This section lists the changes of The syslog-ng Premium Edition Administrator Guide.
Advanced Log Transfer Protocol has been added to the document.
default-network-drivers: Receive and parse common syslog messages has been added to the document.
if-else-elif: Conditional expressions has been added to the document.
Enterprise-wide message model (EWMM), format-ewmm, Parsing enterprise-wide message model (EWMM) messages, and syslog-ng() destination options have been added to the document.
The iptables parser and The sudo parser have been added to the document.
The RAWMSG macro has been added to Macros of syslog-ng PE.
The store-raw-message flag has been added to flags().
The ignore-tns-ora() option has been added to the document. For details, see Using the sql() driver with an Oracle database.
A new log path flag, drop-unmatched, has been added. The new flag causes messages to be dropped along a log path when they do not match a filter or are discarded by a parser. For details, see Administration Guide.
Support for Elasticsearch's Shield has been removed.
Support for POSIX regular expressions has been removed.
All "posix" regular expressions are automatically switched to "pcre". In case you have POSIX regular expressions configured, ensure that they work with PCRE, and also specify type("pcre") explicitly.
The logstore() destination that was available only in syslog-ng PE version 6 is now available in version 7.0.7, allowing you to store messages in encrypted files. For more details, see Administration Guide.
You can use password-protected private keys in the network() and syslog() source and destination drivers. For details, see Administration Guide.
A new section describing common error messages has been added to the document. For more information, see "Error messages" in the Administration Guide.
Several corrections and editorial changes.
A new source called windowsevent() has been added. The windowsevent() source receives Windows event logs from the Windows Event Collector tool, which collects event logs from Windows hosts. For more information, see Administration Guide.
Added a section about how to unset message fields and groups of fields. For more information, see "Unsetting message fields" in the Administration Guide.
A new section describing common error messages has been added to the document. For more information, see "Error messages" in the Administration Guide.
Several corrections and editorial changes.
syslog-ng PE now supports Oracle Linux 6 (x84_64). For details, see Administration Guide.
A new systemd-journal() source option, called read-old-records(), has been added. For more information, see Administration Guide.
An option called jvm-options() has been added, which allows you to fine-tune Java Virtual Machine settings when configuring Elasticsearch, HDFS, and Apache Kafka destinations. For details, see:
A new HDFS destination option, called hdfs-append-enabled() has been added. For further information, see Administration Guide.
Macros are now supported in the hdfs-file() option. For details, see Administration Guide.
The following new TLS options have been added:
A new parser, capable of processing input in XML format, has been added. For more information, see "Options of XML parsers" in the Administration Guide.
A new parser, capable of parsing the log messages of various Cisco devices, has been added. For details, see Administration Guide.
Added a section on upgrading from syslog-ng OSE to syslog-ng-PE. For more information, see "Upgrade from syslog-ng OSE to syslog-ng PE" in the Administration Guide.
Added warning about the requirement to delete the persist file once the dir() option of disk-buffer() has been modified or a new one has been added. For more information, see Administration Guide.
Clarified information about the Python parser's deinit() method. It runs not only at a syslog-ng graceful stop, but at a reload too. For details, see Administration Guide.
Reworked Optimizing multithreaded performance to make information more accessible.
Several corrections and editorial changes.
Administration Guide has been added to the document.
Administration Guide has been added to the document.
RHEL6 has been added to the supported platforms in Administration Guide.
The geoip() parser has been removed from the document.
Several corrections and editorial changes.
Administration Guide has been added to the document.
Administration Guide has been added to the document.
New counters and metrics have been added to "Metrics and counters of syslog-ng PE" in the Administration Guide.
The default value of the log-msg-size() option has been increased to 64k. That way syslog-ng PE will not truncate long log messages, which are getting increasingly common.
The hdfs() destination now supports Kerberos authentication. For details, see Administration Guide.
The new basename() and dirname() template functions allow you to easily separate the path and filenames. For details, see Administration Guide.
Administration Guide has been added to the document.
An example failure script has been added to Administration Guide.
Several corrections and editorial changes.
Administration Guide has been added to the document.
Administration Guide has been added to the document.
The new monitoring() and monitoring-welf() sources have been added to Administration Guide.
The syslog-ng-query application is available in syslog-ng PE 7.0.2, as part of the syslog-ng-ctl utility. For details, see Administration Guide.
Several corrections and editorial changes.
Several features that are available in syslog-ng Premium Edition 6 LTS are not yet available in syslog-ng PE 7. For a list of features that are available in syslog-ng PE 6 LTS but not in 7 see Release Notes.
Supported platforms has been updated.
Enriching log messages with external data has been added to the document.
Correlating log messages has been added to the document.
What's new in the syslog-ng pattern database format V5, Element: create-context, has been added to Processing message content with a pattern database.
dbd-option() has been added to sql: Storing messages in an SQL database.
Defining configuration objects inline has been added to The syslog-ng PE configuration file.
Using channels in configuration objects has been added to The syslog-ng PE configuration file.
Anonymizing credit card numbers has been added to Manipulating messages.
Parsing syslog messages has been added to Parsers and segmenting structured messages.
Parsing dates and timestamps has been added to Parsers and segmenting structured messages.
A template function that formats name-value pairs as ArcSight Common Event Format extension has been added to format-cef-extension.
Numerical template functions that work on numerical values of a correlation context have been added to Numerical operations.
The inherit-environment() option has been added to program: Receiving messages from external applications and program: Sending messages to external applications.
The multi-line-mode() option has been added to file() source options.
New parsers have been added to Using pattern parsers.
You can use human-readable units when setting configuration options, for example, log-fifo-size(2Mb). For details, see Notes about the configuration syntax.
Extended the list of internal() source options with options host-override(), log-iw-size(), normalize-hostnames(), program-override(), and use-fqdn(). For details, see host-override(), log-iw-size(), normalize-hostnames(), program-override(), and use-fqdn().
Several corrections and editorial changes.
Any feedback is greatly appreciated, especially on what else this document should cover. General comments, errors found in the text, and any suggestions about how to improve the documentation is also welcome at documentation@balabit.com.
One Identity would like to express its gratitude to the syslog-ng users and the syslog-ng community for their invaluable help and support.
This chapter introduces the syslog-ng Premium Edition application in a non-technical manner, discussing how and why is it useful, and the benefits it offers to an existing IT infrastructure.
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy