I am happy to announce that after almost a year of development, syslog-ng 3.8.1 has been released. This is the first stable release from the syslog-ng 3.8 branch. Version 3.8.1 adds some long-awaited features to syslog-ng and improves the performance of name-value-pair related operations.
Here are some of the highlights of the new release:
- Disk-based buffering
- Elasticsearch 1.X-5.X support using the HTTP REST API
- Correlation without PatternDB using groupingby
- Date parser
- Posting HTTP messages without Java
- Output in ArcSight CEF format
For a complete list of new features and changes, refer to the documentation, which lists all changes between syslog-ng 3.7 and 3.8, together with references to related parts of the documentation.
If you are interested in a more developer or packager oriented list of changes, check the blog published in the beta testing phase of 3.8.
As syslog-ng 3.8.1 was released just recently, it is not yet available as part of released Linux distributions. As of this writing, it is already in Debian Experimental, openSUSE Leap 42.2 beta1, FreeBSD ports and NetBSD’s pkgsrc. Packages included in distributions usually miss some of the more recent features, like Java modules or those requiring exotic dependencies, like Riemann.
There are also some alternative packages available for Fedora / RHEL, openSUSE / SLES, Debian / Ubuntu in third-party repositories, which include all (well, most) of the possible syslog-ng features. The 3rd party binaries page on syslog-ng.org has up-to-date links to these repositories.
Rust parser module support was added to syslog-ng in version 3.8, but the actual parsers are not yet part of syslog-ng, so most of the repositories do not include Rust modules.
If you have any questions or comments related to syslog-ng, do not hesitate to contact us. You can reach us by e-mail or even in real time via chat. For a long list of possibilities, check our contact page at https://syslog-ng.org/contact-us/. On Twitter I’m available as @PCzanik.