Main Inclusion Report for rsyslog

Requirements

1. Availability: http://archive.ubuntu.com/ubuntu/pool/universe/r/rsyslog; available for all supported architectures

2. Rationale:

   • We're trying to switch from sysklogd to rsyslog, as Debian has made the jump

   • https://blueprints.edge.launchpad.net/ubuntu/+spec/foundations-karmic-rsyslogd

3. Security:

   • CVE entries: 3 total, none that apply to version currently in Ubuntu (4.2.0)

   • Secunia history: None

   • The main rsyslog daemon does run as root normally (and in Debian). Since our previous solution (sysklogd) ran as a user (after we modified it), it would be nice to make rsyslog do the same. There is a bug about it, wherein I backport support for running as a user and add support for reading from kmsg (this has been accepted into Ubuntu).

   • Network activity: Doesn't open ports or talk to remote machines by default, but it can be configured to send or receive syslog events over the network
   • Does it directly (not through a library) process binary (video, audio, etc) or structured (PDF, etc) data? No. It has some plugins to write to mysql or pgsql, but it does so through libraries.
   • Any source code review performed ? Not by me, mterry

   • Upstream security advice

   • Upstream security advisories

4. Quality assurance:

   • In what situations does the package not work out of the box without configuration ? None that I know of
   • Does the package ask any debconf questions higher than priority 'medium' ? No

   • Debian bugs: None seem particularly relevant, or likely to be showstoppers

   • Maintenance in Debian: I'd call it 'vigorous'. About one upstream point release a month, a couple packaging changes a month.

   • Upstream is vigorous. But very careful. They have 'stable', 'beta', and 'experimental' branches: v3, v4, and v5. After writing this, a particular version in the v4 branch recently became stable. So v4.2 is the latest stable release. They recommend (and Debian uses) v4.2. 'stable' only gets bugfixes.

   • Upstream bug tracker: None seem particularly relevant or critical. But only 9 open bugs?! It seems like an actively used tracker, just a really low count. I think the default view only shows priority bugs, which is why it doesn't list many. Maintainer responded quickly to a patch of mine.

   • Hardware: Does this package deal with hardware and if so how exotic is it ? Doesn't deal with hardware
   • Is there a test suite in the upstream source or packaging ? Is it enabled to run in the build ? Yes, there is a test suite in ./tests but it is not enabled by default in the build.

5. UI standards:

   • User-visible strings are internationalized using standard gettext system ? No
   • Package with translatable strings builds a PO template during package build ? N/A
   • End-user applications ship a desktop file ? No, not a visible app

6. Standards compliance:

   • FHS, Debian Policy compliance ? Seems compatible that I can see. Lintian clean.

   • "RFC3164 compliant"

   • Packaging system (debhelper/cdbs/dbs) ? Patch system ? Any packaging oddities ? Uses debhelper and quilt. No obvious packaging oddities.

7. Dependencies:

   • rsyslog: libc6 (>= 2.4), zlib1g (>= 1:1.1.4), lsb-base (>= 3.2-14), adduser, ucf (>= 0.8)

   • rsyslog-doc: none

   • rsyslog-gnutls: libc6 (>= 2.4), libgnutls26 (>= 2.5.9-0), rsyslog (= 3.22.0-1ubuntu1)

   • rsyslog-gssapi: libc6 (>= 2.4), libgssapi-krb5-2 (>= 1.7dfsg~beta1), rsyslog (= 3.22.0-1ubuntu1)

   • rsyslog-mysql: libc6 (>= 2.4), libmysqlclient15off (>= 5.0.27-1), debconf (>= 0.5) | debconf-2.0, rsyslog (= 3.22.0-1ubuntu1), dbconfig-common, ucf

   • rsyslog-pgsql: libc6 (>= 2.4), libpq5 (>= 8.3~beta1), debconf (>= 0.5) | debconf-2.0, rsyslog (= 3.22.0-1ubuntu1), dbconfig-common, ucf

   • rsyslog-relp: libc6 (>= 2.3), librelp0 (>= 0.1.1), rsyslog (= 3.22.0-1ubuntu1)

   • Are these all in main ? Everything except for librelp0 is (and of course rsyslog). librelp is a library developed for rsyslog originally for "reliable event logging over the network". It will also need to be included, unless we want to keep rsyslog-relp in universe.

8. Maintenance:

   • How much maintenance is this package likely to need ? Presumably not much. Debian's maintainership is very good.
   • Who is responsible for monitoring the quality of this package and fixing its bugs ? Are they Ubuntu or Debian developers ? Michael Biebl is the very active Debian maintainer.

9. Background information:

   • Here's the main package's control file Description:

     Description: enhanced multi-threaded syslogd
      Rsyslog is an enhanced syslogd supporting, amongst others:
       * reliable syslog over TCP and SSL/TLS
       * on-demand disk buffering
       * email alerting
       * writing to MySQL or PostgreSQL databases (via separate output plugins)
       * permitted sender lists
       * filtering on any part of the syslog message
       * on-the-wire message compression
       * fine grained output format control
       * backup log destinations
      .
      It is quite compatible to stock sysklogd and can be used as a drop-in
      replacement. Its advanced features make it suitable for enterprise-class,
      encryption protected syslog relay chains while at the same time being very
      easy to setup for the novice user.

   • What do upstream call this software ? Has it had different names in the past ? No different names that I can find. Just 'Rsyslog'
   • Fedora uses rsyslog as default logger since Fedora 8. Debian since Lenny.

10. Internationalization:

    • Are graphical applications translatable? Do they support gettext? No graphical part of it. Does not support gettext

Reviewers

MIR bug: https://launchpad.net/bugs/388605

Report author: mterry