[syslog-ng] syslog-ng 4.1.0

[Peter Czanik (pczanik)]

Hi,

Just a heads up that my unofficial syslog-ng-stable repos are now updated to syslog-ng 4.1.1. Version 4 of syslog-ng brought many changes, but as long as version is set to 3.X, your old configuration should work.

Peter

Peter Czanik (CzP) <peter.czanik at oneidentity.com>
Balabit (a OneIdentity company) / syslog-ng upstream
https://syslog-ng.com/community/
https://twitter.com/PCzanik

________________________________
From: Peter Czanik (pczanik) <Peter.Czanik at oneidentity.com>
Sent: Thursday, March 9, 2023 10:14
To: syslog-ng at lists.balabit.hu <syslog-ng at lists.balabit.hu>
Subject: Re: [syslog-ng] syslog-ng 4.1.0

Hi,

Just a heads up that packages for syslog-ng 4.1.0 are also available.

  *   Debian / Ubuntu packages are available as part of the release: https://www.syslog-ng.com/community/b/blog/posts/installing-the-latest-syslog-ng-on-ubuntu-and-other-deb-distributions
  *   my openSUSE / SLES & fedora / RHEL (&compatible) packages are now ready: https://www.syslog-ng.com/community/b/blog/posts/installing-latest-syslog-ng-on-rhel-and-other-rpm-distributions
  *   syslog-ng 4.1.0 will be also available in FreeBSD ports soon. If you are impatient and want to test it, follow the instructions from this blog: https://www.syslog-ng.com/community/b/blog/posts/installing-a-syslog-ng-4-development-snapshot-on-freebsd For the next couple of days it will contain the 4.1.0 release.

My syslog-ng-stable RPM repos right now contain 3.38: https://www.syslog-ng.com/community/b/blog/posts/introducing-the-syslog-ng-stable-rpm-repositories If there are no major problems with 4.1.0 I'll update my repos to this version next week or the week after.

Peter

Peter Czanik (CzP) <peter.czanik at oneidentity.com>
Balabit (a OneIdentity company) / syslog-ng upstream
https://syslog-ng.com/community/
https://twitter.com/PCzanik

________________________________
From: syslog-ng <syslog-ng-bounces at lists.balabit.hu> on behalf of László Várady <laszlo.varady at axoflow.com>
Sent: Wednesday, March 8, 2023 10:02
To: syslog-ng at lists.balabit.hu <syslog-ng at lists.balabit.hu>
Subject: [syslog-ng] syslog-ng 4.1.0

CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.

Dear syslog-ng users,

We are pleased to announce that the 4.1.0 version of syslog-ng has been released, and it is now available on GitHub:

https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.1.0<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fsyslog-ng%2Fsyslog-ng%2Freleases%2Ftag%2Fsyslog-ng-4.1.0&data=05%7C01%7Cpeter.czanik%40oneidentity.com%7C779b9256328945419f2c08db1fb3e207%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C638138629687070650%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=BM8HvarmaLdL1Mu6vMssv3jYiJ0cXTzJ1XhEwGla%2F1w%3D&reserved=0>
4.1.0
Highlights
PROXY protocol v2 support (#4211<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fsyslog-ng%2Fsyslog-ng%2Fpull%2F4211&data=05%7C01%7Cpeter.czanik%40oneidentity.com%7C779b9256328945419f2c08db1fb3e207%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C638138629687070650%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=ZgcRJ%2BZGQN3uiK5Fjc4SZ6naLjuYcSgDLIbtVBDIg4w%3D&reserved=0>)

We've added support for PROXY protocol v2 (transport(proxied-tcp)), a protocol
used by network load balancers, such as Amazon Elastic Load Balancer and
HAProxy, to carry original source/destination address information, as described
in https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.haproxy.org%2Fdownload%2F1.8%2Fdoc%2Fproxy-protocol.txt&data=05%7C01%7Cpeter.czanik%40oneidentity.com%7C779b9256328945419f2c08db1fb3e207%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C638138629687070650%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=I%2F2tYagU%2BChhkutPh9ELEoHg6DbduCwLJwNn7ZSqSpk%3D&reserved=0>

Metrics revised
Prometheus metric format (#4325<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fsyslog-ng%2Fsyslog-ng%2Fpull%2F4325&data=05%7C01%7Cpeter.czanik%40oneidentity.com%7C779b9256328945419f2c08db1fb3e207%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C638138629687070650%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=84oJwBSa9nzrvOm2fw1wn%2FeSCYDG08Mz9mVqdJBDDh8%3D&reserved=0>)

A new metric system has been introduced to syslog-ng, where metrics are
identified by names and partitioned by labels, which is similar to the
Prometheus data model<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fprometheus.io%2Fdocs%2Fconcepts%2Fdata_model%2F&data=05%7C01%7Cpeter.czanik%40oneidentity.com%7C779b9256328945419f2c08db1fb3e207%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C638138629687070650%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=gE9dYDYS3pgXPghjh%2FBbxMTHD%2FIoxfPbVYevXJYESqA%3D&reserved=0>.

The syslog-ng-ctl stats prometheus command can be used to query syslog-ng
metrics in a format that conforms to the Prometheus text-based exposition
format.

syslog-ng-ctl stats prometheus --with-legacy-metrics displays legacy metrics
as well. Legacy metrics do not follow Prometheus' metric and label conventions.

Classification (metadata-based metrics) (#4318<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fsyslog-ng%2Fsyslog-ng%2Fpull%2F4318&data=05%7C01%7Cpeter.czanik%40oneidentity.com%7C779b9256328945419f2c08db1fb3e207%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C638138629687226888%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=T99ITXkRIqM0DYLj1%2B2LSdljEkCWO%2F%2FosWglSQLfyOc%3D&reserved=0>)

metrics-probe(), a new parser has also been added, which counts messages
passing through based on the metadata of each message. The parser creates
labeled metrics based on the fields of the message.

Both the key and labels can be set in the config, the values of the labels can
be templated. E.g.:

parser p_metrics_probe {
  metrics-probe(
    key("custom_key")  # adds "syslogng_" prefix => "syslogng_custom_key"
    labels(
      "custom_label_name_1" => "foobar"
      "custom_label_name_2" => "${.custom.field}"
    )
  );
};


With this config, it creates counters like these:

syslogng_custom_key{custom_label_name_1="foobar", custom_label_name_2="bar"} 1
syslogng_custom_key{custom_label_name_1="foobar", custom_label_name_2="foo"} 1
syslogng_custom_key{custom_label_name_1="foobar", custom_label_name_2="baz"} 3


The minimal config creates counters with the key
syslogng_classified_events_total and labels app, host, program and
source. E.g.:

parser p_metrics_probe {
  metrics-probe();
};


With this config, it creates counters like these:

syslogng_classified_events_total{app="example-app", host="localhost", program="baz", source="s_local_1"} 3
syslogng_classified_events_total{app="example-app", host="localhost", program="bar", source="s_local_1"} 1
syslogng_classified_events_total{app="example-app", host="localhost", program="foo", source="s_local_1"} 1


Named log paths (path ingress/egress metrics) (#4344<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fsyslog-ng%2Fsyslog-ng%2Fpull%2F4344&data=05%7C01%7Cpeter.czanik%40oneidentity.com%7C779b9256328945419f2c08db1fb3e207%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C638138629687226888%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=NCWLKwk%2BuWP2gC%2FMzz89NEwdLatcho3SAWQm2YVrHGI%3D&reserved=0>)

It is also possible to create named log paths, for example:

log top-level {
    source(s_local);

    log inner-1 {
        filter(f_inner_1);
        destination(d_local_1);
    };

    log inner-2 {
        filter(f_inner_2);
        destination(d_local_2);
    };
};


Each named log path counts its ingress and egress messages:

syslogng_log_path_ingress{id="top-level"} 114
syslogng_log_path_ingress{id="inner-1"} 114
syslogng_log_path_ingress{id="inner-2"} 114
syslogng_log_path_egress{id="top-level"} 103
syslogng_log_path_egress{id="inner-1"} 62
syslogng_log_path_egress{id="inner-2"} 41


Note that the egress statistics only count the messages which have been have not
been filtered out from the related log path, it does care about whether there
are any destinations in it or that any destination delivers or drops the
message.

The above three features are experimental; the output of stats prometheus
(names, labels, etc.) and the metrics created by metrics-probe() and named log
paths may change in the next 2-3 releases.

Features

  *   $(format-date): add a new template function to format time and date values

$(format-date [options] format-string [timestamp])

$(format-date) takes a timestamp in the DATETIME representation and
formats it according to an strftime() format string. The DATETIME
representation in syslog-ng is a UNIX timestamp formatted as a decimal
number, with an optional fractional part, where the seconds and the
fraction of seconds are separated by a dot.

If the timestamp argument is missing, the timestamp of the message is
used.

Options:
--time-zone <TZstring> -- override timezone of the original timestamp
(#4202<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fsyslog-ng%2Fsyslog-ng%2Fpull%2F4202&data=05%7C01%7Cpeter.czanik%40oneidentity.com%7C779b9256328945419f2c08db1fb3e207%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C638138629687226888%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=KKQxiYXFOfytkWUfOoNPLnbeOBdeDdr%2F3eIMyQVK1Jo%3D&reserved=0>)

  *   syslog-parser() and all syslog related sources: accept unquoted RFC5424
SD-PARAM-VALUEs instead of rejecting them with a parse error.

sdata-parser(): this new parser allows you to parse an RFC5424 style
structured data string. It can be used to parse this relatively complex
format separately.
(#4281<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fsyslog-ng%2Fsyslog-ng%2Fpull%2F4281&data=05%7C01%7Cpeter.czanik%40oneidentity.com%7C779b9256328945419f2c08db1fb3e207%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C638138629687226888%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=guAoDGmykrV1XoGDhLP2kbDgvfPbdPaw75V%2F3Og9myc%3D&reserved=0>)

  *   system() source: the system() source was changed on systemd platforms to
fetch journal messages that relate to the current boot only (e.g. similar
to journalctl -fb) and to ignore messages generated in previous boots,
even if those messages were succesfully stored in the journal and were not
picked up by syslog-ng. This change was implemented as the journald access
APIs work incorrectly if time goes backwards across reboots, which is an
increasingly frequent event in virtualized environments and on systems that
lack an RTC. If you want to retain the old behaviour, please bypass the
system() source and use systemd-journal() directly, where this option
can be customized. The change is not tied to @version as we deemed the new
behaviour fixing an actual bug. For more information consult #2836<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fsyslog-ng%2Fsyslog-ng%2Fissues%2F2836&data=05%7C01%7Cpeter.czanik%40oneidentity.com%7C779b9256328945419f2c08db1fb3e207%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C638138629687226888%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=6v67Sofs%2BP%2FpwG3N8C7NGnPifvrkzHvCrFgxhJM2FRs%3D&reserved=0>.

systemd-journald() source: add match-boot() and matches() options to
allow you to constrain the collection of journal records to a subset of what
is in the journal. match-boot() is a yes/no value that allows you to fetch
messages that only relate to the current boot. matches() allows you to
specify one or more filters on journal fields.

Examples:

source s_journal_current_boot_only {
  systemd-source(match-boot(yes));
};

source s_journal_systemd_only {
  systemd-source(matches(
    "_COMM" => "systemd"
    )
  );
};


(#4245<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fsyslog-ng%2Fsyslog-ng%2Fpull%2F4245&data=05%7C01%7Cpeter.czanik%40oneidentity.com%7C779b9256328945419f2c08db1fb3e207%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C638138629687226888%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=%2FFcxZse266vGSiLtw0iQE72cHapzaGqSRUbjpF%2F%2BDr8%3D&reserved=0>)

  *   date-parser(): add value() parameter to instruct date-parser() to store
the resulting timestamp in a name-value pair, instead of changing the
timestamp value of the LogMessage.

datetime type representation: typed values in syslog-ng are represented as
strings when stored as a part of a log message. syslog-ng simply remembers
the type it was stored as. Whenever the value is used as a specific type in
a type-aware context where we need the value of the specific type, an
automatic string parsing takes place. This parsing happens for instance
whenever syslog-ng stores a datetime value in MongoDB or when
$(format-date) template function takes a name-value pair as parameter.
The datetime() type has stored its value as the number of milliseconds since
the epoch (1970-01-01 00:00:00 GMT). This has now been enhanced by making
it possible to store timestamps up to nanosecond resolutions along with an
optional timezone offset.

$(format-date): when applied to name-value pairs with the datetime type,
use the timezone offset if one is available.
(#4319<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fsyslog-ng%2Fsyslog-ng%2Fpull%2F4319&data=05%7C01%7Cpeter.czanik%40oneidentity.com%7C779b9256328945419f2c08db1fb3e207%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C638138629687226888%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=mPc2wYF57pmkKkAzIRRx9ZpE3HMFeSHf7FIY4Tx3L4Y%3D&reserved=0>)

  *   stats: Added syslog-stats() global stats() group option.

E.g.:

options {
  stats(
    syslog-stats(no);
  );
};


It changes the behavior of counting messages based on different syslog-proto fields,
like SEVERITY, FACILITY, HOST, etc...

Possible values are:

     *   yes => force enable
     *   no => force disable
     *   auto => let stats(level()) decide (old behavior)
(#4337<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fsyslog-ng%2Fsyslog-ng%2Fpull%2F4337&data=05%7C01%7Cpeter.czanik%40oneidentity.com%7C779b9256328945419f2c08db1fb3e207%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C638138629687226888%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=KDoXaShG5lhsLDaGhhA2buy%2BMBsL0I3evVgaKacFJx4%3D&reserved=0>)
  *   kubernetes source: Added key-delimiter() option.

Some metadata fields can contain .-s in their name. This does not work
with syslog-ng-s macros, which by default use . as a delimiter. The added
key-delimiter() option changes this behavior by storing the parsed
metadata fields with a custom delimiter. In order to reach the fields, the
accessor side has to use the new delimiter format, e.g. --key-delimiter
option in $(format-json).
(#4213<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fsyslog-ng%2Fsyslog-ng%2Fpull%2F4213&data=05%7C01%7Cpeter.czanik%40oneidentity.com%7C779b9256328945419f2c08db1fb3e207%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C638138629687226888%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=h2Kpo1kHJb0PD5XlXpsS6k57PzyU2Xw6E0xr0XZO38U%3D&reserved=0>)

Bugfixes

  *   Fix conditional evaluation with a dangling filter

We've fixed a bug that caused conditional evaluation (if/else/elif) and certain logpath flags (final, fallback)
to occasionally malfunction. The issue only happened in certain logpath constructs; examples can be found in the
PR description.
(#4058<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fsyslog-ng%2Fsyslog-ng%2Fpull%2F4058&data=05%7C01%7Cpeter.czanik%40oneidentity.com%7C779b9256328945419f2c08db1fb3e207%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C638138629687226888%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=E6NHja8M5Bgt7fNvm53wYDzz9%2BR3k%2FYkjaP66YpsoBY%3D&reserved=0>)

  *   python: Fixed a bug, where PYTHONPATH was ignored with python3.11.
(#4298<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fsyslog-ng%2Fsyslog-ng%2Fpull%2F4298&data=05%7C01%7Cpeter.czanik%40oneidentity.com%7C779b9256328945419f2c08db1fb3e207%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C638138629687226888%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=RxBigHGLDjNlaPF9O7SkuLFHePvK8JVildw%2FZQRplQI%3D&reserved=0>)

  *   disk-buffer: Fixed disk-queue file becoming corrupt when changing disk-buf-size().

syslog-ng now continues with the originally set disk-buf-size().
Note that changing the disk-buf-size() of an existing disk-queue was never supported,
but could cause errors, which are fixed now.
(#4308<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fsyslog-ng%2Fsyslog-ng%2Fpull%2F4308&data=05%7C01%7Cpeter.czanik%40oneidentity.com%7C779b9256328945419f2c08db1fb3e207%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C638138629687226888%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=VLg%2FFA0ZiD0Mll11g1EmNQOprp0JXVCR%2FXvEzolyoss%3D&reserved=0>)

  *   dqtool: fix dqtool assign
(#4355<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fsyslog-ng%2Fsyslog-ng%2Fpull%2F4355&data=05%7C01%7Cpeter.czanik%40oneidentity.com%7C779b9256328945419f2c08db1fb3e207%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C638138629687226888%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=%2F%2FptptFcCmdfMm9oooh1BNbpyyjgSggCAe1Pf4IbgBA%3D&reserved=0>)

  *   example-diskq-source: Fixed failing to read the disk-queue content in some cases.
(#4308<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fsyslog-ng%2Fsyslog-ng%2Fpull%2F4308&data=05%7C01%7Cpeter.czanik%40oneidentity.com%7C779b9256328945419f2c08db1fb3e207%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C638138629687226888%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=VLg%2FFA0ZiD0Mll11g1EmNQOprp0JXVCR%2FXvEzolyoss%3D&reserved=0>)

  *   default-network-drivers(): Added support for the log-iw-size() option with a default value of 1000.
Making it possible to adjust the log-iw-size() for the TCP/TLS based connections, when changing the max-connections() option.
(#4328<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fsyslog-ng%2Fsyslog-ng%2Fpull%2F4328&data=05%7C01%7Cpeter.czanik%40oneidentity.com%7C779b9256328945419f2c08db1fb3e207%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C638138629687226888%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=AWgf7IgrZ%2Fx%2Fq7BSK%2FCW1Zf8Zh1gLmG2Bne8SPxxYQc%3D&reserved=0>)

  *   apache-accesslog-parser(): fix rawrequest escaping binary characters
(#4303<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fsyslog-ng%2Fsyslog-ng%2Fpull%2F4303&data=05%7C01%7Cpeter.czanik%40oneidentity.com%7C779b9256328945419f2c08db1fb3e207%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C638138629687226888%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=9O9L5WrHn9q2IPx0reIczsZ3YMhq5lh5KhNsM8wPVdA%3D&reserved=0>)

  *   dqtool: Fixed dqtool cat failing to read the content in some cases.
(#4308<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fsyslog-ng%2Fsyslog-ng%2Fpull%2F4308&data=05%7C01%7Cpeter.czanik%40oneidentity.com%7C779b9256328945419f2c08db1fb3e207%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C638138629687383126%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=HGNQ%2FzOT3kXfP0pvjFo%2BgENwFjOO7FiLqMVk5P2rbdo%3D&reserved=0>)

  *   Fixed a rare main loop related crash on FreeBSD.
(#4262<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fsyslog-ng%2Fsyslog-ng%2Fpull%2F4262&data=05%7C01%7Cpeter.czanik%40oneidentity.com%7C779b9256328945419f2c08db1fb3e207%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C638138629687383126%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=3ZYts%2BMGQGY1g6bHrnxSg2ibVCbYJnerSmGbkWMHWXU%3D&reserved=0>)

  *   Fix a warning message that was displayed incorrectly:
"The actual number of worker threads exceeds the number of threads estimated at startup."
(#4282<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fsyslog-ng%2Fsyslog-ng%2Fpull%2F4282&data=05%7C01%7Cpeter.czanik%40oneidentity.com%7C779b9256328945419f2c08db1fb3e207%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C638138629687383126%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=e1c2BNE%2F4Qy%2BiNTCrLC%2Bf1kvT04C7oDE9T8lHCE7WiA%3D&reserved=0>)

  *   Fix minor memory leak related to tznames
(#4334<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fsyslog-ng%2Fsyslog-ng%2Fpull%2F4334&data=05%7C01%7Cpeter.czanik%40oneidentity.com%7C779b9256328945419f2c08db1fb3e207%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C638138629687383126%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=cLd7SthOB7HadofNUK4C%2FPGrR2a5vTrZLSUIED7yl0g%3D&reserved=0>)

Packaging

  *   dbparser: libdbparser.so has been renamed to libcorrelation.so.
(#4294<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fsyslog-ng%2Fsyslog-ng%2Fpull%2F4294&data=05%7C01%7Cpeter.czanik%40oneidentity.com%7C779b9256328945419f2c08db1fb3e207%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C638138629687383126%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=QRN%2FcdC%2Bz1DHL2TtdXMOaAfWuOCrIb3L5UVCn2Dtnk8%3D&reserved=0>)
  *   systemd-journal: Fixed a linker error, which occurred, when building with --with-systemd-journal=optional.
(#4304<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fsyslog-ng%2Fsyslog-ng%2Fpull%2F4304&data=05%7C01%7Cpeter.czanik%40oneidentity.com%7C779b9256328945419f2c08db1fb3e207%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C638138629687383126%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=6GKFiG8HpCSn9i6c4epH975TNz%2Ba3a%2Bf%2BdZ8qjdhw%2F4%3D&reserved=0>)
(#4302<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fsyslog-ng%2Fsyslog-ng%2Fpull%2F4302&data=05%7C01%7Cpeter.czanik%40oneidentity.com%7C779b9256328945419f2c08db1fb3e207%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C638138629687383126%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=HAhXvfpRgw1XdUxiIRPYZdLpt7gvE7X5eo7YXJ9ExTE%3D&reserved=0>)

Notes to developers

  *   LogThreadedSourceDriver and Fetcher: implement source-side batching
support on the input path by assigning a thread_id to dynamically spawned
input threads (e.g. those spawned by LogThreadedSourceDriver) too. To
actually improve performance the source driver should disable automatic
closing of batches by setting auto_close_batches to FALSE and calling
log_threaded_source_close_batch() explicitly.
(#3969<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fsyslog-ng%2Fsyslog-ng%2Fpull%2F3969&data=05%7C01%7Cpeter.czanik%40oneidentity.com%7C779b9256328945419f2c08db1fb3e207%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C638138629687383126%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=0Un3lpVrKEpS1CBihx6R61nkWlHKGvO4JseooRYWWr0%3D&reserved=0>)

Other changes

  *   stats related options: The stats related options have been groupped to a new stats() block.

This affects the following global options:

     *   stats-freq()
     *   stats-level()
     *   stats-lifetime()
     *   stats-max-dynamics()

These options have been kept for backward compatibility, but they have been deprecated.

Migrating from the old stats options to the new ones looks like this.

@version: 4.0

options {
    stats-freq(1);
    stats-level(1);
    stats-lifetime(1000);
    stats-max-dynamics(10000);
};


@version: 4.1

options {
    stats(
        freq(1)
        level(1)
        lifetime(1000)
        max-dynamics(10000)
    );
};


Breaking change
For more than a decade stats() was a deprecated alias to stats-freq(), now it is used as the name
of the new block. If you have been using stats(xy), use stats(freq(xy)) instead.
(#4337<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fsyslog-ng%2Fsyslog-ng%2Fpull%2F4337&data=05%7C01%7Cpeter.czanik%40oneidentity.com%7C779b9256328945419f2c08db1fb3e207%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C638138629687383126%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=VKQWeR1FJGWrjfk7QnTjFakJH1zPUCVj3rzdCoHivb4%3D&reserved=0>)

  *   kubernetes source: Improved error logging, when the pod was unreachable through the python API.
(#4305<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fsyslog-ng%2Fsyslog-ng%2Fpull%2F4305&data=05%7C01%7Cpeter.czanik%40oneidentity.com%7C779b9256328945419f2c08db1fb3e207%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C638138629687383126%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=yhLvJzM%2F4J6gcYq2or4o2s45BcTAFs4On9QD1S29B20%3D&reserved=0>)

  *   APT repository: Added .gz, .xz and .bz2 compression to the Packages file.
(#4313<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fsyslog-ng%2Fsyslog-ng%2Fpull%2F4313&data=05%7C01%7Cpeter.czanik%40oneidentity.com%7C779b9256328945419f2c08db1fb3e207%7C91c369b51c9e439c989c1867ec606603%7C0%7C1%7C638138629687383126%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=cciFqNSZaownwB1lGWsloW6zGzqglUi0skk8qkcEr%2FQ%3D&reserved=0>)

Credits

syslog-ng is developed as a community project, and as such it relies
on volunteers, to do the work necessarily to produce syslog-ng.

Reporting bugs, testing changes, writing code or simply providing
feedback are all important contributions, so please if you are a user
of syslog-ng, contribute.

We would like to thank the following people for their contribution:

Attila Szakacs, Balazs Scheidler, Bálint Horváth, Gergo Ferenc Kovacs,
Hofi, László Várady, Ronny Meeus, Szilard Parrag
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20230321/25723ab9/attachment-0001.htm>