On Fri, Jan 07, 2011 at 08:18:00PM +0100, Gergely Nagy wrote:
On Fri, 2011-01-07 at 11:58 -0500, Christopher Barry wrote:
syslog-ng (2.0.9-4.2) is the packaged version in Ubuntu 10.04. Can I use this version to create the patterns that have been mentioned in this thread, or do I need to pull down a newer (3.x) .deb from balabit? If a newer one is appropriate or required, which version is recommended?
I would strongly recommend 3.x. Debian has 3.1.3, and that version will probably work just fine on Ubuntu 10.04 (haven't tried, you might need to recompile in the worst case).
I'm with him on this, but I'm stricter. I recommend using 3.2 because it's got the most reliable bug fixes and features and syntax, such as correlation between events. Matthew.