Sudo + syslog-ng: two software at two conferences

Recently I visited two conferences: LOADays and Red Hat Summit. They both focus on open source software, but similarities end there. LOADays in Antwerp is small, free and focuses on Linux administrators. The Red Hat Summit in Boston is huge, expensive and covers a wide variety of topics, including administration among many others. No matter of the differences, both are among my favorite events.

Why sudo? Last year Balabit, the company where I work, was acquired by One Identity. Todd Miller, developer of sudo became my colleague. I was happy to see another open source software around. I read sudo and learned that it has many more features than I knew about, even if I have been using it for decades. So, next to syslog-ng I started to evangelize sudo as well, demonstrating how much more it can be than a simple prefix to administrative commands.

LOADays

At LOADays I gave a talk about sudo with the title: “What you most likely did not know about sudo…”. Based on the reactions the title was the right choice for the majority of people in the room.

Of course as syslog-ng evangelist I also included a few slides about syslog-ng in my sudo talk. What does it have to do with sudo? Alerting in sudo is limited to e-mail. It works fine, but it is kind of old-fashioned. Using syslog-ng you can send alerts to a wide variety of destinations. In my talk I showed how syslog-ng automatically parses sudo logs and how it can send alerts to Slack if a given user uses sudo to run commands as administrator.

After my talk I received many questions about both software, even the day after. Of course the majority of them focused on different sudo features, but some people wanted to learn more about supported destinations of syslog-ng or how to extend it to support a new one. The Python bindings made it easy to answer, as practically almost all network services have a Python API available.

Red Hat Summit

As about two thirds of syslog-ng users run their software on Red Hat Enterprise Linux (or CentOS), this is by far our most important platform. That is why syslog-ng had a booth at the Red Hat Summit. Almost last minute we got the idea to include sudo too, and it turned out to be a good one. The two together attracted a more visitors and led to very good discussions.

Talking to hundreds of people of course there were many returning questions. Here I list some of the top syslog-ng questions – of course with answers :)

If you have questions or comments related to syslog-ng, do not hesitate to contact us. You can reach us by email or you can even chat with us. For a list of possibilities, check our GitHub page under the “Community” section at https://github.com/balabit/syslog-ng. On Twitter, I am available as @PCzanik.

Anonymous