Features
- Improve parsing performance in case of keep-timestamp(no)
- TLS based transports will publish the peer's certificate in a set of
name-value pairs.
- Improve performance of the tcp() source, due to a bug, syslog-ng
attempted to apply position tracking to messages coming over a TCP
transport, which is used for file position tracking and causing
performance degradation.
- Make it possible to configure the listen-backlog() for any stream based
transports (unix-stream and tcp).
- Add a groupunset() rewrite rule that pairs up with groupset() but instead
of setting values it unsets them.
- Add support for Elastic Shield and SearchGuard
- kv-parser() is now able to cope with unquoted values with an embedded
space in them, it also trims whitespace from keys/values and is in
general more reliable in extracting key-value pairs from arbitrary log
messages.
- Improve performance for java based destinations.
- Add prefix() option to add-contextual-data()
Bugfixes
- Fix a potential crash in the file destination, in case it is a template
based filename and time-reap() is elapsed.
- Fix a potential ACK problem within syslog-ng that can cause input windows
to overflow queue sizes over time, effectively causing message drops that
shouldn't occur.
- Fix a heap corruption bug in the DNS cache, in case the maximum number of
DNS cache entries is reached.
- Fix timestamp for suppression messages.
- Fix add-contextual-data() to support CRLF line endings in its CSV input
files.
- Fixed key() option parsing in riemann() destinations.
- Find libsystemd-journal related functions in both libsystemd-journal.so
and libsystemd.so, as recent systemd versions bundled all systemd
related libs into the same library.
- Fixed the build-time detection of system-wide installed librabbitmq,
libmongoc and libcap.
- Fix the file source to repeatedly check for unexisting files, as a bug
caused syslog-ng to stop after two attempts previously.
- The performance testing tool "loggen" crashed if it was used to generate
messages on multiple threads over TLS. This was now fixed.
- Fix an issue in the syslog-parser() parser, so that timestamps parsed
earlier in the log path are properly overwritten.
- Due to a compilation issue, tcp-keepalive-time(), tcp-keepalive-intvl() and
tcp-keepalive-probes() were not working, now they are again.
- The --disable-shm-counters option is now passed to mongo-c-driver to work
around a minor security issue.
- Fix compilation issues on FreeBSD.
- Add support to month names in all caps in syslog timestamps. At least one
device seems to generate these.
- The options() option to java destination can now accept numbers and not
just strings.
- Fix a memory leak in the java destination driver, that may affect java
based destinations like ElasticSearch, Kafka & HDFS.
Other changes
- HDFS was updated to 2.7.3
- Elasticsearch was updated to 2.4.0
- Support was added for OpenSSL 1.1.x
3.8.1
Library updates
- Kafka-client updated to version to 0.9.0.0
- Minimal required version of hiredis is set to 0.11.0 to avoid
possible deadlocks
- Minimal version of libdbi is set to 0.9.0
Improvements and features
- Added the long-waited disk-buffer.
- date-parser ported from incubator to upstream
- New template functions: min, max, sum, average
- Added Apache-accesslog-parser
- Added loggly destination
- Added logmatic destination
- Added template function for supporting CEF.
- cURL-based HTTP destination driver added (implemented in C
programming language)
- SELinux policy installer script now has support for Red Hat
Enterprise Linux/CentOS/ Oracle Linux 5, 6 and 7.
- Implemented add-contextual-data: With add-context-data syslog-ng
can use an external database file to append custom name-value
pairs on incoming logs (to enrich messages).
Program destination/source drivers
- Added inherit-environment configuration option to program source
and destination.
- Added keep-alive option to program destination (afprog).
Java drivers
- HTTP destination: Added the ability to use templates in both url
and message.
- ElasticSearch Destination driver: Support 2.2.x series of
ElasticSearch (transport and node mode).
MongoDB destination driver
- Replaced submodule limongo-client with mongo-c-driver.
- Additional support for previous syntax used by libmongo-client
before we started using mongo-c-driver and its URI syntax
exclusively.
Riemann destination driver
- Use cert-file() and key-file() options to match afsocket
keywords as the same way as afsocket drivers use these options.
Rewrite rules
- Introduced template options in rewrite rules.
- Added unset operation to make it possible to unset a specific
name-value pair for a logmessage.
Parsers
- kvformat: make it possible to specify name-value separator
- linux-audit-scanner: recognize a0-a9* as fields to be decoded
- csv-parser has been refactored, extended with new dialect and
prefix options.
PatternDB
- added groupingby() parser that can perform simple correlation on
log messages
- added create-context action
- Added NLSTRING parser that captures a string until the following
end-of-line
Miscellaneous features
- syslog-debun (debug bundle script for syslog-ng) has been
improved
Bugfixes
- geoip-parser: When default database if not specified, syslog-ng
crashed.
- Added support for multiple drivers with the same name in
syslog-ng config.
- Fixed aack counting logic for junctions that have branches that
modify the LogMessage.
- Fixed a potential crash for code that uses log_msg_clear() in
production (e.g. syslog-parser()).
- Fixed potential crash in reload logic
- system(): use string comparison instead of numeric in PID
rewrite
- Support encoding on glib compiled with libiconv
- pdbtool: Fix the ordering of the debug-info list in PatternDB
- afprog: Don't kill our own process group
- Handle option names with hyphen (-) characters in java scls
- dnscache performance improved
- Fixed IPv6 parser in patterndb.
- Fixed journald program name flapping
- Fixed create-dirs() inheritance in file destinations
- Fixed pass-unix-credentials() global inheritance in afunix
- Fixed create-dirs() global inheritance in afunix
- Fixed byteorder handling on bigendian systems in netmask6 filter
- Fixed flow-control issue when overflow queue is full (suspending
source by setting the window size to 0).
- Log HTTP response error codes in HTTPDestination (Java).
- Fixed potential leaks related $(sanitize) argument parsing in
basicfuncs.
- Fixed a memory leak in python debugger
- Fixed a use-after-free bug in templates.
- Fixed a memory leak around reload in netmask6 filter.
- Fixed a memory leak in LogProtoBufferedServer in case the
encoding() option is used.
- configure: don't override $enable_python while executing
pkg-config
- Fixed BSD timestamp parsing in syslog-format.
- Fixed a SIGPIPE bug in program destination.
- Error handling has been improved in AMQP destination.
- value-pairs performance improvements, memleak fixes
- Various issues around UTF-8 support fixed.
- Fixed integer overflow in numerical operations template function
- Fixed an integer underflow in afsocket.
- Fixed numerical comperisons issues around filters.
- Fixed kernel log message time drift on Linux.
- Take CRLF sequences equivalent to an LF in patterndb.
- When syslog-ng failed to insert data into Redis, it has crashed.
- When device file is set as a file destination then syslog-ng
will not try to change the permission of the device file.
- Various fixes around config file parsing:
3.7.3
Improvements
- Updated Python package requirements.
- Can now compile without MongoDB.
- Added eventlog to the list of required pkg-config packages.
- Basic FreeBSD and HP-UX support of syslog debug bundle generator
by improving POSIX shell compatibility.
- Keep the program destination open between configuration reloads.
- system-source now uses keep-timestamp(no) for Linux kernel log.
The time source used by /dev/kmsg is not updated after system
SUSPEND/RESUME.
Fixes
- Fix a SIGSEGV when a Redis command returns an error.
- Resolve deadlock in logwriter triggered by suppress()
- Mitigate possible deadlock in patterndb
- Fixed global inheritance of pass-unix-credentials() and
create-dirs().
- Certain compilers complained about an undefined symbol when
setting keep-alive(yes).
- For certain use cases, afsocket would not handle procfs read
errors due to an integer underflow.
- Enhanced Java version check and the handling of
SyslogNgInternalLogger (used by Kafka), the FATAL loglevel and
getLocationInformation().
- When a big amount of kernel log was produced in a very short
time, the syslog-ng process sometimes entered into a spin and
stop processing messages.
Rework and clean up the package, split off various bindings
into separate packages. Add SMF support.
Major features and improvements introduced in major releases since 3.2.
3.7
- OpenSSL is now a required dependency for syslog-ng.
- Java-destination driver ported from syslog-ng-incubator.
- Python language support is ported from syslog-ng incubator.
- New Java destination drivers
- New Parsers
3.6
- PCRE is now a required dependency of syslog-ng.
- Threaded mode is now enabled by default.
3.5
- Multi-line support
- STOMP destination
- Redis destination
- Template type hinting
- Template options honored everywhere
- Support for unit suffixes in the configuration
- The Incubator project
3.4
- New plugins: AMQP & SMTP destinations, JSON parser.
- New parsers for patterndb: HOSTNAME, EMAIL, PCRE and LLADDR.
- It is now possible to control what db-parser() sees as its input
via it's new template() option.
- value-pairs() gained support for programmatically
rewriting key names in bulk, via the rekey() method.
- The network() driver is introduced, unifying and extending
tcp(), udp(), syslog(), unix-dgram() and
unix-stream(). The old drivers are still available, but
- Support for junctions & channels were added, which improve
the flexibility of the syslog-ng configuration language.
3.3
- multi-core/CPU scaling: the new multi-threaded architecture allows
syslog-ng to scale into the 800k msg/sec region.
- MongoDB support: using MongoDB instead of SQL is faster and
allows better representation of log data.
- JSON support: using the $(format-json) template function it is
now possible to construct JSON (JavaScript Object Notation)
output for log messages.
- A number of enhancements all over the place: SQL, patterndb.
- The default ports have changed. syslog-ng is using the standard
* Using libtool.
* fixes configure option for pidfile.
* tell sysconfigdir to configure.
* syslog2ng is using awk, add runtime dependency on awk and fix shebang.
* and let not to patch hard-coded uname path for NetBSD specific.
* VARBASE is used for various directory, set to BUILDE_DEFS.
* remove distractions from PLIST, libtoolized shlib files and an empty line.
PR pkg/45419
* fixes config file handling with CONF_FILES.
* require dbdir specified by --localstatedir.
Bump PKGREVISION.
Some key changes:
* configure.in: changed "source" to "." as the source command is a
bashism, changed a couple of double equal signs to single ones,
moved libol to the statically linked libs as AIX links to .a files
dynamically unless static linking is explicitly requested
* src/filters.c (do_filter_netmask): fixed negation for the
netmask() filter
* src/macros.c: added LEVEL_NUM and FACILITY_NUM macros