2
Thu, 05 May 2011 23:10:52 +0200
6
This maintenance release fixes some looser ends in the last
7
published release, 3.2.3. There's one more important bugfix here,
8
which is triggered by PCRE newer than 8.12.
11
* Fixed build problems on Solaris & AIX.
12
* A bug was found in the pcre implementation for subst(). If the
13
"global" flag is specified and pcre returns an error, an infinite
14
loop is created, consuming memory in the process. It is triggered
15
by PCRE 8.12, but could potentially affect older versions too.
16
* Fixed a potential use of uninitialized memory in the configuration
17
file parser, no bug was triggered but gcc 4.6 reported it via a
21
* Fixed most (but not all) compilation warnings when compiling with
26
syslog-ng is developed as a community project, and as such it relies
27
on volunteers, to do the work necessarily to produce syslog-ng.
29
Reporting bugs, testing changes, writing code or simply providing
30
feedback are all important contributions, so please if you are a
31
user of syslog-ng, contribute.
33
These people have helped in this release:
35
Sandor Geller (Morgan Stanley)
36
Balazs Scheidler (BalaBit)
38
Jose Oliveira (Fedora)
40
Thanks for your efforts, it is appreciated.
43
Sun, 01 May 2011 19:05:32 +0200
47
This is a maintenance release for the 3.2 branch, which contains
48
several important functionality fixes in the db-parser()
49
correllation code, an important security fix for FreeBSD & HP-UX
50
(CVE-2011-0343) and build fixes for cygwin and mixed mode linking.
53
* Fixed a possible security issue on Debian/kFreeBSD and on
54
platforms where mode_t is an unsigned 16 bit value (FreeBSD,
55
HP-UX). On these platforms syslog-ng may be using 0xFFFF as the
56
permission bits. (CVE-2011-0343)
59
* Fixes an y2k38 problem that causes syslog-ng to use 100% CPU time
60
in case mark messages are enabled and the UNIX timestamps
61
overflows a signed 32 bit counter, which happens in 19th, January 2038
62
* Fixed file() destination to work on device nodes (e.g. files in
63
/dev). Without this change, syslog-ng started using 100% CPU time
64
if given devices as destinations that couldn't always consume
66
* The code to restore the last file position for source files will
67
not accept file-position past the file size, and will restart the
68
file from the beginning instead.
69
* Don't attempt to remember the current file position for source
70
files that are read with follow-freq(0), e.g. /dev/klog and
71
/proc/kmsg. These are special files which do not have the notion
72
of file position, so no need to remember them. Regular files
73
should always be read with follow-freq() set to nonzero, which is
75
* Fixed linking unit tests and other tools in mixed linking mode.
76
* Fixed compilation on cygwin, especially lot of efforts went into
78
* Fixed building on platforms where PCRE is not in the standard
80
* Accept catch-all flag on log statements as well as catchall, as
81
this was incorrectly documented in the past.
83
db-parser() & pdbtool bugfixes:
84
* Fixed @XX style message reference parsing used in correllation
86
* Fixed a segfault in the $(grep) template function when processing
87
the parameters failed.
88
* Fixed segfault in "pdbtool match --debug-pattern" in case the
89
pattern doesn't match.
90
* Fixed "pdbtool test" as previously all patterndb.xml files were
91
reported to be invalid, even valid ones.
92
* Fixed correllation timer related issue that caused some timers not
93
to expire in rare cases.
95
db-parser() & pdbtool changes:
96
* Added support for enclosing template function arguments in
97
parenthesis, in which case the quotes within the parentheses are
98
not removed. For example: $(grep ('$FACILITY' == 'syslog'))
99
This makes writing $(grep) and $(if) arguments much easier.
100
* dbparser() the @NUMBER@ and @FLOAT@ parsers are able to parse
102
* Added debug messages to dbparser() correllation so that it becomes
103
easier to diagnose db-parser() problems.
104
* Added -d (for --debug) and -v (for --verbose) options to pdbtool
105
in order to make patterndb debugging easier.
106
* Added --no-parse option to "pdbtool patternize" in order to read
107
files without syslog-style parsing.
110
* Added error messages on DBI initialization failures.
111
* Added systemd socket activation support.
113
Build related changes:
114
* Support for old (e.g. pre 7.1 commonly found in RHEL5) PCRE
115
versions at the cost of an inoperating "newline" regexp flag.
116
* configure now validates flex/bison versions better, as the
117
requirements are more strict starting with syslog-ng 3.2
118
* Drop the creation of libsyslog-ng-patterndb.so.
119
* "make clean" will properly remove libafsocket.so symlink.
123
syslog-ng is developed as a community project. All changes and
124
improvements requires effort, and this effort is really appreciated.
126
Writing code, testing changes or simply providing use-cases and
127
information on one's setup will make syslog-ng better.
129
Here are the people, listed in no specific order who made this
135
Attila Szalay (BalaBit)
137
Marius Tomaschewski (SUSE)
138
Gergely Nagy (BalaBit)
140
Dalibor Toman (Fortech.cz)
141
Corinna Vinschen (RedHat)
142
Balazs Scheidler (BalaBit)
143
Laszlo Boszormenyi (LSC.hu)
144
Arkadiusz Miśkiewicz (PLD Linux)
147
Peter Gyongyosi (BalaBit)
148
Zoltan Pallagi (BalaBit)
149
Mishou Michael (US IRS)
151
Thanks for their efforts, it is appreciated.
154
Sat, 15 Jan 2011 13:50:35 +0100
157
* Fixed a possible segmentation fault when the port number is
158
changed for a TCP source, the configuration is reloaded and there
159
were open connections for the old port, which send messages after
160
the SIGHUP. This behaviour has been broken since 3.0.1.
161
* Fixed a possible security issue on FreeBSD and on
162
platforms where mode_t is an unsigned 16 bit value. On these
163
platforms syslog-ng may be using 0xFFFF as the permission bits
164
causing log files to be world readable/writable/executable/setuid.
165
* Fixed leaking the contents of internal() messages (such as MARK or
166
the statistics message).
167
* Fixed current time tracking when calculating the time in the
169
* When the patterndb file got reloaded the correllation state was
170
dropped. This behaviour was fixed.
171
* Really ignore invalid persist-state files, which caused syslog-ng
172
startup to fail previously.
173
* Added the missing support for blocks inside log {} statements.
174
* Fixed a configuration init error when the same db-parser()
175
instance is referenced from multiple log paths.
176
* Fixed handling the port() options for SQL destinations.
179
* Added cygwin support to the system() source.
182
* syslog-ng modules are now linked with "-module -no-undefined"
183
parameters, pdbtool and unit tests are using -dlpreopen when
184
explicitly linking against such modules.
185
* The core patterndb functionality got split off to a separate
186
library installed to $libdir to make it easier to be used by
188
* Fixed support for an explicit --exec-prefix configure parameter.
189
Earlier if exec_prefix was different from prefix, the installation
190
layout produced unworkable binaries.
191
* If no OpenSSL libraries are available, pdbtool patternize still
192
can work, although in this case proper UUID generation is not
194
* If syslog-ng is compiled against an old glib (earlier than 2.13),
195
it'll not use an API that is present in newer ones. Please note
196
however that there might be other similar compatibility issues
197
with old Glib versions.
198
* Updated cygwin packaging files.
199
* Don't use -wno-pointer-sign in dbparser if gcc doesn't support it.
200
This will emit a lot of warnings, but still make the code possible
201
to compile with older gcc versions.
205
syslog-ng is developed as a community project. All changes and
206
improvements requires effort, and this effort is really appreciated.
208
Writing code, testing changes or simply providing use-cases and
209
information on one's setup will make syslog-ng better.
211
Here are the people, listed in no specific order who made this
214
* Balázs Németh (BalaBit)
215
* Sándor Gellér (Morgan Stanley)
216
* Péter Czanik (BalaBit)
217
* Owen Mann (Interactive Data)
218
* Zhengxiang Pan (Alcatel Lucent)
219
* Corinna Vinschen (RedHat)
220
* Eric Berggren (Apple)
2
Sat, 01 Oct 2011 13:17:56 +0200
4
This is the first stable release in the 3.3 series adding a number
5
of features compared to 3.2:
7
- multi-core/CPU scaling: the new multi-threaded architecture allows
8
syslog-ng to scale into the 800k msg/sec region.
10
- MongoDB support: using MongoDB instead of SQL is faster and
11
allows better representation of log data.
13
- JSON support: using the $(format-json) template function it is
14
now possible to construct JSON (JavaScript Object Notation)
15
output for log messages. JSON is a commonly used format for
16
exchanging information between information systems, providing a
17
rich and extensible format for structured information.
19
- A number of enhancements all over the place: SQL, patterndb.
21
The most important changes in this release:
23
- The default ports have changed. syslog-ng is using the standard
24
RFC allocated ports in the syslog() driver.
26
- The meaning for log-iw-size() was changed for tcp() and
27
unix-stream() drivers. That value is _evenly_ allocated to all
28
possible connections starting with this release, whereas
29
previously that window was shared between actual connections.
31
Changes since 3.3.0beta2:
35
* Added support for Debian/kFreeBSD
39
* Added support for the tags() option
43
* Added support for testing a specific rule, instead of the complete
46
* Added support for match debugging with the --debug and --color-out
51
* New pdbtool command that displays the name-value pairs that are
52
set by any of the rules in a patterndb XML file.
56
* This template function was added to make it possible to write
57
multi-line log messages into a file. The first line is written
58
like a regular message, subsequent lines are indented with a tab,
61
Other features & changes:
62
=========================
63
* At stats-level(3) syslog-ng keeps track how much messages get
64
tagged with individual tags.
66
* Added support for pad_size() option for destinations, effectively
67
padding the output string to a fixed size. This can be used on
68
HP-UX to send messages to the local syslogd daemon, as that
69
expects messages to be padded to 2048 bytes.
71
* The command-line parser of the value-pairs functionality (used by
72
$(format-json) for instance, was changed to use an empty scope by
77
* Fixed spoof-source support as it didn't have proper thread
78
synchronization in the previous beta versions, causing memory
79
leaks and crashes if spoof-source was enabled on a destination and
82
* Fixed a MongoDB and SQL race conditions causing stalls
83
and failed assertions.
85
* Fixed a possible stall of syslog-ng caused by pipe() destinations
86
without readers (e.g. /dev/xconsole). The root cause was a flipped
87
flow-control state: pipes have become flow-controlled even if the
88
user didn't request it. On the other hand files have become
89
non-flow-controlled, even though they always should be.
91
* Fixed possible crashes during reload or shutdown.
93
* Fixes for several, significant memory leaks:
94
- Fixed a major memory leak, effectively causing all messages to
95
be leaked when message contents are changed on some of the log
96
statements (with a rewrite rule or a parser).
98
- Fixed a memory leak in file destinations caused by the leakage
99
of the associated queue when the given file is closed (by
100
time-reap or otherwise).
102
- Fixed a memory leak in the server protocol handling code,
103
leaking a small amount of memory every time a connection is
106
- Fixed a memory leak in the log source code causing some memory
107
to be leaked for each connection when processing a reload.
109
- PCRE matcher has leaked its state, causing a small leak on
112
- The configuration parser contained leaks also causing leaks when
113
parsing the configuration file (e.g. on reloads).
115
- The persist state handling code has leaked some memory each time
116
the persist state file was processed (startup + reloads).
118
* Fixed thread synchronization when registering/deregistering stats
119
counters. Previously these were performed without caring about
120
threads, effectively the root cause for various ill effects from
121
invalid counters to crashes.
123
* Fixed a timestamp parsing problems affecting timestamps with month
124
values between and including September .. December.
126
* Fixed a timezone representation issue for zones that have half an
127
hour offsets from GMT in the negative direction.
129
* Fixed pdbtool patternize to generate proper UUIDs if openssl was
130
detected. Previously it worked as if openssl was never detected.
132
* Fixed a possible race on MARK message timing, which could cause
133
MARK messages to appear somewhat inconsistently.
135
* Fixed the generation of [meta sequenceId] SDATA field.
137
* Fixed handling of zero-sized messages which have caused a crash
140
* The processing of included directories was changed not to include
143
* Reloading syslog-ng didn't reinitialize the name resolver
144
causing etc/resolv.conf changes not to be recognized even if
145
syslog-ng was reloaded. A res_init() call was added to match
146
earlier behaviour and UNIX best practice.
148
* Fixed program-override() clash with the 'store-legacy-msghdr'
149
reader flag, which has become default in syslog-ng 3.1. If
150
storing the legacy msghdr is enabled, overwriting the value for
151
$PROGRAM was not reflected in the output, since instead of
152
reconstructing it from the parsed values, syslog-ng always used
153
what was originally in the input. If the value for $PROGRAM
154
changes, that automatically disables the use of the
155
'store-legacy-msghdr' flag.
157
* Fixed CAP_SYSLOG detection to also detect if either the kernel, or
158
libcap is lacking some required functionality.
160
* Fixed the handling of messages generated by AIX, which include a
161
"message forwarded for" header that syslog-ng failed to parse
164
* Fixed proper size limitation for the data structure used to hold
165
name-value pairs of a log message. Previously, if this structure
166
would go over 262140 bytes syslog-ng crashed because of an
167
unhandled integer overflow.
172
* It is possible to request the use of the system-installed
173
libmongo-client instead of the bundled one. At least 0.1.3 is
176
* The bundled libmongo-client was updated to 0.1.4, plus some minor
177
patches (tagged in the git.balabit.hu git repo with
180
* autogen.sh: automatically check the availability of git before
181
trying to pull the bundled libraries from git.balabit.hu
183
* systemd unit file redirects syslog-ng startup messages to
184
/dev/null without a better place.
186
* Introduced a pkg-config file for syslog-ng.pc to make it easier to
187
build 3rd party modules for syslog-ng.
189
* The syslog-ng version number is added to libsyslog-ng.so, which
190
goes to $prefix/lib to indicate that binary compatibility is not
191
guaranteed between syslog-ng versions.
193
* Added --without-compile-date option to remove the compilation date
194
from the binary, as SUSE Linux checks if recompilation changes the
195
binary to detect if dependent packages need to be rebuilt or not.
197
* It is now possible to build against libsystemd-daemon instead of
198
using the bundled sources.
202
* The --seed command line option has become a no-op, syslog-ng tries
203
to detect the availability of the random seed automatically. The
204
command line option of the syslog-ng binary is present without
205
doing anything, but it was removed from other utilities.
209
syslog-ng is developed as a community project, and as such it relies
210
on volunteers to do the work necessarily to produce syslog-ng.
212
Reporting bugs, testing changes, writing code or simply providing
213
feedback are all important contributions, so please if you are a
214
user of syslog-ng, contribute.
216
These people have helped in this release:
218
* Balázs Németh (BalaBit)
219
* Sándor Gellér (Morgan Stanley)
220
* Péter Czanik (BalaBit)
221
* Owen Mann (Interactive Data)
222
* Zhengxiang Pan (Alcatel Lucent)
223
* Corinna Vinschen (RedHat)
224
* Eric Berggren (Apple)
225
* Gergely Nagy (BalaBit)
230
* Balázs Scheidler (BalaBit)
236
Fri, 12 Aug 2011 09:00:17 +0200
241
This release has started using the officially assigned port numbers
242
for RFC5424 based log transports. syslog-ng will properly use the
243
old defaults if the configuration @version indicates an old config.
245
This release contains all identified bug fixes published by the
246
BalaBit syslog-ng team in their syslog-ng PE 4.1 release, additional
247
features will be integrated into syslog-ng 3.4 as 3.3 is already
248
feature-frozen. See more deetails on the list of bugs fixed in the
249
"bugfixes" section below.
251
This release got a "beta" tag instead of a "release-candidate"
252
because of the level of public testing it has received. However all
253
currently known bugs are believed to be fixed and this should be
254
much better than beta1 was.
258
* Fixed a memory leak in macro based destination files.
260
* Fixed the "dropped" and "stored" counters for the SQL destination,
261
which were swapped previously.
263
* Fixed file sources to properly start the source file from the
264
beginning when restoring the persistent state failed.
266
* Fixed BSD timestamp parsing, that caused an extra syslog header to
267
be added to messages which had a single digit day-of-the-month
268
(e.g. the first ten days for every month).
270
* Fixed a possible crasher at exit, caused by the destinations being
271
flushed and the associated sources already cleaned up.
273
* Fixed a destination specific memory leak, which caused some
274
hundred bytes to be leaked when the configuration was reloaded.
276
* Set O_CLOEXEC for child program pipes, in order to avoid
277
inheriting those to other children.
279
* Allow RFC5424 structured data blocks to have no parameters (e.g.
280
"[foo]", which only has an SDID and no SDPARAM).
282
* Fixed the value of the $PRI macro which expanded to an empty
283
string if the priority was 0 (= kern.emerg)
285
* Fixed a race conditions in template compilation and expansion,
286
that could cause segmentation faults and other nastiness.
288
* Fixed a race condition in macro based file destinations, which
289
caused crashes when multiple sources wrote into the same file,
290
when the filename expanded to the same name from the multiple
291
connections. (e.g. using $PROGRAM in the filename and receiving
292
messages from different hosts running the same programs).
294
* Fixed a possible segmentation fault in certificate validation,
295
when the peer certificate contains an X.509 certificate purpose
298
* Try to load modules with the .a extension on AIX.
300
* Fixed a possible crash in the socket source with optional(yes).
302
* Made stats counters and their registration thread safe, which
303
either caused crashes if stats_level() > 1 or miscalculated values
304
due to parallel threads accessing the same counters.
306
* Fixed a possible crash for unknown or mistyped source flags.
308
* Fixed an fd and memory leak for opened destination connections.
310
* Fixed possible crashes in SIGHUP handling in case syslog-ng is
311
busy processing messages.
313
* Fixed a failed assertion in persistent-state handling, triggered
314
when multiple file sources are busy processing messages and
315
recording their current file position.
317
* Fixed SCL block expansion, when passing the empty value for a
320
* The final flush that happens right before syslog-ng exits honoured
321
the throttle() value. Since this is an attempt to squeeze out
322
everything we have to the destination, it's best to ignore
323
throttle in this case.
325
* Fixed a possible use-after-free and other crash causing problems
326
in file macro based destinations.
328
* Fixed a massive memory leak of all processed messages, which were
329
triggered by a change past v3.3.0beta1, but was found in a git
332
* Fixed keep-alive(yes) behaviour for destination drivers.
334
* Messages generated by the db-parser() will be marked as local
337
* Implemented locking callbacks for OpenSSL, without which enabling
338
SSL and threading mode almost guaranteed a crash in case multiple
339
connections were running SSL.
341
* Fixed an issue with the SQL destination, which can cause stalls in
347
* Added --with-module-path configure option that specifies the
348
default search path for modules. The help for the older
349
--with-module-dir option was clarified, it indicates where
350
syslog-ng Makefiles install modules.
352
* The configure script automatically adds -pthread to the CC command
353
line. Hopefully this is indeed supported on all platforms (worked
354
on the ones I've tried), and avoids having to play dirty tricks
355
with macros like _REENTRANT and _THREAD_SAFE.
357
* Link unit test programs against -livykis in case we're using a
358
system-installed ivykis, rather than our private copy.
360
* Fixed compile issues on Solaris.
362
* Updated to a newer libmongo-client (v0.1.3)
364
* Updated to a newer ivykis version (v0.19 with syslog-ng specific
367
Performance improvements:
368
=========================
370
* Use the GSlice allocator for objects allocated in the fast path.
372
* Avoid another use of sprintf in the LogWriter fastpath.
374
* Use per-thread caches for time related functions and the DNS cache.
376
* Use the string representation of IP addresses in the DNS cache, as
377
inet_ntop() performs much worse than the cache.
383
* Functional tests: properly detect the presence of sqlite to do the
386
* The minimum permissible value for the log-iw-size was changed to
387
100 from 10, as the per-connection window calculation has changed.
388
Earlier all connections shared the same window, starting with 3.3,
389
the window is distributed evenly to all connections, to avoid
390
starving (e.g. one connection starves the rest by using up the
391
window space) and to avoid thread synchronization in the message
392
processing fast path.
394
* Ported per-facility, per-severity, per-program and per-host
395
counters from the PE version.
397
* Other systemd unit files.
402
syslog-ng is developed as a community project, and as such it relies
403
on volunteers to do the work necessarily to produce syslog-ng.
405
Reporting bugs, testing changes, writing code or simply providing
406
feedback are all important contributions, so please if you are a
407
user of syslog-ng, contribute.
409
These people have helped in this release:
411
* Dave Reisner (ArchLinux)
412
* Nix (esperi.org.uk)
414
* Viacheslav Biriukov
415
* Andras Mitzki (BalaBit)
416
* Attila Nagy (BalaBit)
417
* Gyorgy Fischhof (BalaBit)
418
* Viktor Juhasz (BalaBit)
419
* Balazs Scheidler (BalaBit)
420
* Peter Czanik (BalaBit)
221
421
* Gergely Nagy (BalaBit)
226
* Balázs Scheidler (BalaBit)
228
Thanks for their efforts, it is appreciated.
231
Tue, 23 Nov 2010 08:59:47 +0100
233
This is the first release of the new major version of syslog-ng,
236
There are far-reaching changes in this release, the summary of the
237
new features is the longest list ever since the first syslog-ng
422
* Peter Gyorko (BalaBit)
423
* Tamas Pal (BalaBit)
424
* Zoltan Pallagi (BalaBit)
425
* Robert Fekete (BalaBit)
428
Fri, 13 May 2011 13:17:12 +0200
433
This release marks the feature freeze for the upcoming 3.3 version
434
of syslog-ng, development continues on the newly opened 3.4 branch,
435
while this one only receives bugfixes in the future.
242
* Added support for message correllation in db-parser. See the
243
relevant blog posts for more information:
245
http://bazsi.blogs.balabit.com/2010/10/syslog-ng-correllation-updated/
246
http://bazsi.blogs.balabit.com/2010/09/syslog-ng-correllation/
248
* Added "pdbtool patternize", which implements automatic patterndb
249
generation from a sample log file.
251
http://gyp.blogs.balabit.com/2010/01/introducing-pdbtool-patternize/
253
* Added pdbtool validation support, using the "pdbtool test --validate".
254
Requires an installed xmllint program.
256
* pdbtool is now able to merge patterndb XML files recursively in
257
order to make it easy to use the results of the patterndb project.
259
* db-parser() automatically assigns class-specific tags to messages,
260
this means that a message classified "system" will get a
261
".classifier.system" tag in addition to storing the class in a
262
name-value pair named ${.classifier.class}
264
* It is now possible to use multiple program name patterns for a
265
single ruleset in patterndb.
267
* pdbtool match is now able to read a file containing syslog
268
messages and apply patterndb and a filter expression on the
271
http://bazsi.blogs.balabit.com/2010/07/patterndb-grep-on-steroids.html
273
* pdbtool test is now able to perform pattern testing automatically
274
based on the supplied example log message.
276
http://marci.blogs.balabit.com/2010/07/pdbtool-test-and-pattern-database.html
280
* Added template functions framework and some initial functions:
282
http://bazsi.blogs.balabit.com/2010/09/introducing-template-functions/
284
The new functions are: $(echo), $(grep) and $(if)
286
* Added support for comparison operators in filter expressions, e.g.
287
it is now possible to use "$FACILITY_NUM" < "5". String and
288
numeric operators are also provided, the same way as in perl.
290
* Added $(ipv4-to-int) template function to convert an IP address to
291
its numeric representation.
293
* It is now possible to supply a filter to rewrite expressions and
294
only apply the rewrite rule in case the filter matches.
296
https://lists.balabit.hu/pipermail/syslog-ng/2010-July/014565.html
300
* Plugins: the new architecture replaces the old monolithic one,
301
all syslog-ng functionality is loaded from external plugins when
302
needed. It is possible to write plugins to extend syslog-ng
303
functionality in the following areas:
311
http://bazsi.blogs.balabit.com/2010/04/syslog-ng-32-changes.html
312
http://bazsi.blogs.balabit.com/2010/07/syslog-ng-contributions-redefined.html
314
* The framework for a "syslog-ng configuration library" (aka SCL) a
315
collection of configuration snippets installed along syslog-ng,
316
simplifying the authoring of syslog-ng configuration files.
318
http://git.balabit.hu/?p=bazsi/syslog-ng-3.2.git;a=commit;h=287993339599deac0442e26355c600b5aee63583
319
http://bazsi.blogs.balabit.com/2010/07/syslog-ng-contributions-redefined.html
321
* Support for reusable configuration snippets, similar to macros
322
with parameters, named "blocks".
324
http://bazsi.blogs.balabit.com/2010/04/syslog-ng-32-opened-experimental-blocks.html
326
* Added a confgen plugin that includes the output of a program into
327
the configuration file, making it possible to generate
328
configuration file snippets dynamically.
330
http://git.balabit.hu/?p=bazsi/syslog-ng-3.2.git;a=commit;h=5248ef6c49ff3af0b3c896448360073606c9c7d7
334
* Added support to process native syslog.conf file using the
335
syslogconf SCL plugin.
337
http://bazsi.blogs.balabit.com/2010/09/syslog-ng-now-supports-the-syslog-conf-file-format/
339
* syslog-ng now automatically detects if an incoming message is in
340
RFC3164 or RFC5424 format. This means that the syslog driver can
341
be used to process both.
344
* Support for BSD-style process accounting logs via the pacct()
345
source driver defined in by SCL and the underlying pacctformat
348
http://bazsi.blogs.balabit.com/2010/07/syslog-ng-and-process-accounting.html
350
SQL driver enhancements:
351
========================
352
* Support for explicit COMMITs in the SQL driver, this speeds up SQL
353
INSERT rate significantly if flush_lines() is non-zero.
355
http://bazsi.blogs.balabit.com/2010/04/explicit-transaction-support-in-sql.html
359
* Persistent state containing the current file position for file
360
sources is now continously updated during runtime, instead of
361
updating it only at exit, which makes it much more reliable in
362
case syslog-ng doesn't terminate normally.
364
* Better syntax error reporting in the configuration file.
366
http://bazsi.blogs.balabit.com/2010/04/syslog-ng-32-changes.html
368
* It is now possible to use multiple parser expressions in a single
369
parser object, similar to rewrite rules.
371
* Added support for using the include statement from anywhere in the
372
configuration file, instead of only at top-level. Also introduced
373
syslog-ng "global values" that can be defined and the substituted
374
anywhere in the configuration file.
376
http://git.balabit.hu/?p=bazsi/syslog-ng-3.2.git;a=commit;h=1203267c465256c99e622edf11e226301170f1c7
377
http://git.balabit.hu/?p=bazsi/syslog-ng-3.2.git;a=commit;h=52098762f27cde059e8b8ecda67691df85364e6d
379
* Default configuration file supplied as part of SCL.
381
Incompatible changes:
382
=====================
383
* syslog-ng traditionally expected an optional hostname field even
384
when a syslog message is received on a local transport (e.g.
385
/dev/log). However no UNIX version is known to include this
386
field. This caused problems when the application creating the log
387
message has a space in its program name field. This behaviour has
388
been changed for the unix-stream/unix-dgram/pipe drivers if the
389
config version is 3.2 and can be restored by using an explicit
390
'expect-hostname' flag for the specific source.
392
Compared to 3.2beta1:
393
=====================
396
* Fixed Linux capability support for unix-stream() and file()
397
destinations (Zbigniew Krzystolik)
398
* Fixed segmentation faults in "pdbtool match" reported by Peter
400
* Fixed pdbtool match --debug-pattern to correctly display &
402
* Fixed negated tags() filtering.
403
* The hostname wasn't always properly NUL terminated, causing binary
404
garbage to get into the logs in case chain_hostnames() option
406
* Fixed signed/unsigned comparison problem in db-parser() pattern
407
matching, possibly causing the db-parser() to mismatch on utf8 data.
408
* The db-parser() correllation state is kept accross SIGHUPs.
411
* Added man pages for loggen, syslog-ng-ctl. Updated man pages for
412
all other commands. (Robert Fekete)
413
* Removed the requirement to use UUIDs in patterndb files.
414
* The Debian packaging built into the source now builds a pluginised
415
syslog-ng binary correctly.
416
* The correllation engine now also follows system time to cause
417
pending events to time out even if there's no incoming log traffic.
418
* When using "pdbtool match" with correllation, pending events
419
accumulated until the end of the file are all run automatically.
420
* Added patterndb v4 XML schema.
439
* db-parser() has a new option called inject-mode() that can be used
440
to specify where synthetic messages generated by syslog-ng itself
441
should be injected. In 3.2 these appeared in the internal()
442
source, in 3.3 they'll be generated from within db-parser().
444
* "pdbtool patternize": added --no-parse option
448
* Make the number of retries runtime configurable in case an INSERT
449
is rejected by the database using the new retry-sql-inserts()
452
* Added support for using the "default" value for columns, by
453
specifying "default" as the column value. This can be used for
454
auto-incrementing fields.
456
* Explicit commits were adapted to use the proper BEGIN TRANSACTION
457
command on MS SQL and Oracle.
459
* Oracle doesn't like overly long index names, and since this limit
460
was easily reached by syslog-ng, use md5 to compress the index
463
* Removed the defaults for columns(), values() and indexes() as it's
464
almost impossible to come up with a set of defaults that works on
467
* DBI initialization errors are reported earlier, during startup, to
468
make their detection easier.
472
* The owner(), group(), perm(), dir_owner(), dir_group() and
473
dir_perm() can be specified without an argument which tells
474
syslog-ng to avoid changing file permissions even if the globals
479
* The name of the collection was changed to be a simple string,
480
instead of a template, to make implementing bulk inserts much
483
* Added support for the value-pairs() option, that makes it trivial
484
to add fields to records dynamically.
488
* A new module named tfjson was created which implements a
489
$(format-json) template function, capable of exporting the
490
syslog-ng message model as a properly marked up JSON object.
492
* The plugin supports both json-c and json-glib as backend
497
* The LogQueue component was restructured for better scalability.
498
This component is responsible to connect source and destination
499
drivers as they work in separate threads, and as such it plays an
500
important role in influencing the overall performance of syslog-ng.
504
* Added support for reading files in multi-threaded mode (each
505
thread sending a copy of that file, instead of mixing lines).
507
* Added support for IPv6.
511
* The list of plugins loaded by default became build-time
512
configurable using the --default-modules configure switch. The
513
same command line option can be used to override the same at
516
* --version now includes information on the list of available
517
modules, and --module-registry displays even more information on
518
every loadable module.
520
* Introduced another plugin possibility, inner-source and inner-dest
521
plugin types allow the extension any kind of source or destination
524
* Use the newly introduced "cap-syslog" capability with kernels
529
* A new shared library was introduced named libsyslog-ng-crypto.so
530
that contains all crypto related code shared between plugins.
532
* Added pkg-config files to be used in -dev packages in order to
533
make it possible to build external modules.
535
* "make uninstall" now properly uninstalls config files and SCL.
536
Note that it removes everything without checking that they were
541
* The program destination caused a segmentation fault during
542
startup, this was fixed.
544
* Fixed syslog() style framing over TLS or tcp, which caused the
545
syslog-ng server to shut connections down prematurely.
547
* Fixed syslog() client code, which may cause invalid framing to be
548
emitted on contended network connections.
550
* Fixed a possibly failed assert in the flow control code in
551
reaction to a broken source connection.
553
* Fixed processing flush_timeout() for destinations, in earlier
554
alpha versions flush_timeout() never expired.
556
* Some platforms return EINVAL for writev() calls with zero I/O
557
buffers, causing file output to fail. Make sure syslog-ng never
558
generates such calls.
560
* Fixed read behaviour for special files (like /proc/kmsg on
561
Linux, /dev/klog for FreeBSD), as epoll/kqueue is unable to handle
564
* Fixed write behaviour for special files (like /dev/console) as
565
epoll/kqueue must be used even though syslog-ng doesn't use those
568
* Fixed a premature connection closure when the destination is
569
unable to accept data (e.g. EAGAIN is returned from send()). This
570
was easily reproduced by enabling SSL, as SSL is reporting the
571
same condition when the negotiation is running and the client is
572
expecting the response from a server.
574
* Fixed a 100% CPU usage case in the SSL server case.
576
* Fixed a possible segmentation fault during runtime (use-after-free
577
problem which could cause segfaults).
579
* Fixed a segmentation fault at exit when the tcp() destination
580
couldn't connect to the server.
582
* Don't attempt to remember the file position for files that are
583
read using follow-freq(0), e.g. /dev/klog, /proc/kmsg and similar
586
* Fixed a db-parser() correllation bug, sometimes timers were not
587
expired as they should have. [3.2 port]
589
* Accept three forms of the catch-all log statement flag: catch-all,
590
catchall and catch_all since the documentation was wrong and it
591
differed from the actual implementation for ages.
593
* PCRE: fixed a potential resource hog triggered by PCRE 8.12 and
594
"global" replacements.
596
* loggen: make sure loggen sends out all data by calling shutdown()
597
on the output socket.
599
* loggen: handle SIGPIPE signals which caused loggen to exit
600
prematurely when connections broke.
602
* loggen: fixed a potential division by zero when reporting the
603
message rate for unsuccessful connections.
605
* Fixed a number of compilation warnings triggered by gcc 4.6
610
syslog-ng is developed as a community project, and as such it relies
611
on volunteers, to do the work necessarily to produce syslog-ng.
613
Reporting bugs, testing changes, writing code or simply providing
614
feedback are all important contributions, so please if you are a
615
user of syslog-ng, contribute.
617
These people have helped in this release:
620
* Balazs Scheidler (BalaBit)
621
* Gergely Nagy (BalaBit)
623
* Peter Czanik (BalaBit)
624
* Viktor Juhasz (BalaBit)
625
* Attila Nagy (BalaBit)
626
* Andras Miczki (BalaBit)
627
* György Fischhof (BalaBit)
628
* Tamás Pál (BalaBit)
629
* Bálint Kovács (BalaBit)
631
* Peter Gyöngyösi (BalaBit)
632
* Mishou Michael (IRS)
634
* Sándor Gellér (Morgan Stanley)
636
* Jose Oliveira (Fedora)
637
* Serge Hallyn (Ubuntu)
642
Thu, 10 Mar 2011 12:51:36 +0100
646
* Support for systemd activation added.
648
* Add support for customizable token delimiters in "pdbtool
649
patternize", which makes the resulting patterns to have much
652
* Added support for a --no-parse command line option for "pdbtool
653
patternize" to avoid parsing the input as normal syslog messages.
655
* Added a new flag 'ignore-errors' to LogWriter based destinations
656
(file, pipe, tcp, udp, syslog)
658
* Added support for specifying the suppress() option globally.
663
* Fixed a tcp()/udp()/syslog() destination driver issue that caused
664
aborts during startup.
666
* Handle non-epollable devices like /dev/null normally by failling
667
back to the regular file-like handling. Earlier these caused an
670
* Makefile fixes to make it possible to compile syslog-ng from a
673
* Added error messages about libdbi initialization failures, that
674
would prevent the SQL destination from working.
676
* Make it possible to compile against PCRE not in a standard
677
location (caused compilation failures on FreeBSD).
679
* Fixed several $(grep) related bugs:
681
- not to cause a segmentation faule when the filter expression
682
supplied contains syntax errors
684
- the template parsing code removed quotes required by filter
685
expressions, with the current change it is possible to use
686
quotes in the filter expressions directly:
687
$(grep ('$username' == 'root') $MSG)
689
- fixed the handling of template function invocations within
690
correllation that had multiple messages in its context.
692
* Fixed a segmentation fault in pdbtool match --debug-pattern in
693
case there was no matching rule.
695
* Fixed "pdbtool test".
697
* Added a new macro named $CONTEXT_ID that expands to the current
698
context-id in correllated rules.
702
* Changed the default syslog-ng.conf version number to 3.3 to match
705
* The pipe() destination used to override the default value of
706
flush_lines() by explicitly setting it to 0. This behaviour has
707
been removed, now the pipe() driver will properly use the default,
708
unless overridden explicitly.
710
* Ported the 3.2 linking changes to 3.3, which means that:
712
- libsyslog-ng-patterndb.so is gone, both the command line pdbtool
713
command and the patterndb plugin (libpatterndb.so) links its
714
contents statically, to improve portability on Cygwin.
716
- unit tests & command line utilities link properly in
717
--enable-mixed-linking mode
719
* Added debug messages in the correllation code to make it easier to
720
debug correllation rules.
722
* Added debug/verbose options to pdbtool.
727
Code, bugreports, testing, documentation suggestions and other
728
improvements were contributed by:
730
* Arkadiusz Miśkiewicz (PLD Linux)
731
* Balazs Scheidler (BalaBit)
732
* Balint Kovacs (BalaBit)
733
* Corinna Vinschen (RedHat)
734
* Dalibor Toman (fortech.cz)
735
* Gergely Nagy (BalaBit)
736
* Laszlo Boszormenyi (lsc.hu)
737
* Marius Tomaschewski (Novell)
738
* Peter Czanik (BalaBit)
739
* Peter Gyongyosi (BalaBit)
740
* Tom Gundersen (jklm.no)
741
* Valentijn Sessink (blub.net)
742
* Zoltan Pallagi (BalaBit)
745
Sun, 06 Feb 2011 17:30:51 +0100
747
This is the first alpha release of the upcoming syslog-ng OSE 3.3,
748
containing the following noteworthy changes over syslog-ng OSE 3.2.
752
* Added mongodb() destination driver to insert messages into
753
MongoDB, a NoSQL database.
755
* Uses multiple threads for message reception and output for
756
scalability over multiple CPUs/cores. To enable multiple threads
757
use threaded(yes) in the global options section of your
760
* Uses epoll() instead of traditional poll() for increased
761
performance, using a thin abstraction layer implemented in the
762
ivykis library. A copy of ivykis is available in the source tree
765
* loggen was made multi-threaded and added the ability to open
766
several connections, instead of only one.
768
* Other performance related tweaks.
772
* log_iw_size() is divided among all possible connections for a
773
connection oriented transport like unix-stream(), tcp() and
774
syslog(transport(tcp)). This is in contrast with earlier versions
775
which shared the same window for all connections. At the same time
776
the global log_iw_size()/log_fetch_limit() settings were removed.
780
* This release is synced with syslog-ng 3.2.2 bugfix-wise.
423
Mon, 11 Oct 2010 12:25:07 +0200
425
Changes and new features destined to the syslog-ng 3.2 release are
426
complete, and starting with this release, only bugfixes and minor
427
changes are possible. There's only one exception to this: the
428
correllation framework in db-parser() is still considered
429
experimental and is recommended for early adopters only.
431
This beta has gone through some testing and initial blocker problems
432
were fixed before the release. Right now I'm not aware of any
433
serious issues, but as always, testing is appreciated.
435
New features since 3.2alpha2:
437
Bugfixes since 3.2alpha2:
438
* Fixed a possible infinite loop in "pdbtool test" in case
439
program/message was missing from the sample message.
441
* SQL: revert don't require the current CVS version of libdbi
443
* Don't report "this config file version is too old" multiple times.
445
* Underscore and dash are assumed to be equivalent in plugin names.
447
* Various memory leaks were plugged.
450
* Removed the use_time_recvd() global and per-destination option,
451
deprecated since 3.0. Can be substituted with $R_ prefix in macro
455
* Restructured the source tree in order to make compilations of
456
independent plugins easier and faster. Modules go to modules/
457
subdirectory, the core lives under lib/ and the main executables
460
* SCL paths are determined relative to ${datadir} instead of
461
${prefix} to make distribution packaging easier.
463
* Pass -avoid-version when linking modules.
465
* syslog-ng now requires bison 2.4, this is also checked by the
469
Fri, 06 Aug 2010 21:17:50 +0200
471
The documentation of syslog-ng is not yet up-to-date with the new
472
features introduced with this release. Therefore for each feature
473
below you can also find an URL containining the best known
474
description what the given feature does. These are not necessarily
475
100% accurate, but should give anyone interested an idea how to
478
Also, please note that although this is an alpha release, the bulk
479
of the changes are in the configuration parser, so once your
480
configuration was parsed properly and syslog-ng starts up, an almost
481
unchanged code is processing it. This means that this release
482
should be good enough to start playing with. And feedback about
483
what kind of syslog-ng.conf parsing errors you encounter on
484
real-life configuration files is more than welcome.
489
Wed, 14 Jul 2010 21:25:19 +0200
491
Initial 3.2 release. NEWS will be filled in later.
785
Multi-threading, epoll support and other performance improvements by
786
Balazs Scheidler (BalaBit).
788
mongodb() destination driver by Gergely Nagy aka Algernon (BalaBit)
790
Bug reports, testing and other feedback by the following people:
792
* Balázs Németh (BalaBit)
793
* Sándor Gellér (Morgan Stanley)
794
* Péter Czanik (BalaBit)
795
* Owen Mann (Interactive Data)
796
* Zhengxiang Pan (Alcatel Lucent)
797
* Corinna Vinschen (RedHat)
798
* Eric Berggren (Apple)
799
* Gergely Nagy (BalaBit)
804
* Balázs Scheidler (BalaBit)