What's new

This page is a changelog that collects the major changes and additions to this documentation. (If you want to know the details about why we have separate documentation for AxoSyslog and how it relates to the syslog-ng documentation, read our syslog-ng documentation and similarities with AxoSyslog Core blog post.)

Version 4.9 (2024-11-11)

• ClickHouse database destination.

• Log tapping with the syslog-ng-ctl attach command.

• FilterX data parsing and processing engine.

• Updated lists of available options for the gRPC-based destinations (bigquery(), loki(), opentelemetry(), syslog-ng-otlp()). You can now also set dynamic header values for these destinations.

• Added the idle-timeout() option to file() source options, stdin() source options, systemd-syslog() source options, wildcard-file() source options, pipe() source options, program() source options, unix-stream() and unix-dgram() source options.

  These sources have a new exit-on-eof flag that makes AxoSyslog stop when EOF is received.

• Added the MSGFORMAT macro.

• Added .tls.x509_fp to .tls.x509.

Other documentation updates

• Cloud authentication option updates for the http() and google-pubsub destinations.
• syslog-ng-ctl list-files command lists files referenced in your configuration, for example, certificates or external configuration files.
• lifetime() global option to prune dynamic counters.

Version 4.8 (2024-07-12)

• APT repository for Debian and Ubuntu based systems.
• You can send messages and metrics to Elasticsearch data streams to store your log and metrics data as time series data using the elasticsearch-datastream() destination driver.
• You can use the server-side-encryption() and kms-key() options to configure encryption for Amazon S3 destinations.
• You can now set static gRPC headers in the bigquery(), loki(), and the opentelemetry() destinations.
• The opentelemetry() parser has a new set-hostname() option.

Version 4.7 (2024-04-18)

• Arr logs source
• Jellyfin logs source
• channel-args() option for gRPC-based drivers, like opentelemetry()
• concurrent-requests() option for the opentelemetry() source and the syslog-ng-otlp() source
• tenant-id() option for the Loki destination
• tags-head template function
• MQTT_TOPIC macro
• TRANSPORT macro updates

For details, see the release announcement blog post.

Version 4.6 (2024-02-01)

• Google BigQuery destination
• Windows XML Event Log (EVTX) parser
• tag template function
• batch-bytes(), compression() and workers() options for the syslog-ng-otlp() and opentelemetry() destinations

For details, see the release announcement blog post.

New sources

• New macOS sources
• qBittorrent logs
• Pi-hole Faster Than Light logs

2023-10-20 to version 4.5 release (2024-01-05)

• Google Pub/Sub destination
• OpenObserve destination
• New http() destination options Templates in the url() and worker-partition-key()

Parsers

• New PostgreSQL csvlog parser
• Columnless mode in csv-parser

TLS options

• ssl-version()
• ignore-validity-period option in to ssl-options()

Manual pages

• --check-startup in The syslog-ng manual page
• secure-logging, slogencrypt, slogkey, and slogverify manual pages.

Other changes

• New quickstart section Sending Kubernetes logs to OpenSearch
• Updates in Install AxoSyslog with Podman and Install AxoSyslog with Docker
• close_batch and set_transport methods in the python source

2023-08-18 to 2023-10-20

• syslog-ng-otlp source and syslog-ng-otlp destination
• Loki destination
• Amazon S3 destination
• OpenSearch destination
• stdout destination
• http destination options:
  • ignore-hostname-mismatch ssl-option
  • accept-encoding()
  • accept-redirects()
  • content-compression()
• Dynamic labeling in the metrics-probe parser

2023-07-07 to 2023-08-18

OpenTelemetry

• OpenTelemetry source
• OpenTelemetry destination
• OpenTelemetry parser

New sources and related changes

• Hypr Audit Trail and Hypr App Audit Trail
• OpenTelemetry
• match-boot and matches options of the syslog-journal() source

New destinations and related changes

• Falcon LogScale
• OpenTelemetry
• Splunk HEC
• dbdi-driver-dir() and quote-char() options of the sql() destination
• bulk-mode(), bulk-bypass-validation(), and bulk-unordered() and write-concern() options of the mongodb() destination

New parsers and related changes

• group-lines
• Count the messages that pass through the log path (metrics-probe)
• OpenTelemetry
• RFC5424 structured data (SDATA) parser
• sdata-prefix option for the syslog-parser
• escape-backslash-with-sequences option for the csv-parser

Other changes

• Typing support (Specifying data types in value-pairs)
• Nonsequential message processing for improved performance
• An overview of writing Python modules for syslog-ng
• New syslog-ng-ctl commands
• Configuration identifier
• Named log paths
• format-date template function
• TLS improvements: OCSP stapling verification and SSL_CONF_cmd support
• RAWMSG_SIZE macro
• lower and upper transformations for the rekey value-pairs() option

New global options

• log-level
• stats