syslog-ng Community

Blogs

  • Throttling log messages

    One of the main advantages of syslog-ng is that it is high performance and low on resource usage. Why throttle the messages then? There are three main reasons – licensing, performance, and bandwidth – all outside of syslog-ng. From this b...
    • 226 Views
    • 0 Comments
  • hook-commands: easy driver setup

    The hook-commands() option of syslog-ng makes it easy to execute external commands when a driver is started or stopped. For example, you can open a port in the firewall when a network source is started and close it once syslog-ng is shut down. Or you...
    • 372 Views
    • 0 Comments
  • Telegram destination in syslog-ng

    Getting started with the Telegram destination of syslog-ng is not an easy and straightforward process, but it is well worth the efforts. If you do not know Telegram yet, Telegram is a cloud-based messaging application known for its security...
    • 306 Views
    • 0 Comments
  • IoT security: logging

    Last week SANS published a brand new white paper about the Internet of Things: “Stopping IoT-based Attacks on Enterprise Networks”. IoT devices have been around in the networks of enterprises for many years, just think about network-conne...
    • 279 Views
    • 0 Comments
  • Using the syslog-ng Store Box (SSB) in front of Splunk

    The syslog-ng application was used for many years as a log collection layer in front of Splunk. But why use a full-blown log management appliance with a graphical user interface instead of a simple command line application? I learned the answers at&...
    • 1072 Views
    • 0 Comments
  • Containers and automation: five conferences in two words

    During the past six weeks I visited five different conferences in four different countries either as a speaker or as booth staff. While traveling so much in such a short span of time was quite exhausting, I would do it again without hesitation. Altog...
    • 598 Views
    • 0 Comments
  • Big Data: save all or save costs?

    When starting a new project, Big Data vendors usually recommend a “save all” and “save raw” approach, as you never know what data might come handy later and in what format. Companies starting those projects also often have the...
    • 542 Views
    • 0 Comments
  • Launching the official syslog-ng OSE repository

    Last autumn, we asked for your feedback on our plan to introduce official binary repositories for syslog-ng Open Source Edition. The overwhelming majority of those who got back to us agreed that it is fair to provide this service tied to a simple reg...
    • 963 Views
    • 0 Comments
  • Calculate PI with syslog-ng

    Origin story We just realized that syslog-ng has a nice milestone as it reached the 3.14 version. I wanted to create something to celebrate it. There were a few ideas – still not forgotten, but in the end I though I do not want to extend syslog...
    • 703 Views
    • 0 Comments
  • Insider 2018-04: RHEL6; Windows Event Log; Patched RPM; HEC; Conferences

    Dear syslog-ng users, This is the 66th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news. NEWS syslog-ng is available for RHEL 6 / CentOS 6 again After more than a year, the latest version of syslog-ng compiles a...
    • 532 Views
    • 0 Comments
  • Splunk HEC: Sending logs using the program() destination of syslog-ng

    Recently Splunk started to recommend the use of the HTTP Event Collector (HEC) instead of forwarders. Syslog-ng supports this in multiple ways. Last time I showed you how to use the http() destination of syslog-ng. This time I introduce you to anothe...
    • 609 Views
    • 0 Comments
  • syslog-ng at SCALE 2018

    It is the fourth year that syslog-ng has participated at Southern California Linux Expo or, as better known to many, SCALE ‒ the largest Linux event in the USA. In many ways, it is similar to FOSDEM in Europe, however, SCALE also focuses on users and...
    • 542 Views
    • 0 Comments
  • How to collect Windows Event Logs with syslog-ng without installing an agent

    With the release of syslog-ng Premium Edition 7.0.6, you can collect Windows event logs without installing any third party application on your Windows-based computer. The benefits are obvious: You don’t need to install any additional applicati...
    • 1536 Views
    • 0 Comments
  • CentOS Dojo and FOSDEM 2018

    FOSDEM is one of the largest open source conferences in the world, with over 8000 participants. As many developers gather not just from Europe but from all around the world, there are a number of pre- and post conferences timed to happen before and a...
    • 527 Views
    • 0 Comments
  • Insider 2018-02: New website; One Identity; Docker; Error messages; Elastic 6; DevConf

    Dear syslog-ng users, This is the 65th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news. NEWS New syslog-ng website Our new website – http://syslog-ng.com/ – is now live. It is a central hub of infor...
    • 489 Views
    • 0 Comments
  • DevConf 2018: long live containerization

    DevConf is a yearly conference for developers, administrators, and users of Linux and related technologies. It is organized by Red Hat in Brno, home to one of their major development centers. This event was the 10th in a row and the largest ever...
    • 520 Views
    • 0 Comments
  • Common syslog-ng error messages and their solutions

    In this post, we would like to explain a few common syslog-ng error and warning messages, what they mean, and how to solve them. Destination queue full Destination queue full, dropping messages; queue_len='10000', log_fifo_size='10000&#...
    • 790 Views
    • 0 Comments
  • Build your own syslog-ng RPM from patched Git sources on RHEL / CentOS 7

    When a user reports a problem with syslog-ng, developers create code to fix it. The fix is called a patch or a pull request (PR) in Git terminology. Often this code does not enter the main source code automatically but developers ask the user to test...
    • 623 Views
    • 0 Comments
  • Latest syslog-ng is available for RHEL 6 / CentOS 6 again

    After more than a year, the latest version of syslog-ng compiles again on Red Hat Enterprise Linux version 6. This is thanks to a patch from Balázs Scheidler which resolves compatibility problems with older glib releases by implementing the mi...
    • 886 Views
    • 0 Comments
  • syslog-ng and Elasticsearch 6: getting started on RHEL/CentOS

    Version 6 of the Elastic Stack has now been available for some time packed with new features and improved performance. Compatibility of syslog-ng was checked already during the alpha phase of development, as syslog-ng is becoming popular among Elasti...
    • 949 Views
    • 0 Comments
  • Graylog as destination in syslog-ng

    Version 3.13 of syslog-ng introduced a graylog2() destination and a GELF (Graylog Extended Log Format) template to make sending syslog messages to Graylog easier. You can also use them to forward simple name-value pairs where the name starts with a d...
    • 752 Views
    • 0 Comments
  • Sending logs to Splunk through HTTP

    For quite some time, Splunk has recommended to collect syslog messages using syslog-ng, save them to files, and send them to Splunk using forwarders. Unless you have a very high message rate, the HTTP destination of syslog-ng can greatly simplify thi...
    • 755 Views
    • 0 Comments
  • syslog-ng and Elasticsearch 5: getting started on RHEL/CentOS

    For the last six months, Elastic’s communication centered around the upcoming Elastic Stack 5.0. And finally it is here: tons of new features, improved performance and a single version number for all Elastic products. Compatibility with syslog-...
    • 698 Views
    • 0 Comments
  • Sending netdata metrics through syslog-ng to Elasticsearch

    netdata is a system for distributed real-time performance and health monitoring. You can use syslog-ng to collect and filter data provided by netdata and then send it to Elasticsearch for long-term storage and analysis. The aim is to send both metric...
    • 661 Views
    • 0 Comments
  • Application adapters and enterprise-wide message model for syslog-ng

    Do you want to simplify parsing your log messages? Try the new “application adapter” and “enterprise-wide message model” frameworks in syslog-ng: you can automatically parse log messages and forward the results to another sysl...
    • 602 Views
    • 0 Comments