Neuigkeiten, News, Aktuelles

BalaBit syslog-ng Premium Edition 4 (24.02.2011 )

Version 4.0 of BalaBit syslog-ng Premium Edition veröffentlicht

Version 4.0 der BalaBit syslog-ng Premium Edition wurde veröffentlicht

Unterstützte Plattformen

Version 3.1 von syslog-ng Premium Edition fügte den Support für verschiedene Plattformen hinzu; weitere Plattformen wurden in 4.0 hinzugefügt. Verglichen mit syslog-ng Premium Edition 3.0 wird Version 4.0 Support für folgende neue Plattformen bieten:

  • Solaris 9 auf x86 (3.1)
  • Solaris 8, 9, 10 auf sparc64 (4.0)
  • Tru64 5.1b auf Alpha (3.1)
  • HP-UX 11v2 auf Itanium64 (3.1)
  • Legacy Linux Systeme inkl. RedHat Enterprise Linux 2 (i386) & RedHat Enterprise Linux 3 (amd64) (3.1)
  • Debian sarge auf x86 and x86_64. (3.1)
  • AIX 6.1 auf POWER (4.0)
  • RHEL 6beta i386/x86_64 (4.0)
  • FreeBSD 8.x i386/x86_64 (4.0)
  • FreeBSD 7.x i386/x86_64 (4.0)

Verbesserungen bei Performance & Skalierbarkeit

Das syslog-ng logstore Backend wurde in syslog-ng PE 3.2 angepasst, um auf verschiedenen CPU zu laufen. Dadurch wurde die Speicherungs-Performance der Log-Meldungen in logstore Dateien um etwa 100% gesteigert. Abhängig von der CPU, Festplatte und Durchsatzverhalten ist syslog-ng Premium Edition in der Lage, etwa 110.000 Meldungen pro Sekunde im anhaltenden Log Verkehr zu verarbeiten.

Die Performance bem logging in plain text Dateien nahm um etwa 10% zu.

Verbesserungen bei der Zuverlässigkeit

Reliability in unexpected situations was a major focus during the development of syslog-ng Premium Edition 3.2: numerous advancements were implemented and included in the LTS release 4.

Logstore and disk queue files gained journaling support, which means that even if syslog-ng crashes, these files remain in consistent state, ready to be used again when syslog-ng Premium Edition is automatically restarted.

The tracking of persistent state of syslog-ng Premium Edition has also been improved: even if syslog-ng crashes, the current file position of tracked file sources is recorded and syslog-ng Premium Edition will continue reading messages from this location.

Network outages are better handled by the introduction of the client side failover support, which causes syslog-ng Premium Edition clients to send messages to an alternative server if the primary logserver becomes unaccessible.

Multi-line messages

Certain applications (Apache Tomcat for example) produce log files with log messages spanning several lines. Version 3.2 of syslog-ng PE supports these message formats by grouping related lines into a single message, making log processing easier and more effective.

Andere Verbesserungen

  • Support for the pattern database v3 format and additional parsers
  • A new utility called pdbtool to manage patterndb files
  • New message counters were introduced on stats_level(3): per-host, per-source, per-destination, per-tag, per-rule-id, per-class, per-facility, per-severity)
  • Encryption algorithms and timestamp parameters became customizable options for the logstore destination.
  • SQL destination improvements
  • The syslog-ng-ctl command was introduced to query the message counters
  • Support for some non-standard message formats (for example, Cisco IOS messages) was improved.

Zurück