[rsyslog] rsyslog 3.19.0 released - world's first syslog-transport-tls implementation

Rainer Gerhards rgerhards at hq.adiscon.com
Tue May 6 12:09:44 CEST 2008

Hi all,

I am very pleased to announce rsyslog 3.19.0. 

It is the first release that natively supports TLS for plain TCP syslog.
Actually, it is the world's first implementation of the upcoming
syslog-transport-tls IETF standard. As this standard is not yet
finished, the implementation is obviously experimental.

Native TLS is a big improvement over existing functionality. For
example, rsyslog can now be used without the help of stunnel, which
relieves us of some problems from those configurations. To the best of
my knowledge, rsyslog is the first open-source syslogd offering TLS
support natively.

The current TLS functionality is limited to the bare minimum. During the
next few weeks, I will improve it based on my own spec and feedback
(hopefully received). My hope is to have a production-grade
implementation by summer at latest. Please note rsyslog's premium and
ultra-reliable RELP protocol does not yet support TLS (but can be used
with stunnel without the real problems legacy tcp had with it). My plan
is to let TLS mature with legacy syslog and then move it to RELP. Thus I
can limit my development to one major use case, which I think will
facilitate things.

There is some documentation on how to use the new TLS mode:


Currently, TLS is provided via GnuTLS. As I outlined earlier on the
list, GnuTLS offered much more support to getting started (documentation
and sample-code wise). I will focus on GnuTLS until I am fully satisfied
with the TLS implementation). I'll then see that I can also integrate
NSS. Advise in this regard would be highly welcome, so if you have some
knowledge in this area, please contribute.

In order to support TLS (and multiple libraries!), a major rewrite of
the networking components has been done. Rsyslog now supports a
so-called "network streams" (netstreams) driver interface. This
interface enables app-level functionality (like the legacy tcp syslog
sender and receiver) to work with dynamically selectable netstream
drivers (like plain (unencrypted) TCP) and TLS). This interface will
enable rsyslog to utilize other TLS drivers (and even other protocols)
in the future. Different drivers can even be used concurrently.

Rsyslog now has been split into a runtime system and tools (with
currently rsyslogd being the only tool). This design will further
strengthen modularization and help make rsyslog functionality available
in small parts.

Finally, the RFC 3195 input has been rewritten in the form of an input
plugin. It can now be build as part of the normal build procedure.

Please note that there were a couple of major changes. I expect the
initial 3.19.0 to be quite Unstable. I recommend it for testing
environments, only. Even those parts that were not directly touched may
have become a bit destabilized due to the runtime split. So please use
it with care. Feedback, however, would be more than welcome, because I
need to start somewhere to stabilize this release. That can only be done
with your help. So please use it on test systems, try to break it and
file bug reports when it fails.





File your bug reports here ;) :


I hope this release is useful. Feedback is much appreciated.


More information about the rsyslog mailing list