Release Notes
04 March 2022, 16:08
These release notes provide information about the syslog-ng Open Source Edition release. For the most recent documents and product information, see syslog-ng Open Source Edition - Technical Documentation.
The syslog-ng Open Source Edition (syslog-ng OSE) application is a flexible and highly scalable system logging application that is ideal for creating centralized and trusted logging solutions.
The syslog-ng Open Source Edition (syslog-ng OSE) application is highly portable and is known to run on a wide range of hardware architectures (x86, x86_64, SUN Sparc, PowerPC 32 and 64, Alpha) and operating systems, including Linux, BSD, Solaris, IBM AIX, HP-UX, Mac OS X, Cygwin, and others.
The source code of syslog-ng Open Source Edition is released under the GPLv2 license and is available on GitHub.
See the Downloads page for binary packages.
This section lists the most recent changes of syslog-ng Open Source Edition (syslog-ng OSE).
New source: mqtt()
You can use the mqtt() source to fetch messages from MQTT brokers.
New destination: discord()
The discord() destination driver sends messages to Discord using Discord Webhook.
New parser: fortigate-parser()
The Fortigate parser can parse the log messages of FortiGate/FortiOS (Fortigate Next-Generation Firewall (NGFW)). These messages do not completely comply with the syslog RFCs, making them difficult to parse. The fortigate-parser() of syslog-ng OSE solves this problem, and can separate these log messages to name-value pairs. For details on using value-pairs in syslog-ng OSE see Structuring macros, metadata, and other value-pairs. The parser can parse messages in the following format:
New parser: regexp-parser()
The syslog-ng OSE application can parse fields from a message with the help of regular expressions. This can be also achieved with the match() filter, by setting the store-matches flag, but the regexp-parser() offers more flexibility, like multiple patterns and setting the prefix of the created name-value pairs.
New filter: rate-limit()
Limits messages rate based on arbitrary keys in each message.
New options for the kafka() destination C implementation
Options batch-lines() and batch-timeout() have been added.
New options for the kafka() destination C implementation
Options batch-lines() and batch-timeout() have been added.
New option value: transport("text-with-nuls")
text-with-nuls: Allows embedded NUL characters in the message from a TCP source, that is, syslog-ng OSE will not delimiter the incoming messages on NUL characters, only on newline characters (contrary to tcp transport, which splits the incoming log on newline characters and NUL characters).
New option for file() destination: symlink-as()
The configured file name will be used as a symbolic link to the last created file by file destination.
New options for redis() destination driver
Added workers() and Match mode support to the Redis destination driver.
New --remove-orphans option in syslog-ng-ctl stats
New option --remove-orphans has been added to the stats command.
New options for the mongodb() destination
Options collection() and workers() have been added.
disk-buffer() has been updated
New option: truncate-size-ratio(), and other changes.
time-reopen() option on multiple drivers
The time-reopen() option was only configurable on the global options{} level. Now every driver, which utilizes it can configure it on the driver level.
New flag(): no-rfc3164-fallback
This flag allows to attempt parsing RFC5424 first without an automatic fallback to RFC3164.
New TLS option: keylog-file()
This option enables saving TLS secrets (decryption keys) for a given source or destination, which can be used to decrypt data with, for example, Wireshark. The given path and name of a file will be used to save these secrets.
Other enhancements
Monitoring - Metrics: message size and EPS.
Update the no-parse flag.
Added a note to the disk-buffer() dir() path.
Added macOS and NetBSD to the system() source.
© 2025 One Identity LLC. ALL RIGHTS RESERVED. 使用条款 隐私 Cookie Preference Center
