Tchater maintenant avec le support
Tchattez avec un ingénieur du support

syslog-ng Premium Edition 7.0.18 - Release Notes

Deprecated features

The following is a list of features that are no longer supported starting with syslog-ng PE 7.0.18.

  • Version 7.0.14 and later does not support the Debian Wheezy and Ubuntu 12.04 LTS (Precise Pangolin) platforms.

  • Since ElasticSearch version 1.x has reached its end of life, its support has been removed from syslog-ng PE. Use the elasticsearch2 destination instead.

Resolved issues

The following is a list of issues addressed in this release.

Table 2: General resolved issues in syslog-ng PE 7.0.18
Resolved Issue Issue ID

Configuration objects preceded by an inline destination are ignored


The loggen tool does not run when installed from dot run installer into a custom directory


Monitoring source does not set the log level correctly


Memory leak during reading logstores


http() destination ignores the frac-digits() global setting


Table 3: General resolved issues in syslog-ng PE 7.0.17
Resolved Issue Issue ID

WEC: handle invalid UTF-16 characters gracefully


Fix TID reinitialization mechanism in ALTP during restart


splunk-hec(): Fix an error in handling indexed fields


Fix persist structure during upgrade from PE version 6


RPM upgrade overwrites WEC configuration


Reliable disk queue corruption fixes


ALTP ack_timeout fix


WEC: forwarded logs have incorrect hostname


OpenSSL upgraded to 1.0.2t


OpenSSL upgraded to 1.1.0l on Ubuntu Bionic


Table 4: General resolved issues in syslog-ng PE 7.0.16
Resolved Issue Issue ID

Crash in patterndb during context timeout


Memory leak in dbparser


OpenSSL upgraded to 1.1.0k on Bionic platform


OpenSSL upgraded to 1.0.2s


syslog-ng hangs under high load


Incorrect numerical operators in filter statements


Bad quotation in splunk-hec() destination prevents load-balancing working correctly


http destination should give a warning if workers() is less than urls()


geoip2 does not include IP address in the error messages


Infinite loop during reload


Improve error handling in --preprocess-into


Reset timezone on configuration reload


Flushing destination on reload is slow


Wildcard filesource crashes


Table 5: General resolved issues in syslog-ng PE 7.0.14
Resolved Issue Issue ID

Crash in network source with ALTP due to idle timer


OpenSSL 1.0.2r upgrade


http-destination stuck when reverting to old configuration


syslog-ng segmentation fault on statistics query


WEC: Adds list support to Windowsevent-parser


Table 6: General resolved issues in syslog-ng PE 7.0.13
Resolved Issue Issue ID

Fix loggen parameters


Fix seeking in logstore using lgstool cat command


Empty disk queue truncate fix


Memory leak during reload when using the app-parser


Race condition during reload when using license-counter-reset


Table 7: General resolved issues in syslog-ng PE 7.0.12
Resolved Issue Issue ID

non-reliable diskq: fixes false positive corruption detection


Dqtool reported disk queue corrupted false positively


Append $(basename) to filename template correctly


SSL: Multiple ca-dir() related issues fixed


Fix frequent disconnects of syslog() driver when using TLS


OpenSSL upgraded to 1.0.2q


File destination fd leak after reload when time-reap elapsed


hdfs: fd leak during reload


tls: Handle allow-compress correctly


Socket leak when using udp destination with spoof-source enabled


Differences in features between syslog-ng PE 6 LTS and 7

In general, syslog-ng Premium Edition version 7 has much more features than version 6 LTS, therefore One Identity recommends using version 7 for all deployments, except when a feature that you require is only available in version 6 LTS. In case you need help with migrating from version 6 LTS to 7, contact our Support Team for help. Also note that as an alternative to the syslog-ng Agent for Windows application, syslog-ng PE version 7 supports an agent-less solution to fetch log messages from Windows hosts.

Features available only in syslog-ng PE 6 LTS

The following features that are available in syslog-ng Premium Edition 6 LTS are not available in syslog-ng PE 7.

  • The SNMP destination (snmp()).

  • The SQL source (sql()).

  • The allow-compress(), ca-dir-layout(), and cert-subject() options related to TLS transport.

  • The syslog-ng PE 7 application is currently supported only on Linux platforms. For a detailed list, see "Supported platforms" in the Administration Guide.

  • The spoof-interface() options of the network() and syslog() destinations.

  • The read-old-records() and use-syslogng-pid() options of the file() source.

  • The replace(), cut(), and format-snare() template-functions.

  • The ${OSUPTIME} macro is not available.

  • When syslog-ng PE 6 started, its startup message included the hash of its configuration file. This has been removed from the startup messages.

  • Reading and writing log files located on network shares is not supported.

  • FIPS-compliant packages are not available.

Features that have been changed or replaced in syslog-ng PE 7

The following options and features have changed, and require you to modify your configuration file.

  • Configuring the size of disk-buffers has changed. Instead of log-disk-fifo-size(<size>), use the disk-buffer(disk-buf-size(<size>) reliable(no)) option. For details, see "Using the disk-buffer option and memory buffering" in the Administration Guide.

  • To store disk-buffer files in a specific folder, use the disk-buffer(dir("/your/diskbuffer/directory")) option. You cannot set this directory from the command-line, --qdisk-dir command-line option is not available.

  • The RLTP transport protocol has been renamed to ALTP, so you have to use transport(altp) instead of altp. Also, the message-acknowledgement-timeout() option has been deprecated and has no effect. For details, see "Reliability and minimizing the loss of log messages" in the Administration Guide.

  • Wildcard support has been removed from the file source driver and moved to the separate wildcard-file() source. Also, the force-directory-polling() option has been replaced with the monitor-method("poll") option. For details, see "wildcard-file: Collecting messages from multiple text files" in the Administration Guide.

  • The mark-mode("host-idle") option does not work. Remove it from your configuration.

  • Certain labels in the output of the syslog-ng-ctl stats command have been changed, for example, the "stored" counter has been renamed to "queued".

  • If you use the multi-line-prefix() or multi-line-garbage() options in your configuration, add also the multi-line-mode("regexp") option. Note that now the multi-line-prefix() and multi-line-garbage() options do not have a timeout.

  • When comparing values in filter expressions (for example, in a filter, conditional rewrite, lgstool), note that the '==' operator now works only on numerical values. To test if two strings are identical, use the eq operator. For example:

    filter f_host {"${HOST}" eq "localhost1234"};
  • Timequality fields in RFC5424-formatted log messages are not available (the timeQuality isSynced="0/1" tzKnown="0/1" SDATA fields are not available.

  • The file-related SDATA fields that were available for log messages that syslog-ng PE read from a file source (file@18372.4 position="34" size="34" name="/path/and/filename") are not available.

Platforms not supported in syslog-ng PE 7

The following platforms are supported only in syslog-ng Premium Edition 6 LTS.

  • AIX

  • FreeBSD

  • HP-UX

  • Oracle Linux 5, 6

  • openSUSE

  • Solaris

  • Windows

For a complete list of supported platforms, see "Supported platforms" in the Administration Guide.

Product licensing

To enable a trial license

  1. Apply for a trial license at the syslog-ng website.
  2. Download the license and the installation package for your platform, then follow the installation instructions in the Administration Guide.

To enable a purchased commercial license

  1. Download the license and the installation package for your platform, then follow the installation instructions in the Administration Guide.
Documents connexes