syslog-ng-announce

Download

syslog-ng-announce@lists.balabit.hu

July 2014

1 participants
2 discussions

syslog-ng 3.6.0alpha1 has been released
by devel＠balabit.hu 30 Jul '14

30 Jul '14

------------------------------------------------------------------------------ PACKAGE : syslog-ng VERSION : 3.6.0alpha1 SUMMARY : new alpha release DATE : Jul 30, 2014 ------------------------------------------------------------------------------ DESCRIPTION: The first alpha version of syslog-ng Open Source Edition (3.6.0alpha1) has been released. This being an alpha release, testing is most welcome, but production use is not recommended! CHANGES: 3.6.0alpha1 Wed, 30 Jul 2014 15:40:42 +0200 This is the first alpha release of the upcoming syslog-ng OSE 3.6 branch, a result of about seven months of work, by more than a dozen contributors, touching 379 files, and changing over twenty thousand lines. Compared to the latest stable release (3.5.5), this alpha release contains the following noteworthy changes: New dependencies ---------------- PCRE is now a required dependency of syslog-ng, and is not optional anymore. Features -------- ### New options * A new `custom-domain()` global setting was introduced, which allows the administrator to override the local domain name used by syslog-ng. It affects all locally generated log messages. * Added a `use-rcptid()` global option, that tells syslog-ng to assign a reception ID to each message received and generated by syslog-ng. This ID is available as the `$RCPTID` macro, and is unique on a given host. The counter wraps around at 48 bits and is never zero. ### New drivers * The `pseudofile()` destination driver is a very simple driver, aimed at delivering messages to special files in `/proc` or `/dev`. It opens and closes the file on each message, instead of keeping it open. It does not support templates in the filename, and does not have a queue (and as such, is not adequate in high traffic situations). * The new `nodejs()` source driver (implemented as an SCL macro) adds a source driver that allows syslog-ng to accept messages from node.js applications that use the `winston` logging API. ### Miscellaneous new features * The `multi-line-mode()` option gained a new setting: `prefix-suffix`, which works similarly to the `prefix-garbage` (which is the new name for `regexp`), except it appends the garbage part to the message, instead of discarding it. This new mode can be used to work around the absence of a timeout. * Filters default to PCRE matching, instead of the previous POSIX regexp default. ### Statistics * The stats counter for PROGRAM counters now includes the timestamp of the last update. * A new `stats-lifetime()` global option was introduced, which controls how often dynamic counters are expired. The timer is not exact, some timers may live a little bit longer than the specified time. * Dynamic counters are now cleaned up every `stats-lifetime()` minutes (defaulting to 10 minutes) instead of only on reloads. This change was done to reduce the memory used by dynamic counters. * There is now an `internal_queue_length` statistic, which shows the length of the internal queue. This is most useful to see if the `internal()` source is not connected, or if it is not being emptied fast enough (which, again, indicates a more serious error). ### MongoDB * The `mongodb()` driver now supports authentication, even when using replica sets. When re-connecting to another member of the set, the driver will automatically re-authenticate. * The `--with-libmongo-client` option of the configure script now supports `auto` as a value, and will then detect whether to use the system version of the library or the internal copy. We default to `auto` now, which prefers the system library over the internal copy. * The driver does not automatically add an `_id` field to the message: the server will do that automatically, if none is present. This allows users to override the field from within their syslog-ng config. * A new `retries()` option can be used to tell the driver how many times it should try to insert a message into the database before giving up (defaults to 3). This fixes the case where a rogue message could hold up the entire queue, as it was retried forever. * The driver now enables `safe-mode()` by default. * There is now a one-minute timeout for MongoDB operations. If an operation times out, it will be considered failed. * The driver can now connect to MongoDB via UNIX domain sockets. * The `double()` type hint is now supported by the driver. ### Unix Domain Sockets * The `unix-dgram()` and `unix-stream()` sources now extract UNIX credentials (PID, UID and GID of the sending application) from the passed messages, if any. On Linux, and FreeBSD, the path of the executable belonging to PID is extracted too, along with command-line arguments. The extracted values are available in `${.unix.pid}`, `${.unix.uid}`, `${.unix.gid}`, `${.unix.exe}` and `${.unix.cmdline}`, respectively. * The `system()` source will overwrite the PID macro with the value of `${.unix.pid}`, if present. ### JSON * The json-parser gained an `extract-prefix()` option, which can be used to tell the parser to only extract JSON members from a specific subtree of the incoming object. Example: `json-parser(extract-prefix("foo.bar[5]"));` Assuming that the incoming object is named msg, this is equivalent to the following javascript code: `msg.foo.bar[5]` The resulting expression must be a JSON object, so that syslog-ng can extract its members into LogMessage name-value pairs. This also works when the top-level object is an array, as `extract-prefix()` allows the use of an array index at the first indirection level, for example: `json-parser(extract-prefix("[5]"));`, which translates to `msg[5]`. * The `$(format-json)` template function now handles the `double()` type hint. ### Debugging * When sending messages to stderr in debug mode, prepend a timestamp to the messages. * The new `$RUNID` macro is available for templates, which changes its value every time syslog-ng is restarted, but not when reloaded. * A Valgrind suppression file was added (available under `contrib/valgrind/`), to aid in debugging memory leaks in syslog-ng. It supresses a couple of known false positives, and a few other things in third-party libraries. * A new utility, `system-expand`, was added, which returns what the `system()` source would expand to. Bugfixes -------- * With the MongoDB destination, successfully inserted messages are not counted as "stored" anymore: stored messages are those that are in a memory or disk buffer. * In the MongoDB destination, reconnecting in a replica-set environment now works correctly, and reliably. * The reliability of the `usertty()` destination driver was greatly improved. Previously, some parts of it were not thread-safe, which could result in strange behaviour. * The handling of escape related flags of `csvparser()` was changed: instead of these flags overwriting all other (even non-escape related) flags, if the flag to set is an escape-flag, it will keep all non-escape flags, and set the new one. If it is a not such a flag, then it will clear all flags, and set the previous escape flags, and the new flag. This, in essence, means that when setting flags on a `csvparser()`, if it is an escape flag, only escape flags will be affected. If not, then escape flags will not be affected at all. * The SQL destination now correctly continues $SEQNUM counting after a reload, instead of starting afresh. * When tring to stop syslog-ng while a reload is in progress, syslog-ng will now correctly shut down cleanly. * When the local hostname is not an FQDN, and the local resolver fails to return an FQDN too, syslog-ng does not abort anymore, but continues using a non-FQDN hostname after emitting a warning on the internal source. Furthermore, syslog-ng will try to resolve the FQDN harder: when multiple names are returned, it will search for the first FQDN one, instead of stopping at the primary name. * The `update-patterndb` script will now work correctly when the current working directory contains .pdb files. * We will now correctly handle time going backwards in patterndb: it will realign its idea of current time with the system. This corrects a bug where timeouts did not function properly when system time was set backwards. * The Linux capability support is now correctly auto-detected by the configure script, and defaults to off on FreeBSD 9+, as it should. * Various memory leak fixes around the code base. Developer notes --------------- The code base went through a lot of refactoring, too many to list in a simple NEWS file. Groundwork has been laid out for future features which are yet to hit the 3.6 branch. Credits ------- syslog-ng is developed as a community project, and as such it relies on volunteers, to do the work necessarily to produce syslog-ng. Reporting bugs, testing changes, writing code or simply providing feedback are all important contributions, so please if you are a user of syslog-ng, contribute. We would like to thank the following people for their contribution: Andras Mitzki, Andres Tamayo, Balazs Scheidler, Csaba Karsai, Daniel Gados, Evan Rempel, Fabien Wernli, Gergely Nagy, Igor Ippolitov, Imre Lazar, Jakub Wilk, Laszlo Budai, Lucas McLane, Martin Bagge, Matyas Koszik, Nick Alcock, Otto Berger, Peter Czanik, Peter Gyongyosi, Sebastien Badia, Sebastiaan Hoogeveen, Tamas Pal, Tibor Benke, Tobias Schwab, Viktor Juhasz, Viktor Tusa, Xufeng Zhang DOWNLOAD: You can download the source or binary packages from: http://www.balabit.com/downloads/files/syslog-ng/open-source-edition/3.6.0a… The documentation of the syslog-ng Open Source Edition is available in The syslog-ng Open Source Edition Administrator's Guide at http://www.balabit.com/support/documentation/

1 0

syslog-ng 3.5.5 has been released
by devel＠balabit.hu 21 Jul '14

21 Jul '14

------------------------------------------------------------------------------ PACKAGE : syslog-ng VERSION : 3.5.5 SUMMARY : new stable release DATE : Jul 21, 2014 ------------------------------------------------------------------------------ DESCRIPTION: A new stable version of syslog-ng Open Source Edition (3.5.5) has been released. For latest fixes in the 3.5.x feature branch you are recommended to upgrade to this version. CHANGES: 3.5.5 Mon, 21 Jul 2014 17:00:00 +0200 This is the fifth bug-fix release for the 3.5.x series. Starting with this release, the 3.5 branch replaces 3.4 as the current "stable" version. Upgrading from earlier versions - and especially earlier branches - is highly recommended. New features ============ * The facility() filter now supports ranges, allowing one to capture a range of facilities: facility(local0..local6). * The $(format-json) template function now supports SEQNUM. * The upstart script in contrib has been improved to allow the user to override certain settings (such as the configuration file, and the pidfile), and allow extra options to be specified. Bugfixes ======== * Major memory leaks have been fixed in various parts of syslog-ng, including but not limited to network and file destinations and sources, value-pairs (thus affecting mongodb, $(format-json), and others), template handling and rewrite rules. Some of these leaks only happened during reload, some leaked on every message. They have now been plugged. * The value-pairs framework has seen a lot of updates, too: - It now honors time zone settings, so everything that uses value-pairs, will correctly take time zone settings into account. - Using globs in the key() option of value pairs will now also search macros for matches (thus key("D*") will match DATE too). - The syslog-proto (RFC5424) scope now correctly includes SDATA. - A bug that resulted in hierarchical elements being misparsed and made to appear in random places have been fixed. * The body() and subject() options of the SMTP destinations are now mandatory, and a double-free was also fixed in the driver. * Minor fixes were made to the $(env) template function, so that when looking up an empty environment variable, we will no longer trigger a glib warning. A misleading error message was also corrected. * The pdbtool patternize tool will now output version 4 PDB XML. * The configure script will not try to configure the AMQP module if no suitable version of python is installed. This avoids a difficult to diagnose error message during compilation. Developer news ============== * When compiled with internal ivykis, we will now install its headers too, along with our own. This is to make it easier for the Incubator to be compiled against a syslog-ng with embedded ivykis. * Plugin symbols are now loaded differently, in a way that lets plugins load further plugins, and use already loaded symbols. This is required for the various scripting destinations in the Incubator. * Starting with this release, we are installing the testing helpers as a convenience library (available under the syslog-ng-test pkg-config module). This allows third party projects to use our helpers. Credits ======= syslog-ng is developed as a community project, and as such it relies on volunteers to do the work necessarily to produce syslog-ng. Reporting bugs, testing changes, writing code or simply providing feedback are all important contributions, so please if you are a user of syslog-ng, contribute. These people have helped in this release: Balazs Scheidler <bazsi(a)balabit.hu> Daniel Gados Fabien Wernli Gergely Nagy <algernon(a)balabit.hu> Laszlo Budai <lbudai(a)balabit.hu> Laszlo Meszaros <lmesz(a)balabit.hu> Nick Alcock <nix(a)esperi.org.uk> Peter Czanik <czanik(a)balabit.hu> Peter Gyongyosi <gyp(a)balabit.hu> Sebastien Badia <seb(a)sebian.fr> Tibor Benke <tibor.benke(a)balabit.com> Viktor Juhasz <viktor.juhasz(a)balabit.com> Viktor Tusa <tusa(a)balabit.hu> Xufeng Zhang <xufeng.zhang(a)windriver.com> Zoltan Pallagi <pzolee(a)balabit.hu> DOWNLOAD: You can download the source or binary packages from: http://www.balabit.com/network-security/syslog-ng/opensource-logging-system… The documentation of the syslog-ng Open Source Edition is available in The syslog-ng Open Source Edition Administrator's Guide at http://www.balabit.com/support/documentation/

1 0