Version 4 of syslog-ng works perfectly well in version 3 compatibility mode. However, if you want to use the syslog-ng 4 features, you need to be aware of some significant changes. If you have a simple configuration, like those in Linux distributions…
Dear syslog-ng users,
This is the 106th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news.
This syslog-ng blog does not demonstrate any new syslog-ng features or integrations. Instead…
Last week I gave you a quick introduction to a major syslog-ng 4.0 feature: type support. I mentioned that it also works nicely for JSON-formatted sudo logs. I have been asked to share a working syslog-ng configuration.
From this blog, you can learn how…
Dear syslog-ng users,
This is the 100th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news.
Balázs Scheidler, founder of the syslog-ng project, describes a major new syslog-ng version…
This weekend I am going to give a talk about sudo in the security track of FOSDEM. I will talk a few words about logging at each major point I mention, but I cannot go into too much detail there. So, consider this blog both as a teaser and an extension…
Dear syslog-ng users,
This is the 88th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news.
Until now collecting logs behind proxies or load balancers needed…
The latest version of sudo, version 1.9.4 includes support for JSON formatted logging. Compared to traditional sudo logs, it has the advantage of containing more information in a structured way. While traditional sudo logs are also parsed automatically…
Dear syslog-ng users,
This is the 75th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news.
Recently I gave a syslog-ng introductory workshop at Pass the SALT conference in Lille, France…
Dear syslog-ng users,
This is the 74th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news.
Sometimes getting log messages into the desired format can be a problem, but with…
Why use syslog-ng to alert on sudo events? At the moment, alerting in sudo is limited to E-mail. Using syslog-ng, however, you can send alerts (more precisely, selected logs) to a wide variety of destinations. Logs from sudo are automatically parsed by…
Recently I visited two conferences: LOADays and Red Hat Summit. They both focus on open source software, but similarities end there. LOADays in Antwerp is small, free and focuses on Linux administrators. The Red Hat Summit in Boston is huge, expensive…
In our previous blogs on central log management, we touched on the topic of effective search in a centralized log repository. In this post, we take a look at the risk of ‘sudoing’, and how you can quickly and easily surface sudo related information from…
