Released: Wed, 12 Apr 2017 15:00
#SYSLOGDEV-2739 Cannot bind network source at system startup using systemd
#SYSLOGDEV-2741 Crashes due to incorrect configuration values
#SYSLOGDEV-2742 Java destinations does not handle timezone setting correctly
#SYSLOGDEV-2747 syslog-ng.conf world readable permission
#SYSLOGDEV-2753 flow-control not working with multi-line message + encoding enabled
#SYSLOGDEV-3175 Uppercase month in timestamp parsed incorrectly
#SYSLOGDEV-3194 Referencing add_contextual_data() parsers multiple times doesn't work
#SYSLOGDEV-3219 kv-parser() should allow space as a separator
#SYSLOGDEV-3271 Crash on repeatedly used groupunset() rewrite rule
Python support: message parsers and template functions
The Python Log Parser allows you to write your own parser in Python. Practically, that way you can process the log message (or parts of the log message) any way you need. For example, you can import external Python modules to process the messages, query databases to enrich the messages with additional data, and many other things. For details, see Section 12.6, The Python Parser in The syslog-ng Premium Edition 7 Administrator Guide.
You can write your own template function in Python. You can define a Python block in your syslog-ng PE configuration file, and define one or more Python functions in it. You can use these functions as template functions. For details, see Section python in The syslog-ng Premium Edition 7 Administrator Guide.
Monitor syslog-ng PE more effectively
The new monitoring() source allows you to granularly select which statistics of syslog-ng PE you want to monitor. In addition, the statistics are available as structured name-value pairs, so you can format the output similarly to other log messages. That way, you can easily convert the statistics and metrics, for example, into JSON or WELF format, and send the results into your monitoring database. For details, see Section 16.2, The monitoring() source in The syslog-ng Premium Edition 7 Administrator Guide.
syslog-ng PE version 7.0.2 also includes the monitoring-welf() source, which is a preconfigured monitoring() source that generates statistics messages in WELF format. Starting with version 7.0., syslog-ng PE uses this driver for new installations to generate statistics (earlier versions use the internal() source for this purpose).
Ported from the syslog-ng PE 6 LTS product line
The functionality syslog-ng-query application is available in syslog-ng PE 7.0.2, as part of the syslog-ng-ctl utility. For details, see the section called “syslog-ng-ctl query” in The syslog-ng Premium Edition 7 Administrator Guide.
Features available only in syslog-ng PE 6 LTS
Several features that are available in syslog-ng Premium Edition 6 LTS are not yet implemented in syslog-ng PE 7. In case you need to use these features, use syslog-ng PE 6 LTS, or contact the One Identity Support Team for advice. The features missing from syslog-ng PE 7 will become gradually available in future releases of syslog-ng PE.
Storing messages in encrypted files (logstore()).
Reliable Log Transfer Protocol™ (RLTP™).
The SNMP destination (snmp()).
The SQL source (sql()).
The persist-tool application.
The allow-compress(), ca-dir-layout(), and cert-subject() options related to TLS transport.
The syslog-ng PE 7 application is currently supported only on Linux platforms. For a detailed list, see Section 1.6, Supported platforms in The syslog-ng Premium Edition 7 Administrator Guide.
The failover-servers() and spoof-interface() options of the network() and syslog() destinations.
The read-old-records(), recursive() and use-syslogng-pid() options of the file() source. Also, wild-cards in filenames are not supported.
The replace(), cut(), and format-snare() template-functions.
FIPS-compliant packages are not available.
Manual configuration upgrade needed
Since there are some missing features/options it is possible you will need to change parts of your configuration file. In case you need help with upgrading please contact the One Identity Support Team for advice.
Platforms supported in syslog-ng PE 7
Debian 7 (wheezy)
Debian 8 (jessie)
Oracle Linux 7
Red Hat EL 7
Ubuntu 12.04 LTS (Precise Pangolin)
Ubuntu 14.04 LTS (Trusty Tahr)
Ubuntu 16.04 LTS (Xenial Xerus)
Platforms not supported in syslog-ng PE 7:
Oracle Linux 5, 6