Fixed bugs in syslog-ng Premium Edition 7.0.5 (4321353)

Fixed bugs in syslog-ng Premium Edition 7.0.5

This article lists the bugs fixed in syslog-ng Premium Edition 7.0.5.

Released: Tue, 26 Sep 2017


  Fixes:

    #SYSLOGDEV-3702  JSON parser generated invalid SDATA
    #SYSLOGDEV-3770  Cannot parse IPV6 address into hostname macro
    #SYSLOGDEV-3771  Fix the monitor-method() option of the wildcard filesource
    #SYSLOGDEV-3772  Memory leak when referencing filters or rewrite rules multiple times
    #SYSLOGDEV-3773  Multiple memory leaks in file destination


  New features:

    Oracle Linux 6 support
    The Oracle Linux 6 platform is now supported in syslog-ng PE. For details, see Section 1.6, Supported platforms in The syslog-ng Premium Edition 7 Administrator Guide
    
    
    XML parser
    A new parser, the XML parser has been added, which processes input in XML format, and then adds the parsed data to the message object. Use this parser to interoperate with applications that produce XML-encoded log messages.
    For details, see Section 12.5, The XML parser in The syslog-ng Premium Edition 7 Administrator Guide.
    
    
    Cisco parser
    A new parser, the Cisco parser has been added, which is capable of parsing the log messages of various Cisco devices. The messages of these devices often do not completely comply with the syslog RFCs, making them difficult to parse. The cisco-parser() of syslog-ng PE solves this problem, and can separate these log messages to name-value pairs, extracting also the Cisco-specific values.
    For more information, see Section 12.7, The Cisco Parser in The syslog-ng Premium Edition 7 Administrator Guide.
    
    
    New systemd-journal() source option
    A new systemd-journal() source option, read-old-records(), has been added. The new option lets you specify whether you want to read only new records from the journal or all records, starting from the beginning of the journal.
    For more information, see Section read-old-records() in The syslog-ng Premium Edition 7 Administrator Guide.
    
    
    Changes in HDFS destination options
    The following changes have been introduced with regards to Hadoop Distributed File System (HDFS) files:
    
        New option hdfs-append-enabled(): A new option has been added, which enables syslog-ng PE to append new data to the end of an already existing HDFS file. This means that, when setting this parameter to true, there is no need anymore to open a new file once a file has been closed.
        For further details, see Section hdfs-append-enabled() in The syslog-ng Premium Edition 7 Administrator Guide.
        Support for macros in file names and file paths:hdfs-file() now supports the usage of macros, meaning that syslog-ng PE can create files on HDFS dynamically, using macros in the file (or directory) name.
        For further details, see Section hdfs-file() in The syslog-ng Premium Edition 7 Administrator Guide.
    
        
    New TLS options
    The following new TLS options have been added:
    
        dhparam-file(): Allows you to specify a file that contains the Diffie-Hellman parameters for key exchanges, generated by the openssl dhparam utility.
        For further information, see Section dhparam-file() in The syslog-ng Premium Edition 7 Administrator Guide.
        ecdh-curve-list(): Allows you to specify the curves permitted when using Elliptic Curve Cryptography (ECC).
        For further information, see Section ecdh-curve-list() in The syslog-ng Premium Edition 7 Administrator Guide.
    
        
    JVM options are configurable
    For Java based destinations the virtual machine options are now configurable with the jvm_options global option.


  Other changes:

    Features available only in syslog-ng PE 6 LTS
    Several features that are available in syslog-ng Premium Edition 6 LTS are not yet implemented in syslog-ng PE 7. In case you need to use these features, use syslog-ng PE 6 LTS, or contact the One Identity Support Team for advice. The features missing from syslog-ng PE 7 will become gradually available in future releases of syslog-ng PE.
    
        Storing messages in encrypted files (logstore()).
        Reliable Log Transfer Protocol™ (RLTP™).
        The SNMP destination (snmp()).
        The SQL source (sql()).
        The persist-tool application.
        The allow-compress(), ca-dir-layout(), and cert-subject() options related to TLS transport.
        The syslog-ng PE 7 application is currently supported only on Linux platforms. For a detailed list, see Section 1.6, Supported platforms in The syslog-ng Premium Edition 7 Administrator Guide.
        The failover-servers() and spoof-interface() options of the network() and syslog() destinations.
        The read-old-records(), recursive() and use-syslogng-pid() options of the file() source.
        The replace(), cut(), and format-snare() template-functions.
        FIPS-compliant packages are not available.
    
    Manual configuration upgrade needed    
    Since there are some missing features/options it is possible you will need to change parts of your configuration file. In case you need help with upgrading please contact the One Identity Support Team for advice.
    
    Platforms supported in syslog-ng PE 7
    
        CentOS 6
        CentOS 7
        Debian 7 (wheezy)
        Debian 8 (jessie)
        openSUSE 11
        Oracle Linux 7
        Oracle Linux 6
        Red Hat EL 7
        Red Hat EL 6
        SLES 12
        Ubuntu 12.04 LTS (Precise Pangolin)
        Ubuntu 14.04 LTS (Trusty Tahr)
        Ubuntu 16.04 LTS (Xenial Xerus)
    
    Platforms not supported in syslog-ng PE 7
    
        AIX
        FreeBSD
        HP-UX
        Oracle Linux 5
        openSUSE 10
        Solaris
        Windows