Hello,
I have spent the last two days on hacking syslog-ng with a good number of fixes and couple of features requested a long time ago. Syslog-ng 1.9.8 got into Debian sid and apart from a couple of problems the house is not burning :)
Congratulations and thanks for your hard work.
In summary syslog-ng 1.9.x is getting into shape, and slowly might be ready for some more production-like environments.
... if the segfaults are gone ;).
I would like to ask you to give a try to these snapshot releases I've just uploaded to our website. Assuming no grave problems are found in the next day or two I'll release 1.9.9 and hopefully we can have a stable 2.0.0 in the nearfuture.
So this is a feature freeze?
I'm still not happy with the way log statistics (per source/destination dropped/processed counters) are written to the system log. I'm starting to think that the logfile is not necessarily the best medium to write this information to. I'm open to suggestions.
You could do it the squid way (or httpd for that matter) and have an external syslog-ng client (similar to squidclient) to poll or dump internal stats. Is that more to your liking?
1.9.9
Some minor new features:
* Added optional() option to pipe and unix drivers to make syslog-ng start even if the required directories/files do not exist. * Added DNS name resolution to udp and tcp targets. * Added a stats() keyword for 1.6.x compatibility. * Added processed counters for source/destination groups and the log center. * Added normalize_hostnames() option which converts all hostnames to lower case. * Added PID macro. * Added kernel flag to sources to indicate that messages coming from the source should default to 'kern.crit' instead of 'user.notice'
Rather than fix up the kernel source?
* Added frac_digits() option which controls how many digits are printed in second fractions. * Documentation updates.
Changes:
* Removed stats entries for files as they never lose messages and it would only clutter the log statistics output. * The meaning of the undocumented keep_timestamp() option was changed and documented, it controls whether syslog-ng uses the time of reception or the time included in the log message.
Bugfixes:
* Fixed port unreachable handling for UDP destinations. * Fixed PRI macro processing as it included the local hostname in addition to the priority value because of a missing break statement. * UNIX domain sockets are kept alive across SIGHUPs by default. * Fixed a possible segmentation fault on SIGHUP.
Thank you! Could you point me to the respective patch, please, since I tried to fix that one in the past and spent 4 hours in vain. I would like to improve my debugging abilities regarding syslog-ng and understand your architecture better.
* Fixed timezone extraction from incoming messages with ISO timestamp (only this syslog-ng can send these currently) * Fixed HOST_FROM, FULLHOST_FROM, SOURCEIP, DATE, R_DATE, S_DATE macros (some were still not implemented others worked incorrectly in some circumstances) * Fixed fractions of a second processing.
I'll see if we get 1.9.9 into our testing phase, despite having decided to go with the stable 1.6.9 for our servers. Previous versions of syslog-ng-1.9.x just didn't cut it. Best regards, Roberto Nibali, ratz -- echo '[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq' | dc