Select Page

syslog-ng features published in 3.x

  • Conceptual improvements
    • blocks and SCLs (3.2.x)
    • value-pairs (3.4.x)
    • template functions to manipulate/map values right within templates (3.4.x)
    • type hinting (3.5.x)
    • junctions and channels (3.4.x)
    • support for lists in name value pairs (3.20.1)
    • collecting extra information about the sending process
    • unique message IDs ($UNIQID, $RCPTID) (3.7.x)
    • support for list values (3.10.1)
    • ewmm (3.13.1)
    • if/else/elif blocks (3.15)
  • Parsing and processing
    • support for JSON (3.3.x)
    • XML support to parse Windows eventlog (3.12.1)
    • app-parser (3.13.1)
    • db-parser (3.2.x)
    • kv-parser (3.7.x)
    • date-parser (3.8.1)
    • geoip lookups (3.7.1)
    • map-value-pairs (3.10.1)
    • add-contextual-data (3.8.1)
    • grouping-by(): streaming aggregation/correlation of related messages
    • geoip support
    • url encode/decode (3.18)
    • base64 encode/decode (3.18)
    • automatic detection/fixing of timezone information (3.21.1)
    • regexp-parser (3.34.1)
    • Out-of-the-box, application specific parsers
      • apache-accesslog-parser()
      • linux-audit() parser (3.17)
      • cisco-parser()
      • windows-eventlog-parser()
      • Netskope parser (3.20
      • Websense parser (3.20)
      • JunOS (3.21)
      • CheckPoint LogExportqer (3.21)
      • panos-parser for Palo Alto PAN-OS logs (3.29)
      • fortigate-parser (3.31)
  •  Architecture
    • Multi threaded execution
    • the ability to extend syslog-ng with plugins (3.2.x)
    • python/Java bindings (3.7.1)
    • multi-threaded destinations with batching support (e.g. HTTP, kafka, mongodb, redis)
    • Dynamic Window Sizing (3.22)
    • interactive debugger (syslog-ng -i)
    • The ability for plugins to collaborate using a signal-slot mechanism, which is used to implement Azure authentication (written in Python) with the C based HTTP destination for instance
  • Souces and destinations
    • sql
    • mongodb (3.3.x)
    • amqp (3.4.x)
    • smtp (3.4.x)
    • stomp (3.5.x)
    • redis (3.5.x)
    • riemann (3.6.x)
    • graphite (3.6.x)
    • Elastic, Kafka, Hadoop destinations (3.7.1)
    • HTTP destination (3.8.1) with multi-threaded enhancements for Splunk HEC (3.18.1), and a client side HTTP load balancer (3.19.1)
    • node.js apps via Winston (3.6.1)
    • loggly (3.8.1)
    • logmatic (3.8.1)
    • SNMP traps source (3.10.1) and destination (3.22.1)
    • osquery source (3.10.1) and destination (3.13.1)
    • graylog2 support
    • telegram destination (3.16.1)
    • slack destination (3.19.1)
    • collectd destination (3.20.1)
    • sumologic destination (3.27.1)
    • discord destination (3.33)
    • mqtt destination (3.33) and source (3.35)
    • network load balancing over several connections (3.13.1)
    • client side failover (3.15.1) and fallback (3.17.1) support in syslog destinations
    • source side UDP socket load balancing (so-reuseport) (3.19.1)