Released: Tue, 08 Aug 2017
#SYSLOGDEV-3542 Crash on substituting non-existing macro
#SYSLOGDEV-3608 Certain destinations used more memory than needed
Red Hat Enterprise Linux 6 platform is now supported. For details, see Section 1.6, Supported platforms in The syslog-ng Premium Edition 7 Administrator Guide
New osquery source
The osquery application allows you to ask questions about your machine using an SQL-like language. For example, you can query running processes, logged in users, installed packages and syslog messages as well. You can make queries on demand, and also schedule them to run regularly.
The osquery() source of syslog-ng PE allows you read the results of periodical osquery queries and automatically parse the messages. For details, see Section 6.6, osquery: Collect and parse osquery result logs in The syslog-ng Premium Edition 7 Administrator Guide.
New HTTP destination
The syslog-ng PE application can directly post log messages to web services using the HTTP protocol, without having to use Java.
HTTPS connection, as well as password- and certificate-based authentication is supported. For details, see Section 7.5, Posting messages over HTTP in The syslog-ng Premium Edition 7 Administrator Guide.
Look up GeoIP2 data from IP addresses
The syslog-ng PE application can lookup IP addresses from an offline GeoIP2 database, and make the retrieved data available in name-value pairs. Depending on the database used, you can access country code, longitude, and latitude information, and so on. For details, see Section 15.2, Looking up GeoIP2 data from IP addresses in The syslog-ng Premium Edition 7 Administrator Guide.
You can use the geoip2 template function to format messages to contain GeoIP data. For details, see Section 11.1.7, Template functions of syslog-ng PE in The syslog-ng Premium Edition 7 Administrator Guide.
The geoip() parser is deprecated.
The geoip() parser is now deprecated. Use the geoip2 parser instead.
Features available only in syslog-ng PE 6 LTS
Several features that are available in syslog-ng Premium Edition 6 LTS are not yet implemented in syslog-ng PE 7. In case you need to use these features, use syslog-ng PE 6 LTS, or contact the One Identity Support Team for advice. The features missing from syslog-ng PE 7 will become gradually available in future releases of syslog-ng PE.
Storing messages in encrypted files (logstore()).
Reliable Log Transfer Protocol™ (RLTP™).
The SNMP destination (snmp()).
The SQL source (sql()).
The persist-tool application.
The allow-compress(), ca-dir-layout(), and cert-subject() options related to TLS transport.
The syslog-ng PE 7 application is currently supported only on Linux platforms. For a detailed list, see Section 1.6, Supported platforms in The syslog-ng Premium Edition 7 Administrator Guide.
The failover-servers() and spoof-interface() options of the network() and syslog() destinations.
The read-old-records(), recursive() and use-syslogng-pid() options of the file() source.
The replace(), cut(), and format-snare() template-functions.
FIPS-compliant packages are not available.
Manual configuration upgrade needed
Since there are some missing features/options it is possible you will need to change parts of your configuration file. In case you need help with upgrading please contact the One Identity Support Team for advice.
Platforms supported in syslog-ng PE 7
Debian 7 (wheezy)
Debian 8 (jessie)
Oracle Linux 7
Red Hat EL 7
Red Hat EL 6
Ubuntu 12.04 LTS (Precise Pangolin)
Ubuntu 14.04 LTS (Trusty Tahr)
Ubuntu 16.04 LTS (Xenial Xerus)
Platforms not supported in syslog-ng PE 7
Oracle Linux 5, 6