Chat now with support
Chat with Support

syslog-ng Premium Edition 7.0.18 - Release Notes

New features in syslog-ng PE 7.0.17

Fetching logs from Office 365

Starting with syslog-ng PE version 7.0.17, you can fetch logs from your Office 365 account using the Office 365 Management Activity API. For details, see "office365: Fetching logs from Office 365" in the Administration Guide.

Upgrade improvements

The upgrade from syslog-ng PE version 6 has been improved and made more robust. If you are upgrading from syslog-ng PE version 6, first upgrade to the latest available 6.0.x maintenance release. For details on the upgrade process to syslog-ng PE version 7, see "Upgrading from syslog-ng PE 6.0.x to version 7" in the Administration Guide.

New features in syslog-ng PE 7.0.16


Detailed documentation about upgrading from syslog-ng PE 6 to version 7 is available at "Upgrading from syslog-ng PE 6.0.x to version 7" in the Administration Guide.

New features in syslog-ng PE 7.0.14

Google Stackdriver destination

The stackdriver destination of syslog-ng PE can send log messages to the Google Stackdriver cloud. Google Stackdriver is a widely used metrics, event, and log aggregator and analyzer system. For details, see "stackdriver: Sending logs to the Google Stackdriver cloud" in the Administration Guide.

Elasticsearch HTTP destination

Version 7.0.14 of syslog-ng PE can directly post log messages to an Elasticsearch deployment using the Elasticsearch Bulk API over the HTTP and Secure HTTP (HTTPS) protocols. For details, see "elasticsearch-http: Sending messages to Elasticsearch HTTP Event Collector" in the Administration Guide.

Windows Server 2019 logs

The Windows Event Collector application now supports Windows Server 2019.

  • The syslog-ng-ctl reload command now has a return value: 0 if the operation was successful, 1 otherwise.

  • Instead of dropping incoming messages that are too long, you can now trim them using the trim-large-messages() option of the syslog() source.

New features in syslog-ng PE 7.0.13

Linux Audit Parser

The Linux Audit Parser can parse the log messages of the Linux Audit subsystem (auditd). The syslog-ng PE application can separate these log messages to name-value pairs. For details, see "Linux audit parser" in the Administration Guide.

Processing arrays in Windows Eventlog messages

The windowsevent() source can now automatically process XML arrays, making the array elements available as name-value pairs. For example, the following XML array becomes available as name-value pairs:

<Event xmlns="">
    <Data Name="SubjectUserSid">S-1-5-18</Data>
    <Data Name="SubjectUserName">WIN-K1678A68SQ6$</Data>

Name-value pairs:
Event.System.EventID = 5059
Event.EventData.SubjectUserSid = S-1-5-18
Event.EventData.SubjectUserName = WIN-K1678A68SQ6$

For details, see "windowsevent: Collecting Windows event logs" in the Administration Guide.

Docker support

Installing the syslog-ng Premium Edition application in Docker containers is now officially supported on CentOS 7, Red Hat EL 7.5, and Ubuntu 18.04 (Bionic Beaver) platforms. For details, see "Installing syslog-ng in Docker" in the Administration Guide.

  • The persist-tool utility is now part of the syslog-ng PE package. For details, see the persist-tool manual page.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating