NEWS

3.5.6
        Mon,  4 Aug 2014 13:39:42 +0200

        This is the sixth bug-fix release for the 3.5.x series.
        Upgrading from earlier versions is highly recommended, as the
        changes in this release are very small, yet, also very
        important for most platforms and workloads.

        Bugfixes
        ========

        * A major memory leak was fixed in the value-pairs framework,
          which affects $(format-json), MongoDB, AMQP and more. The
          leak was supposed to be fixed in 3.5.5, but due to a merging
          mistake, it was missed.

        * The configure script now detects Linux capabilities
          properly, there is no need to use --disable-linux-caps on
          non-Linux platforms anymore.

        * The pdbtool merge command will now generate version 4
          patterndb files, instead of version 3.

        Credits
        =======

        syslog-ng is developed as a community project, and as such it relies
        on volunteers to do the work necessary to produce syslog-ng.

        Reporting bugs, testing changes, writing code or simply providing
        feedback are all important contributions, so please if you are a
        user of syslog-ng, contribute.

        These people have helped in this release:

        Fabien Wernli
        Gergely Nagy
        Peter Czanik

3.5.5
        Mon, 21 Jul 2014 17:00:00 +0200

        This is the fifth bug-fix release for the 3.5.x series.
        Starting with this release, the 3.5 branch replaces 3.4 as the
        current "stable" version. Upgrading from earlier versions -
        and especially earlier branches - is highly recommended.

        New features
        ============

        * The facility() filter now supports ranges, allowing one to
          capture a range of facilities: facility(local0..local6).

        * The $(format-json) template function now supports SEQNUM.

        * The upstart script in contrib has been improved to allow the
          user to override certain settings (such as the configuration
          file, and the pidfile), and allow extra options to be
          specified.

        Bugfixes
        ========

        * Major memory leaks have been fixed in various parts of
          syslog-ng, including but not limited to network and file
          destinations and sources, value-pairs (thus affecting
          mongodb, $(format-json), and others), template handling and
          rewrite rules.

          Some of these leaks only happened during reload, some
          leaked on every message. They have now been plugged.

        * The value-pairs framework has seen a lot of updates, too:

          - It now honors time zone settings, so everything that uses
            value-pairs, will correctly take time zone settings into
            account.

          - Using globs in the key() option of value pairs will now
            also search macros for matches (thus key("D*") will match
            DATE too).

          - The syslog-proto (RFC5424) scope now correctly includes
            SDATA.

          - A bug that resulted in hierarchical elements being
            misparsed and made to appear in random places have been
            fixed.

        * The body() and subject() options of the SMTP destinations
          are now mandatory, and a double-free was also fixed in the
          driver.

        * Minor fixes were made to the $(env) template function, so
          that when looking up an empty environment variable, we will
          no longer trigger a glib warning. A misleading error message
          was also corrected.

        * The pdbtool patternize tool will now output version 4 PDB
          XML.

        * The configure script will not try to configure the AMQP
          module if no suitable version of python is installed. This
          avoids a difficult to diagnose error message during
          compilation.

        Developer news
        ==============

        * When compiled with internal ivykis, we will now install its
          headers too, along with our own. This is to make it easier
          for the Incubator to be compiled against a syslog-ng with
          embedded ivykis.

        * Plugin symbols are now loaded differently, in a way that
          lets plugins load further plugins, and use already loaded
          symbols. This is required for the various scripting
          destinations in the Incubator.

        * Starting with this release, we are installing the testing
          helpers as a convenience library (available under the
          syslog-ng-test pkg-config module). This allows third party
          projects to use our helpers.

        Credits
        =======

        syslog-ng is developed as a community project, and as such it relies
        on volunteers to do the work necessary to produce syslog-ng.

        Reporting bugs, testing changes, writing code or simply providing
        feedback are all important contributions, so please if you are a
        user of syslog-ng, contribute.

        These people have helped in this release:

        Balazs Scheidler <bazsi@balabit.hu>
        Daniel Gados
        Fabien Wernli
        Gergely Nagy <algernon@balabit.hu>
        Laszlo Budai <lbudai@balabit.hu>
        Laszlo Meszaros <lmesz@balabit.hu>
        Nick Alcock <nix@esperi.org.uk>
        Peter Czanik <czanik@balabit.hu>
        Peter Gyongyosi <gyp@balabit.hu>
        Sebastien Badia <seb@sebian.fr>
        Tibor Benke <tibor.benke@balabit.com>
        Viktor Juhasz <viktor.juhasz@balabit.com>
        Viktor Tusa <tusa@balabit.hu>
        Xufeng Zhang <xufeng.zhang@windriver.com>
        Zoltan Pallagi <pzolee@balabit.hu>

3.5.4.1
        Thu, 13 Mar 2014 10:46:07 +0100

        This is the fourth bug-fix release for the 3.5.x series, with
        a single fix for 32-bit platforms. Upgrading to this version
        is highly recommended for people using 32-bit platforms,
        others are not affected.

        Bugfixes
        ========

        * The basic template functions (substr, +, -, etc) were fixed
          to work correctly on 32-bit platforms, following up on a
          previous change that changed how numbers are parsed.

        Credits
        =======

        syslog-ng is developed as a community project, and as such it relies
        on volunteers to do the work necessary to produce syslog-ng.

        Reporting bugs, testing changes, writing code or simply providing
        feedback are all important contributions, so please if you are a
        user of syslog-ng, contribute.

        These people have helped in this release:

        Gergely Nagy <algernon@balabit.hu>
        Peter Czanik <czanik@balabit.hu>

3.5.4
        Wed, 12 Mar 2014 13:18:36 +0100

        This is the third bug-fix release for the 3.5.x series, with a
        number of important improvements over the previous release.
        Upgrading to this version is highly recommended.

        Bugfixes
        ========

        * The value-pairs code had a serious bug, where under some
          circumstances (depending on compiler, platform and
          optimisation flags), it could end up in a live-lock, where
          the only way out was to forcibly kill the syslog-ng process.

        * SDATA enterprise IDs are handled better when using
          value-pairs (MongoDB, $(format-json), etc): the enterprise
          id is kept together, the possibly dotted numeric ID is not
          split into sub-structures anymore.

        * json-parser() can now be used from multiple log paths
          without crashing the syslog-ng process.

        * Options that can take a unit-suffixed number now work
          correctly on 32-bit big-endian platforms.

        * Using some time-related macros (like R_SEC) in filters do
          not crash syslog-ng anymore.

        * The internal copy of libmongo-client was updated to version
          0.1.7.1, which fixes an important bug in the safe mode
          handling code.

        * The system() source learned to recognise FreeBSD jails, and
          will not use /dev/klog when running inside one.

        * The host() and port() options of the MongoDB destination
          have been marked obsolete (which were documented as such,
          but the code didn't follow).

        * The username() and password() options are now mandatory for
          the AMQP destination, and syslog-ng raises an error if
          either of them is unset. This is because the destination
          does not work without them anyway.

        * The timezone file parser now supports Tzif3 formatted files too.

        * The $(geoip) template function handles failed look-ups
          gracefully: it expands to an empty string then, and does not
          print a warning anymore.

        * The source code was updated to work with bison 3 and later
          (only affects people compiling from git, or rebuilding
          grammar files).

        * The syslog-ng pkg-config file now has an scldir and a
          datarootdir variable too, to help third-party packages.

        Credits
        =======

        syslog-ng is developed as a community project, and as such it relies
        on volunteers to do the work necessary to produce syslog-ng.

        Reporting bugs, testing changes, writing code or simply providing
        feedback are all important contributions, so please if you are a
        user of syslog-ng, contribute.

        These people have helped in this release:

        Andras Mitzki <micek@balabit.hu>
        Andres Tamayo <Andres.Tamayo@viasat.com>
        Balazs Scheidler <bazsi@balabit.hu>
        Daniel Gados <gdani@balabit.hu>
        Evan Rempel <erempel@uvic.ca>
        Fabien Wernli <bugzilla.balabit@faxm0dem.org>
        Gergely Nagy <algernon@balabit.hu>
        Igor Ippolitov <iippolitov@gmail.com>
        Peter Czanik <czanik@balabit.hu>
        Steve Berryman <steve@berryman.org.uk>
        Tibor Benke <btibi@balabit.hu>
        Viktor Tusa <tusa@balabit.hu>

3.5.3
        Tue, 24 Dec 2013 19:53:05 +0100

        This is the second bug-fix release for the 3.5.x series, with
        a number of important changes over the previous release.
        Upgrading to this version is highly recommended.

        Bugfixes
        ========

        * Node flag propagation has been fixed, so flags(final) works
          the same as it did in 3.3, when embedded log statements are
          used too.

        * Improvements were made to the build system, to make it more
          reliable when building in parallel.

        * Using the value-pairs() framework, either via the
          $(format-json) template function or any of the destinations
          that make use of it, will now correctly skip and ignore
          empty values, even in SDATA.

        * The configure script will correctly detect newer versions of
          json-c too, without compatibility symlinks being present.

        * A file descriptor and memory leak has been fixed in the
          syslog() destination.

        * The pdbtool program will warn in test mode when a test
          message has no program attribute. [BugZilla #263]

        * If the PID property is overwritten, syslog-ng will now stop
          using the cached MSGHDR value, and therefore, use the newly
          set PID instead, as it was supposed to.

        * The localport() option of various network destinations has
          been restored, and will work correctly now. [BugZilla #266]

        * The upstart service file in contrib has been updated to use
          a different process mode (background), as we do not need a
          supervisor when running under upstart. This also means that
          upstart will be far less confused.

        * Manual pages are now always included in the tarball.

        Credits
        =======

        syslog-ng is developed as a community project, and as such it relies
        on volunteers to do the work necessary to produce syslog-ng.

        Reporting bugs, testing changes, writing code or simply providing
        feedback are all important contributions, so please if you are a
        user of syslog-ng, contribute.

        These people have helped in this release:

        Andras Mitzki <micek@balabit.hu>
        Balazs Scheidler <bazsi@balabit.hu>
        Chris Johnson <chris.johnson3@hp.com>
        Fabien Wernli <cpan@faxm0dem.org>
        Gergely Nagy <algernon@balabit.hu>
        Lucas McLane <lucas@clicksecurity.com>
        Peter Czanik <czanik@balabit.hu>
        Sebastiaan Hoogeveen <zebaz@xs4all.nl>
        Tobias Schwab <tobias.schwab@dynport.de>

3.5.2
        Fri, 29 Nov 2013 17:09:40 +0100

        This is the first bug-fix release for the 3.5.x series, with a
        number of significant fixes over the original 3.5.1 release.
        Upgrading to this release is highly recommended.

        Bugfixes
        ========

        * The system() source has been fixed on Solaris and HP-UX: it
          correctly recognises the system on Solaris, and uses
          /dev/log (and not /dev/pipe) on HP-UX.

        * The system() source has much stricter requirements to select
          /dev/kmsg on Linux, so it won't choose it over /proc/kmsg
          unless the kernel really does support it.

        * The syslog-format() module has been fixed to only set the
          PROGRAM to "kernel" if all of the previous conditions apply,
          and the message is a local message.

        * The linux-kmsg-format parser (and system() on Linux 3.5+ as
          a consequence) will correctly calculate the timestamp of
          kernel messages on 32-bit systems now.

        * The sun-streams() source has been fixed, it compiles and
          works again.

        * A very rare and short race condition has been fixed in the
          pipe() source and destination modules, which could leave the
          pipe available with elevated permissions for a short time.

        * The SQL, MongoDB and SMTP modules were fixed to not cause a
          segmentation fault when loaded before the socket module.

        * A crash was fixed in the no-tls build of the socket
          destination driver.

        * It is now possible to specify the host() and port()
          parameters for the redis() destination.

        * Various stability fixes, such as:
          - A use-after-free condition was corrected in the queue
            backlog acknowledgement code.
          - Always use setsid() when detaching, even if we're not
            detaching from a TTY.
          - Memory leaks were fixed in the persist state handling
            code.
          - Changing stats-level() and reloading syslog-ng produced a
            crash, which has been fixed.

        Credits:
        ========

        syslog-ng is developed as a community project, and as such it relies
        on volunteers to do the work necessary to produce syslog-ng.

        Reporting bugs, testing changes, writing code or simply providing
        feedback are all important contributions, so please if you are a
        user of syslog-ng, contribute.

        These people have helped in this release:

        Alexandre Lecuyer
        Balazs Scheidler <bazsi@balabit.hu>
        Daniel Gados <gdani@balabit.hu>
        Gergely Nagy <algernon@balabit.hu>
        Howard Tsai <htsai@skytap.com>
        Imre Lazar <imre@balabit.hu>
        Jakub Wilk <jwilk@debian.org>
        Laszlo Budai <lbudai@balabit.hu>
        Martin Bagge / brother <brother@bsnet.se>
        Matyas Koszik <koszik@atw.hu>
        Oscar Muñoz
        Otto Berger <otto@bergerdata.de>
        Viktor Juhasz <jviktor@balabit.hu>
        Viktor Tusa <tusa@balabit.hu>

3.5.1
        Mon,  4 Nov 2013 14:49:00 +0100

        This is the first stable release in the 3.5 series, adding a
        number of features compared to 3.4, a result of about eight
        months of development. This release includes all the fixes of
        the recent 3.4.5 release, and a host of new features.

        Bugfixes since 3.5.0rc1
        =======================

        * A race condition in log message reference counting code that
          sometimes led to crashes was fixed. [#255]

        * A use-after-free error that sometimes happened after a
          reload, and caused memory corruption was also fixed. [#253]

        * patterndb was corrected not to create a new instance on
          reload: this way, the old one is not leaked, and db-parser()
          does not forget the correlation state, nor its idea of
          current time on reload. [#257]

        * The syslog-ng.spec file does not try to install the
          long-removed ChangeLog file anymore.

        Incompatible changes
        ====================

        * Template escaping was changed in an incompatible way:
          previously, both the lexer and the template compiler used
          the '\' character for escaping, which was confusing. The
          template compiler uses '$$' to escape the '$' char, and '@@'
          to escape '@'.

          If a non-numeric value follows '@', a warning will be
          printed.

        * The replace() transformation function of value-pairs() was
          renamed to replace-prefix() to better reflect what it
          actually does. The old name remains as an obsolete alias,
          however.

        * The username() and password() options of the MongoDB
          destination were removed, they never did anything before,
          either.

        Major features since 3.4
        ========================

        Multi-line support
        ------------------

        A major feature in the 3.5 release is the inclusion of support
        for multi-line messages, a feature that has been available in
        syslog-ng PE for a good while.

        With this, both indented and regexp-based multi-line support
        becomes available. For further information and examples, see
        the following blog post:
          http://asylum.madhouse-project.org/blog/2013/09/05/what-is-cooking-in-syslog-ng-3.5/#f:multiline

        STOMP destination
        -----------------

        Joining the message-queue club, this new destination makes
        syslog-ng able to send events to any STOMP-capable message
        queuing server, such as Apache ActiveMQ.

        For further information about the destination, see this commit
        message:
          https://github.com/balabit/syslog-ng-3.5/commit/82d19a4d4ad3f91e8214006f6ea7a47baabf48ef

        Redis destination
        -----------------

        Developed during the Google Summer of Code 2013 program, this
        destination driver makes it possible to easily send commands
        to a Redis server.

        For further information and examples, please see the following
        blog post:
         http://tichygsoc.blogspot.hu/2013/09/the-road-so-far.html

        Template type hinting
        ---------------------

        While syslog-ng supported sending events to various datastores
        and queues for a while now (SQL first, MongoDB, JSON, and AMQP
        later), even if those supported other types of data, syslog-ng
        only ever sent strings.

        With template type hinting, it became possible to tell
        syslog-ng what type a certain template should be, so that the
        drivers can use that information in whatever way they see fit.

        This is currently implemented for the MongoDB driver and the
        $(format-json) template function only.

        For more information about type hinting and for examples, see
        the following post:
          http://asylum.madhouse-project.org/blog/2013/09/05/what-is-cooking-in-syslog-ng-3.5/#f:type-hinting

        Template options honored everywhere
        -----------------------------------

        Until this release, there were situations where template
        options were ignored, such as filter expressions that use the
        comparsion operators, regexp based substitutions, incoming
        templates for parsers, the new value rewrite rules, SMTP
        values, some of the new drivers (stomp, amqp), and patterndb
        context-id.

        These all honor the global template options now, and
        per-driver options such as frac-digits and local-time-zone are
        available for drivers which did not have them before, like
        MongoDB.

        Support for unit suffixes in the configuration
        ----------------------------------------------

        You no longer need to remember how many zeros to put after a
        big number in the syslog-ng configuration file, you can use
        unit suffixes, such as:

           log-fifo-size(2GiB)

        See the following post for more details:
          http://asylum.madhouse-project.org/blog/2013/09/05/what-is-cooking-in-syslog-ng-3.5/#f:unit-suffix

        The Incubator project
        ---------------------

        Alongside the 3.5.1 release, we are pleased to announce the
        existence of the syslog-ng incubator project, which hosts
        additional modules and tools not merged into syslog-ng proper.
        These serve both as examples and as a staging area, but also
        makes it easier to try out new modules without patching or
        upgrading your syslog-ng version.

        The project's homepage is:
          https://github.com/balabit/syslog-ng-incubator

        Other features
        ==============

        * in-list() filter: this new filter function allows one to
          easily implement file-based white- and blacklists with a
          simple syntax:

           filter f_white { in-list("/path/to/file", value("HOST")); };

        * A set of new string-related template functions are
          available: $(uppercase STRINGS...), $(lowercase STRINGS...)
          and $(replace-delimiter DELIMITERS NEW-DELIMITER TEXT).

          The first two do exactly what their names suggest, while the
          last one replaces all occurrences of any DELIMITERS within
          TEXT with the NEW-DELIMITER.

        * There is also a new $(env VARIABLE...) template function,
          which looks up the given variables in the environment. This
          is similar to using backticks in the configuration file,
          however the name of the environment variable with $(env) may
          contain macros too.

        * Support for Linux 3.5+'s /dev/kmsg was added, and the
          system() source will automatically detect whether to use it
          over /proc/kmsg.

        * For every correlated message in patterndb, the
          ${.classifier.context_id} property is automatically set to
          the context-id attribute of the matching rule.

        * The build system was completely redone, it is much faster,
          more reliable, and less verbose by default now.

        * Several systemd-related enhancements were made, including
          support for notification-based startup. This also means that
          when systemd support is compiled in, libsystemd-daemon
          becomes a new dependency.

        Known Bugs
        ==========

        * The afstreams module is broken, does not compile, and does
          not work. This will be corrected in a later maintenance
          release.

        Credits:
        ========

        syslog-ng is developed as a community project, and as such it relies
        on volunteers to do the work necessary to produce syslog-ng.

        Reporting bugs, testing changes, writing code or simply providing
        feedback are all important contributions, so please if you are a
        user of syslog-ng, contribute.

        These people have helped in this release:

        Alexandre Biancalana <biancalana@gmail.com>
        Andras Tim <tia@balabit.hu>
        Anton Koldaev <koldaevav@gmail.com>
        Attila M. Magyar <athos@balabit.hu>
        Attila Nagy <bra@fsn.hu>
        Attila Szalay <sasa@balabit.hu>
        Balazs Scheidler <bazsi@balabit.hu>
        Balint Kovacs <blint@balabit.hu>
        Chris Johnson <chris.johnson3@hp.com>
        Cy Schubert <Cy.Schubert@komquats.com>
        Evan Rempel <erempel@uvic.ca>
        Fabien Wernli <cpan@faxm0dem.org>
        Gergely Nagy <algernon@balabit.hu>
        Gonzalo Paniagua <gonzalo.paniagua+slng1@acquia.com>
        Jose Pedro Oliveira <jpo@di.uminho.pt>
        Laszlo Budai <lbudai@balabit.hu>
        Lucas McLane <lucas@clicksecurity.com>
        Marc Falzon <marc.falzon@cloudwatt.com>
        Martin <bmartin@lavabit.com>
        Michal Privoznik <miso.privoznik@gmail.com>
        Michael Sterrett <mr_bones_@gentoo.org>
        Nicolas Szalay <nico@rottenbytes.info>
        Oscar Muñoz
        Paul Dann <pdgiddie+balabit@gmail.com>
        Peter Czanik <czanik@balabit.hu>
        Peter Gyongyosi <gyp@balabit.hu>
        Robert Fekete <frobert@balabit.hu>
        Ryan Frederick
        Sergey Shuman
        Tamas Pal <folti@balabit.hu>
        Tibor Benke <btibi@balabit.hu>
        Tihamer Petrovics <tihameri@gmail.com>
        Valentijn Sessink <valentijn@sessink.nl>
        Viktor Juhasz <jviktor@balabit.hu>
        Viktor Tusa <tusa@balabit.hu>
        Vincent Brillault <spam@lerya.net>

3.5.0rc1
        Thu, 24 Oct 2013 10:48:51 +0200

        This is the first Release Candidate of the syslog-ng 3.5
        development branch, with stability and reliability
        improvements. Being a release candidate, this release should
        be very close to production ready.

        Bugfixes
        ========

        * The program() source and destination now properly terminates
          child processes on reload and shutdown.

        * The AMQP, SMTP, MongoDB, Redis and STOMP destinations now
          work correctly across reloads.

        * A rare race condition in the log message reference cache was
          corrected, fixing a crash.

        * The JSON parser now understands null-typed values, and
          ignores the whole key silently when it encounters one.

        * Using the subst() rewrite rule when the same source is
          present in multiple logpaths does not crash anymore.

        Miscellaneous
        =============

        * The autogen.sh script is included in the distributed
          tarball.

        Known Bugs
        ==========

        * The afstreams module is broken, does not compile, and does
          not work. This will be corrected before the final 3.5.1
          release.

        Credits:
        ========

        syslog-ng is developed as a community project, and as such it relies
        on volunteers to do the work necessary to produce syslog-ng.

        Reporting bugs, testing changes, writing code or simply providing
        feedback are all important contributions, so please if you are a
        user of syslog-ng, contribute.

        These people have helped in this release:

        Balazs Scheidler <bazsi@balabit.hu>
        Evan Rempel <erempel@uvic.ca>
        Gergely Nagy <algernon@balabit.hu>
        Jose Pedro Oliveira <jpo@di.uminho.pt>
        Michal Privoznik <miso.privoznik@gmail.com>
        Nicolas Szalay <nico@rottenbytes.info>
        Ryan Frederick

3.5.0beta3
        Fri, 11 Oct 2013 10:21:38 +0200

        This is the third BETA release of the syslog-ng 3.5
        development branch, with stability fixes and other
        enhancements. While running in production is still not
        advised, testing is most appreciated.

        Incompatible changes
        ====================

        Template escaping
        -----------------

        Template escaping was changed in an incompatible way:
        previously, both the lexer and the template compiler used the
        '\' character for escaping, which was confusing. The template
        compiler uses '$$' to escape the '$' char, and '@@' to escape
        '@'.

        If a non-numeric value follows '@', a warning will be printed.

        Bugfixes
        ========

        * syslog-ng should compile again on non-Linux platforms.

        * The flush() and fsync() options of the file destination were
          fixed, and they should work the same way now as they do in
          3.3 and 3.4.

        * The hiredis library should be detected on the default
          include paths, so one does not necessarily need to specify
          --with-libhiredis non non-Debian systems. Said option was
          also made to work.

        * A memory corruption was fixed in the @STRING@ parser of
          db-parser().

        * Excludes now work properly with value-pairs(), and they do
          not get ignored if the value to exclude is in the default
          set.

        Known Bugs
        ==========

        * The afstreams module is broken, does not compile, and does
          not work. This will be corrected before the final 3.5.1
          release.

        Credits:
        ========

        syslog-ng is developed as a community project, and as such it relies
        on volunteers to do the work necessary to produce syslog-ng.

        Reporting bugs, testing changes, writing code or simply providing
        feedback are all important contributions, so please if you are a
        user of syslog-ng, contribute.

        These people have helped in this release:

        Balazs Scheidler <bazsi@balabit.hu>
        Cy Schubert <Cy.Schubert@komquats.com>
        Evan Rempel <erempel@uvic.ca>
        Gergely Nagy <algernon@balabit.hu>
        Lucas McLane <lucas@clicksecurity.com>
        Oscar Muñoz
        Peter Czanik <czanik@balabit.hu>
        Sergey Shuman
        Viktor Juhasz <jviktor@balabit.hu>

3.5.0beta2
        Fri, 27 Sep 2013 10:06:52 +0200

        This is the second BETA release of the syslog-ng 3.5
        development branch, introducing new features and a handful of
        fixes since the last beta version. While running in production
        is still not advised, testing is most appreciated.

        Major Features
        ==============

        Redis destination
        -----------------

        Developed during the Google Summer of Code 2013 program, this
        destination driver makes it possible to easily send commands
        to a Redis server.

        For further information and examples, please see the following
        blog post:
         http://tichygsoc.blogspot.hu/2013/09/the-road-so-far.html

        Template type hinting
        ---------------------

        In 3.5.0beta1, type hinting was implemented for the MongoDB
        destination, with this release, it is also available for the
        $(format-json) template function.

        Template options honored everywhere
        -----------------------------------

        Until this release, there were situations where template
        options were ignored, such as filter expressions that use the
        comparsion operators, regexp based substitutions, incoming
        templates for parsers, the new value rewrite rules, SMTP
        values, some of the new drivers (stomp, amqp), and patterndb
        context-id.

        These all honor the global template options now, and
        per-driver options such as frac-digits and local-time-zone are
        available for drivers which did not have them before, like
        MongoDB.

        Bugfixes
        ========

        * The AMQP destination has been fixed, and using it does not
          lead to a crash anymore.

        * Several memory leaks in the STOMP destination have been
          fixed.

        * The --no-framing option of loggen has been fixed, and works
          as advertised now.

        * The in-list() filter ignores empty lines in its input file,
          to avoid matching on empty values.

        * Compilation on FreeBSD has been fixed.

        Credits:
        ========

        syslog-ng is developed as a community project, and as such it relies
        on volunteers to do the work necessary to produce syslog-ng.

        Reporting bugs, testing changes, writing code or simply providing
        feedback are all important contributions, so please if you are a
        user of syslog-ng, contribute.

        These people have helped in this release:

        Balazs Scheidler <bazsi@balabit.hu>
        Gergely Nagy <algernon@balabit.hu>
        Peter Czanik <czanik@balabit.hu>
        Tibor Benke <btibi@balabit.hu>
        Tihamer Petrovics <tihameri@gmail.com>
        Viktor Tusa <tusa@balabit.hu>

3.5.0beta1
        Thu, 19 Sep 2013 11:03:15 +0200

        This is a BETA release of the syslog-ng 3.5 development
        branch, with a lot of internal rework and even more new
        features included. Being a beta release, testing is most
        appreciated, but running it in production is not advised.

        The release contains all the fixes from the 3.4 branch, the
        changes below are relative to the 3.4.3 release.

        Major Features
        ==============

        Multi-line support
        ------------------

        A major feature in the 3.5 release is the inclusion of support
        for multi-line messages, a feature that has been available in
        syslog-ng PE for a good while.

        With this, both indented and regexp-based multi-line support
        becomes available. For further information and examples, see
        the following blog post:
          http://asylum.madhouse-project.org/blog/2013/09/05/what-is-cooking-in-syslog-ng-3.5/#f:multiline

        STOMP destination
        -----------------

        Joining the message-queue club, this new destination makes
        syslog-ng able to send events to any STOMP-capable message
        queuing server, such as Apache ActiveMQ.

        For further information about the destination, see this commit
        message:
          https://github.com/balabit/syslog-ng-3.5/commit/82d19a4d4ad3f91e8214006f6ea7a47baabf48ef

        Template type hinting
        ---------------------

        While syslog-ng supported sending events to various datastores
        and queues for a while now (SQL first, MongoDB, JSON, and AMQP
        later), even if those supported other types of data, syslog-ng
        only ever sent strings.

        With template type hinting, it became possible to tell
        syslog-ng what type a certain template should be, so that the
        drivers can use that information in whatever way they see fit.

        This is currently implemented for the MongoDB driver only.

        For more information about type hinting and for examples, see
        the following post:
          http://asylum.madhouse-project.org/blog/2013/09/05/what-is-cooking-in-syslog-ng-3.5/#f:type-hinting

        Other features
        ==============

        * in-list() filter: this new filter function allows one to
          easily implement file-based white- and blacklists with a
          simple syntax:

           filter f_white { in-list("/path/to/file", value("HOST")); };

        * You no longer need to remember how many zeros to put after a
          big number in the syslog-ng configuration file, you can use
          unit suffixes, such as:

           log-fifo-size(2GiB)

          See the following post for more details:
            http://asylum.madhouse-project.org/blog/2013/09/05/what-is-cooking-in-syslog-ng-3.5/#f:unit-suffix

        * A set of new string-related template functions are
          available: $(uppercase STRINGS...), $(lowercase STRINGS...)
          and $(replace-delimiter DELIMITERS NEW-DELIMITER TEXT).

          The first two do exactly what their names suggest, while the
          last one replaces all occurrences of any DELIMITERS within
          TEXT with the NEW-DELIMITER.

        * There is also a new $(env VARIABLE...) template function,
          which looks up the given variables in the environment. This is
          similar to using backticks in the configuration file, however the
          name of the environment variable with $(env) may contain macros
          too.

        * Support for Linux 3.5+'s /dev/kmsg was added, and the
          system() source will automatically detect whether to use it
          over /proc/kmsg.

        * For every correlated message in patterndb, the
          ${.classifier.context_id} property is automatically set to
          the context-id attribute of the matching rule.

        Incompatible changes
        ====================

        * The replace() transformation function of value-pairs() was
          renamed to replace-prefix() to better reflect what it
          actually does. The old name remains as an obsolete alias,
          however.

        * The username() and password() options of the MongoDB
          destination were removed, they never did anything before,
          either.

        Miscellaneous changes
        =====================

        * The build system was completely redone, it is much faster,
          more reliable, and less verbose by default now.

        * Several systemd-related enhancements were made, including
          support for notification-based startup. This also means that
          when systemd support is compiled in, libsystemd-daemon
          becomes a new dependency.

        Credits:
        ========

        syslog-ng is developed as a community project, and as such it relies
        on volunteers to do the work necessary to produce syslog-ng.

        Reporting bugs, testing changes, writing code or simply providing
        feedback are all important contributions, so please if you are a
        user of syslog-ng, contribute.

        These people have helped in this release:

        Andras Tim <tia@balabit.hu>
        Anton Koldaev <koldaevav@gmail.com>
        Attila M. Magyar <athos@balabit.hu>
        Attila Nagy <bra@fsn.hu>
        Attila Szalay <sasa@balabit.hu>
        Balazs Scheidler <bazsi@balabit.hu>
        Balint Kovacs <blint@balabit.hu>
        Chris Johnson <chris.johnson3@hp.com>
        Evan Rempel <erempel@uvic.ca>
        Fabien Wernli <cpan@faxm0dem.org>
        Gergely Nagy <algernon@balabit.hu>
        Juhasz Viktor <jviktor@balabit.hu>
        Laszlo Budai <lbudai@balabit.hu>
        Martin <bmartin@lavabit.com>
        Michael Sterrett <mr_bones_@gentoo.org>
        Michal Privoznik <miso.privoznik@gmail.com>
        Paul Dann <pdgiddie+balabit@gmail.com>
        Peter Czanik <czanik@balabit.hu>
        Peter Gyongyosi <gyp@balabit.hu>
        Robert Fekete <frobert@balabit.hu>
        Tamas Pal <folti@balabit.hu>
        Tibor Benke <btibi@balabit.hu>
        Valentijn Sessink <valentijn@sessink.nl>
        Viktor Tusa <tusa@balabit.hu>
        Vincent Brillault <spam@lerya.net>