Dear syslog-ng users,
This is the 81st issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news.
Version 3.27 of syslog-ng released
Version 3.27.1 of syslog-ng is now available, adding many smaller features to syslog-ng. These include new macros to check where a given log message arrived, a new rewrite to easily change the syslog facility of a message, a Sumologic destination and an experimental feature to check log integrity. For source code and full details, check https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-3.27.1 For ready-to-use packages check https://syslog-ng.com/3rd-party-binaries
Introduction to the Python HTTP header
You can create your own custom headers for the HTTP destination using syslog-ng’s Python HTTP header plugin and Python scripts. The included example configuration only adds a simple counter to the headers, but with a bit of coding, you can resolve authentication problems or fine-tune how data is handled at cloud-based logging and SIEM platforms, like Sumologic.
DBLD: a syslog-ng developer tool not just for developers
DBLD is a central tool when it comes to syslog-ng development, but even after multiple blogs about the tool, it is still not much used outside of the developers’ team. So, what is DBLD and how could it be used even by you? The abbreviation stands for Docker BuiLD. Using containers ensures both that you have an easily reproducible build environment, and also that you do not have to “pollute” your base system with development-related software packages. You can use DBLD to build the release tarball or ready-to-use packages for a number of Linux distributions. It can even be used as a development environment with all necessary tools installed.
Still not convinced? Yes, the listed possibilities are mostly interesting for syslog-ng developers and 3rd party packagers. If you are lucky, you will never need DBLD. On the other hand, it can come handy if you reported a problem and the syslog-ng team fixed it. Even if you are not a developer, only a junior sysadmin, you can still easily build fixed syslog-ng packages for testing (and even for production use) until an official release with the fix arrives.
Getting your logs into Sumo Logic with syslog-ng made easy
Sumo Logic is one of the most popular cloud-based log management and security analytics services. They provide their own log shippers, but also work with others, including syslog-ng. The use of syslog-ng is well documented on their support website, but the actual configuration part can easily be simplified. A new, dedicated Sumo Logic destination is already available as part of syslog-ng 3.27. It is based either on the network() or the http() destination of syslog-ng and implemented as an SCL, hiding away most of the configuration details from the users.
syslog-ng PE 7.0.20 available
Version 7.0.20 of syslog-ng Premium Edition was released. It adds Red Hat Enterprise Linux 8 to the supported platforms: https://support.oneidentity.com/technical-documents/syslog-ng-premium-edition/7.0.20/administration-guide/4#TOPIC-1434839
Using RHEL 8 instead of RHEL 7 you can use udp-balancer() source for high performance UDP log collection: https://support.oneidentity.com/technical-documents/syslog-ng-premium-edition/7.0.20/administration-guide/33#TOPIC-1434954
NEW WHITE PAPERS
Upgrade to State-of-the-Art Log Management: https://www.syslog-ng.com/whitepaper/log-management-essentials8137754/
Learn how to easily integrate Azure Sentinel into your log-data strategy: https://www.syslog-ng.com/webcast-ondemand/learn-how-to-easily-integrate-azure-sentinel-into-your-log-data-strategy8142757/
You can browse recordings of past webinars at https://www.syslog-ng.com/events/
Your feedback and news, or tips about the next issue are welcome. To read this newsletter online, visit: https://syslog-ng.com/blog/