syslog-ng-3.7beta1 released
3.7.0beta1 This is the first beta release of the upcoming syslog-ng OSE 3.7 branch. Further releases will focus on fixes and small Getting started ... documentations. Changes compared to the previous alpha release: Features - Added batched event sending support for riemann destination driver which makes the riemann destination respect flush-lines(), and send event in batches of configurable amount (defaults to 1). In case of an error, all messages within the batch will be dropped. Dropped messages, and messages that result in formatting errors do not count towards the batch size. There is no timeout, but messages will be flushed upon deinit. - Added IPv6 netmask filter for selecting only messages sent by a host whose IP address belongs to the specified IPv6 subnet. - Added syslog-ng debug bundle generator script for collecting debug related information. - Added a new macro, called HOSTID which is a 32-bit number generated by a cryptographically secure PRNG. Its purpose is to identify the syslog-ng host, thus it is the same for every message generated on the same host. - Added a new macro, called UNIQID which is a practically unique ID generated from the HOSTID and the RCPTID in the format of HOSTID@RCPTID. Uniqid is a derived value: it is built up from the always available hostid and the optional rcptid. In other words: uniqid is an extension over rcptid. For that reason use-rcptid has been deprecated and use-uniqid could be use instead. - Added a reset option to syslog-ng-ctl stats. With this option the non-stored stats counters can be zeroed. - Java-destination driver ported from syslog-ng-incubator. Purpose of having Java destination driver is to provide the right way to support all player in the "Java related logging ecosystem" (Kafka, HDFS, ElasticSearch, ...). Java dest driver is a special driver, a bridge between the C and the Java world from syslog-ng point of view. - Python language support is ported from syslog-ng incubator and has been completely reworked. Now, it is possible to implement template functions in Python language and also destination drivers. Main purpose of supporting Python language is to implement a nice interactive syslog-ng config debugger for syslog-ng. - New builtin interactive syslog-ng.conf debugger implemented for syslog-ng. The debugger has a Python frontend which contains a full Completer (just press TABs and works like bash) Enhancements - Extended the set of supported characters to every printable ASCII's except ., [ and ] in extract-prefix for json-parser(). - OpenSSL set as a hard dependency for syslog-ng because the newly added hostid and uniqid features requires a CPRNG provided by OpenSSL. After OpenSSL is a hard dependency - non-embedded crypto lib is not a real option, so the support of having such a crypto lib discontinued - all SSL-dependent features enabled by default - Added string-delimiters option to csvparser to support multi character delimiters in CSV parsing. - Upgrade RabbitMQ submodule to the upstream. - Extended rcpt-id to 64 bits (formerly it was 48 bits). Fixes - Fixed the encoding of characters below 32 if escaping is enabled in templates. Templated outputs never contained references to characters below 32, essentially they were dropped from the output for two reasons: - the prefixing backslash was removed from the code - the format_uint32_padded() function produced no outputs in base 8 - Fixed afstomp destination port issue. It always tried to connect to the port 0. - Fixed compilation where the monolitic libsystemd was not available. - Fixed memleak in db-parser which could happen at every reload. - Fixed a class of rule conflicts in db-parser: Because an error in the pdb load algorithms, some rules would conflict which shouldn't have done that. The problem was that several programs would use the same RADIX tree to store their patterns. Merging independent programs meant that if they the same pattern listed, it would clash, even though their $PROGRAM is different. There were multiple issues: - we looked up pattern string directly, even they might have contained @parser <https://github.com/parser>@ references. It was simply not designed that way and only worked as long as we didn't have the possibility to use parsers in program names - we could merge programs with the same prefix, e.g. su, supervise/syslog-ng and supervise/logindexd would clash, on "su", which is a common prefix for all three. The solution involved in using a separate hash table for loading, which at the end is turned into the radix tree. - Fixed a crash around affile at the first message delivery when templates were used. - Excluded "tags" from riemann destination driver as an attribute which conflicts with reserved keyword - Fixed a docbook related compilation error: there was a hardcoded path that caused build to fail if docbook is not on that path. Debian based platforms did not affected by this problem. Now a new option was created for ./configure that is --enable-manpages that enables the generation of manpages using docbook from online source. '--with-docbook=PATH' gives you the opportunity to specify the path for your own installed docbook. Developer notes - filter: fix external filter plugin lookup The filter_plugin rule expected an LL_IDENTIFIER and filter_comparison expected a string which in turn is an LL_IDENTIFIER or LL_STRING. It caused a conflict in the grammar which prevented to load external filter plugins. Credits syslog-ng is developed as a community project, and as such it relies on volunteers, to do the work necessarily to produce syslog-ng. Reporting bugs, testing changes, writing code or simply providing feedback are all important contributions, so please if you are a user of syslog-ng, contribute. We would like to thank the following people for their contribution: Andras Mitzki, Balazs Scheidler, Botond Borsits, Fabien Wernli, Gergely Nagy, Gergo Nagy, Gyorgy Pasztor, Istvan Adam Mozes, Laszlo Budai, Manikandan-Selvaganesh, Peter Czanik, Robert Fekete, Tibor Benke, Viktor Juhasz, Vincent Bernat, Zoltan Fried, Zoltan Pallagi. — View it on GitHub <https://github.com/balabit/syslog-ng/releases/tag/syslog-ng-3.7.0beta1>.
Hi, It's up and running on my laptop and did not it (yet :-) ) eat the machine. It's a beta, so not recommended for production use, still any testing and feedback is very welcome! While trying to package the beta, I ran into two bugs: - man pages are missing from the release tar.gz - parallel build does not seem to work (don't use "make -j") My packages for openSUSE are available at https://build.opensuse.org/project/show/home:czanik:syslog-ng37 Tomorrow I'm mostly off-line due to a training and don't have much time left for packaging this week. Which platform (FreeBSD or Linux distro version) should have 3.7 beta1 packages next? Bye, Peter Czanik (CzP) <peter.czanik@balabit.com> BalaBit IT Security / syslog-ng upstream http://czanik.blogs.balabit.com/ https://twitter.com/PCzanik On Tue, Apr 14, 2015 at 8:08 PM, Czanik, Péter <peter.czanik@balabit.com> wrote:
3.7.0beta1
This is the first beta release of the upcoming syslog-ng OSE 3.7 branch.
Further releases will focus on fixes and small Getting started ... documentations.
Changes compared to the previous alpha release: Features
-
Added batched event sending support for riemann destination driver which makes the riemann destination respect flush-lines(), and send event in batches of configurable amount (defaults to 1). In case of an error, all messages within the batch will be dropped. Dropped messages, and messages that result in formatting errors do not count towards the batch size. There is no timeout, but messages will be flushed upon deinit. -
Added IPv6 netmask filter for selecting only messages sent by a host whose IP address belongs to the specified IPv6 subnet. -
Added syslog-ng debug bundle generator script for collecting debug related information. -
Added a new macro, called HOSTID which is a 32-bit number generated by a cryptographically secure PRNG. Its purpose is to identify the syslog-ng host, thus it is the same for every message generated on the same host. -
Added a new macro, called UNIQID which is a practically unique ID generated from the HOSTID and the RCPTID in the format of HOSTID@RCPTID. Uniqid is a derived value: it is built up from the always available hostid and the optional rcptid. In other words: uniqid is an extension over rcptid. For that reason use-rcptid has been deprecated and use-uniqid could be use instead. -
Added a reset option to syslog-ng-ctl stats. With this option the non-stored stats counters can be zeroed. -
Java-destination driver ported from syslog-ng-incubator. Purpose of having Java destination driver is to provide the right way to support all player in the "Java related logging ecosystem" (Kafka, HDFS, ElasticSearch, ...). Java dest driver is a special driver, a bridge between the C and the Java world from syslog-ng point of view. -
Python language support is ported from syslog-ng incubator and has been completely reworked. Now, it is possible to implement template functions in Python language and also destination drivers. Main purpose of supporting Python language is to implement a nice interactive syslog-ng config debugger for syslog-ng. -
New builtin interactive syslog-ng.conf debugger implemented for syslog-ng. The debugger has a Python frontend which contains a full Completer (just press TABs and works like bash)
Enhancements
-
Extended the set of supported characters to every printable ASCII's except ., [ and ] in extract-prefix for json-parser(). -
OpenSSL set as a hard dependency for syslog-ng because the newly added hostid and uniqid features requires a CPRNG provided by OpenSSL.
After OpenSSL is a hard dependency - non-embedded crypto lib is not a real option, so the support of having such a crypto lib discontinued - all SSL-dependent features enabled by default -
Added string-delimiters option to csvparser to support multi character delimiters in CSV parsing. -
Upgrade RabbitMQ submodule to the upstream. -
Extended rcpt-id to 64 bits (formerly it was 48 bits).
Fixes
-
Fixed the encoding of characters below 32 if escaping is enabled in templates. Templated outputs never contained references to characters below 32, essentially they were dropped from the output for two reasons: - the prefixing backslash was removed from the code - the format_uint32_padded() function produced no outputs in base 8 -
Fixed afstomp destination port issue. It always tried to connect to the port 0. -
Fixed compilation where the monolitic libsystemd was not available. -
Fixed memleak in db-parser which could happen at every reload. -
Fixed a class of rule conflicts in db-parser:
Because an error in the pdb load algorithms, some rules would conflict which shouldn't have done that. The problem was that several programs would use the same RADIX tree to store their patterns. Merging independent programs meant that if they the same pattern listed, it would clash, even though
their $PROGRAM is different.
There were multiple issues: -
we looked up pattern string directly, even they might have contained @parser <https://github.com/parser>@ references. It was simply not designed that way and only
worked as long as we didn't have the possibility to use parsers
in program names -
we could merge programs with the same prefix, e.g. su, supervise/syslog-ng and supervise/logindexd would clash, on "su", which is a common prefix for all three.
The solution involved in using a separate hash table for loading, which at the end is turned into the radix tree. -
Fixed a crash around affile at the first message delivery when templates were used. -
Excluded "tags" from riemann destination driver as an attribute which conflicts with reserved keyword -
Fixed a docbook related compilation error: there was a hardcoded path that caused build to fail if docbook is not on that path. Debian based platforms did not affected by this problem. Now a new option was created for ./configure that is --enable-manpages that enables the generation of manpages using docbook from online source. '--with-docbook=PATH' gives you the opportunity to specify the path for your own installed docbook.
Developer notes
-
filter: fix external filter plugin lookup
The filter_plugin rule expected an LL_IDENTIFIER and filter_comparison expected a string which in turn is an LL_IDENTIFIER or LL_STRING. It caused a conflict in the grammar which prevented to load external filter plugins.
Credits
syslog-ng is developed as a community project, and as such it relies on volunteers, to do the work necessarily to produce syslog-ng.
Reporting bugs, testing changes, writing code or simply providing feedback are all important contributions, so please if you are a user of syslog-ng, contribute.
We would like to thank the following people for their contribution:
Andras Mitzki, Balazs Scheidler, Botond Borsits, Fabien Wernli, Gergely Nagy, Gergo Nagy, Gyorgy Pasztor, Istvan Adam Mozes, Laszlo Budai, Manikandan-Selvaganesh, Peter Czanik, Robert Fekete, Tibor Benke, Viktor Juhasz, Vincent Bernat, Zoltan Fried, Zoltan Pallagi.
— View it on GitHub <https://github.com/balabit/syslog-ng/releases/tag/syslog-ng-3.7.0beta1>.
participants (1)
-
Czanik, Péter