Starting with syslog-ng PE version
The upgrade from syslog-ng PE version 6 has been improved and made more robust. If you are upgrading from syslog-ng PE version 6, first upgrade to the latest available 6.0.x maintenance release. For details on the upgrade process to syslog-ng PE version 7, see "Upgrading from syslog-ng PE 6.0.x to version 7" in the Administration Guide.
Detailed documentation about upgrading from syslog-ng PE 6 to version 7 is available at "Upgrading from syslog-ng PE 6.0.x to version 7" in the Administration Guide.
The stackdriver destination of syslog-ng PE can send log messages to the Google Stackdriver cloud. Google Stackdriver is a widely used metrics, event, and log aggregator and analyzer system. For details, see "stackdriver: Sending logs to the Google Stackdriver cloud" in the Administration Guide.
The Windows Event Collector application now supports Windows Server 2019.
The syslog-ng-ctl reload command now has a return value: 0 if the operation was successful, 1 otherwise.
Instead of dropping incoming messages that are too long, you can now trim them using the trim-large-messages() option of the syslog() source.
The Linux Audit Parser can parse the log messages of the Linux Audit subsystem (auditd). The syslog-ng PE application can separate these log messages to name-value pairs. For details, see "Linux audit parser" in the Administration Guide.
The windowsevent() source can now automatically process XML arrays, making the array elements available as name-value pairs. For example, the following XML array becomes available as name-value pairs:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <EventID>5059</EventID> </System> <EventData> <Data Name="SubjectUserSid">S-1-5-18</Data> <Data Name="SubjectUserName">WIN-K1678A68SQ6$</Data> </EventData> Name-value pairs: Event.System.EventID = 5059 Event.EventData.SubjectUserSid = S-1-5-18 Event.EventData.SubjectUserName = WIN-K1678A68SQ6$
Installing the syslog-ng Premium Edition application in Docker containers is now officially supported on CentOS 7, Red Hat EL 7.5, and Ubuntu 18.04 (Bionic Beaver) platforms. For details, see "Installing syslog-ng in Docker" in the Administration Guide.
The persist-tool utility is now part of the syslog-ng PE package. For details, see the persist-tool manual page.