./sysutils/syslog-ng, Highly portable log management solution

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 3.13.2, Package name: syslog-ng-3.13.2, Maintainer: pkgsrc-users

Highly portable log management solution to create collect, filter,
classify, store and forward log messages.

MESSAGE.NetBSD [+/-]
MESSAGE.common [+/-]

Required to run:
[devel/glib2] [devel/pcre] [lang/python27] [textproc/json-c] [devel/ivykis]

Required to build:
[pkgtools/cwrappers]

Package options: inet6

Master sites:

SHA1: 702a5ab2f5ef05d5852e3fe25f1354aab62ca576
RMD160: 8786e7b37be10383173b7846b3d9fb6d9da7cc33
Filesize: 8835.936 KB

Version history: (Expand)


CVS history: (Expand)


   2017-12-11 15:45:11 by Filip Hajny | Files touched by this commit (11) | Package updated
Log message:
Update sysutils/syslog-ng* to 3.13.2.

- Remove separate sysutils/syslog-ng-json package, it is now a core
  module/dependency.

3.13.2

Fixes
- Missing manpages from release tarball
- Package syslog-ng-mod-json is removed from
- Drop syslog-ng-abi virtual packages

3.13.1

Features
- Add app-parser() framework (automatic parsing of log messages)
- Support microseconds in Riemann destination
- Add osquery destination as an SCL plugin
- Add network load balancer destination
- Add possibility to only signal re-open of file handles (SIGUSR1)
- It is possible from now to limit the number of registered dynamic
  counters
- Add $(binary) template function
- Add experimental transport for transferring messages in whole
  between syslog-ng instances (EWMM)
- Docker based build and debian package generation
- Add auto-parse(yes/no) to app-paser(), system() and
  default-network-drivers()
- Add Graylog2 destination and $(format-gelf) template function

Bugfixes
- Exit when a read fails on an included config file instead of
  starting up with an empty configuration.
- Fix double free
- Add missing discarded counter to groupingby
- Fix a reference leak in Python destination
- Fix timezone issue in snmptrapd parser
- Fix potential crash in stdin driver
- Fix a crash when initializing new config fails for socket with
  keep_alive off
- Fix filter evaluation in case of contexts with multiple elements
- Various grouping-by fixes
- Fix potential use after free around dns-cache during shutdown
- Fix access to indirect values within Java destination
- Fix a crash in affile
- Fix a memory leak
- Fix a crash when getent is used empty group
- Fix jvm-options()
- Fix a crash in Python language binding
- Fix a crash in afmongodb
- Fix a memory leak in afmongodb
- Fix name-to-GID calculation in the $(getent) template function
- Fix a crash when redis is configured without the command() option
- Fix a race condition in kv-parser()

Other changes
- Cleanup diskq related warning messages
- Provide tls block for tls options in amqp(), http(), riemann()
  destination drivers
- It it possible from now to register blocks and generators as plugins
- Drop compatiblity with configurations below 3.0
- Do not change permissions of a file by default
- Allow source files to specify permissions locally
- Minor performance improvement
- The current config version can be queried with "--version"
- Increase the performance of kv-parser()
   2017-10-02 17:16:27 by Filip Hajny | Files touched by this commit (5) | Package updated
Log message:
Update sysutils/syslog-ng to 3.12.1.

# Features

- HDFS: support macro in filename
- HDFS: add append support
- Java: allow to use sequence numbers in templates
- TLS improvements
    - Add PKCS 12 support with the new `pkcs12-file()` TLS option
    - startup time `ssl-options()` and `peer-verify()` check
    - startup time `key_file`, `cert_file`, `ca_dir`, `crl_dir` and
      `cipher_suite` check
    - ECDH  cipher support (OpenSSL 1.0.1, 1.0.2, 1.1.0) with the
      `ecdh-curve-list()` option (only available >= 1.0.2)
        - for < 1.0.2, a hard-coded curve is used
        - for >= 1.0.2, automatic curve selection is used (the
          `ecdh-curve-list()` option can restrict this list)
    - DH cipher support with the `dhparam-file()` option
        - if the option is not specified, fallback RFC 3526 parameters
          are used
    - minor fixes
- `stdin()` source driver
- Implement `read_old_records` option for systemd-journal source
- Add tags-parser: a new module to parse $TAGS values
- Add a Windows eventlog parser scl module
- Add XML parser module

# Bugfixes

- Fix cannot parse ipv6 into hostname
- Speedup add-contextual-data by making ordering optional
- Fix `monitor-method()` option not working for `wildcard-file()` source
- Sanitize SDATA keys in syslog-protocol messages to avoid generating
  non-valid messages
- Fix memory leaks reported using Valgrind
- Fix memory leak related to cloning pipes and reload
- Fix getent protocol number returns incorrect value
- Fix elasticsearch2 destination flush mechanism
- Fix file destination related memory leak
- Fix a possible memory leak around affile destination

# Other changes

- Improve syslog-ng debun functionality
- Java: allow to set JVM options form global syslog-ng options
- Do steps towards Python 3 support:
    - Fix string compatibility for Python 3
    - Improve Python version auto detection
- HTTP destination: display verbose logs on debug level
- Improvements for Solaris packing
   2017-08-31 14:53:50 by Filip Hajny | Files touched by this commit (9) | Package updated
Log message:
Update sysutils/syslog-ng* to 3.11.1.

3.11.1

Features

- Add geoip2 parser and template function.
- Add SSL support to AMQP.
- Add template option to apache-accesslog-parser.
- Add configurable event time to Riemann destination.
- Add drop-unmatched() option to dbparser.
- Add Ubuntu Xenial to the bundled docker images.
- Support multi-instance support for Solaris 10 and 11.
- Support multi-instance for systemd.
- Add configurable timeout to HTTP destination.
- Add prefix() option to cisco-parser.

Bugfixes

- Fix a memory usage counter underflow for threaded destination drivers
  and writers.
- Fix a potential crash in AMQP.
- Fix a potential crash during reload.
- Fix a reload/shutdown issue.
- Fix a potential crash in afsocket destination during reload.
- Fix a counter registration bug.
- Fix a build issue on FreeBSD.
- Fix a memory leak in diskq plugin.
- Fix systemd-journal error codes validation.
- Fix a potential crash in diskq when it is used with file
  destination and the file is reaped.
- Fix a memory leak in HTTP destination
- Fix ENABLE_DEBUG in dbparser.
- Fix a unit tests that caused build issue on 32 bit platforms.

Other changes

- The eventlog library is part of syslog-ng from now.
- Improve error messages when the config cannot be initialized.
- Improve source suspended/resumed debug messages.
- Rename syslog-debun to syslog-ng-debun.
- Update manpages to v3.11
- Remove tgz2build directory.

3.10.1

Features

- Support https in http (curl) module
- Docker support : from now Dockerfile for CentOS7, Ubuntu Zesty and for
  Debian Jessie is part of our upstream
- Add --database parameter for geoip template function
- Metric improvements
- Add snmp-parser (v1, v2)
- Add snmp-soure
- Add osquery source
- Add cisco-parser
- Add wildcard filesource
- Add startdate template function
- Add $(basename) and $(dirname) template functions
- Add Kerberos support for HDFS destination
- Add AUTH support for redis destination
- Add map-value-pairs() parser
- Extend Python language binding by Python parser
- Add support for extract-stray-words() option in kv-parser()
- Add $(context-values) template function
- Add $(context-lookup) function
- Add list related template functions
- Add add query commands to syslog-ng-ctl
- Support multiple servers in elasticsearch2-http destination
- Implements elastic-v2 https in http mode
- Add getent module (ported from incubator)
-  Add support for IP_FREEBIND

Bugfixes

- Fix a libnet detection check error that caused problem configuring
  enable-spoof-source.
- Avoid warnings about _DEFAULT_SOURCE on recent glibc versions
- Fix invalid database warning for geoip parser
- Fix prefix() default in systemd-journal for new config versions
- Fix a potential message loss in Riemann destination
- Fix a potential crash in the Riemann destination when the client is
  not connected to the Riemann server.
- Fix a possible add-contextual-data() related data loss in case of
  multiple
  reference to the same add-contextual-data parser in several logpaths.
- Fix dbparser deadlock
- Fix Python destination
- Fix processed stats counter for afsocket
- Fix stats source for pipes
- Fix csv-parser multithreaded support
- Fix a message loss in case of filesource when syslog-ng was restarted
  and the log_msg_size > file size.
- Fix a potential crash in cryptofuncs
- Fix a potential crash in syslog-ng-ctl when no command line parameters
  was set.
- Fix token duplication in the output of '--preprocess-into'
- Fix UTF-8 support in syslog-ng-ctl
- Fix a potential crash during X.509 certificate validation.
- Fix a segfault in Python module startup
- Fix a possible endless reading loop issue in case of multi-line
  filesource.
- Fix soname for the http module from "curl" to "http"
- Avoid openssl 1.1.0 deprecated APIs

Other changes

- Increase processed counter by queued counter after reload or restart
  when diskqueue is used otherwise the newly added written counter would
  underflow.
- Set the default time-zone to UTC for elasticsearch2
- Add retries support for python destination
- Prefer server side cipher suite order
- Always include librabbitmq in the dist tarball
- Always include ivykis in the dist tarball
- Marking parse error locations with >@<.
- Default log_msg_size is increased to 64Kbyte from 8Kb
- Tons of syslog-debun improvements
- Exit with 0 return code when --help is specified for syslog-ng-ctl
- syslog-ng: make '--preprocess-into' foreground only
- Add debug messages on log_msg_set_value()
- Add more detail to filter evaluation related debug messages
   2017-01-10 19:54:16 by Filip Hajny | Files touched by this commit (6) | Package updated
Log message:
Update sysutils/syslog-ng to 3.9.1.

Features

- Improve parsing performance in case of keep-timestamp(no)
- TLS based transports will publish the peer's certificate in a set of
  name-value pairs.
- Improve performance of the tcp() source, due to a bug, syslog-ng
  attempted to apply position tracking to messages coming over a TCP
  transport, which is used for file position tracking and causing
  performance degradation.
- Make it possible to configure the listen-backlog() for any stream based
  transports (unix-stream and tcp).
- Add a groupunset() rewrite rule that pairs up with groupset() but instead
  of setting values it unsets them.
- Add support for Elastic Shield and SearchGuard
- kv-parser() is now able to cope with unquoted values with an embedded
  space in them, it also trims whitespace from keys/values and is in
  general more reliable in extracting key-value pairs from arbitrary log
  messages.
- Improve performance for java based destinations.
- Add prefix() option to add-contextual-data()

Bugfixes

- Fix a potential crash in the file destination, in case it is a template
  based filename and time-reap() is elapsed.
- Fix a potential ACK problem within syslog-ng that can cause input windows
  to overflow queue sizes over time, effectively causing message drops that
  shouldn't occur.
- Fix a heap corruption bug in the DNS cache, in case the maximum number of
  DNS cache entries is reached.
- Fix timestamp for suppression messages.
- Fix add-contextual-data() to support CRLF line endings in its CSV input
  files.
- Fixed key() option parsing in riemann() destinations.
- Find libsystemd-journal related functions in both libsystemd-journal.so
  and libsystemd.so, as recent systemd versions bundled all systemd
  related libs into the same library.
- Fixed the build-time detection of system-wide installed librabbitmq,
  libmongoc and libcap.
- Fix the file source to repeatedly check for unexisting files, as a bug
  caused syslog-ng to stop after two attempts previously.
- The performance testing tool "loggen" crashed if it was used to generate
  messages on multiple threads over TLS. This was now fixed.
- Fix an issue in the syslog-parser() parser, so that timestamps parsed
  earlier in the log path are properly overwritten.
- Due to a compilation issue, tcp-keepalive-time(), tcp-keepalive-intvl() and
  tcp-keepalive-probes() were not working, now they are again.
- The --disable-shm-counters option is now passed to mongo-c-driver to work
  around a minor security issue.
- Fix compilation issues on FreeBSD.
- Add support to month names in all caps in syslog timestamps. At least one
  device seems to generate these.
- The options() option to java destination can now accept numbers and not
  just strings.
- Fix a memory leak in the java destination driver, that may affect java
  based destinations like ElasticSearch, Kafka & HDFS.

Other changes

- HDFS was updated to 2.7.3
- Elasticsearch was updated to 2.4.0
- Support was added for OpenSSL 1.1.x
   2016-08-21 23:31:24 by Filip Hajny | Files touched by this commit (1)
Log message:
CPPFLAGS no longer needed, fixes build for py-syslog-ng.
   2016-08-21 22:22:31 by Filip Hajny | Files touched by this commit (1) | Package updated
Log message:
Clear the stray PKGREVISION after update
   2016-08-21 22:18:30 by Filip Hajny | Files touched by this commit (8) | Package updated
Log message:
Update sysutils/syslog-ng and modules to 3.8.1.

3.8.1

Library updates
- Kafka-client updated to version to 0.9.0.0
- Minimal required version of hiredis is set to 0.11.0 to avoid
  possible deadlocks
- Minimal version of libdbi is set to 0.9.0

Improvements and features
- Added the long-waited disk-buffer.
- date-parser ported from incubator to upstream
- New template functions: min, max, sum, average
- Added Apache-accesslog-parser
- Added loggly destination
- Added logmatic destination
- Added template function for supporting CEF.
- cURL-based HTTP destination driver added (implemented in C
  programming language)
- SELinux policy installer script now has support for Red Hat
  Enterprise Linux/CentOS/ Oracle Linux 5, 6 and 7.
- Implemented add-contextual-data: With add-context-data syslog-ng
  can use an external database file to append custom name-value
  pairs on incoming logs (to enrich messages).

Program destination/source drivers
- Added inherit-environment configuration option to program source
  and destination.
- Added keep-alive option to program destination (afprog).

Java drivers
- HTTP destination: Added the ability to use templates in both url
  and message.
- ElasticSearch Destination driver: Support 2.2.x series of
  ElasticSearch (transport and node mode).

MongoDB destination driver
- Replaced submodule limongo-client with mongo-c-driver.
- Additional support for previous syntax used by libmongo-client
  before we started using mongo-c-driver and its URI syntax
  exclusively.

Riemann destination driver
- Use cert-file() and key-file() options to match afsocket
  keywords as the same way as afsocket drivers use these options.

Rewrite rules
- Introduced template options in rewrite rules.
- Added unset operation to make it possible to unset a specific
  name-value pair for a logmessage.

Parsers
- kvformat: make it possible to specify name-value separator
- linux-audit-scanner: recognize a0-a9* as fields to be decoded
- csv-parser has been refactored, extended with new dialect and
  prefix options.

PatternDB
- added groupingby() parser that can perform simple correlation on
  log messages
- added create-context action
- Added NLSTRING parser that captures a string until the following
  end-of-line

Miscellaneous features
- syslog-debun (debug bundle script for syslog-ng) has been
  improved

Bugfixes
- geoip-parser: When default database if not specified, syslog-ng
  crashed.
- Added support for multiple drivers with the same name in
  syslog-ng config.
- Fixed aack counting logic for junctions that have branches that
  modify the LogMessage.
- Fixed a potential crash for code that uses log_msg_clear() in
  production (e.g. syslog-parser()).
- Fixed potential crash in reload logic
- system(): use string comparison instead of numeric in PID
  rewrite
- Support encoding on glib compiled with libiconv
- pdbtool: Fix the ordering of the debug-info list in PatternDB
- afprog: Don't kill our own process group
- Handle option names with hyphen (-) characters in java scls
- dnscache performance improved
- Fixed IPv6 parser in patterndb.
- Fixed journald program name flapping
- Fixed create-dirs() inheritance in file destinations
- Fixed pass-unix-credentials() global inheritance in afunix
- Fixed create-dirs() global inheritance in afunix
- Fixed byteorder handling on bigendian systems in netmask6 filter
- Fixed flow-control issue when overflow queue is full (suspending
  source by setting the window size to 0).
- Log HTTP response error codes in HTTPDestination (Java).
- Fixed potential leaks related $(sanitize) argument parsing in
  basicfuncs.
- Fixed a memory leak in python debugger
- Fixed a use-after-free bug in templates.
- Fixed a memory leak around reload in netmask6 filter.
- Fixed a memory leak in LogProtoBufferedServer in case the
  encoding() option is used.
- configure: don't override $enable_python while executing
  pkg-config
- Fixed BSD timestamp parsing in syslog-format.
- Fixed a SIGPIPE bug in program destination.
- Error handling has been improved in AMQP destination.
- value-pairs performance improvements, memleak fixes
- Various issues around UTF-8 support fixed.
- Fixed integer overflow in numerical operations template function
- Fixed an integer underflow in afsocket.
- Fixed numerical comperisons issues around filters.
- Fixed kernel log message time drift on Linux.
- Take CRLF sequences equivalent to an LF in patterndb.
- When syslog-ng failed to insert data into Redis, it has crashed.
- When device file is set as a file destination then syslog-ng
  will not try to change the permission of the device file.
- Various fixes around config file parsing:

3.7.3

Improvements
- Updated Python package requirements.
- Can now compile without MongoDB.
- Added eventlog to the list of required pkg-config packages.
- Basic FreeBSD and HP-UX support of syslog debug bundle generator
  by improving POSIX shell compatibility.
- Keep the program destination open between configuration reloads.
- system-source now uses keep-timestamp(no) for Linux kernel log.
  The time source used by /dev/kmsg is not updated after system
  SUSPEND/RESUME.

Fixes
- Fix a SIGSEGV when a Redis command returns an error.
- Resolve deadlock in logwriter triggered by suppress()
- Mitigate possible deadlock in patterndb
- Fixed global inheritance of pass-unix-credentials() and
  create-dirs().
- Certain compilers complained about an undefined symbol when
  setting keep-alive(yes).
- For certain use cases, afsocket would not handle procfs read
  errors due to an integer underflow.
- Enhanced Java version check and the handling of
  SyslogNgInternalLogger (used by Kafka), the FATAL loglevel and
  getLocationInformation().
- When a big amount of kernel log was produced in a very short
  time, the syslog-ng process sometimes entered into a spin and
  stop processing messages.
   2016-06-08 12:16:57 by Jonathan Perkin | Files touched by this commit (89)
Log message:
Remove the stability entity, it has no meaning outside of an official context.