This article lists the bugs fixed in syslog-ng Premium Edition 7.0.6.
Released: Mon, 11 Dec 2017
#SYSLOGDEV-3906 Fixed documentation link in default config file
#SYSLOGDEV-3914 Upgrade OpenSSL to 1.0.2m
#SYSLOGDEV-3937 Fix hour difference when parsing snmp traps using snmptrap() source
#SYSLOGDEV-3938 Multiple grouping-by parser fixes
#SYSLOGDEV-3939 Crash during writing to file
#SYSLOGDEV-3940 Fix crash in python template function
#SYSLOGDEV-3941 Crash during reload when mongodb connection is not established
#SYSLOGDEV-3942 Memory leak during reload using mongodb
Windows Event Collector for syslog-ng PE
The Windows Event Collector (WEC) acts as a log collector and forwarder tool for the Microsoft Windows platform. It collects the log messages of Windows-based hosts over HTTPS (using TLS encryption and mutual authentication), and forwards them to a syslog-ng PE server. In Windows terminology, this tool allows you to define source-initiated subscriptions, and have them forwarded to a syslog-ng PE server.
Unlike the syslog-ng Agent for Windows, the Windows Event Collector is a standalone tool that does not require installing on the Windows-based host itself. This can be an advantage when your organization's policies restrict or do not allow the installation of third-party tools. The Windows Event Collector sits between your Windows hosts and your syslog-ng Premium Edition server, accepting log messages from the remote Windows side with WinRM and feeding them to syslog-ng Premium Edition 7.0.
For more information, see:
Windows Event Collector for syslog-ng Premium Edition 7.0
Section 6.17, windowsevent: Collecting Windows event logs in The syslog-ng Premium Edition 7 Administrator Guide
Support for unsetting a group of fields
In addition to unsetting a macro or a field of a message, you can now explicitly unset a group of fields too, using the groupunset() rewrite rule.
For more information, see Section 11.2.3, Unsetting message fields in The syslog-ng Premium Edition 7 Administrator Guide.
Features available only in syslog-ng PE 6 LTS
Several features that are available in syslog-ng Premium Edition 6 LTS are not yet implemented in syslog-ng PE 7. In case you need to use these features, use syslog-ng PE 6 LTS, or contact the Balabit Support Team for advice. The features missing from syslog-ng PE 7 will become gradually available in future releases of syslog-ng PE.
Storing messages in encrypted files (logstore()).
Reliable Log Transfer Protocol™ (RLTP™).
The SNMP destination (snmp()).
The SQL source (sql()).
The persist-tool application.
The allow-compress(), ca-dir-layout(), and cert-subject() options related to TLS transport.
The syslog-ng PE 7 application is currently supported only on Linux platforms. For a detailed list, see Section 1.6, Supported platforms in The syslog-ng Premium Edition 7 Administrator Guide.
The failover-servers() and spoof-interface() options of the network() and syslog() destinations.
The read-old-records(), recursive() and use-syslogng-pid() options of the file() source.
The replace(), cut(), and format-snare() template-functions.
FIPS-compliant packages are not available.
Manual configuration upgrade needed
Since there are some missing features/options it is possible you will need to change parts of your configuration file. In case you need help with upgrading please contact the Balabit Support Team for advice.
Platforms supported in syslog-ng PE 7
Debian 7 (wheezy)
Debian 8 (jessie)
Oracle Linux 7
Oracle Linux 6
Red Hat EL 7
Red Hat EL 6
Ubuntu 12.04 LTS (Precise Pangolin)
Ubuntu 14.04 LTS (Trusty Tahr)
Ubuntu 16.04 LTS (Xenial Xerus)
Platforms not supported in syslog-ng PE 7
Oracle Linux 5