Version 4 of syslog-ng was released last December. Quite a few people use it already in production. How can you install it for a test drive? It might be already available in your Linux distribution. There are also several unofficial repositories with the latest syslog-ng.
From this blog, you can learn how to check your syslog-ng version, where to check if it is not yet installed, and a few additional resources, if you want to install the latest version from unofficial repositories.
Before you begin
If you have not yet done so, check the syslog-ng 4.0 release notes. Even if you have not used some of the advanced syslog-ng features earlier, like message parsing, you will want to give them a try: https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.0.1. If you are a Python developer, you should also check the developer documentation for Python support as there are many new possibilities in syslog-ng version 4: https://github.com/syslog-ng/syslog-ng/tree/master/modules/python-modules.
Checking the installed version
If you have syslog-ng installed on your system, you can check the version number without running any package management applications. You can query the syslog-ng version number using the -V option. It even works as a regular user, but in this case, you most likely have to use a full path, as the sbin directory is usually not included in the PATH for regular users.
czanik@czplaptop:~> /usr/sbin/syslog-ng -V syslog-ng 4 (4.1.1.393.gd292ca0) Config version: 4.0 Installer-Version: 4.1.1.393.gd292ca0 Revision: Module-Directory: /usr/lib64/syslog-ng Module-Path: /usr/lib64/syslog-ng Include-Path: /usr/share/syslog-ng/include Available-Modules: add-contextual-data,affile,afprog,afsocket,afstomp,afuser,appmodel,azure-auth-header,basicfuncs,cef,confgen,cryptofuncs,csvparser,disk-buffer,examples,graphite,hook-commands,json-plugin,kvformat,linux-kmsg-format,map-value-pairs,pacctformat,pseudofile,rate-limit-filter,regexp-parser,sdjournal,secure-logging,stardate,syslogformat,system-source,tags-parser,tfgetent,timestamp,xml,http,correlation,metrics-probe,ebpf,mod-java Enable-Debug: off Enable-GProf: off Enable-Memtrace: off Enable-IPv6: on Enable-Spoof-Source: on Enable-TCP-Wrapper: on Enable-Linux-Caps: on Enable-Systemd: on
As you can see, I use a git snapshot build. This command prints a lot of additional information, but all you need is the very first line from the command output.
Which version is available for your OS?
If you do not have syslog-ng installed on your OS yet, you can still check which version is available for your OS. Yet again, you do not even have to start the package manager application on your OS, just open a web page:
https://repology.org/project/syslog-ng/versions
I have never heard the name for many of the operating systems listed on the page. However, from those that I know there is a clear tendency. Rolling Linux distributions, like Fedora Rawhide or openSUSE Tumbleweed and FreeBSD (even if not a Linux) were the first to receive the new version. Fedora 38, released just a few weeks ago, was the first major Linux distribution to include syslog-ng 4. The upcoming openSUSE Leap 15.5 will be the next to include it. Enterprise Linux distributions are lagging far behind, as they prefer version stability instead of the latest features.
Unofficial repositories
Do you use one of the older RPM or DEB distributions and still would like to use the latest syslog-ng version? I have some good news for you. There are unofficial repositories, maintained by members of the syslog-ng team, which contain up-to-date syslog-ng packages for some of the major Linux distributions.
You can learn more about the unofficial, but up-to-date Debian and Ubuntu packages at https://www.syslog-ng.com/community/b/blog/posts/installing-the-latest-syslog-ng-on-ubuntu-and-other-deb-distributions.
You can learn more about the unofficial, but up-to-date openSUSE / SLES and Fedora / RHEL (and compatible) packages at https://www.syslog-ng.com/community/b/blog/posts/overview-of-syslog-ng-rpm-repositories.
Note that it also mentions my git snapshot repositories. You do not want to run that in production, unless it fixes a bug you reported earlier…
Container images
Even if you do not use one of the distributions which has syslog-ng 4 out of the box, and cannot use an unofficial syslog-ng repository, there is some hope. If your Linux distribution of choice supports containerization, you can use the syslog-ng container image:
https://hub.docker.com/r/balabit/syslog-ng/
Right now, only x86_64 images are available. If you want an Aarch64 (64 bit ARM) container, Axoflow now provides one. You can read more about their syslog-ng containers at: https://axoflow.com/cloud-ready-syslog-ng-images/
What is next?
Version 4 of syslog-ng comes with some major changes. Implementing syslog-ng 4 in your environment might need some planning and testing. Read https://www.syslog-ng.com/community/b/blog/posts/upgrade-problems-from-syslog-ng-3-to-4 to learn about the major changes, and how they might affect you.
-
If you have questions or comments related to syslog-ng, do not hesitate to contact us. You can reach us by email or even chat with us. For a list of possibilities, check our GitHub page under the “Community” section at https://github.com/syslog-ng/syslog-ng. On Twitter, I am available as @PCzanik, on Mastodon as @Pczanik@fosstodon.org.