3.8.1
Library updates
- Kafka-client updated to version to 0.9.0.0
- Minimal required version of hiredis is set to 0.11.0 to avoid
possible deadlocks
- Minimal version of libdbi is set to 0.9.0
Improvements and features
- Added the long-waited disk-buffer.
- date-parser ported from incubator to upstream
- New template functions: min, max, sum, average
- Added Apache-accesslog-parser
- Added loggly destination
- Added logmatic destination
- Added template function for supporting CEF.
- cURL-based HTTP destination driver added (implemented in C
programming language)
- SELinux policy installer script now has support for Red Hat
Enterprise Linux/CentOS/ Oracle Linux 5, 6 and 7.
- Implemented add-contextual-data: With add-context-data syslog-ng
can use an external database file to append custom name-value
pairs on incoming logs (to enrich messages).
Program destination/source drivers
- Added inherit-environment configuration option to program source
and destination.
- Added keep-alive option to program destination (afprog).
Java drivers
- HTTP destination: Added the ability to use templates in both url
and message.
- ElasticSearch Destination driver: Support 2.2.x series of
ElasticSearch (transport and node mode).
MongoDB destination driver
- Replaced submodule limongo-client with mongo-c-driver.
- Additional support for previous syntax used by libmongo-client
before we started using mongo-c-driver and its URI syntax
exclusively.
Riemann destination driver
- Use cert-file() and key-file() options to match afsocket
keywords as the same way as afsocket drivers use these options.
Rewrite rules
- Introduced template options in rewrite rules.
- Added unset operation to make it possible to unset a specific
name-value pair for a logmessage.
Parsers
- kvformat: make it possible to specify name-value separator
- linux-audit-scanner: recognize a0-a9* as fields to be decoded
- csv-parser has been refactored, extended with new dialect and
prefix options.
PatternDB
- added groupingby() parser that can perform simple correlation on
log messages
- added create-context action
- Added NLSTRING parser that captures a string until the following
end-of-line
Miscellaneous features
- syslog-debun (debug bundle script for syslog-ng) has been
improved
Bugfixes
- geoip-parser: When default database if not specified, syslog-ng
crashed.
- Added support for multiple drivers with the same name in
syslog-ng config.
- Fixed aack counting logic for junctions that have branches that
modify the LogMessage.
- Fixed a potential crash for code that uses log_msg_clear() in
production (e.g. syslog-parser()).
- Fixed potential crash in reload logic
- system(): use string comparison instead of numeric in PID
rewrite
- Support encoding on glib compiled with libiconv
- pdbtool: Fix the ordering of the debug-info list in PatternDB
- afprog: Don't kill our own process group
- Handle option names with hyphen (-) characters in java scls
- dnscache performance improved
- Fixed IPv6 parser in patterndb.
- Fixed journald program name flapping
- Fixed create-dirs() inheritance in file destinations
- Fixed pass-unix-credentials() global inheritance in afunix
- Fixed create-dirs() global inheritance in afunix
- Fixed byteorder handling on bigendian systems in netmask6 filter
- Fixed flow-control issue when overflow queue is full (suspending
source by setting the window size to 0).
- Log HTTP response error codes in HTTPDestination (Java).
- Fixed potential leaks related $(sanitize) argument parsing in
basicfuncs.
- Fixed a memory leak in python debugger
- Fixed a use-after-free bug in templates.
- Fixed a memory leak around reload in netmask6 filter.
- Fixed a memory leak in LogProtoBufferedServer in case the
encoding() option is used.
- configure: don't override $enable_python while executing
pkg-config
- Fixed BSD timestamp parsing in syslog-format.
- Fixed a SIGPIPE bug in program destination.
- Error handling has been improved in AMQP destination.
- value-pairs performance improvements, memleak fixes
- Various issues around UTF-8 support fixed.
- Fixed integer overflow in numerical operations template function
- Fixed an integer underflow in afsocket.
- Fixed numerical comperisons issues around filters.
- Fixed kernel log message time drift on Linux.
- Take CRLF sequences equivalent to an LF in patterndb.
- When syslog-ng failed to insert data into Redis, it has crashed.
- When device file is set as a file destination then syslog-ng
will not try to change the permission of the device file.
- Various fixes around config file parsing:
3.7.3
Improvements
- Updated Python package requirements.
- Can now compile without MongoDB.
- Added eventlog to the list of required pkg-config packages.
- Basic FreeBSD and HP-UX support of syslog debug bundle generator
by improving POSIX shell compatibility.
- Keep the program destination open between configuration reloads.
- system-source now uses keep-timestamp(no) for Linux kernel log.
The time source used by /dev/kmsg is not updated after system
SUSPEND/RESUME.
Fixes
- Fix a SIGSEGV when a Redis command returns an error.
- Resolve deadlock in logwriter triggered by suppress()
- Mitigate possible deadlock in patterndb
- Fixed global inheritance of pass-unix-credentials() and
create-dirs().
- Certain compilers complained about an undefined symbol when
setting keep-alive(yes).
- For certain use cases, afsocket would not handle procfs read
errors due to an integer underflow.
- Enhanced Java version check and the handling of
SyslogNgInternalLogger (used by Kafka), the FATAL loglevel and
getLocationInformation().
- When a big amount of kernel log was produced in a very short
time, the syslog-ng process sometimes entered into a spin and
stop processing messages.
Rework and clean up the package, split off various bindings
into separate packages. Add SMF support.
Major features and improvements introduced in major releases since 3.2.
3.7
- OpenSSL is now a required dependency for syslog-ng.
- Java-destination driver ported from syslog-ng-incubator.
- Python language support is ported from syslog-ng incubator.
- New Java destination drivers
- New Parsers
3.6
- PCRE is now a required dependency of syslog-ng.
- Threaded mode is now enabled by default.
3.5
- Multi-line support
- STOMP destination
- Redis destination
- Template type hinting
- Template options honored everywhere
- Support for unit suffixes in the configuration
- The Incubator project
3.4
- New plugins: AMQP & SMTP destinations, JSON parser.
- New parsers for patterndb: HOSTNAME, EMAIL, PCRE and LLADDR.
- It is now possible to control what db-parser() sees as its input
via it's new template() option.
- value-pairs() gained support for programmatically
rewriting key names in bulk, via the rekey() method.
- The network() driver is introduced, unifying and extending
tcp(), udp(), syslog(), unix-dgram() and
unix-stream(). The old drivers are still available, but
- Support for junctions & channels were added, which improve
the flexibility of the syslog-ng configuration language.
3.3
- multi-core/CPU scaling: the new multi-threaded architecture allows
syslog-ng to scale into the 800k msg/sec region.
- MongoDB support: using MongoDB instead of SQL is faster and
allows better representation of log data.
- JSON support: using the $(format-json) template function it is
now possible to construct JSON (JavaScript Object Notation)
output for log messages.
- A number of enhancements all over the place: SQL, patterndb.
- The default ports have changed. syslog-ng is using the standard
