syslog-ng is an enhanced log daemon, supporting a wide range of input and output methods: syslog, unstructured text, queueing, SQL & NoSQL.
OTHER License
Bot releases are hidden (Show)
Published by lbudai about 8 years ago
This is the first beta release for the 3.8.x series.
Changes compared to 3.7.x:
Note, that for beta release we generate the changes with
a tool (may contain false information). Final changelog will be more sophisticated (and will
include Credits section).
Implemented enhancements:
Fixed bugs:
Unofficial Debian packages:
Published by lbudai over 8 years ago
Changes compared to 3.7.2:
system-source
now uses keep-timestamp(no)
for Linux kernel log./dev/kmsg
is not updated after systemsuppress()
pass-unix-credentials()
and create-dirs()
.keep-alive(yes)
.getLocationInformation()
.syslog-ng is developed as a community project, and as such it relies
on volunteers, to do the work necessarily to produce syslog-ng.
Reporting bugs, testing changes, writing code or simply providing
feedback are all important contributions, so please if you are a user
of syslog-ng, contribute.
We would like to thank the following people for their contribution:
András Mitzki, Avleen Vig, Balázs Scheidler, Ben Kibbey, Christian Herzig,
David Schweikert, Douglas Carmichael, Dezso Endre Molnar, Fabien Wernli,
Gergely Czuczy, Gergely Nagy, Gergo Nagy, Hanno Böck, Herzig, Christian,
Laszlo Budai, László Várady, MÓZES Ádám István, PÁSZTOR György, Péter Czanik,
Robert Fekete, Saurabh Shukla, Tamás Nagy, Tibor Benke, Viktor Juhász,
Vincent Bernat, Wang Long, Zdenek Styblik, Zoltán FRIED, Zoltán Pallagi
Published by lbudai almost 9 years ago
This is the first maintenance release for the 3.7.x series.
Changes compared to 3.7.1:
concurrent_request
option added to ElasticSearch with default value 1.When installing the python modules, allow overriding the options. This
is useful for distributions that want to pass extra options. For
example, on Debian, we want --install-layout="deb" instead of the
--prefix and --root options.
With this change, the previous behaviour remains the default, but one
can supply PYSETUP_OPTIONS on the make command-line to override it.
syslog-ng is developed as a community project, and as such it relies
on volunteers, to do the work necessarily to produce syslog-ng.
Reporting bugs, testing changes, writing code or simply providing
feedback are all important contributions, so please if you are a user
of syslog-ng, contribute.
We would like to thank the following people for their contribution:
Adam Arsenault, Adam Istvan Mozes, Andras Mitzki, Avleen Vig,
Balazs Scheidler, Fabien Wernli, Gergely Czuczy, Gergely Nagy, Gergo Nagy,
Laszlo Budai, Peter Czanik, Robert Fekete, Saurabh Shukla, Tamas Nagy,
Tibor Benke, Viktor Juhasz, Vincent Bernat, Wang Long, Zdenek Styblik,
Zoltan Pallagi.
Published by lbudai about 9 years ago
OpenSSL is now a required dependency for syslog-ng because the newly added
hostid
and uniqid
features requires a CPRNG provided by OpenSSL.
Therefore non-embedded crypto lib is not a real option, so the support of
having such a crypto lib discontinued and all SSL-dependent features enabled
by default.
ElastiSearch, Kafka and HDFS destination drivers are implemented by using
the 'official' Java client libraries and syslog-ng provides a way to set
their own, native configuration file. Log messages generated by the client
Java libraries are redirected to syslog-ng via our own Log4JAppender which
means that those logs are available as internal syslog-ng messages.
geoip()
parser, that can look up the country code andextract-solaris-msgid()
added for automatically extracts.
, [
and ]
in extract-prefix
for json-parser()
.HOSTID
and the RCPTID
in the format of HOSTID@RCPTID
.use-rcptid
has been deprecated and use-uniqid
could beafsmtp
driver now supports templatable recipients field.New utf8 string sanitizers instead of old broken one.
syslog-ng won't send SIGTERM when getpgid()
fails in program destination
(afprog
).
In some cases program destination respawned during syslog-ng stop/restart
(afprog
).
syslog-ng generates mark messages when mark-mode
is set
to host-idle
.
Using msg_control only when credential passing is supported in socket
destination (afsocket
).
Writer is replaced only when protocol changed during reload in socket
destination (afsocket
).
Fix spinning on EOF for unix-stream()
sockets. Root cause of the spinning
was that a unix-dgram socket was created even in case of unix-stream.
When the configured host was not available during the initialization of
afsocket
destination syslog-ng just didn't start. From now, syslog-ng
starts in that case and will retry connecting to the host periodically.
Fixed BSD year inference in syslogformat. When the difference between the
current month and the month part of the timestamp of an incoming logmessage
in BSD format (which has no year part) was greater than 1 then syslog-ng
computed the year badly.
In some cases, localtime related macros had a wrong value(eg.:$YEAR).
TLS support added to Riemann destination
Excluded "tags" from Riemann destination driver as an attribute which
conflicts with reserved keyword
When a not writeable/non-existent file becomes writeable/exists later,
syslog-ng recognize it (with the help of reopen-timer) and delivers messages
to the file without dropping those which were received while the file was
not available (affile
).
Fixed a crash around affile at the first message delivery when templates
were used (affile
).
Fixed a configure error around libsystemd-journal.
Removed syslog.socket from service file on systems using systemd.
Syslog-ng reads the messages directly from journal on systems with systemd.
Fixed compilation where the monolitic libsystemd was not available.
Fixed compilation failure on OpenBSD.
AMQP connection process fixed.
Added DOS/Windows line ending support in config.
Retries fixed in SQL destination. In some circumstances when
retry_sql_inserts
was set to 1, after an insertion failure all incoming
messages were dropped.
Transaction handling fixed in SQL destination. In some circumstances when
both select and insert commands were run within a single transaction and
the select failed (eg.: in case of mssql), the log messages related to
the insert commands, broken by the invalid transaction, were lost.
Fixed a memleak in SQL destination driver.
The memleak occured during one of the transaction failures.
Memory leak around reload and internal queueing mechanism has been fixed.
Fixed a potential abort when the localhost name cannot be detected.
Security issue fixed around $HOST.
Tech details:
When the name of the host is too long, the buffer we use to format the
chained hostname is truncated. However snprintf() returns the length the
result would be if no truncation happened, thus we will read uninitialized
bytes off the stack when we use that pointer to set $HOST
with log_msg_set_value().
There can be some security implications, like reading values from the stack
that can help to craft further exploits, especially in the presense of
address space randomization. It can also cause a DoS if the hostname length
is soo large that we would read over the top-of-the-stack, which is probably
not mmapped causing a SIGSEGV.
Journal entries containing name-value pairs without '=' caused syslog-ng
to crash. Instead of crashing, syslog-ng just drop these nv pairs.
Fixed the encoding of characters below 32 if escaping is enabled in
templates. Templated outputs never contained references to characters below
32, essentially they were dropped from the output for two reasons:
Fixed afstomp destination port issue. It always tried to connect to the port 0.
Fixed memleak in db-parser which could happen at every reload.
Fixed a class of rule conflicts in db-parser:
Because an error in the pdb load algorithms, some rules would conflict which
shouldn't have done that. The problem was that several programs would use
the same RADIX tree to store their patterns. Merging independent programs
meant that if they the same pattern listed, it would clash, even though
their $PROGRAM is different.
There were multiple issues:
The solution involved in using a separate hash table for loading, which
at the end is turned into the radix tree.
pdbtool match when used with the --debug-pattern option used a low-level
lookup function, that didn't perform all the db-parser actions specified
in the rule
Max packet length for spoof source is set to 1024 (previously : 256).
A certificate which is not contained by the list of fingerprints is
rejected from now.
Hostname check in tls certificate is case insensitive from now.
There is a use-case where user wants to ignore an assignment to a name-value
pair. (eg.: when using csv-parser()
, sometimes we get a column we really
want to drop instead of adding it to the message). In previous versions an
error message was printed out:
'Name-value pairs cannot have a zero-length name'.
That error message has been removed.
Fixed a docbook related compilation error: there was a hardcoded path that
caused build to fail if docbook is not on that path. Debian based
platforms did not affected by this problem.
Now a new option was created for ./configure
that is --enable-manpages
that enables the generation of manpages using docbook from online source.
'--with-docbook=PATH' gives you the opportunity to specify the path for
your own installed docbook.
syslog-ng is developed as a community project, and as such it relies
on volunteers, to do the work necessarily to produce syslog-ng.
Reporting bugs, testing changes, writing code or simply providing
feedback are all important contributions, so please if you are a user
of syslog-ng, contribute.
We would like to thank the following people for their contribution:
Adam Arsenault, Adam Istvan Mozes, Alex Badics, Andras Mitzki,
Balazs Scheidler, Bence Tamas Gedai, Ben Kibbey, Botond Borsits, Fabien Wernli,
Gergely Nagy, Gergo Nagy, Gyorgy Pasztor, Kristof Havasi, Laszlo Budai,
Manikandan-Selvaganesh, Michael Sterrett, Peter Czanik, Robert Fekete,
Sean Hussey, Tibor Benke, Toralf Förster, Viktor Juhasz, Viktor Tusa,
Vincent Bernat, Zdenek Styblik, Zoltan Fried, Zoltan Pallagi.
Published by lbudai over 9 years ago
This is the second beta release of the upcoming syslog-ng OSE 3.7
branch.
Changes compared to the previous alpha release:
afsocket
destination syslog-ng just didn't start. From now, syslog-ng--disable-python
option and other Python related fixes addded toretry_sql_inserts
was set to 1, after an insertion failure all incomingsyslog-ng is developed as a community project, and as such it relies
on volunteers, to do the work necessarily to produce syslog-ng.
Reporting bugs, testing changes, writing code or simply providing
feedback are all important contributions, so please if you are a user
of syslog-ng, contribute.
We would like to thank the following people for their contribution:
Alex Badics, Andras Mitzki, Balazs Scheidler, Bence Tamas Gedai,
Fabien Wernli, Gergely Nagy, Gergo Nagy, Gyorgy Pasztor, Istvan Adam Mozes,
Laszlo Budai, Peter Czanik, Robert Fekete, Tibor Benke, Viktor Juhasz,
Zoltan Pallagi.
Published by lbudai over 9 years ago
This is the fourth maintenance (extra) release for 3.6.x series
and fixes some critical issues.
syslog-ng is developed as a community project, and as such it relies
on volunteers, to do the work necessarily to produce syslog-ng.
Reporting bugs, testing changes, writing code or simply providing
feedback are all important contributions, so please if you are a user
of syslog-ng, contribute.
We would like to thank the following people for their contribution:
Andras Mitzki, Balazs Scheidler, Laszlo Budai, Peter Czanik, Tibor Benke,
Viktor Juhasz .
Published by lbudai over 9 years ago
This is the third maintanance release for 3.6.x series.
Changes compared to 3.6.2:
--enable-manpages
and --with-docbook
--with-docbook=PATH
gives the user the opportunity toafsocket
destination syslog-ng just didn't start. From now, syslog-ngretry_sql_inserts
was set to 1, after an insertion failure all incomingamqp
destination and RabbitMQ module isafstomp
.redis
.syslog-ng is developed as a community project, and as such it relies
on volunteers, to do the work necessarily to produce syslog-ng.
Reporting bugs, testing changes, writing code or simply providing
feedback are all important contributions, so please if you are a user
of syslog-ng, contribute.
We would like to thank the following people for their contribution:
Adam Mozes, Andras Mitzki, Balazs Scheidler, Ben Kibbey, Fabien Wernli,
Gergely Nagy, Gergo Nagy, Henrik Grindal Bakken, Laszlo Budai, Peter Czanik,
Pradeep Sanders, Robert Fekete, Tibor Benke, Tomáš Novosad, Toralf Förster,
Viktor Juhasz, Viktor Tusa, Zoltan Pallagi .
Published by lbudai over 9 years ago
This is the first beta release of the upcoming syslog-ng OSE 3.7
branch.
Further releases will focus on fixes and small Getting started ...
documentations.
Changes compared to the previous alpha release:
HOSTID
and the RCPTID
in the format of HOSTID@RCPTID
.use-rcptid
has been deprecated and use-uniqid
could beExtended the set of supported characters to every printable ASCII's except
.
, [
and ]
in extract-prefix
for json-parser()
.
OpenSSL set as a hard dependency for syslog-ng because the newly added
hostid
and uniqid
features requires a CPRNG provided by OpenSSL.
After OpenSSL is a hard dependency
Added string-delimiters option to csvparser to support multi character
delimiters in CSV parsing.
Upgrade RabbitMQ submodule to the upstream.
Extended rcpt-id to 64 bits (formerly it was 48 bits).
Fixed the encoding of characters below 32 if escaping is enabled in
templates. Templated outputs never contained references to characters below
32, essentially they were dropped from the output for two reasons:
Fixed afstomp destination port issue. It always tried to connect to the port 0.
Fixed compilation where the monolitic libsystemd was not available.
Fixed memleak in db-parser which could happen at every reload.
Fixed a class of rule conflicts in db-parser:
Because an error in the pdb load algorithms, some rules would conflict which
shouldn't have done that. The problem was that several programs would use
the same RADIX tree to store their patterns. Merging independent programs
meant that if they the same pattern listed, it would clash, even though
their $PROGRAM is different.
There were multiple issues:
The solution involved in using a separate hash table for loading, which
at the end is turned into the radix tree.
./configure
that is --enable-manpages
filter: fix external filter plugin lookup
The filter_plugin rule expected an LL_IDENTIFIER and filter_comparison
expected a string which in turn is an LL_IDENTIFIER or LL_STRING. It
caused a conflict in the grammar which prevented to load external
filter plugins.
syslog-ng is developed as a community project, and as such it relies
on volunteers, to do the work necessarily to produce syslog-ng.
Reporting bugs, testing changes, writing code or simply providing
feedback are all important contributions, so please if you are a user
of syslog-ng, contribute.
We would like to thank the following people for their contribution:
Andras Mitzki, Balazs Scheidler, Botond Borsits, Fabien Wernli, Gergely Nagy,
Gergo Nagy, Gyorgy Pasztor, Istvan Adam Mozes, Laszlo Budai,
Manikandan-Selvaganesh, Peter Czanik, Robert Fekete, Tibor Benke,
Viktor Juhasz, Vincent Bernat, Zoltan Fried, Zoltan Pallagi.
Published by lbudai almost 10 years ago
This is the first maintenance release for 3.6.x series.
Changes compared to 3.6.1:
unix-stream()
sockets. Root cause of the spinningPrefer SYSLOG_IDENTIFIER over _COMM in systemd-journal.
In order to not break assumptions, prefer SYSLOG_IDENTIFIER over _COMM.
For example, postfix uses postfix/qmgr as SYSLOG_IDENTIFIER, but _COMM
is only "qmgr". The journal itself uses SYSLOG_IDENTIFIER when
reconstructing the syslog message, so we should not deviate from that
behaviour, either.
Similarly, rsyslog also prefers SYSLOG_IDENTIFIER, so for the sake of
compatibility, doing the same is preferable.
syslog-ng is developed as a community project, and as such it relies
on volunteers, to do the work necessarily to produce syslog-ng.
Reporting bugs, testing changes, writing code or simply providing
feedback are all important contributions, so please if you are a user
of syslog-ng, contribute.
We would like to thank the following people for their contribution:
Alexander Görtz, Andras Mitzki, Balazs Scheidler, Fabien Wernli, Gergely Nagy,
Jasper Lievisse Adriaanse, Laszlo Budai, Michael Sterrett, Peter Czanik,
Robert Fekete, Tibor Benke, Viktor Juhasz, Viktor Tusa, Zoltan Fried .
Published by lbudai almost 10 years ago
This is the second alpha release of the syslog-ng OSE 3.7
branch.
Changes compared to the previous alpha release:
extract-solaris-msgid()
added for automatically extractsunix-stream()
sockets. Root cause of the spinningunix-dgram()
socket was created even in case of unix-stream()
.csv-parser()
, sometimes we get a column we reallysyslog-ng is developed as a community project, and as such it relies
on volunteers, to do the work necessarily to produce syslog-ng.
Reporting bugs, testing changes, writing code or simply providing
feedback are all important contributions, so please if you are a user
of syslog-ng, contribute.
We would like to thank the following people for their contribution:
Andras Mitzki, Balazs Scheidler, Fabien Wernli, Gergely Nagy, Laszlo Budai,
Michael Sterrett, Peter Czanik, Robert Fekete, Tibor Benke, Sean Hussey,
Viktor Juhasz, Viktor Tusa, Zoltan Fried .
Published by lbudai almost 10 years ago
This is the first alpha release of the syslog-ng OSE 3.7
branch.
Changes compared to the latest stable release (3.6.1):
$(format-cim)
template function added into an SCL module.user_template_function_register()
that allowssyslog-ng is developed as a community project, and as such it relies
on volunteers, to do the work necessarily to produce syslog-ng.
Reporting bugs, testing changes, writing code or simply providing
feedback are all important contributions, so please if you are a user
of syslog-ng, contribute.
We would like to thank the following people for their contribution:
Andras Mitzki, Balazs Scheidler, Fabien Wernli, Gergely Nagy, Laszlo Budai,
Peter Czanik, Viktor Juhasz, Viktor Tusa
Published by lbudai almost 10 years ago
This is the first production ready version of syslog-ng OSE 3.6.
More than 25000 lines fof code changed, with about 500 file modified.
The changes since the latest release are the following:
PCRE is now a required dependency of syslog-ng, and is not optional
anymore.
Threaded mode is now enabled by default. To turn it off, use
threaded(no)
in the global options section.
The versioning of the libsyslog-ng
internal library has changed:
instead of always using the current release number, we will now try
to maintain ABI compatibility during the lifetime of a stable
branch. Therefore, we use only the first two components of our
version as the base of the library version. Another number will be
part of the SONAME too, but that will only change when we break
compatibility.
The SONAME is currently set to libsyslog-ng-3.6.so.0
, and will
remain the same during alpha and beta releases, even when the ABI
changes. We will start bumping the version after the first stable
release from this branch, if needed.
The flush-lines()
setting now defaults to 100, rather than 1,
for increased speed.
custom-domain()
global setting was introduced, which allowsuse-rcptid()
global option, that tells syslog-ng to assign$RCPTID
macro, and is unique on apseudofile()
destination driver is a very simple driver, aimed/proc
or /dev
. Itnodejs()
source driver (implemented as an SCL macro) addswinston
logging API.systemd-syslog()
source replaces the former implicitsystem()
source, or this new one when they want to/run/systemd/journal/syslog
system()
source defaults$(or)
template function that returns the first non-empty$(padding)
template function, to pad text with custom padding$(graphite-output)
template function, to be used for sendinggraphite()
destination SCL block is also available now, toriemann()
destination, which allows sending metrics to theA number of features were implemented for all threaded destinations:
amqp()
, mongodb()
, redis()
, riemann()
, smtp()
and stomp()
.
SEQNUM
persistence: theretries()
was implemented for all of these,throttle()
option is now implemented, and works for all of theThe multi-line-mode()
option gained a new setting:
prefix-suffix
, which works similarly to the prefix-garbage
(which is the new name for regexp
), except it appends the garbage
part to the message, instead of discarding it.
This new mode can be used to work around the absence of a timeout.
Filters default to PCRE matching, instead of the previous POSIX
regexp default.
The system()
source will now parse @cim
marked messages as JSON,
if the JSON module is available at run-time. This improves
inter-operation with other software that uses the Common
Information Model.
One can now use multiple elements in the key()
and exclude()
options of any value-pairs declaration.
It is now possible to load not only a single certificate when using
TLS, but a certificate chain.
stats-lifetime()
global option was introduced, whichstats-lifetime()
minutesinternal_queue_length
statistic, which shows theinternal()
source is not connected, or if it is not being emptiedmongodb()
driver now supports authentication, even when using--with-libmongo-client
option of the configure script nowauto
as a value, and will then detect whether to use theauto
now, which prefers the system library over the internal copy._id
field to the message:retries()
option can be used to tell the driver how manysafe-mode()
by default.double()
type hint is now supported by the driver.smtp()
destination now supports a retries()
option, whichto()
, cc()
,bcc()
and from()
, and subject()
and body()
) are not set.The unix-dgram()
and unix-stream()
sources now extract UNIX
credentials (PID, UID and GID of the sending application) from the
passed messages, if any. On Linux, and FreeBSD, the path of the
executable belonging to PID is extracted too, along with
command-line arguments.
The extracted values are available in ${.unix.pid}
,
${.unix.uid}
, ${.unix.gid}
, ${.unix.exe}
and
${.unix.cmdline}
, respectively.
The system()
source will overwrite the PID macro with the value of
${.unix.pid}
, if present.
The json-parser gained an extract-prefix()
option, which can be
used to tell the parser to only extract JSON members from a specific
subtree of the incoming object.
Example: json-parser(extract-prefix("foo.bar[5]"));
Assuming that the incoming object is named msg, this is equivalent
to the following javascript code: msg.foo.bar[5]
The resulting expression must be a JSON object, so that syslog-ng
can extract its members into LogMessage name-value pairs.
This also works when the top-level object is an array, as
extract-prefix()
allows the use of an array index at the first
indirection level, for example:
json-parser(extract-prefix("[5]"));
, which translates to msg[5]
.
The $(format-json)
template function now handles the double()
type hint.
$RUNID
macro is available for templates, which changes itscontrib/valgrind/
), to aid in debugging memory leaks in syslog-ng.system-expand
, was added, which returns what thesystem()
source would expand to.The reliability of the usertty()
destination driver was greatly
improved. Previously, some parts of it were not thread-safe, which
could result in strange behaviour.
The handling of escape related flags of csvparser()
was changed:
instead of these flags overwriting all other (even non-escape
related) flags, if the flag to set is an escape-flag, it will keep
all non-escape flags, and set the new one. If it is a not such a
flag, then it will clear all flags, and set the previous escape
flags, and the new flag.
This, in essence, means that when setting flags on a csvparser()
,
if it is an escape flag, only escape flags will be affected. If not,
then escape flags will not be affected at all.
The SQL destination now correctly continues $SEQNUM counting after a
reload, instead of starting afresh.
Casting error eliminated in Riemann destination when metric is applied to
an empty field.
From now, syslog-ng always exclude attributes that conflict with properties
in Riemann destination (otherwise value of the attribute would override the
property).
When tring to stop syslog-ng while a reload is in progress,
syslog-ng will now correctly shut down cleanly.
Reloading a config file containing runtime error now not ends in a crash,
it is able to fallback to the original config.
(runtime error: config file is grammatically valid but containing invalid
value, eg.: wrong database column name)
When the local hostname is not an FQDN, and the local resolver fails
to return an FQDN too, syslog-ng does not abort anymore, but
continues using a non-FQDN hostname after emitting a warning on the
internal source.
Furthermore, syslog-ng will try to resolve the FQDN harder: when
multiple names are returned, it will search for the first FQDN one,
instead of stopping at the primary name.
The update-patterndb
script will now work correctly when the
current working directory contains .pdb files.
Patterndb fixed to apply condition even if context-id is missing.
We will now correctly handle time going backwards in patterndb: it
will realign its idea of current time with the system. This corrects
a bug where timeouts did not function properly when system time was
set backwards.
The pdbtool merge
command will now generate version 4 patterndb
files.
The Linux capability support is now correctly auto-detected by the
configure script, and defaults to off on FreeBSD 9+, as it should.
The file()
and network()
(including tcp()
et al) sources will
now properly set the $SOURCE
macro.
The basicfuncs module was fixed to work correctly on 32-bit
architectures.
The stored
statistics is no longer incremented by various drivers
when they mean processed
.
The type hinting feature is now more picky about what kind of type
hints it accepts, allowing one to use template functions in - for
example - $(format-json)
pairs.
All the various crypto-related template functions now check that the
desired length of the digest is not larger than the digest itself.
If a larger value is requested, they will truncate it to the digest
length.
The $(geoip)
template function now works with threaded(yes)
too.
The in-list()
filter was fixed to look at all elements of the
list, instead of only the last one.
Fixed an assertion when using the match()
filter under certain
circumstances.
The system()
source will not add /dev/kmsg
(or /proc/kmsg
on
older kernels) to the default sources if using the systemd journal,
because kernel logs are included in the journal.
The system()
source will not include /dev/kmsg
(or /proc/kmsg
)
when running inside a Linux container.
Various memory leak fixes around the code base.
Change control socket message from notice to debug
Opening control socket disabled when syslog-ng is used for only
syntax-checking.
Fixes for retries() functionality.
Retry counter incremented by every message write error
(including network connection errors) which can lead to message lost.
CONTRIBUTING.md
file.The code base went through a lot of refactoring, too many to list in a
simple NEWS file. Groundwork has been laid out for future features
which are yet to hit the 3.6 branch.
syslog-ng is developed as a community project, and as such it relies
on volunteers, to do the work necessary to produce syslog-ng.
Reporting bugs, testing changes, writing code or simply providing
feedback are all important contributions, so please if you are a user
of syslog-ng, contribute.
We would like to thank the following people for their contribution:
Andras Mitzki, Andres Tamayo, Balazs Scheidler, Csaba Karsai, Daniel
Gados, Evan Rempel, Fabien Wernli, Gergely Nagy, Gyorgy Pasztor,
Igor Ippolitov, Imre Lazar, Jakub Wilk, Laszlo Budai, Lucas McLane,
Martin Bagge, Matyas Koszik, Michael Hocke, Nick Alcock, Otto Berger,
Peter Czanik, Peter Gyongyosi, Robert Fekete, Sebastien Badia,
Sebastiaan Hoogeveen, Tamas Pal, Tibor Benke, Tobias Schwab, Viktor
Juhasz, Viktor Tusa, Xufeng Zhang
Published by lbudai about 10 years ago
This is the second (hopefully last) Release Candidate of the syslog-ng
OSE 3.6 branch. Some release critical bugs found and fixed.
syslog-ng is developed as a community project, and as such it relies
on volunteers, to do the work necessary to produce syslog-ng.
Reporting bugs, testing changes, writing code or simply providing
feedback are all important contributions, so please if you are a user
of syslog-ng, contribute.
We would like to thank the following people for their contribution:
Andras Mitzki, Balazs Scheidler, Fabien Wernli, Gergely Nagy, Laszlo Budai,
Viktor Tusa
Published by lbudai about 10 years ago
This is the first Release Candidate of the syslog-ng OSE 3.6 branch.
Based on our test results this release is almost production ready.
rewrite()
.syslog-ng is developed as a community project, and as such it relies
on volunteers, to do the work necessary to produce syslog-ng.
Reporting bugs, testing changes, writing code or simply providing
feedback are all important contributions, so please if you are a user
of syslog-ng, contribute.
We would like to thank the following people for their contribution:
Balazs Scheidler, Brian De Wolf, Gergely Nagy, Laszlo Budai, Peter Czanik,
Tibor Benke, Viktor Juhasz, Viktor Tusa.
Published by algernon about 10 years ago
This is the second beta release of the upcoming syslog-ng OSE 3.6 branch. Compared to the previous beta, this release contains a few minor features and bugfixes. We expect the next release to be a release candidate, focusing on stability and bugfixes. Testing is most appreciated!
system()
source will not include /dev/kmsg
(or /proc/kmsg
) when running inside a Linux container.in-list()
filter was fixed to look at all elements of the list, instead of only the last one.match()
filter under certain circumstances.system()
source will not add /dev/kmsg
(or /proc/kmsg
on older kernels) to the default sources if using the systemd journal, because kernel logs are included in the journal.syslog-ng is developed as a community project, and as such it relies on volunteers, to do the work necessary to produce syslog-ng.
Reporting bugs, testing changes, writing code or simply providing feedback are all important contributions, so please if you are a user of syslog-ng, contribute.
We would like to thank the following people for their contribution:
Andras Mitzki, Balazs Scheidler, Gergely Nagy, Gyorgy Pasztor, Peter Czanik, Tibor Benke.
Published by algernon about 10 years ago
This is the first beta release of the upcoming syslog-ng OSE 3.6 branch. Compared to the alphas, this release contains a moderate amount of new functionality and bugfixes. Further releases will focus on stability and bugfixes.
key()
and exclude()
options of any value-pairs declaration.systemd-journal()
, which reads from the Journal directly, not via the syslog forwarding socket. The system()
source defaults to using this source when systemd is detected.$(geoip)
template function now works with threaded(yes)
too.syslog-ng is developed as a community project, and as such it relies on volunteers, to do the work necessary to produce syslog-ng.
Reporting bugs, testing changes, writing code or simply providing feedback are all important contributions, so please if you are a user of syslog-ng, contribute.
We would like to thank the following people for their contribution:
Andras Mitzki, Fabien Wernli, Gergely Nagy, Laszlo Budai, Michael Hocke, Tibor Benke, Viktor Juhasz, Viktor Tusa.
Published by algernon about 10 years ago
This is the third alpha release of the upcoming syslog-ng OSE 3.6 branch. It is expected to be the last alpha release, with the first beta in about two weeks. This release contains a number of important features and bugfixes:
flush-lines()
setting now defaults to 100, rather than 1, for increased speed.system()
source will now parse @cim
marked messages as JSON, if the JSON module is available at run-time. This improves inter-operation with other software that uses the Common Information Model.$(or)
template function that returns the first non-empty argument is now included in syslog-ng itself.$(padding)
template function, to pad text with custom padding to a given length is also included.$(graphite-output)
template function, to be used for sending metrics to Graphite was ported over from the Incubator. The graphite()
destination SCL block is also available now, to make it even easier to talk to Graphite.riemann()
destination, which allows sending metrics to the Riemann monitoring system was also ported over from the Incubator.A number of features were implemented for all threaded destinations: amqp()
, mongodb()
, redis()
, riemann()
, smtp()
and stomp()
.
SEQNUM
persistence: the counter will be preserved across reloads and restarts.retries()
was implemented for all of these, which controls how many times a message delivery is retried before dropping it.throttle()
option is now implemented, and works for all of the aforementioned destination drivers.stored
statistics is no longer incremented by various drivers when they mean processed
.$(format-json)
pairs.CONTRIBUTING.md
file.syslog-ng is developed as a community project, and as such it relies on volunteers, to do the work necessary to produce syslog-ng.
Reporting bugs, testing changes, writing code or simply providing feedback are all important contributions, so please if you are a user of syslog-ng, contribute.
We would like to thank the following people for their contribution:
Andras Mitzki, Balazs Scheidler, Fabien Wernli, Gergely Nagy, Laszlo Budai, Peter Czanik, Robert Fekete, Tibor Benke, Viktor Juhasz, Viktor Tusa.
Published by algernon about 10 years ago
This is the second alpha release of the upcoming syslog-ng OSE 3.6 branch, with more internal changes and features compared to the previous 3.6.0alpha1 release. Above the changes in the latest 3.5.6 stable version, this release contains the following noteworthy changes:
Threaded mode is now enabled by default. To turn it off, use threaded(no)
in the global options section.
The versioning of the libsyslog-ng
internal library has changed: instead of always using the current release number, we will now try to maintain ABI compatibility during the lifetime of a stable branch. Therefore, we use only the first two components of our version as the base of the library version. Another number will be part of the SONAME too, but that will only change when we break compatibility.
The SONAME is currently set to libsyslog-ng-3.6.so.0
, and will remain the same during alpha and beta releases, even when the ABI changes. We will start bumping the version after the first stable release from this branch, if needed.
systemd-syslog()
source replaces the former implicit support for the same thing. Users who use systemd are advised to use either the system()
source, or this new one when they want to receive logs from systemd via the /run/systemd/journal/syslog
socket.smtp()
destination now supports a retries()
option, which controls how many times a message delivery will be attempted before dropping it.stored
.to()
, cc()
, bcc()
and from()
, and subject()
and body()
) are not set.file()
and network()
(including tcp()
et al) sources will now properly set the $SOURCE
macro.pdbtool merge
command will now generate version 4 patterndb files.syslog-ng is developed as a community project, and as such it relies on volunteers, to do the work necessary to produce syslog-ng.
Reporting bugs, testing changes, writing code or simply providing feedback are all important contributions, so please if you are a user of syslog-ng, contribute.
We would like to thank the following people for their contribution:
Fabien Wernli, Gergely Nagy, Laszlo Budai, Peter Czanik, Tibor Benke, Viktor Juhasz, Viktor Tusa.
Published by algernon about 10 years ago
This is the sixth bug-fix release for the 3.5.x series. Upgrading from earlier versions is highly recommended, as the changes in this release are very small, yet, also very important for most platforms and workloads.
$(format-json)
, MongoDB, AMQP and more. The leak was supposed to be fixed in 3.5.5, but due to a merging mistake, it was missed.--disable-linux-caps
on non-Linux platforms anymore.pdbtool merge
command will now generate version 4 patterndb files, instead of version 3.syslog-ng is developed as a community project, and as such it relies on volunteers to do the work necessary to produce syslog-ng.
Reporting bugs, testing changes, writing code or simply providing feedback are all important contributions, so please if you are a user of syslog-ng, contribute.
These people have helped in this release:
Fabien Wernli, Gergely Nagy, Peter Czanik
Published by algernon about 10 years ago
This is the first alpha release of the upcoming syslog-ng OSE 3.6 branch, a result of about seven months of work, by more than a dozen contributors, touching 379 files, and changing over twenty thousand lines.
Compared to the latest stable release (3.5.5), this alpha release contains the following noteworthy changes:
PCRE is now a required dependency of syslog-ng, and is not optional anymore.
custom-domain()
global setting was introduced, which allows the administrator to override the local domain name used by syslog-ng. It affects all locally generated log messages.use-rcptid()
global option, that tells syslog-ng to assign a reception ID to each message received and generated by syslog-ng. This ID is available as the $RCPTID
macro, and is unique on a given host. The counter wraps around at 48 bits and is never zero.pseudofile()
destination driver is a very simple driver, aimed at delivering messages to special files in /proc
or /dev
. It opens and closes the file on each message, instead of keeping it open. It does not support templates in the filename, and does not have a queue (and as such, is not adequate in high traffic situations).nodejs()
source driver (implemented as an SCL macro) adds a source driver that allows syslog-ng to accept messages from node.js applications that use the winston
logging API.The multi-line-mode()
option gained a new setting: prefix-suffix
, which works similarly to the prefix-garbage
(which is the new name for regexp
), except it appends the garbage part to the message, instead of discarding it.
This new mode can be used to work around the absence of a timeout.
Filters default to PCRE matching, instead of the previous POSIX regexp default.
stats-lifetime()
global option was introduced, which controls how often dynamic counters are expired. The timer is not exact, some timers may live a little bit longer than the specified time.stats-lifetime()
minutes (defaulting to 10 minutes) instead of only on reloads. This change was done to reduce the memory used by dynamic counters.internal_queue_length
statistic, which shows the length of the internal queue. This is most useful to see if the internal()
source is not connected, or if it is not being emptied fast enough (which, again, indicates a more serious error).mongodb()
driver now supports authentication, even when using replica sets. When re-connecting to another member of the set, the driver will automatically re-authenticate.--with-libmongo-client
option of the configure script now supports auto
as a value, and will then detect whether to use the system version of the library or the internal copy. We default to auto
now, which prefers the system library over the internal copy._id
field to the message: the server will do that automatically, if none is present. This allows users to override the field from within their syslog-ng config.retries()
option can be used to tell the driver how many times it should try to insert a message into the database before giving up (defaults to 3). This fixes the case where a rogue message could hold up the entire queue, as it was retried forever.safe-mode()
by default.double()
type hint is now supported by the driver.The unix-dgram()
and unix-stream()
sources now extract UNIX credentials (PID, UID and GID of the sending application) from the passed messages, if any. On Linux, and FreeBSD, the path of the executable belonging to PID is extracted too, along with command-line arguments.
The extracted values are available in ${.unix.pid}
, ${.unix.uid}
, ${.unix.gid}
, ${.unix.exe}
and ${.unix.cmdline}
, respectively.
The system()
source will overwrite the PID macro with the value of ${.unix.pid}
, if present.
The json-parser gained an extract-prefix()
option, which can be used to tell the parser to only extract JSON members from a specific subtree of the incoming object.
Example: json-parser(extract-prefix("foo.bar[5]"));
Assuming that the incoming object is named msg, this is equivalent to the following javascript code: msg.foo.bar[5]
The resulting expression must be a JSON object, so that syslog-ng can extract its members into LogMessage name-value pairs.
This also works when the top-level object is an array, as extract-prefix()
allows the use of an array index at the first indirection level, for example: json-parser(extract-prefix("[5]"));
, which translates to msg[5]
.
The $(format-json)
template function now handles the double()
type hint.
$RUNID
macro is available for templates, which changes its value every time syslog-ng is restarted, but not when reloaded.contrib/valgrind/
), to aid in debugging memory leaks in syslog-ng. It supresses a couple of known false positives, and a few other things in third-party libraries.system-expand
, was added, which returns what the system()
source would expand to.With the MongoDB destination, successfully inserted messages are not counted as "stored" anymore: stored messages are those that are in a memory or disk buffer.
In the MongoDB destination, reconnecting in a replica-set environment now works correctly, and reliably.
The reliability of the usertty()
destination driver was greatly improved. Previously, some parts of it were not thread-safe, which could result in strange behaviour.
The handling of escape related flags of csvparser()
was changed: instead of these flags overwriting all other (even non-escape related) flags, if the flag to set is an escape-flag, it will keep all non-escape flags, and set the new one. If it is a not such a flag, then it will clear all flags, and set the previous escape flags, and the new flag.
This, in essence, means that when setting flags on a csvparser()
, if it is an escape flag, only escape flags will be affected. If not, then escape flags will not be affected at all.
The SQL destination now correctly continues $SEQNUM counting after a reload, instead of starting afresh.
When tring to stop syslog-ng while a reload is in progress, syslog-ng will now correctly shut down cleanly.
When the local hostname is not an FQDN, and the local resolver fails to return an FQDN too, syslog-ng does not abort anymore, but continues using a non-FQDN hostname after emitting a warning on the internal source.
Furthermore, syslog-ng will try to resolve the FQDN harder: when multiple names are returned, it will search for the first FQDN one, instead of stopping at the primary name.
The update-patterndb
script will now work correctly when the current working directory contains .pdb files.
We will now correctly handle time going backwards in patterndb: it will realign its idea of current time with the system. This corrects a bug where timeouts did not function properly when system time was set backwards.
The Linux capability support is now correctly auto-detected by the configure script, and defaults to off on FreeBSD 9+, as it should.
Various memory leak fixes around the code base.
The code base went through a lot of refactoring, too many to list in a simple NEWS file. Groundwork has been laid out for future features which are yet to hit the 3.6 branch.
syslog-ng is developed as a community project, and as such it relies on volunteers, to do the work necessary to produce syslog-ng.
Reporting bugs, testing changes, writing code or simply providing feedback are all important contributions, so please if you are a user of syslog-ng, contribute.
We would like to thank the following people for their contribution:
Andras Mitzki, Andres Tamayo, Balazs Scheidler, Csaba Karsai, Daniel Gados, Evan Rempel, Fabien Wernli, Gergely Nagy, Igor Ippolitov, Imre Lazar, Jakub Wilk, Laszlo Budai, Lucas McLane, Martin Bagge, Matyas Koszik, Nick Alcock, Otto Berger, Peter Czanik, Peter Gyongyosi, Sebastien Badia, Sebastiaan Hoogeveen, Tamas Pal, Tibor Benke, Tobias Schwab, Viktor Juhasz, Viktor Tusa, Xufeng Zhang