Blog

Recently I visited two conferences: LOADays and Red Hat Summit. They both focus on open source software, but similarities end there. LOADays in Antwerp is small, free and focuses on Linux administrators. The Red Hat Summit in Boston is huge, expensiv...

With about two thirds of syslog-ng users running their logging application on Red Hat Enterprise Linux (or CentOS), it is one of our most important platforms both for the open source edition (OSE) and the premium edition (PE) of syslog-ng. Next week ...

While there are some users who run syslog-ng as a stand-alone application, the main strength of syslog-ng is central log collection. In this case the central syslog-ng instance is called the server, while the instances sending log messages to the cen...

This feature is available from syslog-ng PE 7.0.14 and syslog-ng OSE 3.21 on. The configuration is really simple: - you should use the elasticsearch-http() destination (which is based on http destination).syslog-ng will use the Elasticsearch Bulk API...

Dear syslog-ng users, This is the 74th issue of syslog-ng Insider, a monthly newsletter that brings you news related to syslog-ng. NEWS Tetris destination In this blog post we show you a fun way of using the Python destination of syslog-ng. We will w...

Getting log messages into the desired format can sometimes be a problem, but with syslog-ng you can use Python to get exactly the format you need. The syslog-ng Python template function allows you to write custom templates for syslog-ng in Python. It...

Tetris destination Tetris destination Table of Contents Overview The Emacs destination Inserting messages into an Emacs buffer Inserting messages outside Emacs The Tetris destination Overview In this blog post, I would like to show yo...

The syslog-ng source code includes a container-based build system. You can use it to generate source tarballs (the official syslog-ng release tarball is also generated this way) and to build packages for RHEL 7 and different Debian and Ubuntu release...

Using python-fetcher() simplifies developing a source driver for syslog-ng even further. You do not have to implement your own eventloop, since syslog-ng does it for you. You only need to focus on what information you need and how you (or your code) ...

“I'd tell you the joke about UDP, but you might not get it.” The old joke above perfectly summarizes UDP. There is no guarantee (frankly, not even a real effort) that data sent over UDP ever reaches the receiving end. Still, a surprisingl...

I used containers (namely, FreeBSD jail) in production already in 2001. Still, it was the tool and company called Docker that made the use of containers mainstream. Fast forward another few years and you can hear the names skopeo, buildah and podman ...

HTTP is quickly becoming the universal transport protocol of the Internet. Nowadays even DNS over HTTPS implementations are available. There is no HTTP source implemented in C for syslog-ng, but starting with syslog-ng version 3.18, you can write new...

Dear syslog-ng users, This is the 72nd issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news. NEWS Creating a central syslog server Your home network might already contain some devices or systems like a home server, ...

One of the many ways members of a team collaborate is to use Slack. From syslog-ng version 3.19, you can send log messages to Slack. You can receive critical log messages in real-time in your Slack client on your mobile or desktop. Learn how to set u...

Dear syslog-ng users, This is the 71st issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news. NEWS Version 3.19 of syslog-ng released Version 3.19 of syslog-ng has been released with plenty of new features and bugf...

As a follow-up to my RPM blog last week, here are instructions installing syslog-ng Open Source Edition (syslog-ng OSE) on the Debian / Ubuntu version. If you read my previous blog, skip to the installation part at the end, otherwise: read on. Update...

The syslog-ng application is included in all major Linux distributions, and you can usually install syslog-ng from the official repositories. If the core functionality of syslog-ng meets your needs, use the package in your distribution repository (yu...

Learn how to use less resources for better performance in Splunk! Many people have been using syslog-ng for decades without knowing that it receives new features as well as bugfixes. While many Linux utilities are practically in maintenance mode, sys...

As we learned at the Splunk .conf18 this October, forwarding SNMP traps to Splunk can be a challenging task. Luckily, using syslog-ng can simplify it for us. All we need to make sure about is that snmptrapd logs traps to a file. The syslog-ng applica...

Last week I presented syslog-ng at SuriCon 2018 in Vancouver. In this blog post you can read a slightly modified version of that talk: a bit less emphasis on the introduction and a bit more on the explanation of the syslog-ng configuration part. The ...

Using syslog-ng 3.18 and newer releases, you can write new source drivers for syslog-ng in Python. While performance is not as good as C, you gain flexibility and ease of implementation. There are quite a few log sources without a ready to use C API,...

Dear syslog-ng users, This is the 70th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news. NEWS Version 3.18 of syslog-ng released Version 3.18 of syslog-ng has been released with plenty of new features and bugf...

Learn how to send log messages in bulk mode to your Elasticsearch server with syslog-ng. Bulk mode offers better performance, because it sends multiple log messages in a single POST request. A few years back I wrote that any time a new language bind...

Each syslog-ng release comes with one or more larger features that steal the show from very useful but smaller features. Now I collect these small features and explain how they can make your life easier. Learn what is coming up in syslog-ng version 3...

The Python parser of syslog-ng not only enables you to parse any type of log message, but you can also use it to enrich messages. From this blog you will learn how to extract information from a specially formatted log message, and how to create new n...