Released: Mon, 17 Dec 2018
#SYSLOGDEV-4552 - Socket leak using udp destination with spoof_source enabled
#SYSLOGDEV-4407 - Dqtool reported disk queue corrupted false positively
#SYSLOGDEV-4580 - tls: Handle allow-compress correctly
#SYSLOGDEV-4581 - hdfs: fd leak during reload
#SYSLOGDEV-4609 - File destination fd leak after reload when time-reap elapsed
#SYSLOGDEV-4650 - OpenSSL upgraded to 1.0.2q
#SYSLOGDEV-4667 - Fix frequent disconnects of syslog() with TLS
#SYSLOGDEV-4669 - SSL: Multiple ca-dir() related issues fixed
#SYSLOGDEV-4673 - Append $(basename) to filename template correctly
#SYSLOGDEV-4674 - non-reliable diskq: false positive corruption detection fix
Send log messages directly to Splunk HEC
Version 7.0.12 of syslog-ng PE can directly post log messages to a Splunk deployment using the HTTP Event Collector (HEC) over the HTTP and Secure HTTP (HTTPS) protocols. The solution is optimized for performance, and supports sending messages in batch mode, multithreaded message sending, and load-balancing to multiple Splunk indexer nodes. HTTPS connection, as well as password- and certificate-based authentication is supported. The content of the events is sent in JSON format. For details, see "splunk-hec: Sending messages to Splunk HTTP Event Collector" in the Administration Guide.
Ubuntu 18.04 (Bionic Beaver) support
Version 7.0.12 of syslog-ng PE is now available on the Ubuntu 18.04 platform. Note that the Java-based drivers of syslog-ng PE (used for Apache Kafka, Elasticsearch, HDFS) require Java 8, Java 10 is not supported.
http() destination improvements
The http() destination now supports load balancing, so a single syslog-ng PE instance can feed log data to multiple HTTP servers, for example, multiple ingestion nodes of an Elasticsearch cluster. For details, see "Batch mode and load balancing" in the Administration Guide. HTTP and HTTPS redirections now also handled automatically.
The syslog() and network() drivers now support the so-reuseport() option that allows multiple sockets on the same host to bind to the same port, improving the performance of multithreaded network server applications running on top of multicore systems.
The Cisco parser now supports Cisco Catalyst formatted triplets
Features available only in syslog-ng PE 6 LTS
Several features that are available in syslog-ng Premium Edition 6 LTS are not yet implemented in syslog-ng PE 7. In case you need to use these features, use syslog-ng PE 6 LTS, or contact the Balabit Support Team for advice. The features missing from syslog-ng PE 7 will become gradually available in future releases of syslog-ng PE.
The SNMP destination (snmp()).
The SQL source (sql()).
The persist-tool application.
The ca-dir-layout(), and cert-subject() options related to TLS transport.
The syslog-ng PE 7 application is currently supported only on Linux platforms. For a detailed list, see Section 1.6, Supported platforms in The syslog-ng Premium Edition 7 Administrator Guide.
The spoof-interface() options of the network() and syslog() destinations.
The read-old-records(), recursive() and use-syslogng-pid() options of the file() source.
The replace(), cut(), and format-snare() template-functions.
FIPS-compliant packages are not available.
Platforms supported in syslog-ng PE 7
Debian 7 (wheezy)
Debian 8 (jessie)
Oracle Linux 7
Oracle Linux 6
Red Hat EL 7
Red Hat EL 6
Ubuntu 12.04 LTS (Precise Pangolin)
Ubuntu 14.04 LTS (Trusty Tahr)
Ubuntu 16.04 LTS (Xenial Xerus)
Ubuntu 18.04 LTS (Bionic Beaver)
Platforms not supported in syslog-ng PE 7:
Oracle Linux 5