Main Inclusion Report for rsyslog


  1. Availability:; available for all supported architectures

  2. Rationale:

  3. Security:

    • CVE entries: 3 total, none that apply to version currently in Ubuntu (4.2.0)

    • Secunia history: None

    • The main rsyslog daemon does run as root normally (and in Debian). Since our previous solution (sysklogd) ran as a user (after we modified it), it would be nice to make rsyslog do the same. There is a bug about it, wherein I backport support for running as a user and add support for reading from kmsg (this has been accepted into Ubuntu).

    • Network activity: Doesn't open ports or talk to remote machines by default, but it can be configured to send or receive syslog events over the network
    • Does it directly (not through a library) process binary (video, audio, etc) or structured (PDF, etc) data? No. It has some plugins to write to mysql or pgsql, but it does so through libraries.
    • Any source code review performed ? Not by me, mterry
    • Upstream security advice

    • Upstream security advisories

  4. Quality assurance:

    • In what situations does the package not work out of the box without configuration ? None that I know of
    • Does the package ask any debconf questions higher than priority 'medium' ? No
    • Debian bugs: None seem particularly relevant, or likely to be showstoppers

    • Maintenance in Debian: I'd call it 'vigorous'. About one upstream point release a month, a couple packaging changes a month.

    • Upstream is vigorous. But very careful. They have 'stable', 'beta', and 'experimental' branches: v3, v4, and v5. After writing this, a particular version in the v4 branch recently became stable. So v4.2 is the latest stable release. They recommend (and Debian uses) v4.2. 'stable' only gets bugfixes.

    • Upstream bug tracker: None seem particularly relevant or critical. But only 9 open bugs?! It seems like an actively used tracker, just a really low count. I think the default view only shows priority bugs, which is why it doesn't list many. Maintainer responded quickly to a patch of mine.

    • Hardware: Does this package deal with hardware and if so how exotic is it ? Doesn't deal with hardware
    • Is there a test suite in the upstream source or packaging ? Is it enabled to run in the build ? Yes, there is a test suite in ./tests but it is not enabled by default in the build.
  5. UI standards:

    • User-visible strings are internationalized using standard gettext system ? No
    • Package with translatable strings builds a PO template during package build ? N/A
    • End-user applications ship a desktop file ? No, not a visible app
  6. Standards compliance:

    • FHS, Debian Policy compliance ? Seems compatible that I can see. Lintian clean.

    • "RFC3164 compliant"

    • Packaging system (debhelper/cdbs/dbs) ? Patch system ? Any packaging oddities ? Uses debhelper and quilt. No obvious packaging oddities.
  7. Dependencies:

    • rsyslog: libc6 (>= 2.4), zlib1g (>= 1:1.1.4), lsb-base (>= 3.2-14), adduser, ucf (>= 0.8)

    • rsyslog-doc: none
    • rsyslog-gnutls: libc6 (>= 2.4), libgnutls26 (>= 2.5.9-0), rsyslog (= 3.22.0-1ubuntu1)

    • rsyslog-gssapi: libc6 (>= 2.4), libgssapi-krb5-2 (>= 1.7dfsg~beta1), rsyslog (= 3.22.0-1ubuntu1)

    • rsyslog-mysql: libc6 (>= 2.4), libmysqlclient15off (>= 5.0.27-1), debconf (>= 0.5) | debconf-2.0, rsyslog (= 3.22.0-1ubuntu1), dbconfig-common, ucf

    • rsyslog-pgsql: libc6 (>= 2.4), libpq5 (>= 8.3~beta1), debconf (>= 0.5) | debconf-2.0, rsyslog (= 3.22.0-1ubuntu1), dbconfig-common, ucf

    • rsyslog-relp: libc6 (>= 2.3), librelp0 (>= 0.1.1), rsyslog (= 3.22.0-1ubuntu1)

    • Are these all in main ? Everything except for librelp0 is (and of course rsyslog). librelp is a library developed for rsyslog originally for "reliable event logging over the network". It will also need to be included, unless we want to keep rsyslog-relp in universe.

  8. Maintenance:

    • How much maintenance is this package likely to need ? Presumably not much. Debian's maintainership is very good.
    • Who is responsible for monitoring the quality of this package and fixing its bugs ? Are they Ubuntu or Debian developers ? Michael Biebl is the very active Debian maintainer.
  9. Background information:

    • Here's the main package's control file Description:
      Description: enhanced multi-threaded syslogd
       Rsyslog is an enhanced syslogd supporting, amongst others:
        * reliable syslog over TCP and SSL/TLS
        * on-demand disk buffering
        * email alerting
        * writing to MySQL or PostgreSQL databases (via separate output plugins)
        * permitted sender lists
        * filtering on any part of the syslog message
        * on-the-wire message compression
        * fine grained output format control
        * backup log destinations
       It is quite compatible to stock sysklogd and can be used as a drop-in
       replacement. Its advanced features make it suitable for enterprise-class,
       encryption protected syslog relay chains while at the same time being very
       easy to setup for the novice user.
    • What do upstream call this software ? Has it had different names in the past ? No different names that I can find. Just 'Rsyslog'
    • Fedora uses rsyslog as default logger since Fedora 8. Debian since Lenny.
  10. Internationalization:

    • Are graphical applications translatable? Do they support gettext? No graphical part of it. Does not support gettext


MIR bug:

Report author: mterry

MainInclusionReport/rsyslog (last edited 2009-07-08 12:38:42 by 65-78-0-53)