Dear syslog-ng users,

This is the 83rd issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news.


Simplifying CA handling in syslog-ng TLS connections

When talking to users about the TLS-encrypted message transfer, almost everyone immediately complains about configuring a certificate authority (CA) in syslog-ng. You needed to create a hash and create a symbolic link to the CA file based on the hash. Not anymore. While this old method is still available, there is now a much easier way: the new ca-file() option.

Working around Linux capabilities problems for syslog-ng

No, SELinux is not the cause of all permission troubles on Linux. For example, syslog-ng makes use of the capabilities system on Linux to drop as many privileges as possible, as early as possible. But it might cause problems in some corner cases, as even when running as root, syslog-ng cannot read files owned by a different user. Learn from this blog how you can figure out if you have a SELinux or capabilities problem and how to fix it if you do.

Figuring out where a message arrived, and other syslog-ng 3.27 tricks

Version 3.27 of syslog-ng has brought many smaller, but useful features to us. The new Sumo Logic destination was already covered in an earlier blog. You can now also check exactly where a message arrived on a network source (IP address, port and protocol). Rewriting the facility of a syslog message was also made easy. For a complete list of new features and changes, check the release notes at

You can learn more about these features at



Your feedback and news, or tips about the next issue are welcome. To read this newsletter online, visit:

Related Content