BalaBit blog

GUARDING YOUR BUSINESS

RECENT POST

BalaBit Announces New Release of its syslog-ng Store Box™ Log Management Appliance

The turn-key appliance for log management helps meet compliance requirements ... [Read More]
The Shell Control Box 3 F3 Administrator Guide

Hi, We have published the latest edition of The Shell Control Box ... [Read More]
CEE prototype and a show-case for the new 3.4 features

You may remember the Lumberjack project I wrote ... [Read More]
<<
>>

What’s new in syslog-ng 3.X

Wednesday, February 1, 2012 @ 09:02 AM Author: Peter Czanik

Many syslog-ng users are in the process of upgrading from version 2.0 or even from more ancient versions to 3.X. The 2.0 version was very popular, as it was in the previous version of Debian, many versions of openSUSE and v2.0.9 is still the default logger in SLES, the Enterprise version of the SUSE Linux distribution. So recently we are often asked, what is new in the 3.X series.

As 1.X is really ancient, so I don’t write about it, even if I know, that the version installed in the largest number is v1.6, thanks to Kindle :-) Most people, who plan to upgrade or upgraded recently are coming from version 2.0, so the first version I’d like to mention is 2.1. As there were many little changes based on community feedback, I only highlight the major new features, and refer to the changelog files for details.

 

The highlights of v2.1 are:

  • Added support for suppressing duplicate messages.
  • Added support for SQL database (libdbi) destinations.

For more details, including all changes in the 2.1 series, check the changelog file at http://www.balabit.com/downloads/files?path=/syslog-ng/sources/2.1.4/changelog-en.txt

 

The highlights of v3.0 are:

  • Added support for the IETF syslog protocol (RFC5424).
  • Encrypted network connections
  • Embedded log statements
  • Character conversion
  • name-value pair support
  • rewrite rules
  • parsers (csv-parser and db-parser (=patterndb))

For more details, including all changes in the 3.0 series, check the changelog file at http://www.balabit.com/downloads/files?path=/syslog-ng/sources/3.0.10/changelog-en.txt

 

The highlights of v3.1 are:

  • support for patterndb v2 and v3 format (v3 is the current format without correlation features)
  • support for message tags
  • rewriting structured data
  • vast performance improvements in message manipulation.

For more details, including all changes in the 3.1 series, check the changelog file at http://www.balabit.com/downloads/files?path=/syslog-ng/sources/3.1.4/changelog-en.txt

 

The highlights of v3.2 are:

  • plugin based architecture
  • syslog-ng configuration library
  • reusable configuration snippets, similar to macros with parameters, named “blocks”
  • many patterndb improvements (v4), including correlation, patternize, automatic testing
  • the introduction of template functions
  • numeric operators in filters

For more details, including all changes in the 3.2 series, check the changelog file at http://www.balabit.com/downloads/files?path=/syslog-ng/sources/3.2.5/changelog-en.txt

 

The highlights of v3.3 are:

  • multi-core/CPU scaling: the new multi-threaded architecture allows syslog-ng to scale into the 800k msg/sec region.
  • MongoDB support
  • JSON output support
  • using the standard RFC allocated ports in the syslog() driver.

For more details, including all changes in the 3.3 series, check the changelog file at http://www.balabit.com/downloads/files?path=/syslog-ng/sources/3.3.4/changelog-en.txt

 

Tags: , ,
BalaBit blog
Posts (RSS) and Comments (RSS)