[syslog-ng-announce] syslog-ng Premium Edition 3.2.0 has been released
devel at balabit.hu
devel at balabit.hu
Fri Jul 9 16:01:54 CEST 2010
------------------------------------------------------------------------------
PACKAGE : syslog-ng Premium Edition
VERSION : 3.2.0
SUMMARY : new feature release
DATE : Jul 5, 2010
------------------------------------------------------------------------------
DESCRIPTION:
A new feature version of syslog-ng Premium Edition (3.2.0) has been
released. For a full description on stable and feature releases,
see Section 2.16. Stable and feature releases of syslog-ng PE in
The syslog-ng Premium Edition 3.2.0 Administrator Guide.
CHANGES:
3.2.0
Fri, 2 July 2010 10:14:17 +0100
syslog-ng Premium Edition version 3.2 is the second feature release based on
the stable 3.0 branch. For a full description on stable and feature releases,
see Section 2.16. Stable and feature releases of syslog-ng PE in
The syslog-ng Premium Edition 3.2 Administrator Guide.
WARNING:
Downgrading from a feature release to an earlier (and thus unsupported)
feature release, or to the stable release is not supported.
This means that once you upgrade a system from a stable release (e.g., 3.0)
to a feature release (e.g., 3.1), you will have to keep upgrading to the new
feature releases until the next stable version release (e.g., 4.0) is
published, or risk using an unsupported product.
Important changes in syslog-ng PE 3.2
* The default port numbers used by syslog-ng have changed to make them
consistent with the relevant RFCs. Until now, the syslog() drivers
used port 601 by default. Starting with this version, syslog-ng uses
the following default ports for the syslog() destination and source
drivers:
* 514 for syslog over UDP
* 601 for syslog over TCP
* 6514 for syslog over TLS
WARNING:
If you used the syslog() driver with the default ports, adjust your
configuration when upgrading to avoid data loss.
* The behavior of handling the message header has changed: earlier
versions stored the parsed header by default, and stored the original
header only if the store-legacy-msghdr flag was enabled. Starting
with syslog-ng PE 3.2 the original incoming header of the log message
is stored in the $MSGHDR macro by default, the original (3.0 and 3.1)
behavior of MSGHDR macro can be restored by using
dont-store-legacy-msghdr flag.
New features
* The extended timestamp format of Cisco IOS is now supported, including
sequence numbers and the NTP synchronicity indicator. The sequence
number of such messages is available in the $SEQNUM macro.
* The syslog-ng Premium Edition 3.2 application supports client-side
failover to reduce the risk of message loss. For details, see Section
2.15, Client-side failover in The syslog-ng Premium Edition 3.2
Administrator Guide.
* The syslog-ng Premium Edition 3.2 can handle multi-line log messages
(for example, Tomcat logs) more efficiently. For details, see the
descriptions of the multi-line-prefix() and multi-line-garbage()
options in Section 6.1.2, file() in The syslog-ng Premium Edition 3.2
Administrator Guide.
* Multi-line messages can be automatically indented using the new
$(indent-multi-line $MESSAGE) expression in a destination template.
* The lgstool application is available for Microsoft Windows platforms
as well. Note that the recover function of lgstool is available only
on Linux/UNIX. Available at:
http://www.balabit.com/downloads/files/syslog-ng/premium-edition/3.2.0/setups/win32/
* The installer automatically installs the current HTML version of The
syslog-ng Premium Edition 3.2 Administrator Guide under the
/opt/syslog-ng/share/docs/admin-guide directory.
Stability improvements
* The contents of the disk buffer are stored even if syslog-ng crashes.
* Until now, if syslog-ng crashed, it resent the contents of the
monitored file sources. Now, the position of the last processed
message is stored even in case of a crash.
* The syslog-ng application uses journals to keep logstore files
consistent even if syslog-ng crashes. For details, see 2.8.1. Journal
files in The syslog-ng Premium Edition 3.2 Administrator Guide.
* The performance of writing messages to logstore files has
approximately doubled.
Macros
* Two new macros ($HOUR12, $AMPM) are available to format timestamps in
an Oracle-compatible way. The $HOUR12 macro returns the hour of the
day on a 0-12 scale, while the $AMPM macro returns AM for hours before
mid day and PM for hours after mid day.
* A new macro called $TAGS is available which expands to a list of
comma-separated message tags. For details on using message tags, see
4.6.3. Tagging messages in The syslog-ng Premium Edition 3.2
Administrator Guide.
Bugfixes
* The SDATA ID, PARAM and VALUE fields of RFC5424-formatted messages
were not handled correctly in certain cases and might cause a
segmentation fault. This has been corrected.
* The syslog-ng PE application now ensures that numbers are never
resolved using getpwnam/getgrnam functions, because this may cause
deadlocks if the NSS provider is LDAP and the LDAP server is trying
to log a message to syslog about invalid usernames.
* When several SIGHUP signals are received in quick succession, the last
one may have been dropped. This problem is fixed.
* The Solaris 10 SMF script now checks if the pid file refers to an
actual instance of syslog-ng to make sure that syslog-ng is started
even after a system crash.
* The System V init script used on Solaris 8/9 gave error messages
if the dump device did not exist (which happens in a chroot/zone
environment). This has been corrected.
* Corrections to the Solaris init scripts.
* The timezone offset of applications other than syslog-ng was not
adjusted correctly during the one-hour transition period of the
daylight-saving changes. This has been corrected.
* When syslog-ng is reloaded, the local hostname value was not
refreshed, causing syslog-ng to remember the hostname until the
next restart. This may not play nice with DHCP configured
hostnames, which may change dynamically.
* Fixed a boundary checking error on the usertty() destination,
which can cause a local buffer to be overflown if the wtmp file on
the system contains more than 123 characters in its ut_line
member. It is not believed to be exploitable on the following
platforms:
Linux (32 chars)
Solaris (12 chars)
AIX (64 chars)
HP-UX (12 chars)
FreeBSD (8 chars)
OpenBSD (8 chars)
* CSV formatted statistics (accessible with syslog-ng-ctl) are now
properly escaped.
* Using a pipe driver on a regular file or a file driver on a named
pipe caused 100% CPU usage. This has been corrected.
* When running in server mode, the syslog-ng Premium Edition
application counted messages of the local host into the number of
licensed clients. This has been corrected.
* It was not possible to leave the ownership, permission, and group
settings of existing log files and directories unchanged, because the
owner(-1) setting always inherited the global settings. Now using
these attributes without specifying an argument (for example,
'owner()') leaves the properties of the file unchanged.
DOWNLOAD:
Download the latest binaries from:
http://www.balabit.com/network-security/syslog-ng/central-syslog-server/upgrades/
Note that to download the binaries, you have to login into your MyBalaBit
account.
The documentation of the syslog-ng application is available in
The syslog-ng Premium Edition 3.2.0 Administrator Guide at:
http://www.balabit.com/support/documentation/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 199 bytes
Desc: not available
Url : http://lists.balabit.hu/pipermail/syslog-ng-announce/attachments/20100709/d521d5c7/attachment.pgp
More information about the syslog-ng-announce
mailing list