[syslog-ng] syslog-ng 3.3

Wed Feb 1 11:06:39 CET 2012

I'm probably the least interesting person to answer, but nevertheless,
here it goes!

Peter Czanik <czanik at balabit.hu> writes:

> As syslog-ng 3.3 was released for a couple of months now, I'd like to 
> know, if you already switched to this version.
>
> If you already use 3.3, please share your success story! Why did you 
> upgrade (which feature)? Size of installation? Or any other info you 
> find interesting.

I switched to 3.3 on all my machines, physical and virtual alike around
the time the first beta came out. I was already running 3.3 on my
desktop before that, since that's the version I was developing against.

I first switched to 3.3 when I was told to port my MongoDB destination
from 3.2 to 3.3, so I did that, and never looked back. That's the reason
I switched to 3.3 on my desktop.

On my servers (one physical, running Debian Squeeze on powerpc; one
virtual, running Debian Squeeze on i386) I switched to 3.3 when I
started to offer debian packages. The major trigger for the switch being
the MongoDB destination, and later on the format-json template function.

Shortly after, I started to enable threading on my servers and desktop
too, and upgraded my workstation at work to syslog-ng 3.3 too (at the
time, I was using Ubuntu Lucid (upgraded to Debian unstable since, thank
$deity), which had something like 2.0.9 or similar, which I dared not
touch, not even with a ten feet pole).

As of this writing, I'm running syslog-ng 3.3 on one server (the virtual
one was laid to rest a couple of hours ago, after more than five years
of faithfull service), two desktops, two routers, three laptops (one
modern one, a 7 year old asus, and an i486 one with a whopping 2Mb
memory), a couple of virtual machines (my mongodb clusters: one at
amazon, and a test cluster at home (each cluster consisting of about 3-4
machines, depending on how much I boot up); a FreeBSD and a kFreeBSD
port box at home).

Not that big an installation, but some of the machines, especially the
mongodb cluster and my desktop at home tend to generate a ton of logs
from time to time. The fun things are the routers, which were a bit of a
challenge to install syslog-ng onto (mostly due to the lack of available
space on them).

Threading, mongodb destination, global suppress, systemd and 3.x kernel
support, and the performance enhancements were all proven useful for my
use cases. While developing, the modular architecture too, but that was
already the case with 3.2 aswell.

I'm also trying to find ways to use patterndb, but haven't had the time
to do interesting things with it yet.

-- 
|8]