Let's take a simple approach: try 8.34. If it has a problem, let us know and I see that can look at it.
IIRC I was refering to this issue and associated fix: https://www.rsyslog.com/remote-syslog-pri-vulnerability/ given the age, it should probably be available since 8.4.2. But again, I don't remember that old stuff. Doesn't make sense to look more at it, it just block me from doing work to move forward. If you need the old cruft, consider opening a bug report with Ubunutu or purchasing professional support. Again, if the issues exists in 8.34 let me know. Rainer 2018-04-25 9:30 GMT+02:00 David Lang <da...@lang.hm>: > 8.16 was 3 years ago, so it's not going to be a 'recent' version. > > I am not sure what feature Rainer is talking about either, but I would start > looking at the current documentation, starting with the function list and > the property replacer capablities. > > Or you can detect the situation and have an if statement to use a different > template that hard-codes the fix. > > look at exactly what is contained in every variable by logging a few > messages with RSYSLOG_DebugFormat > > And if you aren't going to be willing to replace your LTS version with a > current version, the template approach is all you are going to be able to > do, and you will need to check the docs shipped with that version, as the > current docs will include a lot of things that your version won't > > David Lang > > On Wed, 25 Apr 2018, Simon Lundström wrote: > >> Date: Wed, 25 Apr 2018 09:19:19 +0200 >> >> From: Simon Lundström <si...@su.se> >> Reply-To: rsyslog-users <rsyslog@lists.adiscon.com> >> To: rsyslog-users <rsyslog@lists.adiscon.com> >> Subject: Re: [rsyslog] Avoid invld PRI and force a valid PRI >> >> Ah, I'm sorry I wasn't clear. We're only running Ubuntu LTSes so 8.16.0 >> is the highest version which an LTS supports. >> >> I'm not yet sure what the feature is, I've seen no documentation of it and >> I don't know what it's called even. I can't find anything when searching for >> "rsyslog replace capability". >> >> What is this feature called so I can search for it? Or what is it called >> in the code so I can see when it was implemented? >> >> BR, >> - Simon >> >> On Wed, 2018-04-25 at 00:04:03 -0700, David Lang wrote: >>> >>> that list includes versions going back 6 years, which are not going to >>> have the features. >>> >>> Test with the latest 8.34 version, and if you get everything working to >>> your satsfaction, you can either see which of the other versions support the >>> needed features, or upgrade your systems to the current version >>> >>> David Lang >>> >>> On Wed, 25 Apr 2018, Simon Lundström wrote: >>> >>>> Date: Wed, 25 Apr 2018 08:32:34 +0200 >>>> From: Simon Lundström <si...@su.se> >>>> Reply-To: rsyslog-users <rsyslog@lists.adiscon.com> >>>> To: rsyslog-users <rsyslog@lists.adiscon.com> >>>> Subject: Re: [rsyslog] Avoid invld PRI and force a valid PRI >>>> >>>> Any idea how to use the replace capability, automatic or not, in the >>>> versions specified at the ubuntu page below? >>>> >>>> BR, >>>> - Simon >>>> >>>> On Mon, 2018-04-23 at 08:34:11 +0200, Simon Lundström wrote: >>>>> >>>>> On Fri, 2018-04-20 at 10:53:46 +0200, Rainer Gerhards wrote: >>>>>> >>>>>> which rsyslog version do you have? I think current ones have an >>>>>> automatic replace capability, but I am not 100% sure. >>>>> >>>>> >>>>> That wildly differs, but everything available in Ubuntu e.g, so that's >>>>> everything listed here: <https://launchpad.net/ubuntu/+source/rsyslog/> >>>>> >>>>> BR, >>>>> - Simon >>>>> >>>>>> 2018-04-20 10:32 GMT+02:00 Simon Lundström <si...@su.se>: >>>>>>> >>>>>>> Hey all! >>>>>>> >>>>>>> We have some devices which can't be easily fixed which uses an >>>>>>> invalid/incorrect syslog PRI. rsyslogd sets these as <invld> e.g.: >>>>>>> <invld>2018-04-20T10:19:49.973793+02:00 central.syslog.server >>>>>>> <invld>2018-04-20T10:19:49+02:00 server.which.syslogged <198>Apr 20 >>>>>>> 10:19:49 server.which.syslogged program: message >>>>>>> >>>>>>> Is it possible for rsyslog just to set a valid PRI instead of >>>>>>> "reporting" >>>>>>> it. >>>>>>> Can "central.syslog.server" do it? Or must "server.which.syslogged" >>>>>>> do it? >>>>>>> >>>>>>> Thanks! >>>>>>> >>>>>>> BR, >>>>>>> - Simon >>>>>>> _______________________________________________ >>>>>>> rsyslog mailing list >>>>>>> http://lists.adiscon.net/mailman/listinfo/rsyslog >>>>>>> http://www.rsyslog.com/professional-services/ >>>>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards >>>>>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a >>>>>>> myriad of >>>>>>> sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >>>>>>> DON'T >>>>>>> LIKE THAT. >>>>>> >>>>>> _______________________________________________ >>>>>> rsyslog mailing list >>>>>> http://lists.adiscon.net/mailman/listinfo/rsyslog >>>>>> http://www.rsyslog.com/professional-services/ >>>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards >>>>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a >>>>>> myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if >>>>>> you DON'T LIKE THAT. >>>>> >>>>> _______________________________________________ >>>>> rsyslog mailing list >>>>> http://lists.adiscon.net/mailman/listinfo/rsyslog >>>>> http://www.rsyslog.com/professional-services/ >>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards >>>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a >>>>> myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if >>>>> you DON'T LIKE THAT. >>>> >>>> _______________________________________________ >>>> rsyslog mailing list >>>> http://lists.adiscon.net/mailman/listinfo/rsyslog >>>> http://www.rsyslog.com/professional-services/ >>>> What's up with rsyslog? Follow https://twitter.com/rgerhards >>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad >>>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you >>>> DON'T >>>> LIKE THAT. >>>> >>> _______________________________________________ >>> rsyslog mailing list >>> http://lists.adiscon.net/mailman/listinfo/rsyslog >>> http://www.rsyslog.com/professional-services/ >>> What's up with rsyslog? Follow https://twitter.com/rgerhards >>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad >>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T >>> LIKE THAT. >> >> _______________________________________________ >> rsyslog mailing list >> http://lists.adiscon.net/mailman/listinfo/rsyslog >> http://www.rsyslog.com/professional-services/ >> What's up with rsyslog? Follow https://twitter.com/rgerhards >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T >> LIKE THAT. >> > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T > LIKE THAT. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.