What's new

This page is a changelog that collects the major changes and additions to this documentation. (If you want to know the details about why we have separate documentation for AxoSyslog and how it relates to the syslog-ng documentation, read our syslog-ng documentation and similarities with AxoSyslog Core blog post.)

Version 4.14 (2025-07-18)

New client-port option for loggen.
Starting with version 4.14, running syslog-ng-ctl stats automatically shows orphan counters to avoid losing information. Information loss could happen, for example, when sending messages using short-lived (few seconds long) connections, while scraping metrics in minute intervals.
The cisco-parser() now handles the Cisco Nexus NXOS 9.3 syslog format.

Version 4.13 (2025-07-08)

You can format arbitrary data as protobuf using the specified schema (proto file) using the protobuf_message FilterX function. Also, you can send such pre-formatted data using the proto-var() option of the ClickHouse and Google BigQuery (/docs/axosyslog-core/chapter-destinations/google-bigquery/#proto-var) destinations.
You can now format dictionaries as XML and Windows Event Log XML using the format_xml and format_windows_eventlog_xml FilterX functions.
You can now format dictionaries as CEF and LEEF messages using the format_cef and format_leef FilterX functions.
Changes in CEF and LEEF:

separate_extensions

Available in AxoSyslog 4.13 and later.

Starting with version 4.13, AxoSyslog parses fields from extensions to the same level as regular fields. In earlier versions, extensions were grouped under the extensions key. To keep using the extensions key, set separate_extensions=true.

Default value: false

Version 4.12 (2025-06-18)

Starting from this version, AxoSyslog is licensed under GPL-3.0-or-later. For details, see Product licensing and the AxoSyslog License Update: Moving to GPL3 blog post.
New FilterX features:
- Arithmetic operators: + (addition), - (substraction), * (multiplication), / (division), and % (modulo)
- List membership operator (in): checks if a value is present in a list.
- strcasecmp function for case insensitive string comparison.
- To help troubleshooting FilterX blocks, AxoSyslog now includes specific functions that allow you to track failures in FilterX code.
Way to propagate the type information of the data fields in the clickhouse() destination using the ClickHouse format schema. For details, see server-side-schema().
You can enable flow-control for every log path using the log-flow-control() global option.
loggen has a new --perf option to disable rate limiting.
Internal STATS messages are now disabled by default.

Version 4.11 (2025-04-09)

Documentation for the Webhook.
New macros: PEERIP and PEERPORT
New gRPC option response-action() for the bigquery(), clickhouse(), google-pubsub-grpc(), loki(), and the opentelemetry() destinations.
New FilterX functions: set_pri, set_timestamp.
Updates the Azure Monitor destination.

Version 4.10 (2025-02-13)

New Google Pub/Sub gRPC destination to send logs and data to Google Pub/Sub via gRPC.
New destination to send logs and data to Azure Monitor and Microsoft Sentinel. For details, see Send data to Azure Monitor and Sentinel.
New $SOURCEPORT macro which expands to the source port of the peer.
The syslog() source driver can now auto-detect RFC6587-style octet-count based framing.
Lots of FilterX updates, including a new =?? operator and several functions:
- keys
- load_vars
- metrics_labels
- set_fields
- strftime
Switch-case expressions in FilterX to better organize the code instead of using multiple if, elif, else blocks. Using switch-case expressions also improves performance.

Version 4.9 (2024-11-11)

ClickHouse database destination.
Log tapping with the syslog-ng-ctl attach command.
FilterX data parsing and processing engine.
Updated lists of available options for the gRPC-based destinations (bigquery(), loki(), opentelemetry(), syslog-ng-otlp()). You can now also set dynamic header values for these destinations.
Added the idle-timeout() option to file() source options, stdin() source options, systemd-syslog() source options, wildcard-file() source options, pipe() source options, program() source options, unix-stream() and unix-dgram() source options.

These sources have a new exit-on-eof flag that makes AxoSyslog stop when EOF is received.
Added the MSGFORMAT macro.
Added .tls.x509_fp to .tls.x509.

Version 4.8 (2024-07-12)

APT repository for Debian and Ubuntu based systems.
You can send messages and metrics to Elasticsearch data streams to store your log and metrics data as time series data using the elasticsearch-datastream() destination driver.
You can use the server-side-encryption() and kms-key() options to configure encryption for Amazon S3 destinations.
You can now set static gRPC headers in the bigquery(), loki(), and the opentelemetry() destinations.
The opentelemetry() parser has a new set-hostname() option.

Version 4.7 (2024-04-18)

Arr logs source
Jellyfin logs source
channel-args() option for gRPC-based drivers, like opentelemetry()
concurrent-requests() option for the opentelemetry() source and the syslog-ng-otlp() source
tenant-id() option for the Loki destination
tags-head template function
MQTT_TOPIC macro
TRANSPORT macro updates