------------------------------------------------------------------------------ PACKAGE : syslog-ng Premium Edition VERSION : 3.1.0 SUMMARY : new feature release DATE : Mar 16, 2010 ------------------------------------------------------------------------------ DESCRIPTION: A new feature version of syslog-ng Premium Edition (3.1.0) has been released. For a full description on stable and feature releases, see Section 'Stable and feature releases of syslog-ng PE' in The syslog-ng Premium Edition 3.1.0 Administrator Guide. CHANGES: syslog-ng Premium Edition version 3.1 is the first feature release based on the stable 3.0 branch. For a full description on stable and feature releases, see Section 'Stable and feature releases of syslog-ng PE' in The syslog-ng Premium Edition 3.1 Administrator Guide. WARNING: Downgrading from a feature release to an earlier (and thus unsupported) feature release, or to the stable release is not supported. This means that once you upgrade a system from a stable release (e.g., 3.0) to a feature release (e.g., 3.1), you will have to keep upgrading to the new feature releases until the next stable version release (e.g., 4.0) is published, or risk using an unsupported product. New supported platforms * The syslog-ng application now supports the following operating systems and platforms: * Solaris 9 on x86 * Tru64 5.1b on Alpha * HP-UX 11v2 on Itanium64 * Legacy Linux systems including RedHat Enterprise Linux 2 and Debian potato on x86, as well as RedHat Enterprise Linux 3, Debian sarge on x86 and x86_64. * Although not explicitly supported, but in general syslog-ng should run on other legacy Linux systems as well that have at least glibc version 2.1.3 (x86) or glibc version 2.3.2 (x86_64). Pattern databases * Support for pattern database V2 and V3 formats. The V3 format has support for tagging messages, adding static name-value pairs, and also for including automatic test messages in the pattern database. See The syslog-ng 3.1 Premium Edition Administrator Guide for  details. * A new command-line utility called 'pdbtool' is available to manage pattern database files. It can convert files using the old V1 or V2 database format to the latest V3 format, merge multitple pattern database files into one, and test patterns matching a specific message. See the pdbtool manual page in Appendix A of The syslog-ng 3.1 Premium Edition Administrator Guide for details. * The DOUBLE parser has been renamed to FLOAT. * The NUMBER parser can parse hexadecimal numbers as well. * It is possible to set multiple characters (a stopstring) instead of a single character in the ESTRING parser. * Log messages can be tagged. Tags can be assigned to log messages as they enter syslog-ng: either by the source driver or via patterndb. Later these tags can be used for efficient filtering using the tags() filter option. Messages are automatically tagged with the name of the source group in the ".source.name" format. Message statistics * The dynamic counters used for statistics with static ones. That way, statistics can be retained across syslog-ng reloads (but not when syslog-ng is restarted). Retaining statistics can be enabled using the 'stat_reset()' option. * Statistics can be collected for sender hosts, sources and destinations, facilities and severities, pattern database classes and rule IDs, as well as tags. Configuration file * The version of the syslog-ng configuration file is properly recognized even if it contains whitespace between the 'version' string and the version number. * Comments and empty lines before the version mark are accepted. Logstore * Logstore files can be encrypted with multiple keys. * The cipher and digest algorithms used in encrypting the logstore files can be specified. * Warnings and error messages related to logstore files include the name of the affected logstore file. * Timestamp policy OIDs can be specified using the 'timestamp_policy()' option. The OID is included in the timestamping request sent to the Timestamping Authority. * The logcat utility has been renamed to lgstool. SQL destinations * Auto-incremented columns are now supported. This must be specified in the 'indexes()' option of the destination's SQL schema like: indexes("id int not null auto_increment primary key"). * SQL INSERT statements were not formatted properly when the schema used default values. This has been corrected. * Oracle databases do not handle index names longer than 30 characters. In such cases, syslog-ng uses the MD5 hash of the name index. * If an index used with an Oracle destination starts with a digit, an 'I' character is automatically prefixed to the ID. This solves a problem experienced with Oracle 10 destinations. Other * Non-standard and non-portable facility codes (range 10-15) are now properly recognized. * Added support for Cisco ASA timestamps. * The syslog-ng application keeps the message queue when receiving a SIGHUP signal. * Support for PCRE regular expressions in now available on every supported platform. Loggen * Loggen can send log messages can be sent using SSL connections. * Messages can be read from a text file. syslog-ng-ctl * A new command-line utility called syslog-ng-ctl is available for the run-time control of syslog-ng. It can display message-related statistics on-demand, and enable/disable the debug, verbose and trace modes of syslog-ng to help troubleshooting. Security updates: CVE-2009-4355, CVE-2009-0591 DOWNLOAD: Download the latest binaries from: http://www.balabit.com/network-security/syslog-ng/central-syslog-server/upgr... Note that to download the binaries, you have to login into your MyBalaBit account. The documentation of the syslog-ng application is available in The syslog-ng Premium Edition 3.1.0 Administrator Guide at: http://www.balabit.com/support/documentation/