[syslog-ng] syslog-ng Insider - June 2011

Peter Czanik czanik at balabit.hu
Fri Jun 10 14:56:48 CEST 2011 

Dear syslog-ng users,


This is the 4th issue of the syslog-ng Insider, a monthly newsletter
that brings you syslog-ng related news.

Your feedback and news tips about the next issue is welcome at
documentation at balabit.com <mailto:documentation at balabit.com>


FEATURED NEWS


syslog-ng FAQ moved and updated

-------------------------------

The syslog-ng FAQ was maintained by Nate Campi for many years. Questions
and answers for old releases are still available at the old URL (
http://www.campin.net/syslog-ng/faq.html ). FAQ for recent releases is
now maintained in-house and available at
http://www.balabit.com/wiki/syslog-ng-faq


To place a question of yours into the syslog-ng FAQ, please don’t
hesitate to contact us on the mailing list, which is available at
http://lists.balabit.hu/mailman/listinfo/syslog-ng


syslog-ng OSE 3.3 beta1 released

--------------------------------

The first beta version of syslog-ng 3.3 was released. This is a major
step in syslog-ng's development, as it is now fully multi-threaded, and
is also the first release with considerable amount of community
developed features.

For a full list of features, changes and fixes check the announcment at
http://lists.balabit.hu/pipermail/syslog-ng/2011-May/016624.html
<https://lists.balabit.hu/pipermail/syslog-ng/2011-May/016624.html>


Development of syslog-ng OSE 3.4 started

----------------------------------------

As syslog-ng 3.3 is in feature freeze, new development goes on in the
3.4 repo. Looking at http://git.balabit.hu/?p=bazsi/syslog-ng-3.4.git
shows some very interesting commit logs:

    *

      $(sanitize): add new template function useful to sanitize filenames

    *

      basicfuncs: Implement a $(substr STR START [LEN]) template function.

    *

      basicfuncs: Implement a few numeric template functions

While not yet merged, the following blog has a preview of a planned
extension to the recently merged value-pairs() functionality:
http://algernon.blogs.balabit.com/2011/06/hammers-keys-and-nails/


Blog series on web GUIs for syslog-ng

-------------------------------------

Web based GUIs for syslog-ng is a hot topic recently, so a new blog
series was started a few month ago. This month I covered LogStash. If
you have any suggestions what else to cover, please let us know!


Logstash: http://czanik.blogs.balabit.com/2011/05/logstash/


CVE-2011-1951: problems, when syslog-ng is compiled with PCRE 8.12+

-------------------------------------------------------------------

Under certain circumstances Versions 3.0, 3.1 and 3.2 of syslog-ng Open
Source Edition (OSE) are vulnerable to a Denial of Service attack if the
PCRE engine is enabled in syslog-ng and libpcre version 8.12 is installed.

The syslog-ng Premium Edition (PE) application is not affected, as it
uses a different version of the libpcre package.

In libpcre version 8.12 a return value has been changed. This change
causes an infinite loop in syslog-ng if a pcre filter is used and the
global flag is enabled for the expression. If such a filter expression
is used in the configuration of syslog-ng and a log message does not
match the regular expression (which most probably happens within seconds
of starting an affected version of syslog-ng), syslog-ng consumes the
processor resources and denial of service occurs.

All 3.X branches are affected before 3.2.4

Fixes for 3.0 and 3.1 are available in git.

OTHER SHORT NEWS


    *

      Fedora maintainers were very active recently. The latest syslog-ng
      is now available in FC15 and packages for EPEL are also available:
      http://czanik.blogs.balabit.com/2011/05/fedora-15-syslog-ng-3-3-beta1-quick-news/
      and
      http://czanik.blogs.balabit.com/2011/05/epel6-brings-syslog-ng-to-the-latest-rhel-centos-and-sl/

    *

      Amazon Kindle is powered by syslog-ng:
      http://czanik.blogs.balabit.com/2011/05/amazon-kindle-%e2%80%93-powered-by-syslog-ng/
      <http://czanik.blogs.balabit.com/2011/05/amazon-kindle-%3F-powered-by-syslog-ng/>

    *

      Algernon started a new repo for not yet merged syslog-ng code:
      http://bazsi.blogs.balabit.com/2011/06/repository-for-syslog-ng-3rd-party-modules/

NEW RELEASES


    *

      syslog-ng 3.3 beta1:
      http://lists.balabit.hu/pipermail/syslog-ng/2011-May/016624.html
      <https://lists.balabit.hu/pipermail/syslog-ng/2011-May/016624.html>


RECENT WHITEPAPERS


    *

      There is a new WP in preparation about syslog-ng GUIs. I published
      the basis of it as a blog at
      http://czanik.blogs.balabit.com/2011/06/a-comparison-of-syslog-ng-web-guis/
      Your comments are very welcome!


ARCHIVE


http://insider.blogs.balabit.com/

-- 
Peter Czanik (CzP) <czanik at balabit.hu>
BalaBit IT Security / syslog-ng upstream
http://czanik.blogs.balabit.com/

More information about the syslog-ng mailing list