Released: Tue, 27 Jun 2017
#SYSLOGDEV-3474 Crash using csv-parser and multiple destination in a logpath
#SYSLOGDEV-3379 Referencing add_contextual_data() parsers with filter selector multiple times doesn't work
#SYSLOGDEV-3321 File source does not read after restart
#SYSLOGDEV-3388 After upgrading RPM based systems syslog-ng was not automatically restarted
#SYSLOGDEV-3413 Shipping init scripts on systemd based system is not necessary (RPM versions)
Reading Net-SNMP traps
Using the snmptrap() source, you can read and parse the SNMP traps of the Net-SNMP's snmptrapd application. syslog-ng PE can read these traps from a log file, and extract their content into name-value pairs, making it easy to forward them as a structured log message (for example, in JSON format). For details, see Section 6.8, snmptrap: Read Net-SNMP traps in The syslog-ng Premium Edition 7 Administrator Guide.
Monitor syslog-ng PE more effectively
syslog-ng PE version 7.0.3 also includes new metrics. For details, see Section 16.1, Metrics and counters of syslog-ng PE in The syslog-ng Premium Edition 7 Administrator Guide.
Also note the following changes compared earlier syslog-ng PE versions:
- The stored counter was renamed to queued.
- The output of the syslog-ng-ctl query command was changed from <counter-name>: <counter-value> to <counter-name>=<counter-value>
Ported from the syslog-ng PE 6 LTS product line
The functionality of wildcard file sources are available in syslog-ng PE 7.0.3 as a separate source driver. For details, see Section 6.4, wildcard-file — Collecting messages from multiple text files in The syslog-ng Premium Edition 7 Administrator Guide.
- The syslog-debun utility now supports IBM AIX.
- The hdfs() destination now supports Kerberos authentication. For details, see Section 7.4.4, Kerberos authentication with syslog-ng hdfs() destination in The syslog-ng Premium Edition 7 Administrator Guide.
- The new basename() and dirname() template functions allow you to easily separate the path and filenames. For details, see Section 11.1.7, Template functions of syslog-ng PE in The syslog-ng Premium Edition 7 Administrator Guide.
Features available only in syslog-ng PE 6 LTS
Several features that are available in syslog-ng Premium Edition 6 LTS are not yet implemented in syslog-ng PE 7. In case you need to use these features, use syslog-ng PE 6 LTS, or contact the One Identity Support Team for advice. The features missing from syslog-ng PE 7 will become gradually available in future releases of syslog-ng PE.
Storing messages in encrypted files (logstore()).
Reliable Log Transfer Protocol™ (RLTP™).
The SNMP destination (snmp()).
The SQL source (sql()).
The persist-tool application.
The allow-compress(), ca-dir-layout(), and cert-subject() options related to TLS transport.
The syslog-ng PE 7 application is currently supported only on Linux platforms. For a detailed list, see Section 1.6, Supported platforms in The syslog-ng Premium Edition 7 Administrator Guide.
The failover-servers() and spoof-interface() options of the network() and syslog() destinations.
The read-old-records(), recursive() and use-syslogng-pid() options of the file() source. Also, wild-cards in filenames are not supported.
The replace(), cut(), and format-snare() template-functions.
FIPS-compliant packages are not available.
Manual configuration upgrade needed
Since there are some missing features/options it is possible you will need to change parts of your configuration file. In case you need help with upgrading please contact the One Identity Support Team for advice.
Platforms supported in syslog-ng PE 7
Debian 7 (wheezy)
Debian 8 (jessie)
Oracle Linux 7
Red Hat EL 7
Ubuntu 12.04 LTS (Precise Pangolin)
Ubuntu 14.04 LTS (Trusty Tahr)
Ubuntu 16.04 LTS (Xenial Xerus)
Platforms not supported in syslog-ng PE 7:
Oracle Linux 5, 6