Blog

This is the 2020 edition of my most read blog entry about syslog-ng web-based graphical user interfaces (web GUIs). Many things have changed in the past few years. In 2011, only a single logging as a service solution was available, while nowadays, I …

Until now collecting logs behind proxies or load balancers needed some compromises. You either trusted the host information included in the log messages or you could only see the proxy as the sender host. Starting with syslog-ng 3.30 there is a third…

Dear syslog-ng users, This is the 86th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news. NEWS How to use syslog-ng with LaaS and why? The first Logging as a Service (LaaS) I learned about many years ago was crea…

Amazon Linux 2 is just one of many Linux distributions and other operating systems running in AWS. As Amazon Linux 2 is a close relative of RHEL 7 / CentOS 7, the user experience is also very close to these operating systems. All you need to learn is…

Loki is one of the latest applications that lets you aggregate and query log messages, and of course to visualize logs using Grafana. It does not index the contents of log messages, only the labels associated with logs. This way, processing and stori…

One of the most interesting projects utilizing syslog-ng is Security Onion, a free and open source Linux distribution for threat hunting, enterprise security monitoring, and log management. It is utilizing syslog-ng for log collection and log transfe…

Dear syslog-ng users, This is the 85th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news. NEWS Parsing Cisco logs in syslog-ng Log messages generated by Cisco devices look like syslog messages at first glance, …

The first Logging as a Service (LaaS) I learned about many years ago was created by Loggly. Of course there are many more LaaS providers now. While most services also provide their own clients for sending log messages, many of them also document send…

One of the major syslog-ng features is that it can parse log messages and create name-value pairs from them. Until now the PCRE parser could not handle duplicate names for named subpatterns. Version 3.29 of syslog-ng resolves this issue by adding the…

Version 3.29 of syslog-ng was released recently including a user-contributed feature: the panos-parser(). It is parsing log messages from PAN-OS (Palo Alto Networks Operating System). Unlike some other networking devices, the message headers of PAN-O…

Dear syslog-ng users, This is the 84th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news. NEWS Using a proxy with the http() destination The http() destination is quickly becoming one of the most often used des…

The syslog-ng application is included in all major Linux distributions, and you can usually install syslog-ng from the official repositories. If the core functionality of syslog-ng meets your needs, use the package in your distribution repository (yu…