-
elasticsearch-datastream()destinations can be used to feed Elasticsearch data streams.Example config:
elasticsearch-datastream( url("https://elastic-endpoint:9200/my-data-stream/_bulk") user("elastic") password("ba3DI8u5qX61We7EP748V8RZ") );(#5069)
-
building: thanks to Sergey Fedorov (@barracuda156) and Marius Schamschula (@Schamschula), macOS builds now support gcc again. They also updated the MacPort version of syslog-ng (develop). Great work, and thank you so much for your contribution! (#5108)
-
tls(): expose the key fingerprint of the peer in${.tls.x509_fp}iftrusted-keys()is used to retain the actual peer identity in the received messages. (#5068) -
syslog-parser: Added theno-piggyback-errorsand thepiggyback-errorsflags to control whether the message retains the original message or not on parse error(s). By default the old behaviour/piggyback-errorsflag is active.no-piggyback-errors: On failure, the original message will be left as it was before parsing, the value of$MSGFORMATwill be set tosyslog-error, and a tag will be placed on the message corresponding to the parser's failure.piggyback-errors: On failure, the old behaviour is used (clearing the entire message then syslog-ng will generate a new message in place of the old one describing the parser's error).
The following new tags can be added by the
syslog-parserto the message when the parsing failed:syslog.rfc5424_missing_hostnamesyslog.rfc5424_missing_app_namesyslog.rfc5424_missing_procidsyslog.rfc5424_missing_msgidsyslog.rfc5424_missing_sdatasyslog.rfc5424_invalid_sdatasyslog.rfc5424_missing_message(#5063)
-
syslog-ng-ctl: fix escaping ofstats prometheusMetric labels (for example, the ones produced by
metrics-probe()) may contain control characters, invalid UTF-8 or\characters. In those specific rare cases, the escaping of thestats prometheusoutput was incorrect. (#5046) -
wildcard-file(): fix crashes can occure if the same wildcard file is used in multiple sourcesBecause of some persistent name construction and validation bugs the following config crashed
syslog-ng(if there were more than one log file is in the/pathfolder)@version: current @include "scl.conf" source s_files1 { file("/path/*.log" persist-name("p1") ); }; source s_files2 { file("/path/*.log" persist-name("p2") ); }; destination s_stdout { stdout(); }; log { source(s_files1); destination(s_stdout); }; log { source(s_files2); destination(s_stdout); };NOTE:
- The issue occurred regardless of the presence of the
persist-name()option. - It affected not only the simplified example of the legacy wildcard
file()but also the newwildcard-file()source. (#5091)
- The issue occurred regardless of the presence of the
-
syslog-ng-ctl: fix crash of syslog-ng service in g_hash_table lookup function aftersyslog-ng-ctl reload(#5087) -
file(),stdout(): fix log sources getting stuckDue to an acknowledgment bug in the
file()andstdout()destinations, sources routed to those destinations may have gotten stuck as they were flow-controlled incorrectly.This issue occured only in extremely rare cases with regular files, but it occured frequently with
/dev/stderrand other slow pseudo-devices. (#5134) -
directory-monitor: fixed a main thread assertion crash that might have occurred during syslog-ng stop or restart (#5086) -
Config @version: fixed compat-mode inconsistencies when@versionwas not specified at the top of the configuration file or was not specified at all (#5145) -
grpc: Fix potential memoryleak when the grpc module is loaded but not used. (#5062) -
s3(): Eliminated indefinite memory usage increase for each reload.The increased memory usage is caused by the
botocorelibrary, which caches the session information. We only need the Session object, ifrole()is set. The increased memory usage still happens with that set, currently we only fixed the unset case. (#5149) -
opentelemetry()sources: fix crash whenworkers()is set to> 1(#5138) -
opentelemetry()sources: fix source hang-up on flow-controlled paths (#5148) -
metrics-probe(): fix disappearing metrics fromstats prometheusoutputmetrics-probe()metrics became orphaned and disappeared from thesyslog-ng-ctl stats prometheusoutput whenever an ivykis worker stopped (after 10 seconds of inactivity). (#5075) -
affile: Fix an invalidlseekcall mainly on thepipe()source, but also possible if using affile on pipe like files (pipe, socket and FIFO). (#5058)
-
format-json: spaces around=in$(format-json)template function could cause a crash. The fix of the issue also introduced an enhancement, from now on spaces are allowed around the=operator, so the following$(format-json)template function calls are all valid:$(format-json foo =alma) $(format-json foo= alma) $(format-json foo = alma) $(format-json foo=\" alma \") $(format-json foo= \" alma \") $(format-json foo1= alma foo2 =korte foo3 = szilva foo4 = \" meggy \" foo5=\"\")Please note the usage of the escaped strings like
\" meggy \", and the (escaped and) quoted form that used for an empty value\"\", the latter is a breaking change as earlier an expression likekey=led to a json key-value pair with an empty value{"key":""}that will not work anymore. (#5080) -
building: fixed multiple potentional FreeBSD build errors (#5099) -
docker: Changed the container image's base to debian:bookworm. (#5056)
syslog-ng is developed as a community project, and as such it relies on volunteers, to do the work necessarily to produce syslog-ng.
Reporting bugs, testing changes, writing code or simply providing feedback are all important contributions, so please if you are a user of syslog-ng, contribute.
We would like to thank the following people for their contribution:
Andras Mitzki, Attila Szakacs, Balazs Scheidler, Hofi, Kovács Gergő Ferenc, László Várady, Mate Ory, Peter Czanik (CzP), Sergey Fedorov, Marius Schamschula, Szilard Parrag, Tamas Pal, shifter