------------------------------------------------------------------------------ PACKAGE : syslog-ng VERSION : 3.5.1 SUMMARY : new stable release DATE : Nov 4, 2013 ------------------------------------------------------------------------------ DESCRIPTION: The first stable version of syslog-ng Open Source Edition (3.5.1) has been released. For the latest features in syslog-ng, you are encouraged to upgrade to this version. CHANGES: 3.5.1 Mon, 4 Nov 2013 14:49:00 +0100 This is the first stable release in the 3.5 series, adding a number of features compared to 3.4, a result of about eight months of development. This release includes all the fixes of the recent 3.4.5 release, and a host of new features. Bugfixes since 3.5.0rc1 ======================= * A race condition in log message reference counting code that sometimes led to crashes was fixed. [#255] * A use-after-free error that sometimes happened after a reload, and caused memory corruption was also fixed. [#253] * patterndb was corrected not to create a new instance on reload: this way, the old one is not leaked, and db-parser() does not forget the correlation state, nor its idea of current time on reload. [#257] * The syslog-ng.spec file does not try to install the long-removed ChangeLog file anymore. Incompatible changes ==================== * Template escaping was changed in an incompatible way: previously, both the lexer and the template compiler used the '\' character for escaping, which was confusing. The template compiler uses '$$' to escape the '$' char, and '@@' to escape '@'. If a non-numeric value follows '@', a warning will be printed. * The replace() transformation function of value-pairs() was renamed to replace-prefix() to better reflect what it actually does. The old name remains as an obsolete alias, however. * The username() and password() options of the MongoDB destination were removed, they never did anything before, either. Major features since 3.4 ======================== Multi-line support ------------------ A major feature in the 3.5 release is the inclusion of support for multi-line messages, a feature that has been available in syslog-ng PE for a good while. With this, both indented and regexp-based multi-line support becomes available. For further information and examples, see the following blog post: http://asylum.madhouse-project.org/blog/2013/09/05/what-is-cooking-in-syslog... STOMP destination ----------------- Joining the message-queue club, this new destination makes syslog-ng able to send events to any STOMP-capable message queuing server, such as Apache ActiveMQ. For further information about the destination, see this commit message: https://github.com/balabit/syslog-ng-3.5/commit/82d19a4d4ad3f91e8214006f6ea7... Redis destination ----------------- Developed during the Google Summer of Code 2013 program, this destination driver makes it possible to easily send commands to a Redis server. For further information and examples, please see the following blog post: http://tichygsoc.blogspot.hu/2013/09/the-road-so-far.html Template type hinting --------------------- While syslog-ng supported sending events to various datastores and queues for a while now (SQL first, MongoDB, JSON, and AMQP later), even if those supported other types of data, syslog-ng only ever sent strings. With template type hinting, it became possible to tell syslog-ng what type a certain template should be, so that the drivers can use that information in whatever way they see fit. This is currently implemented for the MongoDB driver and the $(format-json) template function only. For more information about type hinting and for examples, see the following post: http://asylum.madhouse-project.org/blog/2013/09/05/what-is-cooking-in-syslog... Template options honored everywhere ----------------------------------- Until this release, there were situations where template options were ignored, such as filter expressions that use the comparsion operators, regexp based substitutions, incoming templates for parsers, the new value rewrite rules, SMTP values, some of the new drivers (stomp, amqp), and patterndb context-id. These all honor the global template options now, and per-driver options such as frac-digits and local-time-zone are available for drivers which did not have them before, like MongoDB. Support for unit suffixes in the configuration ---------------------------------------------- You no longer need to remember how many zeros to put after a big number in the syslog-ng configuration file, you can use unit suffixes, such as: log-fifo-size(2GiB) See the following post for more details: http://asylum.madhouse-project.org/blog/2013/09/05/what-is-cooking-in-syslog... The Incubator project --------------------- Alongside the 3.5.1 release, we are pleased to announce the existence of the syslog-ng incubator project, which hosts additional modules and tools not merged into syslog-ng proper. These serve both as examples and as a staging area, but also makes it easier to try out new modules without patching or upgrading your syslog-ng version. The project's homepage is: https://github.com/balabit/syslog-ng-incubator Other features ============== * in-list() filter: this new filter function allows one to easily implement file-based white- and blacklists with a simple syntax: filter f_white { in-list("/path/to/file", value("HOST")); }; * A set of new string-related template functions are available: $(uppercase STRINGS...), $(lowercase STRINGS...) and $(replace-delimiter DELIMITERS NEW-DELIMITER TEXT). The first two do exactly what their names suggest, while the last one replaces all occurrences of any DELIMITERS within TEXT with the NEW-DELIMITER. * There is also a new $(env VARIABLE...) template function, which looks up the given variables in the environment. This is similar to using backticks in the configuration file, however the name of the environment variable with $(env) may contain macros too. * Support for Linux 3.5+'s /dev/kmsg was added, and the system() source will automatically detect whether to use it over /proc/kmsg. * For every correlated message in patterndb, the ${.classifier.context_id} property is automatically set to the context-id attribute of the matching rule. * The build system was completely redone, it is much faster, more reliable, and less verbose by default now. * Several systemd-related enhancements were made, including support for notification-based startup. This also means that when systemd support is compiled in, libsystemd-daemon becomes a new dependency. Known Bugs ========== * The afstreams module is broken, does not compile, and does not work. This will be corrected in a later maintenance release. Credits: ======== syslog-ng is developed as a community project, and as such it relies on volunteers to do the work necessarily to produce syslog-ng. Reporting bugs, testing changes, writing code or simply providing feedback are all important contributions, so please if you are a user of syslog-ng, contribute. These people have helped in this release: Alexandre Biancalana <biancalana@gmail.com> Andras Tim <tia@balabit.hu> Anton Koldaev <koldaevav@gmail.com> Attila M. Magyar <athos@balabit.hu> Attila Nagy <bra@fsn.hu> Attila Szalay <sasa@balabit.hu> Balazs Scheidler <bazsi@balabit.hu> Balint Kovacs <blint@balabit.hu> Chris Johnson <chris.johnson3@hp.com> Cy Schubert <Cy.Schubert@komquats.com> Evan Rempel <erempel@uvic.ca> Fabien Wernli <cpan@faxm0dem.org> Gergely Nagy <algernon@balabit.hu> Gonzalo Paniagua <gonzalo.paniagua+slng1@acquia.com> Jose Pedro Oliveira <jpo@di.uminho.pt> Laszlo Budai <lbudai@balabit.hu> Lucas McLane <lucas@clicksecurity.com> Marc Falzon <marc.falzon@cloudwatt.com> Martin <bmartin@lavabit.com> Michal Privoznik <miso.privoznik@gmail.com> Michael Sterrett <mr_bones_@gentoo.org> Nicolas Szalay <nico@rottenbytes.info> Oscar Muñoz Paul Dann <pdgiddie+balabit@gmail.com> Peter Czanik <czanik@balabit.hu> Peter Gyongyosi <gyp@balabit.hu> Robert Fekete <frobert@balabit.hu> Ryan Frederick Sergey Shuman Tamas Pal <folti@balabit.hu> Tibor Benke <btibi@balabit.hu> Tihamer Petrovics <tihameri@gmail.com> Valentijn Sessink <valentijn@sessink.nl> Viktor Juhasz <jviktor@balabit.hu> Viktor Tusa <tusa@balabit.hu> Vincent Brillault <spam@lerya.net> DOWNLOAD: You can download the source or binary packages from: http://www.balabit.com/network-security/syslog-ng/opensource-logging-system/... The documentation of the syslog-ng Open Source Edition is available in The syslog-ng Open Source Edition Administrator's Guide at http://www.balabit.com/support/documentation/