<div dir="ltr"><div><div><div><div><div><div>Hi,<br><br></div>It's up and running on my laptop and did not it (yet :-) ) eat the machine. It's a beta, so not recommended for production use, still any testing and feedback is very welcome!<br><br>While trying to package the beta, I ran into two bugs:<br></div>- man pages are missing from the release tar.gz<br></div>- parallel build does not seem to work (don't use "make -j")<br></div><br>My packages for openSUSE are available at <a href="https://build.opensuse.org/project/show/home:czanik:syslog-ng37">https://build.opensuse.org/project/show/home:czanik:syslog-ng37</a><br></div><br>Tomorrow I'm mostly off-line due to a training and don't have much time left for packaging this week. Which platform (FreeBSD or Linux distro version) should have 3.7 beta1 packages next?<br><br></div>Bye,</div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><div dir="ltr">Peter Czanik (CzP) <<a href="mailto:peter.czanik@balabit.com" target="_blank">peter.czanik@balabit.com</a>><br>BalaBit IT Security / syslog-ng upstream<br><a href="http://czanik.blogs.balabit.com/" target="_blank">http://czanik.blogs.balabit.com/</a><br><a href="https://twitter.com/PCzanik" target="_blank">https://twitter.com/PCzanik</a><br></div></div></div>
<br><div class="gmail_quote">On Tue, Apr 14, 2015 at 8:08 PM, Czanik, Péter <span dir="ltr"><<a href="mailto:peter.czanik@balabit.com" target="_blank">peter.czanik@balabit.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><br><div class="gmail_quote"><h1>3.7.0beta1</h1>
<p>This is the first beta release of the upcoming syslog-ng OSE 3.7<br>
branch.</p>
<p>Further releases will focus on fixes and small <code>Getting started ...</code><br>
documentations.</p>
<p>Changes compared to the previous alpha release:</p>
<h2>Features</h2>
<ul>
<li><p>Added batched event sending support for riemann destination driver which<br>
makes the riemann destination respect flush-lines(), and send event<br>
in batches of configurable amount (defaults to 1). In case of an error,<br>
all messages within the batch will be dropped. Dropped messages, and<br>
messages that result in formatting errors do not count towards the batch<br>
size. There is no timeout, but messages will be flushed upon deinit.</p></li>
<li><p>Added IPv6 netmask filter for selecting only messages sent by a host whose<br>
IP address belongs to the specified IPv6 subnet.</p></li>
<li><p>Added syslog-ng debug bundle generator script for collecting debug related<br>
information.</p></li>
<li><p>Added a new macro, called HOSTID which is a 32-bit number generated by<br>
a cryptographically secure PRNG. Its purpose is to identify the<br>
syslog-ng host, thus it is the same for every message generated on the same<br>
host.</p></li>
<li><p>Added a new macro, called UNIQID which is a practically unique ID generated<br>
from the <code>HOSTID</code> and the <code>RCPTID</code> in the format of <code>HOSTID@RCPTID</code>. <br>
Uniqid is a derived value: it is built up from the always available hostid<br>
and the optional rcptid. In other words: uniqid is an extension over rcptid.<br>
For that reason <code>use-rcptid</code> has been deprecated and <code>use-uniqid</code> could be<br>
use instead.</p></li>
<li><p>Added a reset option to syslog-ng-ctl stats. With this option the non-stored<br>
stats counters can be zeroed.</p></li>
<li><p>Java-destination driver ported from syslog-ng-incubator.<br>
Purpose of having Java destination driver is to provide the right way to <br>
support all player in the "Java related logging ecosystem"<br>
(Kafka, HDFS, ElasticSearch, ...). Java dest driver is a special driver,<br>
a bridge between the C and the Java world from syslog-ng point of view.</p></li>
<li><p>Python language support is ported from syslog-ng incubator and <br>
has been completely reworked. Now, it is possible to implement template<br>
functions in Python language and also destination drivers.<br>
Main purpose of supporting Python language is to implement a nice<br>
interactive syslog-ng config debugger for syslog-ng.</p></li>
<li><p>New builtin interactive syslog-ng.conf debugger implemented for syslog-ng.<br>
The debugger has a Python frontend which contains a full Completer<br>
(just press TABs and works like bash)</p></li>
</ul>
<h2>Enhancements</h2>
<ul>
<li><p>Extended the set of supported characters to every printable ASCII's except<br>
<code>.</code>, <code>[</code> and <code>]</code> in <code>extract-prefix</code> for <code>json-parser()</code>.</p></li>
<li>
<p>OpenSSL set as a hard dependency for syslog-ng because the newly added <br>
<code>hostid</code> and <code>uniqid</code> features requires a CPRNG provided by OpenSSL.</p>
<p>After OpenSSL is a hard dependency</p>
<ul>
<li> non-embedded crypto lib is not a real option, so the support of having
such a crypto lib discontinued</li>
<li>all SSL-dependent features enabled by default</li>
</ul>
</li>
<li><p>Added string-delimiters option to csvparser to support multi character<br>
delimiters in CSV parsing.</p></li>
<li><p>Upgrade RabbitMQ submodule to the upstream.</p></li>
<li><p>Extended rcpt-id to 64 bits (formerly it was 48 bits).</p></li>
</ul>
<h2>Fixes</h2>
<ul>
<li>
<p>Fixed the encoding of characters below 32 if escaping is enabled in <br>
templates. Templated outputs never contained references to characters below<br>
32, essentially they were dropped from the output for two reasons:</p>
<ul>
<li>the prefixing backslash was removed from the code</li>
<li>the format_uint32_padded() function produced no outputs in base 8</li>
</ul>
</li>
<li><p>Fixed afstomp destination port issue. It always tried to connect to the port 0.</p></li>
<li><p>Fixed compilation where the monolitic libsystemd was not available.</p></li>
<li><p>Fixed memleak in db-parser which could happen at every reload.</p></li>
<li>
<p>Fixed a class of rule conflicts in db-parser:</p>
<p>Because an error in the pdb load algorithms, some rules would conflict which<br>
shouldn't have done that. The problem was that several programs would use <br>
the same RADIX tree to store their patterns. Merging independent programs <br>
meant that if they the same pattern listed, it would clash, even though<br><br>
their $PROGRAM is different.</p>
<p>There were multiple issues:</p>
<ul>
<li><p>we looked up pattern string directly, even they might have contained<br>
<a href="https://github.com/parser" target="_blank">@parser</a>@ references. It was simply not designed that way and only<br><br>
worked as long as we didn't have the possibility to use parsers<br><br>
in program names</p></li>
<li><p>we could merge programs with the same prefix, e.g.<br>
su, supervise/syslog-ng and supervise/logindexd would clash, on "su",<br>
which is a common prefix for all three.</p></li>
</ul>
<p>The solution involved in using a separate hash table for loading, which<br>
at the end is turned into the radix tree.</p>
<ul>
<li><p>Fixed a crash around affile at the first message delivery when templates<br>
were used.</p></li>
<li><p>Excluded "tags" from riemann destination driver as an attribute which <br>
conflicts with reserved keyword</p></li>
<li><p>Fixed a docbook related compilation error: there was a hardcoded path that<br>
caused build to fail if docbook is not on that path. Debian based<br>
platforms did not affected by this problem.<br>
Now a new option was created for <code>./configure</code> that is <code>--enable-manpages</code><br>
that enables the generation of manpages using docbook from online source.<br>
'--with-docbook=PATH' gives you the opportunity to specify the path for<br>
your own installed docbook.</p></li>
</ul>
</li>
</ul>
<h2>Developer notes</h2>
<ul>
<li>
<p>filter: fix external filter plugin lookup </p>
<p>The filter_plugin rule expected an LL_IDENTIFIER and filter_comparison<br>
expected a string which in turn is an LL_IDENTIFIER or LL_STRING. It<br>
caused a conflict in the grammar which prevented to load external<br>
filter plugins. </p>
</li>
</ul>
<h2>Credits</h2>
<p>syslog-ng is developed as a community project, and as such it relies<br>
on volunteers, to do the work necessarily to produce syslog-ng.</p>
<p>Reporting bugs, testing changes, writing code or simply providing<br>
feedback are all important contributions, so please if you are a user<br>
of syslog-ng, contribute.</p>
<p>We would like to thank the following people for their contribution:</p>
<p>Andras Mitzki, Balazs Scheidler, Botond Borsits, Fabien Wernli, Gergely Nagy,<br>
Gergo Nagy, Gyorgy Pasztor, Istvan Adam Mozes, Laszlo Budai,<br>
Manikandan-Selvaganesh, Peter Czanik, Robert Fekete, Tibor Benke,<br>
Viktor Juhasz, Vincent Bernat, Zoltan Fried, Zoltan Pallagi.</p>
<p style="font-size:small;color:#666">—<br><a href="https://github.com/balabit/syslog-ng/releases/tag/syslog-ng-3.7.0beta1" target="_blank">View it on GitHub</a>.<img alt="" height="1" width="1"></p>
<div>
<div>
</div>
</div>
</div><br></div>
</blockquote></div><br></div>