For many years, you could use the match() filter of syslog-ng to parse log messages with regular expressions. However, the primary function of match() is filtering. Recent syslog-ng versions now have a dedicated regular expression parser, the regexp-parser…
The latest pull request to syslog-ng adds a really useful feature: the flip-parser(): https://github.com/syslog-ng/syslog-ng/pull/3971
It allows you to flip the message text, reverse it, or both. As I also reported a couple of minor problems related to…
The latest version of sudo, version 1.9.4 includes support for JSON formatted logging. Compared to traditional sudo logs, it has the advantage of containing more information in a structured way. While traditional sudo logs are also parsed automatically…
Dear syslog-ng users,
This is the 85th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news.
Log messages generated by Cisco devices look like syslog messages at first glance, but…
One of the major syslog-ng features is that it can parse log messages and create name-value pairs from them. Until now the PCRE parser could not handle duplicate names for named subpatterns. Version 3.29 of syslog-ng resolves this issue by adding the…
Version 3.29 of syslog-ng was released recently including a user-contributed feature: the panos-parser(). It is parsing log messages from PAN-OS (Palo Alto Networks Operating System). Unlike some other networking devices, the message headers of PAN-OS…
Log messages generated by Cisco devices look like syslog messages at first glance, but on a closer inspection you will see that there are many smaller differences. By default, syslog-ng treats all incoming messages as syslog messages, however, Cisco logs…
The Python parser of syslog-ng not only enables you to parse any type of log message, but you can also use it to enrich messages. From this blog you will learn how to extract information from a specially formatted log message, and how to create new name…
If you operate web servers, you want to have insight about your traffic. Traditional solutions to process access logs include:
