3.21.1 Highlights * Add an alternative, native, librdkafka based kafka-c() destination in parallel of the existing Java implementation, that provides the same configuration interface. Eventually, we expect this to replace the Java one (#2496<https://github.com/balabit/syslog-ng/pull/2496>) * Add a native, http() based destination based driver for elasticsearch called elasticsearch-http(), as an alternative of the Java one. Eventually, we expect this to replace the Java implementation. (#2509<https://github.com/balabit/syslog-ng/pull/2509>) * Add the ability to automatically determine the timezone value for an incoming log entry as long as the incoming stream is close to real time and the timezone information is missing from the timestamp. Enable this function by using flags(guess-timezone) for sources and the date-parser(). (#2517<https://github.com/balabit/syslog-ng/pull/2517>, #2673<https://github.com/balabit/syslog-ng/pull/2673>) Features * syslog(): Add the ability to work with messages larger than log-msg-size() in the source driver by using the trim-large-messages(yes) option. The characters over the limit will be truncated. Previously messages longer than the limit caused the connection to be closed abruptly. (#2644<https://github.com/balabit/syslog-ng/pull/2644>) * amqp(): add support for heartbeats and the "external" authentication mechanism. (#2676<https://github.com/balabit/syslog-ng/pull/2676>, #2626<https://github.com/balabit/syslog-ng/pull/2626>) * graylog2(): add support for TLS and UDP. (#2657<https://github.com/balabit/syslog-ng/pull/2657>) * udp(): Add spoof-source-max-msglen() option to allow setting the maximum spoofed datagram size, which was hard-wired to 1024 previously. (#2535<https://github.com/balabit/syslog-ng/pull/2535>) * db-parser(): add an option program-template() that customizes the value used for matching the PROGRAM field. (#2651<https://github.com/balabit/syslog-ng/pull/2651>) * pdbtool: Add sort option to pdbtool merge (#2664<https://github.com/balabit/syslog-ng/pull/2664>) * $(implode) and $(explode): add template functions to split and join strings based on a simple separator. The exploded array is represented as a syslog-ng list that can be manipulated with the $(list-*) template functions. (#2700<https://github.com/balabit/syslog-ng/pull/2700>) * Add an --omit-empty-values option for value-pairs based destinations & template functions. (#2519<https://github.com/balabit/syslog-ng/pull/2519>) * grouping-by() parser: add sort-key() option (#2701<https://github.com/balabit/syslog-ng/pull/2701>) Support for non-syslog or non-standard formats in SCL * apache-accesslog-parser(): support for vhost:port as the first field in common/combined log formats (#2688<https://github.com/balabit/syslog-ng/pull/2688>) * Add application adapter for Junos classification (#2684<https://github.com/balabit/syslog-ng/pull/2684>) * Add parser and adapter for CheckPoint LogExporter output (#2665<https://github.com/balabit/syslog-ng/pull/2665>) Bugfixes * Fix race condition of idle timer and scheduled I/O job (#2650<https://github.com/balabit/syslog-ng/pull/2650>) * Few leaks find via sanitizer (#2696<https://github.com/balabit/syslog-ng/pull/2696>) * syslogformat: set $MSG even if the incoming message is empty (#2672<https://github.com/balabit/syslog-ng/pull/2672>) * Fix double-free error in logproto unit tests (#2662<https://github.com/balabit/syslog-ng/pull/2662>) * groupingby: identical persist name (#2659<https://github.com/balabit/syslog-ng/pull/2659>) * stats: deindex pruned counters/clusters (#2648<https://github.com/balabit/syslog-ng/pull/2648>) * Type hinting should not accept empty values (#2639<https://github.com/balabit/syslog-ng/pull/2639>) * app-parser, pseudofile: fix crash with grammar error (#2640<https://github.com/balabit/syslog-ng/pull/2640>) * python: set_timestamp normalization (#2643<https://github.com/balabit/syslog-ng/pull/2643>) * db-parser: fix memory leak (#2652<https://github.com/balabit/syslog-ng/pull/2652>) * grouping-by: use after free, memory leak, missing init calls of filters (#2655<https://github.com/balabit/syslog-ng/pull/2655>) * amqp: fixing double connect (#2660<https://github.com/balabit/syslog-ng/pull/2660>) * old style definition warning fixes (#2680<https://github.com/balabit/syslog-ng/pull/2680>) * Fix "!=" filter (#2683<https://github.com/balabit/syslog-ng/pull/2683>) * dbparser: fix memleak (#2706<https://github.com/balabit/syslog-ng/pull/2706>) * nondumpable-allocator: fixing mmap error handling (#2666<https://github.com/balabit/syslog-ng/pull/2666>) * Fix timeutils warning (#2604<https://github.com/balabit/syslog-ng/pull/2604>) * Fix old style include statement compatibility (#2600<https://github.com/balabit/syslog-ng/pull/2600>) * Fix config revert (threaded destinations) (#2596<https://github.com/balabit/syslog-ng/pull/2596>) * Add warning on old style include statement (#2592<https://github.com/balabit/syslog-ng/pull/2592>) Other changes * cfg-parser: add aliases for yesno (#2671<https://github.com/balabit/syslog-ng/pull/2671>) * Include json-c in the dist tarball (#2590<https://github.com/balabit/syslog-ng/pull/2590>) * cmake: disable_all_modules support (#2647<https://github.com/balabit/syslog-ng/pull/2647>) * Cmake clang sanitizer (#2562<https://github.com/balabit/syslog-ng/pull/2562>) * timeutils refactor (#2483<https://github.com/balabit/syslog-ng/pull/2483>) * Expedite threaded flush at reload (#2656<https://github.com/balabit/syslog-ng/pull/2656>) * elasticsearch2: Added deprecation warning (#2628<https://github.com/balabit/syslog-ng/pull/2628>) * Astyle fixes (#2624<https://github.com/balabit/syslog-ng/pull/2624>) * Force C99 with GNU (#2623<https://github.com/balabit/syslog-ng/pull/2623>) * Make rewording and other small edits to README (#2608<https://github.com/balabit/syslog-ng/pull/2608>) * Port tests to Criterion (#2607<https://github.com/balabit/syslog-ng/pull/2607>, #2661<https://github.com/balabit/syslog-ng/pull/2661>, #2621<https://github.com/balabit/syslog-ng/pull/2621>, #2620<https://github.com/balabit/syslog-ng/pull/2620>, #2619<https://github.com/balabit/syslog-ng/pull/2619>, #2618<https://github.com/balabit/syslog-ng/pull/2618>, #2617<https://github.com/balabit/syslog-ng/pull/2617>, #2616<https://github.com/balabit/syslog-ng/pull/2616>, #2615<https://github.com/balabit/syslog-ng/pull/2615>, #2599<https://github.com/balabit/syslog-ng/pull/2599>, #2594<https://github.com/balabit/syslog-ng/pull/2594>, #2593<https://github.com/balabit/syslog-ng/pull/2593>, #2591<https://github.com/balabit/syslog-ng/pull/2591>, #2586<https://github.com/balabit/syslog-ng/pull/2586>, #2584<https://github.com/balabit/syslog-ng/pull/2584>, #2583<https://github.com/balabit/syslog-ng/pull/2583>) * test_reliable_backlog: fix random failure (#2668<https://github.com/balabit/syslog-ng/pull/2668>) * Fix unit test with function pointer dereference in case of ASLR, Criterion (#2669<https://github.com/balabit/syslog-ng/pull/2669>) * test-stats-query: fix unit test (#2603<https://github.com/balabit/syslog-ng/pull/2603>) Notes to the developers * Version from git describe (#2627<https://github.com/balabit/syslog-ng/pull/2627>) * light: example-msg-generator support (#2571<https://github.com/balabit/syslog-ng/pull/2571>) * light: test app parser applications (#2686<https://github.com/balabit/syslog-ng/pull/2686>) * light: Switch to native logger (#2546<https://github.com/balabit/syslog-ng/pull/2546>) * light: Remove SetupTestcase() dependency (#2587<https://github.com/balabit/syslog-ng/pull/2587>) Credits syslog-ng is developed as a community project, and as such it relies on volunteers, to do the work necessarily to produce syslog-ng. Reporting bugs, testing changes, writing code or simply providing feedback are all important contributions, so please if you are a user of syslog-ng, contribute. We would like to thank the following people for their contribution: Andras Mitzki, Antal Nemes, Attila Szakacs, Balazs Scheidler, Chris Spencer, David Liew, Fabien Wernli, Gabor Nagy, Laszlo Budai, Laszlo Szemere, Layne, László Várady, Mehul Prajapati, Nik Ambrosch, Parth Wazurkar, Péter Kókai, Terez Nemes, Victor Ma, Zoltan Pallagi. https://github.com/balabit/syslog-ng/releases/tag/syslog-ng-3.21.1 [https://avatars1.githubusercontent.com/u/986981?s=400&v=4]<https://github.com/balabit/syslog-ng/releases/tag/syslog-ng-3.21.1> balabit/syslog-ng<https://github.com/balabit/syslog-ng/releases/tag/syslog-ng-3.21.1> syslog-ng is an enhanced log daemon, supporting a wide range of input and output methods: syslog, unstructured text, queueing, SQL & NoSQL. - balabit/syslog-ng github.com