[syslog-ng-announce] syslog-ng Premium Edition 3.2.0 has been released

------------------------------------------------------------------------------ PACKAGE : syslog-ng Premium Edition VERSION : 3.2.0 SUMMARY : new feature release DATE : Jul 5, 2010 ------------------------------------------------------------------------------ DESCRIPTION: A new feature version of syslog-ng Premium Edition (3.2.0) has been released. For a full description on stable and feature releases, see Section 2.16. Stable and feature releases of syslog-ng PE in The syslog-ng Premium Edition 3.2.0 Administrator Guide. CHANGES: 3.2.0 Fri, 2 July 2010 10:14:17 +0100 syslog-ng Premium Edition version 3.2 is the second feature release based on the stable 3.0 branch. For a full description on stable and feature releases, see Section 2.16. Stable and feature releases of syslog-ng PE in The syslog-ng Premium Edition 3.2 Administrator Guide. WARNING: Downgrading from a feature release to an earlier (and thus unsupported) feature release, or to the stable release is not supported. This means that once you upgrade a system from a stable release (e.g., 3.0) to a feature release (e.g., 3.1), you will have to keep upgrading to the new feature releases until the next stable version release (e.g., 4.0) is published, or risk using an unsupported product. Important changes in syslog-ng PE 3.2 * The default port numbers used by syslog-ng have changed to make them consistent with the relevant RFCs. Until now, the syslog() drivers used port 601 by default. Starting with this version, syslog-ng uses the following default ports for the syslog() destination and source drivers: * 514 for syslog over UDP * 601 for syslog over TCP * 6514 for syslog over TLS WARNING: If you used the syslog() driver with the default ports, adjust your configuration when upgrading to avoid data loss. * The behavior of handling the message header has changed: earlier versions stored the parsed header by default, and stored the original header only if the store-legacy-msghdr flag was enabled. Starting with syslog-ng PE 3.2 the original incoming header of the log message is stored in the $MSGHDR macro by default, the original (3.0 and 3.1) behavior of MSGHDR macro can be restored by using dont-store-legacy-msghdr flag. New features * The extended timestamp format of Cisco IOS is now supported, including sequence numbers and the NTP synchronicity indicator. The sequence number of such messages is available in the $SEQNUM macro. * The syslog-ng Premium Edition 3.2 application supports client-side failover to reduce the risk of message loss. For details, see Section 2.15, Client-side failover in The syslog-ng Premium Edition 3.2 Administrator Guide. * The syslog-ng Premium Edition 3.2 can handle multi-line log messages (for example, Tomcat logs) more efficiently. For details, see the descriptions of the multi-line-prefix() and multi-line-garbage() options in Section 6.1.2, file() in The syslog-ng Premium Edition 3.2 Administrator Guide. * Multi-line messages can be automatically indented using the new $(indent-multi-line $MESSAGE) expression in a destination template. * The lgstool application is available for Microsoft Windows platforms as well. Note that the recover function of lgstool is available only on Linux/UNIX. Available at: http://www.balabit.com/downloads/files/syslog-ng/premium-edition/3.2.0/setup... * The installer automatically installs the current HTML version of The syslog-ng Premium Edition 3.2 Administrator Guide under the /opt/syslog-ng/share/docs/admin-guide directory. Stability improvements * The contents of the disk buffer are stored even if syslog-ng crashes. * Until now, if syslog-ng crashed, it resent the contents of the monitored file sources. Now, the position of the last processed message is stored even in case of a crash. * The syslog-ng application uses journals to keep logstore files consistent even if syslog-ng crashes. For details, see 2.8.1. Journal files in The syslog-ng Premium Edition 3.2 Administrator Guide. * The performance of writing messages to logstore files has approximately doubled. Macros * Two new macros ($HOUR12, $AMPM) are available to format timestamps in an Oracle-compatible way. The $HOUR12 macro returns the hour of the day on a 0-12 scale, while the $AMPM macro returns AM for hours before mid day and PM for hours after mid day. * A new macro called $TAGS is available which expands to a list of comma-separated message tags. For details on using message tags, see 4.6.3. Tagging messages in The syslog-ng Premium Edition 3.2 Administrator Guide. Bugfixes * The SDATA ID, PARAM and VALUE fields of RFC5424-formatted messages were not handled correctly in certain cases and might cause a segmentation fault. This has been corrected. * The syslog-ng PE application now ensures that numbers are never resolved using getpwnam/getgrnam functions, because this may cause deadlocks if the NSS provider is LDAP and the LDAP server is trying to log a message to syslog about invalid usernames. * When several SIGHUP signals are received in quick succession, the last one may have been dropped. This problem is fixed. * The Solaris 10 SMF script now checks if the pid file refers to an actual instance of syslog-ng to make sure that syslog-ng is started even after a system crash. * The System V init script used on Solaris 8/9 gave error messages if the dump device did not exist (which happens in a chroot/zone environment). This has been corrected. * Corrections to the Solaris init scripts. * The timezone offset of applications other than syslog-ng was not adjusted correctly during the one-hour transition period of the daylight-saving changes. This has been corrected. * When syslog-ng is reloaded, the local hostname value was not refreshed, causing syslog-ng to remember the hostname until the next restart. This may not play nice with DHCP configured hostnames, which may change dynamically. * Fixed a boundary checking error on the usertty() destination, which can cause a local buffer to be overflown if the wtmp file on the system contains more than 123 characters in its ut_line member. It is not believed to be exploitable on the following platforms: Linux (32 chars) Solaris (12 chars) AIX (64 chars) HP-UX (12 chars) FreeBSD (8 chars) OpenBSD (8 chars) * CSV formatted statistics (accessible with syslog-ng-ctl) are now properly escaped. * Using a pipe driver on a regular file or a file driver on a named pipe caused 100% CPU usage. This has been corrected. * When running in server mode, the syslog-ng Premium Edition application counted messages of the local host into the number of licensed clients. This has been corrected. * It was not possible to leave the ownership, permission, and group settings of existing log files and directories unchanged, because the owner(-1) setting always inherited the global settings. Now using these attributes without specifying an argument (for example, 'owner()') leaves the properties of the file unchanged. DOWNLOAD: Download the latest binaries from: http://www.balabit.com/network-security/syslog-ng/central-syslog-server/upgr... Note that to download the binaries, you have to login into your MyBalaBit account. The documentation of the syslog-ng application is available in The syslog-ng Premium Edition 3.2.0 Administrator Guide at: http://www.balabit.com/support/documentation/