Finally, a new syslog-ng release! As you can see from its version number, this is a bug fix release. It took a bit longer than expected, as we wanted to release it in sync with syslog-ng PE, the commercial variant of syslog-ng. 4.8.2 serves not just as the foundation of the new syslog-ng PE release, but also provides fixes to 4.8.1, which is included in major Linux distributions. This update ensures that all our recent bug fixes reach the majority of our users.

What’s new?

Version 4.8.1 introduced a backwards-incompatible fix in the format-json template function, which is used in the elasticsearch-http() destination and others. While we provided a workaround for this earlier, the drivers defined in the syslog-ng configuration library (SCL) are now updated in 4.8.2 to reflect the changes.

An S3 destination driver was also introduced earlier, but thorough testing revealed some reliability issues with it, which lead to its major refactor. As a result, the S3 destination driver code became a lot smaller and reliable, and its performance also improved considerably.

There is also a CVE fix for a low-severity issue that does not affect the default configuration. Previously, when using a wildcard syntax in the configuration file to specify the TLS certificate name, syslog-ng matched the wildcard too loosely, accepting more than the intended certificate name. If an attacker knew the original certificate name(s), they could exploit this by guessing the wildcard string used to match the correct certificate(s), and then creating fake certificates satisfying the guessed wildcard sting using g_pattern_match_simple(). However, as this exploit relied on insider information and did not lead to data loss or unintended privileged access, it was deemed low impact.

What’s next?

Although the development of syslog-ng slowed down a bit, it never stopped. Moreover, while working on 4.8.2, work also started on the next release. If you collect log messages from file, you will love the latest enhancements to the wildcard-file() source, which not only became faster, but also uses only a fraction of the resources now that it previously required. Linux support is clearly catching up to FreeBSD / MacOS… :-)

-

If you have questions or comments related to syslog-ng, do not hesitate to contact us. You can reach us by email or even chat with us. For a list of possibilities, check our GitHub page under the “Community” section at https://github.com/syslog-ng/syslog-ng. On Twitter, I am available as @PCzanik, on Mastodon as @Pczanik@fosstodon.org.

Related Content