Blog

UNITE is the partner and user conference of One Identity, the company behind syslog-ng. This time the conference took place in Phoenix, Arizona where I talked to a number of American business customers and partners about syslog-ng. They were really e...

“How can I install the unofficial syslog-ng packages on a machine without Internet access?” This question has been raised several times recently. As it entails more than simply downloading the repository containing the packages, syslog-ng...

Dear syslog-ng users, This is the 75th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news. NEWS Building blocks of syslog-ng Recently I gave a syslog-ng introductory workshop at Pass the SALT conference in Lille, ...

Recently, a number of quite complex configurations came up while syslog-ng users were asking for advice. Some of these configurations were even pushing the limits of syslog-ng (regarding the maximum number of configuration objects). As it turned out,...

Version 7 of the Elastic stack was released a few months ago, and brought several breaking changes that affect syslog-ng. In my previous blog post, I gave details about how it affects sending GeoIP information to Elasticsearch. From this blog post yo...

One of the most popular destinations of syslog-ng is Elasticsearch. Any time a new language binding was introduced to syslog-ng, someone implemented an Elasticsearch destination for it. For many years, the official Elasticsearch destination for syslo...

Elasticsearch is gaining momentum as the ultimate destination for log messages. There are two major reasons for this: You can store arbitrary name-value pairs coming from structured logging or message parsing. You can use Kibana as a search and v...

Recently I gave a syslog-ng introductory workshop at Pass the SALT conference in Lille, France. I got a lot of positive feedback, so I decided to turn all that feedback into a blog post. Naturally, I shortened and simplified it, but still managed to ...

Version 7 of the Elastic Stack, packed with new features and improved performance, has now been available for some time. Elasticsearch is not the only one to have come up with a major new version recently: starting with version 3.21, syslog-ng featur...

Dear syslog-ng users, This is the 74th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news. NEWS Format your log messages in Python Sometimes getting log messages into the desired format can be a problem, but wi...

Google Stackdriver collects and analyses logs, events and metrics of your infrastructure. Using syslog-ng PE 7.0.14 or later, you can send your logs to Google Stackdriver. While originally designed to quickly respond to events in the Google Cloud Pla...

For many years, anything I wrote about syslog-ng and Elasticsearch was valid for all available versions. Well, not anymore. With version 7 of Elasticsearch, there are some breaking changes. These changes are mostly related to the fact that Elastic is...

Why use syslog-ng to alert on sudo events? At the moment, alerting in sudo is limited to E-mail. Using syslog-ng, however, you can send alerts (more precisely, selected logs) to a wide variety of destinations. Logs from sudo are automatically parsed ...

Recently I visited two conferences: LOADays and Red Hat Summit. They both focus on open source software, but similarities end there. LOADays in Antwerp is small, free and focuses on Linux administrators. The Red Hat Summit in Boston is huge, expensiv...

With about two thirds of syslog-ng users running their logging application on Red Hat Enterprise Linux (or CentOS), it is one of our most important platforms both for the open source edition (OSE) and the premium edition (PE) of syslog-ng. Next week ...

While there are some users who run syslog-ng as a stand-alone application, the main strength of syslog-ng is central log collection. In this case the central syslog-ng instance is called the server, while the instances sending log messages to the cen...

This feature is available from syslog-ng PE 7.0.14 and syslog-ng OSE 3.21 on. The configuration is really simple: - you should use the elasticsearch-http() destination (which is based on http destination).syslog-ng will use the Elasticsearch Bulk API...

Dear syslog-ng users, This is the 74th issue of syslog-ng Insider, a monthly newsletter that brings you news related to syslog-ng. NEWS Tetris destination In this blog post we show you a fun way of using the Python destination of syslog-ng. We will w...

Getting log messages into the desired format can sometimes be a problem, but with syslog-ng you can use Python to get exactly the format you need. The syslog-ng Python template function allows you to write custom templates for syslog-ng in Python. It...

Tetris destination Tetris destination Table of Contents Overview The Emacs destination Inserting messages into an Emacs buffer Inserting messages outside Emacs The Tetris destination Overview In this blog post, I would like to show yo...

The syslog-ng source code includes a container-based build system. You can use it to generate source tarballs (the official syslog-ng release tarball is also generated this way) and to build packages for RHEL 7 and different Debian and Ubuntu release...

Using python-fetcher() simplifies developing a source driver for syslog-ng even further. You do not have to implement your own eventloop, since syslog-ng does it for you. You only need to focus on what information you need and how you (or your code) ...

“I'd tell you the joke about UDP, but you might not get it.” The old joke above perfectly summarizes UDP. There is no guarantee (frankly, not even a real effort) that data sent over UDP ever reaches the receiving end. Still, a surprisingl...

I used containers (namely, FreeBSD jail) in production already in 2001. Still, it was the tool and company called Docker that made the use of containers mainstream. Fast forward another few years and you can hear the names skopeo, buildah and podman ...

HTTP is quickly becoming the universal transport protocol of the Internet. Nowadays even DNS over HTTPS implementations are available. There is no HTTP source implemented in C for syslog-ng, but starting with syslog-ng version 3.18, you can write new...