Dear syslog-ng users,

This is the 105th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news.


Type support: getting started with syslog-ng 4.0

Version 4.0 of syslog-ng is right around the corner. It hasn’tyet been released; however, you can already try some of its features. The largest and most interesting change is type support. Right now, name-value pairs within syslog-ng are represented as text, even if the PatternDB or JSON parsers could see the actual type of the incoming data. This does not change, but starting with 4.0, syslog-ng will keep the type information, and use it correctly on the destination side. This makes your life easier, for example when you store numbers to Elasticsearch or to other type-aware storage.

From this blog, you can learn how type support makes your life easier and helps you to give it a testdrive on your own hosts.

syslog-ng Store Box Splunk/HEC and Sentinel destinations

The syslog-ng Store Box (SSB) appliance is built on syslog-ng Premium Edition (PE). SSB inherits most of syslog-ng PE’s features and makes them available with an easy-to-use graphical user interface. One of the typical use cases for SSB (and syslog-ng PE) is optimizing the logging infrastructure for SIEM / log analysis. Two recently introduced SSB destinations for log analytics are Splunk HEC (HTTP Event Collector) and Microsoft Sentinel.

A quick test of MongoDB 6.0 with syslog-ng

Any time I see that one of the syslog-ng destinations has a major new version, I'm a bit scared, as it is not uncommon to introduce breaking changes with them. MongoDB 6.0, however, was a pleasant surprise. I gave it a quick try, and everything worked as expected. Along the way, I even learned about MongoDB Compass, an easy-to-use GUI for MongoDB databases.

Vmware Photon OS 4.0: an interesting syslog-ng package

A few weeks ago I wrote about syslog-ng in Microsoft’s own Linux distribution, CBL-Mariner. Vmware Photon OS 4.0 is another niche Linux distribution. It not only features syslog-ng, but syslog-ng is also up-to-date. The syslog-ng package in Photon, though, is also the strangest one I have ever encountered.


Your feedback and news, or tips about the next issue are welcome. To read this newsletter online, visit:

Related Content