Dear syslog-ng users, This is the 4th issue of the syslog-ng Insider, a monthly newsletter that brings you syslog-ng related news. Your feedback and news tips about the next issue is welcome at documentation@balabit.com <mailto:documentation@balabit.com> FEATURED NEWS syslog-ng FAQ moved and updated ------------------------------- The syslog-ng FAQ was maintained by Nate Campi for many years. Questions and answers for old releases are still available at the old URL ( http://www.campin.net/syslog-ng/faq.html ). FAQ for recent releases is now maintained in-house and available at http://www.balabit.com/wiki/syslog-ng-faq To place a question of yours into the syslog-ng FAQ, please don’t hesitate to contact us on the mailing list, which is available at http://lists.balabit.hu/mailman/listinfo/syslog-ng syslog-ng OSE 3.3 beta1 released -------------------------------- The first beta version of syslog-ng 3.3 was released. This is a major step in syslog-ng's development, as it is now fully multi-threaded, and is also the first release with considerable amount of community developed features. For a full list of features, changes and fixes check the announcment at http://lists.balabit.hu/pipermail/syslog-ng/2011-May/016624.html <https://lists.balabit.hu/pipermail/syslog-ng/2011-May/016624.html> Development of syslog-ng OSE 3.4 started ---------------------------------------- As syslog-ng 3.3 is in feature freeze, new development goes on in the 3.4 repo. Looking at http://git.balabit.hu/?p=bazsi/syslog-ng-3.4.git shows some very interesting commit logs: * $(sanitize): add new template function useful to sanitize filenames * basicfuncs: Implement a $(substr STR START [LEN]) template function. * basicfuncs: Implement a few numeric template functions While not yet merged, the following blog has a preview of a planned extension to the recently merged value-pairs() functionality: http://algernon.blogs.balabit.com/2011/06/hammers-keys-and-nails/ Blog series on web GUIs for syslog-ng ------------------------------------- Web based GUIs for syslog-ng is a hot topic recently, so a new blog series was started a few month ago. This month I covered LogStash. If you have any suggestions what else to cover, please let us know! Logstash: http://czanik.blogs.balabit.com/2011/05/logstash/ CVE-2011-1951: problems, when syslog-ng is compiled with PCRE 8.12+ ------------------------------------------------------------------- Under certain circumstances Versions 3.0, 3.1 and 3.2 of syslog-ng Open Source Edition (OSE) are vulnerable to a Denial of Service attack if the PCRE engine is enabled in syslog-ng and libpcre version 8.12 is installed. The syslog-ng Premium Edition (PE) application is not affected, as it uses a different version of the libpcre package. In libpcre version 8.12 a return value has been changed. This change causes an infinite loop in syslog-ng if a pcre filter is used and the global flag is enabled for the expression. If such a filter expression is used in the configuration of syslog-ng and a log message does not match the regular expression (which most probably happens within seconds of starting an affected version of syslog-ng), syslog-ng consumes the processor resources and denial of service occurs. All 3.X branches are affected before 3.2.4 Fixes for 3.0 and 3.1 are available in git. OTHER SHORT NEWS * Fedora maintainers were very active recently. The latest syslog-ng is now available in FC15 and packages for EPEL are also available: http://czanik.blogs.balabit.com/2011/05/fedora-15-syslog-ng-3-3-beta1-quick-... and http://czanik.blogs.balabit.com/2011/05/epel6-brings-syslog-ng-to-the-latest... * Amazon Kindle is powered by syslog-ng: http://czanik.blogs.balabit.com/2011/05/amazon-kindle-%e2%80%93-powered-by-s... <http://czanik.blogs.balabit.com/2011/05/amazon-kindle-%3F-powered-by-syslog-ng/> * Algernon started a new repo for not yet merged syslog-ng code: http://bazsi.blogs.balabit.com/2011/06/repository-for-syslog-ng-3rd-party-mo... NEW RELEASES * syslog-ng 3.3 beta1: http://lists.balabit.hu/pipermail/syslog-ng/2011-May/016624.html <https://lists.balabit.hu/pipermail/syslog-ng/2011-May/016624.html> RECENT WHITEPAPERS * There is a new WP in preparation about syslog-ng GUIs. I published the basis of it as a blog at http://czanik.blogs.balabit.com/2011/06/a-comparison-of-syslog-ng-web-guis/ Your comments are very welcome! ARCHIVE http://insider.blogs.balabit.com/ -- Peter Czanik (CzP) <czanik@balabit.hu> BalaBit IT Security / syslog-ng upstream http://czanik.blogs.balabit.com/