It is the third year that syslog-ng has participated at Southern California Linux Expo or, as better known to many, SCALE ‒ the largest Linux event in the USA. In many ways it is similar to FOSDEM in Europe, however, SCALE also focuses on users and administrators, not just developers. It was a pretty busy four days for me.
Balabit had a booth in the expo area, where I answered a lot of syslog-ng and log management related questions. Saturday evening we organized a syslog-ng Birds of a Feather event and on Sunday I gave a presentation on how to deal with security logs using syslog-ng. While I had a little time for anything else, I did manage to listen to some talks as well.
Booth
I was really happy with the number of visitors showing up at our booth. There is a much broader audience at SCALE than at most European events: students are encouraged to join (so they are not only exposed to commercial products), and technology veterans also attend. It was great to see students actively participate, asking good questions.
In addition to talking to people and answering questions, we also gave away hundreds of syslog-ng superhero t-shirts, stickers and webcam covers. With privacy-related problems on the rise, these latter ones were especially popular. Many people are replacing tapes, as it is a bit easier to handle 
Birds of a Feather
BoF is a freestyle event with no prepared speeches, but rather focusing on discussions. We had almost twice the number of visitors turning up than last year.
First, a member of the audience talked about how he is using syslog-ng for PCI DSS compliance, making sure that no credit card numbers and related information are showing up in the log messages. Next, a colleague of mine from our New York office talked briefly about configuring and scaling syslog-ng. For the rest of the event, we had great conversations not just about syslog-ng, but also just about random everyday stuff somehow related to IT security.
Presentation
On Sunday I gave a talk with the title “Get the most out of your security logs using syslog-ng”. The slides of my talk are now available online here.
FAQ
We received many questions during our stay at SCALE. Let’s see the most frequent ones (with short answers, of course):
Q: How does syslog-ng compare to Logstash / Beats?
A: Read my blog here.
Q: How does syslog-ng compare to Splunk / Qradar / insert your SIEM of choice here?
A: syslog-ng (and syslog-ng Store Box) does not compete with these, rather complement them, and thus reduces the total cost of ownership. Our software does the collection and filtering of log messages, while SIEMs do the analysis, alerting and act as a single pane of glass in a SOC.
Q: How can I use the python parser?
A: The python parser is not yet part of a release. An initial version is merged and is still under development. Right now it is documented in the pull request. If you want to try it, you either need to compile the latest sources from GitHub or use my rpm packages.
Q: Where is ELSA 2.0 (PEG) – an application built around syslog-ng, patterndb and Elasticsearch – available?
A: It is still under development. Sources are available on GitHub. Take a look under the “galaxy” and “pulsar” repositories.
Other talks
Although I spent most of my time at the Balabit booth, fortunately I had a chance to visit a few talks as well. Here are just a few highlights:
- Even if I don’t use Ubuntu, one of my favorite talk was given by System76 CEO Carl Richell about their new machines. He introduced a number of very interesting examples on stage: a HPC node with GPU acceleration, an ARM server with 96 cores, and also a super thin laptop, all running Ubuntu Linux out of the box:
- Murali Paluru of Rancher Labs presented about refactoring applications to microservices.
- Christine Corbett-Moran of Caltech talked about open source software as a form of activism.
SCALE was great again this year ‒ as a speaker, exhibitor and also as a regular participant. I hope to be there next year again!
