Chat now with support
Chat with Support

syslog-ng Premium Edition 7.0.20 - Release Notes

Resolved issues

The following is a list of issues addressed in this release.

Table 2: General resolved issues in syslog-ng PE 7.0.20
Resolved Issue Issue ID

Fixed checking if an idle file can be closed (time-reap() option)

Instead of closing a file if no new messages were written to a file within time-reap() seconds after the last activity, syslog-ng PE checked periodically if a file can be closed.

SYSLOGDEV-4357

OpenSSL upgraded to version 1.1.1g

SYSLOGDEV-5290

Fixed a possible memory leak in logstore when a message cannot be stored and serialized correctly.

SYSLOGDEV-5364

Table 3: General resolved issues in syslog-ng PE 7.0.19
Resolved Issue Issue ID

OpenSSL upgraded to version 1.1.1d

SYSLOGDEV-5113

File source cannot process new message when the log-msg-size() option is increased after reading a longer message.

SYSLOGDEV-5044

The log_id() option is mandatory for the stackdriver() destination

SYSLOGDEV-4726

Added the multi-line-timeout() option for file source.

SYSLOGDEV-3830

Table 4: General resolved issues in syslog-ng PE 7.0.18
Resolved Issue Issue ID

Configuration objects preceded by an inline destination are ignored

SYSLOGDEV-4975

The loggen tool does not run when installed from dot run installer into a custom directory

SYSLOGDEV-5001

Monitoring source does not set the log level correctly

SYSLOGDEV-5026

Memory leak during reading logstores

SYSLOGDEV-5036

http() destination ignores the frac-digits() global setting

SYSLOGDEV-5057

Table 5: General resolved issues in syslog-ng PE 7.0.17
Resolved Issue Issue ID

WEC: handle invalid UTF-16 characters gracefully

SYSLOGDEV-4182

Fix TID reinitialization mechanism in ALTP during restart

SYSLOGDEV-4333

splunk-hec(): Fix an error in handling indexed fields

SYSLOGDEV-4689

Fix persist structure during upgrade from PE version 6

SYSLOGDEV-4787

RPM upgrade overwrites WEC configuration

SYSLOGDEV-4812

Reliable disk queue corruption fixes

SYSLOGDEV-4826

ALTP ack_timeout fix

SYSLOGDEV-4835

WEC: forwarded logs have incorrect hostname

SYSLOGDEV-4847

OpenSSL upgraded to 1.0.2t

SYSLOGDEV-4981

OpenSSL upgraded to 1.1.0l on Ubuntu Bionic

SYSLOGDEV-4982

Table 6: General resolved issues in syslog-ng PE 7.0.16
Resolved Issue Issue ID

Crash in patterndb during context timeout

SYSLOGDEV-4945

Memory leak in dbparser

SYSLOGDEV-4925

OpenSSL upgraded to 1.1.0k on Bionic platform

SYSLOGDEV-4831

OpenSSL upgraded to 1.0.2s

SYSLOGDEV-4829

syslog-ng hangs under high load

SYSLOGDEV-4745

Incorrect numerical operators in filter statements

SYSLOGDEV-4785

Bad quotation in splunk-hec() destination prevents load-balancing working correctly

SYSLOGDEV-4794

http destination should give a warning if workers() is less than urls()

SYSLOGDEV-4929

geoip2 does not include IP address in the error messages

SYSLOGDEV-4928

Infinite loop during reload

SYSLOGDEV-4927

Improve error handling in --preprocess-into

SYSLOGDEV-4926

Reset timezone on configuration reload

SYSLOGDEV-4924

Flushing destination on reload is slow

SYSLOGDEV-4923

Wildcard filesource crashes

SYSLOGDEV-4922

Table 7: General resolved issues in syslog-ng PE 7.0.14
Resolved Issue Issue ID

Crash in network source with ALTP due to idle timer

SYSLOGDEV-4711

OpenSSL 1.0.2r upgrade

SYSLOGDEV-4742

http-destination stuck when reverting to old configuration

SYSLOGDEV-4747

syslog-ng segmentation fault on statistics query

SYSLOGDEV-4759

WEC: Adds list support to Windowsevent-parser

SYSLOGDEV-4789

Table 8: General resolved issues in syslog-ng PE 7.0.13
Resolved Issue Issue ID

Fix loggen parameters

SYSLOGDEV-4684

Fix seeking in logstore using lgstool cat command

SYSLOGDEV-4680

Empty disk queue truncate fix

SYSLOGDEV-4628

Memory leak during reload when using the app-parser

SYSLOGDEV-4564

Race condition during reload when using license-counter-reset

SYSLOGDEV-4540

Table 9: General resolved issues in syslog-ng PE 7.0.12
Resolved Issue Issue ID

non-reliable diskq: fixes false positive corruption detection

SYSLOGDEV-4674

Dqtool reported disk queue corrupted false positively

SYSLOGDEV-4407

Append $(basename) to filename template correctly

SYSLOGDEV-4673

SSL: Multiple ca-dir() related issues fixed

SYSLOGDEV-4669

Fix frequent disconnects of syslog() driver when using TLS

SYSLOGDEV-4667

OpenSSL upgraded to 1.0.2q

SYSLOGDEV-4650

File destination fd leak after reload when time-reap elapsed

SYSLOGDEV-4609

hdfs: fd leak during reload

SYSLOGDEV-4581

tls: Handle allow-compress correctly

SYSLOGDEV-4580

Socket leak when using udp destination with spoof-source enabled

SYSLOGDEV-4552

Differences in features between syslog-ng PE 6 LTS and 7

In general, syslog-ng Premium Edition version 7 has much more features than version 6 LTS, therefore One Identity recommends using version 7 for all deployments, except when a feature that you require is only available in version 6 LTS. In case you need help with migrating from version 6 LTS to 7, contact our Support Team for help. Also note that as an alternative to the syslog-ng Agent for Windows application, syslog-ng PE version 7 supports an agent-less solution to fetch log messages from Windows hosts.

Features available only in syslog-ng PE 6 LTS

The following features that are available in syslog-ng Premium Edition 6 LTS are not available in syslog-ng PE 7.

  • The SNMP destination (snmp()).

  • The SQL source (sql()).

  • The allow-compress(), ca-dir-layout(), and cert-subject() options related to TLS transport.

  • The syslog-ng PE 7 application is currently supported only on Linux platforms. For a detailed list, see "Supported platforms" in the Administration Guide.

  • The spoof-interface() options of the network() and syslog() destinations.

  • The read-old-records() and use-syslogng-pid() options of the file() source.

  • The replace(), cut(), and format-snare() template-functions.

  • The ${OSUPTIME} macro is not available.

  • When syslog-ng PE 6 started, its startup message included the hash of its configuration file. This has been removed from the startup messages.

  • Reading and writing log files located on network shares is not supported.

  • FIPS-compliant packages are not available.

Features that have been changed or replaced in syslog-ng PE 7

The following options and features have changed, and require you to modify your configuration file.

  • Configuring the size of disk-buffers has changed. Instead of log-disk-fifo-size(<size>), use the disk-buffer(disk-buf-size(<size>) reliable(no)) option. For details, see "Using the disk-buffer option and memory buffering" in the Administration Guide.

  • To store disk-buffer files in a specific folder, use the disk-buffer(dir("/your/diskbuffer/directory")) option. You cannot set this directory from the command-line, --qdisk-dir command-line option is not available.

  • The RLTP transport protocol has been renamed to ALTP, so you have to use transport(altp) instead of altp. Also, the message-acknowledgement-timeout() option has been deprecated and has no effect. For details, see "Reliability and minimizing the loss of log messages" in the Administration Guide.

  • Wildcard support has been removed from the file source driver and moved to the separate wildcard-file() source. Also, the force-directory-polling() option has been replaced with the monitor-method("poll") option. For details, see "wildcard-file: Collecting messages from multiple text files" in the Administration Guide.

  • The mark-mode("host-idle") option does not work. Remove it from your configuration.

  • Certain labels in the output of the syslog-ng-ctl stats command have been changed, for example, the "stored" counter has been renamed to "queued".

  • If you use the multi-line-prefix() or multi-line-garbage() options in your configuration, add also the multi-line-mode("regexp") option. Note that now the multi-line-prefix() and multi-line-garbage() options do not have a timeout.

  • When comparing values in filter expressions (for example, in a filter, conditional rewrite, lgstool), note that the '==' operator now works only on numerical values. To test if two strings are identical, use the eq operator. For example:

    filter f_host {"${HOST}" eq "localhost1234"};
  • Timequality fields in RFC5424-formatted log messages are not available (the timeQuality isSynced="0/1" tzKnown="0/1" SDATA fields are not available.

  • The file-related SDATA fields that were available for log messages that syslog-ng PE read from a file source (file@18372.4 position="34" size="34" name="/path/and/filename") are not available.

Platforms not supported in syslog-ng PE 7

The following platforms are supported only in syslog-ng Premium Edition 6 LTS.

  • AIX

  • FreeBSD

  • HP-UX

  • Oracle Linux 5, 6

  • openSUSE

  • Solaris

  • Windows

For a complete list of supported platforms, see "Supported platforms" in the Administration Guide.

Product licensing

To enable a trial license

  1. Apply for a trial license at the syslog-ng website.
  2. Download the license and the installation package for your platform, then follow the installation instructions in the Administration Guide.

To enable a purchased commercial license

  1. Download the license and the installation package for your platform, then follow the installation instructions in the Administration Guide.

Upgrade and installation instructions

To install or upgrade syslog-ng Premium Edition, follow the instructions in "Installing syslog-ng" in the Administration Guide.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating