Hello,
Syslog-ng 3.2 beta1 was released over the weekend. It has many
interesting new features:
- modularized, so /usr is no more a problem
- patternize - automatic pattern generation from logs
- correlation - for more info see blogs
- SCL - a config library to ease configuration generation
For a complete list of changes, see the lead developers blog:
http://bazsi.blogs.balabit.com/2010/10/syslog-ng-ose-3-2beta1-released/
The final version of 3.2 will be released before openSUSE 11.4 feature
freeze, so I'd like to update syslog-ng to 3.2.
Questions / problems:
- it is not yet a final version. Can I push it to factory (once some
problems are solved), or I need to wait for the final release coming end
of November?
- for database support, libdbi is needed. Currently it is available only
in Contrib. Could it be imported to factory so database support could be
enabled?
- I get one error and some warning messages regarding libraries. Could
someone take a closer look at them and help me out?
- AppArmor: there are some new files and directories, which is an easy
fix (see below). The problem is SCL, but also affects syslog-ng.conf, if
someone wants to call an external application as log source or
destination. I got some advice previously, but that did not help,
calling external apps still does not work, only when disabling AppArmor
completly. For now I don't use the new features from SCL to avoid this
problem, but would be nice, if we could demo some easy steps to modify
/etc/apparmor.d/sbin.syslog-ng than saying that if one needs to call
external apps, then should disable AppArmor...
A working but not yet perfect version of syslog-ng 3.2 beta1 is
available in the oBS:
https://build.opensuse.org/package/show?package=syslog-ng32&project=home%3Aczanik%3Asyslog-ng32
- it has glib fixes for factory (thanks go to
cristian.rodriguez@opensuse.org)
- ssl is enabled
- no database support yet (libdbi is in contrib)
- system() from SCL is not yet used due to AppArmor troubles
- AppArmor needs some manual editing:
--- sbin.syslog-ng.orig 2010-07-05 13:21:25.000000000 +0200
+++ sbin.syslog-ng 2010-09-29 10:09:51.001748203 +0200
@@ -36,9 +36,10 @@
/etc/hosts.deny r,
/etc/hosts.allow r,
/sbin/syslog-ng mr,
+ /usr/share/syslog-ng/** r,
# chrooted applications
@{CHROOT_BASE}/var/lib/*/dev/log w,
- @{CHROOT_BASE}/var/lib/syslog-ng/syslog-ng.persist rw,
+ @{CHROOT_BASE}/var/lib/syslog-ng/syslog-ng.persist* rw,
@{CHROOT_BASE}/var/log/** w,
@{CHROOT_BASE}/var/run/syslog-ng.pid krw,
@{CHROOT_BASE}/var/run/syslog-ng.ctl rw,
Please give it a try, let me know if you have any problems or fixes (sr
:-) )!
Bye,
--
Peter Czanik (CzP)