[syslog-ng] syslog-ng-3.31.1

Peter Kokai (pkokai) Peter.Kokai at oneidentity.com
Mon Mar 8 08:17:40 UTC 2021


## Highlights

 * fortigate-parser(): new parser to parse fortigate logs

   log {
     source { network(transport("udp") flags(no-parse)); };
     parser { fortigate-parser(); };
     destination { };

   An adapter to automatically recognize fortigate logs in app-parser() has
   also been added.

 * `patterndb`: Added `OPTIONALSET` parser. It works the same as `SET`, but continues, even if none of the
   characters is found.

## Features

 * `syslog-parser()`: add no-header flag to tell syslog-ng to parse only the
   PRI field of an incoming message, everything else is just put into $MSG.
 * `set-pri()`: this new rewrite operation allows you to change the PRI value
   of a message based on the string directly parsed out of a syslog header.
 * telegram: option to send silent message
   destination { telegram(bot-id(...) chat-id(...) disable_notification(true)); };
 * `app-parser()`: added automatic classification & parsing for project Lumberjack/Mitre CEE formatted logs
 * diskq: if the dir() path provided by the user does not exists, syslog-ng creates the path with the same permission as the running instance

## Bugfixes

 * `network()`, `syslog()` destinations: fix reconnection timer when DNS lookups are slow
   After a long-lasting DNS query, syslog-ng did not wait the specified time (`time_reopen()`)
   before reconnecting to a destination. This has been fixed.
 * cmake: minor fixes
 * `stats-level()`: fix processing the changes in the stats-level() global
   option: changes in stats-level() were not reflected in syslog
   facility/severity related and message tag related counters after first
   configuration reload. These counters continued to operate according to the
   value of stats-level() at the first reload.
 * `date-parser()`: fix hour-only timezone parsing
   If the timestamp contains a short timezone offset (e.g. hours only), the
   recent change in strptime() introduces an error, it interprets those
   numbers as minutes instead of hours. For example: Jan 16 2019 18:23:12 +05
 * `loggen`: fix undefined timeout while connecting to network sources (`glib < 2.32`)
   When compiling syslog-ng with old glib versions (< 2.32), `loggen` could fail due a timeout bug.
   This has been fixed.
 * `grouping-by()`: fix deadlock when context expires
   In certain cases, the `grouping-by()` parser could get stuck when a message
   context expired, causing a deadlock in syslog-ng.
   This has been fixed.
 * `date-parser`: Fixed a crash, which occured sometimes when `%z` was used.
 * `date-parser`: `%z`. We no longer ignore daylight saving time when calculating the GMT offset.
 * `kafka-c`: fix a double LogMessage acknowledgement bug, which can cause crash with segmentation fault or exit with sigabrt. The issue affects both flow-controlled and non-flow-controlled log paths and it's triggered in case previously published messages failed to be delivered to Kafka.
 * `python destination`: Fixed a rare crash during reload.
 * `date-parser()`: fix non-mandatory parsing of timezone name
   When %Z is used, the presence of the timezone qualifier is not mandatory,
   so don't fail that case.
 * `wildcard-file()`: fix infrequent crash when file renamed/recreated
   The wildcard-file source crashed when a file being processed was replaced by
   a new one on the same path (renamed, deleted+recreated, rotated, etc.).
 * Remove the no-parse flag in system() source from FreeBSD kernel 
   messages, so the message header is no more part of the message.
 * Fix abort on macOS Big Sur
   A basic subset of syslog-ng's functionality now works on the latest macOS version.
 * `affile`: Fix improper initialization in affile and LogWriter to avoid memory leak when reloading
 * `udp destination`: Fixed a bug, where the packet's checksum was not calculated,
   when `spoof-source(yes)` and `ip-protocol(6)` were set.
 * `python`: fix LogMessage.keys() listing non-existenting keys and duplicates

## Packaging

 * Simplify spec file by removing obsolete technologies:
   - remove RHEL 6 support
   - remove Python 2 support
   - keep Java support, but remove Java-based drivers (HDFS, etc.)
 * `libnet`: Minimal libnet version is now 1.1.6.
 * configure: added new --enable-manpages-install option along with the
   existing --enable-manpages. The new option would install pre-existing
   manpages even without the DocBook tools installed.

## Notes to developers

 * `apphook`: the concept of hook run modes were introduced, adding support for
   two modes: AHM_RUN_ONCE (the original behavior) and AHM_RUN_REPEAT (the new
   behavior with the hook repeatedly called after registration).

## Credits

syslog-ng is developed as a community project, and as such it relies
on volunteers, to do the work necessarily to produce syslog-ng.

Reporting bugs, testing changes, writing code or simply providing
feedback are all important contributions, so please if you are a user
of syslog-ng, contribute.

We would like to thank the following people for their contribution:

0140454, Andras Mitzki, Antal Nemes, Attila Szakacs, Balazs Scheidler,
egorbeliy, Gabor Nagy, Laszlo Budai, Laszlo Szemere, László Várady,
Michael Ducharme, Norbert Takacs, Peter Czanik, Peter Kokai, Pratik raj,
Ryan Faircloth, Zoltan Pallagi

More information about the syslog-ng mailing list