Mailinglist Archive: opensuse-factory (282 mails)

< Previous Next >
[opensuse-factory] RFC: syslog-ng 3.2 beta1
  • From: Peter Czanik <pczanik@xxxxxxxxxxxxxx>
  • Date: Wed, 20 Oct 2010 11:55:24 +0200
  • Message-id: <4CBEBC8C.5090700@xxxxxxxxxxxxxx>

Syslog-ng 3.2 beta1 was released over the weekend. It has many
interesting new features:

- modularized, so /usr is no more a problem
- patternize - automatic pattern generation from logs
- correlation - for more info see blogs
- SCL - a config library to ease configuration generation

For a complete list of changes, see the lead developers blog:
The final version of 3.2 will be released before openSUSE 11.4 feature
freeze, so I'd like to update syslog-ng to 3.2.

Questions / problems:

- it is not yet a final version. Can I push it to factory (once some
problems are solved), or I need to wait for the final release coming end
of November?

- for database support, libdbi is needed. Currently it is available only
in Contrib. Could it be imported to factory so database support could be

- I get one error and some warning messages regarding libraries. Could
someone take a closer look at them and help me out?

- AppArmor: there are some new files and directories, which is an easy
fix (see below). The problem is SCL, but also affects syslog-ng.conf, if
someone wants to call an external application as log source or
destination. I got some advice previously, but that did not help,
calling external apps still does not work, only when disabling AppArmor
completly. For now I don't use the new features from SCL to avoid this
problem, but would be nice, if we could demo some easy steps to modify
/etc/apparmor.d/sbin.syslog-ng than saying that if one needs to call
external apps, then should disable AppArmor...

A working but not yet perfect version of syslog-ng 3.2 beta1 is
available in the oBS:

- it has glib fixes for factory (thanks go to
- ssl is enabled
- no database support yet (libdbi is in contrib)
- system() from SCL is not yet used due to AppArmor troubles
- AppArmor needs some manual editing:
--- sbin.syslog-ng.orig 2010-07-05 13:21:25.000000000 +0200
+++ sbin.syslog-ng 2010-09-29 10:09:51.001748203 +0200
@@ -36,9 +36,10 @@
/etc/hosts.deny r,
/etc/hosts.allow r,
/sbin/syslog-ng mr,
+ /usr/share/syslog-ng/** r,
# chrooted applications
@{CHROOT_BASE}/var/lib/*/dev/log w,
- @{CHROOT_BASE}/var/lib/syslog-ng/syslog-ng.persist rw,
+ @{CHROOT_BASE}/var/lib/syslog-ng/syslog-ng.persist* rw,
@{CHROOT_BASE}/var/log/** w,
@{CHROOT_BASE}/var/run/ krw,
@{CHROOT_BASE}/var/run/syslog-ng.ctl rw,

Please give it a try, let me know if you have any problems or fixes (sr
:-) )!

Peter Czanik (CzP) <czanik@xxxxxxxxxx>
BalaBit IT Security / syslog-ng upstream

To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups