Skip to main content

syslog-ng 3.1 status

Like I announced in one of my previous posts, towards the syslog-ng OSE 4.0 release I'm going to make smaller, short-term supported releases. The first of these, called syslog-ng 3.1 is nearing completion, and thus a status report is due.

Here's the original plan (quoting the roadmap page here):
  • support tags for syslog messages: each message can be marked with one or more tags, then apply filtering based on tags
  • patterndb: add tag support
  • patterndb: v2 database format support
  • patterndb: add parsers for IPv6 addresses and hex numbers
  • converge macros in templates and name-value pairs even more (right now it is not possible to use any macro in match())

I've just pushed out another set of updates to our git repository, which:
  • adds tag support: a new tags() filter and a tags() option for all sources and a builtin logic to assign the syslog-ng source name as a tag (in the format: .source.)
  • adds support for patterndb v2 and a newly introduced but compatible v3 format
  • adds "pdbtool" a new utility for managing patterndb files (not yet complete)
  • a couple of new parsers (IPv6, ANYSTRING, FLOAT)
The last item in the roadmap is not yet addressed, in fact I haven't even started it yet. I'm thinking about leaving that out altogether in order to have 3.1 released as soon as possible. If you have an opinion about that please don't hesitate to post it here on the mailing list.

If you are experimenting with patterndb you are advised to use the 3.1 branch as development happens here. Of course if we find something that affects our current stable 3.0, I'm backporting the fix, but since 3.0 is stable, I'm only backporting bugfixes and not new functionality.

If you are interested you can get the sources via git, or if you prefer a tarball, just drop me an email.
Labels:

Comments

Post a Comment

Popular posts from this blog

syslog-ng fun with performance

I like christmas for a number of reasons: in addition to the traditional "meet and have fun with your family", eat lots of delicious food and so on, I like it because this is the season of the year when I have some time to do whatever I feel like. This year I felt like doing some syslog-ng performance analysis. After reading Ulrich Deppert's series about stuff "What every programmer should know about memory" on LWN, I thought I'm more than prepared to improve syslog-ng performance. Before going any further, I'd recommend this reading to any programmer, it's a bit long but every second reading it is worth it. As you need to measure performance in order to improve it, I wrote a tool called "loggen". This program generates messages messages at a user-specifyable rate. Apart from the git repository you can get this tool from the latest syslog-ng snapshots. Loggen supports TCP, UDP and UNIX domain sockets, so really almost everything can be me
17 comments
Read more

syslog-ng roadmap 2.1 & 2.2

We had a meeting on the syslog-ng roadmap today where we decided some important things, and I thought I'd use this channel to tell you about it. The Open Source Edition will see a 2.1 release incorporating all core changes currently in the Premium Edition and additionally the SQL destination driver. We are going to start development on the 2.2 PE features, but some of those will also be incorporated in the open source version: support for the latest work of IETF syslog protocols unique sequence numbering for messages support for parsing message contents Previously syslog-ng followed the odd/even version numbering to denote development/stable releases. I'm going to abandon this numbering now: the next syslog-ng OSE release is going to have a 2.1 version number and will basically come out with tested code changes only. The current feature set in PE were developed in a closed manner and I don't want to repeat this mistake. The features that were decided to be part of the Open
12 comments
Read more

syslog-ng 3.0 and SNMP traps

Last time I've written about how syslog-ng is able to change message contents. I thought it'd be useful to give you a more practical example, instead of a generic description. It is quite common to convert SNMP traps to syslog messages. The easiest implementation is to run snmptrapd and have it create a log message based on the trap. There's a small issue though: snmptrapd uses the UNIX syslog() API, and as such it is not able to propagate the originating host of the SNMP trap to the hostname portion of the syslog message. This means that all traps are logged as messages coming from the host running snmptrapd, and the hostname information is part of the message payload. Of course it'd be much easier to process syslog messages, if this were not the case. A solution would be to patch snmptrapd to send complete syslog frames, but that would require changing snmptrapd source. The alternative is to use the new parse and rewrite features of syslog-ng 3.0. First, you need to f
2 comments
Read more