Chat now with support
Chat with Support

syslog-ng Premium Edition 7.0.18 - Release Notes

Highlights of 7.0.8

Client-side failover

The failover-servers() option of the network() and syslog() destinations is now available in syslog-ng PE version 7.

For more information, see "Client-side failover" in the Administration Guide.

New log path flag: drop-unmatched

A new log path flag, drop-unmatched, has been added. The new flag causes messages to be dropped along a log path when they do not match a filter or are discarded by a parser. For details, see "Log path flags" in the Administration Guide.

Support for Elasticsearch's Shield security discontinued

Elasticsearch deleted the Shield .jar files required for syslog-ng PE to work with Shield so support for Shield has been removed.

Support for POSIX regular expressions discontinued

Support for POSIX regular expressions has been removed. All "posix" regular expressions are automatically switched to "pcre". In case you have POSIX regular expressions configured, ensure that your regexps work with PCRE, and also specify type("pcre") explicitly.

Highlights of 7.0.7

Logstore destination

The logstore() destination that was available only in syslog-ng PE version 6 is now available in version 7.0.7, allowing you to store messages in encrypted files.

For more information, see "logstore: Storing messages in encrypted files" in the Administration Guide.

Password-protected private keys

Starting with syslog-ng PE version 7.0.7, you can use password-protected private keys in the network() and syslog() source and destination drivers.

For more information, see "Password-protected keys" in the Administration Guide.

Highlights of 7.0.6

Windows Event Collector for syslog-ng PE

The Windows Event Collector (WEC) acts as a log collector and forwarder tool for the Microsoft Windows platform. It collects the log messages of Windows-based hosts over HTTPS (using TLS encryption and mutual authentication), and forwards them to a syslog-ng PE server. In Windows terminology, this tool allows you to define source-initiated subscriptions, and have them forwarded to a syslog-ng PE server.

Unlike the syslog-ng Agent for Windows, the Windows Event Collector is a standalone tool that does not require installing on the Windows-based host itself. This can be an advantage when your organization's policies restrict or do not allow the installation of third-party tools. The Windows Event Collector sits between your Windows hosts and your syslog-ng Premium Edition server, accepting log messages from the remote Windows side with WinRM and feeding them to syslog-ng Premium Edition 7.0.

For more information, see:

Support for unsetting a group of fields

In addition to unsetting a macro or a field of a message, you can now explicitly unset a group of fields too, using the groupunset() rewrite rule.

For more information, see "Unsetting message fields" in the Administration Guide.

Highlights of 7.0.5

XML parser

A new parser, the XML parser has been added, which processes input in XML format, and then adds the parsed data to the message object. Use this parser to interoperate with applications that produce XML-encoded log messages.

The XML parser allows you to extract information from XML logs, and use this information in your logging pipeline, for example, in filters, and also to further process the extracted data using syslog-ng or other tools. In addition, parsing XML logs helps you normalize your log messages, and convert them to a common format.

For details, see "XML parser" in the Administration Guide.

Cisco parser

A new parser, the Cisco parser has been added, which is capable of parsing the log messages of various Cisco devices. The messages of these devices often do not completely comply with the syslog RFCs, making them difficult to parse. The cisco-parser() of syslog-ng PE solves this problem, and can separate these log messages to name-value pairs, extracting also the Cisco-specific values.

For more information, see "Cisco Parser" in the Administration Guide.

New systemd-journal() source option

A new systemd-journal() source option, read-old-records(), has been added. Previously, syslog-ng PE started reading records from the journald system service right from the very beginning of the journal. This was often a lengthy process. The new option lets you specify whether you want to read only new records from the journal or all records, starting from the beginning of the journal.

For more information, see "systemd-journal: Collecting messages from the systemd-journal system log storage" in the Administration Guide.

Configurable JVM options for Java destinations

You can now fine-tune your Java Virtual Machine (JVM) options when configuring Elasticsearch, Hadoop Distributed File System (HDFS), and Apache Kafka destinations. Previously, settings of the Java Virtual Machine could not be overriden from the syslog-ng PE configuration file, resulting sometimes in suboptimal memory utilization. The new jvm-options() allows you to configure these Java settings from syslog-ng PE as a global option.

For details, see:

Changes in HDFS destination options

The following changes have been introduced with regards to HDFS files:

  • New option hdfs-append-enabled(): A new option has been added, which enables syslog-ng PE to append new data to the end of an already existing HDFS file. This means that, when setting this parameter to true, there is no need anymore to open a new file once a file has been closed.

    For further details, see "HDFS destination options" in the Administration Guide.

  • Support for macros in file names and file paths: hdfs-file() now supports the usage of macros, meaning that syslog-ng PE can create files on HDFS dynamically, using macros in the file (or directory) name.

    For further details, see "HDFS destination options" in the Administration Guide.

New TLS options

The following new TLS options have been added:

  • dhparam-file(): Allows you to specify a file that contains the Diffie-Hellman parameters for key exchanges, generated by the openssl dhparam utility.

  • ecdh-curve-list(): Allows you to specify the curves permitted when using Elliptic Curve Cryptography (ECC).

Oracle Linux 6 platform now supported in syslog-ng PE

The Oracle Linux 6 platform is now supported in syslog-ng PE.

For a complete list of supported platforms, see "Supported platforms" in the Administration Guide.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating