<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);" class="elementToProof">
<div class="x_x_elementToProof" style="font-size:11pt;color:rgb(0,0,0)!important">
<div class="x_x_markdown-body x_x_my-3">
<h1>3.37.1</h1>
<h2>Highlights</h2>
<ul>
<li><code>kubernetes</code> source: A new source for Kubernetes CRI (Container Runtime Interface) format.<br>
By default it tails the <code>/var/log/containers</code> folder which can be overriden with the
<code>base-dir()</code> parameter.<br>
Example configuration:
<div class="x_x_snippet-clipboard-content x_x_notranslate x_x_position-relative x_x_overflow-auto">
<pre class="x_x_notranslate"><code>source {
kubernetes();
# or specifying the directory:
# kubernetes(base-dir("/dir/to/tail"));
};
</code></pre>
</div>
(<a href="https://github.com/syslog-ng/syslog-ng/pull/4015" target="_blank" rel="noopener noreferrer" data-auth="NotApplicable" data-linkindex="0">#4015</a>)</li><li><code>mariadb-audit-parser</code>: A new parser for mariadb/mysql audit plugin logs have been added.<br>
The parser supports the <code>syslog</code> output type's format, see <a href="https://mariadb.com/kb/en/mariadb-audit-plugin" target="_blank" rel="nofollow noopener noreferrer" data-auth="NotApplicable" data-linkindex="1">
mariadb page</a> for details.<br>
(<a href="https://github.com/syslog-ng/syslog-ng/pull/3947" target="_blank" rel="noopener noreferrer" data-auth="NotApplicable" data-linkindex="2">#3947</a>)</li></ul>
<h2>Features</h2>
<ul>
<li>
<p><code>internal()</code>: add rcptid tag to all trace messages that relate to incoming<br>
log messages. This makes it easier to correlate parsing, rewriting and<br>
routing actions with incoming log messages.<br>
(<a href="https://github.com/syslog-ng/syslog-ng/pull/3972" target="_blank" rel="noopener noreferrer" data-auth="NotApplicable" data-linkindex="3">#3972</a>)</p>
</li><li>
<p><code>syslog-parser()</code>: allow comma (e.g. ',') to separate the seconds and the fraction of a<br>
second part as some devices use that character. This change applies to both<br>
to <code>syslog-parser()</code> and the builtin syslog parsing functionality of network<br>
source drivers (e.g. <code>udp()</code>, <code>tcp()</code>, <code>network()</code> and
<code>syslog()</code>).<br>
(<a href="https://github.com/syslog-ng/syslog-ng/pull/3949" target="_blank" rel="noopener noreferrer" data-auth="NotApplicable" data-linkindex="4">#3949</a>)</p>
</li><li>
<p><code>cisco-parser</code>: add ISO 8601 timestamp support<br>
(<a href="https://github.com/syslog-ng/pull/3934" target="_blank" rel="noopener noreferrer" data-auth="NotApplicable" data-linkindex="5">#3934</a>)</p>
</li><li>
<p><code>network()</code>, <code>syslog()</code> sources and destinations: added new TLS options
<code>sigalgs()</code> and <code>client-sigalgs()</code></p>
<p>They can be used to restrict which signature/hash pairs can be used in digital signatures.<br>
It sets the "signature_algorithms" extension specified in RFC5246 and RFC8446.</p>
<p>Example configuration:</p>
<div class="x_x_snippet-clipboard-content x_x_notranslate x_x_position-relative x_x_overflow-auto">
<pre class="x_x_notranslate"><code>destination {
network("test.host" port(4444) transport(tls)
tls(
pkcs12-file("/path/to/tls/test.p12")
peer-verify(yes)
sigalgs("RSA-PSS+SHA256:ed25519")
)
);
};
</code></pre>
</div>
<p>(<a href="https://github.com/syslog-ng/syslog-ng/pull/4000" target="_blank" rel="noopener noreferrer" data-auth="NotApplicable" data-linkindex="6">#4000</a>)</p>
</li><li>
<p><code>set-matches()</code> and <code>unset-matches()</code>: these new rewrite operations allow<br>
the setting of match variables ($1, $2, ...) in a single operation, based<br>
on a syslog-ng list expression.<br>
Example:</p>
<div class="x_x_snippet-clipboard-content x_x_notranslate x_x_position-relative x_x_overflow-auto">
<pre class="x_x_notranslate"><code># set $1, $2 and $3 respectively
set-matches("foo,bar,baz");
# likewise, but using a list function
set-matches("$(explode ':' 'foo:bar:baz')");
</code></pre>
</div>
<p>(<a href="https://github.com/syslog-ng/syslog-ng/pull/3948" target="_blank" rel="noopener noreferrer" data-auth="NotApplicable" data-linkindex="7">#3948</a>)</p>
</li><li>
<p><code>$*</code> macro: the $* macro in template expressions convert the match variables<br>
(e.g. $1, $2, ...) into a syslog-ng list that can be further manipulated<br>
using the list template functions, or turned into a list in type-aware<br>
destinations.<br>
(<a href="https://github.com/syslog-ng/syslog-ng/pull/3948" target="_blank" rel="noopener noreferrer" data-auth="NotApplicable" data-linkindex="8">#3948</a>)</p>
</li><li>
<p><code>set-tag()</code>: add support for using template expressions in <code>set-tag()</code> rewrite<br>
operations, which makes it possible to use tag names that include macro<br>
references.<br>
(<a href="https://github.com/syslog-ng/syslog-ng/pull/3962" target="_blank" rel="noopener noreferrer" data-auth="NotApplicable" data-linkindex="9">#3962</a>)</p>
</li></ul>
<h2>Bugfixes</h2>
<ul>
<li><code>http()</code> and other threaded destinations: fix <code>$SEQNUM</code> processing so that<br>
only local messages get an associated <code>$SEQNUM</code>, just like normal<br>
<code>syslog()</code>-like destinations. This avoids a [meta sequenceId="XXX"] SD-PARAM<br>
being added to <code>$SDATA</code> for non-local messages.<br>
(<a href="https://github.com/syslog-ng/syslog-ng/pull/3928" target="_blank" rel="noopener noreferrer" data-auth="NotApplicable" data-linkindex="10">#3928</a>)</li><li><code>grouping-by()</code>: fix <code>grouping-by()</code> use through parser references.<br>
Originally if a grouping-by() was part of a named parser statement and was<br>
referenced from multiple log statements, only the first <code>grouping-by()</code><br>
instance behaved properly, 2nd and subsequent references were ignoring all<br>
configuration options and have reverted using defaults instead.<br>
(<a href="https://github.com/syslog-ng/syslog-ng/pull/3957" target="_blank" rel="noopener noreferrer" data-auth="NotApplicable" data-linkindex="11">#3957</a>)</li><li><code>db-parser()</code>: similarly to <code>grouping-by()</code>, <code>db-parser()</code> also had issues<br>
propagating some of its options to 2nd and subsequent references of a parser<br>
statement. This includes <code>drop-unmatched()</code>, <code>program-template()</code> and<br>
<code>template()</code> options.<br>
(<a href="https://github.com/syslog-ng/syslog-ng/pull/3957" target="_blank" rel="noopener noreferrer" data-auth="NotApplicable" data-linkindex="12">#3957</a>)</li><li><code>match(), subst() and regexp-parser()</code>: fixed storing of numbered<br>
(e.g. $1,$2, $3 and so on) and named capture groups in regular expressions<br>
in case the input of the regexp is the same as one of the match variables being<br>
stored. In some cases the output of the regexp was clobbered and an invalid<br>
value stored.<br>
(<a href="https://github.com/syslog-ng/syslog-ng/pull/3948" target="_blank" rel="noopener noreferrer" data-auth="NotApplicable" data-linkindex="13">#3948</a>)</li><li>fix <code>threaded(no)</code> related crash: if threaded mode is disabled for<br>
asynchronous sources and destinations (all syslog-like drivers such as<br>
tcp/udp/syslog/network qualify), a use-after-free condition can happen due<br>
to a reference counting bug in the non-threaded code path. The<br>
<code>threaded(yes)</code> setting has been the default since 3.6.1 so if you are using<br>
a more recent version, you are most probably unaffected. If you are using<br>
<code>threaded(no)</code> a use-after-free condition happens as the connection closes.<br>
The problem is more likely to surface on 32 bit platforms due to pointer<br>
sizes and struct layouts where this causes a NULL pointer dereference.<br>
(<a href="https://github.com/syslog-ng/syslog-ng/pull/3997" target="_blank" rel="noopener noreferrer" data-auth="NotApplicable" data-linkindex="14">#3997</a>)</li><li><code>set()</code>: make sure that template formatting options (such as <code>
time-zone()</code> or<br>
<code>frac-digits()</code>) are propagated to all references of the rewrite rule<br>
containing a <code>set()</code>. Previously the <code>clone()</code> operation used to implement<br>
multiple references missed the template related options while cloning <code>set()</code>,<br>
causing template formatting options to be set differently, depending on<br>
where the <code>set()</code> was referenced from.<br>
(<a href="https://github.com/syslog-ng/syslog-ng/pull/3962" target="_blank" rel="noopener noreferrer" data-auth="NotApplicable" data-linkindex="15">#3962</a>)</li><li><code>csv-parser()</code>: fix <code>flags(strip-whitespace)</code> and <code>
null-value</code> handling<br>
for greedy column<br>
(<a href="https://github.com/syslog-ng/syslog-ng/pull/4028" target="_blank" rel="noopener noreferrer" data-auth="NotApplicable" data-linkindex="16">#4028</a>)</li></ul>
<h2>Other changes</h2>
<ul>
<li><code>java()/python() destinations</code>: the <code>$SEQNUM</code> macro (and "seqnum" attribute in<br>
Python) was erroneously for both local and non-local logs, while it should<br>
have had a value only in case of local logs to match RFC5424 behavior<br>
(section 7.3.1). This bug is now fixed, but that means that all non-local<br>
logs will have <code>$SEQNUM</code> set to zero from this version on, e.g. the <code>
$SEQNUM</code><br>
macro would expand to an string, to match the syslog() driver behaviour.<br>
(<a href="https://github.com/syslog-ng/syslog-ng/pull/3928" target="_blank" rel="noopener noreferrer" data-auth="NotApplicable" data-linkindex="17">#3928</a>)</li><li><code>dbld</code>: add support for Fedora 35 in favour of Fedora 33<br>
(<a href="https://github.com/syslog-ng/syslog-ng/pull/3933" target="_blank" rel="noopener noreferrer" data-auth="NotApplicable" data-linkindex="18">#3933</a>)</li><li>debian: fix logrotate file not doing the file rotation. (The path and command was invalid.)<br>
(<a href="https://github.com/syslog-ng/syslog-ng/pull/4031" target="_blank" rel="noopener noreferrer" data-auth="NotApplicable" data-linkindex="19">#4031</a>)</li><li>OpenSSL: add support for OpenSSL 3.0<br>
(<a href="https://github.com/syslog-ng/syslog-ng/pull/4012" target="_blank" rel="noopener noreferrer" data-auth="NotApplicable" data-linkindex="20">#4012</a>)</li><li>The MD4 hash function (<code>$(md4)</code>) is no longer available when compiling syslog-ng with OpenSSL v3.0.<br>
MD4 is now deprecated, it will be removed completely in future versions.<br>
<div>(<a href="https://github.com/syslog-ng/syslog-ng/pull/4012" target="_blank" rel="noopener noreferrer" data-auth="NotApplicable" data-linkindex="21">#4012</a>)</div>
</li></ul>
<h2>Credits</h2>
<p>syslog-ng is developed as a community project, and as such it relies<br>
on volunteers, to do the work necessarily to produce syslog-ng.</p>
<p>Reporting bugs, testing changes, writing code or simply providing<br>
feedback are all important contributions, so please if you are a user<br>
of syslog-ng, contribute.</p>
<p>We would like to thank the following people for their contribution:</p>
<p>Andras Mitzki, Attila Szakacs, Balazs Scheidler, Ben Burrows,<br>
Fᴀʙɪᴇɴ Wᴇʀɴʟɪ, Gabor Nagy, László Várady, mohitvaid,<br>
Parrag Szilárd, Peter Kokai, Peter Viskup, Roffild,<br>
Ryan Faircloth, Scott Parlane, Zoltan Pallagi</p>
</div>
</div>
<div class="x_x_elementToProof" style="font-size:11pt;color:rgb(0,0,0)!important">
<br>
</div>
<div class="x_x_elementToProof" style="font-size:11pt;color:rgb(0,0,0)!important">
<br>
</div>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);" class="elementToProof">
<span class="x_x_elementToProof" style="font-size:11pt;color:rgb(0,0,0)!important">Installation from binaries:
<span class="x_x_elementToProof" style="font-size:11pt;color:rgb(0,0,0)!important">
<a href="https://github.com/syslog-ng/syslog-ng#installation-from-binaries" target="_blank" rel="noopener noreferrer" data-auth="NotApplicable" data-linkindex="22">https://github.com/syslog-ng/syslog-ng#installation-from-binaries</a></span></span><span class="x_x_elementToProof" style="font-size:11pt;color:rgb(0,0,0)!important"><a href="https://github.com/syslog-ng/syslog-ng#installation-from-binaries" target="_blank" rel="noopener noreferrer" data-auth="NotApplicable" data-linkindex="22"></a></span><br>
</div>
</body>
</html>