syslog-ng Open Source Edition 3.37 - Release Notes

Release Notes

syslog-ng Open Source Edition 3.36

Release Notes

08 July 2022, 13:52

These release notes provide information about the syslog-ng Open Source Edition release. For the most recent documents and product information, see syslog-ng Open Source Edition - Technical Documentation.

Topics:

Was this topic helpful?

[Select Rating]



About this release

The syslog-ng Open Source Edition (syslog-ng OSE) application is a flexible and highly scalable system logging application that is ideal for creating centralized and trusted logging solutions.


Was this topic helpful?

[Select Rating]



Supported platforms

The syslog-ng Open Source Edition (syslog-ng OSE) application is highly portable and is known to run on a wide range of hardware architectures (x86, x86_64, SUN Sparc, PowerPC 32 and 64, Alpha) and operating systems, including Linux, BSD, Solaris, IBM AIX, HP-UX, Mac OS X, Cygwin, and others.


Was this topic helpful?

[Select Rating]



New features in syslog-ng Open Source Edition version 3.36

This section lists the most recent changes of syslog-ng Open Source Edition (syslog-ng OSE).

  • New source: mqtt()

    You can use the mqtt() source to fetch messages from MQTT brokers.

  • New destination: discord()

    The discord() destination driver sends messages to Discord using Discord Webhook.

  • New parser: fortigate-parser()

    The Fortigate parser can parse the log messages of FortiGate/FortiOS (Fortigate Next-Generation Firewall (NGFW)). These messages do not completely comply with the syslog RFCs, making them difficult to parse. The fortigate-parser() of syslog-ng OSE solves this problem, and can separate these log messages to name-value pairs. For details on using value-pairs in syslog-ng OSE see Structuring macros, metadata, and other value-pairs. The parser can parse messages in the following format:

  • New parser: regexp-parser()

    The syslog-ng OSE application can parse fields from a message with the help of regular expressions. This can be also achieved with the match() filter, by setting the store-matches flag, but the regexp-parser() offers more flexibility, like multiple patterns and setting the prefix of the created name-value pairs.

  • New filter: rate-limit()

    Limits messages rate based on arbitrary keys in each message.

  • New options for the kafka() destination C implementation

    Options batch-lines() and batch-timeout() have been added.

  • New options for the kafka() destination C implementation

    Options batch-lines() and batch-timeout() have been added.

  • New option value: transport("text-with-nuls")

    text-with-nuls: Allows embedded NUL characters in the message from a TCP source, that is, syslog-ng OSE will not delimiter the incoming messages on NUL characters, only on newline characters (contrary to tcp transport, which splits the incoming log on newline characters and NUL characters).

  • New option for file() destination: symlink-as()

    The configured file name will be used as a symbolic link to the last created file by file destination.

  • New options for redis() destination driver

    Added workers() and Match mode support to the Redis destination driver.

  • New --remove-orphans option in syslog-ng-ctl stats

    New option --remove-orphans has been added to the stats command.

  • New options for the mongodb() destination

    Options collection() and workers() have been added.

  • disk-buffer() has been updated

    New option: truncate-size-ratio(), and other changes.

  • time-reopen() option on multiple drivers

    The time-reopen() option was only configurable on the global options{} level. Now every driver, which utilizes it can configure it on the driver level.

  • New flag(): no-rfc3164-fallback

    This flag allows to attempt parsing RFC5424 first without an automatic fallback to RFC3164.

  • New TLS option: keylog-file()

    This option enables saving TLS secrets (decryption keys) for a given source or destination, which can be used to decrypt data with, for example, Wireshark. The given path and name of a file will be used to save these secrets.

  • Other enhancements

    • Monitoring - Metrics: message size and EPS.

    • Update the no-parse flag.

    • Added a note to the disk-buffer() dir() path.

    • Added macOS and NetBSD to the system() source.


Was this topic helpful?

[Select Rating]



Blogs
Using the syslog-ng Store Box (SSB) in front of Splunk
Containers and automation: five conferences in two words
Webinars
Make your logging infrastructure GDPR compliant
Optimize your SIEM
Feeding log data into your Data Lake
Optimized Log Collection and Distribution
Never Lose Another Log Message
Related Documents