Syslog-ng
If you want to contribute, please read the rules for this wiki and if you have any questions, don't hesitate to contact the wiki team, we are more then willing to help you! :-)
syslog-ng intro
The syslog-ng application supports reliable and encrypted transport using TCP and TLS, and offers powerful message filtering, sorting, pre-processing and log normalization capabilities. Utilizing message parsing and classification, syslog-ng is able to correlate log messages both real-time and offline, making it especially suited to implement the artificial ignorance principle.
Syslog-ng is available in openSUSE since many years. For a long time it meant syslog-ng version 2.0.9, but recently newer versions of syslog-ng with added features reached openSUSE. This page summarizes the most important changes.
... openSUSE 11.2
We can call this the base line. Up to openSUSE 11.2, the included syslog-ng version was 2.0.9
openSUSE 11.3
openSUSE 11.3 has syslog-ng version 3.1.1, which is a new major version. Some of its new features like SSL and database support are not enabled due to /usr dependency. From the desktop users point of view, nothing is changed, logging works just as earlier. But under the hood many new features arrived for those willing to change the configuration file.
The following list is just a highlight of new features:
- NEWS from 2.0 to 3.0
* Version 3.0 of syslog-ng supports the new syslog protocol standards by the Internet Engineering Task Force (IETF). * Log statements can be embedded into each other, making it possible to design complex log paths. That way for example the results of a filter can be sent to multiple destinations, or it can be sent to a destination unchanged, and partly rewritten for the other destination. * The encoding of source files can be set for proper character conversion (internally syslog-ng represents every message in UTF-8). * The syslog-ng application assigns a unique message identification number to every log message, making it easy to detect if any messages are lost. * The syslog-ng application can read, process, and rewrite structured messages (e.g., Apache webserver logs) using templates and regular expressions. Both messages with fixed field sizes and fields separated with delimiters (e.g., comma-separated values) are supported.
- NEWS from 3.0 to 3.1
* Support for patterndb v2 and v3 format, along with a bunch to new parsers: ANYSTRING, IPv6, IPvANY and FLOAT. * Added a new "pdbtool" utility to manage patterndb files: convert them from v1 or v2 format, merge mulitple patterndb files into one and look up matching patterns given a specific message. * Support for message tags: tags can be assigned to log messages as they enter syslog-ng: either by the source driver or via patterndb. Later it these tags can be used for efficient filtering. * Added support for rewriting structured data. * Macros and name-value pairs got a little tighter integration, in filters where syslog-ng 3.0 was limited to only use name-value pairs, with 3.1 you can also use macros. * Enhanced dynamic name-value performance by a factor of three. * Some parsers got additional features: NUMBER is now able to parse hexadecimal numbers, ESTRING is now able to search for multiple characters as the end of the string. * Added non-standard and non-portable facility codes (range 10-15), decouple syslog-ng facility name information from the system used to compile syslog-ng on.
openSUSE 11.4
Factory has syslog-ng version 3.1.2, but Base:System is already at version 3.2.1 which brings modularization, many new features, SSL enabled, etc. Database support is pending, as it needs libdbi, which is still not in factory.