Each time a new major Elasticsearch version is released, someone asks if it works with syslog-ng. So I gave it a quick test and based on that, it works fine. But of course, some terms and conditions apply… :-) Before you begin On the syslog-ng side…

In my previous Active Roles blog, you learned how to forward Active Roles logs to a central syslog-ng server to parse and store the logs. In this blog, I’ll show you how to: - Work with parsed Active Roles logs. - Store logs to various document stores…

This blog is just a quick announcement that syslog-ng 4.8.1 is now available in EPEL 10, so you do not have to use the testing repository anymore. Thanks everyone for the feedback! However, support for Elasticsearch 7+ is broken in this release, as…

We are always looking for new ways to store log messages. Quickwit is a new contender, designed for log storage, and among others, it also provides an Elasticsearch-compatible API. From this blog, you can learn about Quickwit, and how to forward log…

One Identity Cloud PAM Essentials is the latest security product by One Identity. It provides asset management as well as secure and monitored remote access for One Identity Cloud users to hosts on their local network. I had a chance to test PAM Essentials…

Logging is not just syslog anymore. Still, many syslog-ng users stick to using one of the syslog protocols for log transport and flat files for log storage. While most SIEMs and log analytics tools can receive syslog messages or read them using their…

A question was asked if syslog-ng can send logs to OpenObserve. It has an Elasticsearch compatible API for log ingestion, but syslog-ng is not mentioned in the documentation. My plan was to document how to modify the syslog-ng elasticsearch-http() destination…

This year I started publishing a syslog-ng tutorial series both on my blog and on YouTube: https://peter.czanik.hu/posts/syslog-ng-tutorial-toc/ And while the series was praised as the best possible introduction to syslog-ng, viewers also mentioned that…

This is the 12th part of my syslog-ng tutorial. Last time, we learned about enriching log messages using syslog-ng. Today, we learn about how to send log messages to Elasticsearch. You can watch the video or read the text below. History of Elasticsearch…

Version 4.0 of syslog-ng is right around the corner. It hasn’tyet been released; however, you can already try some of its features. The largest and most interesting change is type support. Right now, name-value pairs within syslog-ng are represented as…

Dear syslog-ng users, This is the 100th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news. NEWS syslog-ng 4 theme: typing Balázs Scheidler, founder of the syslog-ng project, describes a major new syslog-ng…

Dear syslog-ng users, This is the 99th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news. NEWS syslog-ng future: the path to syslog-ng 4 Balázs Scheidler, founder of the syslog-ng project, describes the…

General availability of Elasticsearch 8 was announced last week. There were quite a few rumors that it will break compatibility with third party tools. I tested it as soon as I had a little time: I am happy to share that anything I tested with the elasticsearch…

The Elastic Cloud is a service by Elastic providing Elasticsearch and related services in an easy-to-use package. Last year someone reported an issue that it does not work properly with syslog-ng. I did not have time to investigate at that time. Now I…

There is a new drop-in replacement for Elasticsearch, at least if you don’t mind the limitations and the alpha status. However, it definitely lives up to the promise that it provides an Elasticsearch-compatible API for data ingestion. I tested it with…

One of the most popular syslog-ng destinations is Elasticsearch. Humio, a log management provider, supports a broad range of ingest options and interfaces, including an Elasticsearch-compatible API. Last week, Humio announced Humio Community Edition …

One of the most popular destinations in syslog-ng is Elasticsearch. Due to the license change of the Elastic stack, some people changed quickly to Grafana/Loki and other technologies. However, most syslog-ng users decided to wait and see. Version 1.0…

Opensearch is a fork of the Elastic stack code base, made right before the license change. The first release candidate (RC1) has been released recently. Next to plain text files, Elasticsearch is one of the most popular destinations in syslog-ng, but…

One of the most interesting projects utilizing syslog-ng is Security Onion, a free and open source Linux distribution for threat hunting, enterprise security monitoring, and log management. It is utilizing syslog-ng for log collection and log transfer…

If you want to test drive syslog-ng or just want to learn something new, I recommend you checking out the BLACK ESK project. By running a single script, you can set up a containerized test environment, complete with Elasticsearch, Kibana and a syslog…

The http() destination is quickly becoming one of the most often used destinations within syslog-ng. You might already be using it even if you are not aware of it. Quite a few syslog-ng destination drivers are actually just configuration snippets in the…

Dear syslog-ng users, This is the 77th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news. NEWS Set up Kibana 7 for syslog-ng & GeoIP Version 7 of the Elastic stack was released a few months ago, and brought…

Version 8, a new major version of Red Hat Enterprise Linux was released this spring. Now that CentOS 8 is also available, there is a rapidly growing interest in syslog-ng running on these platforms. From this blog, you can learn about the availability…

Dear syslog-ng users, This is the 76th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news. NEWS Logging to Elasticsearch made simple with syslog-ng Elasticsearch is gaining momentum as the ultimate destination…

Dear syslog-ng users, This is the 75th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news. NEWS Building blocks of syslog-ng Recently I gave a syslog-ng introductory workshop at Pass the SALT conference in…