Hello, As syslog-ng 3.3 was released for a couple of months now, I'd like to know, if you already switched to this version. If you already use 3.3, please share your success story! Why did you upgrade (which feature)? Size of installation? Or any other info you find interesting. If you still use an earlier release, please let us know, what keeps you back from upgrading! Not yet available as a package for your platform? Something is broken, what previously worked? Something else? For those, who don't want to share their story with the rest of the world, you could still help our work by answering these questions in a private e-mail directly to me. And finally, here is a teaser for those, who did not upgrade yet: what's new in syslog-ng since 2.0: http://czanik.blogs.balabit.com/2012/02/whats-new-in-syslog-ng-3-x/ Thank you for your help, Bye, -- Peter Czanik (CzP)<czanik@balabit.hu> BalaBit IT Security / syslog-ng upstream http://czanik.blogs.balabit.com/
I'm probably the least interesting person to answer, but nevertheless, here it goes! Peter Czanik <czanik@balabit.hu> writes:
As syslog-ng 3.3 was released for a couple of months now, I'd like to know, if you already switched to this version.
If you already use 3.3, please share your success story! Why did you upgrade (which feature)? Size of installation? Or any other info you find interesting.
I switched to 3.3 on all my machines, physical and virtual alike around the time the first beta came out. I was already running 3.3 on my desktop before that, since that's the version I was developing against. I first switched to 3.3 when I was told to port my MongoDB destination from 3.2 to 3.3, so I did that, and never looked back. That's the reason I switched to 3.3 on my desktop. On my servers (one physical, running Debian Squeeze on powerpc; one virtual, running Debian Squeeze on i386) I switched to 3.3 when I started to offer debian packages. The major trigger for the switch being the MongoDB destination, and later on the format-json template function. Shortly after, I started to enable threading on my servers and desktop too, and upgraded my workstation at work to syslog-ng 3.3 too (at the time, I was using Ubuntu Lucid (upgraded to Debian unstable since, thank $deity), which had something like 2.0.9 or similar, which I dared not touch, not even with a ten feet pole). As of this writing, I'm running syslog-ng 3.3 on one server (the virtual one was laid to rest a couple of hours ago, after more than five years of faithfull service), two desktops, two routers, three laptops (one modern one, a 7 year old asus, and an i486 one with a whopping 2Mb memory), a couple of virtual machines (my mongodb clusters: one at amazon, and a test cluster at home (each cluster consisting of about 3-4 machines, depending on how much I boot up); a FreeBSD and a kFreeBSD port box at home). Not that big an installation, but some of the machines, especially the mongodb cluster and my desktop at home tend to generate a ton of logs from time to time. The fun things are the routers, which were a bit of a challenge to install syslog-ng onto (mostly due to the lack of available space on them). Threading, mongodb destination, global suppress, systemd and 3.x kernel support, and the performance enhancements were all proven useful for my use cases. While developing, the modular architecture too, but that was already the case with 3.2 aswell. I'm also trying to find ways to use patterndb, but haven't had the time to do interesting things with it yet. -- |8]
If you already use 3.3, please share your success story! Why did you upgrade (which feature)? Size of installation? Or any other info you find interesting.
If you still use an earlier release, please let us know, what keeps you back from upgrading! Not yet available as a package for your platform? Something is broken, what previously worked? Something else?
We run an environment with 350+ actual servers, and three compute clusters with relay servers and one relay server for all of our networking devices (100's there too). We deploy specific version of syslog-ng on specific versions of the OS. As long as there are no problems, we don't upgrade. So, we still run 2.0 on some boxes (abound 100 hosts) These hosts will not be upgraded as they are scheduled for decommission, or will just become obsolete. We run 3.0 on the majority (250) and this group will probably be upgraded to 3.3 in the near future (3 months) after our in house testing is satisfactory. We run 3.3 on our central servers and latest OS (about 20 hosts). On the central syslog servers we moved to 3.3 to get the latest patterndb features. We are eagerly looking forward to the junction feature. Hope it helps. -- Evan Rempel Senior Systems Administrator Unix Services, University Systems, University of Victoria
Hi there, Peter, this is an excellent topic. I am using 3.3 because of json output. Actually I am parsing logs with patterndb and sending them in json format via tcp socket to a LOGalyze real time log analyzer. LOGalyze has a json collector what can receive the json formatted logs from syslog-ng, index them, analyze them. They are doing a really great job together... Regards, Balazs
participants (4)
-
Evan Rempel
-
Gergely Nagy
-
Peter Czanik
-
Vámos Balázs