3.0.5 Thu, 03 Dec 2009 18:02:56 +0100 Bugfixes: * Fixed a possible hang that caused syslog-ng to completely stop processing messages, in case SQL destination is enabled in configure. The bug does not need a working SQL destination. * Fixed a possible 100% CPU usage in case an udp destination went down. * Fixed host_override/program_override options that were broken in 3.0.4. * Fixed the SQL destination to avoid dropping the output queue in case a HUP was received. * Fixed a possible segmentation fault when parsing syntactically incorrect patterndb files. * Fixed ESTRING parser to include the ending quote character in the result. * Report an error in case there's no terminating brace in template macro references, e.g. no closing brace in ${macro} format. * Fixed FreeBSD init script to add $prefix/sbin to the PATH environment variable. This problem caused syslog-ng not to start up on boot. * Fixed FreeBSD /dev/klog message reading, follow_freq() needs to default to zero in this case (just like Linux /proc/kmsg). * Fixed a possible segfault in SIGHUP processing if an included file contains a syntax error. * RFC5424 over UDP erroneously required frame length, just like TCP, this is now fixed. * Fixed HP-UX 11iv2 compilation issue related to pread/pwrite compile errors. * The flow-control flag was erroneously enabled if any of the log statements contained either "final" or "fallback". * Fixed rewrite processing, in some cases a rewritten value could be propagated to wrong branches in the log processing tree. Other changes: * Added support for Cisco ASA timestamps. * Added version checks for PCRE in the configure script. * Integrate with system LSB init scripts a bit better, with 3.0.5 the init script status reports should nicely integrate with the host system. 3.0.4 Wed, 05 Aug 2009 12:51:31 +0200 Bugfixes: * The use of the tcp6 destination caused aborts during startup, which has now been fixed. * The window size used for flow control could be decremented to a negative value in case multiple incoming connections overflowed the queue. This could cause an abort if a SIGHUP was received at this time. * Fixed a possible segmentation fault under Solaris if the syslog() driver was used without explicitly specifying a transport() option. * Fixed parse error handling when loading the patterndb. * Fixed the handling of door initialization failures on Solaris. Other changes: * Fixed performance degradation when using the host_override/program_override options. 3.0.3 Thu, 25 Jun 2009 08:20:28 +0200 IMPORTANT CHANGES: * There was an unintended change in the meaning of command line argument -C (--chroot) and -R (--persist-file) between 2.x and 3.x versions of syslog-ng. This release reverts this change back to the original 2.x behaviour. This is a incompatible change compared against 3.0.2. Please review your startup scripts if you use either -C or -R. Bugfixes: * Fixed a compilation problem if IPv6 is disabled. * Fixed a crash problem if a log statement has a filter but no destinations. * The usertty() driver was changed to open the terminal device in nonblocking mode, as open on a serial device might block which cause the syslog-ng process to hang. 3.0.2 Thu, 07 May 2009 08:30:06 +0200 Highlights: * This release is the first to feature binary packages and installation packages for various Linux and BSD platforms. Bugfixes: * Only assume that a source logfile was rotated if the new log file has a non-zero size. This fix solves a minor race condition which might have caused some messages to be lost from the end of the old logfile. * Fixed the processing of the -u and -g command line options to set the user/group of the syslog-ng process. Previously all usernames were rejected as non-existant. * Resolve usernames before chrooting, to avoid the need to have an /etc/passwd & /etc/group inside the chroot. * Fixed the read rate of regular files, with the change in this release it is now possible to fully saturate a destination pipe by using plain text files. * Fixed a synchronization problem in the SQL destination on AIX causing random crashes when the SQL destination was used. * Make the "syslog" reserved word usable as a facility name, previously syslog-ng indicated a syntax error if syslog as a facility was not enclosed in quotation marks. * Do not write the pidfile in case only a syntax check was requested. * Fixed compilation problems if SSL support is not enabled. * Set the default fd limit to 256 on cygwin as that platform does not support the current default of 4096 used on all other platforms. * Fixed template expansion for non-inline templates defined using the template statement. * Fixed the handling of zero-sized packets in the udp() source. * Fixed the storing of regexp/db-parser() matches on big-endian, 32 bit CPUs. * Fixed character conversion in case one chunk of data has an incomplete sequence at the end. * Do not allow the character conversion to eat up unlimited memory to avoid an easy DoS condition. * Fixed SSL certificate validation, added X.509 policy check, fixed required-untrusted verify-mode and added basicConstraints validation. * Fixed /dev/klog handling on FreeBSD, syslog-ng attempted to open this device multiple times which is not permitted. * Fixed $TZOFS expansion in templates in case the target does not specify a conversion timezone (which is the default and is true in most cases). * Fixed the use of multiple SQL destinations, previously only the first SQL destination started writing messages to the target database because of an initialization problem. * If you elected to use host-file only name resolution, the check to see if the hosts file was changed was performed for each DNS resolution, causing a major performance drop. This was fixed. * Due to a typo in the configuration file parser, using SSL destinations always resulted in a segmentation fault. This was fixed. * Fixed counting the number of concurrent connections in the SSL enabled tcp() source, previously failing handshakes were counted, thus it was quite easy to reach the max-connection limit. * Clarified logging about connection rejected by /etc/hosts.deny & /etc/hosts.allow. * HP-UX 11v3 compilation fixes. * Fixed SOURCEIP expansion for IPv6 addresses. * Fixed match(type(string)) not to match the message in case only a prefix match was found. * Fixed capability setup code around file opens. Other changes: * Implemented 'store-legacy-msghdr' source flag which keeps the original value of MSGHDR intact, instead of parsing/rebuilding it at the cost of some performance penalty. * Implemented 'empty-lines' source flag to avoid dropping empty log messages which is the default behaviour. * Added support for file includes in the configuration file. * Allow follow_freq() to be a floating point number. * Cygwin packaging fixes. * Make it possible to create named pipes automatically in the pipe() destination. * Allow the use of macros in the filename of pipe() destinations. * Added support for setting the default priority/facility value for each source that get applied to messages that lack one. * Recognize "mssql" as an alias for "freetds" in the SQL destination. * Added the "greedy" flags to the csv-parser(): it makes the last column eat the complete end of the line without caring about column separation characters * Added the "drop-invalid" flag to the csv-parser() which makes the parser drop anything that has less columns than it expects to have. * Make it possible to use fractions of a second even in non-ISO timestamps. * The default values for SQL columns is being deprecated, please supply SQL schema information explicitly in your SQL destinations. A warning message was added in case you do not have a full schema and rely on the default values. * The SQL destination got a null() option that specifies a 'special' value for a column which get replaced by an SQL NULL. * Added local_timezone() option to file/sql destinations that control the timezone used when expanding the filename/tablename templates. It defaults to the local timezone. Configure changes: This section lists changes that might affect distribution packages, please make sure that these changes do not break the syslog-ng packages in any way. * Changed the default value of pidfiledir to ${localstatedir} to match GNU conventions; you can specify it explicitly with a --with-pidfile-dir configure option. * Changed the default linking mode to "dynamic" to make it easier to compile syslog-ng, as most distributions prefer dynamic libraries over static ones. This means that syslog-ng might not be able to start up if /usr is on NFS. On platforms where syslog-ng is used as a system logger, the previous setting of --enable-mixed-linking is preferred. Loggen changes: * The sequence number and timestamping of generated messages were erroneously commented out, these were reverted. * Do not allow message sizes that are larger than the predefined message buffer size. * In addition to reporting the number of messages/sec, also report the effective bandwidth used during testing. Test suite changes: * A lot of enhancements to the functional test program to cover more of the syslog-ng code, like SSL sources & SQL destinations. 3.0.1 Wed, 24 Dec 2008 12:16:08 +0100 We are happy to announce that version 3.0 of the syslog-ng Open Source Edition application has been released. The news and highlights of this version are summarized below: NEWS: Communication: * Version 3.0 of syslog-ng supports the new syslog protocol standards developed by the Internet Engineering Task Force (IETF). The details of these protocols can be found at http://www.ietf.org/internet-drafts/draft-ietf-syslog-protocol-23.txt and http://www.ietf.org/internet-drafts/draft-ietf-syslog-transport-tls-11.txt. * The capability to encrypt log connections using TLS has been added. Configuration: * Log statements can be embedded into each other, making it possible to design complex log paths. That way for example the results of a filter can be sent to multiple destinations, or it can be sent to a destination unchanged, and partly rewritten for the other destination. Log files: * The encoding of source files can be set for proper character conversion (internally syslog-ng represents every message in UTF-8). Log messages: * The syslog-ng application assigns a unique message identification number to every log message, making it easy to detect if any messages are lost. * The syslog-ng application can read, process, and rewrite structured messages (e.g., Apache webserver logs) using templates and regular expressions. Both messages with fixed field sizes and fields separated with delimiters (e.g., comma-separated values) are supported. DOWNLOAD: This is a source code only release, no binary packages are available at this time. Those will be provided at a later date. The documentation of syslog-ng OSE 3.0, including the installation and user guides is be available at: http://www.balabit.com/support/documentation/?product=syslog-ng Best Regards, BalaBit IT Security