syslog-ng Community

Blogs

  • Python source in syslog-ng

    Using syslog-ng 3.18 and newer releases, you can write new source drivers for syslog-ng in Python. While performance is not as good as C, you gain flexibility and ease of implementation. There are quite a few log sources without a ready to use C API,...
    • 302 Views
    • 0 Comments
  • Insider 2018-10: 3.18 release; Splunk .conf18; Python destination; Python parser;

    Dear syslog-ng users, This is the 70th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news. NEWS Version 3.18 of syslog-ng released Version 3.18 of syslog-ng has been released with plenty of new features and bugf...
    • 436 Views
    • 0 Comments
  • Bulk mode message sending to Elasticsearch with syslog-ng http() destination

    Learn how to send log messages in bulk mode to your Elasticsearch server with syslog-ng. Bulk mode offers better performance, because it sends multiple log messages in a single POST request. A few years back I wrote that any time a new language bind...
    • 644 Views
    • 0 Comments
  • Small is beautiful: what's new in syslog-ng 3.18?

    Each syslog-ng release comes with one or more larger features that steal the show from very useful but smaller features. Now I collect these small features and explain how they can make your life easier. Learn what is coming up in syslog-ng version 3...
    • 940 Views
    • 0 Comments
  • Parsing log messages with the syslog-ng Python parser

    The Python parser of syslog-ng not only enables you to parse any type of log message, but you can also use it to enrich messages. From this blog you will learn how to extract information from a specially formatted log message, and how to create new n...
    • 1129 Views
    • 0 Comments
  • Writing Python destination in syslog-ng: how to send log messages to MQTT

    In my past two Python blogs I introduced you to the basics of the syslog-ng Python destination. In this blog I show you a working example of how you can publish your logs to MQTT using the Python destination of syslog-ng. If you are new to the Python...
    • 1152 Views
    • 0 Comments
  • Insider 2018-09: SCL; Splunk .conf18; failover; human readable numbers; webinars;

    Dear syslog-ng users, This is the 69th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news. NEWS Creating your first block for the syslog-ng configuration library (SCL) The syslog-ng configuration library (SCL) is...
    • 1358 Views
    • 0 Comments
  • Python destination: getting into details

    Last week you learned the very basics of the syslog-ng Python destination. This time, you will move a bit further and learn about a few more configuration options and optional methods. If you are new to the Python destination and want to get started ...
    • 1502 Views
    • 0 Comments
  • Python destination getting started

    You can store your log messages to many different destinations using syslog-ng, but of course not everywhere. This is where the Python destination of syslog-ng can come handy. You can extend syslog-ng easily with your own code written in Python and s...
    • 1798 Views
    • 0 Comments
  • Insider 2018-08: 3.16 & 3.17; Splunk; IoT security; Telegram; Throttling;

    Dear syslog-ng users, This is the 68th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news. syslog-ng 3.16 & 3.17 are released Version 3.16 & 3.17 of syslog-ng are now available. Support to send log messag...
    • 1635 Views
    • 0 Comments
  • Human readable numbers in syslog-ng

    Writing an extra zero at the wrong place in a configuration file can result in a filled-up partition and data loss. This is where human readable numbers in syslog-ng can help: using kilo / mega / giga instead of writing many-digit numbers can save y...
    • 1665 Views
    • 0 Comments
  • Client-side failover and failback using syslog-ng

    When you have multiple syslog servers collecting logs, syslog-ng on the client side can fail over to secondary servers if the primary one becomes unavailable. It can also fail back to the primary server soon after it is back on-line – if config...
    • 2167 Views
    • 0 Comments
  • Build your own syslog-ng packages from patched Git sources

    When a user reports a problem with syslog-ng, developers create code to fix it. The fix is called a patch or a pull request (PR) in Git terminology. Often this code does not enter the main source code automatically but developers ask the user to test...
    • 2924 Views
    • 0 Comments
  • Creating your first block for the syslog-ng configuration library (SCL)

    The syslog-ng configuration library (SCL) is a collection of ready-to-use configuration snippets that hide away the complexity of the specifics of your log processing pipeline. If you already reuse parts of your configuration on different machines, i...
    • 3112 Views
    • 0 Comments
  • Throttling log messages

    One of the main advantages of syslog-ng is that it is high performance and low on resource usage. Why throttle the messages then? There are three main reasons – licensing, performance, and bandwidth – all outside of syslog-ng. From this b...
    • 3257 Views
    • 0 Comments
  • hook-commands: easy driver setup

    The hook-commands() option of syslog-ng makes it easy to execute external commands when a driver is started or stopped. For example, you can open a port in the firewall when a network source is started and close it once syslog-ng is shut down. Or you...
    • 2847 Views
    • 0 Comments
  • Telegram destination in syslog-ng

    Getting started with the Telegram destination of syslog-ng is not an easy and straightforward process, but it is well worth the efforts. If you do not know Telegram yet, Telegram is a cloud-based messaging application known for its security...
    • 2800 Views
    • 0 Comments
  • IoT security: logging

    Last week SANS published a brand new white paper about the Internet of Things: “Stopping IoT-based Attacks on Enterprise Networks”. IoT devices have been around in the networks of enterprises for many years, just think about network-conne...
    • 2800 Views
    • 0 Comments
  • Using the syslog-ng Store Box (SSB) in front of Splunk

    The syslog-ng application was used for many years as a log collection layer in front of Splunk. But why use a full-blown log management appliance with a graphical user interface instead of a simple command line application? I learned the answers at&...
    • 6290 Views
    • 0 Comments
  • Containers and automation: five conferences in two words

    During the past six weeks I visited five different conferences in four different countries either as a speaker or as booth staff. While traveling so much in such a short span of time was quite exhausting, I would do it again without hesitation. Altog...
    • 3086 Views
    • 0 Comments
  • Big Data: save all or save costs?

    When starting a new project, Big Data vendors usually recommend a “save all” and “save raw” approach, as you never know what data might come handy later and in what format. Companies starting those projects also often have the...
    • 3256 Views
    • 0 Comments
  • Launching the official syslog-ng OSE repository

    Last autumn, we asked for your feedback on our plan to introduce official binary repositories for syslog-ng Open Source Edition. The overwhelming majority of those who got back to us agreed that it is fair to provide this service tied to a simple reg...
    • 3617 Views
    • 1 Comments
  • Calculate PI with syslog-ng

    Origin story We just realized that syslog-ng has a nice milestone as it reached the 3.14 version. I wanted to create something to celebrate it. There were a few ideas – still not forgotten, but in the end I though I do not want to extend syslog...
    • 3358 Views
    • 0 Comments
  • Insider 2018-04: RHEL6; Windows Event Log; Patched RPM; HEC; Conferences

    Dear syslog-ng users, This is the 66th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news. NEWS syslog-ng is available for RHEL 6 / CentOS 6 again After more than a year, the latest version of syslog-ng compiles a...
    • 2877 Views
    • 0 Comments
  • Splunk HEC: Sending logs using the program() destination of syslog-ng

    Recently Splunk started to recommend the use of the HTTP Event Collector (HEC) instead of forwarders. Syslog-ng supports this in multiple ways. Last time I showed you how to use the http() destination of syslog-ng. This time I introduce you to anothe...
    • 3546 Views
    • 0 Comments