- Release notes:
https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-3.38.1
- Update the configuration file to use version 4.0 as mentioned in the
release notes to try the latest changes
Fixes: CVE-2022-38725
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 34b7af9e08)
With heavy system logging which goes by default into `/var/log/messages`
log file which is usually placed in tmpfs/RAM one can trigger OOM killer
fairly easily, thus killing random processes and in some cases making
system unusable.
This is likely happening due to the fact, that Linux by default uses 1/2
of available RAM for tmpfs, which might be for example an issue on low
RAM devices with ath10k wireless.
So let's fix it by adding logrotate functionality which should limit the
size of `/var/log/messages` log file to 1M by default, but could be
tweaked by config knob if needed be.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 660fa63faf)
Also bump the version in syslog-ng config file.
Removes this warning:
Nov 16 14:19:41 turris syslog-ng[15159]: WARNING: Configuration file format is too old, syslog-ng is running in compatibility mode. Please update it to use the syslog-ng 3.35 format at your time of convenience. To upgrade the configuration, please review the warnings about incompatible changes printed by syslog-ng, and once completed change the @version header at the top of the configuration file; config-version='3.33'
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
- Release notes:
https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-3.33.1
- Bump version in config
It fixes:
WARNING: Configuration file format is too old, syslog-ng is running in compatibility mode. Please update it to use the syslog-ng 3.33 format at your time of convenience. To upgrade the configuration, please review the warnings about incompatible changes printed by syslog-ng, and once completed change the @version header at the top of the configuration file; config-version='3.31'
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
This fixes issues:
syslog-ng[3895]: WARNING: Configuration file format is too old, syslog-ng is running in compatibility mode. Please update it to use the syslog-ng 3.29 format at your time of convenience. To upgrade the configuration, please review the warnings about incompatible changes printed by syslog-ng, and once completed change the @version header at the top of the configuration file; config-version='3.26'
Fixes: 06f3ac21b4 ("syslog-ng: update to
version 3.29.1")
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Binding in default to IPv6 is preferable but it can be disabled in
kernel and that prevents syslog-ng to start. This setup should not be
that common but syslog is very important service and should survive
that.
This introduces new plugin defining source generator
`network_localhost`. This is used instead of original network source.
Signed-off-by: Karel Kočí <cynerd@email.cz>
Commit 44a16ca broke syslog-ng such that it no longer works with
logrotate, for example. Yes, you can manually stop and start the
service, but (1) you shouldn't have to and (2) it creates a window
where you potentially lose messages if the syslog UDP socket
overruns.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Initially we included user-specific settings last, so that they
could turn off or replace system settings... otherwise we only get
to change what's NOT explicitly set by the system. This is overly
constraining.
Restore the original functionality of allowing the user to
override settings defined by the distribution's configuration.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
- Bump version also in the config file
- Move logread to /sbin location instead of /usr/sbin
Because package logd in OpenWrt's ubox Makefile uses /sbin folder and LuCI has
the same path hardcoded in
modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json and using
different location results that LuCI is not able to load log data as it
is not found.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
- Bump version in the config and improve a link for documentation
- Disable snmp destination for now
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
This fixes service stop. Problem was that in default syslog-ng forks to
background which causes procd to loose track of it. It no longer has in
such case PID of syslog-ng process and is unable to stop it. This means
that instance for such process hangs in procd and also it is not
possible to stop it as daemon. Fix is simple. syslog-ng is now
instructed to run in foreground.
This commit also drops unnecessary reload section. In default reload
calls restart and restart in default is implemented as calling stop and
start. This means that effectively it is implemented same as in case of
this init reload service implementation.
Signed-off-by: Karel Kočí <karel.koci@nic.cz>
Makefile
- Changed URL
- Added LICENSE, CPE ID, more dependencies, postint and prerm scripts
- Enabled by default JSON and HTTP (would be good to split them in future
to sub-packages); Disabled java-modules, tcp wrapper
- Re-ordered CONFIGURE_ARGS as they occur when executing
- Resorted section: define Package/syslog-ng/install
syslog-ng.conf
- include scl.conf
- have a more specific one than upstream (they have it really simple)
- document it
Patch:
remove the unnecessary one
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Likewise fix default configuration to use SOCK_DGRAM and not SOCK_STREAM
as we currently do.
Add sha256 digest.
Rather than have the users replace syslog-ng.conf (which lately is
changing fairly frequently) and have them miss an important fix or
improvement, instead have them localize /etc/custom-logs.conf and
ship that as an empty file.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Install the plugins as various functionality is no longer in the
utility itself but is packaged as a .so plugin instead. Disable
plugins with too many dependencies (or too exotic).
Bump the version number on the config file to agree with the package's
version number.
Clean up any .la files from libtool.
Start much earlier so that logging doesn't miss startup messages from
other services.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>