Neuigkeiten, News, Aktuelles

BalaBit syslog-ng Premium Edition 4 (24.02.2011 )

Version 4.0 of BalaBit syslog-ng Premium Edition released

Version 4.0 of the BalaBit syslog-ng Premium Edition has been released

Supported platforms

Version 3.1 of syslog-ng Premium Edition added support for several new platforms; further platforms will be added in 4.0. Compared to syslog-ng Premium Edition 3.0, version 4.0 will support the following new platforms:

 

  • Solaris 9 on x86 (3.1)
  • Solaris 8, 9, 10 on sparc64 (4.0)
  • Tru64 5.1b on Alpha (3.1)
  • HP-UX 11v2 on Itanium64 (3.1)
  • Legacy Linux systems including RedHat Enterprise Linux 2 (i386) & RedHat Enterprise Linux 3 (amd64) (3.1)
  • Debian sarge on x86 and x86_64. (3.1)
  • AIX 6.1 on POWER (4.0)
  • RHEL 6beta i386/x86_64 (4.0)
  • FreeBSD 8.x i386/x86_64 (4.0)
  • FreeBSD 7.x i386/x86_64 (4.0)

 

Performance & scalability improvements

The syslog-ng logstore backend has been modified in syslog-ng PE 3.2 to run on a separate CPU, increasing the performance of storing log messages in logstore files by about 100%. Depending on the CPU, disk and traffic pattern, syslog-ng Premium Edition is capable of processing about 110000 messages/second sustained log traffic.

The performance of logging to plain text files also increased by about 10%.

Reliability improvements

Reliability in unexpected situations was a major focus during the development of syslog-ng Premium Edition 3.2: numerous advancements were implemented and will be included in the upcoming LTS release.

Logstore and disk queue files gained journaling support, which means that even if syslog-ng crashes, these files remain in consistent state, ready to be used again when syslog-ng Premium Edition is automatically restarted.

The tracking of persistent state of syslog-ng Premium Edition has also been improved: even if syslog-ng crashes, the current file position of tracked file sources is recorded and syslog-ng Premium Edition will continue reading messages from this location.

Network outages are better handled by the introduction of the client side failover support, which causes syslog-ng Premium Edition clients to send messages to an alternative server if the primary logserver becomes unaccessible.

Multi-line messages

Certain applications (Apache Tomcat for example) produce log files with log messages spanning several lines. Version 3.2 of syslog-ng PE supports these message formats by grouping related lines into a single message, making log processing easier and more effective.

Other improvements

 

  • Support for the pattern database v3 format and additional parsers
  • A new utility called pdbtool to manage patterndb files
  • New message counters were introduced on stats_level(3): per-host, per-source, per-destination, per-tag, per-rule-id, per-class, per-facility, per-severity)
  • Encryption algorithms and timestamp parameters became customizable options for the logstore destination.
  • SQL destination improvements
  • The syslog-ng-ctl command was introduced to query the message counters
  • Support for some non-standard message formats (for example, Cisco IOS messages) was improved.

Go back