Dear syslog-ng users, This is the 114th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news. NEWS Sending logs to Splunk using syslog-ng There are many ways you can collect log messages using syslog-ng and…

There are many ways you can collect log messages using syslog-ng and forward them to Splunk. In this blog I collect the history of Splunk support in syslog-ng, and the advantages and disadvantages of various solutions, both open source and commercial…

Getting data to Splunk can be challenging. Syslog is still the most important data source, and it can provide you with hard-to-solve problems (for example, like high volume, non-compliant messages, unreliable network protocol (UDP), and more). The syslog…

The syslog-ng Store Box (SSB) appliance is built on syslog-ng Premium Edition (PE). SSB inherits most of syslog-ng PE’s features and makes them available with an easy-to-use graphical user interface. One of the typical use cases for SSB (and syslog-ng…

Dear syslog-ng users, This is the 96th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news. NEWS syslog-ng 3.35.1 available Version 3.35.1 of syslog-ng is released. New features include: APT repo for…

One of the most popular applications to feed Splunk with syslog messages is syslog-ng. However not everyone is happy to work on the command line anymore. This is where syslog-ng store box (SSB), an appliance built around syslog-ng, can help. The SSB GUI…

Dear syslog-ng users, This is the 76th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news. NEWS Logging to Elasticsearch made simple with syslog-ng Elasticsearch is gaining momentum as the ultimate destination…

The syslog-ng application was used for many years as a log collection layer in front of Splunk. But why use a full-blown log management appliance with a graphical user interface instead of a simple command line application? I learned the answers at Red…

Recently Splunk started to recommend the use of the HTTP Event Collector (HEC) instead of forwarders. Syslog-ng supports this in multiple ways. Last time I showed you how to use the http() destination of syslog-ng. This time I introduce you to another…

Do you want to simplify parsing your log messages? Try the new “application adapter” and “enterprise-wide message model” frameworks in syslog-ng: you can automatically parse log messages and forward the results to another syslog-ng instance. Optionally…

For quite some time, Splunk has recommended to collect syslog messages using syslog-ng, save them to files, and send them to Splunk using forwarders. Unless you have a very high message rate, the HTTP destination of syslog-ng can greatly simplify this…