2
Thu, 18 Nov 2010 07:50:42 +0100
5
* csv-parser() defaults to "escape-none" mode even if it is not
7
* Fixed a possible CPU spinning in case mark_freq() is changed from
8
a non-zero value to zero and syslog-ng is reloaded.
9
* Fixed a flow control problem for the internal() source possibly
10
causing an assertion to fail, e.g. syslog-ng to crash voluntarily.
11
* Make it possible to use a literal '$' character by using two of
13
* Make it possible to use binary characters within strings in
14
configuration files by using a C-like \xHH, \oOOO syntax.
15
* Attempt to flush the messages sitting in output queues a bit
17
* Handle ESTALE errors in the file source for NFS file systems,
18
which might cause a spin on the CPU otherwise.
19
* Fixed a possible use-after-free problem potentially causing
20
crashes or misbehaviour. No concrete errors were reported though.
21
* The SQL driver didn't honour the port() option, this was fixed.
22
* Fixed program_override() option, previously it overrode the
23
hostname instead because of a typo.
24
* Accept 3.1 as configuration version, previously it only accepted
26
* Fixed internal() message loop detection in case an error happened
27
on the log writer flush path.
30
Mon, 02 Aug 2010 17:06:28 +0200
33
* This release changes the default for 'store-legacy-msghdr' flag
34
for log sources. In previous releases this had to be enabled
35
explicitly, because of the performance penalties, which do not
36
apply to 3.1. The original behaviour can be restored by explicitly
37
specifying 'dont-store-legacy-msghdr'.
40
* When syslog-ng is reloaded, the local hostname value was not
41
refreshed, causing syslog-ng to remember the hostname until the
42
next restart. This may not play nice with DHCP configured
43
hostnames, which may change dynamically.
44
* When several SIGHUP signals are received in quick succession, the
45
last one may have been dropped. This problem is fixed.
46
* Make sure that numbers never get resolved using getpwnam/getgrnam
47
(e.g. libnss functions), because this may cause deadlocks if the
48
NSS provider is LDAP and the LDAP server is trying to log a
49
message to syslog about invalid usernames.
50
* Fixed flush_timeout() handling in for non-file destinations.
51
Enabling flush_lines()/flush_timeout() for a non-file destination,
52
either using a global option, or a per-destination option could
53
cause excess CPU usage as long as the destination wasn't writable.
54
* In case patterndb has a syntax error when reloading the file,
55
syslog-ng automatically reverts to the old version instead of
56
dropping pattern matching altogether.
57
* Fixed pdbtool to properly handle accented characters in the
59
* Fixed the use of the greedy and drop-invalid flags for csv-parser.
60
* Fixed a possible but rare memory leak in the handling of message
64
* Added "update-patterndb" command that merges patterndb files from
65
${sysconfdir}/patterndb.d and produces ${localstatedir}/patterndb.xml,
66
the default file of the db-parser().
67
* Make it possible to specify the path to the syslog-ng control
68
socket using a command line option in order to make it easier to
69
launch multiple syslog-ng instances.
70
* Introduced a new, cleaner syntax to specify that the permissions
71
of a file are not to be changed. Use owner/group/perm options of a
72
file without any parameters instead of "-1". The old mechanism had
73
the problem that both per-file and global settings had to use "-1"
74
to effectively stop syslog-ng from changing the uid/gid/perm
75
values. The new syntax will make it possible to specify defaults
77
the global options section and customize those on a per-file
79
* syslog-ng will not go into the background if either the
80
--syntax-only or --debug options are specified.
84
* Added the ability to read from a sample file
88
Sun, 11 Apr 2010 10:26:57 +0200
91
* Solaris 10 SMF script now checks if the pid file refers to an
92
actual instance of syslog-ng to make sure that syslog-ng is
93
started even after a system crash.
94
* The System V init script used on Solaris 8/9 gave ugly error messages
95
if the dump device doesn't exist (which happens in a chroot/zone
96
environment), this was fixed.
97
* Fixed a 100% CPU usage if the configuration file uses the pipe
98
driver on a regular file or a file driver on a named pipe.
99
* Fixed a daylight saving problem in the transition window when
100
receiving a BSD timestamp.
101
* syslog-ng CSV format statistics (reachable via syslog-ng-ctl) is
102
now properly escaped.
105
* Added "TAGS" macro which expands to a list of comma separated
109
Tue, 16 Mar 2010 17:15:40 +0100
112
* Fixed Solaris 10 SMF script to properly handle svcadm refresh
114
* Fixed a possible segmentation fault for unix-dgram/unix-stream
115
destinations on some (non-Linux) platforms.
116
* Fixed processing empty log entries when using the syslog() protocol.
117
* Fixed processing partially received syslog messages.
120
* Decrease the frequency of gettimeofday() calls during syslog-ng
121
operation, as gettimeofday() is expensive to call on some
123
* The SQL destination will only attempt to INSERT a given log
124
message 3 times, and after that it gives up, instead of trying
126
* Tru64 portability fixes.
127
* The functional test program was improved to check the new RFC5424
131
Fri, 18 Dec 2009 09:19:39 +0100
134
* Fixed two major memory leaks, one on input messages, one in
136
* Fixed escaped structured data processing.
137
* Fixed expanding SDATA references in templates which have multiple
138
dots in its name (e.g. when an OID is present in the name of the
140
* pdbtool now correctly zero pads month and day fields in publish
141
date of the merged patterndb file.
142
* pdbtool won't link to unnecessary libraries, which fixes a
143
compilation problem on Solaris with flex installed.
147
Sun, 29 Nov 2009 16:25:18 +0100
149
This is the first public release of syslog-ng Open Source Edition 3.1.
151
syslog-ng 3.1 is the first so called "feature release" of syslog-ng,
152
as such its support period ends when either the next feature (named
153
3.2) or the next stable (named 4.0) version is published.
156
* Support for patterndb v2 and v3 format, along with a bunch of new
157
parsers: ANYSTRING, IPv6, IPvANY and FLOAT.
159
* Added a new "pdbtool" utility to manage patterndb files: convert
160
them from v1 or v2 format, merge mulitple patterndb files into one
161
and look up matching patterns given a specific message.
163
* Support for message tags: tags can be assigned to log messages as
164
they enter syslog-ng: either by the source driver or via patterndb.
165
Later it these tags can be used for efficient filtering.
167
* Added support for rewriting structured data.
169
* Macros and name-value pairs got a little tighter integration,
170
in filters where syslog-ng 3.0 was limited to only use name-value
171
pairs, with 3.1 you can also use macros.
173
* Enhanced dynamic name-value performance by a factor of three.
175
* Some parsers got additional features: NUMBER is now able to parse
176
hexadecimal numbers, ESTRING is now able to search for multiple
177
characters as the end of the string.
179
* Added non-standard and non-portable facility codes (range 10-15),
180
decouple syslog-ng facility name information from the system used
181
to compile syslog-ng on.
2
Thu, 05 May 2011 23:10:52 +0200
6
This maintenance release fixes some looser ends in the last
7
published release, 3.2.3. There's one more important bugfix here,
8
which is triggered by PCRE newer than 8.12.
11
* Fixed build problems on Solaris & AIX.
12
* A bug was found in the pcre implementation for subst(). If the
13
"global" flag is specified and pcre returns an error, an infinite
14
loop is created, consuming memory in the process. It is triggered
15
by PCRE 8.12, but could potentially affect older versions too.
16
* Fixed a potential use of uninitialized memory in the configuration
17
file parser, no bug was triggered but gcc 4.6 reported it via a
21
* Fixed most (but not all) compilation warnings when compiling with
26
syslog-ng is developed as a community project, and as such it relies
27
on volunteers, to do the work necessarily to produce syslog-ng.
29
Reporting bugs, testing changes, writing code or simply providing
30
feedback are all important contributions, so please if you are a
31
user of syslog-ng, contribute.
33
These people have helped in this release:
35
Sandor Geller (Morgan Stanley)
36
Balazs Scheidler (BalaBit)
38
Jose Oliveira (Fedora)
40
Thanks for your efforts, it is appreciated.
43
Sun, 01 May 2011 19:05:32 +0200
47
This is a maintenance release for the 3.2 branch, which contains
48
several important functionality fixes in the db-parser()
49
correllation code, an important security fix for FreeBSD & HP-UX
50
(CVE-2011-0343) and build fixes for cygwin and mixed mode linking.
53
* Fixed a possible security issue on Debian/kFreeBSD and on
54
platforms where mode_t is an unsigned 16 bit value (FreeBSD,
55
HP-UX). On these platforms syslog-ng may be using 0xFFFF as the
56
permission bits. (CVE-2011-0343)
59
* Fixes an y2k38 problem that causes syslog-ng to use 100% CPU time
60
in case mark messages are enabled and the UNIX timestamps
61
overflows a signed 32 bit counter, which happens in 19th, January 2038
62
* Fixed file() destination to work on device nodes (e.g. files in
63
/dev). Without this change, syslog-ng started using 100% CPU time
64
if given devices as destinations that couldn't always consume
66
* The code to restore the last file position for source files will
67
not accept file-position past the file size, and will restart the
68
file from the beginning instead.
69
* Don't attempt to remember the current file position for source
70
files that are read with follow-freq(0), e.g. /dev/klog and
71
/proc/kmsg. These are special files which do not have the notion
72
of file position, so no need to remember them. Regular files
73
should always be read with follow-freq() set to nonzero, which is
75
* Fixed linking unit tests and other tools in mixed linking mode.
76
* Fixed compilation on cygwin, especially lot of efforts went into
78
* Fixed building on platforms where PCRE is not in the standard
80
* Accept catch-all flag on log statements as well as catchall, as
81
this was incorrectly documented in the past.
83
db-parser() & pdbtool bugfixes:
84
* Fixed @XX style message reference parsing used in correllation
86
* Fixed a segfault in the $(grep) template function when processing
87
the parameters failed.
88
* Fixed segfault in "pdbtool match --debug-pattern" in case the
89
pattern doesn't match.
90
* Fixed "pdbtool test" as previously all patterndb.xml files were
91
reported to be invalid, even valid ones.
92
* Fixed correllation timer related issue that caused some timers not
93
to expire in rare cases.
95
db-parser() & pdbtool changes:
96
* Added support for enclosing template function arguments in
97
parenthesis, in which case the quotes within the parentheses are
98
not removed. For example: $(grep ('$FACILITY' == 'syslog'))
99
This makes writing $(grep) and $(if) arguments much easier.
100
* dbparser() the @NUMBER@ and @FLOAT@ parsers are able to parse
102
* Added debug messages to dbparser() correllation so that it becomes
103
easier to diagnose db-parser() problems.
104
* Added -d (for --debug) and -v (for --verbose) options to pdbtool
105
in order to make patterndb debugging easier.
106
* Added --no-parse option to "pdbtool patternize" in order to read
107
files without syslog-style parsing.
110
* Added error messages on DBI initialization failures.
111
* Added systemd socket activation support.
113
Build related changes:
114
* Support for old (e.g. pre 7.1 commonly found in RHEL5) PCRE
115
versions at the cost of an inoperating "newline" regexp flag.
116
* configure now validates flex/bison versions better, as the
117
requirements are more strict starting with syslog-ng 3.2
118
* Drop the creation of libsyslog-ng-patterndb.so.
119
* "make clean" will properly remove libafsocket.so symlink.
123
syslog-ng is developed as a community project. All changes and
124
improvements requires effort, and this effort is really appreciated.
126
Writing code, testing changes or simply providing use-cases and
127
information on one's setup will make syslog-ng better.
129
Here are the people, listed in no specific order who made this
135
Attila Szalay (BalaBit)
137
Marius Tomaschewski (SUSE)
138
Gergely Nagy (BalaBit)
140
Dalibor Toman (Fortech.cz)
141
Corinna Vinschen (RedHat)
142
Balazs Scheidler (BalaBit)
143
Laszlo Boszormenyi (LSC.hu)
144
Arkadiusz Miśkiewicz (PLD Linux)
147
Peter Gyongyosi (BalaBit)
148
Zoltan Pallagi (BalaBit)
149
Mishou Michael (US IRS)
151
Thanks for their efforts, it is appreciated.
154
Sat, 15 Jan 2011 13:50:35 +0100
157
* Fixed a possible segmentation fault when the port number is
158
changed for a TCP source, the configuration is reloaded and there
159
were open connections for the old port, which send messages after
160
the SIGHUP. This behaviour has been broken since 3.0.1.
161
* Fixed a possible security issue on FreeBSD and on
162
platforms where mode_t is an unsigned 16 bit value. On these
163
platforms syslog-ng may be using 0xFFFF as the permission bits
164
causing log files to be world readable/writable/executable/setuid.
165
* Fixed leaking the contents of internal() messages (such as MARK or
166
the statistics message).
167
* Fixed current time tracking when calculating the time in the
169
* When the patterndb file got reloaded the correllation state was
170
dropped. This behaviour was fixed.
171
* Really ignore invalid persist-state files, which caused syslog-ng
172
startup to fail previously.
173
* Added the missing support for blocks inside log {} statements.
174
* Fixed a configuration init error when the same db-parser()
175
instance is referenced from multiple log paths.
176
* Fixed handling the port() options for SQL destinations.
179
* Added cygwin support to the system() source.
182
* syslog-ng modules are now linked with "-module -no-undefined"
183
parameters, pdbtool and unit tests are using -dlpreopen when
184
explicitly linking against such modules.
185
* The core patterndb functionality got split off to a separate
186
library installed to $libdir to make it easier to be used by
188
* Fixed support for an explicit --exec-prefix configure parameter.
189
Earlier if exec_prefix was different from prefix, the installation
190
layout produced unworkable binaries.
191
* If no OpenSSL libraries are available, pdbtool patternize still
192
can work, although in this case proper UUID generation is not
194
* If syslog-ng is compiled against an old glib (earlier than 2.13),
195
it'll not use an API that is present in newer ones. Please note
196
however that there might be other similar compatibility issues
197
with old Glib versions.
198
* Updated cygwin packaging files.
199
* Don't use -wno-pointer-sign in dbparser if gcc doesn't support it.
200
This will emit a lot of warnings, but still make the code possible
201
to compile with older gcc versions.
205
syslog-ng is developed as a community project. All changes and
206
improvements requires effort, and this effort is really appreciated.
208
Writing code, testing changes or simply providing use-cases and
209
information on one's setup will make syslog-ng better.
211
Here are the people, listed in no specific order who made this
214
* Balázs Németh (BalaBit)
215
* Sándor Gellér (Morgan Stanley)
216
* Péter Czanik (BalaBit)
217
* Owen Mann (Interactive Data)
218
* Zhengxiang Pan (Alcatel Lucent)
219
* Corinna Vinschen (RedHat)
220
* Eric Berggren (Apple)
221
* Gergely Nagy (BalaBit)
226
* Balázs Scheidler (BalaBit)
228
Thanks for their efforts, it is appreciated.
231
Tue, 23 Nov 2010 08:59:47 +0100
233
This is the first release of the new major version of syslog-ng,
236
There are far-reaching changes in this release, the summary of the
237
new features is the longest list ever since the first syslog-ng
242
* Added support for message correllation in db-parser. See the
243
relevant blog posts for more information:
245
http://bazsi.blogs.balabit.com/2010/10/syslog-ng-correllation-updated/
246
http://bazsi.blogs.balabit.com/2010/09/syslog-ng-correllation/
248
* Added "pdbtool patternize", which implements automatic patterndb
249
generation from a sample log file.
251
http://gyp.blogs.balabit.com/2010/01/introducing-pdbtool-patternize/
253
* Added pdbtool validation support, using the "pdbtool test --validate".
254
Requires an installed xmllint program.
256
* pdbtool is now able to merge patterndb XML files recursively in
257
order to make it easy to use the results of the patterndb project.
259
* db-parser() automatically assigns class-specific tags to messages,
260
this means that a message classified "system" will get a
261
".classifier.system" tag in addition to storing the class in a
262
name-value pair named ${.classifier.class}
264
* It is now possible to use multiple program name patterns for a
265
single ruleset in patterndb.
267
* pdbtool match is now able to read a file containing syslog
268
messages and apply patterndb and a filter expression on the
271
http://bazsi.blogs.balabit.com/2010/07/patterndb-grep-on-steroids.html
273
* pdbtool test is now able to perform pattern testing automatically
274
based on the supplied example log message.
276
http://marci.blogs.balabit.com/2010/07/pdbtool-test-and-pattern-database.html
280
* Added template functions framework and some initial functions:
282
http://bazsi.blogs.balabit.com/2010/09/introducing-template-functions/
284
The new functions are: $(echo), $(grep) and $(if)
286
* Added support for comparison operators in filter expressions, e.g.
287
it is now possible to use "$FACILITY_NUM" < "5". String and
288
numeric operators are also provided, the same way as in perl.
290
* Added $(ipv4-to-int) template function to convert an IP address to
291
its numeric representation.
293
* It is now possible to supply a filter to rewrite expressions and
294
only apply the rewrite rule in case the filter matches.
296
https://lists.balabit.hu/pipermail/syslog-ng/2010-July/014565.html
300
* Plugins: the new architecture replaces the old monolithic one,
301
all syslog-ng functionality is loaded from external plugins when
302
needed. It is possible to write plugins to extend syslog-ng
303
functionality in the following areas:
311
http://bazsi.blogs.balabit.com/2010/04/syslog-ng-32-changes.html
312
http://bazsi.blogs.balabit.com/2010/07/syslog-ng-contributions-redefined.html
314
* The framework for a "syslog-ng configuration library" (aka SCL) a
315
collection of configuration snippets installed along syslog-ng,
316
simplifying the authoring of syslog-ng configuration files.
318
http://git.balabit.hu/?p=bazsi/syslog-ng-3.2.git;a=commit;h=287993339599deac0442e26355c600b5aee63583
319
http://bazsi.blogs.balabit.com/2010/07/syslog-ng-contributions-redefined.html
321
* Support for reusable configuration snippets, similar to macros
322
with parameters, named "blocks".
324
http://bazsi.blogs.balabit.com/2010/04/syslog-ng-32-opened-experimental-blocks.html
326
* Added a confgen plugin that includes the output of a program into
327
the configuration file, making it possible to generate
328
configuration file snippets dynamically.
330
http://git.balabit.hu/?p=bazsi/syslog-ng-3.2.git;a=commit;h=5248ef6c49ff3af0b3c896448360073606c9c7d7
334
* Added support to process native syslog.conf file using the
335
syslogconf SCL plugin.
337
http://bazsi.blogs.balabit.com/2010/09/syslog-ng-now-supports-the-syslog-conf-file-format/
339
* syslog-ng now automatically detects if an incoming message is in
340
RFC3164 or RFC5424 format. This means that the syslog driver can
341
be used to process both.
344
* Support for BSD-style process accounting logs via the pacct()
345
source driver defined in by SCL and the underlying pacctformat
348
http://bazsi.blogs.balabit.com/2010/07/syslog-ng-and-process-accounting.html
350
SQL driver enhancements:
351
========================
352
* Support for explicit COMMITs in the SQL driver, this speeds up SQL
353
INSERT rate significantly if flush_lines() is non-zero.
355
http://bazsi.blogs.balabit.com/2010/04/explicit-transaction-support-in-sql.html
359
* Persistent state containing the current file position for file
360
sources is now continously updated during runtime, instead of
361
updating it only at exit, which makes it much more reliable in
362
case syslog-ng doesn't terminate normally.
364
* Better syntax error reporting in the configuration file.
366
http://bazsi.blogs.balabit.com/2010/04/syslog-ng-32-changes.html
368
* It is now possible to use multiple parser expressions in a single
369
parser object, similar to rewrite rules.
371
* Added support for using the include statement from anywhere in the
372
configuration file, instead of only at top-level. Also introduced
373
syslog-ng "global values" that can be defined and the substituted
374
anywhere in the configuration file.
376
http://git.balabit.hu/?p=bazsi/syslog-ng-3.2.git;a=commit;h=1203267c465256c99e622edf11e226301170f1c7
377
http://git.balabit.hu/?p=bazsi/syslog-ng-3.2.git;a=commit;h=52098762f27cde059e8b8ecda67691df85364e6d
379
* Default configuration file supplied as part of SCL.
381
Incompatible changes:
382
=====================
383
* syslog-ng traditionally expected an optional hostname field even
384
when a syslog message is received on a local transport (e.g.
385
/dev/log). However no UNIX version is known to include this
386
field. This caused problems when the application creating the log
387
message has a space in its program name field. This behaviour has
388
been changed for the unix-stream/unix-dgram/pipe drivers if the
389
config version is 3.2 and can be restored by using an explicit
390
'expect-hostname' flag for the specific source.
392
Compared to 3.2beta1:
393
=====================
396
* Fixed Linux capability support for unix-stream() and file()
397
destinations (Zbigniew Krzystolik)
398
* Fixed segmentation faults in "pdbtool match" reported by Peter
400
* Fixed pdbtool match --debug-pattern to correctly display &
402
* Fixed negated tags() filtering.
403
* The hostname wasn't always properly NUL terminated, causing binary
404
garbage to get into the logs in case chain_hostnames() option
406
* Fixed signed/unsigned comparison problem in db-parser() pattern
407
matching, possibly causing the db-parser() to mismatch on utf8 data.
408
* The db-parser() correllation state is kept accross SIGHUPs.
411
* Added man pages for loggen, syslog-ng-ctl. Updated man pages for
412
all other commands. (Robert Fekete)
413
* Removed the requirement to use UUIDs in patterndb files.
414
* The Debian packaging built into the source now builds a pluginised
415
syslog-ng binary correctly.
416
* The correllation engine now also follows system time to cause
417
pending events to time out even if there's no incoming log traffic.
418
* When using "pdbtool match" with correllation, pending events
419
accumulated until the end of the file are all run automatically.
420
* Added patterndb v4 XML schema.
423
Mon, 11 Oct 2010 12:25:07 +0200
425
Changes and new features destined to the syslog-ng 3.2 release are
426
complete, and starting with this release, only bugfixes and minor
427
changes are possible. There's only one exception to this: the
428
correllation framework in db-parser() is still considered
429
experimental and is recommended for early adopters only.
431
This beta has gone through some testing and initial blocker problems
432
were fixed before the release. Right now I'm not aware of any
433
serious issues, but as always, testing is appreciated.
435
New features since 3.2alpha2:
437
Bugfixes since 3.2alpha2:
438
* Fixed a possible infinite loop in "pdbtool test" in case
439
program/message was missing from the sample message.
441
* SQL: revert don't require the current CVS version of libdbi
443
* Don't report "this config file version is too old" multiple times.
445
* Underscore and dash are assumed to be equivalent in plugin names.
447
* Various memory leaks were plugged.
450
* Removed the use_time_recvd() global and per-destination option,
451
deprecated since 3.0. Can be substituted with $R_ prefix in macro
455
* Restructured the source tree in order to make compilations of
456
independent plugins easier and faster. Modules go to modules/
457
subdirectory, the core lives under lib/ and the main executables
460
* SCL paths are determined relative to ${datadir} instead of
461
${prefix} to make distribution packaging easier.
463
* Pass -avoid-version when linking modules.
465
* syslog-ng now requires bison 2.4, this is also checked by the
469
Fri, 06 Aug 2010 21:17:50 +0200
471
The documentation of syslog-ng is not yet up-to-date with the new
472
features introduced with this release. Therefore for each feature
473
below you can also find an URL containining the best known
474
description what the given feature does. These are not necessarily
475
100% accurate, but should give anyone interested an idea how to
478
Also, please note that although this is an alpha release, the bulk
479
of the changes are in the configuration parser, so once your
480
configuration was parsed properly and syslog-ng starts up, an almost
481
unchanged code is processing it. This means that this release
482
should be good enough to start playing with. And feedback about
483
what kind of syslog-ng.conf parsing errors you encounter on
484
real-life configuration files is more than welcome.
489
Wed, 14 Jul 2010 21:25:19 +0200
491
Initial 3.2 release. NEWS will be filled in later.