[syslog-ng] [Bazsi's blog] syslog-ng 3.2alpha2 released

[Bazsi]

I've just uploaded syslog-ng 3.2alpha2 to the release directory. The
last alpha release didn't compile on all supported platforms and the
automatic test-suite was disabled, because it only worked if syslog-ng
got installed first.

These obstacles have been overcome and together with some fixes and a
couple of new features, 3.2alpha2 is now available. I've also forward
ported all bugfixes from syslog-ng 3.1.2.

For those who are starting to experiment with the 3.2 branch, here's
the list of new features compared to 3.1. Those who tried 3.2alpha1,
the list of changes compared to 3.2alpha1 is at the end of this post.

Since the documentation of syslog-ng is not yet up-to-date with the new
features introduced, I've tried to also include URLs for the best known
descriptions. The references may not be 100% accurate, but should give
anyone interested an idea how to start experimenting.

Also, please note that although this is an alpha release, the bulk of
the changes are in the configuration parser, so once your configuration
was parsed properly and syslog-ng starts up, an almost unchanged code
is processing it. This means that this release should be good enough to
start playing with. And feedback about what kind of syslog-ng.conf
parsing errors you encounter on real-life configuration files is more
than welcome.

Code quality & functionality wise, this could be a beta release, I only
expect "procedural" changes, like cleaning up the plugin names, which
wouldn't be nice to do in a beta release (though not unheard of :)

New features in 3.2:

- Plugins: the new architecture replaces the old monolithic one, all
syslog-ng functionality is loaded from external plugins when needed. It
is possible to write plugins to extend syslog-ng functionality in the
following areas: sources, destinations, filter expression, parsers,
rewrite ops, message format.
http://bazsi.blogs.balabit.com/2010/04/syslog-ng-32-changes.html
http://bazsi.blogs.balabit.com/2010/07/syslog-ng-contributions-redefined.html

- The framework for a "syslog-ng configuration library" (aka SCL) a
collection of configuration snippets installed along syslog-ng,
simplifying the authoring of syslog-ng configuration
files.http://git.balabit.hu/?p=bazsi/syslog-ng-3.2.git;a=commit;h=287993339599deac0442e26355c600b5aee63583
http://bazsi.blogs.balabit.com/2010/07/syslog-ng-contributions-redefined.html

- pdbtool match is now able to read a file containing syslog messages
and apply patterndb and a filter expression on the
contents.http://bazsi.blogs.balabit.com/2010/07/patterndb-grep-on-steroids.html

- pdbtool test is now able to perform pattern testing automatically
based on the supplied example log
message.http://marci.blogs.balabit.com/2010/07/pdbtool-test-and-pattern-database.html

- Persistent state containing the current file position for file
sources is now continously updated during runtime, instead of updating
it only at exit, which makes it much more reliable in case syslog-ng
doesn't terminate normally.
- Better syntax error reporting in the configuration
file.http://bazsi.blogs.balabit.com/2010/04/syslog-ng-32-changes.html

- Support for reusable configuration snippets, similar to macros with
parameters, named "blocks".
http://bazsi.blogs.balabit.com/2010/04/syslog-ng-32-opened-experimental-blocks.html

- Added a confgen plugin that includes the output of a program into the
configuration file, making it possible to generate configuration file
snippets dynamically.
http://git.balabit.hu/?p=bazsi/syslog-ng-3.2.git;a=commit;h=5248ef6c49ff3af0b3c896448360073606c9c7d7

- Support for BSD-style process accounting logs via the pacct() source
driver defined in by SCL and the underlying pacctformat
plugin.http://bazsi.blogs.balabit.com/2010/07/syslog-ng-and-process-accounting.html

- Support for explicit COMMITs in the SQL driver, this speeds up SQL
INSERT rate significantly if flush_lines() is non-zero.
http://bazsi.blogs.balabit.com/2010/04/explicit-transaction-support-in-sql.html

- It is now possible to supply a filter to rewrite expressions and only
apply the rewrite rule in case the filter
matches.https://lists.balabit.hu/pipermail/syslog-ng/2010-July/014565.html

- It is now possible to use multiple parser expressions in a single
parser object, similar to rewrite rules.
- Added support for using the include statement from anywhere in the
configuration file, instead of only at top-level. Also introduced
syslog-ng "global values" that can be defined and the substituted
anywhere in the configuration file.
http://git.balabit.hu/?p=bazsi/syslog-ng-3.2.git;a=commit;h=1203267c465256c99e622edf11e226301170f1c7
http://git.balabit.hu/?p=bazsi/syslog-ng-3.2.git;a=commit;h=52098762f27cde059e8b8ecda67691df85364e6d


- Default configuration file supplied as part of SCL.
Incompatible changes:

- syslog-ng traditionally expected an optional hostname field even when
a syslog message is received on a local transport (e.g. /dev/log).
However no UNIX version is known to include this field. This caused
problems when the application creating the log message has a space in
its program name field. This behaviour has been changed for the
unix-stream/unix-dgram/pipe drivers if the config version is 3.2 and
can be restored by using an explicit 'expect-hostname' flag for the
specific source.

Changes since 3.2alpha1:

- Now compiles on all platforms and the unit/functional tests also run.
(tested: AIX, HP-UX, Solaris, FreeBSD, Linux, Tru64)
- Fixed pdbtool match --debug-pattern output for ESTRING parsers.
- Fixed a possible memory leak in the lexer, which would accumulate in
case SIGHUPs.
- Fixed Solaris STREAMS device support.
- Forward ported all bugfixes from syslog-ng OSE 3.0 & 3.1
- Disable process accounting module by default as it doesn't compile on
non-Linux platforms.
- Added "pdbtool match --file" option to read and parse an existing
logfile.
- Added "pdbtool test" to check the log samples in the patterndb file.
- Added "dont-create-tables" flag for the SQL destination to inhibit
automatic table creation.
- Added "condition()" support for rewrite expressions, which makes it
possible to skip rewrite rules that do not match a filter expression.
- Added "--module-path" command line option to control where modules
are loaded from from the command line.
Happy logging!

--
Posted By Bazsi to Bazsi's blog at 8/07/2010 05:58:00 PM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20100807/03ede962/attachment.htm