syslog-ng Premium Edition 7.0.12 - Release Notes

Release Notes

syslog-ng Premium Edition 7.0.12

Release Notes

December 2018

These release notes provide information about the syslog-ng Premium Edition release.

About this release

Welcome to syslog-ng Premium Edition (syslog-ng PE) version 7 and thank you for choosing our product. This document describes the new features and most important changes since the latest release of syslog-ng PE. The main aim of this paper is to aid system administrators in planning the migration to the new version of syslog-ng PE. The following sections describe the news and highlights of syslog-ng PE 7.

Starting with version 7, syslog-ng Premium Edition is released as a rolling release. For details, see the Version policy.

Supported platforms

The syslog-ng Premium Edition application is officially supported on the following platforms. Note that the following table is for general reference only, and is not always accurate about the supported platforms and options available for specific platforms. The latest version of this table is available at https://syslog-ng.com/log-management-software/supported-platforms. Unless explicitly noted otherwise, the subsequent releases of the platform (for example, Windows Server 2008 R2 and its service packs in case of Windows Server 2008) are also supported.

Table 1: Platforms supported by syslog-ng Premium Edition

x86 x86_64 SPARC SPARC64 PowerPC IA64
CentOS 5 - - - -
CentOS 6 - - - -
CentOS 7 - - - - -
Debian 7 (wheezy) - - - - -
Debian 8 (jessie) - - - - -
Oracle Linux 6 - - - - -
Oracle Linux 7 - - - - -
openSUSE 11 - - - -
Red Hat EL 6 - - - - -
Red Hat EL 7 - - - - -
SLES 12 - - - - -
Ubuntu 12.04 LTS (Precise Pangolin) - - - - -
Ubuntu 14.04 LTS (Trusty Tahr) - - - - -
Ubuntu 16.04 LTS (Xenial Xerus) - - - - -
Ubuntu 18.04 LTS (Bionic Beaver) - - - - -

Caution:

Certain sources and destinations are not supported on every platform (particularly, the sql() destination, and the hdfs() destination). For details, see the description of the specific source and destination.

Caution:

If you are planning to use Python in syslog-ng PE (for example Python parser or Python template function) on RHEL 6 platform, then you have to manually install Python 2.7. If the Python version on the machine is not 2.7, you will receive a similar error message during startup:

[2017-07-27T13:42:03.606679] Reading shared object for a candidate module; path='/opt/syslog-ng/lib/syslog-ng', fname='mod-python.so', module='mod-python' [2017-07-27T13:42:03.606994] Error opening plugin module; module='mod-python', error='libpython2.7.so.1.0: cannot open shared object file: No such file or directory'

For details about the syslog-ng Agent for Windows application, see the syslog-ng Agent for Windows documentation. For an agent-less solution, see the list of supported platforms.

For using syslog-ng PE on other platforms (for example, AIX, FreeBSD, HP-UX, Solaris, Microsoft Windows), see the list of supported platforms in the syslog-ng PE version 6 Administration Guide.

New features in syslog-ng PE 7.0.12

Send log messages directly to Splunk HEC

Version 7.0.12 of syslog-ng PE can directly post log messages to a Splunk deployment using the HTTP Event Collector (HEC) over the HTTP and Secure HTTP (HTTPS) protocols. The solution is optimized for performance, and supports sending messages in batch mode, multithreaded message sending, and load-balancing to multiple Splunk indexer nodes.

HTTPS connection, as well as password- and certificate-based authentication is supported. The content of the events is sent in JSON format.

For details, see "splunk-hec: Sending messages to Splunk HTTP Event Collector" in the Administration Guide.

Ubuntu 18.04 (Bionic Beaver) support

Version 7.0.12 of syslog-ng PE is now available on the Ubuntu 18.04 platform. Note that the Java-based drivers of syslog-ng PE (used for Apache Kafka, Elasticsearch, HDFS) require Java 8, Java 10 is not supported.

http() destination improvements

The http() destination now supports load balancing, so a single syslog-ng PE instance can feed log data to multiple HTTP servers, for example, multiple ingestion nodes of an Elasticsearch cluster. For details, see "Batch mode and load balancing" in the Administration Guide.

HTTP and HTTPS redirections now also handled automatically.

Enhancements
  • The syslog() and network() drivers now support the so-reuseport() option that allows multiple sockets on the same host to bind to the same port, improving the performance of multithreaded network server applications running on top of multicore systems.

  • The Cisco parser now supports Cisco Catalyst formatted triplets.

Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents