syslog-ng

Download

syslog-ng@lists.balabit.hu

November 2025

5 participants
2 discussions

Version 4.10.2 of syslog-ng is now available
by Peter Czanik (pczanik) 26 Nov '25

26 Nov '25

Hi, Version 4.10.2 of syslog-ng is now available. It's yet another bug fix release for 4.10 and fixes a number of problems reported after the release. If you use the webhook source, start syslog-ng directly from scripts or check stats values on a system with disk buffer, you should upgrade to 4.10.2. Otherwise, your current version should be OK. Peter 4.10.2 syslog-ng provides RPM<https://github.com/syslog-ng/syslog-ng#rhel> and DEB<https://github.com/syslog-ng/syslog-ng#debianubuntu> package repositories for Ubuntu, Debian, and RHEL, for both amd64 and arm64 architectures. We also provide ready-to-test binaries in Docker containers<https://hub.docker.com/r/balabit/syslog-ng/tags> based on the current stable Debian image. For more details, visit our Documentation Center<https://syslog-ng.github.io/> Version 4.10.2 is a bugfix release, and resolves the following issues. Bugfixes * Queued stats values of destinations could still contain weird values. (#5527<https://github.com/syslog-ng/syslog-ng/pull/5527>) * Unclosed standard file handlers could cause a hang when syslog-ng was started as a daemon. (#5532<https://github.com/syslog-ng/syslog-ng/pull/5532>) * The WebHook Python module could hang syslog-ng when started by systemd and systemctl stop syslog-ng was requested. (#5522<https://github.com/syslog-ng/syslog-ng/pull/5522>) * Our installer packages now include static index web pages and are browsable via RPM<https://ose-repo.syslog-ng.com/yum/> and DEB<https://ose-repo.syslog-ng.com/apt/>. (#5517<https://github.com/syslog-ng/syslog-ng/pull/5517>, #5518<https://github.com/syslog-ng/syslog-ng/pull/5518>, #5520<https://github.com/syslog-ng/syslog-ng/pull/5520>) Credits syslog-ng is developed as a community project, and as such it relies on volunteers, to do the work necessarily to produce syslog-ng. Reporting bugs, testing changes, writing code or simply providing feedback are all important contributions, so please if you are a user of syslog-ng, contribute. We would like to thank the following people for their contribution: Vivek Anand, Hofi, gotyaoi, Kovacs Gergo Ferenc, Tamas Pal, Tinkiter — This release has 3 assets: * syslog-ng-4.10.2.tar.gz * Source code (zip) * Source code (tar.gz) Visit the release page<https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.10.2> to download them. Peter Czanik (CzP) <peter.czanik(a)oneidentity.com> Balabit (a OneIdentity company) / syslog-ng upstream https://syslog-ng.com/community/ https://twitter.com/PCzanik

4 9

issues with syslog facility "overflowing" to user facility?
by Ian Veach 19 Nov '25

19 Nov '25

Hi all - We're seeing some weird behavior on our central loghosts. Could be config, I suppose, but it seems unusual and I don't see config issue causing it. The summary is that we are using stats and dumping them into syslog.log, and that's fine. But we see weird "remnants" in user.log. It seems to contain syslog facility messages and is malformed as well. Bug? Or us? 🙂 This is a snip of the expected syslog.log: 2025-11-19T00:00:03.392632-08:00 redacted [syslog.info] syslog-ng[758325]: Log statistics; msg_size_avg='dst.file(d_log#0,/var/log/other/20251110/daemon.log)=111', truncated_bytes='dst.file(d_log#0,/var/log/other/20251006/daemon.log)=0', truncated_bytes='dst.file(d_log_systems#0,/var/log/other/20251002/syste..... This is a snip of user.log (same event/time looks like): 2025-11-19T00:00:03.392632-08:00 redacted [user.notice] var/log/other/20251022/daemon.log)=111',[]: eps_last_24h='dst.file(d_log#0,/var/log/other/20251022/daemon.log)=0', eps_last_1h='dst.file(d_log#0,/var/log/other/20250922/daemon.log)=0', eps_last_24h='dst.file(d_log#0,/var/log/other/20250922/daemon.log)=0',...... Here you can see for user.log that the format is actually messed up. $PROGRAM[$PID]: is missing/truncated (although look at the []: at the end of the first line), and the first part of the $MESSAGE is also missing/truncated. Some notes: * We're running syslog-ng as provided by Red Hat (syslog-ng-3.35.1-7.el9.x86_64) * endpoint is logging correctly (nothing in user.log). This is only centralized loghosts that we see this. * Stats level 1, freq 21600 Relevant configuration snips: log { source(s_local); source(s_net_unix_tcp); source(s_net_unix_udp); filter(f_catchall); destination(d_arc); }; filter f_catchall { not facility(local0, local1, local2, local3, local4, local5, local6, local7); }; destination d_arc { file("`LPTH`/$HOST_FROM/$YEAR/$MONTH/$DAY/$FACILITY.log" template(t_std) ); }; t_std: template("${ISODATE} $HOST_FROM [$FACILITY.$LEVEL] $PROGRAM[$PID]: $MESSAGE\n"); Thanks for any guidance! PUBLIC RECORDS NOTICE: In accordance with NRS Chapter 239, this email and responses, unless otherwise made confidential by law, may be subject to the Nevada Public Records laws and may be disclosed to the public upon request.

1 0