Released: Mon, 20 Aug 2018
#SYSLOGDEV-4361 Logstore file owner not set correctly
#SYSLOGDEV-4343 Messages from journald are not included in center statistics
#SYSLOGDEV-4345 Minor fixes in SELinux installer script
#SYSLOGDEV-4381 Support for cap_syslog capability
#SYSLOGDEV-4368 JVM not unloaded at syslog-ng reload
#SYSLOGDEV-4350 syslog-ng crash when trying to open a corrupt logstore
#SYSLOGDEV-3893 RedHat package signature
Send logs using the Advanced Log Transport Protocol (ALTP)
Using the new Advanced Log Transfer Protocol (ALTP), you can send (and receive) log messages in a reliable way over the TCP transport layer. ALTP is a proprietary transport protocol that prevents message loss during connection breaks. The transport is used between syslog-ng PE hosts (for example, a client and a server, or a client-relay-server),
and interoperates with the flow-control and reliable disk-buffer mechanisms of syslog-ng PE, thus providing the best way to prevent message loss.
ALTP is the successor of the Reliable Log Transport Protocol (RLTP) introduced in version 6 LTS. Starting with version 7.0.9, the syslog-ng PE application can receive messages sent using RLTP from hosts that are running version 6 of syslog-ng PE or the syslog-ng Agent for Windows application. Starting with version 7.0.10, syslog-ng PE can now also send messages using ALTP to hosts that are running version 6 or at least version 7.0.9 of syslog-ng PE or the syslog-ng Agent for Windows application. For details, see Administration Guide.
An additional change regarding the Advanced Log Transfer Protocol is that the global flush-lines() option does not affect the batch size of ALTP anymore. Instead, a new ALTP has been introduced, called batch-size(). For details, see "ALTP options" in the Administration Guide.
failover() option introduced, failover-servers() option deprecated
The failover() option allows you to specify what happens after syslog-ng PE fails over to a secondary server. Additionally, the failover-servers() option has been deprecated and removed from the document. For more information about the failover() option, see Administration Guide.
Wildcard arguments of blocks
You can now refer to any additional parameters at the end of the argument in a block by adding three dots to it (...). It tells syslog-ng PE that this macro accepts `__VARARGS__`, therefore any name-value pair can be passed without validation. For details, see Administration Guide.
Mandatory parameters to blocks
You can now make parameters mandatory in block definitions by defining them with empty brackets (). For details, see Administration Guide.
Features available only in syslog-ng PE 6 LTS
Several features that are available in syslog-ng Premium Edition 6 LTS are not yet implemented in syslog-ng PE 7. In case you need to use these features, use syslog-ng PE 6 LTS, or contact the One Identity Support Team for advice. The features missing from syslog-ng PE 7 will become gradually available in future releases of syslog-ng PE.
The SNMP destination (snmp()).
The SQL source (sql()).
The persist-tool application.
The allow-compress(), ca-dir-layout(), and cert-subject() options related to TLS transport.
The syslog-ng PE 7 application is currently supported only on Linux platforms. For a detailed list, see Section 1.6, Supported platforms in The syslog-ng Premium Edition 7 Administrator Guide.
The failover-servers() and spoof-interface() options of the network() and syslog() destinations.
The read-old-records(), recursive() and use-syslogng-pid() options of the file() source.
The replace(), cut(), and format-snare() template-functions.
FIPS-compliant packages are not available.
Manual configuration upgrade needed
Since there are some missing features/options it is possible you will need to change parts of your configuration file. In case you need help with upgrading please contact the One Identity Support Team for advice.
Platforms supported in syslog-ng PE 7
Debian 7 (wheezy)
Debian 8 (jessie)
Oracle Linux 7
Oracle Linux 6
Red Hat EL 7
Red Hat EL 6
Ubuntu 12.04 LTS (Precise Pangolin)
Ubuntu 14.04 LTS (Trusty Tahr)
Ubuntu 16.04 LTS (Xenial Xerus)
Platforms not supported in syslog-ng PE 7
Oracle Linux 5