
- fixed a bug in imklog which lead to duplicate message content in
  kernel logs
- added support for better plugin handling in libdbi (we contributed
  a patch to do that, we just now need to wait for the next libdbi
  version)
- bugfix: fixed abort when invalid template was provided to an action
  bug http://bugzilla.adiscon.com/show_bug.cgi?id=4
- re-instantiated SIGUSR1 function; added SIGUSR2 to generate debug
  status output
- added some documentation on runtime-debug settings
- slightly improved man pages for novice users
---------------------------------------------------------------------------
Version 3.11.2 (rgerhards), 2008-02-15
- added the capability to monitor text files and process their content
  as syslog messages (including forwarding)
- added support for libdbi, a database abstraction layer. rsyslog now
  also supports the following databases via dbi drivers:
  * Firebird/Interbase
  * FreeTDS (access to MS SQL Server and Sybase)
  * SQLite/SQLite3
  * Ingres (experimental)
  * mSQL (experimental)
  * Oracle (experimental)
  Additional drivers may be provided by the libdbi-drivers project, which
  can be used by rsyslog as soon as they become available.
- removed some left-over unnecessary dbgprintf's (cluttered screen,
  cosmetic)
- doc bugfix: html documentation for omsnmp was missing
---------------------------------------------------------------------------
Version 3.11.1 (rgerhards), 2008-02-12
- SNMP trap sender added thanks to Andre Lorbach (omsnmp)
- added input-plugin interface specification in form of a (copy) template
  input module
- applied documentation fix by Michael Biebl -- many thanks!
- bugfix: immark did not have MARK flags set...
- added x-info field to rsyslogd startup/shutdown message. Hopefully
  points users to right location for further info (many don't even know
  they run rsyslog ;))
- bugfix: trailing ":" of tag was lost while parsing legacy syslog messages
  without timestamp - thanks to Anders Blomdell for providing a patch!
- fixed a bug in stringbuf.c related to STRINGBUF_TRIM_ALLOCSIZE, which
  wasn't supposed to be used with rsyslog. Put a warning message up that
  tells this feature is not tested and probably not worth the effort.
  Thanks to Anders Blomdell fro bringing this to our attention
- somewhat improved performance of string buffers
- fixed bug that caused invalid treatment of tabs (HT) in rsyslog.conf
- bugfix: setting for $EscapeCopntrolCharactersOnReceive was not 
  properly initialized
- clarified usage of space-cc property replacer option
- improved abort diagnostic handler
- some initial effort for malloc/free runtime debugging support
- bugfix: using dynafile actions caused rsyslogd abort
- fixed minor man errors thanks to Michael Biebl
---------------------------------------------------------------------------
Version 3.11.0 (rgerhards), 2008-01-31
- implemented queued actions
- implemented simple rate limiting for actions
- implemented deliberate discarding of lower priority messages over higher
  priority ones when a queue runs out of space
- implemented disk quotas for disk queues
- implemented the $ActionResumeRetryCount config directive
- added $ActionQueueFilename config directive
- added $ActionQueueSize config directive
- added $ActionQueueHighWaterMark config directive
- added $ActionQueueLowWaterMark config directive
- added $ActionQueueDiscardMark config directive
- added $ActionQueueDiscardSeverity config directive
- added $ActionQueueCheckpointInterval config directive
- added $ActionQueueType config directive
- added $ActionQueueWorkerThreads config directive
- added $ActionQueueTimeoutshutdown config directive
- added $ActionQueueTimeoutActionCompletion config directive
- added $ActionQueueTimeoutenQueue config directive
- added $ActionQueueTimeoutworkerThreadShutdown config directive
- added $ActionQueueWorkerThreadMinimumMessages config directive
- added $ActionQueueMaxFileSize config directive
- added $ActionQueueSaveonShutdown config directive
- addded $ActionQueueDequeueSlowdown config directive
- addded $MainMsgQueueDequeueSlowdown config directive
- bugfix: added forgotten docs to package
- improved debugging support
- fixed a bug that caused $MainMsgQueueCheckpointInterval to work incorrectly
- when a long-running action needs to be cancelled on shutdown, the message
  that was processed by it is now preserved. This finishes support for
  guaranteed delivery of messages (if the output supports it, of course)
- fixed bug in output module interface, see
  http://sourceforge.net/tracker/index.php?func=detail&aid=1881008&group_id=123448&atid=696552
- changed the ommysql output plugin so that the (lengthy) connection
  initialization now takes place in message processing. This works much
  better with the new queued action mode (fast startup)
- fixed a bug that caused a potential hang in file and fwd output module
  varmojfekoj provided the patch - many thanks!
- bugfixed stream class offset handling on 32bit platforms
---------------------------------------------------------------------------
Version 3.10.3 (rgerhards), 2008-01-28
- fixed a bug with standard template definitions (not a big deal) - thanks
  to varmojfekoj for spotting it
- run-time instrumentation added
- implemented disk-assisted queue mode, which enables on-demand disk
  spooling if the queue's in-memory queue is exhausted
- implemented a dynamic worker thread pool for processing incoming
  messages; workers are started and shut down as need arises
- implemented a run-time instrumentation debug package
- implemented the $MainMsgQueueSaveOnShutdown config directive
- implemented the $MainMsgQueueWorkerThreadMinimumMessages config directive
- implemented the $MainMsgQueueTimeoutWorkerThreadShutdown config directive
---------------------------------------------------------------------------
Version 3.10.2 (rgerhards), 2008-01-14
- added the ability to keep stop rsyslogd without the need to drain
  the main message queue. In disk queue mode, rsyslog continues to
  run from the point where it stopped. In case of a system failure, it
  continues to process messages from the last checkpoint.
- fixed a bug that caused a segfault on startup when no $WorkDir directive
  was specified in rsyslog.conf
- provided more fine-grain control over shutdown timeouts and added a
  way to specify the enqueue timeout when the main message queue is full
- implemented $MainMsgQueueCheckpointInterval config directive
- implemented $MainMsgQueueTimeoutActionCompletion config directive
- implemented $MainMsgQueueTimeoutEnqueue config directive
- implemented $MainMsgQueueTimeoutShutdown config directive
---------------------------------------------------------------------------
Version 3.10.1 (rgerhards), 2008-01-10
- implemented the "disk" queue mode. However, it currently is of very
  limited use, because it does not support persistence over rsyslogd
  runs. So when rsyslogd is stopped, the queue is drained just as with
  the in-memory queue modes. Persistent queues will be a feature of
  the next release.
- performance-optimized string class, should bring an overall improvement
- fixed a memory leak in imudp -- thanks to varmojfekoj for the patch
- fixed a race condition that could lead to a rsyslogd hang when during
  HUP or termination
- done some doc updates
- added $WorkDirectory config directive
- added $MainMsgQueueFileName config directive
- added $MainMsgQueueMaxFileSize config directive
---------------------------------------------------------------------------
Version 3.10.0 (rgerhards), 2008-01-07
- implemented input module interface and initial input modules
- enhanced threading for input modules (each on its own thread now)
- ability to bind UDP listeners to specific local interfaces/ports and
  ability to run multiple of them concurrently
- added ability to specify listen IP address for UDP syslog server
- license changed to GPLv3
- mark messages are now provided by loadble module immark
- rklogd is no longer provided. Its functionality has now been taken over
  by imklog, a loadable input module. This offers a much better integration
  into rsyslogd and makes sure that the kernel logger process is brought
  up and down at the appropriate times
- enhanced $IncludeConfig directive to support wildcard characters
  (thanks to Michael Biebl)
- all inputs are now implemented as loadable plugins
- enhanced threading model: each input module now runs on its own thread
- enhanced message queue which now supports different queueing methods
  (among others, this can be used for performance fine-tuning)
- added a large number of new configuration directives for the new
  input modules
- enhanced multi-threading utilizing a worker thread pool for the
  main message queue
- compilation without pthreads is no longer supported
- much cleaner code due to new objects and removal of single-threading
  mode
---------------------------------------------------------------------------
Version 2.0.8 V2-STABLE (rgerhards), 2008-??-??
- bugfix: ompgsql did not detect problems in sql command execution
  this could cause loss of messages. The handling was correct if the
  connection broke, but not if there was a problem with statement
  execution. The most probable case for such a case would be invalid
  sql inside the template, and this is now much easier to diagnose.
- doc bugfix: default for $DirCreateMode incorrectly stated
---------------------------------------------------------------------------
Version 2.0.7 V2-STABLE (rgerhards), 2008-04-14
- bugfix: the default for $DirCreateMode was 0644, and as such wrong.
  It has now been changed to 0700. For some background, please see
  http://lists.adiscon.net/pipermail/rsyslog/2009-April/001986.html
- bugfix: "$CreateDirs off" also disabled file creation
  Thanks to William Tisater for analyzing this bug and providing a patch.
  The actual code change is heavily based on William's patch.
- bugfix: memory leak in ompgsql
  Thanks to Ken for providing the patch
- bugfix: potential memory leak in msg.c
  This one did not surface yet and the issue was actually found due to
  a problem in v4 - but better fix it here, too
---------------------------------------------------------------------------
Version 2.0.6 V2-STABLE (rgerhards), 2008-08-07
- bugfix: memory leaks in rsyslogd, primarily in singlethread mode
  Thanks to Frederico Nunez for providing the fix
- bugfix: copy&paste error lead to dangling if - this caused a very minor
  issue with re-formatting a RFC3164 date when the message was invalidly
  formatted and had a colon immediately after the date. This was in the
  code for some years (even v1 had it) and I think it never had any
  effect at all in practice. Though, it should be fixed - but definitely
  nothing to worry about.
---------------------------------------------------------------------------
Version 2.0.6 V2-STABLE (rgerhards), 2008-08-07
- bugfix: IPv6 addresses could not be specified in forwarding actions
  New syntax @[addr]:port introduced to enable that. Root problem was IPv6
  addresses contain colons. (backport from 3.21.3)
---------------------------------------------------------------------------
Version 2.0.5 STABLE (rgerhards), 2008-05-15
- bugfix: regular expressions inside property replacer did not work
  properly
- adapted to liblogging 0.7.1+
---------------------------------------------------------------------------
Version 2.0.4 STABLE (rgerhards), 2008-03-27
- bugfix: internally generated messages had "FROMHOST" property not set
- bugfix: continue parsing if tag is oversize (discard oversize part) - thanks
  to mclaughlin77@gmail.com for the patch
- added $HHOUR and $QHOUR system properties - can be used for half- and
  quarter-hour logfile rotation
---------------------------------------------------------------------------
Version 2.0.3 STABLE (rgerhards), 2008-03-12
- bugfix: setting for $EscapeCopntrolCharactersOnReceive was not 
  properly initialized
- bugfix: resolved potential segfault condition on HUP (extremely
  unlikely to happen in practice), for details see tracker:
  http://bugzilla.adiscon.com/show_bug.cgi?id=38
- improved the man pages a bit - thanks to Michael Biebl for the patch
- bugfix: not properly initialized data could cause several segfaults if
  there were errors in the config file - thanks to varmojfekoj for the patch
---------------------------------------------------------------------------
Version 2.0.2 STABLE (rgerhards), 2008-02-12
- fixed a bug that could cause invalid string handling via strerror_r
  varmojfekoj provided the patch - many thanks!
- added x-info field to rsyslogd startup/shutdown message. Hopefully
  points users to right location for further info (many don't even know
  they run rsyslog ;))
- bugfix: suspended actions were not always properly resumed
  varmojfekoj provided the patch - many thanks!
- bugfix: errno could be changed during mark processing, leading to
  invalid error messages when processing inputs. Thank to varmojfekoj for
  pointing out this problem.
- bugfix: trailing ":" of tag was lost while parsing legacy syslog messages
  without timestamp - thanks to Anders Blomdell for providing a patch!
- bugfix (doc): misspelled config directive, invalid signal info
- applied some doc fixes from Michel Biebl and cleaned up some no longer
  needed files suggested by him
- cleaned up stringbuf.c to fix an annoyance reported by Anders Blomdell
- fixed bug that caused invalid treatment of tabs (HT) in rsyslog.conf
---------------------------------------------------------------------------
Version 2.0.1 STABLE (rgerhards), 2008-01-24
- fixed a bug in integer conversion - but this function was never called,
  so it is not really a useful bug fix ;)
- fixed a bug with standard template definitions (not a big deal) - thanks
  to varmojfekoj for spotting it
- fixed a bug that caused a potential hang in file and fwd output module
  varmojfekoj provided the patch - many thanks!
---------------------------------------------------------------------------
Version 2.0.0 STABLE (rgerhards), 2008-01-02
- re-release of 1.21.2 as STABLE with no modifications except some
  doc updates
---------------------------------------------------------------------------
Version 1.21.2 (rgerhards), 2007-12-28
- created a gss-api output module. This keeps GSS-API code and
  TCP/UDP code separated. It is also important for forward-
  compatibility with v3. Please note that this change breaks compatibility
  with config files created for 1.21.0 and 1.21.1 - this was considered
  acceptable.
- fixed an error in forwarding retry code (could lead to message corruption
  but surfaced very seldom)
- increased portability for older platforms (AI_NUMERICSERV moved)
- removed socket leak in omfwd.c
- cross-platform patch for GSS-API compile problem on some platforms
  thanks to darix for the patch!
---------------------------------------------------------------------------
Version 1.21.1 (rgerhards), 2007-12-23
- small doc fix for $IncludeConfig
- fixed a bug in llDestroy()
- bugfix: fixing memory leak when message queue is full and during
  parsing. Thanks to varmojfekoj for the patch.
- bugfix: when compiled without network support, unix sockets were
  not properply closed
- bugfix: memory leak in cfsysline.c/doGetWord() fixed
---------------------------------------------------------------------------
Version 1.21.0 (rgerhards), 2007-12-19
- GSS-API support for syslog/TCP connections was added. Thanks to
  varmojfekoj for providing the patch with this functionality
- code cleanup
- enhanced $IncludeConfig directive to support wildcard filenames
- changed some multithreading synchronization
---------------------------------------------------------------------------
Version 1.20.1 (rgerhards), 2007-12-12
- corrected a debug setting that survived release. Caused TCP connections
  to be retried unnecessarily often.
- When a hostname ACL was provided and DNS resolution for that name failed,
  ACL processing was stopped at that point. Thanks to mildew for the patch.
  Fedora Bugzilla: http://bugzilla.redhat.com/show_bug.cgi?id=395911
- fixed a potential race condition, see link for details:
  http://rgerhards.blogspot.com/2007/12/rsyslog-race-condition.html
  Note that the probability of problems from this bug was very remote
- fixed a memory leak that happend when PostgreSQL date formats were
  used
---------------------------------------------------------------------------
Version 1.20.0 (rgerhards), 2007-12-07
- an output module for postgres databases has been added. Thanks to
  sur5r for contributing this code
- unloading dynamic modules has been cleaned up, we now have a
  real implementation and not just a dummy "good enough for the time
  being".
- enhanced platform independence - thanks to Bartosz Kuzma and Michael
  Biebl for their very useful contributions
- some general code cleanup (including warnings on 64 platforms, only)
---------------------------------------------------------------------------
Version 1.19.12 (rgerhards), 2007-12-03
- cleaned up the build system (thanks to Michael Biebl for the patch)
- fixed a bug where ommysql was still not compiled with -pthread option
---------------------------------------------------------------------------
Version 1.19.11 (rgerhards), 2007-11-29
- applied -pthread option to build when building for multi-threading mode
  hopefully solves an issue with segfaulting
---------------------------------------------------------------------------
Version 1.19.10 (rgerhards), 2007-10-19
- introdcued the new ":modulename:" syntax for calling module actions
  in selector lines; modified ommysql to support it. This is primarily
  an aid for further modules and a prequisite to actually allow third
  party modules to be created.
- minor fix in slackware startup script, "-r 0" is now "-r0"
- updated rsyslogd doc set man page; now in html format
- undid creation of a separate thread for the main loop -- this did not
  turn out to be needed or useful, so reduce complexity once again.
- added doc fixes provided by Michael Biebl - thanks
---------------------------------------------------------------------------
Version 1.19.9 (rgerhards), 2007-10-12
- now packaging system which again contains all components in a single
  tarball
- modularized main() a bit more, resulting in less complex code
- experimentally added an additional thread - will see if that affects
  the segfault bug we experience on some platforms. Note that this change
  is scheduled to be removed again later.
---------------------------------------------------------------------------
Version 1.19.8 (rgerhards), 2007-09-27
- improved repeated message processing
- applied patch provided by varmojfekoj to support building ommysql
  in its own way (now also resides in a plugin subdirectory);
  ommysql is now a separate package
- fixed a bug in cvthname() that lead to message loss if part
  of the source hostname would have been dropped
- created some support for distributing ommysql together with the
  main rsyslog package. I need to re-think it in the future, but
  for the time being the current mode is best. I now simply include
  one additional tarball for ommysql inside the main distribution.
  I look forward to user feedback on how this should be done best. In the
  long term, a separate project should be spawend for ommysql, but I'd
  like to do that only after the plugin interface is fully stable (what
  it is not yet).
---------------------------------------------------------------------------
Version 1.19.7 (rgerhards), 2007-09-25
- added code to handle situations where senders send us messages ending with
  a NUL character. It is now simply removed. This also caused trailing LF
  reduction to fail, when it was followed by such a NUL. This is now also
  handled.
- replaced some non-thread-safe function calls by their thread-safe
  counterparts
- fixed a minor memory leak that occured when the %APPNAME% property was
  used (I think nobody used that in practice)
- fixed a bug that caused signal handlers in cvthname() not to be restored when
  a malicious pointer record was detected and processing of the message been
  stopped for that reason (this should be really rare and can not be related
  to the segfault bug we are hunting).
- fixed a bug in cvthname that lead to passing a wrong parameter - in
  practice, this had no impact.
- general code cleanup (e.g. compiler warnings, comments)
---------------------------------------------------------------------------
Version 1.19.6 (rgerhards), 2007-09-11
- applied patch by varmojfekoj to change signal handling to the new
  sigaction API set (replacing the depreciated signal() calls and its
  friends.
- fixed a bug that in --enable-debug mode caused an assertion when the
  discard action was used
- cleaned up compiler warnings
- applied patch by varmojfekoj to FIX a bug that could cause 
  segfaults if empty properties were processed using modifying
  options (e.g. space-cc, drop-cc)
- fixed man bug: rsyslogd supports -l option
---------------------------------------------------------------------------
Version 1.19.5 (rgerhards), 2007-09-07
- changed part of the CStr interface so that better error tracking
  is provided and the calling sequence is more intuitive (there were
  invalid calls based on a too-weired interface)
- (hopefully) fixed some remaining bugs rooted in wrong use of 
  the CStr class. These could lead to program abort.
- applied patch by varmojfekoj two fix two potential segfault situations
- added $ModDir config directive
- modified $ModLoad so that an absolute path may be specified as
  module name (e.g. /rsyslog/ommysql.so)
---------------------------------------------------------------------------
Version 1.19.4 (rgerhards/varmojfekoj), 2007-09-04
- fixed a number of small memory leaks - thanks varmojfekoj for patching
- fixed an issue with CString class that could lead to rsyslog abort
  in tplToString() - thanks varmojfekoj for patching
- added a man-version of the config file documenation - thanks to Michel
  Samia for providing the man file
- fixed bug: a template like this causes an infinite loop:
  $template opts,"%programname:::a,b%"
  thanks varmojfekoj for the patch
- fixed bug: case changing options crash freeing the string pointer
  because they modify it: $template opts2,"%programname::1:lowercase%"
  thanks varmojfekoj for the patch
---------------------------------------------------------------------------
Version 1.19.3 (mmeckelein/varmojfekoj), 2007-08-31
- small mem leak fixed (after calling parseSelectorAct) - Thx varmojkekoj
- documentation section "Regular File" und "Blocks" updated
- solved an issue with dynamic file generation - Once again many thanks
  to varmojfekoj
- the negative selector for program name filter (Blocks) does not work as
  expected - Thanks varmojfekoj for patching
- added forwarding information to sysklogd (requires special template)
  to config doc
---------------------------------------------------------------------------
Version 1.19.2 (mmeckelein/varmojfekoj), 2007-08-28
- a specifically formed message caused a segfault - Many thanks varmojfekoj
  for providing a patch
- a typo and a weird condition are fixed in msg.c - Thanks again
  varmojfekoj 
- on file creation the file was always owned by root:root. This is fixed
  now - Thanks ypsa for solving this issue
---------------------------------------------------------------------------
Version 1.19.1 (mmeckelein), 2007-08-22
- a bug that caused a high load when a TCP/UDP connection was closed is 
  fixed now - Thanks mildew for solving this issue
- fixed a bug which caused a segfault on reinit - Thx varmojfekoj for the
  patch
- changed the hardcoded module path "/lib/rsyslog" to $(pkglibdir) in order
  to avoid trouble e.g. on 64 bit platforms (/lib64) - many thanks Peter
  Vrabec and darix, both provided a patch for solving this issue
- enhanced the unloading of modules - thanks again varmojfekoj
- applied a patch from varmojfekoj which fixes various little things in
  MySQL output module
---------------------------------------------------------------------------
Version 1.19.0 (varmojfekoj/rgerhards), 2007-08-16
- integrated patch from varmojfekoj to make the mysql module a loadable one
  many thanks for the patch, MUCH appreciated
---------------------------------------------------------------------------
Version 1.18.2 (rgerhards), 2007-08-13
- fixed a bug in outchannel code that caused templates to be incorrectly
  parsed
- fixed a bug in ommysql that caused a wrong ";template" missing message
- added some code for unloading modules; not yet fully complete (and we do
  not yet have loadable modules, so this is no problem)
- removed debian subdirectory by request of a debian packager (this is a special
  subdir for debian and there is also no point in maintaining it when there
  is a debian package available - so I gladly did this) in some cases
- improved overall doc quality (some pages were quite old) and linked to
  more of the online resources.
- improved /contrib/delete_mysql script by adding a host option and some
  other minor modifications
---------------------------------------------------------------------------
Version 1.18.1 (rgerhards), 2007-08-08
- applied a patch from varmojfekoj which solved a potential segfault
  of rsyslogd on HUP
- applied patch from Michel Samia to fix compilation when the pthreads
  feature is disabled
- some code cleanup (moved action object to its own file set)
- add config directive $MainMsgQueueSize, which now allows to configure the
  queue size dynamically
- all compile-time settings are now shown in rsyslogd -v, not just the
  active ones
- enhanced performance a little bit more
- added config file directive $ActionResumeInterval
- fixed a bug that prevented compilation under debian sid
- added a contrib directory for user-contributed useful things
---------------------------------------------------------------------------
Version 1.18.0 (rgerhards), 2007-08-03
- rsyslog now supports fallback actions when an action did not work. This
  is a great feature e.g. for backup database servers or backup syslog
  servers
- modified rklogd to only change the console log level if -c is specified
- added feature to use multiple actions inside a single selector
- implemented $ActionExecOnlyWhenPreviousIsSuspended config directive
- error messages during startup are now spit out to the configured log
  destinations
---------------------------------------------------------------------------
Version 1.17.6 (rgerhards), 2007-08-01
- continued to work on output module modularization - basic stage of
  this work is now FINISHED
- fixed bug in OMSRcreate() - always returned SR_RET_OK
- fixed a bug that caused ommysql to always complain about missing
  templates
- fixed a mem leak in OMSRdestruct - freeing the object itself was
  forgotten - thanks to varmojfekoj for the patch
- fixed a memory leak in syslogd/init() that happend when the config
  file could not be read - thanks to varmojfekoj for the patch
- fixed insufficient memory allocation in addAction() and its helpers.
  The initial fix and idea was developed by mildew, I fine-tuned
  it a bit. Thanks a lot for the fix, I'd probably had pulled out my
  hair to find the bug...
- added output of config file line number when a parsing error occured
- fixed bug in objomsr.c that caused program to abort in debug mode with
  an invalid assertion (in some cases)
- fixed a typo that caused the default template for MySQL to be wrong.
  thanks to mildew for catching this.
- added configuration file command $DebugPrintModuleList and
  $DebugPrintCfSysLineHandlerList
- fixed an invalid value for the MARK timer - unfortunately, there was
  a testing aid left in place. This resulted in quite frequent MARK messages
- added $IncludeConfig config directive
- applied a patch from mildew to prevent rsyslogd from freezing under heavy
  load. This could happen when the queue was full. Now, we drop messages
  but rsyslogd remains active.
---------------------------------------------------------------------------
Version 1.17.5 (rgerhards), 2007-07-30
- continued to work on output module modularization
- fixed a missing file bug - thanks to Andrea Montanari for reporting
  this problem
- fixed a problem with shutting down the worker thread and freeing the
  selector_t list - this caused messages to be lost, because the
  message queue was not properly drained before the selectors got
  destroyed.
---------------------------------------------------------------------------
Version 1.17.4 (rgerhards), 2007-07-27
- continued to work on output module modularization
- fixed a situation where rsyslogd could create zombie processes
  thanks to mildew for the patch
- applied patch from Michel Samia to fix compilation when NOT
  compiled for pthreads
---------------------------------------------------------------------------
Version 1.17.3 (rgerhards), 2007-07-25
- continued working on output module modularization
- fixed a bug that caused rsyslogd to segfault on exit (and
  probably also on HUP), when there was an unsent message in a selector
  that required forwarding and the dns lookup failed for that selector
  (yes, it was pretty unlikely to happen;))
  thanks to varmojfekoj <varmojfekoj@gmail.com> for the patch
- fixed a memory leak in config file parsing and die()
  thanks to varmojfekoj <varmojfekoj@gmail.com> for the patch
- rsyslogd now checks on startup if it is capable to performa any work
  at all. If it cant, it complains and terminates
  thanks to Michel Samia for providing the patch!
- fixed a small memory leak when HUPing syslogd. The allowed sender
  list now gets freed. thanks to mildew for the patch.
- changed the way error messages in early startup are logged. They
  now do no longer use the syslogd code directly but are rather
  send to stderr.
---------------------------------------------------------------------------
Version 1.17.2 (rgerhards), 2007-07-23
- made the port part of the -r option optional. Needed for backward
  compatibility with sysklogd
- replaced system() calls with something more reasonable. Please note that
  this might break compatibility with some existing configuration files.
  We accept this in favour of the gained security.
- removed a memory leak that could occur if timegenerated was used in
  RFC 3164 format in templates
- did some preparation in msg.c for advanced multithreading - placed the
  hooks, but not yet any active code
- worked further on modularization
- added $ModLoad MySQL (dummy) config directive
- added DropTrailingLFOnReception config directive
---------------------------------------------------------------------------
Version 1.17.1 (rgerhards), 2007-07-20
- fixed a bug that caused make install to install rsyslogd and rklogd under
  the wrong names
- fixed bug that caused $AllowedSenders to handle IPv6 scopes incorrectly;
  also fixed but that could grabble $AllowedSender wildcards. Thanks to
  mildew@gmail.com for the patch
- minor code cleanup - thanks to Peter Vrabec for the patch
- fixed minimal memory leak on HUP (caused by templates)
  thanks to varmojfekoj <varmojfekoj@gmail.com> for the patch
- fixed another memory leak on HUPing and on exiting rsyslogd
  again thanks to varmojfekoj <varmojfekoj@gmail.com> for the patch
- code cleanup (removed compiler warnings)
- fixed portability bug in configure.ac - thanks to Bartosz Kuźma for patch
- moved msg object into its own file set
- added the capability to continue trying to write log files when the
  file system is full. Functionality based on patch by Martin Schulze
  to sysklogd package.
---------------------------------------------------------------------------
Version 1.17.0 (RGer), 2007-07-17
- added $RepeatedLineReduction config parameter
- added $EscapeControlCharactersOnReceive config parameter
- added $ControlCharacterEscapePrefix config parameter
- added $DirCreateMode config parameter
- added $CreateDirs config parameter
- added $DebugPrintTemplateList config parameter
- added $ResetConfigVariables config parameter
- added $FileOwner config parameter
- added $FileGroup config parameter
- added $DirOwner config parameter
- added $DirGroup config parameter
- added $FailOnChownFailure config parameter
- added regular expression support to the filter engine
  thanks to Michel Samia for providing the patch!
- enhanced $AllowedSender functionality. Credits to mildew@gmail.com for
  the patch doing that
  - added IPv6 support
  - allowed DNS hostnames
  - allowed DNS wildcard names
- added new option $DropMsgsWithMaliciousDnsPTRRecords
- added autoconf so that rfc3195d, rsyslogd and klogd are stored to /sbin
- added capability to auto-create directories with dynaFiles
---------------------------------------------------------------------------
Version 1.16.0 (RGer/Peter Vrabec), 2007-07-13 - The Friday, 13th Release ;)
- build system switched to autotools
- removed SYSV preprocessor macro use, replaced with autotools equivalents
- fixed a bug that caused rsyslogd to segfault when TCP listening was
  disabled and it terminated
- added new properties "syslogfacility-text" and "syslogseverity-text"
  thanks to varmojfekoj <varmojfekoj@gmail.com> for the patch
- added the -x option to disable hostname dns reslution
  thanks to varmojfekoj <varmojfekoj@gmail.com> for the patch
- begun to better modularize syslogd.c - this is an ongoing project; moved
  type definitions to a separate file
- removed some now-unused fields from struct filed
- move file size limit fields in struct field to the "right spot" (the file
  writing part of the union - f_un.f_file)
- subdirectories linux and solaris are no longer part of the distribution
  package. This is not because we cease support for them, but there are no
  longer any files in them after the move to autotools
---------------------------------------------------------------------------
Version 1.15.1 (RGer), 2007-07-10
- fixed a bug that caused a dynaFile selector to stall when there was
  an open error with one file 
- improved template processing for dynaFiles; templates are now only
  looked up during initialization - speeds up processing
- optimized memory layout in struct filed when compiled with MySQL
  support
- fixed a bug that caused compilation without SYSLOG_INET to fail
- re-enabled the "last message repeated n times" feature. This
  feature was not taken care of while rsyslogd evolved from sysklogd
  and it was more or less defunct. Now it is fully functional again.
- added system properties: $NOW, $YEAR, $MONTH, $DAY, $HOUR, $MINUTE
- fixed a bug in iovAsString() that caused a memory leak under stress
  conditions (most probably memory shortage). This was unlikely to
  ever happen, but it doesn't hurt doing it right
- cosmetic: defined type "uchar", change all unsigned chars to uchar
---------------------------------------------------------------------------
Version 1.15.0 (RGer), 2007-07-05
- added ability to dynamically generate file names based on templates
  and thus properties. This was a much-requested feature. It makes
  life easy when it e.g. comes to splitting files based on the sender
  address.
- added $umask and $FileCreateMode config file directives
- applied a patch from Bartosz Kuzma to compile cleanly under NetBSD
- checks for extra (unexpected) characters in system config file lines
  have been added
- added IPv6 documentation - was accidently missing from CVS
- begun to change char to unsigned char
---------------------------------------------------------------------------
Version 1.14.2 (RGer), 2007-07-03
** this release fixes all known nits with IPv6 **
- restored capability to do /etc/service lookup for "syslog"
  service when -r 0 was given
- documented IPv6 handling of syslog messages
- integrate patch from Bartosz Kuźma to make rsyslog compile under
  Solaris again (the patch replaced a strndup() call, which is not
  available under Solaris
- improved debug logging when waiting on select
- updated rsyslogd man page with new options (-46A)
---------------------------------------------------------------------------
Version 1.14.1 (RGer/Peter Vrabec), 2007-06-29
- added Peter Vrabec's patch for IPv6 TCP
- prefixed all messages send to stderr in rsyslogd with "rsyslogd: "
---------------------------------------------------------------------------
Version 1.14.0 (RGer/Peter Vrabec), 2007-06-28
- Peter Vrabec provided IPv6 for rsyslog, so we are now IPv6 enabled
  IPv6 Support is currently for UDP only, TCP is to come soon.
  AllowedSender configuration does not yet work for IPv6.
- fixed code in iovCreate() that broke C's strict aliasing rules 
- fixed some char/unsigned char differences that forced the compiler
  to spit out warning messages
- updated the Red Hat init script to fix a known issue (thanks to
  Peter Vrabec)
---------------------------------------------------------------------------
Version 1.13.5 (RGer), 2007-06-22
- made the TCP session limit configurable via command line switch
  now -t <port>,<max sessions>
- added man page for rklogd(8) (basically a copy from klogd, but now
  there is one...)
- fixed a bug that caused internal messages (e.g. rsyslogd startup) to
  appear without a tag.
- removed a minor memory leak that occurred when TAG processing requalified
  a HOSTNAME to be a TAG (and a TAG already was set).
- removed potential small memory leaks in MsgSet***() functions. There
  would be a leak if a property was re-set, something that happened
  extremely seldom.
---------------------------------------------------------------------------
Version 1.13.4 (RGer), 2007-06-18
- added a new property "PRI-text", which holds the PRI field in
  textual form (e.g. "syslog.info")
- added alias "syslogseverity" for "syslogpriority", which is a
  misleading property name that needs to stay for historical
  reasons (and backward-compatility)
- added doc on how to record PRI value in log file
- enhanced signal handling in klogd, including removal of an unsafe
  call to the logging system during signal handling
---------------------------------------------------------------------------
Version 1.13.3 (RGer), 2007-06-15
- create a version of syslog.c from scratch. This is now
  - highly optimized for rsyslog
  - removes an incompatible license problem as the original
    version had a BSD license with advertising clause
  - fixed in the regard that rklogd will continue to work when
    rsysogd has been restarted (the original version, as well
    as sysklogd, will remain silent then)
  - solved an issue with an extra NUL char at message end that the
    original version had
- applied some changes to klogd to care for the new interface
- fixed a bug in syslogd.c which prevented compiling under debian
---------------------------------------------------------------------------
Version 1.13.2 (RGer), 2007-06-13
- lib order in makefile patched to facilitate static linking - thanks
  to Bennett Todd for providing the patch
- Integrated a patch from Peter Vrabec (pvrabec@redheat.com):
  - added klogd under the name of rklogd (remove dependency on
    original sysklogd package
  - createDB.sql now in UTF
  - added additional config files for use on Red Hat
---------------------------------------------------------------------------
Version 1.13.1 (RGer), 2007-02-05
- changed the listen backlog limit to a more reasonable value based on
  the maximum number of TCP connections configurd (10% + 5) - thanks to Guy
  Standen for the hint (actually, the limit was 5 and that was a 
  left-over from early testing).
- fixed a bug in makefile which caused DB-support to be disabled when
  NETZIP support was enabled
- added the -e option to allow transmission of every message to remote
  hosts (effectively turns off duplicate message suppression)
- (somewhat) improved memory consumption when compiled with MySQL support
- looks like we fixed an incompatibility with MySQL 5.x and above software
  At least in one case, the remote server name was destroyed, leading to 
  a connection failure. The new, improved code does not have this issue and
  so we see this as solved (the new code is generally somewhat better, so
  there is a good chance we fixed this incompatibility).
---------------------------------------------------------------------------
Version 1.13.0 (RGer), 2006-12-19
- added '$' as ToPos proptery replacer specifier - means "up to the
  end of the string"
- property replacer option "escape-cc", "drop-cc" and "space-cc"  added
- changed the handling of \0 characters inside syslog messages. We now
  consistently escape them to "#000". This is somewhat recommended in
  the draft-ietf-syslog-protocol-19 draft. While the real recomendation
  is to not escape any characters at all, we can not do this without
  considerable modification of the code. So we escape it to "#000", which
  is consistent with a sample found in the Internet-draft.
- removed message glue logic (see printchopped() comment for details)
  Also caused removal of parts table and thus some improvements in
  memory usage.
- changed the default MAXLINE to 2048 to take care of recent syslog
  standardization efforts (can easily be changed in syslogd.c)
- added support for byte-counted TCP syslog messages (much like
  syslog-transport-tls-05 Internet Draft). This was necessary to
  support compression over TCP.
- added support for receiving compressed syslog messages
- added support for sending compressed syslog messages
- fixed a bug where the last message in a syslog/tcp stream was
  lost if it was not properly terminated by a LF character
---------------------------------------------------------------------------
Version 1.12.3 (RGer), 2006-10-04
- implemented some changes to support Solaris (but support is not
  yet complete)
- commented out (via #if 0) some methods that are currently not being use
  but should be kept for further us
- added (interim) -u 1 option to turn off hostname and tag parsing
- done some modifications to better support Fedora
- made the field delimiter inside property replace configurable via
  template
- fixed a bug in property replacer: if fields were used, the delimitor
  became part of the field. Up until now, this was barely noticable as 
  the delimiter as TAB only and thus invisible to a human. With other
  delimiters available now, it quickly showed up. This bug fix might cause
  some grief to existing installations if they used the extra TAB for
  whatever reasons - sorry folks... Anyhow, a solution is easy: just add
  a TAB character contstant into your template. Thus, there has no attempt
  been made to do this in a backwards-compatible way.
---------------------------------------------------------------------------
Version 1.12.2 (RGer), 2006-02-15
- fixed a bug in the RFC 3339 date formatter. An extra space was added
  after the actual timestamp
- added support for providing high-precision RFC3339 timestamps for
  (rsyslogd-)internally-generated messages
- very (!) experimental support for syslog-protocol internet draft
  added (the draft is experimental, the code is solid ;))
- added support for field-extracting in the property replacer
- enhanced the legacy-syslog parser so that it can interpret messages
  that do not contain a TIMESTAMP
- fixed a bug that caused the default socket (usually /dev/log) to be
  opened even when -o command line option was given
- fixed a bug in the Debian sample startup script - it caused rsyslogd
  to listen to remote requests, which it shouldn't by default
---------------------------------------------------------------------------
Version 1.12.1 (RGer), 2005-11-23
- made multithreading work with BSD. Some signal-handling needed to be
  restructured. Also, there might be a slight delay of up to 10 seconds
  when huping and terminating rsyslogd under BSD
- fixed a bug where a NULL-pointer was passed to printf() in logmsg().
- fixed a bug during "make install" where rc3195d was not installed
  Thanks to Bennett Todd for spotting this.
- fixed a bug where rsyslogd dumped core when no TAG was found in the
  received message
- enhanced message parser so that it can deal with missing hostnames
  in many cases (may not be totally fail-safe)
- fixed a bug where internally-generated messages did not have the correct
  TAG
---------------------------------------------------------------------------
Version 1.12.0 (RGer), 2005-10-26
- moved to a multi-threaded design. single-threading is still optionally
  available. Multi-threading is experimental!
- fixed a potential race condition. In the original code, marking was done
  by an alarm handler, which could lead to all sorts of bad things. This
  has been changed now. See comments in syslogd.c/domark() for details.
- improved debug output for property-based filters
- not a code change, but: I have checked all exit()s to make sure that
  none occurs once rsyslogd has started up. Even in unusual conditions
  (like low-memory conditions) rsyslogd somehow remains active. Of course,
  it might loose a message or two, but at least it does not abort and it
  can also recover when the condition no longer persists.
- fixed a bug that could cause loss of the last message received
  immediately before rsyslogd was terminated.
- added comments on thread-safety of global variables in syslogd.c
- fixed a small bug: spurios printf() when TCP syslog was used
- fixed a bug that causes rsyslogd to dump core on termination when one
  of the selector lines did not receive a message during the run (very
  unlikely)
- fixed an one-too-low memory allocation in the TCP sender. Could result
  in rsyslogd dumping core.
- fixed a bug with regular expression support (thanks to Andres Riancho)
- a little bit of code restructuring (especially main(), which was
  horribly large)
---------------------------------------------------------------------------
Version 1.11.1 (RGer), 2005-10-19
- support for BSD-style program name and host blocks
- added a new property "programname" that can be used in templates
- added ability to specify listen port for rfc3195d
- fixed a bug that rendered the "startswith" comparison operation
  unusable.
- changed more functions to "static" storage class to help compiler
  optimize (should have been static in the first place...)
- fixed a potential memory leak in the string buffer class destructor.
  As the destructur was previously never called, the leak did not actually
  appear.
- some internal restructuring in anticipation/preparation of minimal
  multi-threading support
- rsyslogd still shares some code with the sysklogd project. Some patches
  for this shared code have been brought over from the sysklogd CVS.
---------------------------------------------------------------------------
Version 1.11.0 (RGer), 2005-10-12
- support for receiving messages via RFC 3195; added rfc3195d for that
  purpose
- added an additional guard to prevent rsyslogd from aborting when the
  2gb file size limit is hit. While a user can configure rsyslogd to
  handle such situations, it would abort if that was not done AND large
  file support was not enabled (ok, this is hopefully an unlikely scenario)
- fixed a bug that caused additional Unix domain sockets to be incorrectly
  processed - could lead to message loss in extreme cases
---------------------------------------------------------------------------
Version 1.10.2 (RGer), 2005-09-27
- added comparison operations in property-based filters:
  * isequal
  * startswith
- added ability to negate all property-based filter comparison operations
  by adding a !-sign right in front of the operation name
- added the ability to specify remote senders for UDP and TCP
  received messages. Allows to block all but well-known hosts
- changed the $-config line directives to be case-INsensitive
- new command line option -w added: "do not display warnings if messages
  from disallowed senders are received"
- fixed a bug that caused rsyslogd to dump core when the compare value
  was not quoted in property-based filters
- fixed a bug in the new CStr compare function which lead to invalid
  results (fortunately, this function was not yet used widely)
- added better support for "debugging" rsyslog.conf property filters
  (only if -d switch is given)
- changed some function definitions to static, which eventually enables
  some compiler optimizations
- fixed a bug in MySQL code; when a SQL error occured, rsyslogd could
  run in a tight loop. This was due to invalid sequence of error reporting
  and is now fixed.
---------------------------------------------------------------------------
Version 1.10.1 (RGer), 2005-09-23
- added the ability to execute a shell script as an action.
  Thanks to Bjoern Kalkbrenner for providing the code!
- fixed a bug in the MySQL code; due to the bug the automatic one-time
  retry after an error did not happen - this lead to error message in
  cases where none should be seen (e.g. after a MySQL restart)
- fixed a security issue with SQL-escaping in conjunction with
  non-(SQL-)standard MySQL features.
---------------------------------------------------------------------------
Version 1.10.0 (RGer), 2005-09-20
  REMINDER: 1.10 is the first unstable version if the 1.x series!
- added the capability to filter on any property in selector lines
  (not just facility and priority)
- changed stringbuf into a new counted string class
- added support for a "discard" action. If a selector line with
  discard (~ character) is found, no selector lines *after* that
  line will be processed.
- thanks to Andres Riancho, regular expression support has been
  added to the template engine
- added the FROMHOST property in the template processor, which could
  previously not be obtained. Thanks to Cristian Testa for pointing
  this out and even providing a fix.
- added display of compile-time options to -v output
- performance improvement for production build - made some checks
  to happen only during debug mode
- fixed a problem with compiling on SUSE and - while doing so - removed
  the socket call to set SO_BSDCOMPAT in cases where it is obsolete.
---------------------------------------------------------------------------
Version 1.0.4 (RGer), 2006-02-01
- a small but important fix: the tcp receiver had two forgotten printf's
  in it that caused a lot of unnecessary output to stdout. This was
  important enough to justify a new release
---------------------------------------------------------------------------
Version 1.0.3 (RGer), 2005-11-14
- added an additional guard to prevent rsyslogd from aborting when the
  2gb file size limit is hit. While a user can configure rsyslogd to
  handle such situations, it would abort if that was not done AND large
  file support was not enabled (ok, this is hopefully an unlikely scenario)
- fixed a bug that caused additional Unix domain sockets to be incorrectly
  processed - could lead to message loss in extreme cases
- applied some patches available from the sysklogd project to code
  shared from there
- fixed a bug that causes rsyslogd to dump core on termination when one
  of the selector lines did not receive a message during the run (very
  unlikely)
- fixed an one-too-low memory allocation in the TCP sender. Could result
  in rsyslogd dumping core.
- fixed a bug in the TCP sender that caused the retry logic to fail
  after an error or receiver overrun
- fixed a bug in init() that could lead to dumping core
- fixed a bug that could lead to dumping core when no HOSTNAME or no TAG
  was present in the syslog message
---------------------------------------------------------------------------
Version 1.0.2 (RGer), 2005-10-05
- fixed an issue with MySQL error reporting. When an error occured,
  the MySQL driver went into an endless loop (at least in most cases).
---------------------------------------------------------------------------
Version 1.0.1 (RGer), 2005-09-23
- fixed a security issue with SQL-escaping in conjunction with
  non-(SQL-)standard MySQL features.
---------------------------------------------------------------------------
Version 1.0.0 (RGer), 2005-09-12
- changed install doc to cover daily cron scripts - a trouble source
- added rc script for slackware (provided by Chris Elvidge - thanks!) 
- fixed a really minor bug in usage() - the -r option was still
  reported as without the port parameter
---------------------------------------------------------------------------
Version 0.9.8 (RGer), 2005-09-05
- made startup and shutdown message more consistent and included the
  pid, so that they can be easier correlated. Used syslog-protocol
  structured data format for this purpose.
- improved config info in startup message, now tells not only
  if it is listening remote on udp, but also for tcp. Also includes
  the port numbers. The previous startup message was misleading, because
  it did not say "remote reception" if rsyslogd was only listening via
  tcp (but not via udp).
- added a "how can you help" document to the doc set
---------------------------------------------------------------------------
Version 0.9.7 (RGer), 2005-08-15
- some of the previous doc files (like INSTALL) did not properly
  reflect the changes to the build process and the new doc. Fixed
  that.
- changed syslogd.c so that when compiled without database support,
  an error message is displayed when a database action is detected
  in the config file (previously this was used as an user rule ;))
- fixed a bug in the os-specific Makefiles which caused MySQL
  support to not be compiled, even if selected
---------------------------------------------------------------------------
Version 0.9.6 (RGer), 2005-08-09
- greatly enhanced documentation. Now available in html format in
  the "doc" folder and FreeBSD. Finally includes an install howto.
- improved MySQL error messages a little - they now show up as log
  messages, too (formerly only in debug mode)
- added the ability to specify the listen port for udp syslog.
  WARNING: This introduces an incompatibility. Formerly, udp
  syslog was enabled by the -r command line option. Now, it is
  "-r [port]", which is consistent with the tcp listener. However,
  just -r will now return an error message.
- added sample startup scripts for Debian and FreeBSD
- added support for easy feature selection in the makefile. Un-
  fortunately, this also means I needed to spilt the make file
  for different OS and distros. There are some really bad syntax
  differences between FreeBSD and Linux make.
---------------------------------------------------------------------------
Version 0.9.5 (RGer), 2005-08-01
- the "semicolon bug" was actually not (fully) solved in 0.9.4. One
  part of the bug was solved, but another still existed. This one
  is fixed now, too.
- the "semicolon bug" actually turned out to be a more generic bug.
  It appeared whenever an invalid template name was given. With some
  selector actions, rsyslogd dumped core, with other it "just" had
  a small ressource leak with others all worked well. These anomalies
  are now fixed. Note that they only appeared during system initaliziation
  once the system was running, nothing bad happened.
- improved error reporting for template errors on startup. They are now
  shown on the console and the start-up tty. Formerly, they were only
  visible in debug mode.
- support for multiple instances of rsyslogd on a single machine added
- added new option "-o" --> omit local unix domain socket. This option
  enables rsyslogd NOT to listen to the local socket. This is most
  helpful when multiple instances of rsyslogd (or rsyslogd and another
  syslogd) shall run on a single system.
- added new option "-i <pidfile>" which allows to specify the pidfile.
  This is needed when multiple instances of rsyslogd are to be run.
- the new project home page is now online at www.rsyslog.com
---------------------------------------------------------------------------
Version 0.9.4 (RGer), 2005-07-25
- finally added the TCP sender. It now supports non-blocking mode, no
  longer disabling message reception during connect. As it is now, it
  is usable in production. The code could be more sophisticated, but
  I've kept it short in anticipation of the move to liblogging, which
  will lead to the removal of the code just written ;)
- the "exiting on signal..." message still had the "syslogd" name in 
  it. Changed this to "rsyslogd", as we do not have a large user base
  yet, this should pose no problem.
- fixed "the semiconlon" bug. rsyslogd dumped core if a write-db action
  was specified but no semicolon was given after the password (an empty
  template was ok, but the semicolon needed to be present).
- changed a default for traditional output format. During testing, it
  was seen that the timestamp written to file in default format was
  the time of message reception, not the time specified in the TIMESTAMP
  field of the message itself. Traditionally, the message TIMESTAMP is
  used and this has been changed now.
---------------------------------------------------------------------------
Version 0.9.3 (RGer), 2005-07-19
- fixed a bug in the message parser. In June, the RFC 3164 timestamp
  was not correctly parsed (yes, only in June and some other months,
  see the code comment to learn why...)
- added the ability to specify the destination port when forwarding
  syslog messages (both for TCP and UDP)
- added an very experimental TCP sender (activated by
  @@machine:port in config). This is not yet for production use. If
  the receiver is not alive, rsyslogd will wait quite some time until
  the connection request times out, which most probably leads to
  loss of incoming messages.

---------------------------------------------------------------------------
Version 0.9.2 (RGer), around 2005-07-06
- I intended to change the maxsupported message size to 32k to
  support IHE - but given the memory inefficiency in the usual use
  cases, I have not done this. I have, however, included very
  specific instructions on how to do this in the source code. I have
  also done some testing with 32k messages, so you can change the
  max size without taking too much risk.
- added a syslog/tcp receiver; we now can receive messages via
  plain tcp, but we can still send only via UDP. The syslog/tcp
  receiver is the primary enhancement of this release.
- slightly changed some error messages that contained a spurios \n at
  the end of the line (which gives empty lines in your log...)

---------------------------------------------------------------------------
Version 0.9.1 (RGer)
- fixed code so that it compiles without errors under FreeBSD
- removed now unused function "allocate_log()" from syslogd.c
- changed the make file so that it contains more defines for
  different environments (in the long term, we need a better
  system for disabling/enabling features...)
- changed some printf's printing off_t types to %lld and
  explicit (long long) casts. I tried to figure out the exact type,
  but did not succeed in this. In the worst case, ultra-large peta-
  byte files will now display funny informational messages on rollover,
  something I think we can live with for the neersion 3.11.2 (rgerhards), 2008-02-??
---------------------------------------------------------------------------
Version 3.11.1 (rgerhards), 2008-02-12
- SNMP trap sender added thanks to Andre Lorbach (omsnmp)
- added input-plugin interface specification in form of a (copy) template
  input module
- applied documentation fix by Michael Biebl -- many thanks!
- bugfix: immark did not have MARK flags set...
- added x-info field to rsyslogd startup/shutdown message. Hopefully
  points users to right location for further info (many don't even know
  they run rsyslog ;))
- bugfix: trailing ":" of tag was lost while parsing legacy syslog messages
  without timestamp - thanks to Anders Blomdell for providing a patch!
- fixed a bug in stringbuf.c related to STRINGBUF_TRIM_ALLOCSIZE, which
  wasn't supposed to be used with rsyslog. Put a warning message up that
  tells this feature is not tested and probably not worth the effort.
  Thanks to Anders Blomdell fro bringing this to our attention
- somewhat improved performance of string buffers
- fixed bug that caused invalid treatment of tabs (HT) in rsyslog.conf
- bugfix: setting for $EscapeCopntrolCharactersOnReceive was not 
  properly initialized
- clarified usage of space-cc property replacer option
- improved abort diagnostic handler
- some initial effort for malloc/free runtime debugging support
- bugfix: using dynafile actions caused rsyslogd abort
- fixed minor man errors thanks to Michael Biebl
---------------------------------------------------------------------------
Version 3.11.0 (rgerhards), 2008-01-31
- implemented queued actions
- implemented simple rate limiting for actions
- implemented deliberate discarding of lower priority messages over higher
  priority ones when a queue runs out of space
- implemented disk quotas for disk queues
- implemented the $ActionResumeRetryCount config directive
- added $ActionQueueFilename config directive
- added $ActionQueueSize config directive
- added $ActionQueueHighWaterMark config directive
- added $ActionQueueLowWaterMark config directive
- added $ActionQueueDiscardMark config directive
- added $ActionQueueDiscardSeverity config directive
- added $ActionQueueCheckpointInterval config directive
- added $ActionQueueType config directive
- added $ActionQueueWorkerThreads config directive
- added $ActionQueueTimeoutshutdown config directive
- added $ActionQueueTimeoutActionCompletion config directive
- added $ActionQueueTimeoutenQueue config directive
- added $ActionQueueTimeoutworkerThreadShutdown config directive
- added $ActionQueueWorkerThreadMinimumMessages config directive
- added $ActionQueueMaxFileSize config directive
- added $ActionQueueSaveonShutdown config directive
- addded $ActionQueueDequeueSlowdown config directive
- addded $MainMsgQueueDequeueSlowdown config directive
- bugfix: added forgotten docs to package
- improved debugging support
- fixed a bug that caused $MainMsgQueueCheckpointInterval to work incorrectly
- when a long-running action needs to be cancelled on shutdown, the message
  that was processed by it is now preserved. This finishes support for
  guaranteed delivery of messages (if the output supports it, of course)
- fixed bug in output module interface, see
  http://sourceforge.net/tracker/index.php?func=detail&aid=1881008&group_id=123448&atid=696552
- changed the ommysql output plugin so that the (lengthy) connection
  initialization now takes place in message processing. This works much
  better with the new queued action mode (fast startup)
- fixed a bug that caused a potential hang in file and fwd output module
  varmojfekoj provided the patch - many thanks!
- bugfixed stream class offset handling on 32bit platforms
---------------------------------------------------------------------------
Version 3.10.3 (rgerhards), 2008-01-28
- fixed a bug with standard template definitions (not a big deal) - thanks
  to varmojfekoj for spotting it
- run-time instrumentation added
- implemented disk-assisted queue mode, which enables on-demand disk
  spooling if the queue's in-memory queue is exhausted
- implemented a dynamic worker thread pool for processing incoming
  messages; workers are started and shut down as need arises
- implemented a run-time instrumentation debug package
- implemented the $MainMsgQueueSaveOnShutdown config directive
- implemented the $MainMsgQueueWorkerThreadMinimumMessages config directive
- implemented the $MainMsgQueueTimeoutWorkerThreadShutdown config directive
---------------------------------------------------------------------------
Version 3.10.2 (rgerhards), 2008-01-14
- added the ability to keep stop rsyslogd without the need to drain
  the main message queue. In disk queue mode, rsyslog continues to
  run from the point where it stopped. In case of a system failure, it
  continues to process messages from the last checkpoint.
- fixed a bug that caused a segfault on startup when no $WorkDir directive
  was specified in rsyslog.conf
- provided more fine-grain control over shutdown timeouts and added a
  way to specify the enqueue timeout when the main message queue is full
- implemented $MainMsgQueueCheckpointInterval config directive
- implemented $MainMsgQueueTimeoutActionCompletion config directive
- implemented $MainMsgQueueTimeoutEnqueue config directive
- implemented $MainMsgQueueTimeoutShutdown config directive
---------------------------------------------------------------------------
Version 3.10.1 (rgerhards), 2008-01-10
- implemented the "disk" queue mode. However, it currently is of very
  limited use, because it does not support persistence over rsyslogd
  runs. So when rsyslogd is stopped, the queue is drained just as with
  the in-memory queue modes. Persistent queues will be a feature of
  the next release.
- performance-optimized string class, should bring an overall improvement
- fixed a memory leak in imudp -- thanks to varmojfekoj for the patch
- fixed a race condition that could lead to a rsyslogd hang when during
  HUP or termination
- done some doc updates
- added $WorkDirectory config directive
- added $MainMsgQueueFileName config directive
- added $MainMsgQueueMaxFileSize config directive
---------------------------------------------------------------------------
Version 3.10.0 (rgerhards), 2008-01-07
- implemented input module interface and initial input modules
- enhanced threading for input modules (each on its own thread now)
- ability to bind UDP listeners to specific local interfaces/ports and
  ability to run multiple of them concurrently
- added ability to specify listen IP address for UDP syslog server
- license changed to GPLv3
- mark messages are now provided by loadble module immark
- rklogd is no longer provided. Its functionality has now been taken over
  by imklog, a loadable input module. This offers a much better integration
  into rsyslogd and makes sure that the kernel logger process is brought
  up and down at the appropriate times
- enhanced $IncludeConfig directive to support wildcard characters
  (thanks to Michael Biebl)
- all inputs are now implemented as loadable plugins
- enhanced threading model: each input module now runs on its own thread
- enhanced message queue which now supports different queueing methods
  (among others, this can be used for performance fine-tuning)
- added a large number of new configuration directives for the new
  input modules
- enhanced multi-threading utilizing a worker thread pool for the
  main message queue
- compilation without pthreads is no longer supported
- much cleaner code due to new objects and removal of single-threading
  mode
---------------------------------------------------------------------------
Version 2.0.1 STABLE (rgerhards), 2008-01-24
- fixed a bug in integer conversion - but this function was never called,
  so it is not really a useful bug fix ;)
- fixed a bug with standard template definitions (not a big deal) - thanks
  to varmojfekoj for spotting it
- fixed a bug that caused a potential hang in file and fwd output module
  varmojfekoj provided the patch - many thanks!
---------------------------------------------------------------------------
Version 2.0.0 STABLE (rgerhards), 2008-01-02
- re-release of 1.21.2 as STABLE with no modifications except some
  doc updates
---------------------------------------------------------------------------
Version 1.21.2 (rgerhards), 2007-12-28
- created a gss-api output module. This keeps GSS-API code and
  TCP/UDP code separated. It is also important for forward-
  compatibility with v3. Please note that this change breaks compatibility
  with config files created for 1.21.0 and 1.21.1 - this was considered
  acceptable.
- fixed an error in forwarding retry code (could lead to message corruption
  but surfaced very seldom)
- increased portability for older platforms (AI_NUMERICSERV moved)
- removed socket leak in omfwd.c
- cross-platform patch for GSS-API compile problem on some platforms
  thanks to darix for the patch!
---------------------------------------------------------------------------
Version 1.21.1 (rgerhards), 2007-12-23
- small doc fix for $IncludeConfig
- fixed a bug in llDestroy()
- bugfix: fixing memory leak when message queue is full and during
  parsing. Thanks to varmojfekoj for the patch.
- bugfix: when compiled without network support, unix sockets were
  not properply closed
- bugfix: memory leak in cfsysline.c/doGetWord() fixed
---------------------------------------------------------------------------
Version 1.21.0 (rgerhards), 2007-12-19
- GSS-API support for syslog/TCP connections was added. Thanks to
  varmojfekoj for providing the patch with this functionality
- code cleanup
- enhanced $IncludeConfig directive to support wildcard filenames
- changed some multithreading synchronization
---------------------------------------------------------------------------
Version 1.20.1 (rgerhards), 2007-12-12
- corrected a debug setting that survived release. Caused TCP connections
  to be retried unnecessarily often.
- When a hostname ACL was provided and DNS resolution for that name failed,
  ACL processing was stopped at that point. Thanks to mildew for the patch.
  Fedora Bugzilla: http://bugzilla.redhat.com/show_bug.cgi?id=395911
- fixed a potential race condition, see link for details:
  http://rgerhards.blogspot.com/2007/12/rsyslog-race-condition.html
  Note that the probability of problems from this bug was very remote
- fixed a memory leak that happend when PostgreSQL date formats were
  used
---------------------------------------------------------------------------
Version 1.20.0 (rgerhards), 2007-12-07
- an output module for postgres databases has been added. Thanks to
  sur5r for contributing this code
- unloading dynamic modules has been cleaned up, we now have a
  real implementation and not just a dummy "good enough for the time
  being".
- enhanced platform independence - thanks to Bartosz Kuzma and Michael
  Biebl for their very useful contributions
- some general code cleanup (including warnings on 64 platforms, only)
---------------------------------------------------------------------------
Version 1.19.12 (rgerhards), 2007-12-03
- cleaned up the build system (thanks to Michael Biebl for the patch)
- fixed a bug where ommysql was still not compiled with -pthread option
---------------------------------------------------------------------------
Version 1.19.11 (rgerhards), 2007-11-29
- applied -pthread option to build when building for multi-threading mode
  hopefully solves an issue with segfaulting
---------------------------------------------------------------------------
Version 1.19.10 (rgerhards), 2007-10-19
- introdcued the new ":modulename:" syntax for calling module actions
  in selector lines; modified ommysql to support it. This is primarily
  an aid for further modules and a prequisite to actually allow third
  party modules to be created.
- minor fix in slackware startup script, "-r 0" is now "-r0"
- updated rsyslogd doc set man page; now in html format
- undid creation of a separate thread for the main loop -- this did not
  turn out to be needed or useful, so reduce complexity once again.
- added doc fixes provided by Michael Biebl - thanks
---------------------------------------------------------------------------
Version 1.19.9 (rgerhards), 2007-10-12
- now packaging system which again contains all components in a single
  tarball
- modularized main() a bit more, resulting in less complex code
- experimentally added an additional thread - will see if that affects
  the segfault bug we experience on some platforms. Note that this change
  is scheduled to be removed again later.
---------------------------------------------------------------------------
Version 1.19.8 (rgerhards), 2007-09-27
- improved repeated message processing
- applied patch provided by varmojfekoj to support building ommysql
  in its own way (now also resides in a plugin subdirectory);
  ommysql is now a separate package
- fixed a bug in cvthname() that lead to message loss if part
  of the source hostname would have been dropped
- created some support for distributing ommysql together with the
  main rsyslog package. I need to re-think it in the future, but
  for the time being the current mode is best. I now simply include
  one additional tarball for ommysql inside the main distribution.
  I look forward to user feedback on how this should be done best. In the
  long term, a separate project should be spawend for ommysql, but I'd
  like to do that only after the plugin interface is fully stable (what
  it is not yet).
---------------------------------------------------------------------------
Version 1.19.7 (rgerhards), 2007-09-25
- added code to handle situations where senders send us messages ending with
  a NUL character. It is now simply removed. This also caused trailing LF
  reduction to fail, when it was followed by such a NUL. This is now also
  handled.
- replaced some non-thread-safe function calls by their thread-safe
  counterparts
- fixed a minor memory leak that occured when the %APPNAME% property was
  used (I think nobody used that in practice)
- fixed a bug that caused signal handlers in cvthname() not to be restored when
  a malicious pointer record was detected and processing of the message been
  stopped for that reason (this should be really rare and can not be related
  to the segfault bug we are hunting).
- fixed a bug in cvthname that lead to passing a wrong parameter - in
  practice, this had no impact.
- general code cleanup (e.g. compiler warnings, comments)
---------------------------------------------------------------------------
Version 1.19.6 (rgerhards), 2007-09-11
- applied patch by varmojfekoj to change signal handling to the new
  sigaction API set (replacing the depreciated signal() calls and its
  friends.
- fixed a bug that in --enable-debug mode caused an assertion when the
  discard action was used
- cleaned up compiler warnings
- applied patch by varmojfekoj to FIX a bug that could cause 
  segfaults if empty properties were processed using modifying
  options (e.g. space-cc, drop-cc)
- fixed man bug: rsyslogd supports -l option
---------------------------------------------------------------------------
Version 1.19.5 (rgerhards), 2007-09-07
- changed part of the CStr interface so that better error tracking
  is provided and the calling sequence is more intuitive (there were
  invalid calls based on a too-weired interface)
- (hopefully) fixed some remaining bugs rooted in wrong use of 
  the CStr class. These could lead to program abort.
- applied patch by varmojfekoj two fix two potential segfault situations
- added $ModDir config directive
- modified $ModLoad so that an absolute path may be specified as
  module name (e.g. /rsyslog/ommysql.so)
---------------------------------------------------------------------------
Version 1.19.4 (rgerhards/varmojfekoj), 2007-09-04
- fixed a number of small memory leaks - thanks varmojfekoj for patching
- fixed an issue with CString class that could lead to rsyslog abort
  in tplToString() - thanks varmojfekoj for patching
- added a man-version of the config file documenation - thanks to Michel
  Samia for providing the man file
- fixed bug: a template like this causes an infinite loop:
  $template opts,"%programname:::a,b%"
  thanks varmojfekoj for the patch
- fixed bug: case changing options crash freeing the string pointer
  because they modify it: $template opts2,"%programname::1:lowercase%"
  thanks varmojfekoj for the patch
---------------------------------------------------------------------------
Version 1.19.3 (mmeckelein/varmojfekoj), 2007-08-31
- small mem leak fixed (after calling parseSelectorAct) - Thx varmojkekoj
- documentation section "Regular File" und "Blocks" updated
- solved an issue with dynamic file generation - Once again many thanks
  to varmojfekoj
- the negative selector for program name filter (Blocks) does not work as
  expected - Thanks varmojfekoj for patching
- added forwarding information to sysklogd (requires special template)
  to config doc
---------------------------------------------------------------------------
Version 1.19.2 (mmeckelein/varmojfekoj), 2007-08-28
- a specifically formed message caused a segfault - Many thanks varmojfekoj
  for providing a patch
- a typo and a weird condition are fixed in msg.c - Thanks again
  varmojfekoj 
- on file creation the file was always owned by root:root. This is fixed
  now - Thanks ypsa for solving this issue
---------------------------------------------------------------------------
Version 1.19.1 (mmeckelein), 2007-08-22
- a bug that caused a high load when a TCP/UDP connection was closed is 
  fixed now - Thanks mildew for solving this issue
- fixed a bug which caused a segfault on reinit - Thx varmojfekoj for the
  patch
- changed the hardcoded module path "/lib/rsyslog" to $(pkglibdir) in order
  to avoid trouble e.g. on 64 bit platforms (/lib64) - many thanks Peter
  Vrabec and darix, both provided a patch for solving this issue
- enhanced the unloading of modules - thanks again varmojfekoj
- applied a patch from varmojfekoj which fixes various little things in
  MySQL output module
---------------------------------------------------------------------------
Version 1.19.0 (varmojfekoj/rgerhards), 2007-08-16
- integrated patch from varmojfekoj to make the mysql module a loadable one
  many thanks for the patch, MUCH appreciated
---------------------------------------------------------------------------
Version 1.18.2 (rgerhards), 2007-08-13
- fixed a bug in outchannel code that caused templates to be incorrectly
  parsed
- fixed a bug in ommysql that caused a wrong ";template" missing message
- added some code for unloading modules; not yet fully complete (and we do
  not yet have loadable modules, so this is no problem)
- removed debian subdirectory by request of a debian packager (this is a special
  subdir for debian and there is also no point in maintaining it when there
  is a debian package available - so I gladly did this) in some cases
- improved overall doc quality (some pages were quite old) and linked to
  more of the online resources.
- improved /contrib/delete_mysql script by adding a host option and some
  other minor modifications
---------------------------------------------------------------------------
Version 1.18.1 (rgerhards), 2007-08-08
- applied a patch from varmojfekoj which solved a potential segfault
  of rsyslogd on HUP
- applied patch from Michel Samia to fix compilation when the pthreads
  feature is disabled
- some code cleanup (moved action object to its own file set)
- add config directive $MainMsgQueueSize, which now allows to configure the
  queue size dynamically
- all compile-time settings are now shown in rsyslogd -v, not just the
  active ones
- enhanced performance a little bit more
- added config file directive $ActionResumeInterval
- fixed a bug that prevented compilation under debian sid
- added a contrib directory for user-contributed useful things
---------------------------------------------------------------------------
Version 1.18.0 (rgerhards), 2007-08-03
- rsyslog now supports fallback actions when an action did not work. This
  is a great feature e.g. for backup database servers or backup syslog
  servers
- modified rklogd to only change the console log level if -c is specified
- added feature to use multiple actions inside a single selector
- implemented $ActionExecOnlyWhenPreviousIsSuspended config directive
- error messages during startup are now spit out to the configured log
  destinations
---------------------------------------------------------------------------
Version 1.17.6 (rgerhards), 2007-08-01
- continued to work on output module modularization - basic stage of
  this work is now FINISHED
- fixed bug in OMSRcreate() - always returned SR_RET_OK
- fixed a bug that caused ommysql to always complain about missing
  templates
- fixed a mem leak in OMSRdestruct - freeing the object itself was
  forgotten - thanks to varmojfekoj for the patch
- fixed a memory leak in syslogd/init() that happend when the config
  file could not be read - thanks to varmojfekoj for the patch
- fixed insufficient memory allocation in addAction() and its helpers.
  The initial fix and idea was developed by mildew, I fine-tuned
  it a bit. Thanks a lot for the fix, I'd probably had pulled out my
  hair to find the bug...
- added output of config file line number when a parsing error occured
- fixed bug in objomsr.c that caused program to abort in debug mode with
  an invalid assertion (in some cases)
- fixed a typo that caused the default template for MySQL to be wrong.
  thanks to mildew for catching this.
- added configuration file command $DebugPrintModuleList and
  $DebugPrintCfSysLineHandlerList
- fixed an invalid value for the MARK timer - unfortunately, there was
  a testing aid left in place. This resulted in quite frequent MARK messages
- added $IncludeConfig config directive
- applied a patch from mildew to prevent rsyslogd from freezing under heavy
  load. This could happen when the queue was full. Now, we drop messages
  but rsyslogd remains active.
---------------------------------------------------------------------------
Version 1.17.5 (rgerhards), 2007-07-30
- continued to work on output module modularization
- fixed a missing file bug - thanks to Andrea Montanari for reporting
  this problem
- fixed a problem with shutting down the worker thread and freeing the
  selector_t list - this caused messages to be lost, because the
  message queue was not properly drained before the selectors got
  destroyed.
---------------------------------------------------------------------------
Version 1.17.4 (rgerhards), 2007-07-27
- continued to work on output module modularization
- fixed a situation where rsyslogd could create zombie processes
  thanks to mildew for the patch
- applied patch from Michel Samia to fix compilation when NOT
  compiled for pthreads
---------------------------------------------------------------------------
Version 1.17.3 (rgerhards), 2007-07-25
- continued working on output module modularization
- fixed a bug that caused rsyslogd to segfault on exit (and
  probably also on HUP), when there was an unsent message in a selector
  that required forwarding and the dns lookup failed for that selector
  (yes, it was pretty unlikely to happen;))
  thanks to varmojfekoj <varmojfekoj@gmail.com> for the patch
- fixed a memory leak in config file parsing and die()
  thanks to varmojfekoj <varmojfekoj@gmail.com> for the patch
- rsyslogd now checks on startup if it is capable to performa any work
  at all. If it cant, it complains and terminates
  thanks to Michel Samia for providing the patch!
- fixed a small memory leak when HUPing syslogd. The allowed sender
  list now gets freed. thanks to mildew for the patch.
- changed the way error messages in early startup are logged. They
  now do no longer use the syslogd code directly but are rather
  send to stderr.
---------------------------------------------------------------------------
Version 1.17.2 (rgerhards), 2007-07-23
- made the port part of the -r option optional. Needed for backward
  compatibility with sysklogd
- replaced system() calls with something more reasonable. Please note that
  this might break compatibility with some existing configuration files.
  We accept this in favour of the gained security.
- removed a memory leak that could occur if timegenerated was used in
  RFC 3164 format in templates
- did some preparation in msg.c for advanced multithreading - placed the
  hooks, but not yet any active code
- worked further on modularization
- added $ModLoad MySQL (dummy) config directive
- added DropTrailingLFOnReception config directive
---------------------------------------------------------------------------
Version 1.17.1 (rgerhards), 2007-07-20
- fixed a bug that caused make install to install rsyslogd and rklogd under
  the wrong names
- fixed bug that caused $AllowedSenders to handle IPv6 scopes incorrectly;
  also fixed but that could grabble $AllowedSender wildcards. Thanks to
  mildew@gmail.com for the patch
- minor code cleanup - thanks to Peter Vrabec for the patch
- fixed minimal memory leak on HUP (caused by templates)
  thanks to varmojfekoj <varmojfekoj@gmail.com> for the patch
- fixed another memory leak on HUPing and on exiting rsyslogd
  again thanks to varmojfekoj <varmojfekoj@gmail.com> for the patch
- code cleanup (removed compiler warnings)
- fixed portability bug in configure.ac - thanks to Bartosz Kuźma for patch
- moved msg object into its own file set
- added the capability to continue trying to write log files when the
  file system is full. Functionality based on patch by Martin Schulze
  to sysklogd package.
---------------------------------------------------------------------------
Version 1.17.0 (RGer), 2007-07-17
- added $RepeatedLineReduction config parameter
- added $EscapeControlCharactersOnReceive config parameter
- added $ControlCharacterEscapePrefix config parameter
- added $DirCreateMode config parameter
- added $CreateDirs config parameter
- added $DebugPrintTemplateList config parameter
- added $ResetConfigVariables config parameter
- added $FileOwner config parameter
- added $FileGroup config parameter
- added $DirOwner config parameter
- added $DirGroup config parameter
- added $FailOnChownFailure config parameter
- added regular expression support to the filter engine
  thanks to Michel Samia for providing the patch!
- enhanced $AllowedSender functionality. Credits to mildew@gmail.com for
  the patch doing that
  - added IPv6 support
  - allowed DNS hostnames
  - allowed DNS wildcard names
- added new option $DropMsgsWithMaliciousDnsPTRRecords
- added autoconf so that rfc3195d, rsyslogd and klogd are stored to /sbin
- added capability to auto-create directories with dynaFiles
---------------------------------------------------------------------------
Version 1.16.0 (RGer/Peter Vrabec), 2007-07-13 - The Friday, 13th Release ;)
- build system switched to autotools
- removed SYSV preprocessor macro use, replaced with autotools equivalents
- fixed a bug that caused rsyslogd to segfault when TCP listening was
  disabled and it terminated
- added new properties "syslogfacility-text" and "syslogseverity-text"
  thanks to varmojfekoj <varmojfekoj@gmail.com> for the patch
- added the -x option to disable hostname dns reslution
  thanks to varmojfekoj <varmojfekoj@gmail.com> for the patch
- begun to better modularize syslogd.c - this is an ongoing project; moved
  type definitions to a separate file
- removed some now-unused fields from struct filed
- move file size limit fields in struct field to the "right spot" (the file
  writing part of the union - f_un.f_file)
- subdirectories linux and solaris are no longer part of the distribution
  package. This is not because we cease support for them, but there are no
  longer any files in them after the move to autotools
---------------------------------------------------------------------------
Version 1.15.1 (RGer), 2007-07-10
- fixed a bug that caused a dynaFile selector to stall when there was
  an open error with one file 
- improved template processing for dynaFiles; templates are now only
  looked up during initialization - speeds up processing
- optimized memory layout in struct filed when compiled with MySQL
  support
- fixed a bug that caused compilation without SYSLOG_INET to fail
- re-enabled the "last message repeated n times" feature. This
  feature was not taken care of while rsyslogd evolved from sysklogd
  and it was more or less defunct. Now it is fully functional again.
- added system properties: $NOW, $YEAR, $MONTH, $DAY, $HOUR, $MINUTE
- fixed a bug in iovAsString() that caused a memory leak under stress
  conditions (most probably memory shortage). This was unlikely to
  ever happen, but it doesn't hurt doing it right
- cosmetic: defined type "uchar", change all unsigned chars to uchar
---------------------------------------------------------------------------
Version 1.15.0 (RGer), 2007-07-05
- added ability to dynamically generate file names based on templates
  and thus properties. This was a much-requested feature. It makes
  life easy when it e.g. comes to splitting files based on the sender
  address.
- added $umask and $FileCreateMode config file directives
- applied a patch from Bartosz Kuzma to compile cleanly under NetBSD
- checks for extra (unexpected) characters in system config file lines
  have been added
- added IPv6 documentation - was accidently missing from CVS
- begun to change char to unsigned char
---------------------------------------------------------------------------
Version 1.14.2 (RGer), 2007-07-03
** this release fixes all known nits with IPv6 **
- restored capability to do /etc/service lookup for "syslog"
  service when -r 0 was given
- documented IPv6 handling of syslog messages
- integrate patch from Bartosz Kuźma to make rsyslog compile under
  Solaris again (the patch replaced a strndup() call, which is not
  available under Solaris
- improved debug logging when waiting on select
- updated rsyslogd man page with new options (-46A)
---------------------------------------------------------------------------
Version 1.14.1 (RGer/Peter Vrabec), 2007-06-29
- added Peter Vrabec's patch for IPv6 TCP
- prefixed all messages send to stderr in rsyslogd with "rsyslogd: "
---------------------------------------------------------------------------
Version 1.14.0 (RGer/Peter Vrabec), 2007-06-28
- Peter Vrabec provided IPv6 for rsyslog, so we are now IPv6 enabled
  IPv6 Support is currently for UDP only, TCP is to come soon.
  AllowedSender configuration does not yet work for IPv6.
- fixed code in iovCreate() that broke C's strict aliasing rules 
- fixed some char/unsigned char differences that forced the compiler
  to spit out warning messages
- updated the Red Hat init script to fix a known issue (thanks to
  Peter Vrabec)
---------------------------------------------------------------------------
Version 1.13.5 (RGer), 2007-06-22
- made the TCP session limit configurable via command line switch
  now -t <port>,<max sessions>
- added man page for rklogd(8) (basically a copy from klogd, but now
  there is one...)
- fixed a bug that caused internal messages (e.g. rsyslogd startup) to
  appear without a tag.
- removed a minor memory leak that occurred when TAG processing requalified
  a HOSTNAME to be a TAG (and a TAG already was set).
- removed potential small memory leaks in MsgSet***() functions. There
  would be a leak if a property was re-set, something that happened
  extremely seldom.
---------------------------------------------------------------------------
Version 1.13.4 (RGer), 2007-06-18
- added a new property "PRI-text", which holds the PRI field in
  textual form (e.g. "syslog.info")
- added alias "syslogseverity" for "syslogpriority", which is a
  misleading property name that needs to stay for historical
  reasons (and backward-compatility)
- added doc on how to record PRI value in log file
- enhanced signal handling in klogd, including removal of an unsafe
  call to the logging system during signal handling
---------------------------------------------------------------------------
Version 1.13.3 (RGer), 2007-06-15
- create a version of syslog.c from scratch. This is now
  - highly optimized for rsyslog
  - removes an incompatible license problem as the original
    version had a BSD license with advertising clause
  - fixed in the regard that rklogd will continue to work when
    rsysogd has been restarted (the original version, as well
    as sysklogd, will remain silent then)
  - solved an issue with an extra NUL char at message end that the
    original version had
- applied some changes to klogd to care for the new interface
- fixed a bug in syslogd.c which prevented compiling under debian
---------------------------------------------------------------------------
Version 1.13.2 (RGer), 2007-06-13
- lib order in makefile patched to facilitate static linking - thanks
  to Bennett Todd for providing the patch
- Integrated a patch from Peter Vrabec (pvrabec@redheat.com):
  - added klogd under the name of rklogd (remove dependency on
    original sysklogd package
  - createDB.sql now in UTF
  - added additional config files for use on Red Hat
---------------------------------------------------------------------------
Version 1.13.1 (RGer), 2007-02-05
- changed the listen backlog limit to a more reasonable value based on
  the maximum number of TCP connections configurd (10% + 5) - thanks to Guy
  Standen for the hint (actually, the limit was 5 and that was a 
  left-over from early testing).
- fixed a bug in makefile which caused DB-support to be disabled when
  NETZIP support was enabled
- added the -e option to allow transmission of every message to remote
  hosts (effectively turns off duplicate message suppression)
- (somewhat) improved memory consumption when compiled with MySQL support
- looks like we fixed an incompatibility with MySQL 5.x and above software
  At least in one case, the remote server name was destroyed, leading to 
  a connection failure. The new, improved code does not have this issue and
  so we see this as solved (the new code is generally somewhat better, so
  there is a good chance we fixed this incompatibility).
---------------------------------------------------------------------------
Version 1.13.0 (RGer), 2006-12-19
- added '$' as ToPos proptery replacer specifier - means "up to the
  end of the string"
- property replacer option "escape-cc", "drop-cc" and "space-cc"  added
- changed the handling of \0 characters inside syslog messages. We now
  consistently escape them to "#000". This is somewhat recommended in
  the draft-ietf-syslog-protocol-19 draft. While the real recomendation
  is to not escape any characters at all, we can not do this without
  considerable modification of the code. So we escape it to "#000", which
  is consistent with a sample found in the Internet-draft.
- removed message glue logic (see printchopped() comment for details)
  Also caused removal of parts table and thus some improvements in
  memory usage.
- changed the default MAXLINE to 2048 to take care of recent syslog
  standardization efforts (can easily be changed in syslogd.c)
- added support for byte-counted TCP syslog messages (much like
  syslog-transport-tls-05 Internet Draft). This was necessary to
  support compression over TCP.
- added support for receiving compressed syslog messages
- added support for sending compressed syslog messages
- fixed a bug where the last message in a syslog/tcp stream was
  lost if it was not properly terminated by a LF character
---------------------------------------------------------------------------
Version 1.12.3 (RGer), 2006-10-04
- implemented some changes to support Solaris (but support is not
  yet complete)
- commented out (via #if 0) some methods that are currently not being use
  but should be kept for further us
- added (interim) -u 1 option to turn off hostname and tag parsing
- done some modifications to better support Fedora
- made the field delimiter inside property replace configurable via
  template
- fixed a bug in property replacer: if fields were used, the delimitor
  became part of the field. Up until now, this was barely noticable as 
  the delimiter as TAB only and thus invisible to a human. With other
  delimiters available now, it quickly showed up. This bug fix might cause
  some grief to existing installations if they used the extra TAB for
  whatever reasons - sorry folks... Anyhow, a solution is easy: just add
  a TAB character contstant into your template. Thus, there has no attempt
  been made to do this in a backwards-compatible way.
---------------------------------------------------------------------------
Version 1.12.2 (RGer), 2006-02-15
- fixed a bug in the RFC 3339 date formatter. An extra space was added
  after the actual timestamp
- added support for providing high-precision RFC3339 timestamps for
  (rsyslogd-)internally-generated messages
- very (!) experimental support for syslog-protocol internet draft
  added (the draft is experimental, the code is solid ;))
- added support for field-extracting in the property replacer
- enhanced the legacy-syslog parser so that it can interpret messages
  that do not contain a TIMESTAMP
- fixed a bug that caused the default socket (usually /dev/log) to be
  opened even when -o command line option was given
- fixed a bug in the Debian sample startup script - it caused rsyslogd
  to listen to remote requests, which it shouldn't by default
---------------------------------------------------------------------------
Version 1.12.1 (RGer), 2005-11-23
- made multithreading work with BSD. Some signal-handling needed to be
  restructured. Also, there might be a slight delay of up to 10 seconds
  when huping and terminating rsyslogd under BSD
- fixed a bug where a NULL-pointer was passed to printf() in logmsg().
- fixed a bug during "make install" where rc3195d was not installed
  Thanks to Bennett Todd for spotting this.
- fixed a bug where rsyslogd dumped core when no TAG was found in the
  received message
- enhanced message parser so that it can deal with missing hostnames
  in many cases (may not be totally fail-safe)
- fixed a bug where internally-generated messages did not have the correct
  TAG
---------------------------------------------------------------------------
Version 1.12.0 (RGer), 2005-10-26
- moved to a multi-threaded design. single-threading is still optionally
  available. Multi-threading is experimental!
- fixed a potential race condition. In the original code, marking was done
  by an alarm handler, which could lead to all sorts of bad things. This
  has been changed now. See comments in syslogd.c/domark() for details.
- improved debug output for property-based filters
- not a code change, but: I have checked all exit()s to make sure that
  none occurs once rsyslogd has started up. Even in unusual conditions
  (like low-memory conditions) rsyslogd somehow remains active. Of course,
  it might loose a message or two, but at least it does not abort and it
  can also recover when the condition no longer persists.
- fixed a bug that could cause loss of the last message received
  immediately before rsyslogd was terminated.
- added comments on thread-safety of global variables in syslogd.c
- fixed a small bug: spurios printf() when TCP syslog was used
- fixed a bug that causes rsyslogd to dump core on termination when one
  of the selector lines did not receive a message during the run (very
  unlikely)
- fixed an one-too-low memory allocation in the TCP sender. Could result
  in rsyslogd dumping core.
- fixed a bug with regular expression support (thanks to Andres Riancho)
- a little bit of code restructuring (especially main(), which was
  horribly large)
---------------------------------------------------------------------------
Version 1.11.1 (RGer), 2005-10-19
- support for BSD-style program name and host blocks
- added a new property "programname" that can be used in templates
- added ability to specify listen port for rfc3195d
- fixed a bug that rendered the "startswith" comparison operation
  unusable.
- changed more functions to "static" storage class to help compiler
  optimize (should have been static in the first place...)
- fixed a potential memory leak in the string buffer class destructor.
  As the destructur was previously never called, the leak did not actually
  appear.
- some internal restructuring in anticipation/preparation of minimal
  multi-threading support
- rsyslogd still shares some code with the sysklogd project. Some patches
  for this shared code have been brought over from the sysklogd CVS.
---------------------------------------------------------------------------
Version 1.11.0 (RGer), 2005-10-12
- support for receiving messages via RFC 3195; added rfc3195d for that
  purpose
- added an additional guard to prevent rsyslogd from aborting when the
  2gb file size limit is hit. While a user can configure rsyslogd to
  handle such situations, it would abort if that was not done AND large
  file support was not enabled (ok, this is hopefully an unlikely scenario)
- fixed a bug that caused additional Unix domain sockets to be incorrectly
  processed - could lead to message loss in extreme cases
---------------------------------------------------------------------------
Version 1.10.2 (RGer), 2005-09-27
- added comparison operations in property-based filters:
  * isequal
  * startswith
- added ability to negate all property-based filter comparison operations
  by adding a !-sign right in front of the operation name
- added the ability to specify remote senders for UDP and TCP
  received messages. Allows to block all but well-known hosts
- changed the $-config line directives to be case-INsensitive
- new command line option -w added: "do not display warnings if messages
  from disallowed senders are received"
- fixed a bug that caused rsyslogd to dump core when the compare value
  was not quoted in property-based filters
- fixed a bug in the new CStr compare function which lead to invalid
  results (fortunately, this function was not yet used widely)
- added better support for "debugging" rsyslog.conf property filters
  (only if -d switch is given)
- changed some function definitions to static, which eventually enables
  some compiler optimizations
- fixed a bug in MySQL code; when a SQL error occured, rsyslogd could
  run in a tight loop. This was due to invalid sequence of error reporting
  and is now fixed.
---------------------------------------------------------------------------
Version 1.10.1 (RGer), 2005-09-23
- added the ability to execute a shell script as an action.
  Thanks to Bjoern Kalkbrenner for providing the code!
- fixed a bug in the MySQL code; due to the bug the automatic one-time
  retry after an error did not happen - this lead to error message in
  cases where none should be seen (e.g. after a MySQL restart)
- fixed a security issue with SQL-escaping in conjunction with
  non-(SQL-)standard MySQL features.
---------------------------------------------------------------------------
Version 1.10.0 (RGer), 2005-09-20
  REMINDER: 1.10 is the first unstable version if the 1.x series!
- added the capability to filter on any property in selector lines
  (not just facility and priority)
- changed stringbuf into a new counted string class
- added support for a "discard" action. If a selector line with
  discard (~ character) is found, no selector lines *after* that
  line will be processed.
- thanks to Andres Riancho, regular expression support has been
  added to the template engine
- added the FROMHOST property in the template processor, which could
  previously not be obtained. Thanks to Cristian Testa for pointing
  this out and even providing a fix.
- added display of compile-time options to -v output
- performance improvement for production build - made some checks
  to happen only during debug mode
- fixed a problem with compiling on SUSE and - while doing so - removed
  the socket call to set SO_BSDCOMPAT in cases where it is obsolete.
---------------------------------------------------------------------------
Version 1.0.4 (RGer), 2006-02-01
- a small but important fix: the tcp receiver had two forgotten printf's
  in it that caused a lot of unnecessary output to stdout. This was
  important enough to justify a new release
---------------------------------------------------------------------------
Version 1.0.3 (RGer), 2005-11-14
- added an additional guard to prevent rsyslogd from aborting when the
  2gb file size limit is hit. While a user can configure rsyslogd to
  handle such situations, it would abort if that was not done AND large
  file support was not enabled (ok, this is hopefully an unlikely scenario)
- fixed a bug that caused additional Unix domain sockets to be incorrectly
  processed - could lead to message loss in extreme cases
- applied some patches available from the sysklogd project to code
  shared from there
- fixed a bug that causes rsyslogd to dump core on termination when one
  of the selector lines did not receive a message during the run (very
  unlikely)
- fixed an one-too-low memory allocation in the TCP sender. Could result
  in rsyslogd dumping core.
- fixed a bug in the TCP sender that caused the retry logic to fail
  after an error or receiver overrun
- fixed a bug in init() that could lead to dumping core
- fixed a bug that could lead to dumping core when no HOSTNAME or no TAG
  was present in the syslog message
---------------------------------------------------------------------------
Version 1.0.2 (RGer), 2005-10-05
- fixed an issue with MySQL error reporting. When an error occured,
  the MySQL driver went into an endless loop (at least in most cases).
---------------------------------------------------------------------------
Version 1.0.1 (RGer), 2005-09-23
- fixed a security issue with SQL-escaping in conjunction with
  non-(SQL-)standard MySQL features.
---------------------------------------------------------------------------
Version 1.0.0 (RGer), 2005-09-12
- changed install doc to cover daily cron scripts - a trouble source
- added rc script for slackware (provided by Chris Elvidge - thanks!) 
- fixed a really minor bug in usage() - the -r option was still
  reported as without the port parameter
---------------------------------------------------------------------------
Version 0.9.8 (RGer), 2005-09-05
- made startup and shutdown message more consistent and included the
  pid, so that they can be easier correlated. Used syslog-protocol
  structured data format for this purpose.
- improved config info in startup message, now tells not only
  if it is listening remote on udp, but also for tcp. Also includes
  the port numbers. The previous startup message was misleading, because
  it did not say "remote reception" if rsyslogd was only listening via
  tcp (but not via udp).
- added a "how can you help" document to the doc set
---------------------------------------------------------------------------
Version 0.9.7 (RGer), 2005-08-15
- some of the previous doc files (like INSTALL) did not properly
  reflect the changes to the build process and the new doc. Fixed
  that.
- changed syslogd.c so that when compiled without database support,
  an error message is displayed when a database action is detected
  in the config file (previously this was used as an user rule ;))
- fixed a bug in the os-specific Makefiles which caused MySQL
  support to not be compiled, even if selected
---------------------------------------------------------------------------
Version 0.9.6 (RGer), 2005-08-09
- greatly enhanced documentation. Now available in html format in
  the "doc" folder and FreeBSD. Finally includes an install howto.
- improved MySQL error messages a little - they now show up as log
  messages, too (formerly only in debug mode)
- added the ability to specify the listen port for udp syslog.
  WARNING: This introduces an incompatibility. Formerly, udp
  syslog was enabled by the -r command line option. Now, it is
  "-r [port]", which is consistent with the tcp listener. However,
  just -r will now return an error message.
- added sample startup scripts for Debian and FreeBSD
- added support for easy feature selection in the makefile. Un-
  fortunately, this also means I needed to spilt the make file
  for different OS and distros. There are some really bad syntax
  differences between FreeBSD and Linux make.
---------------------------------------------------------------------------
Version 0.9.5 (RGer), 2005-08-01
- the "semicolon bug" was actually not (fully) solved in 0.9.4. One
  part of the bug was solved, but another still existed. This one
  is fixed now, too.
- the "semicolon bug" actually turned out to be a more generic bug.
  It appeared whenever an invalid template name was given. With some
  selector actions, rsyslogd dumped core, with other it "just" had
  a small ressource leak with others all worked well. These anomalies
  are now fixed. Note that they only appeared during system initaliziation
  once the system was running, nothing bad happened.
- improved error reporting for template errors on startup. They are now
  shown on the console and the start-up tty. Formerly, they were only
  visible in debug mode.
- support for multiple instances of rsyslogd on a single machine added
- added new option "-o" --> omit local unix domain socket. This option
  enables rsyslogd NOT to listen to the local socket. This is most
  helpful when multiple instances of rsyslogd (or rsyslogd and another
  syslogd) shall run on a single system.
- added new option "-i <pidfile>" which allows to specify the pidfile.
  This is needed when multiple instances of rsyslogd are to be run.
- the new project home page is now online at www.rsyslog.com
---------------------------------------------------------------------------
Version 0.9.4 (RGer), 2005-07-25
- finally added the TCP sender. It now supports non-blocking mode, no
  longer disabling message reception during connect. As it is now, it
  is usable in production. The code could be more sophisticated, but
  I've kept it short in anticipation of the move to liblogging, which
  will lead to the removal of the code just written ;)
- the "exiting on signal..." message still had the "syslogd" name in 
  it. Changed this to "rsyslogd", as we do not have a large user base
  yet, this should pose no problem.
- fixed "the semiconlon" bug. rsyslogd dumped core if a write-db action
  was specified but no semicolon was given after the password (an empty
  template was ok, but the semicolon needed to be present).
- changed a default for traditional output format. During testing, it
  was seen that the timestamp written to file in default format was
  the time of message reception, not the time specified in the TIMESTAMP
  field of the message itself. Traditionally, the message TIMESTAMP is
  used and this has been changed now.
---------------------------------------------------------------------------
Version 0.9.3 (RGer), 2005-07-19
- fixed a bug in the message parser. In June, the RFC 3164 timestamp
  was not correctly parsed (yes, only in June and some other months,
  see the code comment to learn why...)
- added the ability to specify the destination port when forwarding
  syslog messages (both for TCP and UDP)
- added an very experimental TCP sender (activated by
  @@machine:port in config). This is not yet for production use. If
  the receiver is not alive, rsyslogd will wait quite some time until
  the connection request times out, which most probably leads to
  loss of incoming messages.

---------------------------------------------------------------------------
Version 0.9.2 (RGer), around 2005-07-06
- I intended to change the maxsupported message size to 32k to
  support IHE - but given the memory inefficiency in the usual use
  cases, I have not done this. I have, however, included very
  specific instructions on how to do this in the source code. I have
  also done some testing with 32k messages, so you can change the
  max size without taking too much risk.
- added a syslog/tcp receiver; we now can receive messages via
  plain tcp, but we can still send only via UDP. The syslog/tcp
  receiver is the primary enhancement of this release.
- slightly changed some error messages that contained a spurios \n at
  the end of the line (which gives empty lines in your log...)

---------------------------------------------------------------------------
Version 0.9.1 (RGer)
- fixed code so that it compiles without errors under FreeBSD
- removed now unused function "allocate_log()" from syslogd.c
- changed the make file so that it contains more defines for
  different environments (in the long term, we need a better
  system for disabling/enabling features...)
- changed some printf's printing off_t types to %lld and
  explicit (long long) casts. I tried to figure out the exact type,
  but did not succeed in this. In the worst case, ultra-large peta-
  byte files will now display funny informational messages on rollover,
  something I think we can live with for the neersion 3.11.2 (rgerhards), 2008-02-??
---------------------------------------------------------------------------
Version 3.11.1 (rgerhards), 2008-02-12
- SNMP trap sender added thanks to Andre Lorbach (omsnmp)
- added input-plugin interface specification in form of a (copy) template
  input module
- applied documentation fix by Michael Biebl -- many thanks!
- bugfix: immark did not have MARK flags set...
- added x-info field to rsyslogd startup/shutdown message. Hopefully
  points users to right location for further info (many don't even know
  they run rsyslog ;))
- bugfix: trailing ":" of tag was lost while parsing legacy syslog messages
  without timestamp - thanks to Anders Blomdell for providing a patch!
- fixed a bug in stringbuf.c related to STRINGBUF_TRIM_ALLOCSIZE, which
  wasn't supposed to be used with rsyslog. Put a warning message up that
  tells this feature is not tested and probably not worth the effort.
  Thanks to Anders Blomdell fro bringing this to our attention
- somewhat improved performance of string buffers
- fixed bug that caused invalid treatment of tabs (HT) in rsyslog.conf
- bugfix: setting for $EscapeCopntrolCharactersOnReceive was not 
  properly initialized
- clarified usage of space-cc property replacer option
- improved abort diagnostic handler
- some initial effort for malloc/free runtime debugging support
- bugfix: using dynafile actions caused rsyslogd abort
- fixed minor man errors thanks to Michael Biebl
---------------------------------------------------------------------------
Version 3.11.0 (rgerhards), 2008-01-31
- implemented queued actions
- implemented simple rate limiting for actions
- implemented deliberate discarding of lower priority messages over higher
  priority ones when a queue runs out of space
- implemented disk quotas for disk queues
- implemented the $ActionResumeRetryCount config directive
- added $ActionQueueFilename config directive
- added $ActionQueueSize config directive
- added $ActionQueueHighWaterMark config directive
- added $ActionQueueLowWaterMark config directive
- added $ActionQueueDiscardMark config directive
- added $ActionQueueDiscardSeverity config directive
- added $ActionQueueCheckpointInterval config directive
- added $ActionQueueType config directive
- added $ActionQueueWorkerThreads config directive
- added $ActionQueueTimeoutshutdown config directive
- added $ActionQueueTimeoutActionCompletion config directive
- added $ActionQueueTimeoutenQueue config directive
- added $ActionQueueTimeoutworkerThreadShutdown config directive
- added $ActionQueueWorkerThreadMinimumMessages config directive
- added $ActionQueueMaxFileSize config directive
- added $ActionQueueSaveonShutdown config directive
- addded $ActionQueueDequeueSlowdown config directive
- addded $MainMsgQueueDequeueSlowdown config directive
- bugfix: added forgotten docs to package
- improved debugging support
- fixed a bug that caused $MainMsgQueueCheckpointInterval to work incorrectly
- when a long-running action needs to be cancelled on shutdown, the message
  that was processed by it is now preserved. This finishes support for
  guaranteed delivery of messages (if the output supports it, of course)
- fixed bug in output module interface, see
  http://sourceforge.net/tracker/index.php?func=detail&aid=1881008&group_id=123448&atid=696552
- changed the ommysql output plugin so that the (lengthy) connection
  initialization now takes place in message processing. This works much
  better with the new queued action mode (fast startup)
- fixed a bug that caused a potential hang in file and fwd output module
  varmojfekoj provided the patch - many thanks!
- bugfixed stream class offset handling on 32bit platforms
---------------------------------------------------------------------------
Version 3.10.3 (rgerhards), 2008-01-28
- fixed a bug with standard template definitions (not a big deal) - thanks
  to varmojfekoj for spotting it
- run-time instrumentation added
- implemented disk-assisted queue mode, which enables on-demand disk
  spooling if the queue's in-memory queue is exhausted
- implemented a dynamic worker thread pool for processing incoming
  messages; workers are started and shut down as need arises
- implemented a run-time instrumentation debug package
- implemented the $MainMsgQueueSaveOnShutdown config directive
- implemented the $MainMsgQueueWorkerThreadMinimumMessages config directive
- implemented the $MainMsgQueueTimeoutWorkerThreadShutdown config directive
---------------------------------------------------------------------------
Version 3.10.2 (rgerhards), 2008-01-14
- added the ability to keep stop rsyslogd without the need to drain
  the main message queue. In disk queue mode, rsyslog continues to
  run from the point where it stopped. In case of a system failure, it
  continues to process messages from the last checkpoint.
- fixed a bug that caused a segfault on startup when no $WorkDir directive
  was specified in rsyslog.conf
- provided more fine-grain control over shutdown timeouts and added a
  way to specify the enqueue timeout when the main message queue is full
- implemented $MainMsgQueueCheckpointInterval config directive
- implemented $MainMsgQueueTimeoutActionCompletion config directive
- implemented $MainMsgQueueTimeoutEnqueue config directive
- implemented $MainMsgQueueTimeoutShutdown config directive
---------------------------------------------------------------------------
Version 3.10.1 (rgerhards), 2008-01-10
- implemented the "disk" queue mode. However, it currently is of very
  limited use, because it does not support persistence over rsyslogd
  runs. So when rsyslogd is stopped, the queue is drained just as with
  the in-memory queue modes. Persistent queues will be a feature of
  the next release.
- performance-optimized string class, should bring an overall improvement
- fixed a memory leak in imudp -- thanks to varmojfekoj for the patch
- fixed a race condition that could lead to a rsyslogd hang when during
  HUP or termination
- done some doc updates
- added $WorkDirectory config directive
- added $MainMsgQueueFileName config directive
- added $MainMsgQueueMaxFileSize config directive
---------------------------------------------------------------------------
Version 3.10.0 (rgerhards), 2008-01-07
- implemented input module interface and initial input modules
- enhanced threading for input modules (each on its own thread now)
- ability to bind UDP listeners to specific local interfaces/ports and
  ability to run multiple of them concurrently
- added ability to specify listen IP address for UDP syslog server
- license changed to GPLv3
- mark messages are now provided by loadble module immark
- rklogd is no longer provided. Its functionality has now been taken over
  by imklog, a loadable input module. This offers a much better integration
  into rsyslogd and makes sure that the kernel logger process is brought
  up and down at the appropriate times
- enhanced $IncludeConfig directive to support wildcard characters
  (thanks to Michael Biebl)
- all inputs are now implemented as loadable plugins
- enhanced threading model: each input module now runs on its own thread
- enhanced message queue which now supports different queueing methods
  (among others, this can be used for performance fine-tuning)
- added a large number of new configuration directives for the new
  input modules
- enhanced multi-threading utilizing a worker thread pool for the
  main message queue
- compilation without pthreads is no longer supported
- much cleaner code due to new objects and removal of single-threading
  mode
---------------------------------------------------------------------------
Version 2.0.1 STABLE (rgerhards), 2008-01-24
- fixed a bug in integer conversion - but this function was never called,
  so it is not really a useful bug fix ;)
- fixed a bug with standard template definitions (not a big deal) - thanks
  to varmojfekoj for spotting it
- fixed a bug that caused a potential hang in file and fwd output module
  varmojfekoj provided the patch - many thanks!
---------------------------------------------------------------------------
Version 2.0.0 STABLE (rgerhards), 2008-01-02
- re-release of 1.21.2 as STABLE with no modifications except some
  doc updates
---------------------------------------------------------------------------
Version 1.21.2 (rgerhards), 2007-12-28
- created a gss-api output module. This keeps GSS-API code and
  TCP/UDP code separated. It is also important for forward-
  compatibility with v3. Please note that this change breaks compatibility
  with config files created for 1.21.0 and 1.21.1 - this was considered
  acceptable.
- fixed an error in forwarding retry code (could lead to message corruption
  but surfaced very seldom)
- increased portability for older platforms (AI_NUMERICSERV moved)
- removed socket leak in omfwd.c
- cross-platform patch for GSS-API compile problem on some platforms
  thanks to darix for the patch!
---------------------------------------------------------------------------
Version 1.21.1 (rgerhards), 2007-12-23
- small doc fix for $IncludeConfig
- fixed a bug in llDestroy()
- bugfix: fixing memory leak when message queue is full and during
  parsing. Thanks to varmojfekoj for the patch.
- bugfix: when compiled without network support, unix sockets were
  not properply closed
- bugfix: memory leak in cfsysline.c/doGetWord() fixed
---------------------------------------------------------------------------
Version 1.21.0 (rgerhards), 2007-12-19
- GSS-API support for syslog/TCP connections was added. Thanks to
  varmojfekoj for providing the patch with this functionality
- code cleanup
- enhanced $IncludeConfig directive to support wildcard filenames
- changed some multithreading synchronization
---------------------------------------------------------------------------
Version 1.20.1 (rgerhards), 2007-12-12
- corrected a debug setting that survived release. Caused TCP connections
  to be retried unnecessarily often.
- When a hostname ACL was provided and DNS resolution for that name failed,
  ACL processing was stopped at that point. Thanks to mildew for the patch.
  Fedora Bugzilla: http://bugzilla.redhat.com/show_bug.cgi?id=395911
- fixed a potential race condition, see link for details:
  http://rgerhards.blogspot.com/2007/12/rsyslog-race-condition.html
  Note that the probability of problems from this bug was very remote
- fixed a memory leak that happend when PostgreSQL date formats were
  used
---------------------------------------------------------------------------
Version 1.20.0 (rgerhards), 2007-12-07
- an output module for postgres databases has been added. Thanks to
  sur5r for contributing this code
- unloading dynamic modules has been cleaned up, we now have a
  real implementation and not just a dummy "good enough for the time
  being".
- enhanced platform independence - thanks to Bartosz Kuzma and Michael
  Biebl for their very useful contributions
- some general code cleanup (including warnings on 64 platforms, only)
---------------------------------------------------------------------------
Version 1.19.12 (rgerhards), 2007-12-03
- cleaned up the build system (thanks to Michael Biebl for the patch)
- fixed a bug where ommysql was still not compiled with -pthread option
---------------------------------------------------------------------------
Version 1.19.11 (rgerhards), 2007-11-29
- applied -pthread option to build when building for multi-threading mode
  hopefully solves an issue with segfaulting
---------------------------------------------------------------------------
Version 1.19.10 (rgerhards), 2007-10-19
- introdcued the new ":modulename:" syntax for calling module actions
  in selector lines; modified ommysql to support it. This is primarily
  an aid for further modules and a prequisite to actually allow third
  party modules to be created.
- minor fix in slackware startup script, "-r 0" is now "-r0"
- updated rsyslogd doc set man page; now in html format
- undid creation of a separate thread for the main loop -- this did not
  turn out to be needed or useful, so reduce complexity once again.
- added doc fixes provided by Michael Biebl - thanks
---------------------------------------------------------------------------
Version 1.19.9 (rgerhards), 2007-10-12
- now packaging system which again contains all components in a single
  tarball
- modularized main() a bit more, resulting in less complex code
- experimentally added an additional thread - will see if that affects
  the segfault bug we experience on some platforms. Note that this change
  is scheduled to be removed again later.
---------------------------------------------------------------------------
Version 1.19.8 (rgerhards), 2007-09-27
- improved repeated message processing
- applied patch provided by varmojfekoj to support building ommysql
  in its own way (now also resides in a plugin subdirectory);
  ommysql is now a separate package
- fixed a bug in cvthname() that lead to message loss if part
  of the source hostname would have been dropped
- created some support for distributing ommysql together with the
  main rsyslog package. I need to re-think it in the future, but
  for the time being the current mode is best. I now simply include
  one additional tarball for ommysql inside the main distribution.
  I look forward to user feedback on how this should be done best. In the
  long term, a separate project should be spawend for ommysql, but I'd
  like to do that only after the plugin interface is fully stable (what
  it is not yet).
---------------------------------------------------------------------------
Version 1.19.7 (rgerhards), 2007-09-25
- added code to handle situations where senders send us messages ending with
  a NUL character. It is now simply removed. This also caused trailing LF
  reduction to fail, when it was followed by such a NUL. This is now also
  handled.
- replaced some non-thread-safe function calls by their thread-safe
  counterparts
- fixed a minor memory leak that occured when the %APPNAME% property was
  used (I think nobody used that in practice)
- fixed a bug that caused signal handlers in cvthname() not to be restored when
  a malicious pointer record was detected and processing of the message been
  stopped for that reason (this should be really rare and can not be related
  to the segfault bug we are hunting).
- fixed a bug in cvthname that lead to passing a wrong parameter - in
  practice, this had no impact.
- general code cleanup (e.g. compiler warnings, comments)
---------------------------------------------------------------------------
Version 1.19.6 (rgerhards), 2007-09-11
- applied patch by varmojfekoj to change signal handling to the new
  sigaction API set (replacing the depreciated signal() calls and its
  friends.
- fixed a bug that in --enable-debug mode caused an assertion when the
  discard action was used
- cleaned up compiler warnings
- applied patch by varmojfekoj to FIX a bug that could cause 
  segfaults if empty properties were processed using modifying
  options (e.g. space-cc, drop-cc)
- fixed man bug: rsyslogd supports -l option
---------------------------------------------------------------------------
Version 1.19.5 (rgerhards), 2007-09-07
- changed part of the CStr interface so that better error tracking
  is provided and the calling sequence is more intuitive (there were
  invalid calls based on a too-weired interface)
- (hopefully) fixed some remaining bugs rooted in wrong use of 
  the CStr class. These could lead to program abort.
- applied patch by varmojfekoj two fix two potential segfault situations
- added $ModDir config directive
- modified $ModLoad so that an absolute path may be specified as
  module name (e.g. /rsyslog/ommysql.so)
---------------------------------------------------------------------------
Version 1.19.4 (rgerhards/varmojfekoj), 2007-09-04
- fixed a number of small memory leaks - thanks varmojfekoj for patching
- fixed an issue with CString class that could lead to rsyslog abort
  in tplToString() - thanks varmojfekoj for patching
- added a man-version of the config file documenation - thanks to Michel
  Samia for providing the man file
- fixed bug: a template like this causes an infinite loop:
  $template opts,"%programname:::a,b%"
  thanks varmojfekoj for the patch
- fixed bug: case changing options crash freeing the string pointer
  because they modify it: $template opts2,"%programname::1:lowercase%"
  thanks varmojfekoj for the patch
---------------------------------------------------------------------------
Version 1.19.3 (mmeckelein/varmojfekoj), 2007-08-31
- small mem leak fixed (after calling parseSelectorAct) - Thx varmojkekoj
- documentation section "Regular File" und "Blocks" updated
- solved an issue with dynamic file generation - Once again many thanks
  to varmojfekoj
- the negative selector for program name filter (Blocks) does not work as
  expected - Thanks varmojfekoj for patching
- added forwarding information to sysklogd (requires special template)
  to config doc
---------------------------------------------------------------------------
Version 1.19.2 (mmeckelein/varmojfekoj), 2007-08-28
- a specifically formed message caused a segfault - Many thanks varmojfekoj
  for providing a patch
- a typo and a weird condition are fixed in msg.c - Thanks again
  varmojfekoj 
- on file creation the file was always owned by root:root. This is fixed
  now - Thanks ypsa for solving this issue
---------------------------------------------------------------------------
Version 1.19.1 (mmeckelein), 2007-08-22
- a bug that caused a high load when a TCP/UDP connection was closed is 
  fixed now - Thanks mildew for solving this issue
- fixed a bug which caused a segfault on reinit - Thx varmojfekoj for the
  patch
- changed the hardcoded module path "/lib/rsyslog" to $(pkglibdir) in order
  to avoid trouble e.g. on 64 bit platforms (/lib64) - many thanks Peter
  Vrabec and darix, both provided a patch for solving this issue
- enhanced the unloading of modules - thanks again varmojfekoj
- applied a patch from varmojfekoj which fixes various little things in
  MySQL output module
---------------------------------------------------------------------------
Version 1.19.0 (varmojfekoj/rgerhards), 2007-08-16
- integrated patch from varmojfekoj to make the mysql module a loadable one
  many thanks for the patch, MUCH appreciated
---------------------------------------------------------------------------
Version 1.18.2 (rgerhards), 2007-08-13
- fixed a bug in outchannel code that caused templates to be incorrectly
  parsed
- fixed a bug in ommysql that caused a wrong ";template" missing message
- added some code for unloading modules; not yet fully complete (and we do
  not yet have loadable modules, so this is no problem)
- removed debian subdirectory by request of a debian packager (this is a special
  subdir for debian and there is also no point in maintaining it when there
  is a debian package available - so I gladly did this) in some cases
- improved overall doc quality (some pages were quite old) and linked to
  more of the online resources.
- improved /contrib/delete_mysql script by adding a host option and some
  other minor modifications
---------------------------------------------------------------------------
Version 1.18.1 (rgerhards), 2007-08-08
- applied a patch from varmojfekoj which solved a potential segfault
  of rsyslogd on HUP
- applied patch from Michel Samia to fix compilation when the pthreads
  feature is disabled
- some code cleanup (moved action object to its own file set)
- add config directive $MainMsgQueueSize, which now allows to configure the
  queue size dynamically
- all compile-time settings are now shown in rsyslogd -v, not just the
  active ones
- enhanced performance a little bit more
- added config file directive $ActionResumeInterval
- fixed a bug that prevented compilation under debian sid
- added a contrib directory for user-contributed useful things
---------------------------------------------------------------------------
Version 1.18.0 (rgerhards), 2007-08-03
- rsyslog now supports fallback actions when an action did not work. This
  is a great feature e.g. for backup database servers or backup syslog
  servers
- modified rklogd to only change the console log level if -c is specified
- added feature to use multiple actions inside a single selector
- implemented $ActionExecOnlyWhenPreviousIsSuspended config directive
- error messages during startup are now spit out to the configured log
  destinations
---------------------------------------------------------------------------
Version 1.17.6 (rgerhards), 2007-08-01
- continued to work on output module modularization - basic stage of
  this work is now FINISHED
- fixed bug in OMSRcreate() - always returned SR_RET_OK
- fixed a bug that caused ommysql to always complain about missing
  templates
- fixed a mem leak in OMSRdestruct - freeing the object itself was
  forgotten - thanks to varmojfekoj for the patch
- fixed a memory leak in syslogd/init() that happend when the config
  file could not be read - thanks to varmojfekoj for the patch
- fixed insufficient memory allocation in addAction() and its helpers.
  The initial fix and idea was developed by mildew, I fine-tuned
  it a bit. Thanks a lot for the fix, I'd probably had pulled out my
  hair to find the bug...
- added output of config file line number when a parsing error occured
- fixed bug in objomsr.c that caused program to abort in debug mode with
  an invalid assertion (in some cases)
- fixed a typo that caused the default template for MySQL to be wrong.
  thanks to mildew for catching this.
- added configuration file command $DebugPrintModuleList and
  $DebugPrintCfSysLineHandlerList
- fixed an invalid value for the MARK timer - unfortunately, there was
  a testing aid left in place. This resulted in quite frequent MARK messages
- added $IncludeConfig config directive
- applied a patch from mildew to prevent rsyslogd from freezing under heavy
  load. This could happen when the queue was full. Now, we drop messages
  but rsyslogd remains active.
---------------------------------------------------------------------------
Version 1.17.5 (rgerhards), 2007-07-30
- continued to work on output module modularization
- fixed a missing file bug - thanks to Andrea Montanari for reporting
  this problem
- fixed a problem with shutting down the worker thread and freeing the
  selector_t list - this caused messages to be lost, because the
  message queue was not properly drained before the selectors got
  destroyed.
---------------------------------------------------------------------------
Version 1.17.4 (rgerhards), 2007-07-27
- continued to work on output module modularization
- fixed a situation where rsyslogd could create zombie processes
  thanks to mildew for the patch
- applied patch from Michel Samia to fix compilation when NOT
  compiled for pthreads
---------------------------------------------------------------------------
Version 1.17.3 (rgerhards), 2007-07-25
- continued working on output module modularization
- fixed a bug that caused rsyslogd to segfault on exit (and
  probably also on HUP), when there was an unsent message in a selector
  that required forwarding and the dns lookup failed for that selector
  (yes, it was pretty unlikely to happen;))
  thanks to varmojfekoj <varmojfekoj@gmail.com> for the patch
- fixed a memory leak in config file parsing and die()
  thanks to varmojfekoj <varmojfekoj@gmail.com> for the patch
- rsyslogd now checks on startup if it is capable to performa any work
  at all. If it cant, it complains and terminates
  thanks to Michel Samia for providing the patch!
- fixed a small memory leak when HUPing syslogd. The allowed sender
  list now gets freed. thanks to mildew for the patch.
- changed the way error messages in early startup are logged. They
  now do no longer use the syslogd code directly but are rather
  send to stderr.
---------------------------------------------------------------------------
Version 1.17.2 (rgerhards), 2007-07-23
- made the port part of the -r option optional. Needed for backward
  compatibility with sysklogd
- replaced system() calls with something more reasonable. Please note that
  this might break compatibility with some existing configuration files.
  We accept this in favour of the gained security.
- removed a memory leak that could occur if timegenerated was used in
  RFC 3164 format in templates
- did some preparation in msg.c for advanced multithreading - placed the
  hooks, but not yet any active code
- worked further on modularization
- added $ModLoad MySQL (dummy) config directive
- added DropTrailingLFOnReception config directive
---------------------------------------------------------------------------
Version 1.17.1 (rgerhards), 2007-07-20
- fixed a bug that caused make install to install rsyslogd and rklogd under
  the wrong names
- fixed bug that caused $AllowedSenders to handle IPv6 scopes incorrectly;
  also fixed but that could grabble $AllowedSender wildcards. Thanks to
  mildew@gmail.com for the patch
- minor code cleanup - thanks to Peter Vrabec for the patch
- fixed minimal memory leak on HUP (caused by templates)
  thanks to varmojfekoj <varmojfekoj@gmail.com> for the patch
- fixed another memory leak on HUPing and on exiting rsyslogd
  again thanks to varmojfekoj <varmojfekoj@gmail.com> for the patch
- code cleanup (removed compiler warnings)
- fixed portability bug in configure.ac - thanks to Bartosz Kuźma for patch
- moved msg object into its own file set
- added the capability to continue trying to write log files when the
  file system is full. Functionality based on patch by Martin Schulze
  to sysklogd package.
---------------------------------------------------------------------------
Version 1.17.0 (RGer), 2007-07-17
- added $RepeatedLineReduction config parameter
- added $EscapeControlCharactersOnReceive config parameter
- added $ControlCharacterEscapePrefix config parameter
- added $DirCreateMode config parameter
- added $CreateDirs config parameter
- added $DebugPrintTemplateList config parameter
- added $ResetConfigVariables config parameter
- added $FileOwner config parameter
- added $FileGroup config parameter
- added $DirOwner config parameter
- added $DirGroup config parameter
- added $FailOnChownFailure config parameter
- added regular expression support to the filter engine
  thanks to Michel Samia for providing the patch!
- enhanced $AllowedSender functionality. Credits to mildew@gmail.com for
  the patch doing that
  - added IPv6 support
  - allowed DNS hostnames
  - allowed DNS wildcard names
- added new option $DropMsgsWithMaliciousDnsPTRRecords
- added autoconf so that rfc3195d, rsyslogd and klogd are stored to /sbin
- added capability to auto-create directories with dynaFiles
---------------------------------------------------------------------------
Version 1.16.0 (RGer/Peter Vrabec), 2007-07-13 - The Friday, 13th Release ;)
- build system switched to autotools
- removed SYSV preprocessor macro use, replaced with autotools equivalents
- fixed a bug that caused rsyslogd to segfault when TCP listening was
  disabled and it terminated
- added new properties "syslogfacility-text" and "syslogseverity-text"
  thanks to varmojfekoj <varmojfekoj@gmail.com> for the patch
- added the -x option to disable hostname dns reslution
  thanks to varmojfekoj <varmojfekoj@gmail.com> for the patch
- begun to better modularize syslogd.c - this is an ongoing project; moved
  type definitions to a separate file
- removed some now-unused fields from struct filed
- move file size limit fields in struct field to the "right spot" (the file
  writing part of the union - f_un.f_file)
- subdirectories linux and solaris are no longer part of the distribution
  package. This is not because we cease support for them, but there are no
  longer any files in them after the move to autotools
---------------------------------------------------------------------------
Version 1.15.1 (RGer), 2007-07-10
- fixed a bug that caused a dynaFile selector to stall when there was
  an open error with one file 
- improved template processing for dynaFiles; templates are now only
  looked up during initialization - speeds up processing
- optimized memory layout in struct filed when compiled with MySQL
  support
- fixed a bug that caused compilation without SYSLOG_INET to fail
- re-enabled the "last message repeated n times" feature. This
  feature was not taken care of while rsyslogd evolved from sysklogd
  and it was more or less defunct. Now it is fully functional again.
- added system properties: $NOW, $YEAR, $MONTH, $DAY, $HOUR, $MINUTE
- fixed a bug in iovAsString() that caused a memory leak under stress
  conditions (most probably memory shortage). This was unlikely to
  ever happen, but it doesn't hurt doing it right
- cosmetic: defined type "uchar", change all unsigned chars to uchar
---------------------------------------------------------------------------
Version 1.15.0 (RGer), 2007-07-05
- added ability to dynamically generate file names based on templates
  and thus properties. This was a much-requested feature. It makes
  life easy when it e.g. comes to splitting files based on the sender
  address.
- added $umask and $FileCreateMode config file directives
- applied a patch from Bartosz Kuzma to compile cleanly under NetBSD
- checks for extra (unexpected) characters in system config file lines
  have been added
- added IPv6 documentation - was accidently missing from CVS
- begun to change char to unsigned char
---------------------------------------------------------------------------
Version 1.14.2 (RGer), 2007-07-03
** this release fixes all known nits with IPv6 **
- restored capability to do /etc/service lookup for "syslog"
  service when -r 0 was given
- documented IPv6 handling of syslog messages
- integrate patch from Bartosz Kuźma to make rsyslog compile under
  Solaris again (the patch replaced a strndup() call, which is not
  available under Solaris
- improved debug logging when waiting on select
- updated rsyslogd man page with new options (-46A)
---------------------------------------------------------------------------
Version 1.14.1 (RGer/Peter Vrabec), 2007-06-29
- added Peter Vrabec's patch for IPv6 TCP
- prefixed all messages send to stderr in rsyslogd with "rsyslogd: "
---------------------------------------------------------------------------
Version 1.14.0 (RGer/Peter Vrabec), 2007-06-28
- Peter Vrabec provided IPv6 for rsyslog, so we are now IPv6 enabled
  IPv6 Support is currently for UDP only, TCP is to come soon.
  AllowedSender configuration does not yet work for IPv6.
- fixed code in iovCreate() that broke C's strict aliasing rules 
- fixed some char/unsigned char differences that forced the compiler
  to spit out warning messages
- updated the Red Hat init script to fix a known issue (thanks to
  Peter Vrabec)
---------------------------------------------------------------------------
Version 1.13.5 (RGer), 2007-06-22
- made the TCP session limit configurable via command line switch
  now -t <port>,<max sessions>
- added man page for rklogd(8) (basically a copy from klogd, but now
  there is one...)
- fixed a bug that caused internal messages (e.g. rsyslogd startup) to
  appear without a tag.
- removed a minor memory leak that occurred when TAG processing requalified
  a HOSTNAME to be a TAG (and a TAG already was set).
- removed potential small memory leaks in MsgSet***() functions. There
  would be a leak if a property was re-set, something that happened
  extremely seldom.
---------------------------------------------------------------------------
Version 1.13.4 (RGer), 2007-06-18
- added a new property "PRI-text", which holds the PRI field in
  textual form (e.g. "syslog.info")
- added alias "syslogseverity" for "syslogpriority", which is a
  misleading property name that needs to stay for historical
  reasons (and backward-compatility)
- added doc on how to record PRI value in log file
- enhanced signal handling in klogd, including removal of an unsafe
  call to the logging system during signal handling
---------------------------------------------------------------------------
Version 1.13.3 (RGer), 2007-06-15
- create a version of syslog.c from scratch. This is now
  - highly optimized for rsyslog
  - removes an incompatible license problem as the original
    version had a BSD license with advertising clause
  - fixed in the regard that rklogd will continue to work when
    rsysogd has been restarted (the original version, as well
    as sysklogd, will remain silent then)
  - solved an issue with an extra NUL char at message end that the
    original version had
- applied some changes to klogd to care for the new interface
- fixed a bug in syslogd.c which prevented compiling under debian
---------------------------------------------------------------------------
Version 1.13.2 (RGer), 2007-06-13
- lib order in makefile patched to facilitate static linking - thanks
  to Bennett Todd for providing the patch
- Integrated a patch from Peter Vrabec (pvrabec@redheat.com):
  - added klogd under the name of rklogd (remove dependency on
    original sysklogd package
  - createDB.sql now in UTF
  - added additional config files for use on Red Hat
---------------------------------------------------------------------------
Version 1.13.1 (RGer), 2007-02-05
- changed the listen backlog limit to a more reasonable value based on
  the maximum number of TCP connections configurd (10% + 5) - thanks to Guy
  Standen for the hint (actually, the limit was 5 and that was a 
  left-over from early testing).
- fixed a bug in makefile which caused DB-support to be disabled when
  NETZIP support was enabled
- added the -e option to allow transmission of every message to remote
  hosts (effectively turns off duplicate message suppression)
- (somewhat) improved memory consumption when compiled with MySQL support
- looks like we fixed an incompatibility with MySQL 5.x and above software
  At least in one case, the remote server name was destroyed, leading to 
  a connection failure. The new, improved code does not have this issue and
  so we see this as solved (the new code is generally somewhat better, so
  there is a good chance we fixed this incompatibility).
---------------------------------------------------------------------------
Version 1.13.0 (RGer), 2006-12-19
- added '$' as ToPos proptery replacer specifier - means "up to the
  end of the string"
- property replacer option "escape-cc", "drop-cc" and "space-cc"  added
- changed the handling of \0 characters inside syslog messages. We now
  consistently escape them to "#000". This is somewhat recommended in
  the draft-ietf-syslog-protocol-19 draft. While the real recomendation
  is to not escape any characters at all, we can not do this without
  considerable modification of the code. So we escape it to "#000", which
  is consistent with a sample found in the Internet-draft.
- removed message glue logic (see printchopped() comment for details)
  Also caused removal of parts table and thus some improvements in
  memory usage.
- changed the default MAXLINE to 2048 to take care of recent syslog
  standardization efforts (can easily be changed in syslogd.c)
- added support for byte-counted TCP syslog messages (much like
  syslog-transport-tls-05 Internet Draft). This was necessary to
  support compression over TCP.
- added support for receiving compressed syslog messages
- added support for sending compressed syslog messages
- fixed a bug where the last message in a syslog/tcp stream was
  lost if it was not properly terminated by a LF character
---------------------------------------------------------------------------
Version 1.12.3 (RGer), 2006-10-04
- implemented some changes to support Solaris (but support is not
  yet complete)
- commented out (via #if 0) some methods that are currently not being use
  but should be kept for further us
- added (interim) -u 1 option to turn off hostname and tag parsing
- done some modifications to better support Fedora
- made the field delimiter inside property replace configurable via
  template
- fixed a bug in property replacer: if fields were used, the delimitor
  became part of the field. Up until now, this was barely noticable as 
  the delimiter as TAB only and thus invisible to a human. With other
  delimiters available now, it quickly showed up. This bug fix might cause
  some grief to existing installations if they used the extra TAB for
  whatever reasons - sorry folks... Anyhow, a solution is easy: just add
  a TAB character contstant into your template. Thus, there has no attempt
  been made to do this in a backwards-compatible way.
---------------------------------------------------------------------------
Version 1.12.2 (RGer), 2006-02-15
- fixed a bug in the RFC 3339 date formatter. An extra space was added
  after the actual timestamp
- added support for providing high-precision RFC3339 timestamps for
  (rsyslogd-)internally-generated messages
- very (!) experimental support for syslog-protocol internet draft
  added (the draft is experimental, the code is solid ;))
- added support for field-extracting in the property replacer
- enhanced the legacy-syslog parser so that it can interpret messages
  that do not contain a TIMESTAMP
- fixed a bug that caused the default socket (usually /dev/log) to be
  opened even when -o command line option was given
- fixed a bug in the Debian sample startup script - it caused rsyslogd
  to listen to remote requests, which it shouldn't by default
---------------------------------------------------------------------------
Version 1.12.1 (RGer), 2005-11-23
- made multithreading work with BSD. Some signal-handling needed to be
  restructured. Also, there might be a slight delay of up to 10 seconds
  when huping and terminating rsyslogd under BSD
- fixed a bug where a NULL-pointer was passed to printf() in logmsg().
- fixed a bug during "make install" where rc3195d was not installed
  Thanks to Bennett Todd for spotting this.
- fixed a bug where rsyslogd dumped core when no TAG was found in the
  received message
- enhanced message parser so that it can deal with missing hostnames
  in many cases (may not be totally fail-safe)
- fixed a bug where internally-generated messages did not have the correct
  TAG
---------------------------------------------------------------------------
Version 1.12.0 (RGer), 2005-10-26
- moved to a multi-threaded design. single-threading is still optionally
  available. Multi-threading is experimental!
- fixed a potential race condition. In the original code, marking was done
  by an alarm handler, which could lead to all sorts of bad things. This
  has been changed now. See comments in syslogd.c/domark() for details.
- improved debug output for property-based filters
- not a code change, but: I have checked all exit()s to make sure that
  none occurs once rsyslogd has started up. Even in unusual conditions
  (like low-memory conditions) rsyslogd somehow remains active. Of course,
  it might loose a message or two, but at least it does not abort and it
  can also recover when the condition no longer persists.
- fixed a bug that could cause loss of the last message received
  immediately before rsyslogd was terminated.
- added comments on thread-safety of global variables in syslogd.c
- fixed a small bug: spurios printf() when TCP syslog was used
- fixed a bug that causes rsyslogd to dump core on termination when one
  of the selector lines did not receive a message during the run (very
  unlikely)
- fixed an one-too-low memory allocation in the TCP sender. Could result
  in rsyslogd dumping core.
- fixed a bug with regular expression support (thanks to Andres Riancho)
- a little bit of code restructuring (especially main(), which was
  horribly large)
---------------------------------------------------------------------------
Version 1.11.1 (RGer), 2005-10-19
- support for BSD-style program name and host blocks
- added a new property "programname" that can be used in templates
- added ability to specify listen port for rfc3195d
- fixed a bug that rendered the "startswith" comparison operation
  unusable.
- changed more functions to "static" storage class to help compiler
  optimize (should have been static in the first place...)
- fixed a potential memory leak in the string buffer class destructor.
  As the destructur was previously never called, the leak did not actually
  appear.
- some internal restructuring in anticipation/preparation of minimal
  multi-threading support
- rsyslogd still shares some code with the sysklogd project. Some patches
  for this shared code have been brought over from the sysklogd CVS.
---------------------------------------------------------------------------
Version 1.11.0 (RGer), 2005-10-12
- support for receiving messages via RFC 3195; added rfc3195d for that
  purpose
- added an additional guard to prevent rsyslogd from aborting when the
  2gb file size limit is hit. While a user can configure rsyslogd to
  handle such situations, it would abort if that was not done AND large
  file support was not enabled (ok, this is hopefully an unlikely scenario)
- fixed a bug that caused additional Unix domain sockets to be incorrectly
  processed - could lead to message loss in extreme cases
---------------------------------------------------------------------------
Version 1.10.2 (RGer), 2005-09-27
- added comparison operations in property-based filters:
  * isequal
  * startswith
- added ability to negate all property-based filter comparison operations
  by adding a !-sign right in front of the operation name
- added the ability to specify remote senders for UDP and TCP
  received messages. Allows to block all but well-known hosts
- changed the $-config line directives to be case-INsensitive
- new command line option -w added: "do not display warnings if messages
  from disallowed senders are received"
- fixed a bug that caused rsyslogd to dump core when the compare value
  was not quoted in property-based filters
- fixed a bug in the new CStr compare function which lead to invalid
  results (fortunately, this function was not yet used widely)
- added better support for "debugging" rsyslog.conf property filters
  (only if -d switch is given)
- changed some function definitions to static, which eventually enables
  some compiler optimizations
- fixed a bug in MySQL code; when a SQL error occured, rsyslogd could
  run in a tight loop. This was due to invalid sequence of error reporting
  and is now fixed.
---------------------------------------------------------------------------
Version 1.10.1 (RGer), 2005-09-23
- added the ability to execute a shell script as an action.
  Thanks to Bjoern Kalkbrenner for providing the code!
- fixed a bug in the MySQL code; due to the bug the automatic one-time
  retry after an error did not happen - this lead to error message in
  cases where none should be seen (e.g. after a MySQL restart)
- fixed a security issue with SQL-escaping in conjunction with
  non-(SQL-)standard MySQL features.
---------------------------------------------------------------------------
Version 1.10.0 (RGer), 2005-09-20
  REMINDER: 1.10 is the first unstable version if the 1.x series!
- added the capability to filter on any property in selector lines
  (not just facility and priority)
- changed stringbuf into a new counted string class
- added support for a "discard" action. If a selector line with
  discard (~ character) is found, no selector lines *after* that
  line will be processed.
- thanks to Andres Riancho, regular expression support has been
  added to the template engine
- added the FROMHOST property in the template processor, which could
  previously not be obtained. Thanks to Cristian Testa for pointing
  this out and even providing a fix.
- added display of compile-time options to -v output
- performance improvement for production build - made some checks
  to happen only during debug mode
- fixed a problem with compiling on SUSE and - while doing so - removed
  the socket call to set SO_BSDCOMPAT in cases where it is obsolete.
---------------------------------------------------------------------------
Version 1.0.4 (RGer), 2006-02-01
- a small but important fix: the tcp receiver had two forgotten printf's
  in it that caused a lot of unnecessary output to stdout. This was
  important enough to justify a new release
---------------------------------------------------------------------------
Version 1.0.3 (RGer), 2005-11-14
- added an additional guard to prevent rsyslogd from aborting when the
  2gb file size limit is hit. While a user can configure rsyslogd to
  handle such situations, it would abort if that was not done AND large
  file support was not enabled (ok, this is hopefully an unlikely scenario)
- fixed a bug that caused additional Unix domain sockets to be incorrectly
  processed - could lead to message loss in extreme cases
- applied some patches available from the sysklogd project to code
  shared from there
- fixed a bug that causes rsyslogd to dump core on termination when one
  of the selector lines did not receive a message during the run (very
  unlikely)
- fixed an one-too-low memory allocation in the TCP sender. Could result
  in rsyslogd dumping core.
- fixed a bug in the TCP sender that caused the retry logic to fail
  after an error or receiver overrun
- fixed a bug in init() that could lead to dumping core
- fixed a bug that could lead to dumping core when no HOSTNAME or no TAG
  was present in the syslog message
---------------------------------------------------------------------------
Version 1.0.2 (RGer), 2005-10-05
- fixed an issue with MySQL error reporting. When an error occured,
  the MySQL driver went into an endless loop (at least in most cases).
---------------------------------------------------------------------------
Version 1.0.1 (RGer), 2005-09-23
- fixed a security issue with SQL-escaping in conjunction with
  non-(SQL-)standard MySQL features.
---------------------------------------------------------------------------
Version 1.0.0 (RGer), 2005-09-12
- changed install doc to cover daily cron scripts - a trouble source
- added rc script for slackware (provided by Chris Elvidge - thanks!) 
- fixed a really minor bug in usage() - the -r option was still
  reported as without the port parameter
---------------------------------------------------------------------------
Version 0.9.8 (RGer), 2005-09-05
- made startup and shutdown message more consistent and included the
  pid, so that they can be easier correlated. Used syslog-protocol
  structured data format for this purpose.
- improved config info in startup message, now tells not only
  if it is listening remote on udp, but also for tcp. Also includes
  the port numbers. The previous startup message was misleading, because
  it did not say "remote reception" if rsyslogd was only listening via
  tcp (but not via udp).
- added a "how can you help" document to the doc set
---------------------------------------------------------------------------
Version 0.9.7 (RGer), 2005-08-15
- some of the previous doc files (like INSTALL) did not properly
  reflect the changes to the build process and the new doc. Fixed
  that.
- changed syslogd.c so that when compiled without database support,
  an error message is displayed when a database action is detected
  in the config file (previously this was used as an user rule ;))
- fixed a bug in the os-specific Makefiles which caused MySQL
  support to not be compiled, even if selected
---------------------------------------------------------------------------
Version 0.9.6 (RGer), 2005-08-09
- greatly enhanced documentation. Now available in html format in
  the "doc" folder and FreeBSD. Finally includes an install howto.
- improved MySQL error messages a little - they now show up as log
  messages, too (formerly only in debug mode)
- added the ability to specify the listen port for udp syslog.
  WARNING: This introduces an incompatibility. Formerly, udp
  syslog was enabled by the -r command line option. Now, it is
  "-r [port]", which is consistent with the tcp listener. However,
  just -r will now return an error message.
- added sample startup scripts for Debian and FreeBSD
- added support for easy feature selection in the makefile. Un-
  fortunately, this also means I needed to spilt the make file
  for different OS and distros. There are some really bad syntax
  differences between FreeBSD and Linux make.
---------------------------------------------------------------------------
Version 0.9.5 (RGer), 2005-08-01
- the "semicolon bug" was actually not (fully) solved in 0.9.4. One
  part of the bug was solved, but another still existed. This one
  is fixed now, too.
- the "semicolon bug" actually turned out to be a more generic bug.
  It appeared whenever an invalid template name was given. With some
  selector actions, rsyslogd dumped core, with other it "just" had
  a small ressource leak with others all worked well. These anomalies
  are now fixed. Note that they only appeared during system initaliziation
  once the system was running, nothing bad happened.
- improved error reporting for template errors on startup. They are now
  shown on the console and the start-up tty. Formerly, they were only
  visible in debug mode.
- support for multiple instances of rsyslogd on a single machine added
- added new option "-o" --> omit local unix domain socket. This option
  enables rsyslogd NOT to listen to the local socket. This is most
  helpful when multiple instances of rsyslogd (or rsyslogd and another
  syslogd) shall run on a single system.
- added new option "-i <pidfile>" which allows to specify the pidfile.
  This is needed when multiple instances of rsyslogd are to be run.
- the new project home page is now online at www.rsyslog.com
---------------------------------------------------------------------------
Version 0.9.4 (RGer), 2005-07-25
- finally added the TCP sender. It now supports non-blocking mode, no
  longer disabling message reception during connect. As it is now, it
  is usable in production. The code could be more sophisticated, but
  I've kept it short in anticipation of the move to liblogging, which
  will lead to the removal of the code just written ;)
- the "exiting on signal..." message still had the "syslogd" name in 
  it. Changed this to "rsyslogd", as we do not have a large user base
  yet, this should pose no problem.
- fixed "the semiconlon" bug. rsyslogd dumped core if a write-db action
  was specified but no semicolon was given after the password (an empty
  template was ok, but the semicolon needed to be present).
- changed a default for traditional output format. During testing, it
  was seen that the timestamp written to file in default format was
  the time of message reception, not the time specified in the TIMESTAMP
  field of the message itself. Traditionally, the message TIMESTAMP is
  used and this has been changed now.
---------------------------------------------------------------------------
Version 0.9.3 (RGer), 2005-07-19
- fixed a bug in the message parser. In June, the RFC 3164 timestamp
  was not correctly parsed (yes, only in June and some other months,
  see the code comment to learn why...)
- added the ability to specify the destination port when forwarding
  syslog messages (both for TCP and UDP)
- added an very experimental TCP sender (activated by
  @@machine:port in config). This is not yet for production use. If
  the receiver is not alive, rsyslogd will wait quite some time until
  the connection request times out, which most probably leads to
  loss of incoming messages.

---------------------------------------------------------------------------
Version 0.9.2 (RGer), around 2005-07-06
- I intended to change the maxsupported message size to 32k to
  support IHE - but given the memory inefficiency in the usual use
  cases, I have not done this. I have, however, included very
  specific instructions on how to do this in the source code. I have
  also done some testing with 32k messages, so you can change the
  max size without taking too much risk.
- added a syslog/tcp receiver; we now can receive messages via
  plain tcp, but we can still send only via UDP. The syslog/tcp
  receiver is the primary enhancement of this release.
- slightly changed some error messages that contained a spurios \n at
  the end of the line (which gives empty lines in your log...)

---------------------------------------------------------------------------
Version 0.9.1 (RGer)
- fixed code so that it compiles without errors under FreeBSD
- removed now unused function "allocate_log()" from syslogd.c
- changed the make file so that it contains more defines for
  different environments (in the long term, we need a better
  system for disabling/enabling features...)
- changed some printf's printing off_t types to %lld and
  explicit (long long) casts. I tried to figure out the exact type,
  but did not succeed in this. In the worst case, ultra-large peta-
  byte files will now display funny informational messages on rollover,
  something I think we can live with for the next 10 years or so...

---------------------------------------------------------------------------
Version 0.9.0 (RGer)
- changed the filed structure to be a linked list. Previously, it
  was a table - well, for non-SYSV it was defined as linked list,
  but from what I see that code did no longer work after my
  modifications. I am now using a linked list in general because
  that is needed for other upcoming modifications.
- fixed a bug that caused rsyslogd not to listen to anything if
  the configuration file could not be read
- pervious versions disabled network logging (send/receive) if
  syslog/udp port was not in /etc/services. Now defaulting to
  port 514 in this case.
- internal error messages are now supported up to 256 bytes
- error message seen during config file read are now also displayed
  to the attached tty and not only the console
- changed some error messages during init to be sent to the console
  and/or emergency log. Previously, they were only seen if the
  -d (debug) option was present on the command line.
- fixed the "2gb file issue on 32bit systems". If a file grew to
  more than 2gb, the syslogd was aborted with "file size exceeded". 
  Now, defines have been added according to
  http://www.daimi.au.dk/~kasperd/comp.os.linux.development.faq.html#LARGEFILE
  Testing revealed that they work ;)
  HOWEVER, if your file system, glibc, kernel, whatever does not
  support files larger 2gb, you need to set a file size limit with
  the new output channel mechanism.
- updated man pages to reflect the changes

---------------------------------------------------------------------------
Version 0.8.4

- improved -d debug output (removed developer-only content)
- now compiles under FreeBSD and NetBSD (only quick testing done on NetBSD)
---------------------------------------------------------------------------
Version 0.8.3

- security model in "make install" changed
- minor doc updates
---------------------------------------------------------------------------
Version 0.8.2

- added man page for rsyslog.conf and rsyslogd
- gave up on the concept of rsyslog being a "drop in" replacement
  for syslogd. Now, the user installs rsyslogd and also needs to
  adjust his system settings to this specifically. This also lead
  to these changes:
  * changed Makefile so that install now installs rsyslogd instead
    of dealing with syslogd
  * changed the default config file name to rsyslog.conf
---------------------------------------------------------------------------
Version 0.8.1

- fixed a nasty memory leak (probably not the last one with this release)
- some enhancements to Makefile as suggested by Bennett Todd
- syslogd-internal messages (like restart) were missing the hostname
  this has been corrected
---------------------------------------------------------------------------
Version 0.8.0

Initial testing release. Based on the sysklogd package. Thanks to the
sysklogd maintainers for all their good work!
---------------------------------------------------------------------------

----------------------------------------------------------------------
The following comments were left in the syslogd source. While they provide
not too much detail, the help to date when Rainer started work on the
project (which was 2003, now even surprising for Rainer himself ;)).
 * \author Rainer Gerhards <rgerhards@adiscon.com>
 * \date 2003-10-17
 *       Some initial modifications on the sysklogd package to support
 *       liblogging. These have actually not yet been merged to the
 *       source you see currently (but they hopefully will)
 *
 * \date 2004-10-28
 *       Restarted the modifications of sysklogd. This time, we
 *       focus on a simpler approach first. The initial goal is to
 *       provide MySQL database support (so that syslogd can log
 *       to the database).
----------------------------------------------------------------------
The following comments are from the stock syslogd.c source. They provide
some insight into what happened to the source before we forked
rsyslogd. However, much of the code already has been replaced and more
is to be replaced. So over time, these comments become less valuable.
I have moved them out of the syslogd.c file to shrink it, especially
as a lot of them do no longer apply. For historical reasons and
understanding of how the daemon evolved, they are probably still
helpful.
 * Author: Eric Allman
 * extensive changes by Ralph Campbell
 * more extensive changes by Eric Allman (again)
 *
 * Steve Lord:	Fix UNIX domain socket code, added linux kernel logging
 *		change defines to
 *		SYSLOG_INET	- listen on a UDP socket
 *		SYSLOG_UNIXAF	- listen on unix domain socket
 *		SYSLOG_KERNEL	- listen to linux kernel
 *
 * Mon Feb 22 09:55:42 CST 1993:  Dr. Wettstein
 * 	Additional modifications to the source.  Changed priority scheme
 *	to increase the level of configurability.  In its stock configuration
 *	syslogd no longer logs all messages of a certain priority and above
 *	to a log file.  The * wildcard is supported to specify all priorities.
 *	Note that this is a departure from the BSD standard.
 *
 *	Syslogd will now listen to both the inetd and the unixd socket.  The
 *	strategy is to allow all local programs to direct their output to
 *	syslogd through the unixd socket while the program listens to the
 *	inetd socket to get messages forwarded from other hosts.
 *
 * Fri Mar 12 16:55:33 CST 1993:  Dr. Wettstein
 *	Thanks to Stephen Tweedie (dcs.ed.ac.uk!sct) for helpful bug-fixes
 *	and an enlightened commentary on the prioritization problem.
 *
 *	Changed the priority scheme so that the default behavior mimics the
 *	standard BSD.  In this scenario all messages of a specified priority
 *	and above are logged.
 *
 *	Add the ability to specify a wildcard (=) as the first character
 *	of the priority name.  Doing this specifies that ONLY messages with
 *	this level of priority are to be logged.  For example:
 *
 *		*.=debug			/usr/adm/debug
 *
 *	Would log only messages with a priority of debug to the /usr/adm/debug
 *	file.
 *
 *	Providing an * as the priority specifies that all messages are to be
 *	logged.  Note that this case is degenerate with specifying a priority
 *	level of debug.  The wildcard * was retained because I believe that
 *	this is more intuitive.
 *
 * Thu Jun 24 11:34:13 CDT 1993:  Dr. Wettstein
 *	Modified sources to incorporate changes in libc4.4.  Messages from
 *	syslog are now null-terminated, syslogd code now parses messages
 *	based on this termination scheme.  Linux as of libc4.4 supports the
 *	fsync system call.  Modified code to fsync after all writes to
 *	log files.
 *
 * Sat Dec 11 11:59:43 CST 1993:  Dr. Wettstein
 *	Extensive changes to the source code to allow compilation with no
 *	complaints with -Wall.
 *
 *	Reorganized the facility and priority name arrays so that they
 *	compatible with the syslog.h source found in /usr/include/syslog.h.
 *	NOTE that this should really be changed.  The reason I do not
 *	allow the use of the values defined in syslog.h is on account of
 *	the extensions made to allow the wildcard character in the
 *	priority field.  To fix this properly one should malloc an array,
 *	copy the contents of the array defined by syslog.h and then
 *	make whatever modifications that are desired.  Next round.
 *
 * Thu Jan  6 12:07:36 CST 1994:  Dr. Wettstein
 *	Added support for proper decomposition and re-assembly of
 *	fragment messages on UNIX domain sockets.  Lack of this capability
 *	was causing 'partial' messages to be output.  Since facility and
 *	priority information is encoded as a leader on the messages this
 *	was causing lines to be placed in erroneous files.
 *
 *	Also added a patch from Shane Alderton (shane@ion.apana.org.au) to
 *	correct a problem with syslogd dumping core when an attempt was made
 *	to write log messages to a logged-on user.  Thank you.
 *
 *	Many thanks to Juha Virtanen (jiivee@hut.fi) for a series of
 *	interchanges which lead to the fixing of problems with messages set
 *	to priorities of none and emerg.  Also thanks to Juha for a patch
 *	to exclude users with a class of LOGIN from receiving messages.
 *
 *	Shane Alderton provided an additional patch to fix zombies which
 *	were conceived when messages were written to multiple users.
 *
 * Mon Feb  6 09:57:10 CST 1995:  Dr. Wettstein
 *	Patch to properly reset the single priority message flag.  Thanks
 *	to Christopher Gori for spotting this bug and forwarding a patch.
 *
 * Wed Feb 22 15:38:31 CST 1995:  Dr. Wettstein
 *	Added version information to startup messages.
 *
 *	Added defines so that paths to important files are taken from
 *	the definitions in paths.h.  Hopefully this will insure that
 *	everything follows the FSSTND standards.  Thanks to Chris Metcalf
 *	for a set of patches to provide this functionality.  Also thanks
 *	Elias Levy for prompting me to get these into the sources.
 *
 * Wed Jul 26 18:57:23 MET DST 1995:  Martin Schulze
 *	Linux' gethostname only returns the hostname and not the fqdn as
 *	expected in the code. But if you call hostname with an fqdn then
 *	gethostname will return an fqdn, so we have to mention that. This
 *	has been changed.
 *
 *	The 'LocalDomain' and the hostname of a remote machine is
 *	converted to lower case, because the original caused some
 *	inconsistency, because the (at least my) nameserver did respond an
 *	fqdn containing of upper- _and_ lowercase letters while
 *	'LocalDomain' consisted only of lowercase letters and that didn't
 *	match.
 *
 * Sat Aug  5 18:59:15 MET DST 1995:  Martin Schulze
 *	Now no messages that were received from any remote host are sent
 *	out to another. At my domain this missing feature caused ugly
 *	syslog-loops, sometimes.
 *
 *	Remember that no message is sent out. I can't figure out any
 *	scenario where it might be useful to change this behavior and to
 *	send out messages to other hosts than the one from which we
 *	received the message, but I might be shortsighted. :-/
 *
 * Thu Aug 10 19:01:08 MET DST 1995:  Martin Schulze
 *	Added my pidfile.[ch] to it to perform a better handling with
 *	pidfiles. Now both, syslogd and klogd, can only be started
 *	once. They check the pidfile.
 *
 * Sun Aug 13 19:01:41 MET DST 1995:  Martin Schulze
 *	Add an addition to syslog.conf's interpretation. If a priority
 *	begins with an exclamation mark ('!') the normal interpretation
 *	of the priority is inverted: ".!*" is the same as ".none", ".!=info"
 *	don't logs the info priority, ".!crit" won't log any message with
 *	the priority crit or higher. For example:
 *
 *		mail.*;mail.!=info		/usr/adm/mail
 *
 *	Would log all messages of the facility mail except those with
 *	the priority info to /usr/adm/mail. This makes the syslogd
 *	much more flexible.
 *
 *	Defined TABLE_ALLPRI=255 and changed some occurrences.
 *
 * Sat Aug 19 21:40:13 MET DST 1995:  Martin Schulze
 *	Making the table of facilities and priorities while in debug
 *	mode more readable.
 *
 *	If debugging is turned on, printing the whole table of
 *	facilities and priorities every hexadecimal or 'X' entry is
 *	now 2 characters wide.
 *
 *	The number of the entry is prepended to each line of
 *	facilities and priorities, and F_UNUSED lines are not shown
 *	anymore.
 *
 *	Corrected some #ifdef SYSV's.
 *
 * Mon Aug 21 22:10:35 MET DST 1995:  Martin Schulze
 *	Corrected a strange behavior during parsing of configuration
 *	file. The original BSD syslogd doesn't understand spaces as
 *	separators between specifier and action. This syslogd now
 *	understands them. The old behavior caused some confusion over
 *	the Linux community.
 *
 * Thu Oct 19 00:02:07 MET 1995:  Martin Schulze
 *	The default behavior has changed for security reasons. The
 *	syslogd will not receive any remote message unless you turn
 *	reception on with the "-r" option.
 *
 *	Not defining SYSLOG_INET will result in not doing any network
 *	activity, i.e. not sending or receiving messages.  I changed
 *	this because the old idea is implemented with the "-r" option
 *	and the old thing didn't work anyway.
 *
 * Thu Oct 26 13:14:06 MET 1995:  Martin Schulze
 *	Added another logfile type F_FORW_UNKN.  The problem I ran into
 *	was a name server that runs on my machine and a forwarder of
 *	kern.crit to another host.  The hosts address can only be
 *	fetched using the nameserver.  But named is started after
 *	syslogd, so syslogd complained.
 *
 *	This logfile type will retry to get the address of the
 *	hostname ten times and then complain.  This should be enough to
 *	get the named up and running during boot sequence.
 *
 * Fri Oct 27 14:08:15 1995:  Dr. Wettstein
 *	Changed static array of logfiles to a dynamic array. This
 *	can grow during process.
 *
 * Fri Nov 10 23:08:18 1995:  Martin Schulze
 *	Inserted a new tabular sys_h_errlist that contains plain text
 *	for error codes that are returned from the net subsystem and
 *	stored in h_errno. I have also changed some wrong lookups to
 *	sys_errlist.
 *
 * Wed Nov 22 22:32:55 1995:  Martin Schulze
 *	Added the fabulous strip-domain feature that allows us to
 *	strip off (several) domain names from the fqdn and only log
 *	the simple hostname. This is useful if you're in a LAN that
 *	has a central log server and also different domains.
 *
 *	I have also also added the -l switch do define hosts as
 *	local. These will get logged with their simple hostname, too.
 *
 * Thu Nov 23 19:02:56 MET DST 1995:  Martin Schulze
 *	Added the possibility to omit fsyncing of logfiles after every
 *	write. This will give some performance back if you have
 *	programs that log in a very verbose manner (like innd or
 *	smartlist). Thanks to Stephen R. van den Berg <srb@cuci.nl>
 *	for the idea.
 *
 * Thu Jan 18 11:14:36 CST 1996:  Dr. Wettstein
 *	Added patche from beta-testers to stop compile error.  Also
 *	added removal of pid file as part of termination cleanup.
 *
 * Wed Feb 14 12:42:09 CST 1996:  Dr. Wettstein
 *	Allowed forwarding of messages received from remote hosts to
 *	be controlled by a command-line switch.  Specifying -h allows
 *	forwarding.  The default behavior is to disable forwarding of
 *	messages which were received from a remote host.
 *
 *	Parent process of syslogd does not exit until child process has
 *	finished initialization process.  This allows rc.* startup to
 *	pause until syslogd facility is up and operating.
 *
 *	Re-arranged the select code to move UNIX domain socket accepts
 *	to be processed later.  This was a contributed change which
 *	has been proposed to correct the delays sometimes encountered
 *	when syslogd starts up.
 *
 *	Minor code cleanups.
 *
 * Thu May  2 15:15:33 CDT 1996:  Dr. Wettstein
 *	Fixed bug in init function which resulted in file descripters
 *	being orphaned when syslogd process was re-initialized with SIGHUP
 *	signal.  Thanks to Edvard Tuinder
 *	(Edvard.Tuinder@praseodymium.cistron.nl) for putting me on the
 *	trail of this bug.  I am amazed that we didn't catch this one
 *	before now.
 *
 * Tue May 14 00:03:35 MET DST 1996:  Martin Schulze
 *	Corrected a mistake that causes the syslogd to stop logging at
 *	some virtual consoles under Linux. This was caused by checking
 *	the wrong error code. Thanks to Michael Nonweiler
 *	<mrn20@hermes.cam.ac.uk> for sending me a patch.
 *
 * Mon May 20 13:29:32 MET DST 1996:  Miquel van Smoorenburg <miquels@cistron.nl>
 *	Added continuation line supported and fixed a bug in
 *	the init() code.
 *
 * Tue May 28 00:58:45 MET DST 1996:  Martin Schulze
 *	Corrected behaviour of blocking pipes - i.e. the whole system
 *	hung.  Michael Nonweiler <mrn20@hermes.cam.ac.uk> has sent us
 *	a patch to correct this.  A new logfile type F_PIPE has been
 *	introduced.
 *
 * Mon Feb 3 10:12:15 MET DST 1997:  Martin Schulze
 *	Corrected behaviour of logfiles if the file can't be opened.
 *	There was a bug that causes syslogd to try to log into non
 *	existing files which ate cpu power.
 *
 * Sun Feb 9 03:22:12 MET DST 1997:  Martin Schulze
 *	Modified syslogd.c to not kill itself which confuses bash 2.0.
 *
 * Mon Feb 10 00:09:11 MET DST 1997:  Martin Schulze
 *	Improved debug code to decode the numeric facility/priority
 *	pair into textual information.
 *
 * Tue Jun 10 12:35:10 MET DST 1997:  Martin Schulze
 *	Corrected freeing of logfiles.  Thanks to Jos Vos <jos@xos.nl>
 *	for reporting the bug and sending an idea to fix the problem.
 *
 * Tue Jun 10 12:51:41 MET DST 1997:  Martin Schulze
 *	Removed sleep(10) from parent process.  This has caused a slow
 *	startup in former times - and I don't see any reason for this.
 *
 * Sun Jun 15 16:23:29 MET DST 1997: Michael Alan Dorman
 *	Some more glibc patches made by <mdorman@debian.org>.
 *
 * Thu Jan  1 16:04:52 CET 1998: Martin Schulze <joey@infodrom.north.de
 *	Applied patch from Herbert Thielen <Herbert.Thielen@lpr.e-technik.tu-muenchen.de>.
 *	This included some balance parentheses for emacs and a bug in
 *	the exclamation mark handling.
 *
 *	Fixed small bug which caused syslogd to write messages to the
 *	wrong logfile under some very rare conditions.  Thanks to
 *	Herbert Xu <herbert@gondor.apana.org.au> for fiddling this out.
 *
 * Thu Jan  8 22:46:35 CET 1998: Martin Schulze <joey@infodrom.north.de>
 *	Reworked one line of the above patch as it prevented syslogd
 *	from binding the socket with the result that no messages were
 *	forwarded to other hosts.
 *
 * Sat Jan 10 01:33:06 CET 1998: Martin Schulze <joey@infodrom.north.de>
 *	Fixed small bugs in F_FORW_UNKN meachanism.  Thanks to Torsten
 *	Neumann <torsten@londo.rhein-main.de> for pointing me to it.
 *
 * Mon Jan 12 19:50:58 CET 1998: Martin Schulze <joey@infodrom.north.de>
 *	Modified debug output concerning remote receiption.
 *
 * Mon Feb 23 23:32:35 CET 1998: Topi Miettinen <Topi.Miettinen@ml.tele.fi>
 *	Re-worked handling of Unix and UDP sockets to support closing /
 *	opening of them in order to have it open only if it is needed
 *	either for forwarding to a remote host or by receiption from
 *	the network.
 *
 * Wed Feb 25 10:54:09 CET 1998: Martin Schulze <joey@infodrom.north.de>
 *	Fixed little comparison mistake that prevented the MARK
 *	feature to work properly.
 *
 * Wed Feb 25 13:21:44 CET 1998: Martin Schulze <joey@infodrom.north.de>
 *	Corrected Topi's patch as it prevented forwarding during
 *	startup due to an unknown LogPort.
 *
 * Sat Oct 10 20:01:48 CEST 1998: Martin Schulze <joey@infodrom.north.de>
 *	Added support for TESTING define which will turn syslogd into
 *	stdio-mode used for debugging.
 *
 * Sun Oct 11 20:16:59 CEST 1998: Martin Schulze <joey@infodrom.north.de>
 *	Reworked the initialization/fork code.  Now the parent
 *	process activates a signal handler which the daughter process
 *	will raise if it is initialized.  Only after that one the
 *	parent process may exit.  Otherwise klogd might try to flush
 *	its log cache while syslogd can't receive the messages yet.
 *
 * Mon Oct 12 13:30:35 CEST 1998: Martin Schulze <joey@infodrom.north.de>
 *	Redirected some error output with regard to argument parsing to
 *	stderr.
 *
 * Mon Oct 12 14:02:51 CEST 1998: Martin Schulze <joey@infodrom.north.de>
 *	Applied patch provided vom Topi Miettinen with regard to the
 *	people from OpenBSD.  This provides the additional '-a'
 *	argument used for specifying additional UNIX domain sockets to
 *	listen to.  This is been used with chroot()'ed named's for
 *	example.  See for http://www.psionic.com/papers/dns.html
 *
 * Mon Oct 12 18:29:44 CEST 1998: Martin Schulze <joey@infodrom.north.de>
 *	Added `ftp' facility which was introduced in glibc version 2.
 *	It's #ifdef'ed so won't harm with older libraries.
 *
 * Mon Oct 12 19:59:21 MET DST 1998: Martin Schulze <joey@infodrom.north.de>
 *	Code cleanups with regard to bsd -> posix transition and
 *	stronger security (buffer length checking).  Thanks to Topi
 *	Miettinen <tom@medialab.sonera.net>
 *	. index() --> strchr()
 *	. sprintf() --> snprintf()
 *	. bcopy() --> memcpy()
 *	. bzero() --> memset()
 *	. UNAMESZ --> UT_NAMESIZE
 *	. sys_errlist --> strerror()
 *
 * Mon Oct 12 20:22:59 CEST 1998: Martin Schulze <joey@infodrom.north.de>
 *	Added support for setutent()/getutent()/endutend() instead of
 *	binary reading the UTMP file.  This is the the most portable
 *	way.  This allows /var/run/utmp format to change, even to a
 *	real database or utmp daemon. Also if utmp file locking is
 *	implemented in libc, syslog will use it immediately.  Thanks
 *	to Topi Miettinen <tom@medialab.sonera.net>.
 *
 * Mon Oct 12 20:49:18 MET DST 1998: Martin Schulze <joey@infodrom.north.de>
 *	Avoid logging of SIGCHLD when syslogd is in the process of
 *	exiting and closing its files.  Again thanks to Topi.
 *
 * Mon Oct 12 22:18:34 CEST 1998: Martin Schulze <joey@infodrom.north.de>
 *	Modified printline() to support 8bit characters - such as
 *	russion letters.  Thanks to Vladas Lapinskas <lapinskas@mail.iae.lt>.
 *
 * Sat Nov 14 02:29:37 CET 1998: Martin Schulze <joey@infodrom.north.de>
 *	``-m 0'' now turns of MARK logging entirely.
 *
 * Tue Jan 19 01:04:18 MET 1999: Martin Schulze <joey@infodrom.north.de>
 *	Finally fixed an error with `-a' processing, thanks to Topi
 *	Miettinen <tom@medialab.sonera.net>.
 *
 * Sun May 23 10:08:53 CEST 1999: Martin Schulze <joey@infodrom.north.de>
 *	Removed superflous call to utmpname().  The path to the utmp
 *	file is defined in the used libc and should not be hardcoded
 *	into the syslogd binary referring the system it was compiled on.
 *
 * Sun Sep 17 20:45:33 CEST 2000: Martin Schulze <joey@infodrom.ffis.de>
 *	Fixed some bugs in printline() code that did not escape
 *	control characters '\177' through '\237' and contained a
 *	single-byte buffer overflow.  Thanks to Solar Designer
 *	<solar@false.com>.
 *
 * Sun Sep 17 21:26:16 CEST 2000: Martin Schulze <joey@infodrom.ffis.de>
 *	Don't close open sockets upon reload.  Thanks to Bill
 *	Nottingham.
 *
 * Mon Sep 18 09:10:47 CEST 2000: Martin Schulze <joey@infodrom.ffis.de>
 *	Fixed bug in printchopped() that caused syslogd to emit
 *	kern.emerg messages when splitting long lines.  Thanks to
 *	Daniel Jacobowitz <dan@debian.org> for the fix.
 *
 * Mon Sep 18 15:33:26 CEST 2000: Martin Schulze <joey@infodrom.ffis.de>
 *	Removed unixm/unix domain sockets and switch to Datagram Unix
 *	Sockets.  This should remove one possibility to play DoS with
 *	syslogd.  Thanks to Olaf Kirch <okir@caldera.de> for the patch.
 *
 * Sun Mar 11 20:23:44 CET 2001: Martin Schulze <joey@infodrom.ffis.de>
 *	Don't return a closed fd if `-a' is called with a wrong path.
 *	Thanks to Bill Nottingham <notting@redhat.com> for providing
 *	a patch.