立即与支持人员聊天
与支持团队交流

syslog-ng Premium Edition 7.0.19 - Release Notes

Highlights of 7.0

Enriching data

You can use an external database file to append custom name-value pairs to incoming logs, thus extending, enriching, and complementing the data found in the log message. For example, you can create a database (or export it from an existing tool) that contains a list of hostnames or IP addresses, and the department of your organization that the host belongs to, the role of the host (mailserver, webserver, and so on), or similar contextual information. For details, see "Enriching log messages with external data" in the Administration Guide.

You can correlate and aggregate information from log messages using a few simple filters that are similar to SQL GROUPBY statements. You do not even have to configure a pattern database. Also, when correlating messages containing numerical information, you can use numerical template functions that work on numerical values of a correlation context. For details, see "Correlating log messages" in the Administration Guide and "Template functions of syslog-ng PE" in the Administration Guide.

Improved configuration flexibility

You can define configuration objects inline, where they are actually used, without having to define them in a separate object. This is useful if you need an object only once, for example, a filter or a rewrite rule, because it makes the configuration much easier to read. Every object can be defined inline: sources, destinations, filters, parsers, rewrite rules, and so on. For details, see "Defining configuration objects inline" in the Administration Guide.

From now on, every configuration object is a log expression. Every configuration object is essentially a configuration block, and can include multiple objects. To reference the block, only the top-level object must be referenced. That way you can use embedded log statements, junctions and in-line object definitions within source, destination, filter, rewrite and parser definitions. For example, a source can include a rewrite rule to modify the messages received by the source, and that combination can be used as a simple source in a log statement. For details, see "Using channels in configuration objects" in the Administration Guide.

To make the configuration more readable, and to help avoid misconfiguration, you can use human-readable units when setting configuration options, for example, log-fifo-size(2Mb). For details, see "Notes about the configuration syntax" in the Administration Guide.

Other changes

Removed features

The following is a list of features that have been removed from syslog-ng PE version 7.0.19.

  • Version 7.0.19 of syslog-ng PE does not support Solaris OS. The sun-streams() source is currently not available.

Deprecated features

The following is a list of features that are no longer supported starting with version 7.0.19.

  • The following deprecated options have been removed from the mongodb() destination:

    • database()
    • password()
    • path()
    • safe-mode()
    • servers()
    • username()

Resolved issues

The following is a list of issues addressed in this release.

Table 2: General resolved issues in syslog-ng PE 7.0.19
Resolved Issue Issue ID

OpenSSL upgraded to version 1.1.1d

SYSLOGDEV-5113

File source cannot process new message when the log-msg-size() option is increased after reading a longer message.

SYSLOGDEV-5044

The log_id() option is mandatory for the stackdriver() destination

SYSLOGDEV-4726

Added the multi-line-timeout() option for file source.

SYSLOGDEV-3830

Table 3: General resolved issues in syslog-ng PE 7.0.18
Resolved Issue Issue ID

Configuration objects preceded by an inline destination are ignored

SYSLOGDEV-4975

The loggen tool does not run when installed from dot run installer into a custom directory

SYSLOGDEV-5001

Monitoring source does not set the log level correctly

SYSLOGDEV-5026

Memory leak during reading logstores

SYSLOGDEV-5036

http() destination ignores the frac-digits() global setting

SYSLOGDEV-5057

Table 4: General resolved issues in syslog-ng PE 7.0.17
Resolved Issue Issue ID

WEC: handle invalid UTF-16 characters gracefully

SYSLOGDEV-4182

Fix TID reinitialization mechanism in ALTP during restart

SYSLOGDEV-4333

splunk-hec(): Fix an error in handling indexed fields

SYSLOGDEV-4689

Fix persist structure during upgrade from PE version 6

SYSLOGDEV-4787

RPM upgrade overwrites WEC configuration

SYSLOGDEV-4812

Reliable disk queue corruption fixes

SYSLOGDEV-4826

ALTP ack_timeout fix

SYSLOGDEV-4835

WEC: forwarded logs have incorrect hostname

SYSLOGDEV-4847

OpenSSL upgraded to 1.0.2t

SYSLOGDEV-4981

OpenSSL upgraded to 1.1.0l on Ubuntu Bionic

SYSLOGDEV-4982

Table 5: General resolved issues in syslog-ng PE 7.0.16
Resolved Issue Issue ID

Crash in patterndb during context timeout

SYSLOGDEV-4945

Memory leak in dbparser

SYSLOGDEV-4925

OpenSSL upgraded to 1.1.0k on Bionic platform

SYSLOGDEV-4831

OpenSSL upgraded to 1.0.2s

SYSLOGDEV-4829

syslog-ng hangs under high load

SYSLOGDEV-4745

Incorrect numerical operators in filter statements

SYSLOGDEV-4785

Bad quotation in splunk-hec() destination prevents load-balancing working correctly

SYSLOGDEV-4794

http destination should give a warning if workers() is less than urls()

SYSLOGDEV-4929

geoip2 does not include IP address in the error messages

SYSLOGDEV-4928

Infinite loop during reload

SYSLOGDEV-4927

Improve error handling in --preprocess-into

SYSLOGDEV-4926

Reset timezone on configuration reload

SYSLOGDEV-4924

Flushing destination on reload is slow

SYSLOGDEV-4923

Wildcard filesource crashes

SYSLOGDEV-4922

Table 6: General resolved issues in syslog-ng PE 7.0.14
Resolved Issue Issue ID

Crash in network source with ALTP due to idle timer

SYSLOGDEV-4711

OpenSSL 1.0.2r upgrade

SYSLOGDEV-4742

http-destination stuck when reverting to old configuration

SYSLOGDEV-4747

syslog-ng segmentation fault on statistics query

SYSLOGDEV-4759

WEC: Adds list support to Windowsevent-parser

SYSLOGDEV-4789

Table 7: General resolved issues in syslog-ng PE 7.0.13
Resolved Issue Issue ID

Fix loggen parameters

SYSLOGDEV-4684

Fix seeking in logstore using lgstool cat command

SYSLOGDEV-4680

Empty disk queue truncate fix

SYSLOGDEV-4628

Memory leak during reload when using the app-parser

SYSLOGDEV-4564

Race condition during reload when using license-counter-reset

SYSLOGDEV-4540

Table 8: General resolved issues in syslog-ng PE 7.0.12
Resolved Issue Issue ID

non-reliable diskq: fixes false positive corruption detection

SYSLOGDEV-4674

Dqtool reported disk queue corrupted false positively

SYSLOGDEV-4407

Append $(basename) to filename template correctly

SYSLOGDEV-4673

SSL: Multiple ca-dir() related issues fixed

SYSLOGDEV-4669

Fix frequent disconnects of syslog() driver when using TLS

SYSLOGDEV-4667

OpenSSL upgraded to 1.0.2q

SYSLOGDEV-4650

File destination fd leak after reload when time-reap elapsed

SYSLOGDEV-4609

hdfs: fd leak during reload

SYSLOGDEV-4581

tls: Handle allow-compress correctly

SYSLOGDEV-4580

Socket leak when using udp destination with spoof-source enabled

SYSLOGDEV-4552

相关文档