Ubuntu
apparmor package

bad restriction: apparmor="DENIED" [...] namespace="root//lxd-n_<var-snap-lxd-common-lxd>" profile="rsyslogd" name="/run/systemd/journal/dev-log"

Bug #2123821 reported by Paride Legovini on 2025-09-15

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	apparmor (Ubuntu)	Confirmed	Undecided	Unassigned
	rsyslog (Ubuntu)	Fix Released	Undecided	Andreas Hasenack	Ubuntu ubuntu-25.10-beta

Bug Description

On my Questing system running LXD containers, my kernel log is full of messages like:

[ 129.551382] audit: type=1400 audit(1757925628.229:1005): apparmor="DENIED" operation="sendmsg" class="file" namespace="root//lxd-q_<var-snap-lxd-common-lxd>" profile="rsyslogd" name="/run/systemd/journal/dev-log" pid=5370 comm="systemd-journal" requested_mask="r" denied_mask="r" fsuid=1000000 ouid=1000000

One of my containers is named "q", hence the "root//lxd-q...". Some actual functionality is likely broken in the container.

Tags:

Related branches

~simpoir/ubuntu/+source/rsyslog:merge/lp2130067

Merged into ubuntu/+source/rsyslog:debian/sid at revision 803ee11cdf596e564fd68784edfce39cc27a2e98

Nick Rosbrook (community): Approve on 2025-12-18

~simpoir/ubuntu/+source/rsyslog:merge/lp2130067

Superseded for merging into ubuntu/+source/rsyslog:ubuntu/devel

Canonical Debcrafters Team: Pending requested 2025-12-10

Diff: 384058 lines (+213323/-122860) (has conflicts)

1431 files modified

.tarball-version (+1/-1)
CONTRIBUTING.md (+152/-164)
ChangeLog (+1142/-228)
Makefile.am (+27/-1)
Makefile.in (+185/-170)
README.md (+80/-143)
action.c (+1887/-1949)
action.h (+127/-66)
compat/Makefile.in (+4/-0)
compat/asprintf.c (+22/-23)
compat/getifaddrs.c (+397/-468)
compat/ifaddrs.h (+80/-80)
compat/strndup.c (+15/-19)
config.h.in (+7/-3)
configure (+903/-53)
configure.ac (+210/-36)
contrib/ffaup/Makefile.in (+4/-0)
contrib/ffaup/ffaup.c (+242/-276)
contrib/fmhash/Makefile.in (+4/-0)
contrib/fmhash/fmhash.c (+230/-234)
contrib/fmunflatten/Makefile.in (+4/-0)
contrib/fmunflatten/fmunflatten.c (+157/-170)
contrib/imbatchreport/Makefile.in (+4/-0)
contrib/imbatchreport/imbatchreport.c (+710/-783)
contrib/imczmq/Makefile.in (+4/-0)
contrib/imczmq/imczmq.c (+487/-478)
contrib/imdocker/Makefile.in (+4/-0)
contrib/imdocker/imdocker.c (+1288/-1356)
contrib/imhiredis/Makefile.in (+4/-0)
contrib/imhiredis/imhiredis.c (+1676/-1747)
contrib/imhttp/Makefile.in (+4/-0)
contrib/imhttp/imhttp.c (+1210/-1105)
contrib/imkmsg/Makefile.in (+4/-0)
contrib/imkmsg/imkmsg.c (+200/-219)
contrib/imkmsg/imkmsg.h (+21/-22)
contrib/imkmsg/kmsg.c (+213/-224)
contrib/impcap/Makefile.in (+4/-0)
contrib/impcap/arp_parser.c (+73/-74)
contrib/impcap/dns_parser.c (+267/-289)
contrib/impcap/eth_parser.c (+111/-111)
contrib/impcap/ftp_parser.c (+50/-88)
contrib/impcap/http_parser.c (+83/-92)
contrib/impcap/icmp_parser.c (+22/-22)
contrib/impcap/impcap.c (+511/-556)
contrib/impcap/ipv4_parser.c (+41/-41)
contrib/impcap/ipv6_parser.c (+191/-191)
contrib/impcap/ipx_parser.c (+35/-36)
contrib/impcap/llc_parser.c (+50/-53)
contrib/impcap/parsers.h (+66/-75)
contrib/impcap/smb_parser.c (+88/-89)
contrib/impcap/tcp_parser.c (+49/-52)
contrib/impcap/udp_parser.c (+29/-29)
contrib/improg/Makefile.in (+4/-0)
contrib/improg/improg.c (+482/-522)
contrib/imtuxedoulog/Makefile.in (+4/-0)
contrib/imtuxedoulog/imtuxedoulog.c (+567/-632)
contrib/mmcount/Makefile.in (+4/-0)
contrib/mmcount/mmcount.c (+199/-213)
contrib/mmdarwin/Makefile.in (+4/-0)
contrib/mmdarwin/mmdarwin.c (+595/-705)
contrib/mmdarwin/protocol.h (+30/-34)
contrib/mmgrok/Makefile.in (+4/-0)
contrib/mmgrok/mmgrok.c (+273/-301)
contrib/mmkubernetes/Makefile.in (+4/-0)
contrib/mmkubernetes/mmkubernetes.c (+1584/-1733)
contrib/mmrfc5424addhmac/Makefile.in (+4/-0)
contrib/mmrfc5424addhmac/mmrfc5424addhmac.c (+185/-208)
contrib/mmsequence/Makefile.in (+4/-0)
contrib/mmsequence/mmsequence.c (+235/-264)
contrib/mmtaghostname/Makefile.in (+4/-0)
contrib/mmtaghostname/mmtaghostname.c (+87/-95)
contrib/omamqp1/Makefile.am (+0/-1)
contrib/omamqp1/Makefile.in (+4/-0)
contrib/omamqp1/omamqp1.c (+648/-655)
contrib/omczmq/Makefile.in (+4/-0)
contrib/omczmq/omczmq.c (+487/-496)
contrib/omfile-hardened/Makefile.in (+4/-0)
contrib/omfile-hardened/omfile-hardened.c (+1199/-1299)
contrib/omhiredis/Makefile.in (+4/-0)
contrib/omhiredis/omhiredis.c (+585/-598)
contrib/omhttp/Makefile.in (+4/-0)
contrib/omhttp/omhttp.c (+2095/-2111)
contrib/omhttpfs/Makefile.in (+4/-0)
contrib/omhttpfs/omhttpfs.c (+495/-533)
contrib/omrabbitmq/Makefile.in (+4/-0)
contrib/omrabbitmq/omrabbitmq.c (+1062/-1131)
contrib/omtcl/Makefile.in (+4/-0)
contrib/omtcl/omtcl.c (+62/-67)
contrib/pmaixforwardedfrom/Makefile.in (+4/-0)
contrib/pmaixforwardedfrom/pmaixforwardedfrom.c (+99/-104)
contrib/pmcisconames/Makefile.in (+4/-0)
contrib/pmcisconames/pmcisconames.c (+101/-106)
contrib/pmdb2diag/Makefile.in (+4/-0)
contrib/pmdb2diag/pmdb2diag.c (+211/-222)
contrib/pmpanngfw/Makefile.in (+4/-0)
contrib/pmpanngfw/pmpanngfw.c (+206/-213)
contrib/pmsnare/Makefile.in (+4/-0)
contrib/pmsnare/pmsnare.c (+295/-309)
debian/changelog (+174/-0)
debian/clean (+4/-0)
debian/control (+23/-2)
debian/copyright (+6/-6)
debian/gbp.conf (+1/-1)
debian/not-installed (+6/-6)
debian/patches/Skip-imfile-logrotate-async.sh.patch (+28/-0)
debian/patches/Skip-potentially-buggy-imrelp-tls-cfgcmd.sh.patch (+44/-0)
debian/patches/Skip-tests-based-on-omfwd-lb-1target-retry-test_skeleton..patch (+48/-0)
debian/patches/doc-enable-parallel-Sphinx-builds-silence-edit_on_github.patch (+90/-0)
debian/patches/doc-make-git-optional-for-Sphinx-builds-dist-tarballs.patch (+156/-0)
debian/patches/doc-vendor-mermaid-assets-and-fix-offline-viewing.patch (+2635/-0)
debian/patches/series (+6/-1)
debian/rsyslog-clickhouse.install (+1/-1)
debian/rsyslog-czmq.install (+2/-2)
debian/rsyslog-doc.doc-base (+9/-0)
debian/rsyslog-doc.install (+1/-0)
debian/rsyslog-docker.install (+1/-1)
debian/rsyslog-elasticsearch.install (+1/-1)
debian/rsyslog-gnutls.install (+4/-0)
debian/rsyslog-gssapi.install (+3/-3)
debian/rsyslog-hiredis.install (+2/-2)
debian/rsyslog-kafka.install (+2/-2)
debian/rsyslog-kubernetes.install (+1/-1)
debian/rsyslog-mongodb.install (+1/-1)
debian/rsyslog-mysql.install (+1/-1)
debian/rsyslog-mysql.lintian-overrides (+3/-0)
debian/rsyslog-openssl.install (+6/-0)
debian/rsyslog-pgsql.install (+1/-1)
debian/rsyslog-pgsql.lintian-overrides (+3/-0)
debian/rsyslog-relp.install (+2/-2)
debian/rsyslog-snmp.install (+1/-1)
debian/rsyslog.install (+36/-0)
debian/rules (+16/-5)
debian/salsa-ci.yml (+12/-0)
debian/tests/control (+17/-0)
debian/tests/logcheck (+30/-6)
dev/null (+0/-35)
dirty.h (+13/-8)
doc/CONTRIBUTING.md (+78/-0)
doc/LICENSE (+204/-0)
doc/Makefile (+32/-0)
doc/README.md (+189/-0)
doc/STRATEGY.md (+214/-0)
doc/ai/README.md (+21/-0)
doc/ai/authoring_guidelines.md (+23/-0)
doc/ai/chunking_and_embeddings.md (+6/-0)
doc/ai/crosslinking_and_nav.md (+17/-0)
doc/ai/drift_monitoring.md (+9/-0)
doc/ai/mermaid_rules.md (+21/-0)
doc/ai/module_map.yaml (+62/-0)
doc/ai/structure_and_paths.md (+195/-0)
doc/ai/templates/template-concept.rst (+36/-0)
doc/ai/templates/template-tutorial.rst (+33/-0)
doc/ai/terminology.md (+9/-0)
doc/requirements.txt (+5/-0)
doc/source/_ext/edit_on_github.py (+43/-0)
doc/source/_ext/rsyslog_lexer.py (+137/-0)
doc/source/_static/rsyslog.css (+543/-0)
doc/source/about/ai_first.rst (+236/-0)
doc/source/about/history.rst (+86/-0)
doc/source/about/index.rst (+18/-0)
doc/source/community.rst (+52/-0)
doc/source/concepts/index.rst (+66/-0)
doc/source/concepts/janitor.rst (+41/-0)
doc/source/concepts/log_pipeline.rst (+173/-0)
doc/source/concepts/log_pipeline/design_patterns.rst (+173/-0)
doc/source/concepts/log_pipeline/example_json_transform.rst (+117/-0)
doc/source/concepts/log_pipeline/index.rst (+81/-0)
doc/source/concepts/log_pipeline/stages.rst (+147/-0)
doc/source/concepts/log_pipeline/troubleshooting.rst (+122/-0)
doc/source/concepts/messageparser.rst (+304/-0)
doc/source/concepts/multi_ruleset.rst (+312/-0)
doc/source/concepts/netstrm_drvr.rst (+21/-0)
doc/source/concepts/ns_gtls.rst (+91/-0)
doc/source/concepts/ns_ossl.rst (+87/-0)
doc/source/concepts/ns_ptcp.rst (+13/-0)
doc/source/concepts/queues.rst (+524/-0)
doc/source/conf.py (+448/-0)
doc/source/conf_helpers.py (+135/-0)
doc/source/configuration/action/index.rst (+194/-0)
doc/source/configuration/action/rsconf1_actionexeconlywhenpreviousissuspended.rst (+48/-0)
doc/source/configuration/action/rsconf1_actionresumeinterval.rst (+35/-0)
doc/source/configuration/action/rsconf1_dirgroup.rst (+19/-0)
doc/source/configuration/action/rsconf1_dirowner.rst (+34/-0)
doc/source/configuration/action/rsconf1_dynafilecachesize.rst (+4/-0)
doc/source/configuration/action/rsconf1_filecreatemode.rst (+43/-0)
doc/source/configuration/action/rsconf1_filegroup.rst (+18/-0)
doc/source/configuration/action/rsconf1_fileowner.rst (+19/-0)
doc/source/configuration/action/rsconf1_gssforwardservicename.rst (+21/-0)
doc/source/configuration/action/rsconf1_gssmode.rst (+20/-0)
doc/source/configuration/action/rsconf1_omfileforcechown.rst (+67/-0)
doc/source/configuration/action/rsconf1_repeatedmsgreduction.rst (+70/-0)
doc/source/configuration/actions.rst (+622/-0)
doc/source/configuration/basic_structure.rst (+225/-0)
doc/source/configuration/conf_formats.rst (+72/-0)
doc/source/configuration/config_param_types.rst (+48/-0)
doc/source/configuration/converting_to_new_format.rst (+196/-0)
doc/source/configuration/cryprov_gcry.rst (+104/-0)
doc/source/configuration/cryprov_ossl.rst (+77/-0)
doc/source/configuration/droppriv.rst (+31/-0)
doc/source/configuration/dyn_stats.rst (+106/-0)
doc/source/configuration/examples.rst (+140/-0)
doc/source/configuration/filters.rst (+324/-0)
doc/source/configuration/global/index.rst (+164/-0)
doc/source/configuration/global/options/rsconf1_abortonuncleanconfig.rst (+40/-0)
doc/source/configuration/global/options/rsconf1_debugprintcfsyslinehandlerlist.rst (+13/-0)
doc/source/configuration/global/options/rsconf1_debugprintmodulelist.rst (+12/-0)
doc/source/configuration/global/options/rsconf1_debugprinttemplatelist.rst (+12/-0)
doc/source/configuration/global/options/rsconf1_failonchownfailure.rst (+21/-0)
doc/source/configuration/global/options/rsconf1_generateconfiggraph.rst (+148/-0)
doc/source/configuration/global/options/rsconf1_includeconfig.rst (+74/-0)
doc/source/configuration/global/options/rsconf1_mainmsgqueuesize.rst (+34/-0)
doc/source/configuration/global/options/rsconf1_maxopenfiles.rst (+36/-0)
doc/source/configuration/global/options/rsconf1_moddir.rst (+20/-0)
doc/source/configuration/global/options/rsconf1_modload.rst (+30/-0)
doc/source/configuration/global/options/rsconf1_resetconfigvariables.rst (+19/-0)
doc/source/configuration/global/options/rsconf1_umask.rst (+25/-0)
doc/source/configuration/index.rst (+76/-0)
doc/source/configuration/index_directives.rst (+21/-0)
doc/source/configuration/input.rst (+32/-0)
doc/source/configuration/input_directives/index.rst (+28/-0)
doc/source/configuration/input_directives/rsconf1_allowedsender.rst (+72/-0)
doc/source/configuration/input_directives/rsconf1_controlcharacterescapeprefix.rst (+24/-0)
doc/source/configuration/input_directives/rsconf1_dropmsgswithmaliciousdnsptrrecords.rst (+23/-0)
doc/source/configuration/input_directives/rsconf1_droptrailinglfonreception.rst (+21/-0)
doc/source/configuration/input_directives/rsconf1_escape8bitcharsonreceive.rst (+39/-0)
doc/source/configuration/input_directives/rsconf1_escapecontrolcharactersonreceive.rst (+34/-0)
doc/source/configuration/input_directives/rsconf1_markmessageperiod.rst (+26/-0)
doc/source/configuration/ipv6.rst (+47/-0)
doc/source/configuration/lookup_tables.rst (+314/-0)
doc/source/configuration/modules/gssapi.rst (+73/-0)
doc/source/configuration/modules/idx_input.rst (+13/-0)
doc/source/configuration/modules/idx_library.rst (+9/-0)
doc/source/configuration/modules/idx_messagemod.rst (+15/-0)
doc/source/configuration/modules/idx_output.rst (+16/-0)
doc/source/configuration/modules/idx_parser.rst (+16/-0)
doc/source/configuration/modules/idx_stringgen.rst (+43/-0)
doc/source/configuration/modules/im3195.rst (+71/-0)
doc/source/configuration/modules/imbatchreport.rst (+222/-0)
doc/source/configuration/modules/imczmq.rst (+77/-0)
doc/source/configuration/modules/imdocker.rst (+181/-0)
doc/source/configuration/modules/imdtls.rst (+177/-0)
doc/source/configuration/modules/imfile.rst (+389/-0)
doc/source/configuration/modules/imgssapi.rst (+154/-0)
doc/source/configuration/modules/imhiredis.rst (+356/-0)
doc/source/configuration/modules/imhttp.rst (+493/-0)
doc/source/configuration/modules/imjournal.rst (+274/-0)
doc/source/configuration/modules/imkafka.rst (+177/-0)
doc/source/configuration/modules/imklog.rst (+230/-0)
doc/source/configuration/modules/imkmsg.rst (+188/-0)
doc/source/configuration/modules/immark.rst (+41/-0)
doc/source/configuration/modules/impcap.rst (+255/-0)
doc/source/configuration/modules/improg.rst (+172/-0)
doc/source/configuration/modules/impstats.rst (+405/-0)
doc/source/configuration/modules/imptcp.rst (+313/-0)
doc/source/configuration/modules/imrelp.rst (+595/-0)
doc/source/configuration/modules/imsolaris.rst (+59/-0)
doc/source/configuration/modules/imtcp.rst (+502/-0)
doc/source/configuration/modules/imtuxedoulog.rst (+146/-0)
doc/source/configuration/modules/imudp.rst (+361/-0)
doc/source/configuration/modules/imuxsock.rst (+565/-0)
doc/source/configuration/modules/index.rst (+27/-0)
doc/source/configuration/modules/mmaitag.rst (+90/-0)
doc/source/configuration/modules/mmanon.rst (+223/-0)
doc/source/configuration/modules/mmaudit.rst (+124/-0)
doc/source/configuration/modules/mmcount.rst (+93/-0)
doc/source/configuration/modules/mmdarwin.rst (+116/-0)
doc/source/configuration/modules/mmdblookup.rst (+124/-0)
doc/source/configuration/modules/mmexternal.rst (+82/-0)
doc/source/configuration/modules/mmfields.rst (+116/-0)
doc/source/configuration/modules/mmjsonparse.rst (+334/-0)
doc/source/configuration/modules/mmjsonrewrite.rst (+104/-0)
doc/source/configuration/modules/mmjsontransform.rst (+157/-0)
doc/source/configuration/modules/mmkubernetes.rst (+337/-0)
doc/source/configuration/modules/mmleefparse.rst (+181/-0)
doc/source/configuration/modules/mmnormalize.rst (+168/-0)
doc/source/configuration/modules/mmpstrucdata.rst (+113/-0)
doc/source/configuration/modules/mmrfc5424addhmac.rst (+103/-0)
doc/source/configuration/modules/mmrm1stspace.rst (+30/-0)
doc/source/configuration/modules/mmsequence.rst (+156/-0)
doc/source/configuration/modules/mmsnareparse.rst (+479/-0)
doc/source/configuration/modules/mmsnmptrapd.rst (+106/-0)
doc/source/configuration/modules/mmtaghostname.rst (+87/-0)
doc/source/configuration/modules/mmutf8fix.rst (+108/-0)
doc/source/configuration/modules/omamqp1.rst (+476/-0)
doc/source/configuration/modules/omazureeventhubs.rst (+412/-0)
doc/source/configuration/modules/omclickhouse.rst (+324/-0)
doc/source/configuration/modules/omczmq.rst (+110/-0)
doc/source/configuration/modules/omdtls.rst (+268/-0)
doc/source/configuration/modules/omelasticsearch.rst (+558/-0)
doc/source/configuration/modules/omfile.rst (+399/-0)
doc/source/configuration/modules/omfwd.rst (+938/-0)
doc/source/configuration/modules/omfwd/parameters/basic.rst (+144/-0)
doc/source/configuration/modules/omfwd/parameters/module.rst (+69/-0)
doc/source/configuration/modules/omhdfs.rst (+114/-0)
doc/source/configuration/modules/omhiredis.rst (+779/-0)
doc/source/configuration/modules/omhttp.rst (+985/-0)
doc/source/configuration/modules/omhttpfs.rst (+149/-0)
doc/source/configuration/modules/omjournal.rst (+144/-0)
doc/source/configuration/modules/omkafka.rst (+342/-0)
doc/source/configuration/modules/omlibdbi.rst (+238/-0)
doc/source/configuration/modules/ommail.rst (+306/-0)
doc/source/configuration/modules/ommongodb.rst (+249/-0)
doc/source/configuration/modules/ommysql.rst (+206/-0)
doc/source/configuration/modules/omoracle.rst (+200/-0)
doc/source/configuration/modules/ompgsql.rst (+239/-0)
doc/source/configuration/modules/ompipe.rst (+48/-0)
doc/source/configuration/modules/omprog.rst (+206/-0)
doc/source/configuration/modules/omrabbitmq.rst (+404/-0)
doc/source/configuration/modules/omrelp.rst (+542/-0)
doc/source/configuration/modules/omruleset.rst (+184/-0)
doc/source/configuration/modules/omsendertrack.rst (+454/-0)
doc/source/configuration/modules/omsnmp.rst (+119/-0)
doc/source/configuration/modules/omstdout.rst (+113/-0)
doc/source/configuration/modules/omudpspoof.rst (+209/-0)
doc/source/configuration/modules/omusrmsg.rst (+67/-0)
doc/source/configuration/modules/omuxsock.rst (+61/-0)
doc/source/configuration/modules/pmciscoios.rst (+183/-0)
doc/source/configuration/modules/pmdb2diag.rst (+146/-0)
doc/source/configuration/modules/pmlastmsg.rst (+68/-0)
doc/source/configuration/modules/pmnormalize.rst (+121/-0)
doc/source/configuration/modules/pmnull.rst (+123/-0)
doc/source/configuration/modules/pmrfc3164.rst (+163/-0)
doc/source/configuration/modules/pmrfc3164sd.rst (+5/-0)
doc/source/configuration/modules/pmrfc5424.rst (+6/-0)
doc/source/configuration/modules/sigprov_gt.rst (+94/-0)
doc/source/configuration/modules/sigprov_ksi.rst (+99/-0)
doc/source/configuration/modules/sigprov_ksi12.rst (+135/-0)
doc/source/configuration/modules/workflow.rst (+30/-0)
doc/source/configuration/nomatch.rst (+47/-0)
doc/source/configuration/output_channels.rst (+61/-0)
doc/source/configuration/parser.rst (+87/-0)
doc/source/configuration/percentile_stats.rst (+151/-0)
doc/source/configuration/properties.rst (+319/-0)
doc/source/configuration/property_replacer.rst (+374/-0)
doc/source/configuration/rsyslog-example.conf (+163/-0)
doc/source/configuration/rsyslog_statistic_counter.rst (+83/-0)
doc/source/configuration/ruleset/index.rst (+20/-0)
doc/source/configuration/ruleset/rsconf1_rulesetcreatemainqueue.rst (+91/-0)
doc/source/configuration/ruleset/rsconf1_rulesetparser.rst (+127/-0)
doc/source/configuration/sysklogd_format.rst (+311/-0)
doc/source/configuration/templates.rst (+293/-0)
doc/source/configuration/timezone.rst (+68/-0)
doc/source/containers/collector.rst (+128/-0)
doc/source/containers/development_images.rst (+24/-0)
doc/source/containers/dockerlogs.rst (+43/-0)
doc/source/containers/index.rst (+22/-0)
doc/source/containers/minimal.rst (+34/-0)
doc/source/containers/standard.rst (+36/-0)
doc/source/containers/user_images.rst (+44/-0)
doc/source/development/config_data_model.rst (+173/-0)
doc/source/development/debugging.rst (+45/-0)
doc/source/development/dev_action_threads.rst (+182/-0)
doc/source/development/dev_codestyle.rst (+15/-0)
doc/source/development/dev_oplugins.rst (+371/-0)
doc/source/development/dev_queue.rst (+306/-0)
doc/source/development/dev_testbench.rst (+20/-0)
doc/source/development/doc_reference_section_guidelines.rst (+161/-0)
doc/source/development/doc_style_guide.rst (+126/-0)
doc/source/development/engine_overview.rst (+79/-0)
doc/source/development/generic_design.rst (+146/-0)
doc/source/development/index.rst (+7/-0)
doc/source/development/internal_tooling.rst (+19/-0)
doc/source/faq/common-config-mistakes.rst (+66/-0)
doc/source/faq/difference_queues.rst (+34/-0)
doc/source/faq/encrypt_mysql_traffic_ommysql.rst (+45/-0)
doc/source/faq/faq_overall.rst (+16/-0)
doc/source/faq/imtcp-tls-gibberish.rst (+96/-0)
doc/source/faq/imudp-packet-loss.rst (+132/-0)
doc/source/faq/index.rst (+12/-0)
doc/source/features.rst (+148/-0)
doc/source/getting_started/ai-assistants.rst (+70/-0)
doc/source/getting_started/basic_configuration.rst (+33/-0)
doc/source/getting_started/beginner_tutorials/01-installation.rst (+138/-0)
doc/source/getting_started/beginner_tutorials/02-first-config.rst (+127/-0)
doc/source/getting_started/beginner_tutorials/03-default-config.rst (+112/-0)
doc/source/getting_started/beginner_tutorials/04-message-pipeline.rst (+132/-0)
doc/source/getting_started/beginner_tutorials/05-order-matters.rst (+123/-0)
doc/source/getting_started/beginner_tutorials/06-remote-server.rst (+165/-0)
doc/source/getting_started/beginner_tutorials/index.rst (+72/-0)
doc/source/getting_started/forwarding_logs.rst (+72/-0)
doc/source/getting_started/index.rst (+35/-0)
doc/source/getting_started/installation.rst (+42/-0)
doc/source/getting_started/next_steps.rst (+42/-0)
doc/source/getting_started/understanding_default_config.rst (+88/-0)
doc/source/historical/high_performance.rst (+76/-0)
doc/source/historical/index.rst (+19/-0)
doc/source/historical/module_devel.rst (+104/-0)
doc/source/historical/multi_ruleset_legacy_format_samples.rst (+199/-0)
doc/source/historical/php_syslog_ng.rst (+157/-0)
doc/source/historical/v3compatibility.rst (+260/-0)
doc/source/historical/v4compatibility.rst (+132/-0)
doc/source/historical/v5compatibility.rst (+49/-0)
doc/source/historical/v6compatibility.rst (+230/-0)
doc/source/historical/v7compatibility.rst (+173/-0)
doc/source/historical/v8compatibility.rst (+200/-0)
doc/source/history.rst (+146/-0)
doc/source/how2help.rst (+53/-0)
doc/source/idx_reference.rst (+16/-0)
doc/source/includes/container_dev_env.inc.rst (+14/-0)
doc/source/includes/footer.inc.rst (+11/-0)
doc/source/includes/substitution_definitions.inc.rst (+72/-0)
doc/source/index.rst (+59/-0)
doc/source/installation/build_from_repo.rst (+73/-0)
doc/source/installation/index.rst (+26/-0)
doc/source/installation/install_from_source.rst (+238/-0)
doc/source/installation/packages.rst (+65/-0)
doc/source/installation/rsyslog_docker.rst (+21/-0)
doc/source/licensing.rst (+72/-0)
doc/source/proposals/index.rst (+7/-0)
doc/source/proposals/version_naming.rst (+150/-0)
doc/source/rainerscript/configuration_objects.rst (+81/-0)
doc/source/rainerscript/constant_strings.rst (+255/-0)
doc/source/rainerscript/control_structures.rst (+138/-0)
doc/source/rainerscript/data_types.rst (+9/-0)
doc/source/rainerscript/expressions.rst (+25/-0)
doc/source/rainerscript/functions/idx_built-in_functions.rst (+11/-0)
doc/source/rainerscript/functions/idx_module_functions.rst (+16/-0)
doc/source/rainerscript/functions/index.rst (+27/-0)
doc/source/rainerscript/functions/mo-ffaup.rst (+103/-0)
doc/source/rainerscript/functions/mo-hashXX.rst (+42/-0)
doc/source/rainerscript/functions/mo-hashXXmod.rst (+48/-0)
doc/source/rainerscript/functions/mo-http_request.rst (+39/-0)
doc/source/rainerscript/functions/mo-unflatten.rst (+61/-0)
doc/source/rainerscript/functions/rs-cnum.rst (+36/-0)
doc/source/rainerscript/functions/rs-cstr.rst (+27/-0)
doc/source/rainerscript/functions/rs-dyn_inc.rst (+35/-0)
doc/source/rainerscript/functions/rs-exec_template.rst (+25/-0)
doc/source/rainerscript/functions/rs-exists.rst (+30/-0)
doc/source/rainerscript/functions/rs-field.rst (+64/-0)
doc/source/rainerscript/functions/rs-format_time.rst (+64/-0)
doc/source/rainerscript/functions/rs-get_property.rst (+58/-0)
doc/source/rainerscript/functions/rs-getenv.rst (+23/-0)
doc/source/rainerscript/functions/rs-int2hex.rst (+56/-0)
doc/source/rainerscript/functions/rs-ipv4convert.rst (+52/-0)
doc/source/rainerscript/functions/rs-is_time.rst (+66/-0)
doc/source/rainerscript/functions/rs-lookup.rst (+32/-0)
doc/source/rainerscript/functions/rs-parse_json.rst (+27/-0)
doc/source/rainerscript/functions/rs-parse_time.rst (+44/-0)
doc/source/rainerscript/functions/rs-percentile_observe.rst (+33/-0)
doc/source/rainerscript/functions/rs-previous_action_suspended.rst (+30/-0)
doc/source/rainerscript/functions/rs-prifilt.rst (+23/-0)
doc/source/rainerscript/functions/rs-random.rst (+36/-0)
doc/source/rainerscript/functions/rs-re_extract.rst (+38/-0)
doc/source/rainerscript/functions/rs-re_extract_i.rst (+12/-0)
doc/source/rainerscript/functions/rs-re_match.rst (+28/-0)
doc/source/rainerscript/functions/rs-re_match_i.rst (+29/-0)
doc/source/rainerscript/functions/rs-replace.rst (+26/-0)
doc/source/rainerscript/functions/rs-script_error.rst (+30/-0)
doc/source/rainerscript/functions/rs-strlen.rst (+22/-0)
doc/source/rainerscript/functions/rs-substring.rst (+75/-0)
doc/source/rainerscript/functions/rs-tolower.rst (+22/-0)
doc/source/rainerscript/functions/rs-toupper.rst (+21/-0)
doc/source/rainerscript/functions/rs-trim.rst (+59/-0)
doc/source/rainerscript/functions/rs-wrap.rst (+51/-0)
doc/source/rainerscript/global.rst (+894/-0)
doc/source/rainerscript/include.rst (+153/-0)
doc/source/rainerscript/index.rst (+30/-0)
doc/source/rainerscript/lookup_tables.rst (+7/-0)
doc/source/rainerscript/queue_parameters.rst (+611/-0)
doc/source/rainerscript/rainerscript_call.rst (+56/-0)
doc/source/rainerscript/rainerscript_call_indirect.rst (+58/-0)
doc/source/rainerscript/variable_property_types.rst (+107/-0)
doc/source/reference/parameters/im3195-input3195listenport.rst (+52/-0)
doc/source/reference/parameters/imdocker-apiversionstr.rst (+43/-0)
doc/source/reference/parameters/imdocker-defaultfacility.rst (+48/-0)
doc/source/reference/parameters/imdocker-defaultseverity.rst (+48/-0)
doc/source/reference/parameters/imdocker-dockerapiunixsockaddr.rst (+42/-0)
doc/source/reference/parameters/imdocker-escapelf.rst (+48/-0)
doc/source/reference/parameters/imdocker-getcontainerlogoptions.rst (+43/-0)
doc/source/reference/parameters/imdocker-listcontainersoptions.rst (+43/-0)
doc/source/reference/parameters/imdocker-pollinginterval.rst (+43/-0)
doc/source/reference/parameters/imdocker-retrievenewlogsfromstart.rst (+48/-0)
doc/source/reference/parameters/imdtls-address.rst (+42/-0)
doc/source/reference/parameters/imdtls-name.rst (+41/-0)
doc/source/reference/parameters/imdtls-port.rst (+41/-0)
doc/source/reference/parameters/imdtls-ruleset.rst (+41/-0)
doc/source/reference/parameters/imdtls-timeout.rst (+44/-0)
doc/source/reference/parameters/imdtls-tls-authmode.rst (+51/-0)
doc/source/reference/parameters/imdtls-tls-cacert.rst (+44/-0)
doc/source/reference/parameters/imdtls-tls-mycert.rst (+43/-0)
doc/source/reference/parameters/imdtls-tls-myprivkey.rst (+43/-0)
doc/source/reference/parameters/imdtls-tls-permittedpeer.rst (+65/-0)
doc/source/reference/parameters/imdtls-tls-tlscfgcmd.rst (+63/-0)
doc/source/reference/parameters/imfile-addceetag.rst (+50/-0)
doc/source/reference/parameters/imfile-addmetadata.rst (+51/-0)
doc/source/reference/parameters/imfile-deletestateonfiledelete.rst (+65/-0)
doc/source/reference/parameters/imfile-deletestateonfilemove.rst (+65/-0)
doc/source/reference/parameters/imfile-discardtruncatedmsg.rst (+51/-0)
doc/source/reference/parameters/imfile-endmsg-regex.rst (+60/-0)
doc/source/reference/parameters/imfile-escapelf-replacement.rst (+56/-0)
doc/source/reference/parameters/imfile-escapelf.rst (+53/-0)
doc/source/reference/parameters/imfile-facility.rst (+63/-0)
doc/source/reference/parameters/imfile-file.rst (+58/-0)
doc/source/reference/parameters/imfile-freshstarttail.rst (+61/-0)
doc/source/reference/parameters/imfile-ignoreolderthan.rst (+47/-0)
doc/source/reference/parameters/imfile-maxbytesperminute.rst (+48/-0)
doc/source/reference/parameters/imfile-maxlinesatonce.rst (+64/-0)
doc/source/reference/parameters/imfile-maxlinesperminute.rst (+47/-0)
doc/source/reference/parameters/imfile-maxsubmitatonce.rst (+48/-0)
doc/source/reference/parameters/imfile-mode.rst (+60/-0)
doc/source/reference/parameters/imfile-msgdiscardingerror.rst (+50/-0)
doc/source/reference/parameters/imfile-needparse.rst (+51/-0)
doc/source/reference/parameters/imfile-persiststateaftersubmission.rst (+52/-0)
doc/source/reference/parameters/imfile-persiststateinterval.rst (+65/-0)
doc/source/reference/parameters/imfile-pollinginterval.rst (+53/-0)
doc/source/reference/parameters/imfile-readmode.rst (+64/-0)
doc/source/reference/parameters/imfile-readtimeout.rst (+67/-0)
doc/source/reference/parameters/imfile-reopenontruncate.rst (+52/-0)
doc/source/reference/parameters/imfile-ruleset.rst (+57/-0)
doc/source/reference/parameters/imfile-severity.rst (+63/-0)
doc/source/reference/parameters/imfile-sortfiles.rst (+50/-0)
doc/source/reference/parameters/imfile-startmsg-regex.rst (+50/-0)
doc/source/reference/parameters/imfile-statefile-directory.rst (+48/-0)
doc/source/reference/parameters/imfile-statefile.rst (+67/-0)
doc/source/reference/parameters/imfile-tag.rst (+58/-0)
doc/source/reference/parameters/imfile-timeoutgranularity.rst (+53/-0)
doc/source/reference/parameters/imfile-trimlineoverbytes.rst (+48/-0)
doc/source/reference/parameters/imjournal-defaultfacility.rst (+55/-0)
doc/source/reference/parameters/imjournal-defaultseverity.rst (+55/-0)
doc/source/reference/parameters/imjournal-defaulttag.rst (+49/-0)
doc/source/reference/parameters/imjournal-filecreatemode.rst (+51/-0)
doc/source/reference/parameters/imjournal-fsync.rst (+51/-0)
doc/source/reference/parameters/imjournal-ignorenonvalidstatefile.rst (+51/-0)
doc/source/reference/parameters/imjournal-ignorepreviousmessages.rst (+60/-0)
doc/source/reference/parameters/imjournal-main.rst (+50/-0)
doc/source/reference/parameters/imjournal-persiststateinterval.rst (+56/-0)
doc/source/reference/parameters/imjournal-ratelimit-burst.rst (+55/-0)
doc/source/reference/parameters/imjournal-ratelimit-interval.rst (+60/-0)
doc/source/reference/parameters/imjournal-remote.rst (+49/-0)
doc/source/reference/parameters/imjournal-statefile.rst (+56/-0)
doc/source/reference/parameters/imjournal-usepid.rst (+56/-0)
doc/source/reference/parameters/imjournal-usepidfromsystem.rst (+51/-0)
doc/source/reference/parameters/imjournal-workaroundjournalbug.rst (+50/-0)
doc/source/reference/parameters/imptcp-address.rst (+54/-0)
doc/source/reference/parameters/imptcp-addtlframedelimiter.rst (+76/-0)
doc/source/reference/parameters/imptcp-compression-mode.rst (+43/-0)
doc/source/reference/parameters/imptcp-defaulttz.rst (+42/-0)
doc/source/reference/parameters/imptcp-discardtruncatedmsg.rst (+43/-0)
doc/source/reference/parameters/imptcp-failonchownfailure.rst (+42/-0)
doc/source/reference/parameters/imptcp-filecreatemode.rst (+45/-0)
doc/source/reference/parameters/imptcp-filegroup.rst (+43/-0)
doc/source/reference/parameters/imptcp-filegroupnum.rst (+43/-0)
doc/source/reference/parameters/imptcp-fileowner.rst (+43/-0)
doc/source/reference/parameters/imptcp-fileownernum.rst (+43/-0)
doc/source/reference/parameters/imptcp-flowcontrol.rst (+42/-0)
doc/source/reference/parameters/imptcp-framing-delimiter-regex.rst (+53/-0)
doc/source/reference/parameters/imptcp-framingfix-cisco-asa.rst (+43/-0)
doc/source/reference/parameters/imptcp-keepalive-interval.rst (+57/-0)
doc/source/reference/parameters/imptcp-keepalive-probes.rst (+57/-0)
doc/source/reference/parameters/imptcp-keepalive-time.rst (+58/-0)
doc/source/reference/parameters/imptcp-keepalive.rst (+54/-0)
doc/source/reference/parameters/imptcp-listenportfilename.rst (+43/-0)
doc/source/reference/parameters/imptcp-maxframesize.rst (+46/-0)
doc/source/reference/parameters/imptcp-maxsessions.rst (+53/-0)
doc/source/reference/parameters/imptcp-multiline.rst (+42/-0)
doc/source/reference/parameters/imptcp-name.rst (+57/-0)
doc/source/reference/parameters/imptcp-notifyonconnectionclose.rst (+54/-0)
doc/source/reference/parameters/imptcp-notifyonconnectionopen.rst (+42/-0)
doc/source/reference/parameters/imptcp-path.rst (+42/-0)
doc/source/reference/parameters/imptcp-port.rst (+54/-0)
doc/source/reference/parameters/imptcp-processonpoller.rst (+52/-0)
doc/source/reference/parameters/imptcp-ratelimit-burst.rst (+41/-0)
doc/source/reference/parameters/imptcp-ratelimit-interval.rst (+42/-0)
doc/source/reference/parameters/imptcp-ruleset.rst (+54/-0)
doc/source/reference/parameters/imptcp-socketbacklog.rst (+55/-0)
doc/source/reference/parameters/imptcp-supportoctetcountedframing.rst (+57/-0)
doc/source/reference/parameters/imptcp-threads.rst (+59/-0)
doc/source/reference/parameters/imptcp-unlink.rst (+42/-0)
doc/source/reference/parameters/imtcp-address.rst (+41/-0)
doc/source/reference/parameters/imtcp-addtlframedelimiter.rst (+69/-0)
doc/source/reference/parameters/imtcp-disablelfdelimiter.rst (+75/-0)
doc/source/reference/parameters/imtcp-discardtruncatedmsg.rst (+54/-0)
doc/source/reference/parameters/imtcp-flowcontrol.rst (+74/-0)
doc/source/reference/parameters/imtcp-gnutlsprioritystring.rst (+99/-0)
doc/source/reference/parameters/imtcp-keepalive-interval.rst (+55/-0)
doc/source/reference/parameters/imtcp-keepalive-probes.rst (+71/-0)
doc/source/reference/parameters/imtcp-keepalive-time.rst (+72/-0)
doc/source/reference/parameters/imtcp-keepalive.rst (+68/-0)
doc/source/reference/parameters/imtcp-listenportfilename.rst (+49/-0)
doc/source/reference/parameters/imtcp-maxframesize.rst (+61/-0)
doc/source/reference/parameters/imtcp-maxlisteners.rst (+68/-0)
doc/source/reference/parameters/imtcp-maxsessions.rst (+68/-0)
doc/source/reference/parameters/imtcp-name.rst (+55/-0)
doc/source/reference/parameters/imtcp-notifyonconnectionclose.rst (+68/-0)
doc/source/reference/parameters/imtcp-notifyonconnectionopen.rst (+43/-0)
doc/source/reference/parameters/imtcp-permittedpeer.rst (+79/-0)
doc/source/reference/parameters/imtcp-port.rst (+54/-0)
doc/source/reference/parameters/imtcp-preservecase.rst (+55/-0)
doc/source/reference/parameters/imtcp-ratelimit-burst.rst (+41/-0)
doc/source/reference/parameters/imtcp-ratelimit-interval.rst (+42/-0)
doc/source/reference/parameters/imtcp-ruleset.rst (+53/-0)
doc/source/reference/parameters/imtcp-socketbacklog.rst (+61/-0)
doc/source/reference/parameters/imtcp-starvationprotection-maxreads.rst (+80/-0)
doc/source/reference/parameters/imtcp-streamdriver-authmode.rst (+69/-0)
doc/source/reference/parameters/imtcp-streamdriver-cafile.rst (+44/-0)
doc/source/reference/parameters/imtcp-streamdriver-certfile.rst (+52/-0)
doc/source/reference/parameters/imtcp-streamdriver-checkextendedkeypurpose.rst (+56/-0)
doc/source/reference/parameters/imtcp-streamdriver-crlfile.rst (+45/-0)
doc/source/reference/parameters/imtcp-streamdriver-keyfile.rst (+44/-0)
doc/source/reference/parameters/imtcp-streamdriver-mode.rst (+69/-0)
doc/source/reference/parameters/imtcp-streamdriver-name.rst (+56/-0)
doc/source/reference/parameters/imtcp-streamdriver-permitexpiredcerts.rst (+62/-0)
doc/source/reference/parameters/imtcp-streamdriver-prioritizesan.rst (+55/-0)
doc/source/reference/parameters/imtcp-streamdriver-tlsverifydepth.rst (+61/-0)
doc/source/reference/parameters/imtcp-supportoctetcountedframing.rst (+59/-0)
doc/source/reference/parameters/imtcp-workerthreads.rst (+72/-0)
doc/source/reference/parameters/imudp-address.rst (+54/-0)
doc/source/reference/parameters/imudp-batchsize.rst (+50/-0)
doc/source/reference/parameters/imudp-defaulttz.rst (+51/-0)
doc/source/reference/parameters/imudp-device.rst (+51/-0)
doc/source/reference/parameters/imudp-ipfreebind.rst (+52/-0)
doc/source/reference/parameters/imudp-name-appendport.rst (+65/-0)
doc/source/reference/parameters/imudp-name.rst (+63/-0)
doc/source/reference/parameters/imudp-port.rst (+68/-0)
doc/source/reference/parameters/imudp-preservecase.rst (+44/-0)
doc/source/reference/parameters/imudp-ratelimit-burst.rst (+41/-0)
doc/source/reference/parameters/imudp-ratelimit-interval.rst (+42/-0)
doc/source/reference/parameters/imudp-rcvbufsize.rst (+58/-0)
doc/source/reference/parameters/imudp-ruleset.rst (+53/-0)
doc/source/reference/parameters/imudp-schedulingpolicy.rst (+56/-0)
doc/source/reference/parameters/imudp-schedulingpriority.rst (+53/-0)
doc/source/reference/parameters/imudp-threads.rst (+47/-0)
doc/source/reference/parameters/imudp-timerequery.rst (+66/-0)
doc/source/reference/parameters/imuxsock-annotate.rst (+53/-0)
doc/source/reference/parameters/imuxsock-createpath.rst (+65/-0)
doc/source/reference/parameters/imuxsock-flowcontrol.rst (+52/-0)
doc/source/reference/parameters/imuxsock-hostname.rst (+53/-0)
doc/source/reference/parameters/imuxsock-ignoreownmessages.rst (+48/-0)
doc/source/reference/parameters/imuxsock-ignoretimestamp.rst (+53/-0)
doc/source/reference/parameters/imuxsock-parsehostname.rst (+44/-0)
doc/source/reference/parameters/imuxsock-parsetrusted.rst (+53/-0)
doc/source/reference/parameters/imuxsock-ratelimit-burst.rst (+53/-0)
doc/source/reference/parameters/imuxsock-ratelimit-interval.rst (+56/-0)
doc/source/reference/parameters/imuxsock-ratelimit-severity.rst (+56/-0)
doc/source/reference/parameters/imuxsock-ruleset.rst (+42/-0)
doc/source/reference/parameters/imuxsock-socket.rst (+52/-0)
doc/source/reference/parameters/imuxsock-syssock-annotate.rst (+53/-0)
doc/source/reference/parameters/imuxsock-syssock-flowcontrol.rst (+52/-0)
doc/source/reference/parameters/imuxsock-syssock-ignoreownmessages.rst (+48/-0)
doc/source/reference/parameters/imuxsock-syssock-ignoretimestamp.rst (+53/-0)
doc/source/reference/parameters/imuxsock-syssock-name.rst (+58/-0)
doc/source/reference/parameters/imuxsock-syssock-parsehostname.rst (+49/-0)
doc/source/reference/parameters/imuxsock-syssock-parsetrusted.rst (+60/-0)
doc/source/reference/parameters/imuxsock-syssock-ratelimit-burst.rst (+53/-0)
doc/source/reference/parameters/imuxsock-syssock-ratelimit-interval.rst (+56/-0)
doc/source/reference/parameters/imuxsock-syssock-ratelimit-severity.rst (+56/-0)
doc/source/reference/parameters/imuxsock-syssock-unlink.rst (+45/-0)
doc/source/reference/parameters/imuxsock-syssock-use.rst (+66/-0)
doc/source/reference/parameters/imuxsock-syssock-usepidfromsystem.rst (+55/-0)
doc/source/reference/parameters/imuxsock-syssock-usespecialparser.rst (+52/-0)
doc/source/reference/parameters/imuxsock-syssock-usesystimestamp.rst (+58/-0)
doc/source/reference/parameters/imuxsock-unlink.rst (+51/-0)
doc/source/reference/parameters/imuxsock-usepidfromsystem.rst (+55/-0)
doc/source/reference/parameters/imuxsock-usespecialparser.rst (+45/-0)
doc/source/reference/parameters/imuxsock-usesystimestamp.rst (+59/-0)
doc/source/reference/parameters/mmaitag-apikey.rst (+42/-0)
doc/source/reference/parameters/mmaitag-apikey_file.rst (+43/-0)
doc/source/reference/parameters/mmaitag-expert-initialprompt.rst (+44/-0)
doc/source/reference/parameters/mmaitag-inputproperty.rst (+42/-0)
doc/source/reference/parameters/mmaitag-model.rst (+41/-0)
doc/source/reference/parameters/mmaitag-provider.rst (+42/-0)
doc/source/reference/parameters/mmaitag-tag.rst (+42/-0)
doc/source/reference/parameters/mmanon-embeddedipv4-anonmode.rst (+55/-0)
doc/source/reference/parameters/mmanon-embeddedipv4-bits.rst (+48/-0)
doc/source/reference/parameters/mmanon-embeddedipv4-enable.rst (+43/-0)
doc/source/reference/parameters/mmanon-ipv4-bits.rst (+54/-0)
doc/source/reference/parameters/mmanon-ipv4-enable.rst (+43/-0)
doc/source/reference/parameters/mmanon-ipv4-mode.rst (+74/-0)
doc/source/reference/parameters/mmanon-ipv4-replacechar.rst (+55/-0)
doc/source/reference/parameters/mmanon-ipv6-anonmode.rst (+55/-0)
doc/source/reference/parameters/mmanon-ipv6-bits.rst (+47/-0)
doc/source/reference/parameters/mmanon-ipv6-enable.rst (+45/-0)
doc/source/reference/parameters/mmcount-appname.rst (+52/-0)
doc/source/reference/parameters/mmcount-key.rst (+51/-0)
doc/source/reference/parameters/mmcount-value.rst (+51/-0)
doc/source/reference/parameters/mmdarwin-container.rst (+51/-0)
doc/source/reference/parameters/mmdarwin-fields.rst (+82/-0)
doc/source/reference/parameters/mmdarwin-filtercode.rst (+44/-0)
doc/source/reference/parameters/mmdarwin-key.rst (+73/-0)
doc/source/reference/parameters/mmdarwin-response.rst (+60/-0)
doc/source/reference/parameters/mmdarwin-send_partial.rst (+68/-0)
doc/source/reference/parameters/mmdarwin-socketpath.rst (+41/-0)
doc/source/reference/parameters/mmdblookup-container.rst (+44/-0)
doc/source/reference/parameters/mmdblookup-fields.rst (+60/-0)
doc/source/reference/parameters/mmdblookup-key.rst (+45/-0)
doc/source/reference/parameters/mmdblookup-mmdbfile.rst (+45/-0)
doc/source/reference/parameters/mmdblookup-reloadonhup.rst (+48/-0)
doc/source/reference/parameters/mmexternal-binary.rst (+49/-0)
doc/source/reference/parameters/mmexternal-forcesingleinstance.rst (+66/-0)
doc/source/reference/parameters/mmexternal-interface-input.rst (+64/-0)
doc/source/reference/parameters/mmexternal-output.rst (+59/-0)
doc/source/reference/parameters/mmfields-jsonroot.rst (+43/-0)
doc/source/reference/parameters/mmfields-separator.rst (+51/-0)
doc/source/reference/parameters/mmjsonparse-allow_trailing.rst (+53/-0)
doc/source/reference/parameters/mmjsonparse-container.rst (+51/-0)
doc/source/reference/parameters/mmjsonparse-cookie.rst (+50/-0)
doc/source/reference/parameters/mmjsonparse-max_scan_bytes.rst (+50/-0)
doc/source/reference/parameters/mmjsonparse-mode.rst (+49/-0)
doc/source/reference/parameters/mmjsonparse-userawmsg.rst (+48/-0)
doc/source/reference/parameters/mmjsonrewrite-input.rst (+50/-0)
doc/source/reference/parameters/mmjsonrewrite-output.rst (+50/-0)
doc/source/reference/parameters/mmjsontransform-input.rst (+51/-0)
doc/source/reference/parameters/mmjsontransform-mode.rst (+56/-0)
doc/source/reference/parameters/mmjsontransform-output.rst (+50/-0)
doc/source/reference/parameters/mmkubernetes-allowunsignedcerts.rst (+43/-0)
doc/source/reference/parameters/mmkubernetes-annotation-match.rst (+46/-0)
doc/source/reference/parameters/mmkubernetes-busyretryinterval.rst (+50/-0)
doc/source/reference/parameters/mmkubernetes-cacheentryttl.rst (+50/-0)
doc/source/reference/parameters/mmkubernetes-cacheexpireinterval.rst (+61/-0)
doc/source/reference/parameters/mmkubernetes-containerrulebase.rst (+43/-0)
doc/source/reference/parameters/mmkubernetes-containerrules.rst (+60/-0)
doc/source/reference/parameters/mmkubernetes-de-dot-separator.rst (+43/-0)
doc/source/reference/parameters/mmkubernetes-de-dot.rst (+43/-0)
doc/source/reference/parameters/mmkubernetes-dstmetadatapath.rst (+43/-0)
doc/source/reference/parameters/mmkubernetes-filenamerulebase.rst (+43/-0)
doc/source/reference/parameters/mmkubernetes-filenamerules.rst (+54/-0)
doc/source/reference/parameters/mmkubernetes-kubernetesurl.rst (+41/-0)
doc/source/reference/parameters/mmkubernetes-skipverifyhost.rst (+43/-0)
doc/source/reference/parameters/mmkubernetes-srcmetadatapath.rst (+42/-0)
doc/source/reference/parameters/mmkubernetes-sslpartialchain.rst (+56/-0)
doc/source/reference/parameters/mmkubernetes-tls-cacert.rst (+45/-0)
doc/source/reference/parameters/mmkubernetes-tls-mycert.rst (+43/-0)
doc/source/reference/parameters/mmkubernetes-tls-myprivkey.rst (+44/-0)
doc/source/reference/parameters/mmkubernetes-token.rst (+43/-0)
doc/source/reference/parameters/mmkubernetes-tokenfile.rst (+43/-0)
doc/source/reference/parameters/mmnormalize-allowregex.rst (+44/-0)
doc/source/reference/parameters/mmnormalize-path.rst (+44/-0)
doc/source/reference/parameters/mmnormalize-rule.rst (+45/-0)
doc/source/reference/parameters/mmnormalize-rulebase.rst (+57/-0)
doc/source/reference/parameters/mmnormalize-userawmsg.rst (+54/-0)
doc/source/reference/parameters/mmnormalize-variable.rst (+47/-0)
doc/source/reference/parameters/mmpstrucdata-jsonroot.rst (+41/-0)
doc/source/reference/parameters/mmpstrucdata-sd_name.lowercase.rst (+44/-0)
doc/source/reference/parameters/mmrfc5424addhmac-hashfunction.rst (+43/-0)
doc/source/reference/parameters/mmrfc5424addhmac-key.rst (+43/-0)
doc/source/reference/parameters/mmrfc5424addhmac-sd-id.rst (+43/-0)
doc/source/reference/parameters/mmsnmptrapd-severitymapping.rst (+63/-0)
doc/source/reference/parameters/mmsnmptrapd-tag.rst (+57/-0)
doc/source/reference/parameters/mmtaghostname-forcelocalhostname.rst (+53/-0)
doc/source/reference/parameters/mmtaghostname-tag.rst (+46/-0)
doc/source/reference/parameters/mmutf8fix-mode.rst (+64/-0)
doc/source/reference/parameters/mmutf8fix-replacementchar.rst (+44/-0)
doc/source/reference/parameters/omelasticsearch-allowunsignedcerts.rst (+40/-0)
doc/source/reference/parameters/omelasticsearch-asyncrepl.rst (+44/-0)
doc/source/reference/parameters/omelasticsearch-bulkid.rst (+40/-0)
doc/source/reference/parameters/omelasticsearch-bulkmode.rst (+44/-0)
doc/source/reference/parameters/omelasticsearch-dynbulkid.rst (+44/-0)
doc/source/reference/parameters/omelasticsearch-dynparent.rst (+44/-0)
doc/source/reference/parameters/omelasticsearch-dynpipelinename.rst (+44/-0)
doc/source/reference/parameters/omelasticsearch-dynsearchindex.rst (+44/-0)
doc/source/reference/parameters/omelasticsearch-dynsearchtype.rst (+44/-0)
doc/source/reference/parameters/omelasticsearch-errorfile.rst (+40/-0)
doc/source/reference/parameters/omelasticsearch-esversion-major.rst (+56/-0)
doc/source/reference/parameters/omelasticsearch-healthchecktimeout.rst (+40/-0)
doc/source/reference/parameters/omelasticsearch-indextimeout.rst (+40/-0)
doc/source/reference/parameters/omelasticsearch-maxbytes.rst (+40/-0)
doc/source/reference/parameters/omelasticsearch-parent.rst (+40/-0)
doc/source/reference/parameters/omelasticsearch-pipelinename.rst (+40/-0)
doc/source/reference/parameters/omelasticsearch-pwd.rst (+40/-0)
doc/source/reference/parameters/omelasticsearch-ratelimit-burst.rst (+41/-0)
doc/source/reference/parameters/omelasticsearch-ratelimit-interval.rst (+41/-0)
doc/source/reference/parameters/omelasticsearch-rebindinterval.rst (+40/-0)
doc/source/reference/parameters/omelasticsearch-retryfailures.rst (+44/-0)
doc/source/reference/parameters/omelasticsearch-retryruleset.rst (+40/-0)
doc/source/reference/parameters/omelasticsearch-searchindex.rst (+40/-0)
doc/source/reference/parameters/omelasticsearch-searchtype.rst (+40/-0)
doc/source/reference/parameters/omelasticsearch-server.rst (+40/-0)
doc/source/reference/parameters/omelasticsearch-serverport.rst (+40/-0)
doc/source/reference/parameters/omelasticsearch-skippipelineifempty.rst (+44/-0)
doc/source/reference/parameters/omelasticsearch-skipverifyhost.rst (+40/-0)
doc/source/reference/parameters/omelasticsearch-template.rst (+40/-0)
doc/source/reference/parameters/omelasticsearch-timeout.rst (+40/-0)
doc/source/reference/parameters/omelasticsearch-tls-cacert.rst (+41/-0)
doc/source/reference/parameters/omelasticsearch-tls-mycert.rst (+41/-0)
doc/source/reference/parameters/omelasticsearch-tls-myprivkey.rst (+41/-0)
doc/source/reference/parameters/omelasticsearch-uid.rst (+40/-0)
doc/source/reference/parameters/omelasticsearch-usehttps.rst (+44/-0)
doc/source/reference/parameters/omelasticsearch-writeoperation.rst (+40/-0)
doc/source/reference/parameters/omfile-addlf.rst (+93/-0)
doc/source/reference/parameters/omfile-asyncwriting.rst (+66/-0)
doc/source/reference/parameters/omfile-closetimeout.rst (+49/-0)
doc/source/reference/parameters/omfile-compression-driver.rst (+52/-0)
doc/source/reference/parameters/omfile-compression-zstd-workers.rst (+52/-0)
doc/source/reference/parameters/omfile-createdirs.rst (+61/-0)
doc/source/reference/parameters/omfile-cry-provider.rst (+47/-0)
doc/source/reference/parameters/omfile-dircreatemode.rst (+74/-0)
doc/source/reference/parameters/omfile-dirgroup.rst (+71/-0)
doc/source/reference/parameters/omfile-dirgroupnum.rst (+71/-0)
doc/source/reference/parameters/omfile-dirowner.rst (+71/-0)
doc/source/reference/parameters/omfile-dirownernum.rst (+71/-0)
doc/source/reference/parameters/omfile-dynafile-donotsuspend.rst (+50/-0)
doc/source/reference/parameters/omfile-dynafile.rst (+65/-0)
doc/source/reference/parameters/omfile-dynafilecachesize.rst (+72/-0)
doc/source/reference/parameters/omfile-failonchownfailure.rst (+67/-0)
doc/source/reference/parameters/omfile-file.rst (+50/-0)
doc/source/reference/parameters/omfile-filecreatemode.rst (+74/-0)
doc/source/reference/parameters/omfile-filegroup.rst (+71/-0)
doc/source/reference/parameters/omfile-filegroupnum.rst (+71/-0)
doc/source/reference/parameters/omfile-fileowner.rst (+71/-0)
doc/source/reference/parameters/omfile-fileownernum.rst (+71/-0)
doc/source/reference/parameters/omfile-flushinterval.rst (+58/-0)
doc/source/reference/parameters/omfile-flushontxend.rst (+77/-0)
doc/source/reference/parameters/omfile-iobuffersize.rst (+59/-0)
doc/source/reference/parameters/omfile-rotation-sizelimit.rst (+67/-0)
doc/source/reference/parameters/omfile-rotation-sizelimitcommand.rst (+62/-0)
doc/source/reference/parameters/omfile-sig-provider.rst (+49/-0)
doc/source/reference/parameters/omfile-sync.rst (+72/-0)
doc/source/reference/parameters/omfile-template.rst (+67/-0)
doc/source/reference/parameters/omfile-veryrobustzip.rst (+72/-0)
doc/source/reference/parameters/omfile-ziplevel.rst (+58/-0)
doc/source/reference/parameters/omkafka-broker.rst (+44/-0)
doc/source/reference/parameters/omkafka-closetimeout.rst (+46/-0)
doc/source/reference/parameters/omkafka-confparam.rst (+50/-0)
doc/source/reference/parameters/omkafka-dynakey.rst (+50/-0)
doc/source/reference/parameters/omkafka-dynatopic-cachesize.rst (+44/-0)
doc/source/reference/parameters/omkafka-dynatopic.rst (+50/-0)
doc/source/reference/parameters/omkafka-errorfile.rst (+45/-0)
doc/source/reference/parameters/omkafka-failedmsgfile.rst (+47/-0)
doc/source/reference/parameters/omkafka-kafkaheader.rst (+44/-0)
doc/source/reference/parameters/omkafka-keepfailedmessages.rst (+51/-0)
doc/source/reference/parameters/omkafka-key.rst (+46/-0)
doc/source/reference/parameters/omkafka-partitions-auto.rst (+51/-0)
doc/source/reference/parameters/omkafka-partitions-number.rst (+45/-0)
doc/source/reference/parameters/omkafka-partitions-usefixed.rst (+45/-0)
doc/source/reference/parameters/omkafka-resubmitonfailure.rst (+53/-0)
doc/source/reference/parameters/omkafka-statsfile.rst (+45/-0)
doc/source/reference/parameters/omkafka-statsname.rst (+47/-0)
doc/source/reference/parameters/omkafka-template.rst (+44/-0)
doc/source/reference/parameters/omkafka-topic.rst (+44/-0)
doc/source/reference/parameters/omkafka-topicconfparam.rst (+49/-0)
doc/source/reference/parameters/omprog-begintransactionmark.rst (+45/-0)
doc/source/reference/parameters/omprog-binary.rst (+57/-0)
doc/source/reference/parameters/omprog-closetimeout.rst (+47/-0)
doc/source/reference/parameters/omprog-committransactionmark.rst (+45/-0)
doc/source/reference/parameters/omprog-confirmmessages.rst (+65/-0)
doc/source/reference/parameters/omprog-confirmtimeout.rst (+53/-0)
doc/source/reference/parameters/omprog-filecreatemode.rst (+47/-0)
doc/source/reference/parameters/omprog-forcesingleinstance.rst (+61/-0)
doc/source/reference/parameters/omprog-hup-signal.rst (+44/-0)
doc/source/reference/parameters/omprog-killunresponsive.rst (+64/-0)
doc/source/reference/parameters/omprog-output.rst (+71/-0)
doc/source/reference/parameters/omprog-reportfailures.rst (+56/-0)
doc/source/reference/parameters/omprog-signalonclose.rst (+57/-0)
doc/source/reference/parameters/omprog-template.rst (+42/-0)
doc/source/reference/parameters/omprog-usetransactions.rst (+69/-0)
doc/source/reference/parameters/omsnmp-community.rst (+55/-0)
doc/source/reference/parameters/omsnmp-enterpriseoid.rst (+60/-0)
doc/source/reference/parameters/omsnmp-messageoid.rst (+61/-0)
doc/source/reference/parameters/omsnmp-port.rst (+55/-0)
doc/source/reference/parameters/omsnmp-server.rst (+57/-0)
doc/source/reference/parameters/omsnmp-snmpv1dynsource.rst (+59/-0)
doc/source/reference/parameters/omsnmp-specifictype.rst (+56/-0)
doc/source/reference/parameters/omsnmp-transport.rst (+58/-0)
doc/source/reference/parameters/omsnmp-trapoid.rst (+68/-0)
doc/source/reference/parameters/omsnmp-traptype.rst (+72/-0)
doc/source/reference/parameters/omsnmp-version.rst (+58/-0)
doc/source/reference/parameters/pmrfc3164-detect-headerless.rst (+52/-0)
doc/source/reference/parameters/pmrfc3164-detect-yearaftertimestamp.rst (+46/-0)
doc/source/reference/parameters/pmrfc3164-force-tagendingbycolon.rst (+46/-0)
doc/source/reference/parameters/pmrfc3164-headerless-drop.rst (+46/-0)
doc/source/reference/parameters/pmrfc3164-headerless-errorfile.rst (+42/-0)
doc/source/reference/parameters/pmrfc3164-headerless-hostname.rst (+42/-0)
doc/source/reference/parameters/pmrfc3164-headerless-ruleset.rst (+42/-0)
doc/source/reference/parameters/pmrfc3164-headerless-tag.rst (+42/-0)
doc/source/reference/parameters/pmrfc3164-permit-atsignsinhostname.rst (+46/-0)
doc/source/reference/parameters/pmrfc3164-permit-slashesinhostname.rst (+46/-0)
doc/source/reference/parameters/pmrfc3164-permit-squarebracketsinhostname.rst (+46/-0)
doc/source/reference/parameters/pmrfc3164-remove-msgfirstspace.rst (+46/-0)
doc/source/reference/properties/message-app-name.rst (+45/-0)
doc/source/reference/properties/message-fromhost-ip.rst (+40/-0)
doc/source/reference/properties/message-fromhost-port.rst (+40/-0)
doc/source/reference/properties/message-fromhost.rst (+45/-0)
doc/source/reference/properties/message-hostname.rst (+45/-0)
doc/source/reference/properties/message-inputname.rst (+48/-0)
doc/source/reference/properties/message-iut.rst (+41/-0)
doc/source/reference/properties/message-jsonmesg.rst (+55/-0)
doc/source/reference/properties/message-msg.rst (+39/-0)
doc/source/reference/properties/message-msgid.rst (+44/-0)
doc/source/reference/properties/message-pri-text.rst (+43/-0)
doc/source/reference/properties/message-pri.rst (+46/-0)
doc/source/reference/properties/message-procid.rst (+44/-0)
doc/source/reference/properties/message-programname.rst (+64/-0)
doc/source/reference/properties/message-protocol-version.rst (+44/-0)
doc/source/reference/properties/message-rawmsg-after-pri.rst (+47/-0)
doc/source/reference/properties/message-rawmsg.rst (+42/-0)
doc/source/reference/properties/message-source.rst (+39/-0)
doc/source/reference/properties/message-structured-data.rst (+44/-0)
doc/source/reference/properties/message-syslogfacility-text.rst (+53/-0)
doc/source/reference/properties/message-syslogfacility.rst (+68/-0)
doc/source/reference/properties/message-syslogpriority-text.rst (+40/-0)
doc/source/reference/properties/message-syslogpriority.rst (+41/-0)
doc/source/reference/properties/message-syslogseverity-text.rst (+59/-0)
doc/source/reference/properties/message-syslogseverity.rst (+69/-0)
doc/source/reference/properties/message-syslogtag.rst (+39/-0)
doc/source/reference/properties/message-timegenerated.rst (+50/-0)
doc/source/reference/properties/message-timereported.rst (+52/-0)
doc/source/reference/properties/message-timestamp.rst (+39/-0)
doc/source/reference/properties/message-uuid.rst (+59/-0)
doc/source/reference/properties/system-bom.rst (+40/-0)
doc/source/reference/properties/system-myhostname.rst (+40/-0)
doc/source/reference/properties/system-time-day.rst (+39/-0)
doc/source/reference/properties/system-time-hhour.rst (+40/-0)
doc/source/reference/properties/system-time-hour.rst (+39/-0)
doc/source/reference/properties/system-time-minute.rst (+39/-0)
doc/source/reference/properties/system-time-month.rst (+39/-0)
doc/source/reference/properties/system-time-now-unixtimestamp.rst (+72/-0)
doc/source/reference/properties/system-time-now.rst (+46/-0)
doc/source/reference/properties/system-time-qhour.rst (+40/-0)
doc/source/reference/properties/system-time-wday.rst (+39/-0)
doc/source/reference/properties/system-time-year.rst (+39/-0)
doc/source/reference/templates/templates-examples.rst (+147/-0)
doc/source/reference/templates/templates-legacy.rst (+36/-0)
doc/source/reference/templates/templates-options.rst (+55/-0)
doc/source/reference/templates/templates-reserved-names.rst (+185/-0)
doc/source/reference/templates/templates-statement-constant.rst (+66/-0)
doc/source/reference/templates/templates-statement-property.rst (+91/-0)
doc/source/reference/templates/templates-type-list.rst (+173/-0)
doc/source/reference/templates/templates-type-plugin.rst (+25/-0)
doc/source/reference/templates/templates-type-string.rst (+28/-0)
doc/source/reference/templates/templates-type-subtree.rst (+97/-0)
doc/source/templates.rst (+6/-0)
doc/source/tls_cert.jpg (+12/-0)
doc/source/tls_cert_100.jpg (+11/-0)
doc/source/tls_cert_ca.jpg (+11/-0)
doc/source/troubleshooting/debug.rst (+185/-0)
doc/source/troubleshooting/file_not_written.rst (+53/-0)
doc/source/troubleshooting/howtodebug.rst (+57/-0)
doc/source/troubleshooting/index.rst (+19/-0)
doc/source/troubleshooting/selinux.rst (+27/-0)
doc/source/troubleshooting/troubleshoot.rst (+433/-0)
doc/source/tutorials/database.rst (+316/-0)
doc/source/tutorials/failover_syslog_server.rst (+72/-0)
doc/source/tutorials/gelf_forwarding.rst (+70/-0)
doc/source/tutorials/hash_sampling.rst (+82/-0)
doc/source/tutorials/high_database_rate.rst (+161/-0)
doc/source/tutorials/index.rst (+18/-0)
doc/source/tutorials/log_rotation_fix_size.rst (+72/-0)
doc/source/tutorials/log_sampling.rst (+13/-0)
doc/source/tutorials/random_sampling.rst (+16/-0)
doc/source/tutorials/recording_pri.rst (+174/-0)
doc/source/tutorials/reliable_forwarding.rst (+202/-0)
doc/source/tutorials/tls.rst (+335/-0)
doc/source/tutorials/tls_cert_ca.rst (+147/-0)
doc/source/tutorials/tls_cert_client.rst (+74/-0)
doc/source/tutorials/tls_cert_errmsgs.rst (+111/-0)
doc/source/tutorials/tls_cert_machine.rst (+164/-0)
doc/source/tutorials/tls_cert_scenario.rst (+26/-0)
doc/source/tutorials/tls_cert_script.rst (+159/-0)
doc/source/tutorials/tls_cert_server.rst (+115/-0)
doc/source/tutorials/tls_cert_summary.rst (+143/-0)
doc/source/tutorials/tls_cert_udp_relay.rst (+89/-0)
doc/source/whitepapers/index.rst (+19/-0)
doc/source/whitepapers/preserve_in_nat.rst (+18/-0)
doc/source/whitepapers/queues_analogy.rst (+364/-0)
doc/source/whitepapers/reliable_logging.rst (+81/-0)
doc/source/whitepapers/syslog_parsing.rst (+281/-0)
doc/source/whitepapers/syslog_protocol.rst (+218/-0)
grammar/Makefile.in (+4/-0)
grammar/grammar.c (+411/-402)
grammar/grammar.h (+5/-3)
grammar/grammar.y (+3/-1)
grammar/lexer.c (+1414/-1360)
grammar/lexer.l (+78/-31)
grammar/parserif.h (+1/-1)
grammar/rainerscript.c (+5284/-5294)
grammar/rainerscript.h (+269/-235)
outchannel.c (+151/-179)
outchannel.h (+8/-8)
parse.c (+331/-360)
parse.h (+7/-8)
plugins/fmhttp/Makefile.in (+4/-0)
plugins/fmhttp/fmhttp.c (+100/-111)
plugins/fmpcre/Makefile.am (+5/-0)
plugins/fmpcre/Makefile.in (+803/-0)
plugins/fmpcre/README.md (+23/-0)
plugins/fmpcre/fmpcre.c (+112/-0)
plugins/im3195/Makefile.in (+4/-0)
plugins/im3195/im3195.c (+78/-80)
plugins/imdiag/Makefile.in (+4/-0)
plugins/imdiag/imdiag.c (+621/-665)
plugins/imdtls/Makefile.in (+4/-0)
plugins/imdtls/imdtls.c (+911/-955)
plugins/imfile/Makefile.in (+4/-0)
plugins/imfile/imfile.c (+2279/-2411)
plugins/imfile/siphash.c (+134/-143)
plugins/imgssapi/Makefile.in (+4/-0)
plugins/imgssapi/imgssapi.c (+526/-567)
plugins/imjournal/Makefile.in (+4/-0)
plugins/imjournal/dummy.c (+46/-47)
plugins/imjournal/imjournal.c (+1158/-1208)
plugins/imkafka/Makefile.in (+4/-0)
plugins/imkafka/dummy.c (+46/-47)
plugins/imkafka/imkafka.c (+628/-692)
plugins/imklog/Makefile.in (+4/-0)
plugins/imklog/bsd.c (+197/-223)
plugins/imklog/imklog.c (+318/-354)
plugins/imklog/imklog.h (+21/-21)
plugins/immark/Makefile.in (+4/-0)
plugins/immark/immark.c (+188/-198)
plugins/immark/immark.h (+2/-2)
plugins/impstats/Makefile.in (+4/-0)
plugins/impstats/impstats.c (+398/-434)
plugins/imptcp/Makefile.in (+4/-0)
plugins/imptcp/imptcp.c (+2067/-2163)
plugins/imrelp/Makefile.in (+4/-0)
plugins/imrelp/imrelp.c (+689/-725)
plugins/imsolaris/Makefile.in (+4/-0)
plugins/imsolaris/imsolaris.c (+220/-239)
plugins/imsolaris/sun_cddl.c (+301/-304)
plugins/imsolaris/sun_cddl.h (+1/-1)
plugins/imtcp/Makefile.in (+4/-0)
plugins/imtcp/imtcp.c (+951/-998)
plugins/imudp/Makefile.in (+4/-0)
plugins/imudp/imudp.c (+1064/-1122)
plugins/imuxsock/Makefile.in (+4/-0)
plugins/imuxsock/imuxsock.c (+1337/-1403)
plugins/mmaitag/Makefile.am (+8/-0)
plugins/mmaitag/Makefile.in (+827/-0)
plugins/mmaitag/ai_provider.h (+72/-0)
plugins/mmaitag/ai_provider_gemini.c (+266/-0)
plugins/mmaitag/ai_provider_gemini_mock.c (+132/-0)
plugins/mmaitag/mmaitag.c (+253/-0)
plugins/mmanon/Makefile.in (+4/-0)
plugins/mmanon/mmanon.c (+1073/-1140)
plugins/mmaudit/Makefile.in (+4/-0)
plugins/mmaudit/mmaudit.c (+195/-208)
plugins/mmdblookup/Makefile.in (+4/-0)
plugins/mmdblookup/dummy.c (+46/-47)
plugins/mmdblookup/mmdblookup.c (+331/-347)
plugins/mmexternal/Makefile.in (+4/-0)
plugins/mmexternal/mmexternal.c (+405/-442)
plugins/mmfields/Makefile.in (+4/-0)
plugins/mmfields/mmfields.c (+127/-144)
plugins/mmjsonparse/Makefile.in (+4/-0)
plugins/mmjsonparse/mmjsonparse.c (+462/-257)
plugins/mmjsontransform/Makefile.am (+8/-0)
plugins/mmjsontransform/Makefile.in (+804/-0)
plugins/mmjsontransform/mmjsontransform.c (+1012/-0)
plugins/mmleefparse/Makefile.am (+14/-0)
plugins/mmleefparse/Makefile.in (+805/-0)
plugins/mmleefparse/mmleefparse.c (+655/-0)
plugins/mmnormalize/Makefile.in (+4/-0)
plugins/mmnormalize/mmnormalize.c (+362/-378)
plugins/mmpstrucdata/Makefile.in (+4/-0)
plugins/mmpstrucdata/mmpstrucdata.c (+233/-256)
plugins/mmrm1stspace/Makefile.in (+4/-0)
plugins/mmrm1stspace/mmrm1stspace.c (+55/-59)
plugins/mmsnareparse/Makefile.am (+8/-0)
plugins/mmsnareparse/Makefile.in (+803/-0)
plugins/mmsnareparse/mmsnareparse.c (+4963/-0)
plugins/mmsnmptrapd/Makefile.in (+4/-0)
plugins/mmsnmptrapd/mmsnmptrapd.c (+260/-277)
plugins/mmutf8fix/Makefile.in (+4/-0)
plugins/mmutf8fix/mmutf8fix.c (+176/-201)
plugins/omazureeventhubs/Makefile.am (+0/-1)
plugins/omazureeventhubs/Makefile.in (+4/-0)
plugins/omazureeventhubs/omazureeventhubs.c (+1172/-1222)
plugins/omclickhouse/Makefile.in (+4/-0)
plugins/omclickhouse/omclickhouse.c (+710/-776)
plugins/omdtls/Makefile.in (+4/-0)
plugins/omdtls/omdtls.c (+603/-638)
plugins/omelasticsearch/Makefile.in (+4/-0)
plugins/omelasticsearch/omelasticsearch.c (+2198/-1934)
plugins/omgssapi/Makefile.in (+4/-0)
plugins/omgssapi/omgssapi.c (+572/-589)
plugins/omhdfs/Makefile.in (+4/-0)
plugins/omhdfs/omhdfs.c (+309/-353)
plugins/omjournal/Makefile.in (+4/-0)
plugins/omjournal/omjournal.c (+215/-182)
plugins/omkafka/Makefile.in (+4/-0)
plugins/omkafka/dummy.c (+46/-47)
plugins/omkafka/omkafka.c (+1838/-1785)
plugins/omlibdbi/Makefile.in (+4/-0)
plugins/omlibdbi/dummy.c (+46/-47)
plugins/omlibdbi/omlibdbi.c (+415/-445)
plugins/ommail/Makefile.in (+4/-0)
plugins/ommail/ommail.c (+561/-617)
plugins/ommongodb/Makefile.in (+4/-0)
plugins/ommongodb/ommongodb.c (+569/-596)
plugins/ommysql/Makefile.in (+4/-0)
plugins/ommysql/ommysql.c (+393/-438)
plugins/ompgsql/Makefile.in (+4/-0)
plugins/ompgsql/ompgsql.c (+377/-406)
plugins/omprog/Makefile.in (+4/-0)
plugins/omprog/omprog.c (+960/-1003)
plugins/omrelp/Makefile.in (+4/-0)
plugins/omrelp/omrelp.c (+587/-609)
plugins/omruleset/Makefile.in (+4/-0)
plugins/omruleset/omruleset.c (+132/-137)
plugins/omsendertrack/Makefile.am (+8/-0)
plugins/omsendertrack/Makefile.in (+803/-0)
plugins/omsendertrack/omsendertrack.c (+827/-0)
plugins/omsnmp/Makefile.in (+4/-0)
plugins/omsnmp/omsnmp.c (+507/-516)
plugins/omsnmp/omsnmp.h (+71/-71)
plugins/omstdout/Makefile.in (+4/-0)
plugins/omstdout/omstdout.c (+205/-222)
plugins/omtesting/Makefile.in (+4/-0)
plugins/omtesting/omtesting.c (+214/-222)
plugins/omudpspoof/Makefile.in (+4/-0)
plugins/omudpspoof/omudpspoof.c (+527/-568)
plugins/omuxsock/Makefile.in (+4/-0)
plugins/omuxsock/omuxsock.c (+216/-242)
plugins/pmciscoios/Makefile.in (+4/-0)
plugins/pmciscoios/pmciscoios.c (+191/-207)
plugins/pmlastmsg/Makefile.in (+4/-0)
plugins/pmlastmsg/pmlastmsg.c (+78/-83)
plugins/pmnormalize/Makefile.in (+4/-0)
plugins/pmnormalize/pmnormalize.c (+152/-164)
plugins/pmnull/Makefile.in (+4/-0)
plugins/pmnull/pmnull.c (+89/-101)
runtime/Makefile.am (+1/-1)
runtime/Makefile.in (+17/-2)
runtime/atomic.h (+188/-191)
runtime/batch.h (+31/-34)
runtime/cfsysline.c (+708/-719)
runtime/cfsysline.h (+20/-11)
runtime/conf.c (+412/-448)
runtime/conf.h (+19/-20)
runtime/cryprov.h (+10/-10)
runtime/datetime.c (+987/-1077)
runtime/datetime.h (+39/-39)
runtime/debug.c (+295/-329)
runtime/debug.h (+29/-21)
runtime/dnscache.c (+330/-349)
runtime/dnscache.h (+4/-2)
runtime/dynstats.c (+485/-509)
runtime/dynstats.h (+43/-43)
runtime/errmsg.c (+158/-178)
runtime/errmsg.h (+85/-3)
runtime/glbl.c (+1091/-1137)
runtime/glbl.h (+69/-67)
runtime/gss-misc.c (+170/-191)
runtime/gss-misc.h (+6/-6)
runtime/hashtable.c (+204/-227)
runtime/hashtable.h (+19/-26)
runtime/hashtable_itr.c (+96/-112)
runtime/hashtable_itr.h (+18/-26)
runtime/hashtable_private.h (+21/-23)
runtime/im-helper.h (+15/-18)
runtime/janitor.c (+46/-54)
runtime/janitor.h (+5/-5)
runtime/lib_ksi_queue.c (+123/-138)
runtime/lib_ksi_queue.h (+15/-15)
runtime/lib_ksils12.c (+1644/-1817)
runtime/lib_ksils12.h (+122/-119)
runtime/libcry_common.c (+119/-125)
runtime/libgcry.c (+520/-601)
runtime/libgcry.h (+20/-23)
runtime/libossl.c (+467/-528)
runtime/libossl.h (+21/-23)
runtime/linkedlist.c (+212/-230)
runtime/linkedlist.h (+18/-16)
runtime/lmcry_gcry.c (+194/-220)
runtime/lmcry_gcry.h (+3/-2)
runtime/lmcry_ossl.c (+169/-194)
runtime/lmcry_ossl.h (+3/-2)
runtime/lmsig_ksi-ls12.c (+234/-238)
runtime/lmsig_ksi-ls12.h (+3/-2)
runtime/lookup.c (+919/-871)
runtime/lookup.h (+55/-41)
runtime/module-template.h (+652/-698)
runtime/modules.c (+1036/-1113)
runtime/modules.h (+107/-109)
runtime/msg.c (+4170/-4497)
runtime/msg.h (+156/-149)
runtime/net.c (+1263/-1317)
runtime/net.h (+135/-75)
runtime/net_ossl.c (+1001/-1055)
runtime/net_ossl.h (+73/-72)
runtime/netns_socket.c (+166/-0)
runtime/netns_socket.h (+40/-0)
runtime/netstrm.c (+222/-275)
runtime/netstrm.h (+56/-56)
runtime/netstrms.c (+274/-337)
runtime/netstrms.h (+52/-51)
runtime/nsd.h (+62/-63)
runtime/nsd_gtls.c (+1740/-1815)
runtime/nsd_gtls.h (+59/-64)
runtime/nsd_ossl.c (+1120/-1157)
runtime/nsd_ossl.h (+33/-32)
runtime/nsd_ptcp.c (+887/-813)
runtime/nsd_ptcp.h (+9/-8)
runtime/obj-types.h (+222/-238)
runtime/obj.c (+913/-970)
runtime/obj.h (+50/-50)
runtime/objomsr.c (+69/-79)
runtime/objomsr.h (+9/-9)
runtime/operatingstate.c (+120/-118)
runtime/operatingstate.h (+2/-2)
runtime/parser.c (+495/-536)
runtime/parser.h (+28/-27)
runtime/perctile_ringbuf.c (+264/-264)
runtime/perctile_ringbuf.h (+6/-6)
runtime/perctile_stats.c (+544/-568)
runtime/perctile_stats.h (+41/-41)
runtime/prop.c (+110/-120)
runtime/prop.h (+29/-22)
runtime/queue.c (+2805/-2772)
runtime/queue.h (+175/-147)
runtime/ratelimit.c (+250/-303)
runtime/ratelimit.h (+15/-15)
runtime/regexp.c (+211/-220)
runtime/regexp.h (+4/-4)
runtime/rsconf.c (+1144/-1247)
runtime/rsconf.h (+178/-178)
runtime/rsyslog.c (+132/-133)
runtime/rsyslog.h (+776/-671)
runtime/ruleset.c (+740/-864)
runtime/ruleset.h (+36/-35)
runtime/sigprov.h (+6/-6)
runtime/srUtils.h (+19/-13)
runtime/srutils.c (+549/-600)
runtime/statsobj.c (+622/-539)
runtime/statsobj.h (+89/-64)
runtime/stream.c (+1692/-1830)
runtime/stream.h (+152/-148)
runtime/strgen.c (+118/-136)
runtime/strgen.h (+15/-14)
runtime/stringbuf.c (+409/-443)
runtime/stringbuf.h (+24/-24)
runtime/syslogd-types.h (+53/-49)
runtime/tcpclt.c (+298/-325)
runtime/tcpclt.h (+27/-26)
runtime/tcps_sess.c (+441/-407)
runtime/tcps_sess.h (+43/-39)
runtime/tcpsrv.c (+1765/-1708)
runtime/tcpsrv.h (+207/-205)
runtime/timezones.c (+107/-136)
runtime/timezones.h (+3/-3)
runtime/typedefs.h (+123/-119)
runtime/unicode-helper.h (+5/-5)
runtime/unlimited_select.h (+5/-5)
runtime/var.c (+42/-46)
runtime/var.h (+18/-17)
runtime/wti.c (+317/-353)
runtime/wti.h (+71/-74)
runtime/wtp.c (+417/-450)
runtime/wtp.h (+41/-40)
runtime/zlibw.c (+120/-130)
runtime/zlibw.h (+8/-9)
runtime/zstdw.c (+103/-108)
runtime/zstdw.h (+4/-5)
template.c (+2766/-2172)
template.h (+138/-115)
tests/Makefile.am (+168/-38)
tests/Makefile.in (+292/-179)
tests/README (+77/-74)
tests/check_relpEngineVersion.c (+44/-51)
tests/chkseq.c (+189/-189)
tests/clickhouse-dflt-tpl.sh (+1/-1)
tests/diag.sh (+913/-209)
tests/diagtalker.c (+114/-105)
tests/diskqueue-multithread-es.sh (+0/-1)
tests/dynstats_overflow-vg.sh (+38/-0)
tests/dynstats_overflow.sh (+38/-0)
tests/endswith-basic.sh (+21/-0)
tests/es-basic-bulk.sh (+5/-5)
tests/es-basic-errfile-empty.sh (+4/-5)
tests/es-basic-errfile-popul.sh (+3/-7)
tests/es-basic-es7.14.sh (+6/-6)
tests/es-basic-ha-vg.sh (+4/-5)
tests/es-basic-ha.sh (+4/-5)
tests/es-basic-server.sh (+4/-4)
tests/es-basic-vgthread.sh (+5/-5)
tests/es-basic.sh (+6/-6)
tests/es-bulk-errfile-empty.sh (+6/-7)
tests/es-bulk-errfile-popul-def-format.sh (+0/-2)
tests/es-bulk-errfile-popul-def-interleaved.sh (+1/-2)
tests/es-bulk-errfile-popul-erronly-interleaved.sh (+0/-2)
tests/es-bulk-errfile-popul-erronly.sh (+0/-2)
tests/es-bulk-errfile-popul.sh (+3/-7)
tests/es-bulk-retry.sh (+1/-4)
tests/es-duplicated-ruleset.sh (+13/-14)
tests/es-execOnlyWhenPreviousSuspended.sh (+8/-7)
tests/es-maxbytes-bulk.sh (+5/-6)
tests/es-writeoperation.sh (+51/-32)
tests/fromhost-port-async-ruleset.sh (+32/-0)
tests/fromhost-port-tuple.sh (+28/-0)
tests/fromhost-port.sh (+26/-0)
tests/have_relpEngineSetTLSLibByName.c (+3/-4)
tests/have_relpSrvSetOversizeMode.c (+3/-4)
tests/have_relpSrvSetTlsConfigCmd.c (+3/-4)
tests/hostname-with-slash-dflt-invld.sh (+1/-1)
tests/imfile-logrotate-state-files.sh (+181/-0)
tests/imhttp-healthcheck.sh (+18/-0)
tests/imhttp-metrics.sh (+19/-0)
tests/imkafka-backgrounded.sh (+3/-3)
tests/imkafka-config-err-param.sh (+3/-3)
tests/imkafka-config-err-ruleset.sh (+3/-3)
tests/imkafka.sh (+5/-4)
tests/imkafka_multi_group.sh (+10/-8)
tests/imkafka_multi_single.sh (+3/-3)
tests/imptcp-msg-truncation-on-number.sh (+6/-2)
tests/imptcp-msg-truncation-on-number2.sh (+2/-1)
tests/imtcp-tls-gibberish.sh (+21/-0)
tests/inputfilegen.c (+166/-173)
tests/journal_print.c (+26/-27)
tests/kafka-selftest.sh (+7/-9)
tests/known_issues.supp (+30/-1)
tests/mangle_qi.c (+79/-86)
tests/manytcp-too-few-tls-vg.sh (+1/-0)
tests/manytcp.sh (+5/-2)
tests/miniamqpsrvr.c (+513/-566)
tests/minitcpsrvr.c (+254/-265)
tests/mmaitag-basic.sh (+27/-0)
tests/mmaitag-invalid-key.sh (+23/-0)
tests/mmexternal-SegFault-empty-jroot-vg.sh (+1/-1)
tests/mmexternal-SegFault.sh (+1/-1)
tests/mmjsonparse-find-json-basic.sh (+35/-0)
tests/mmjsonparse-find-json-invalid-mode.sh (+20/-0)
tests/mmjsonparse-find-json-invalid.sh (+35/-0)
tests/mmjsonparse-find-json-parser-validation.sh (+36/-0)
tests/mmjsonparse-find-json-scan-limit.sh (+35/-0)
tests/mmjsonparse-find-json-trailing.sh (+35/-0)
tests/mmleefparse_basic.sh (+46/-0)
tests/mmsnareparse-basic.sh (+56/-0)
tests/mmsnareparse-comprehensive-vg.sh (+125/-0)
tests/mmsnareparse-comprehensive.sh (+183/-0)
tests/mmsnareparse-custom.sh (+87/-0)
tests/mmsnareparse-enhanced-validation.sh (+105/-0)
tests/mmsnareparse-json.sh (+67/-0)
tests/mmsnareparse-kerberos.sh (+48/-0)
tests/mmsnareparse-realworld-4624-4634-5140.sh (+70/-0)
tests/mmsnareparse-syslog.sh (+46/-0)
tests/mmsnareparse-value-types.sh (+83/-0)
tests/msleep.c (+18/-20)
tests/omazureeventhubs-basic-url.sh (+1/-1)
tests/omazureeventhubs-basic.sh (+1/-1)
tests/omazureeventhubs-list.sh (+1/-1)
tests/omazureeventhubs-stress.sh (+1/-1)
tests/omfile-subtree-jsonf.sh (+46/-0)
tests/omfwd-lb-1target-retry-full_buf.sh (+41/-1)
tests/omfwd-lb-1target-retry-test_skeleton-TargetFail.sh (+2/-2)
tests/omfwd-lb-1target-retry-test_skeleton.sh (+3/-5)
tests/omfwd-subtree-tpl.sh (+28/-0)
tests/omhttp-batch-fail-with-400.sh (+11/-3)
tests/omhttp-profile-loki.sh (+58/-0)
tests/omhttp-retry-timeout.sh (+3/-2)
tests/omhttp-retry.sh (+1/-0)
tests/omkafka-headers.sh (+46/-0)
tests/omkafka.sh (+10/-10)
tests/omkafkadynakey.sh (+14/-14)
tests/omprog-feedback-mt.sh (+3/-4)
tests/omprog-feedback.sh (+55/-30)
tests/omprog-transactions-failed-messages.sh (+0/-13)
tests/omrabbitmq_data_1server.sh (+2/-2)
tests/omrabbitmq_data_2servers.sh (+2/-2)
tests/omrabbitmq_error_server0.sh (+2/-2)
tests/omrabbitmq_error_server1.sh (+2/-2)
tests/omrabbitmq_error_server2.sh (+2/-2)
tests/omrabbitmq_error_server3.sh (+2/-2)
tests/omrabbitmq_json.sh (+2/-2)
tests/omrabbitmq_raw.sh (+2/-2)
tests/omrelp-keepalive.sh (+53/-0)
tests/omrelp_dflt_port.c (+3/-5)
tests/omsendertrack-basic-vg.sh (+7/-0)
tests/omsendertrack-basic.sh (+33/-0)
tests/omsendertrack-statefile-vg.sh (+3/-0)
tests/omsendertrack-statefile.sh (+31/-0)
tests/omtcl.sh (+1/-1)
tests/ourtail.c (+7/-10)
tests/override_getaddrinfo.c (+13/-16)
tests/override_gethostname.c (+12/-15)
tests/override_gethostname_nonfqdn.c (+10/-11)
tests/perctile-simple.sh (+2/-2)
tests/pmrfc3164-drop.sh (+30/-0)
tests/pmrfc3164-headerless.sh (+30/-0)
tests/randomgen.c (+60/-61)
tests/rscript_b64_decode-vg.sh (+6/-0)
tests/rscript_b64_decode.sh (+30/-0)
tests/rscript_backticks-vg.sh (+0/-1)
tests/rscript_backticks_braces_envvar.sh (+20/-0)
tests/rscript_backticks_empty_envvar.sh (+3/-3)
tests/rscript_backticks_static_text.sh (+22/-0)
tests/rscript_parse_time_get-ts.py (+7/-7)
tests/rscript_toupper.sh (+22/-0)
tests/smtradfile.sh (+1/-1)
tests/sndrcv_kafka.sh (+1/-1)
tests/sndrcv_kafka_multi_topics.sh (+5/-3)
tests/sndrcv_tls_ossl_anon_ipv4.sh (+4/-0)
tests/sndrcv_tls_ossl_intermediate_ca_chain.sh (+154/-0)
tests/snmptrapreceiver.py (+36/-36)
tests/stats-prometheus.sh (+29/-0)
tests/syslog_caller.c (+76/-77)
tests/tcp_forwarding_ns_tpl.sh (+1/-1)
tests/tcpflood.c (+1983/-1797)
tests/template-jsonf-nested.sh (+40/-0)
tests/template-pure-json.sh (+20/-4)
tests/test_id.c (+16/-19)
tests/testsuites/mmexternal-SegFault-mm-python.py (+28/-28)
tests/testsuites/mmsnareparse/sample-custom-pattern.data (+1/-0)
tests/urlencode.py (+4/-4)
tests/uxsockrcvr.c (+120/-127)
threads.c (+200/-204)
threads.h (+10/-10)
tools/Makefile.in (+4/-0)
tools/gethostn.c (+10/-11)
tools/iminternal.c (+83/-92)
tools/iminternal.h (+1/-1)
tools/logctl.c (+325/-375)
tools/msggen.c (+6/-8)
tools/omdiscard.c (+52/-52)
tools/omdiscard.h (+7/-4)
tools/omfile.c (+1517/-1364)
tools/omfile.h (+8/-5)
tools/omfwd.c (+1723/-1850)
tools/omfwd.h (+7/-4)
tools/ompipe.c (+240/-261)
tools/ompipe.h (+7/-4)
tools/omshell.c (+48/-51)
tools/omshell.h (+7/-4)
tools/omusrmsg.c (+405/-373)
tools/omusrmsg.h (+27/-8)
tools/pmrfc3164.c (+446/-319)
tools/pmrfc3164.h (+7/-4)
tools/pmrfc5424.c (+199/-209)
tools/pmrfc5424.h (+7/-4)
tools/rscryutil.c (+663/-666)
tools/rsyslog.conf.5 (+1/-1)
tools/rsyslogd.c (+1802/-1892)
tools/smfile.c (+57/-60)
tools/smfile.h (+7/-4)
tools/smfwd.c (+70/-72)
tools/smfwd.h (+7/-4)
tools/smtradfile.c (+54/-57)
tools/smtradfile.h (+7/-4)
tools/smtradfwd.c (+66/-69)
tools/smtradfwd.h (+7/-4)
tools/syslogd.c (+32/-33)
tools/syslogd.h (+2/-2)

~ahasenack/ubuntu/+source/rsyslog:questing-rsyslog-apparmor-workaround

Merged into ubuntu/+source/rsyslog:ubuntu/devel at revision 6b241b15992b4a5579aed4b87129f97212b7d1e6

git-ubuntu bot: Approve on 2025-09-18

Christian Ehrhardt (community): Approve on 2025-09-18

Georgia Garcia: Pending requested 2025-09-17

Canonical Server Reporter: Pending requested 2025-09-17

Ryan Lee (rlee287) on 2025-09-15

tags:

added: sec-7494

Revision history for this message

John Johansen (jjohansen) wrote on 2025-09-15:

This is the rsyslogd profile in the container not allowing access to /run/systemd/journal/dev-log.

Revision history for this message

Ryan Lee (rlee287) wrote on 2025-09-15:

This looks like an issue with the rsyslogd profile, which is shipped as part of the rsyslog package on Ubuntu instead of the AppArmor package.

Changed in apparmor (Ubuntu):
status:	New → Invalid

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2025-09-15 (last edit on 2025-09-15):

UPDATE: I was mistaken before, and I didn't see it in my reproducer initially.

The questing LXD images seem to have fallen behind again, last uploaded on September 3rd, 2025.

My versions after the dist-upgrade:
ii apparmor 5.0.0~alpha1-0ubuntu6 amd64 user-space parser utility for AppArmor
ii rsyslog 8.2504.0-1ubuntu1 amd64 reliable system and kernel logging daemon
ii systemd 257.9-0ubuntu1 amd64 system and service manager

Was this a plain questing container, from September 3rd? Dist-upgraded or not? And no special workload, just lxc launch ubuntu-daily:questing?

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2025-09-15:

the rsyslog apparmor profile has a rule for /dev/log, which is a symlink:

lrwxrwxrwx 1 root root 28 Sep 15 16:39 /dev/log -> /run/systemd/journal/dev-log

But the base abstraction allows writing to that symlink's target:
/etc/apparmor.d/abstractions/base: @{run}/systemd/journal/dev-log w,

And the rsyslog profile includes the base abstraction.

Changed in rsyslog (Ubuntu):
status:	New → Incomplete

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2025-09-15:

I reproduced it with the current questing lxd VM image, and launching a questing lxd inside that. I then dist-upgraded the host (the vm), and I don't see the denials anymore. Paride, can you please check if your questing host was also "old", and dist-upgrade it to be sure?

Revision history for this message

Paride Legovini (paride) wrote on 2025-09-15:

My host is a fully up-to-date Questing, and freshly rebooted. Guests are Noble and Questing containers.

Which package do you think could have made a difference in your case? The latest rsyslog in Questing migrated over one month ago.

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2025-09-15:

I don't know, systemd? Can you reproduce it with any new questing container on that host? Have you rebooted your host?

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2025-09-15:

I tried with a questing VM acting as the host, but I'm willing to install a bare metal host with questing today or tomorrow, given the upcoming beta.

Revision history for this message

Paride Legovini (paride) wrote on 2025-09-16:

I can reproduce the issue even after rebooting the host, and with new containers (i.e. I deleted the existing ones and recreated them: the issue immediately shows up.) Maybe the version of the lxd snap can play a role? I'm running 6.5-22da890 from latest/stable.

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2025-09-16:

#10

> Maybe the version of the lxd snap can play a role? I'm running 6.5-22da890 from latest/stable.

Interesting, my questing VM (which is the lxd host for this test) installed lxd 5.21.4-8b5e998 (35624) from 5.21/stable/ubuntu-25.10

tags:	added: server-todo
Changed in rsyslog (Ubuntu):
assignee:	nobody → Andreas Hasenack (ahasenack)

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2025-09-16:

#11

But now a day later, launching a new questing container (and it downloaded a new image, btw), I see the issue, with the same 5.21.4 lxd:

[Tue Sep 16 13:44:06 2025] audit: type=1400 audit(1758030246.890:584): apparmor="DENIED" operation="sendmsg" class="file" namespace="root//lxd-q_<var-snap-lxd-common-lxd>" profile="rsyslogd" name="/run/systemd/journal/dev-log" pid=9412 comm="systemd-journal" requested_mask="r" denied_mask="r" fsuid=1000000 ouid=1000000
[Tue Sep 16 13:44:07 2025] audit: type=1400 audit(1758030247.977:585): apparmor="DENIED" operation="sendmsg" class="file" namespace="root//lxd-q_<var-snap-lxd-common-lxd>" profile="rsyslogd" name="/run/systemd/journal/dev-log" pid=9412 comm="systemd-journal" requested_mask="r" denied_mask="r" fsuid=1000000 ouid=1000000

Changed in rsyslog (Ubuntu):
status:	Incomplete → Confirmed

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2025-09-16:

#12

Several things on unpack in that DENIED message:

a) "sendmsg": something is trying to send a message. Given that "name" is a unix socket, it's presumably about writing to that socket.

b) rsyslogd profile is denying that operation

c) comm(and) is "systemd-journal". That doesn't make sense. rsyslogd would not exec systemd-journal: that is a daemon. rsyslogd does link with libsystemd, though, so perhaps the library is doing something?

d) denied_mask="r". What was denied was a read, not a write. That's weird. "sendmsg" implies a write, but a read was denied. The rsyslogd profile does allow a write to that dev-log socket (via the base abstraction), and not a read. But something tried to read from it. systemd-journal looks like, but why would that be confined by the rsyslog profile??

e) To check for (c), I ran execsnoop on the vm do see if I could catch an exec of systemd-journal, but no such exec happened.

So current theory is that somehow by virtue of linking with libsystemd, rsyslogd is trying to read from dev-log and that is being denied.

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2025-09-16 (last edit on 2025-09-16):

#13

I straced the rsyslogd process that is running inside the container while I was triggering the events that result in the DENIED message. strace() stayed put(!).

This is the current DENIED message that shows up in the questing host (where the questing lxd is running):

[Tue Sep 16 13:55:01 2025] audit: type=1400 audit(1758030901.984:1192): apparmor="DENIED" operation="sendmsg" class="file" namespace="root//lxd-q_<var-snap-lxd-common-lxd>" profile="rsyslogd" name="/run/systemd/journal/dev-log" pid=10991 comm="systemd-journal" requested_mask="r" denied_mask="r" fsuid=1000000 ouid=1000000

I logout and login (which is what triggers the DENIED messages), and that PID is always the same: 10991.

PID 10991 is the systemd-journald daemon from the CONTAINER, but as seen from the host:

  10919 ? Ss 0:00 [lxc monitor] /var/snap/lxd/common/lxd/containers q
  10926 ? Ss 0:00 \_ /sbin/init
  10991 ? Ss 0:00 \_ /usr/lib/systemd/systemd-journald

It shows up as confined like this (from the host):

lxd-q_</var/snap/lxd/common/lxd>//&:lxd-q_<var-snap-lxd-common-lxd>:unconfined (enforce) 1000000 10991 0.0 0.7 34524 14384 ? Ss 13:45 0:00 \_ /usr/lib/systemd/systemd-journald

So why would the rsyslog profile be the culprit for denying systemd-journald pid 10991 from reading dev-log?

When I strace that PID 10991 (systemd-journal from the guest lxd), I can see several denials of this form:

sendmsg(3, {msg_name={sa_family=AF_UNIX, sun_path="/run/systemd/journal/syslog"}, msg_namelen=30, msg_iov=[{iov_base="<38>", iov_len=4}, {iov_base="Sep 16 14:11:18 ", iov_len=16}, {iov_base="systemd-logind", iov_len=14}, {iov_base="[360]: ", iov_len=7}, {iov_base="Removed session c7.", iov_len=19}], msg_iovlen=5, msg_control=[{cmsg_len=28, cmsg_level=SOL_SOCKET, cmsg_type=SCM_CREDENTIALS, cmsg_data={pid=360, uid=0, gid=0}}], msg_controllen=28, msg_flags=0}, MSG_NOSIGNAL) = -1 EACCES (Permission denied)

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2025-09-16:

#14

This might still be something in apparmor itself. Reopening that task for evaluation.

Changed in rsyslog (Ubuntu):
milestone:	none → ubuntu-25.10-beta
Changed in apparmor (Ubuntu):
status:	Invalid → New

Revision history for this message

Seth Arnold (seth-arnold) wrote on 2025-09-17:

#15

One aspect of AppArmor IPC mediation is a "crosscheck" that requires a sending domain to have policy to allow sending and also requires the receiver to have policy to allow receiving. If either one fails, then the operation is failed as early as possible. (I'm not entirely sure how I would expect it to show up in the logs when they aren't in the same namespace, but this feels about what I would expect.)

Perhaps the Unix Domain Socket changes in newer versions of AppArmor require changes to the policy? I have a vague memory that previous versions of AppArmor allow file rules to give access to unix domain sockets in the filesystem but newer versions of AppArmor require explicit unix rules. (Worse yet, don't know what to add to the rsyslog policy to allow this access.)

Sebastien Bacher (seb128) on 2025-09-17

tags:

added: dcr-incoming

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2025-09-17:

#16

> Worse yet, don't know what to add to the rsyslog policy to allow this access.

I was stracing rsyslog, and it didn't get any DENIED error. But when I straced systemd-journald, the DAEMON, that's what was denied access. And by the rsyslog profile. This is what I cannot understand. It's another process. How can I add rules to the rsyslog profile about what another process should be able to do or not. There is something else going on here. systemd-journald is unconfined from the POV of the container, but it's definitely confined from the POV of the host. Maybe this is similar to LP: #2121552?

Revision history for this message

Georgia Garcia (georgiag) wrote on 2025-09-17 (last edit on 2025-09-17):

#17

Andreas, you are right that this is related to LP: #2121552. I'll try to explain:

This is a unix operation, and as Seth mentioned, we crosscheck -at the same time- if
1. sender is allowed to send to receiver
2. receiver is allowed to receive from sender

That's why unix rules have a peer component to them:
unix (receive) peer=(label=unconfined),

This rule is included in abstractions/base, so rsyslog is allowed to receive unix sockets from unconfined, which is the case here. There's another detail though: since this is a named unix socket, AppArmor also does a filesystem check using file rules. That's the denial we are seeing due to the bug in 2121552. Since systemd-journald (owner of the unix socket and unconfined) is running in the container in a (apparmor) virtualized stack, rsyslog is not being allowed delegation of the unconfined fd by default as expected.

This will require a kernel fix for a permanent solution.
Meanwhile,
/run/systemd/journal/dev-log r,
in rsyslog should allow it.

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2025-09-17:

#18

After I add

/run/systemd/journal/dev-log r,

and reload the profile with apparmor_parser -r -W -T /etc/apparmor.d/usr.sbin.rsyslogd

Looks like I need to reboot the container. Restarting rsyslog or systemd-journal does't cut it.

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2025-09-18:

#19

Uploaded to questing unapproved:

Uploading rsyslog_8.2504.0-1ubuntu2.dsc
Uploading rsyslog_8.2504.0-1ubuntu2.debian.tar.xz
Uploading rsyslog_8.2504.0-1ubuntu2_source.buildinfo
Uploading rsyslog_8.2504.0-1ubuntu2_source.changes

Revision history for this message

Launchpad Janitor (janitor) wrote on 2025-09-19:

#20

This bug was fixed in the package rsyslog - 8.2504.0-1ubuntu2

---------------
rsyslog (8.2504.0-1ubuntu2) questing; urgency=medium

* d/usr.sbin.rsyslogd: allow reading of systemd-journal's dev-log
unix socket (LP: #2123821)

-- Andreas Hasenack <email address hidden> Wed, 17 Sep 2025 17:14:42 -0300

Changed in rsyslog (Ubuntu):
status:	Confirmed → Fix Released

Christian Ehrhardt (paelzer) on 2025-09-23

tags:

removed: server-todo

Revision history for this message

Launchpad Janitor (janitor) wrote on 2026-01-05:

#21

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in apparmor (Ubuntu):
status:	New → Confirmed

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuapparmor package

bad restriction: apparmor="DENIED" [...] namespace="root//lxd-n_<var-snap-lxd-common-lxd>" profile="rsyslogd" name="/run/systemd/journal/dev-log"

Bug Description

Related branches

Other bug subscribers

Remote bug watches

Ubuntu
apparmor package