3.1.2 Mon, 02 Aug 2010 17:06:28 +0200 INCOMPATIBLE CHANGES: * This release changes the default for 'store-legacy-msghdr' flag for log sources. In previous releases this had to be enabled explicitly, because of the performance penalties, which do not apply to 3.1. The original behaviour can be restored by explicitly specifying 'dont-store-legacy-msghdr'. Bugfixes: * When syslog-ng is reloaded, the local hostname value was not refreshed, causing syslog-ng to remember the hostname until the next restart. This may not play nice with DHCP configured hostnames, which may change dynamically. * When several SIGHUP signals are received in quick succession, the last one may have been dropped. This problem is fixed. * Make sure that numbers never get resolved using getpwnam/getgrnam (e.g. libnss functions), because this may cause deadlocks if the NSS provider is LDAP and the LDAP server is trying to log a message to syslog about invalid usernames. * Fixed flush_timeout() handling in for non-file destinations. Enabling flush_lines()/flush_timeout() for a non-file destination, either using a global option, or a per-destination option could cause excess CPU usage as long as the destination wasn't writable. * In case patterndb has a syntax error when reloading the file, syslog-ng automatically reverts to the old version instead of dropping pattern matching altogether. * Fixed pdbtool to properly handle accented characters in the command line. * Fixed the use of the greedy and drop-invalid flags for csv-parser. * Fixed a possible but rare memory leak in the handling of message suppression. Other changes: * Added "update-patterndb" command that merges patterndb files from ${sysconfdir}/patterndb.d and produces ${localstatedir}/patterndb.xml, the default file of the db-parser(). * Make it possible to specify the path to the syslog-ng control socket using a command line option in order to make it easier to launch multiple syslog-ng instances. * Introduced a new, cleaner syntax to specify that the permissions of a file are not to be changed. Use owner/group/perm options of a file without any parameters instead of "-1". The old mechanism had the problem that both per-file and global settings had to use "-1" to effectively stop syslog-ng from changing the uid/gid/perm values. The new syntax will make it possible to specify defaults in the global options section and customize those on a per-file basis. * syslog-ng will not go into the background if either the --syntax-only or --debug options are specified. Loggen: * Added SSL support. * Added the ability to read from a sample file Credits: * We would like to send our thank for all contributors sending us bugreports, documentation issues or patches. They are: * Marius Tomaschewski * Corey Hickey * Evan Rempel * Andy Kitchingman * andrewn at locus.net Hopefully noone was missed from this list. 3.1.1 Sun, 11 Apr 2010 10:26:57 +0200 Bugfixes: * Solaris 10 SMF script now checks if the pid file refers to an actual instance of syslog-ng to make sure that syslog-ng is started even after a system crash. * The System V init script used on Solaris 8/9 gave ugly error messages if the dump device doesn't exist (which happens in a chroot/zone environment), this was fixed. * Fixed a 100% CPU usage if the configuration file uses the pipe driver on a regular file or a file driver on a named pipe. * Fixed a daylight saving problem in the transition window when receiving a BSD timestamp. * syslog-ng CSV format statistics (reachable via syslog-ng-ctl) is now properly escaped. Other changes: * Added "TAGS" macro which expands to a list of comma separated message tags. 3.1beta2 Fri, 18 Dec 2009 09:19:39 +0100 Bugfixes: * Fixed two major memory leaks, one on input messages, one in patterndb. * Fixed escaped structured data processing. * Fixed expanding SDATA references in templates which have multiple dots in its name (e.g. when an OID is present in the name of the SD param or SD-ID. * pdbtool now correctly zero pads month and day fields in publish date of the merged patterndb file. * pdbtool won't link to unnecessary libraries, which fixes a compilation problem on Solaris with flex installed. 3.1beta1 Sun, 29 Nov 2009 16:25:18 +0100 This is the first public release of syslog-ng Open Source Edition 3.1. syslog-ng 3.1 is the first so called "feature release" of syslog-ng, as such its support period ends when either the next feature (named 3.2) or the next stable (named 4.0) version is published. New features: * Support for patterndb v2 and v3 format, along with a bunch of new parsers: ANYSTRING, IPv6, IPvANY and FLOAT. * Added a new "pdbtool" utility to manage patterndb files: convert them from v1 or v2 format, merge mulitple patterndb files into one and look up matching patterns given a specific message. * Support for message tags: tags can be assigned to log messages as they enter syslog-ng: either by the source driver or via patterndb. Later it these tags can be used for efficient filtering. * Added support for rewriting structured data. * Macros and name-value pairs got a little tighter integration, in filters where syslog-ng 3.0 was limited to only use name-value pairs, with 3.1 you can also use macros. * Enhanced dynamic name-value performance by a factor of three. * Some parsers got additional features: NUMBER is now able to parse hexadecimal numbers, ESTRING is now able to search for multiple characters as the end of the string. * Added non-standard and non-portable facility codes (range 10-15), decouple syslog-ng facility name information from the system used to compile syslog-ng on. 3.1.0 Tue, 16 Mar 2010 17:15:40 +0100 This is the first stable release of syslog-ng Open Source Edition 3.1. syslog-ng 3.1 is the first so called "feature release" of syslog-ng, as such its support period ends when either the next feature (named 3.2) or the next stable (named 4.0) version is published. New features: * Support for patterndb v2 and v3 format, along with a bunch of new parsers: ANYSTRING, IPv6, IPvANY and FLOAT. * Added a new "pdbtool" utility to manage patterndb files: convert them from v1 or v2 format, merge mulitple patterndb files into one and look up matching patterns given a specific message. * Support for message tags: tags can be assigned to log messages as they enter syslog-ng: either by the source driver or via patterndb. Later it these tags can be used for efficient filtering. * Added support for rewriting structured data. * Macros and name-value pairs got a little tighter integration, in filters where syslog-ng 3.0 was limited to only use name-value pairs, with 3.1 you can also use macros. * Enhanced dynamic name-value performance by a factor of three. * Some parsers got additional features: NUMBER is now able to parse hexadecimal numbers, ESTRING is now able to search for multiple characters as the end of the string. * Added non-standard and non-portable facility codes (range 10-15), decouple syslog-ng facility name information from the system used to compile syslog-ng on. * Added pcre support in the binary packages of syslog-ng. An updated administrator's guide is available on the BalaBit documentation page at: http://www.balabit.com/support/documentation/ Changes since 3.1beta2: Bugfixes: * Fixed Solaris 10 SMF script to properly handle svcadm refresh requests. * Fixed a possible segmentation fault for unix-dgram/unix-stream destinations on some (non-Linux) platforms. * Fixed processing empty log entries when using the syslog() protocol. * Fixed processing partially received syslog messages. Other changes: * It is now possible to add comments before the @version header in the configuration file. * Decrease the frequency of gettimeofday() calls during syslog-ng operation, as gettimeofday() is expensive to call on some platforms. * The SQL destination will only attempt to INSERT a given log message 3 times, and after that it gives up, instead of trying indefinitely. * Tru64 portability fixes. * The functional test program was improved to check the new RFC5424 syslog protocol.