Chat now with support
Chat mit Support

syslog-ng Premium Edition 7.0.18 - Release Notes

Deprecated features

The following is a list of features that are no longer supported starting with syslog-ng PE 7.0.18.

  • Version 7.0.14 and later does not support the Debian Wheezy and Ubuntu 12.04 LTS (Precise Pangolin) platforms.

  • Since ElasticSearch version 1.x has reached its end of life, its support has been removed from syslog-ng PE. Use the elasticsearch2 destination instead.

Resolved issues

The following is a list of issues addressed in this release.

Table 2: General resolved issues in syslog-ng PE 7.0.18
Resolved Issue Issue ID

Configuration objects preceded by an inline destination are ignored

SYSLOGDEV-4975

The loggen tool does not run when installed from dot run installer into a custom directory

SYSLOGDEV-5001

Monitoring source does not set the log level correctly

SYSLOGDEV-5026

Memory leak during reading logstores

SYSLOGDEV-5036

http() destination ignores the frac-digits() global setting

SYSLOGDEV-5057

Table 3: General resolved issues in syslog-ng PE 7.0.17
Resolved Issue Issue ID

WEC: handle invalid UTF-16 characters gracefully

SYSLOGDEV-4182

Fix TID reinitialization mechanism in ALTP during restart

SYSLOGDEV-4333

splunk-hec(): Fix an error in handling indexed fields

SYSLOGDEV-4689

Fix persist structure during upgrade from PE version 6

SYSLOGDEV-4787

RPM upgrade overwrites WEC configuration

SYSLOGDEV-4812

Reliable disk queue corruption fixes

SYSLOGDEV-4826

ALTP ack_timeout fix

SYSLOGDEV-4835

WEC: forwarded logs have incorrect hostname

SYSLOGDEV-4847

OpenSSL upgraded to 1.0.2t

SYSLOGDEV-4981

OpenSSL upgraded to 1.1.0l on Ubuntu Bionic

SYSLOGDEV-4982

Table 4: General resolved issues in syslog-ng PE 7.0.16
Resolved Issue Issue ID

Crash in patterndb during context timeout

SYSLOGDEV-4945

Memory leak in dbparser

SYSLOGDEV-4925

OpenSSL upgraded to 1.1.0k on Bionic platform

SYSLOGDEV-4831

OpenSSL upgraded to 1.0.2s

SYSLOGDEV-4829

syslog-ng hangs under high load

SYSLOGDEV-4745

Incorrect numerical operators in filter statements

SYSLOGDEV-4785

Bad quotation in splunk-hec() destination prevents load-balancing working correctly

SYSLOGDEV-4794

http destination should give a warning if workers() is less than urls()

SYSLOGDEV-4929

geoip2 does not include IP address in the error messages

SYSLOGDEV-4928

Infinite loop during reload

SYSLOGDEV-4927

Improve error handling in --preprocess-into

SYSLOGDEV-4926

Reset timezone on configuration reload

SYSLOGDEV-4924

Flushing destination on reload is slow

SYSLOGDEV-4923

Wildcard filesource crashes

SYSLOGDEV-4922

Table 5: General resolved issues in syslog-ng PE 7.0.14
Resolved Issue Issue ID

Crash in network source with ALTP due to idle timer

SYSLOGDEV-4711

OpenSSL 1.0.2r upgrade

SYSLOGDEV-4742

http-destination stuck when reverting to old configuration

SYSLOGDEV-4747

syslog-ng segmentation fault on statistics query

SYSLOGDEV-4759

WEC: Adds list support to Windowsevent-parser

SYSLOGDEV-4789

Table 6: General resolved issues in syslog-ng PE 7.0.13
Resolved Issue Issue ID

Fix loggen parameters

SYSLOGDEV-4684

Fix seeking in logstore using lgstool cat command

SYSLOGDEV-4680

Empty disk queue truncate fix

SYSLOGDEV-4628

Memory leak during reload when using the app-parser

SYSLOGDEV-4564

Race condition during reload when using license-counter-reset

SYSLOGDEV-4540

Table 7: General resolved issues in syslog-ng PE 7.0.12
Resolved Issue Issue ID

non-reliable diskq: fixes false positive corruption detection

SYSLOGDEV-4674

Dqtool reported disk queue corrupted false positively

SYSLOGDEV-4407

Append $(basename) to filename template correctly

SYSLOGDEV-4673

SSL: Multiple ca-dir() related issues fixed

SYSLOGDEV-4669

Fix frequent disconnects of syslog() driver when using TLS

SYSLOGDEV-4667

OpenSSL upgraded to 1.0.2q

SYSLOGDEV-4650

File destination fd leak after reload when time-reap elapsed

SYSLOGDEV-4609

hdfs: fd leak during reload

SYSLOGDEV-4581

tls: Handle allow-compress correctly

SYSLOGDEV-4580

Socket leak when using udp destination with spoof-source enabled

SYSLOGDEV-4552

Differences in features between syslog-ng PE 6 LTS and 7

In general, syslog-ng Premium Edition version 7 has much more features than version 6 LTS, therefore One Identity recommends using version 7 for all deployments, except when a feature that you require is only available in version 6 LTS. In case you need help with migrating from version 6 LTS to 7, contact our Support Team for help. Also note that as an alternative to the syslog-ng Agent for Windows application, syslog-ng PE version 7 supports an agent-less solution to fetch log messages from Windows hosts.

Features available only in syslog-ng PE 6 LTS

The following features that are available in syslog-ng Premium Edition 6 LTS are not available in syslog-ng PE 7.

  • The SNMP destination (snmp()).

  • The SQL source (sql()).

  • The allow-compress(), ca-dir-layout(), and cert-subject() options related to TLS transport.

  • The syslog-ng PE 7 application is currently supported only on Linux platforms. For a detailed list, see "Supported platforms" in the Administration Guide.

  • The spoof-interface() options of the network() and syslog() destinations.

  • The read-old-records() and use-syslogng-pid() options of the file() source.

  • The replace(), cut(), and format-snare() template-functions.

  • The ${OSUPTIME} macro is not available.

  • When syslog-ng PE 6 started, its startup message included the hash of its configuration file. This has been removed from the startup messages.

  • Reading and writing log files located on network shares is not supported.

  • FIPS-compliant packages are not available.

Features that have been changed or replaced in syslog-ng PE 7

The following options and features have changed, and require you to modify your configuration file.

  • Configuring the size of disk-buffers has changed. Instead of log-disk-fifo-size(<size>), use the disk-buffer(disk-buf-size(<size>) reliable(no)) option. For details, see "Using the disk-buffer option and memory buffering" in the Administration Guide.

  • To store disk-buffer files in a specific folder, use the disk-buffer(dir("/your/diskbuffer/directory")) option. You cannot set this directory from the command-line, --qdisk-dir command-line option is not available.

  • The RLTP transport protocol has been renamed to ALTP, so you have to use transport(altp) instead of altp. Also, the message-acknowledgement-timeout() option has been deprecated and has no effect. For details, see "Reliability and minimizing the loss of log messages" in the Administration Guide.

  • Wildcard support has been removed from the file source driver and moved to the separate wildcard-file() source. Also, the force-directory-polling() option has been replaced with the monitor-method("poll") option. For details, see "wildcard-file: Collecting messages from multiple text files" in the Administration Guide.

  • The mark-mode("host-idle") option does not work. Remove it from your configuration.

  • Certain labels in the output of the syslog-ng-ctl stats command have been changed, for example, the "stored" counter has been renamed to "queued".

  • If you use the multi-line-prefix() or multi-line-garbage() options in your configuration, add also the multi-line-mode("regexp") option. Note that now the multi-line-prefix() and multi-line-garbage() options do not have a timeout.

  • When comparing values in filter expressions (for example, in a filter, conditional rewrite, lgstool), note that the '==' operator now works only on numerical values. To test if two strings are identical, use the eq operator. For example:

    filter f_host {"${HOST}" eq "localhost1234"};
  • Timequality fields in RFC5424-formatted log messages are not available (the timeQuality isSynced="0/1" tzKnown="0/1" SDATA fields are not available.

  • The file-related SDATA fields that were available for log messages that syslog-ng PE read from a file source (file@18372.4 position="34" size="34" name="/path/and/filename") are not available.

Platforms not supported in syslog-ng PE 7

The following platforms are supported only in syslog-ng Premium Edition 6 LTS.

  • AIX

  • FreeBSD

  • HP-UX

  • Oracle Linux 5, 6

  • openSUSE

  • Solaris

  • Windows

For a complete list of supported platforms, see "Supported platforms" in the Administration Guide.

Product licensing

To enable a trial license

  1. Apply for a trial license at the syslog-ng website.
  2. Download the license and the installation package for your platform, then follow the installation instructions in the Administration Guide.

To enable a purchased commercial license

  1. Download the license and the installation package for your platform, then follow the installation instructions in the Administration Guide.
Verwandte Dokumente