Chat now with support
Chat with Support

syslog-ng Premium Edition 7.0.9 - Release Notes

Release Notes

syslog-ng Premium Edition 7.0.9

Release Notes

July 2018

These release notes provide information about the syslog-ng Premium Edition release.

About this release

Welcome to syslog-ng Premium Edition (syslog-ng PE) version 7 and thank you for choosing our product. This document describes the new features and most important changes since the latest release of syslog-ng PE. The main aim of this paper is to aid system administrators in planning the migration to the new version of syslog-ng PE. The following sections describe the news and highlights of syslog-ng PE 7.

Starting with version 7, syslog-ng Premium Edition is released as a rolling release. For details, see the Version policy.

Supported platforms

The syslog-ng Premium Edition application is officially supported on the following platforms. Note that the following table is for general reference only, and is not always accurate about the supported platforms and options available for specific platforms. The latest version of this table is available at Unless explicitly noted otherwise, the subsequent releases of the platform (for example, Windows Server 2008 R2 and its service packs in case of Windows Server 2008) are also supported.

Table 1: Platforms supported by syslog-ng Premium Edition

x86 x86_64 SPARC SPARC64 PowerPC IA64
AIX 7.1 - - - - -
CentOS 5 - - - -
CentOS 6 - - - -
CentOS 7 - - - - -
Debian 7 (wheezy) - - - - -
Debian 8 (jessie) - - - - -
FreeBSD 10 - - - - -
HP-UX 11i v3 - - - - -
Oracle Linux 6 - - - - -
Oracle Linux 7 - - - - -
openSUSE 11 - - - -
Red Hat EL 6 - - - - -
Red Hat EL 7 - - - - -
SLES 12 - - - - -
Solaris 10 - - -
Solaris 11 - - - -
Ubuntu 12.04 LTS (Precise Pangolin) - - - - -
Ubuntu 14.04 LTS (Trusty Tahr) - - - - -
Ubuntu 16.04 LTS (Xenial Xerus) - - - - -
Windows Server 2008 - - - -
Windows Server 2012 - - - - -
Windows Vista - - - -
Windows 7 - - - -
Windows 8 - - - -
Windows 10 - - - -


Certain sources and destinations are not supported on every platform (particularly, the sql() destination, and the hdfs() destination). For details, see the description of the specific source and destination.


If you are planning to use Python in syslog-ng PE (for example Python parser or Python template function) on RHEL 6 platform, then you have to manually install Python 2.7. If the Python version on the machine is not 2.7, you will receive a similar error message during startup:

[2017-07-27T13:42:03.606679] Reading shared object for a candidate module; path='/opt/syslog-ng/lib/syslog-ng', fname='', module='mod-python' [2017-07-27T13:42:03.606994] Error opening plugin module; module='mod-python', error=' cannot open shared object file: No such file or directory'

For details about the syslog-ng Agent for Windows application, see the syslog-ng Agent for Windows documentation. For an agent-less solution, see the list of supported platforms.

For using syslog-ng PE on other platforms (for example, AIX, FreeBSD, HP-UX, Solaris, Microsoft Windows), see the list of supported platforms.

New features in syslog-ng Premium Edition 7.0.9

Receive logs using the Advanced Log Transport Protocol (ALTP)

With the new Advanced Log Transport Protocol (ALTP) you can receive log messages in a reliable way over the TCP transport layer. ALTP is a proprietary transport protocol that prevents message loss during connection breaks. The transport is used between syslog-ng PE hosts (for example, a client and a server, or a client-relay-server), and interoperates with the flow-control and reliable disk-buffer mechanisms of syslog-ng PE, thus providing the best way to prevent message loss.

ALTP is the successor of the Reliable Log Transport Protocol (RLTP) introduced in version 6 LTS. Starting with version 7.0.9, the syslog-ng PE application can receive messages sent using RLTP from hosts that are running version 6 of syslog-ng PE or the syslog-ng Agent for Windows application. For details, see Administration Guide.

Easily receive and parse messages from remote hosts

The default-network-drivers() source is a special source that uses multiple source drivers to receive and parse several different types of syslog messages from the network. For details, see "default-network-drivers() source options" in the Administration Guide.

Transfer log messages and their key-value pairs between syslog-ng nodes

The Enterprise-wide message model or EWMM allows you to deliver structured messages from the initial receiving syslog-ng component right up to the central log server, through any number of hops. It does not matter if you parse the messages on the client, on a relay, or on the central server, their structured results will be available where you store the messages. Optionally, you can also forward the original raw message as the first syslog-ng component in your infrastructure has received it, which is important if you want to forward a message for example to a SIEM system. To make use of the enterprise-wide message model, you have to use the syslog-ng() destination on the sender side, and the default-network-drivers() source on the receiver side.

Clearer configuration using if, else, elif conditions

You can use if {}, elif {}, and else {} blocks to configure conditional expressions. For details, see Administration Guide.

Message parsing

syslog-ng PE version 7.0.9 includes parsers for the sudo and iptables applications.

Compliance and integration

You can now store and forward the incoming messages exactly as received using the store-raw-message source flag and the RAWMSG macro. These are especially useful if you are forwarding the messages to a SIEM, or if you have to preserve the original message for legal reasons. For details, see Administration Guide.

Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating