The syslog-ng insider 2021-03: Kafka; Windows; Bastille;

Dear syslog-ng users,

This is the 89th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news.


Consuming logs from a Kafka topic

There is no official Kafka source in syslog-ng, but because this question comes up often enough, I created one. It is just a temporary workaround using the program() source, but it works. It involves Java and installing Kafka manually, but it was fast and reliabe in my tests: ingesting 50,000–100,000 messages a second on my laptop in a resource-constrained virtual machine.

Collecting logs from Windows

Normally I cover free and open-source software in the syslog-ng blog. But recently quite a few members of the community reached out to me and asked about collecting logs from Windows. So, I prepared a quick overview of the topic. The good news is, that syslog-ng supports collecting logs from Windows in multiple ways. The not so good news is that Windows support is only available in the commercial version of syslog-ng. There are multiple ways for collecting log messages from Windows. You can either install syslog-ng agents on Windows hosts, or you can use the Windows Event Collector (WEC) component of syslog-ng PE.

Running syslog-ng in Bastille

Bastille is a container management system for FreeBSD, similar to Docker or Podman on Linux. The historical name of containers on FreeBSD is jail, and they appeared a lot earlier than containers on Linux. Managing jails was not always easy. When I started to use this technology in production in 2001, nothing was automated. Using Bastille, you can easily create, configure, or update jails at scale. It has a template system to install applications in containers and there is a template also for syslog-ng. From this blog, you can learn how to get started with Bastille and how to create and run a syslog-ng jail using the freshly released 0.8 version of Bastille.

Syslog-ng OSE 3.31.1 released

Version 3.31.1 of syslog-ng OSE was released with the Fortigate parser, many parsing-related enhancements, silent Telegram messages, and more. For a complete list of changes, check


Your feedback and news, or tips about the next issue are welcome. To read this newsletter online, visit:

Related Content