1.4. What is new in syslog-ng Open Source Edition 3.12?

Version 3.12 of syslog-ng Open Source Edition includes the following main features:

  • A new systemd-journal() source option, called read-old-records(), has been added. Previously, syslog-ng OSE started reading records from the journald system service right from the very beginning of the journal. This was often a lengthy process. This option lets you specify whether you want to read only new records from the journal or all records, starting from the beginning of the journal. For more information, see Section read-old-records().

  • You can now fine-tune your Java Virtual Machine (JVM) options when configuring Elasticsearch, HDFS, and Apache Kafka destinations, or web services to which you send log messages via the HTTP protocol. Previously, settings of the Java Virtual Machine could not be overriden from the syslog-ng OSE configuration file, resulting sometimes in suboptimal memory utilization. The new jvm-options() allows you to configure these Java settings from syslog-ng OSE as a global option. For details, see:

  • A new HDFS destination option, called hdfs-append-enabled(), has been added. This option allows you to append new data to an existing HDFS file. This means that, when setting this parameter to true, there is no need anymore to open a new file once a file has been closed. For further information, see Section hdfs-append-enabled().

  • Macros are now supported in the hdfs-file() option, meaning that syslog-ng OSE can create files on HDFS dynamically, using macros in the file (or directory) name.. For details, see Section hdfs-file().

  • A number of new TLS options have been added:

    • Using the dhparam-file() option, you can import Diffie-Hellman parameters from a file. For details, see Section dhparam-file().

    • The ecdh-curve-list() option allows you to specify the curves that are permitted in the connection when using Elliptic Curve Cryptography (ECC). For more information, see Section ecdh-curve-list().

    • Using the pkcs12-file() option, you can specify a PKCS #12 file container that can store a private key, a certificate and optional CA certificates. For details, see Section pkcs12-file().

  • A new parser, the XML parser, has been added. The XML parser is capable of processing input in XML format, and adding the parsed data to the message object.

    The XML parser allows you to extract information from XML logs, and use this information in your logging pipeline, for example, in filters, and also to further process the extracted data using syslog-ng or other tools. In addition, parsing XML logs helps you normalize your log messages, and convert them to a common format.

    For further information, see Section 12.5, The XML parser.

For a more detailed list, see Section 6.1.2, Version 3.10 - 3.11 and https://github.com/balabit/syslog-ng/releases/.