syslog-ng 3.4.0alpha3 has been released
------------------------------------------------------------------------------ PACKAGE : syslog-ng VERSION : 3.4.0alpha3 SUMMARY : new stable release DATE : Jun 30, 2012 ------------------------------------------------------------------------------ DESCRIPTION: A new version of syslog-ng Open Source Edition (3.4.0alpha3) has been released. For latest fixes in the 3.4.x branch you are recommended to upgrade to this version. CHANGES: 3.4.0alpha3 Fri, 29 Jun 2012 15:32:54 +0200 Features: ========= * Added set-tag() and clear-tag() rewrite rules. * Added a marker() option to the json-parser(), which indicates that a message is indeed has a json payload. Used to implement a cee-style payload parser. http://bazsi.blogs.balabit.com/2012/05/cee-prototype-and-a-show-case-for-the... * The system source automatically detectd systemd and defines the proper log socket accordingly. Also, if the system() source is not used, a workaround to use the systemd supplied log socket instead of /dev/log was applied. This kicks in if syslog-ng is running under systemd and its config version is 3.3 or less. * Support for FreeBSD's utmpx database. Featured ported from the Premium Edition ======================================== * Added 12 hour time related macros $AMPM and $HOUR12 * Added $USEC and $MSEC macros for micro and milliseconds respectively. * Added $SYSUPTIME that expands to the time since syslog-ng started in the number of 1/100th of a second (just like in the SNMP sysUptime value). * db-parser(): added field extraction to the matching or program names * Added support for Cisco extended timestamp format, one that includes time synchronity information and sequence numbers. https://github.com/bazsi/syslog-ng-3.4/commit/046f90e76137f31e61412d24b99209... * Added support for mark-mode() that allows the customization how MARK messages are generated. https://github.com/bazsi/syslog-ng-3.4/commit/c38d7ad9a2d40650e243ec29c6b3ee... Bugfixes: ========= * Fixed a possible segmentation fault in threaded mode when dns-cache-hosts() is used. * Incorrect encoding of data caused UDP and unix-dgram() receives to be erroneously closed, so no further data would be received. This has been fixed. Incorrect encoding of incoming data causes the connection for connection oriented transports (like tcp() and unix-stream()) to be closed, but the same condition is ignored for datagram oriented transports (like udp() or unix-dgram()). * Accept empty source and destination object in the configuration file. * Fixed a linking issue when using the SMTP destination. * Ignore SIGHUP in the supervisor process. * Fixed fsync() behaviour for destination files. * Fixed a possible NULL deref in db-parser() correllation when context-scope is not defined. Other changes: ============== * Added a --disable-smtp configure option. * Integrated unit test refactorization changes from the BalaBit syslog-ng and SSB teams. * Added systemd alias "syslog" to the unit file. Credits: ======== syslog-ng is developed as a community project, and as such it relies on volunteers to do the work necessarily to produce syslog-ng. Reporting bugs, testing changes, writing code or simply providing feedback are all important contributions, so please if you are a user of syslog-ng, contribute. These people have helped in this release: Alexander Komyagin <komyagin@altell.ru> EgonB <egon@local.ee> Evan Rempel <erempel@uvic.ca> Imre Lazar <imre@balabit.hu> Jose Pedro Oliveira <jpo@di.uminho.pt> Mark Ulmer <mark.ulmer@apollogrp.edu> Patrick Hemmer Peter Czanik <czanik@balabit.hu> Attila Magyar <athos@balabit.hu> Attila Nagy <naat@balabit.hu> Balazs Scheidler <bazsi@balabit.hu> Gergely Nagy <algernon@balabit.hu> Juhasz Viktor <jviktor@balabit.hu> Peter Gyorko <gyorkop@balabit.hu> Viktor Juhasz <jviktor@balabit.hu> DOWNLOAD: You can download the source packages from: http://www.balabit.com/network-security/syslog-ng/opensource-logging-system/... The documentation of the syslog-ng Open Source Edition is available in The syslog-ng Open Source Edition Administrator's Guide at http://www.balabit.com/support/documentation/
Hello, On 06/30/2012 08:37 AM, devel@balabit.hu wrote:
* Support for FreeBSD's utmpx database.
Maybe it's related, but on FreeBSD 8.1 now I get an ugly error message on startup: Error opening plugin module; module='afuser', error='/usr/local/lib/syslog-ng/libafuser.so: Undefined symbol "getutent"' It looks scary, but luckily syslog-ng works fine on the machine. Also, it would be nice to see this 3.3 patch also on 3.4: https://github.com/balabit/syslog-ng-3.3/commit/aebc8171b57619cc39304e17ef7f... Without it there are some ugly messages at startup, and syslog-ng does not start if /dev/log is in the config file instead of the systemd equivalent: Jun 30 15:13:30 linux-lrw9 kernel: [ 8.543788] syslog-ng[817]: segfault at 0 ip b733009f sp bf9f6410 error 4 in libafsocket.so[b7328000+18000] My openSUSE 3.4 packages are now updated to 3.4 alpha3 (see http://www.balabit.com/network-security/syslog-ng/opensource-logging-system/...). One can easily update to alpha3 also on FreeBSD, even before the syslog-ng-devel port is refreshed in ports. There are two easy steps: - remove /usr/ports/sysutils/syslog-ng-devel/distinfo - change the Makefile from alpha2 to alpha3 or a few more, if you want a proper pkg-plist :-) (version of libsyslog-ng is changed and a patterndb related xsd is added) Bye, -- Peter Czanik (CzP) <czanik@balabit.hu> BalaBit IT Security / syslog-ng upstream http://czanik.blogs.balabit.com/
Peter Czanik <czanik@balabit.hu> writes:
Hello,
On 06/30/2012 08:37 AM, devel@balabit.hu wrote:
* Support for FreeBSD's utmpx database.
Maybe it's related, but on FreeBSD 8.1 now I get an ugly error message on startup:
Error opening plugin module; module='afuser', error='/usr/local/lib/syslog-ng/libafuser.so: Undefined symbol "getutent"'
It looks scary, but luckily syslog-ng works fine on the machine.
Hngh. This is probably present in 3.3 too then. I'll see what I can do about it.
Also, it would be nice to see this 3.3 patch also on 3.4: https://github.com/balabit/syslog-ng-3.3/commit/aebc8171b57619cc39304e17ef7f... Without it there are some ugly messages at startup, and syslog-ng does not start if /dev/log is in the config file instead of the systemd equivalent: Jun 30 15:13:30 linux-lrw9 kernel: [ 8.543788] syslog-ng[817]: segfault at 0 ip b733009f sp bf9f6410 error 4 in libafsocket.so[b7328000+18000]
That commit should be in 3.4alpha3, as the 3.3 master branch (which includes the above commit) has been merged into it, as far as I see. Do you perhaps have a core (or even better, a backtrace!) of the segfault? -- |8]
Gergely Nagy <algernon@balabit.hu> writes:
Peter Czanik <czanik@balabit.hu> writes:
Hello,
On 06/30/2012 08:37 AM, devel@balabit.hu wrote:
* Support for FreeBSD's utmpx database.
Maybe it's related, but on FreeBSD 8.1 now I get an ugly error message on startup:
Error opening plugin module; module='afuser', error='/usr/local/lib/syslog-ng/libafuser.so: Undefined symbol "getutent"'
It looks scary, but luckily syslog-ng works fine on the machine.
Hngh. This is probably present in 3.3 too then. I'll see what I can do about it.
Found it! configure did not check whether <utmp.h> exists, so HAVE_UTMP_H was always undefined. FreeBSD8 does not have getutent(), so the compatibility implementation in lib/utils.c should have been used, but that relied on HAVE_UTMP_H. I modified the configure script to check that header too, and the problem is fixed. Thanks for the report! -- |8]
Hello, On 06/30/2012 04:12 PM, Gergely Nagy wrote:
Also, it would be nice to see this 3.3 patch also on 3.4: https://github.com/balabit/syslog-ng-3.3/commit/aebc8171b57619cc39304e17ef7f... Without it there are some ugly messages at startup, and syslog-ng does not start if /dev/log is in the config file instead of the systemd equivalent: Jun 30 15:13:30 linux-lrw9 kernel: [ 8.543788] syslog-ng[817]: segfault at 0 ip b733009f sp bf9f6410 error 4 in libafsocket.so[b7328000+18000] That commit should be in 3.4alpha3, as the 3.3 master branch (which includes the above commit) has been merged into it, as far as I see.
Do you perhaps have a core (or even better, a backtrace!) of the segfault? No. It seems to occur only during startup, when I don't have much debug tools available... When I start syslog-ng after the boot, it starts without these segfaults. It still opens /dev/log instead of /run/systemd/journal/syslog Bye,
-- Peter Czanik (CzP) <czanik@balabit.hu> BalaBit IT Security / syslog-ng upstream http://czanik.blogs.balabit.com/
Peter Czanik <czanik@balabit.hu> writes:
On 06/30/2012 04:12 PM, Gergely Nagy wrote:
Also, it would be nice to see this 3.3 patch also on 3.4: https://github.com/balabit/syslog-ng-3.3/commit/aebc8171b57619cc39304e17ef7f... Without it there are some ugly messages at startup, and syslog-ng does not start if /dev/log is in the config file instead of the systemd equivalent: Jun 30 15:13:30 linux-lrw9 kernel: [ 8.543788] syslog-ng[817]: segfault at 0 ip b733009f sp bf9f6410 error 4 in libafsocket.so[b7328000+18000] That commit should be in 3.4alpha3, as the 3.3 master branch (which includes the above commit) has been merged into it, as far as I see.
Do you perhaps have a core (or even better, a backtrace!) of the segfault? No. It seems to occur only during startup, when I don't have much debug tools available... When I start syslog-ng after the boot, it starts without these segfaults. It still opens /dev/log instead of /run/systemd/journal/syslog
*grumble*. I'll try to investigate. Can you check if 3.3 git head behaves sanely, and opens /run/systemd/journal/syslog? -- |8]
Hello, On 07/02/2012 10:03 AM, Gergely Nagy wrote:
No. It seems to occur only during startup, when I don't have much debug tools available... When I start syslog-ng after the boot, it starts without these segfaults. It still opens /dev/log instead of /run/systemd/journal/syslog *grumble*. I'll try to investigate. Can you check if 3.3 git head behaves sanely, and opens /run/systemd/journal/syslog? Just tested, and on 3.3 git it works as expected. Bye,
-- Peter Czanik (CzP) <czanik@balabit.hu> BalaBit IT Security / syslog-ng upstream http://czanik.blogs.balabit.com/
participants (3)
-
devel@balabit.hu
-
Gergely Nagy
-
Peter Czanik