Chat now with support
Chat with Support

syslog-ng Premium Edition 7.0.26 - Release Notes

Removed features

The following is a list of features that have been removed from syslog-ng Premium Edition (syslog-ng PE) version 7.0.26.

  • Unsupported platforms

    Starting from syslog-ng PE version 7.0.26, the following platforms are no longer supported:

    • Debian 8 (Jessie)

    • openSUSE 11

    • Ubuntu 14.04 LTS (Trusty Tahr)

    For more information about the supported platforms for syslog-ng PE version 7.0.26, see Supported platforms.

Resolved issues

The following is a list of issues addressed in this release.

Table 1: General resolved issues in syslog-ng PE 7.0.26
Resolved Issue Issue ID
google_pubsub() destination: Fixed JSON formatting of SDATA fields because Pub/Sub does not allow nested fields SYSLOGDEV-5939
Table 2: General resolved issues in syslog-ng PE 7.0.25
Resolved Issue Issue ID
OpenSSL upgraded to version 1.1.1k SYSLOGDEV-5872
Table 3: General resolved issues in syslog-ng PE 7.0.24
Resolved Issue Issue ID

Fixed UDP payload size issue: messages are truncated on UDP destination when messages exceed the max UDP payload size


Removed unwanted unit test files from packages


Fixed a rare crash during reload when dynamic-window-size() was configured with keep_alive(yes) and log_iw_size() also changed


Fixed date-parser() when %Z option was in use


Fixed a crash in wildcard_file() source when the same file was renamed multiple times


Fixed invalid checksum of 0 in UDP6 packet when using spoof_source(yes)


Fixed a rare "No more free space exhausted in persist file" crash caused by wrong allocation


Fixed a crash when the internal() source was configured with a http() destination in the same log path


OpenSSL upgraded to 1.1.1j


Differences in features between syslog-ng PE 6 LTS and 7

In general, syslog-ng Premium Edition version 7 has much more features than version 6 LTS, therefore One Identity recommends using version 7 for all deployments, except when a feature that you require is only available in version 6 LTS. In case you need help with migrating from version 6 LTS to 7, contact our Support Team for help. Also note that as an alternative to the syslog-ng Agent for Windows application, syslog-ng PE version 7 supports an agent-less solution to fetch log messages from Windows hosts.

Features available only in syslog-ng PE 6 LTS

The following features that are available in syslog-ng Premium Edition 6 LTS are not available in syslog-ng PE 7.

  • The allow-compress(), ca-dir-layout(), and cert-subject() options related to TLS transport.

  • The syslog-ng PE 7 application is currently supported only on Linux platforms. For a detailed list, see "Supported platforms" in the Administration Guide.

  • The spoof-interface() options of the network() and syslog() destinations.

  • The read-old-records() and use-syslogng-pid() options of the file() source.

  • The replace(), cut(), and format-snare() template-functions.

  • The ${OSUPTIME} macro is not available.

  • When syslog-ng PE 6 started, its startup message included the hash of its configuration file. This has been removed from the startup messages.

  • Reading and writing log files located on network shares is not supported.

Features that have been changed or replaced in syslog-ng PE 7

The following options and features have changed, and require you to modify your configuration file.

  • Configuring the size of disk-buffers has changed. Instead of log-disk-fifo-size(<size>), use the disk-buffer(disk-buf-size(<size>) reliable(no)) option. For details, see "Using the disk-buffer option and memory buffering" in the Administration Guide.

  • To store disk-buffer files in a specific folder, use the disk-buffer(dir("/your/diskbuffer/directory")) option. You cannot set this directory from the command-line, --qdisk-dir command-line option is not available.

  • The RLTP transport protocol has been renamed to ALTP, so you have to use transport(altp) instead of altp. Also, the message-acknowledgement-timeout() option has been deprecated and has no effect. For details, see "Reliability and minimizing the loss of log messages" in the Administration Guide.

  • Wildcard support has been removed from the file source driver and moved to the separate wildcard-file() source. Also, the force-directory-polling() option has been replaced with the monitor-method("poll") option. For details, see "wildcard-file: Collecting messages from multiple text files" in the Administration Guide.

  • The mark-mode("host-idle") option does not work. Remove it from your configuration.

  • Certain labels in the output of the syslog-ng-ctl stats command have been changed, for example, the "stored" counter has been renamed to "queued".

  • If you use the multi-line-prefix() or multi-line-garbage() options in your configuration, add also the multi-line-mode("regexp") option. Note that now the multi-line-prefix() and multi-line-garbage() options do not have a timeout.

  • When comparing values in filter expressions (for example, in a filter, conditional rewrite, lgstool), note that the '==' operator now works only on numerical values. To test if two strings are identical, use the eq operator. For example:

    filter f_host {"${HOST}" eq "localhost1234"};
  • Timequality fields in RFC5424-formatted log messages are not available (the timeQuality isSynced="0/1" tzKnown="0/1" SDATA fields are not available.

  • The file-related SDATA fields that were available for log messages that syslog-ng PE read from a file source (file@18372.4 position="34" size="34" name="/path/and/filename") are not available.

Platforms not supported in syslog-ng PE 7

The following platforms are supported only in syslog-ng Premium Edition 6 LTS.

  • AIX

  • syslog-ng Agent for Windows

For a complete list of supported platforms, see "Supported platforms" in the Administration Guide.

Product licensing

To enable a trial license

  1. Apply for a trial license at the syslog-ng website.
  2. Download the license and the installation package for your platform, then follow the installation instructions in the Administration Guide.

To enable a purchased commercial license

  1. Download the license and the installation package for your platform, then follow the installation instructions in the Administration Guide.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating