github syslog-ng/syslog-ng syslog-ng-3.6.0alpha1
syslog-ng 3.6.0alpha1
on GitHub

latest releases: syslog-ng-4.7.1, syslog-ng-4.7.0, syslog-ng-4.6.0...
pre-release9 years ago

3.6.0alpha1

This is the first alpha release of the upcoming syslog-ng OSE 3.6 branch, a result of about seven months of work, by more than a dozen contributors, touching 379 files, and changing over twenty thousand lines.

Compared to the latest stable release (3.5.5), this alpha release contains the following noteworthy changes:

New dependencies

PCRE is now a required dependency of syslog-ng, and is not optional anymore.

Features

New options

  • A new custom-domain() global setting was introduced, which allows the administrator to override the local domain name used by syslog-ng. It affects all locally generated log messages.
  • Added a use-rcptid() global option, that tells syslog-ng to assign a reception ID to each message received and generated by syslog-ng. This ID is available as the $RCPTID macro, and is unique on a given host. The counter wraps around at 48 bits and is never zero.

New drivers

  • The pseudofile() destination driver is a very simple driver, aimed at delivering messages to special files in /proc or /dev. It opens and closes the file on each message, instead of keeping it open. It does not support templates in the filename, and does not have a queue (and as such, is not adequate in high traffic situations).
  • The new nodejs() source driver (implemented as an SCL macro) adds a source driver that allows syslog-ng to accept messages from node.js applications that use the winston logging API.

Miscellaneous new features

  • The multi-line-mode() option gained a new setting: prefix-suffix, which works similarly to the prefix-garbage (which is the new name for regexp), except it appends the garbage part to the message, instead of discarding it.

    This new mode can be used to work around the absence of a timeout.

  • Filters default to PCRE matching, instead of the previous POSIX regexp default.

Statistics

  • The stats counter for PROGRAM counters now includes the timestamp of the last update.
  • A new stats-lifetime() global option was introduced, which controls how often dynamic counters are expired. The timer is not exact, some timers may live a little bit longer than the specified time.
  • Dynamic counters are now cleaned up every stats-lifetime() minutes (defaulting to 10 minutes) instead of only on reloads. This change was done to reduce the memory used by dynamic counters.
  • There is now an internal_queue_length statistic, which shows the length of the internal queue. This is most useful to see if the internal() source is not connected, or if it is not being emptied fast enough (which, again, indicates a more serious error).

MongoDB

  • The mongodb() driver now supports authentication, even when using replica sets. When re-connecting to another member of the set, the driver will automatically re-authenticate.
  • The --with-libmongo-client option of the configure script now supports auto as a value, and will then detect whether to use the system version of the library or the internal copy. We default to auto now, which prefers the system library over the internal copy.
  • The driver does not automatically add an _id field to the message: the server will do that automatically, if none is present. This allows users to override the field from within their syslog-ng config.
  • A new retries() option can be used to tell the driver how many times it should try to insert a message into the database before giving up (defaults to 3). This fixes the case where a rogue message could hold up the entire queue, as it was retried forever.
  • The driver now enables safe-mode() by default.
  • There is now a one-minute timeout for MongoDB operations. If an operation times out, it will be considered failed.
  • The driver can now connect to MongoDB via UNIX domain sockets.
  • The double() type hint is now supported by the driver.

Unix Domain Sockets

  • The unix-dgram() and unix-stream() sources now extract UNIX credentials (PID, UID and GID of the sending application) from the passed messages, if any. On Linux, and FreeBSD, the path of the executable belonging to PID is extracted too, along with command-line arguments.

    The extracted values are available in ${.unix.pid}, ${.unix.uid}, ${.unix.gid}, ${.unix.exe} and ${.unix.cmdline}, respectively.

  • The system() source will overwrite the PID macro with the value of ${.unix.pid}, if present.

JSON

  • The json-parser gained an extract-prefix() option, which can be used to tell the parser to only extract JSON members from a specific subtree of the incoming object.

    Example: json-parser(extract-prefix("foo.bar[5]"));

    Assuming that the incoming object is named msg, this is equivalent to the following javascript code: msg.foo.bar[5]

    The resulting expression must be a JSON object, so that syslog-ng can extract its members into LogMessage name-value pairs.

    This also works when the top-level object is an array, as extract-prefix() allows the use of an array index at the first indirection level, for example: json-parser(extract-prefix("[5]"));, which translates to msg[5].

  • The $(format-json) template function now handles the double() type hint.

Debugging

  • When sending messages to stderr in debug mode, prepend a timestamp to the messages.
  • The new $RUNID macro is available for templates, which changes its value every time syslog-ng is restarted, but not when reloaded.
  • A Valgrind suppression file was added (available under contrib/valgrind/), to aid in debugging memory leaks in syslog-ng. It supresses a couple of known false positives, and a few other things in third-party libraries.
  • A new utility, system-expand, was added, which returns what the system() source would expand to.

Bugfixes

  • With the MongoDB destination, successfully inserted messages are not counted as "stored" anymore: stored messages are those that are in a memory or disk buffer.

  • In the MongoDB destination, reconnecting in a replica-set environment now works correctly, and reliably.

  • The reliability of the usertty() destination driver was greatly improved. Previously, some parts of it were not thread-safe, which could result in strange behaviour.

  • The handling of escape related flags of csvparser() was changed: instead of these flags overwriting all other (even non-escape related) flags, if the flag to set is an escape-flag, it will keep all non-escape flags, and set the new one. If it is a not such a flag, then it will clear all flags, and set the previous escape flags, and the new flag.

    This, in essence, means that when setting flags on a csvparser(), if it is an escape flag, only escape flags will be affected. If not, then escape flags will not be affected at all.

  • The SQL destination now correctly continues $SEQNUM counting after a reload, instead of starting afresh.

  • When tring to stop syslog-ng while a reload is in progress, syslog-ng will now correctly shut down cleanly.

  • When the local hostname is not an FQDN, and the local resolver fails to return an FQDN too, syslog-ng does not abort anymore, but continues using a non-FQDN hostname after emitting a warning on the internal source.

    Furthermore, syslog-ng will try to resolve the FQDN harder: when multiple names are returned, it will search for the first FQDN one, instead of stopping at the primary name.

  • The update-patterndb script will now work correctly when the current working directory contains .pdb files.

  • We will now correctly handle time going backwards in patterndb: it will realign its idea of current time with the system. This corrects a bug where timeouts did not function properly when system time was set backwards.

  • The Linux capability support is now correctly auto-detected by the configure script, and defaults to off on FreeBSD 9+, as it should.

  • Various memory leak fixes around the code base.

Developer notes

The code base went through a lot of refactoring, too many to list in a simple NEWS file. Groundwork has been laid out for future features which are yet to hit the 3.6 branch.

Credits

syslog-ng is developed as a community project, and as such it relies on volunteers, to do the work necessary to produce syslog-ng.

Reporting bugs, testing changes, writing code or simply providing feedback are all important contributions, so please if you are a user of syslog-ng, contribute.

We would like to thank the following people for their contribution:

Andras Mitzki, Andres Tamayo, Balazs Scheidler, Csaba Karsai, Daniel Gados, Evan Rempel, Fabien Wernli, Gergely Nagy, Igor Ippolitov, Imre Lazar, Jakub Wilk, Laszlo Budai, Lucas McLane, Martin Bagge, Matyas Koszik, Nick Alcock, Otto Berger, Peter Czanik, Peter Gyongyosi, Sebastien Badia, Sebastiaan Hoogeveen, Tamas Pal, Tibor Benke, Tobias Schwab, Viktor Juhasz, Viktor Tusa, Xufeng Zhang

Check out latest releases or
releases around syslog-ng/syslog-ng syslog-ng-3.6.0alpha1

Don't miss a new syslog-ng release

NewReleases is sending notifications on new releases.

Get notifications