Blog

Using python-fetcher() simplifies developing a source driver for syslog-ng even further. You do not have to implement your own eventloop, since syslog-ng does it for you. You only need to focus on what information you need and how you (or your code) ...

“I'd tell you the joke about UDP, but you might not get it.” The old joke above perfectly summarizes UDP. There is no guarantee (frankly, not even a real effort) that data sent over UDP ever reaches the receiving end. Still, a surprisingl...

I used containers (namely, FreeBSD jail) in production already in 2001. Still, it was the tool and company called Docker that made the use of containers mainstream. Fast forward another few years and you can hear the names skopeo, buildah and podman ...

HTTP is quickly becoming the universal transport protocol of the Internet. Nowadays even DNS over HTTPS implementations are available. There is no HTTP source implemented in C for syslog-ng, but starting with syslog-ng version 3.18, you can write new...

Dear syslog-ng users, This is the 72nd issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news. NEWS Creating a central syslog server Your home network might already contain some devices or systems like a home server, ...

One of the many ways members of a team collaborate is to use Slack. From syslog-ng version 3.19, you can send log messages to Slack. You can receive critical log messages in real-time in your Slack client on your mobile or desktop. Learn how to set u...

Dear syslog-ng users, This is the 71st issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news. NEWS Version 3.19 of syslog-ng released Version 3.19 of syslog-ng has been released with plenty of new features and bugf...

As a follow-up to my RPM blog last week, here are instructions installing syslog-ng Open Source Edition (syslog-ng OSE) on the Debian / Ubuntu version. If you read my previous blog, skip to the installation part at the end, otherwise: read on. Update...

The syslog-ng application is included in all major Linux distributions, and you can usually install syslog-ng from the official repositories. If the core functionality of syslog-ng meets your needs, use the package in your distribution repository (yu...

Learn how to use less resources for better performance in Splunk! Many people have been using syslog-ng for decades without knowing that it receives new features as well as bugfixes. While many Linux utilities are practically in maintenance mode, sys...

As we learned at the Splunk .conf18 this October, forwarding SNMP traps to Splunk can be a challenging task. Luckily, using syslog-ng can simplify it for us. All we need to make sure about is that snmptrapd logs traps to a file. The syslog-ng applica...

Last week I presented syslog-ng at SuriCon 2018 in Vancouver. In this blog post you can read a slightly modified version of that talk: a bit less emphasis on the introduction and a bit more on the explanation of the syslog-ng configuration part. The ...

Using syslog-ng 3.18 and newer releases, you can write new source drivers for syslog-ng in Python. While performance is not as good as C, you gain flexibility and ease of implementation. There are quite a few log sources without a ready to use C API,...

Dear syslog-ng users, This is the 70th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news. NEWS Version 3.18 of syslog-ng released Version 3.18 of syslog-ng has been released with plenty of new features and bugf...

Learn how to send log messages in bulk mode to your Elasticsearch server with syslog-ng. Bulk mode offers better performance, because it sends multiple log messages in a single POST request. A few years back I wrote that any time a new language bind...

Each syslog-ng release comes with one or more larger features that steal the show from very useful but smaller features. Now I collect these small features and explain how they can make your life easier. Learn what is coming up in syslog-ng version 3...

The Python parser of syslog-ng not only enables you to parse any type of log message, but you can also use it to enrich messages. From this blog you will learn how to extract information from a specially formatted log message, and how to create new n...

In my past two Python blogs I introduced you to the basics of the syslog-ng Python destination. In this blog I show you a working example of how you can publish your logs to MQTT using the Python destination of syslog-ng. If you are new to the Python...

Dear syslog-ng users, This is the 69th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news. NEWS Creating your first block for the syslog-ng configuration library (SCL) The syslog-ng configuration library (SCL) is...

Last week you learned the very basics of the syslog-ng Python destination. This time, you will move a bit further and learn about a few more configuration options and optional methods. If you are new to the Python destination and want to get started ...

You can store your log messages to many different destinations using syslog-ng, but of course not everywhere. This is where the Python destination of syslog-ng can come handy. You can extend syslog-ng easily with your own code written in Python and s...

Dear syslog-ng users, This is the 68th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news. syslog-ng 3.16 & 3.17 are released Version 3.16 & 3.17 of syslog-ng are now available. Support to send log messag...

Writing an extra zero at the wrong place in a configuration file can result in a filled-up partition and data loss. This is where human readable numbers in syslog-ng can help: using kilo / mega / giga instead of writing many-digit numbers can save y...

When you have multiple syslog servers collecting logs, syslog-ng on the client side can fail over to secondary servers if the primary one becomes unavailable. It can also fail back to the primary server soon after it is back on-line – if config...

When a user reports a problem with syslog-ng, developers create code to fix it. The fix is called a patch or a pull request (PR) in Git terminology. Often this code does not enter the main source code automatically but developers ask the user to test...