syslog-ng-3.27.1
3.27.1
Highlights
DESTIP/DESTPORT/PROTO
: new macros. (#2899)set-facility()
: add new rewrite operation to change the syslog facility associated with the message. (#3136)network tls
: Addedca-file()
option. With this option the user can set a bundled CA-file to verify the peer. (#3145)Forward integrity and confidentiality of logs
(#3121): It is an experimental feature currently, we are still working on the final form with the authors.
Features
-
DESTIP/DESTPORT/PROTO
: new macrosThese new macros express the destination ip, destination port and used protocol on a source.
The use-case behind the PR is as follows:
- someone has an appliance which sends out log messages via both UDP and TCP
- the format of the two are different, and he wants to capture either with the simplest possible filter
netmask()
doesn't work because the IP addresses are the samehost()
doesn't work because the hostnames are the same
Example:
log { source { network(localip(10.12.15.215) port(5555) transport(udp)); }; destination { file("/dev/stdout" template("destip=$DESTIP destport=$DESTPORT proto=$PROTO\n")); }; };
Output:
destip=10.12.15.215 destport=5555 proto=17
(#2899)
-
set-facility()
: add new rewrite operation to change the syslog facility
associated with the message.log { source { system(); }; if (program("postfix")) { rewrite { set-facility("mail"); }; }; destination { file("/var/log/mail.log"); }; flags(flow-control); };
(#3136)
-
network tls
: Addedca-file()
option. With this option the user can set a bundled CA-file to verify the peer.
(#3145) -
http
: When a HTTP response is received, emit a signal with the HTTP response code.
(Later it can be extended to read the response and parse it in a slot...).This PR also extends the Python HTTP header module with the possibility of writing custom HTTP response code handlers. When someone implements an auth header plugin in Python, it could be useful (for example invalidating a cache).
Example config, click to expand!
@version: 3.25 python { from syslogng import Logger logger = Logger() class TestCounter(): def __init__(self, options): self.header = options["header"] self.counter = int(options["counter"]) logger.debug(f"TestCounter class instantiated; options={options}") def get_headers(self, body, headers): logger.debug(f"get_headers() called, received body={body}, headers={headers}") response = ["{}: {}".format(self.header, self.counter)] self.counter += 1 return response def on_http_response_received(self, http_code): self.counter += http_code logger.debug("HTTP response code received: {}".format(http_code)) def __del__(self): logger.debug("Deleting TestCounter class instance") }; source s_network { network(port(5555)); }; destination d_http { http( python_http_header( class("TestCounter") options("header", "X-Test-Python-Counter") options("counter", 11) # this means that syslog-ng will trying to send the http request even when this module fails mark-errors-as-critical(no) ) url("http://127.0.0.1:8888") ); }; log { source(s_network); destination(d_http); flags(flow-control); };
(#3159)
-
java/python
: add support for the "arrow" syntax.options("key" => "value")
-
python
: persist support for pythonThis feature enables users to persist data between reloads or restarts. The intended usage is to support bookmarking and acknowledgement in the future. It is not suitable for local database use cases.
(#3171) -
rewrite
: Added conditionalset-tag()
option. With this option the user can put condition statement inside set-tag option.rewrite { set-tag("tag" condition(match("test" value("MSG")))); };
(#3190)
-
scl
: add sumologic destinations:sumologic-syslog()
andsumologic-http()
(#3194) -
iterate
: new template functionThe iterate template function generates a series from an initial number and a
next
function.For example you can generate a sequence of nonnegative numbers with
source { example-msg-generator( num(3) template("$(iterate $(+ 1 $_) 0)") ); };
(#3205)
-
telegram
: newmax-size
optionTelegram message will be truncated for
max-size
size. Telegram does not accept message larger than 4096 utf8 characters. The default value is 4096.
(#3206) -
example-message-generator
: add support forvalues(name1 => value1, name2 => value2,..)
syntax.Example
@version: 3.27 log { source { example-msg-generator(template("message parameter") num(10) values("PROGRAM" => "program-name" "current-second" => "$C_SEC" )); }; destination { file(/dev/stdout template("$(format-json --scope all-nv-pairs)\n")); }; };
(#3237)
-
example-msg-generator
: supportfreq(0)
for fast message generationlog { source { example-msg-generator(freq(0) num(100)); }; destination { file("/dev/stdout"); }; };
(#3245)
Bugfixes
-
file
: changedtime-reap()
timer's schedule to respect the documentation (expires after last message)
(#3133) -
dbld
: fix building problems- fix rpm package build on centos-7
- fix devshell image build
- fix ubuntu-trusty image build
- fix deb package build on ubuntu-trusty
- fix rpm package build on fedora-30
(#3143)
-
tls (network)
: Properly log an error message, whenkey-file()
orcert-file()
is missing.
(#3145) -
loggen
: fix crash with invalid parameterization
(#3146) -
format-json
: fix printing of embedded zerosPrior to 2.64.1,
g_utf8_get_char_validated()
in glib falsely identified embedded zeros as valid utf8 characters. As a result, format json printed the embedded zeroes as\u0000
instead of\x00
. This change fixes this problem.
(#3175) -
configure
: fix--with-net-snmp
configure option
(#3180) -
python
: fixPy_None
reference counting in logger methods (trace, debug, info, warning, error)
(#3187) -
afmongodb
: do not build module whenENABLE_MONGODB=OFF
(#3188) -
telegram
: automatically truncate messages larger than 4096 utf8 characters to avoid telegram destination to get stuck
(#3206) -
compat/glib
: fix recursive call issue on CentOS-6/RHEL-6/platforms
(#3212) -
timeutils
: fix crash in%f
conversion when non-numeric character is in usec field (e.g. ".asd123")
(#3270)
Packaging
-
macOS
: add example startup configuration.
(#3172) -
rpm
: fix --without maxminddb optionIf maxminddb development package was installed on the build system: rpmbuild fails if
--without maxminddb
was used.
(#3208)
Notes to developers
-
light
: Support to relocate reports dir other than current base dirFor example
python -m pytest -lvs functional_tests/source_drivers/file_source/test_acceptance.py --installdir=/install --reports /tmp/
(#3157)
-
CONTRIBUTING.md
: contribution guide updated
(#3174) -
libtest
: Now we installconfig_parse_lib.h
,fake-time.h
,mock-cfg-parser.h
andqueue_utils_lib.h
which help unit testing outside of core.
(#3179) -
tests
: Wait until snmptrapd process able to write traps into output file
(#3185) -
mongodb
: Replaced the deprecatedget_server_status()
API withcommand_simple()
.This means, that
syslog-ng
can now be built with-Werror
on systems with 1.15libmongoc
.
(#3199) -
stats
: add external stats countersThere are situations when someone wants to expose internal variables through stats-api.
Without this changeset, we need two distinct variables: one is for the internal state, other is for the
stats registration (internal state cannot depends on the life cycle of theStatsCounterGroup
).
(#3225)
Other changes
-
afsnmp
: merge two existing SNMP modules (trapd-parser and destination) into one.Motivation: keep closely related modules together and decrease the number of small packages.
Packaging related changes:
libsnmptrapd-parser.so has been removed, both the snmp destination and the trapd parser are part of afsnmp.so .
- deb: we already had mod-snmp which shipped snmp-dest. From now, this packages installs the snmptrapd-parser syslog-ng module. The syslog-ng-mod-snmptrapd-parser package has been removed.
- rpm: snmpdest renamed to afsnmp and the snmptrapd-parser is installed by this package from now
(#3142)
-
dbld
: removeubuntu-cosmic
as it has reached EOL
(#3143) -
afsocket-source
: present the number of connections in statsIt helps in the debug process if we can see the number of source connections counted by syslog-ng internally.
(#3193)
Credits
syslog-ng is developed as a community project, and as such it relies
on volunteers, to do the work necessarily to produce syslog-ng.
Reporting bugs, testing changes, writing code or simply providing
feedback are all important contributions, so please if you are a user
of syslog-ng, contribute.
We would like to thank the following people for their contribution:
Airbus Commercial Aircraft, Andras Mitzki, Antal Nemes, Attila Szakacs, Balazs Scheidler, Gabor Nagy, Kokan, Laszlo Budai, Laszlo Szemere, László Várady, Mehul Prajapati, Roberto Meléndez, Stephan Marwedel, Steven Haigh, Peter Czanik, Thomas De Schampheleire, Vatsal Sisodiya, Vivin Peris