[syslog-ng-announce] syslog-ng Premium Edition 3.2.0 has been released

devel at balabit.hu devel at balabit.hu
Fri Jul 9 16:01:54 CEST 2010

PACKAGE             : syslog-ng Premium Edition
VERSION             : 3.2.0
SUMMARY             : new feature release
DATE                : Jul 5, 2010


  A new feature version of syslog-ng Premium Edition (3.2.0) has been
  released. For a full description on stable and feature releases,
  see Section 2.16. Stable and feature releases of syslog-ng PE in
  The syslog-ng Premium Edition 3.2.0 Administrator Guide.


        Fri, 2 July 2010 10:14:17 +0100

  syslog-ng Premium Edition version 3.2 is the second feature release based on
  the stable 3.0 branch. For a full description on stable and feature releases,
  see Section 2.16. Stable and feature releases of syslog-ng PE in
  The syslog-ng Premium Edition 3.2 Administrator Guide.

  Downgrading from a feature release to an earlier (and thus unsupported)
  feature release, or to the stable release is not supported.
  This means that once you upgrade a system from a stable release (e.g., 3.0)
  to a feature release (e.g., 3.1), you will have to keep upgrading to the new
  feature releases until the next stable version release (e.g., 4.0) is
  published, or risk using an unsupported product.

        Important changes in syslog-ng PE 3.2
        * The default port numbers used by syslog-ng have changed to make them
          consistent with the relevant RFCs. Until now, the syslog() drivers
          used port 601 by default. Starting with this version, syslog-ng uses
          the following default ports for the syslog() destination and source
            * 514 for syslog over UDP
            * 601 for syslog over TCP
            * 6514 for syslog over TLS

          If you used the syslog() driver with the default ports, adjust your
          configuration when upgrading to avoid data loss.

        * The behavior of handling the message header has changed: earlier
          versions stored the parsed header by default, and stored the original
          header only if the store-legacy-msghdr flag was enabled. Starting
          with syslog-ng PE 3.2 the original incoming header of the log message
          is stored in the $MSGHDR macro by default, the original (3.0 and 3.1)
          behavior of MSGHDR macro can be restored by using
          dont-store-legacy-msghdr flag.

        New features
        * The extended timestamp format of Cisco IOS is now supported, including
          sequence numbers and the NTP synchronicity indicator. The sequence
          number of such messages is available in the $SEQNUM macro.
        * The syslog-ng Premium Edition 3.2 application supports client-side
          failover to reduce the risk of message loss. For details, see Section
          2.15, Client-side failover in The syslog-ng Premium Edition 3.2
          Administrator Guide.
        * The syslog-ng Premium Edition 3.2 can handle multi-line log messages
          (for example, Tomcat logs) more efficiently. For details, see the
          descriptions of the multi-line-prefix() and multi-line-garbage()
          options in Section 6.1.2, file() in The syslog-ng Premium Edition 3.2
          Administrator Guide.
        * Multi-line messages can be automatically indented using the new
          $(indent-multi-line $MESSAGE) expression in a destination template.
        * The lgstool application is available for Microsoft Windows platforms
          as well. Note that the recover function of lgstool is available only
          on Linux/UNIX. Available at:
        * The installer automatically installs the current HTML version of The
          syslog-ng Premium Edition 3.2 Administrator Guide under the
          /opt/syslog-ng/share/docs/admin-guide directory.

        Stability improvements
        * The contents of the disk buffer are stored even if syslog-ng crashes.
        * Until now, if syslog-ng crashed, it resent the contents of the
          monitored file sources. Now, the position of the last processed
          message is stored even in case of a crash.
        * The syslog-ng application uses journals to keep logstore files
          consistent even if syslog-ng crashes. For details, see 2.8.1. Journal
          files in The syslog-ng Premium Edition 3.2 Administrator Guide.
        * The performance of writing messages to logstore files has
          approximately doubled.

        * Two new macros ($HOUR12, $AMPM) are available to format timestamps in
          an Oracle-compatible way. The $HOUR12 macro returns the hour of the
          day on a 0-12 scale, while the $AMPM macro returns AM for hours before
          mid day and PM for hours after mid day.
        * A new macro called $TAGS is available which expands to a list of
          comma-separated message tags. For details on using message tags, see
          4.6.3. Tagging messages in The syslog-ng Premium Edition 3.2
          Administrator Guide.

        * The SDATA ID, PARAM and VALUE fields of RFC5424-formatted messages
          were not handled correctly in certain cases and might cause a
          segmentation fault. This has been corrected.
        * The syslog-ng PE application now ensures that numbers are never
          resolved using getpwnam/getgrnam functions, because this may cause
          deadlocks if the NSS provider is LDAP and the LDAP server is trying
          to log a message to syslog about invalid usernames.
        * When several SIGHUP signals are received in quick succession, the last
          one may have been dropped. This problem is fixed.
        * The Solaris 10 SMF script now checks if the pid file refers to an
          actual instance of syslog-ng to make sure that syslog-ng is started
          even after a system crash.
        * The System V init script used on Solaris 8/9 gave error messages
          if the dump device did not exist (which happens in a chroot/zone
          environment). This has been corrected.
        * Corrections to the Solaris init scripts.
        * The timezone offset of applications other than syslog-ng was not
          adjusted correctly during the one-hour transition period of the
          daylight-saving changes. This has been corrected.
        * When syslog-ng is reloaded, the local hostname value was not
          refreshed, causing syslog-ng to remember the hostname until the
          next restart. This may not play nice with DHCP configured
          hostnames, which may change dynamically.
        * Fixed a boundary checking error on the usertty() destination,
          which can cause a local buffer to be overflown if the wtmp file on
          the system contains more than 123 characters in its ut_line
          member. It is not believed to be exploitable on the following
            Linux (32 chars)
            Solaris (12 chars)
            AIX (64 chars)
            HP-UX (12 chars)
            FreeBSD (8 chars)
            OpenBSD (8 chars)
        * CSV formatted statistics (accessible with syslog-ng-ctl) are now
          properly escaped.
        * Using a pipe driver on a regular file or a file driver on a named
          pipe caused 100% CPU usage. This has been corrected.
        * When running in server mode, the syslog-ng Premium Edition
          application counted messages of the local host into the number of
          licensed clients. This has been corrected.
        * It was not possible to leave the ownership, permission, and group
          settings of existing log files and directories unchanged, because the
          owner(-1) setting always inherited the global settings. Now using
          these attributes without specifying an argument (for example,
          'owner()') leaves the properties of the file unchanged.


  Download the latest binaries from:


  Note that to download the binaries, you have to login into your MyBalaBit

  The documentation of the syslog-ng application is available in
  The syslog-ng Premium Edition 3.2.0 Administrator Guide at:

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 199 bytes
Desc: not available
Url : http://lists.balabit.hu/pipermail/syslog-ng-announce/attachments/20100709/d521d5c7/attachment.pgp 

More information about the syslog-ng-announce mailing list