Chat now with support
Chat with Support

syslog-ng Premium Edition 7.0.17 - Release Notes

Resolved issues

The following is a list of issues addressed in this release.

Table 2: General resolved issues in syslog-ng PE 7.0.17
Resolved Issue Issue ID

WEC: handle invalid UTF-16 characters gracefully


Fix TID reinitialization mechanism in ALTP during restart


splunk-hec(): Fix an error in handling indexed fields


Fix persist structure during upgrade from PE version 6


RPM upgrade overwrites WEC configuration


Reliable disk queue corruption fixes


ALTP ack_timeout fix


WEC: forwarded logs have incorrect hostname


OpenSSL upgraded to 1.0.2t


OpenSSL upgraded to 1.1.0l on Ubuntu Bionic


Table 3: General resolved issues in syslog-ng PE 7.0.16
Resolved Issue Issue ID

Crash in patterndb during context timeout


Memory leak in dbparser


OpenSSL upgraded to 1.1.0k on Bionic platform


OpenSSL upgraded to 1.0.2s


syslog-ng hangs under high load


Incorrect numerical operators in filter statements


Bad quotation in splunk-hec() destination prevents load-balancing working correctly


http destination should give a warning if workers() is less than urls()


geoip2 does not include IP address in the error messages


Infinite loop during reload


Improve error handling in --preprocess-into


Reset timezone on configuration reload


Flushing destination on reload is slow


Wildcard filesource crashes


Table 4: General resolved issues in syslog-ng PE 7.0.14
Resolved Issue Issue ID

Crash in network source with ALTP due to idle timer


OpenSSL 1.0.2r upgrade


http-destination stuck when reverting to old configuration


syslog-ng segmentation fault on statistics query


WEC: Adds list support to Windowsevent-parser


Table 5: General resolved issues in syslog-ng PE 7.0.13
Resolved Issue Issue ID

Fix loggen parameters


Fix seeking in logstore using lgstool cat command


Empty disk queue truncate fix


Memory leak during reload when using the app-parser


Race condition during reload when using license-counter-reset


Table 6: General resolved issues in syslog-ng PE 7.0.12
Resolved Issue Issue ID

non-reliable diskq: fixes false positive corruption detection


Dqtool reported disk queue corrupted false positively


Append $(basename) to filename template correctly


SSL: Multiple ca-dir() related issues fixed


Fix frequent disconnects of syslog() driver when using TLS


OpenSSL upgraded to 1.0.2q


File destination fd leak after reload when time-reap elapsed


hdfs: fd leak during reload


tls: Handle allow-compress correctly


Socket leak when using udp destination with spoof-source enabled


Differences in features between syslog-ng PE 6 LTS and 7

In general, syslog-ng Premium Edition version 7 has much more features than version 6 LTS, therefore One Identity recommends using version 7 for all deployments, except when a feature that you require is only available in version 6 LTS. In case you need help with migrating from version 6 LTS to 7, contact our Support Team for help. Also note that as an alternative to the syslog-ng Agent for Windows application, syslog-ng PE version 7 supports an agent-less solution to fetch log messages from Windows hosts.

Features available only in syslog-ng PE 6 LTS

The following features that are available in syslog-ng Premium Edition 6 LTS are not available in syslog-ng PE 7.

  • The SNMP destination (snmp()).

  • The SQL source (sql()).

  • The allow-compress(), ca-dir-layout(), and cert-subject() options related to TLS transport.

  • The syslog-ng PE 7 application is currently supported only on Linux platforms. For a detailed list, see "Supported platforms" in the Administration Guide.

  • The spoof-interface() options of the network() and syslog() destinations.

  • The read-old-records() and use-syslogng-pid() options of the file() source.

  • The replace(), cut(), and format-snare() template-functions.

  • The ${OSUPTIME} macro is not available.

  • When syslog-ng PE 6 started, its startup message included the hash of its configuration file. This has been removed from the startup messages.

  • Reading and writing log files located on network shares is not supported.

  • FIPS-compliant packages are not available.

Features that have been changed or replaced in syslog-ng PE 7

The following options and features have changed, and require you to modify your configuration file.

  • Configuring the size of disk-buffers has changed. Instead of log-disk-fifo-size(<size>), use the disk-buffer(disk-buf-size(<size>) reliable(no)) option. For details, see "Using the disk-buffer option and memory buffering" in the Administration Guide.

  • To store disk-buffer files in a specific folder, use the disk-buffer(dir("/your/diskbuffer/directory")) option. You cannot set this directory from the command-line, --qdisk-dir command-line option is not available.

  • The RLTP transport protocol has been renamed to ALTP, so you have to use transport(altp) instead of altp. Also, the message-acknowledgement-timeout() option has been deprecated and has no effect. For details, see "Reliability and minimizing the loss of log messages" in the Administration Guide.

  • Wildcard support has been removed from the file source driver and moved to the separate wildcard-file() source. Also, the force-directory-polling() option has been replaced with the monitor-method("poll") option. For details, see "wildcard-file: Collecting messages from multiple text files" in the Administration Guide.

  • The mark-mode("host-idle") option does not work. Remove it from your configuration.

  • Certain labels in the output of the syslog-ng-ctl stats command have been changed, for example, the "stored" counter has been renamed to "queued".

  • If you use the multi-line-prefix() or multi-line-garbage() options in your configuration, add also the multi-line-mode("regexp") option. Note that now the multi-line-prefix() and multi-line-garbage() options do not have a timeout.

  • When comparing values in filter expressions (for example, in a filter, conditional rewrite, lgstool), note that the '==' operator now works only on numerical values. To test if two strings are identical, use the eq operator. For example:

    filter f_host {"${HOST}" eq "localhost1234"};
  • Timequality fields in RFC5424-formatted log messages are not available (the timeQuality isSynced="0/1" tzKnown="0/1" SDATA fields are not available.

  • The file-related SDATA fields that were available for log messages that syslog-ng PE read from a file source (file@18372.4 position="34" size="34" name="/path/and/filename") are not available.

Platforms not supported in syslog-ng PE 7

The following platforms are supported only in syslog-ng Premium Edition 6 LTS.

  • AIX

  • FreeBSD

  • HP-UX

  • Oracle Linux 5, 6

  • openSUSE

  • Solaris

  • Windows

For a complete list of supported platforms, see "Supported platforms" in the Administration Guide.

Product licensing

To enable a trial license

  1. Apply for a trial license at the syslog-ng website.
  2. Download the license and the installation package for your platform, then follow the installation instructions in the Administration Guide.

To enable a purchased commercial license

  1. Download the license and the installation package for your platform, then follow the installation instructions in the Administration Guide.

Upgrade and installation instructions

To install or upgrade syslog-ng Premium Edition, follow the instructions in "Installing syslog-ng" in the Administration Guide.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating