
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>

</head>

<body dir="ltr">

<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

<div class="markdown-body">

<h1>3.29.1</h1>

<h2>Highlights</h2>

<ul>

<li>

<p><code>panos-parser()</code>: parse Palo Alto PAN-OS logs</p>

<p>Example:</p>

<pre><code>@include "scl.conf"


log {

  source { network(transport("udp")); };


  parser { panos-parser(); };


  destination {

   elasticsearch-http(

     index("syslog-ng-${YEAR}-${MONTH}-${DAY}")

     type("")

     url("http://localhost:9200/_bulk")

     template("$(format-json

       --scope rfc5424

       --scope dot-nv-pairs --rekey .* --shift 1 --exclude *future_* --exclude *dg_hier_level_*

       --scope nv-pairs --exclude DATE --key ISODATE @timestamp=${ISODATE})")

   );

  };

};

</code></pre>

<p>(<a href="https://github.com/syslog-ng/syslog-ng/pull/3234" data-hovercard-type="pull_request" data-hovercard-url="/syslog-ng/syslog-ng/pull/3234/hovercard">#3234</a>)</p>

</li></ul>

<h2>Features</h2>

<ul>

<li>

<p>snmptrap: improve error message when missing dependency<br>

(<a href="https://github.com/syslog-ng/syslog-ng/pull/3363" data-hovercard-type="pull_request" data-hovercard-url="/syslog-ng/syslog-ng/pull/3363/hovercard">#3363</a>)</p>

</li><li>

<p>disk queue: reduce memory usage during load<br>

(<a href="https://github.com/syslog-ng/syslog-ng/pull/3352" data-hovercard-type="pull_request" data-hovercard-url="/syslog-ng/syslog-ng/pull/3352/hovercard">#3352</a>)</p>

</li><li>

<p>Allow dupnames flag to be used in PCRE expressions, allowing duplicate names for named subpatterns<br>

as explained here: <a href="https://www.pcre.org/original/doc/html/pcrepattern.html#SEC16" rel="nofollow">

https://www.pcre.org/original/doc/html/pcrepattern.html#SEC16</a> .</p>

<p>Example:</p>

<pre><code>filter f_filter1 {

  match("(?<FOOBAR>bar)|(?<FOOBAR>foo)" value(MSG) flags(store-matches, dupnames));

};

</code></pre>

<p>(<a href="https://github.com/syslog-ng/syslog-ng/pull/3381" data-hovercard-type="pull_request" data-hovercard-url="/syslog-ng/syslog-ng/pull/3381/hovercard">#3381</a>)</p>

</li></ul>

<h2>Bugfixes</h2>

<ul>

<li>

<p>filter/regex: if there was a named match (?..)? that is optional to match, the previose or the next named matches might not be saved as named match.<br>

(<a href="https://github.com/syslog-ng/syslog-ng/pull/3393" data-hovercard-type="pull_request" data-hovercard-url="/syslog-ng/syslog-ng/pull/3393/hovercard">#3393</a>)</p>

</li><li>

<p><code>tls</code>: Fixed a bug, where <code>ecdh-curve-list()</code> were not applied at client side.<br>

(<a href="https://github.com/syslog-ng/syslog-ng/pull/3356" data-hovercard-type="pull_request" data-hovercard-url="/syslog-ng/syslog-ng/pull/3356/hovercard">#3356</a>)</p>

</li><li>

<p>scratch-buffers: fix <code>global.scratch_buffers_bytes.queued</code> counter bug<br>

This bug only affected the stats_counter value, not the actual memory usage (i.e. memory usage was fine before)<br>

(<a href="https://github.com/syslog-ng/syslog-ng/pull/3355" data-hovercard-type="pull_request" data-hovercard-url="/syslog-ng/syslog-ng/pull/3355/hovercard">#3355</a>)</p>

</li><li>

<p>wsl: fix infinite loop during startup<br>

(<a href="https://github.com/syslog-ng/syslog-ng/pull/3340" data-hovercard-type="pull_request" data-hovercard-url="/syslog-ng/syslog-ng/pull/3340/hovercard">#3340</a>)</p>

</li><li>

<p><code>openbsd</code>: showing grammar debug info for openbsd too, when <code>-y</code> command line option is used<br>

(<a href="https://github.com/syslog-ng/syslog-ng/pull/3339" data-hovercard-type="pull_request" data-hovercard-url="/syslog-ng/syslog-ng/pull/3339/hovercard">#3339</a>)</p>

</li><li>

<p><code>stats-query</code>: speedup <code>syslog-ng-ctl query get "*"</code> command.</p>

<p>An algorithmic error view made <code>syslog-ng-ctl query get "*"</code> very slow with large number of counters.<br>

(<a href="https://github.com/syslog-ng/syslog-ng/pull/3376" data-hovercard-type="pull_request" data-hovercard-url="/syslog-ng/syslog-ng/pull/3376/hovercard">#3376</a>)</p>

</li><li>

<p>syslogformat: fixing crashing with small invalid formatted logs see example in

<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="640360238" data-permission-text="Title is private" data-url="https://github.com/syslog-ng/syslog-ng/issues/3328" data-hovercard-type="issue" data-hovercard-url="/syslog-ng/syslog-ng/issues/3328/hovercard" href="https://github.com/syslog-ng/syslog-ng/issues/3328">

#3328</a><br>

(<a href="https://github.com/syslog-ng/syslog-ng/pull/3364" data-hovercard-type="pull_request" data-hovercard-url="/syslog-ng/syslog-ng/pull/3364/hovercard">#3364</a>)</p>

</li><li>

<p><code>cfg</code>: fix config reload crash via introducing <code>on_config_inited</code> in LogPipe<br>

(<a href="https://github.com/syslog-ng/syslog-ng/pull/3176" data-hovercard-type="pull_request" data-hovercard-url="/syslog-ng/syslog-ng/pull/3176/hovercard">#3176</a>)</p>

</li><li>

<p>config: fix error reporting</p>

<ul>

<li>Error reporting was fixed for lines longer than 1024 characters.</li><li>The location of the error was incorrectly reported in some cases.<br>

(<a href="https://github.com/syslog-ng/syslog-ng/pull/3383" data-hovercard-type="pull_request" data-hovercard-url="/syslog-ng/syslog-ng/pull/3383/hovercard">#3383</a>)</li></ul>

</li><li>

<p><code>disk queue</code>: fix possible crash during load, and possible false positive corruption detection<br>

(<a href="https://github.com/syslog-ng/syslog-ng/pull/3342" data-hovercard-type="pull_request" data-hovercard-url="/syslog-ng/syslog-ng/pull/3342/hovercard">#3342</a>)</p>

</li><li>

<p>db-parser, pdbtool, graphite-output: fix glib assertion error</p>

<p>The assertion happened in these cases</p>

<ul>

<li>dbparser database load</li><li>argument parsing in graphite-output</li><li>pdbtool merge commad</li></ul>

<p>Syslog-ng emitted a glib assertion warning in the cases above, even in successful executions.</p>

<p>If <code>G_DEBUG=fatal-warnings</code> environment variable was used, the warning turned into a crash.<br>

(<a href="https://github.com/syslog-ng/syslog-ng/pull/3344" data-hovercard-type="pull_request" data-hovercard-url="/syslog-ng/syslog-ng/pull/3344/hovercard">#3344</a>)</p>

</li><li>

<p>stats: fix stats-ctl query crash when trying to reset all the counters<br>

<code>syslog-ng-ctl query get '*' --reset</code><br>

(<a href="https://github.com/syslog-ng/syslog-ng/pull/3361" data-hovercard-type="pull_request" data-hovercard-url="/syslog-ng/syslog-ng/pull/3361/hovercard">#3361</a>)</p>

</li></ul>

<h2>Packaging</h2>

<ul>

<li>RHEL 7 packaging: fix logrotate file conflict with rsyslog<br>

(<a href="https://github.com/syslog-ng/syslog-ng/pull/3324" data-hovercard-type="pull_request" data-hovercard-url="/syslog-ng/syslog-ng/pull/3324/hovercard">#3324</a>)</li><li>Debian packaging: python3-nose was removed from package dependencies.<br>

Pytest will run Python related unittests (for modules/python/pylib/syslogng/debuggercli/tests/)<br>

instead of nose.<br>

(<a href="https://github.com/syslog-ng/syslog-ng/pull/3343" data-hovercard-type="pull_request" data-hovercard-url="/syslog-ng/syslog-ng/pull/3343/hovercard">#3343</a>)</li></ul>

<h2>Notes to developers</h2>

<ul>

<li>

<p>light: test for assertion errors in glib for each testcases<br>

(<a href="https://github.com/syslog-ng/syslog-ng/pull/3344" data-hovercard-type="pull_request" data-hovercard-url="/syslog-ng/syslog-ng/pull/3344/hovercard">#3344</a>)</p>

</li><li>

<p>Fix signal handling when an external library/plugin sets SIG_IGN</p>

<p>Previously, setting SIG_IGN in a plugin/library (for example, in a Python module) resulted in a crash.<br>

(<a href="https://github.com/syslog-ng/syslog-ng/pull/3338" data-hovercard-type="pull_request" data-hovercard-url="/syslog-ng/syslog-ng/pull/3338/hovercard">#3338</a>)</p>

</li><li>

<p><code>func-test</code>: removed logstore_reader check, which was never reached<br>

(<a href="https://github.com/syslog-ng/syslog-ng/pull/3236" data-hovercard-type="pull_request" data-hovercard-url="/syslog-ng/syslog-ng/pull/3236/hovercard">#3236</a>)</p>

</li><li>

<p><code>plugin_skeleton_creator</code>: fixing a compiler switch</p>

<p>Wrong compiler switch used in <code>plugin_skeleton_creator</code>. This caused a compiler warning. The grammar debug info did not appear for that module, when

<code>-y</code> command line option was used.<br>

(<a href="https://github.com/syslog-ng/syslog-ng/pull/3339" data-hovercard-type="pull_request" data-hovercard-url="/syslog-ng/syslog-ng/pull/3339/hovercard">#3339</a>)</p>

</li><li>

<p>Light test framework: get_stats and get_query functions to DestinationDriver class</p>

<p>Two new functions added to DestinationDriver class which can be used for getting the stats<br>

and query output of syslog-ng-ctl.<br>

(<a href="https://github.com/syslog-ng/syslog-ng/pull/3211" data-hovercard-type="pull_request" data-hovercard-url="/syslog-ng/syslog-ng/pull/3211/hovercard">#3211</a>)</p>

</li></ul>

<h2>Other changes</h2>

<ul>

<li>

<p><code>internal()</code>: limit the size of internal()'s temporary queue</p>

<p>The <code>internal()</code> source uses a temporary queue to buffer messages.<br>

>From now on, the queue has a maximum capacity, the <code>log-fifo-size()</code> option<br>

can be used to change the default limit (10000).</p>

<p>This change prevents consuming all the available memory in special rare cases.<br>

(<a href="https://github.com/syslog-ng/syslog-ng/pull/3229" data-hovercard-type="pull_request" data-hovercard-url="/syslog-ng/syslog-ng/pull/3229/hovercard">#3229</a>)</p>

</li><li>

<p>network plugins: better timer defaults for TCP keepalive</p>

<p>From now on, syslog-ng uses the following defaults for TCP keepalive:</p>

<ul>

<li><code>tcp-keepalive-time()</code>: 60</li><li><code>tcp-keepalive-intvl()</code>: 10</li><li><code>tcp-keepalive-probes()</code>: 6</li></ul>

<p>Note: <code>so-keepalive()</code> is enabled by default.<br>

(<a href="https://github.com/syslog-ng/syslog-ng/pull/3357" data-hovercard-type="pull_request" data-hovercard-url="/syslog-ng/syslog-ng/pull/3357/hovercard">#3357</a>)</p>

</li></ul>

<h2>Credits</h2>

<p>syslog-ng is developed as a community project, and as such it relies<br>

on volunteers, to do the work necessarily to produce syslog-ng.</p>

<p>Reporting bugs, testing changes, writing code or simply providing<br>

feedback are all important contributions, so please if you are a user<br>

of syslog-ng, contribute.</p>

<p>We would like to thank the following people for their contribution:<br>

Andras Mitzki, Antal Nemes, Attila Szakacs, Balazs Scheidler, Christian Tramnitz, chunmeng, Gabor Nagy, Laszlo Budai, Laszlo Szemere, L�szl� V�rady, MileK, Norbert Takacs, Peter Czanik, P�ter K�kai, Terez Nemes.</p>

</div>

<br>

</div>

<div>

<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

<br>

</div>

</div>

</body>

</html>