Dear syslog-ng users,

This is the 114th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news.


Sending logs to Splunk using syslog-ng

There are many ways you can collect log messages using syslog-ng and forward them to Splunk. In this blog I collect the history of Splunk support in syslog-ng, and the advantages and disadvantages of various solutions, both open source and commercial.

Developing a syslog-ng configuration

This year I started publishing a syslog-ng tutorial series both on my blog and on YouTube: And while the series was praised as the best possible introduction to syslog-ng, viewers also mentioned that one interesting element is missing from it: namely, it does not tell users how to develop a syslog-ng configuration.

So, in this blog, learn how to develop a syslog-ng configuration from the ground up! I will explain not just the end result, but also the process and the steps to take to develop a configuration. It starts with a single source and destination, then concludes with a conditional log path and sending parsed and enriched logs to Elasticsearch (or a compatible document store).

Systemd-journald vs. syslog-ng

Even if most people ask me to compare systemd-journald vs. syslog-ng, I would say that they complement each other. Systemd-journald excels at collecting local log messages, including those of various system services. The focus of syslog-ng is on central log collection and forwarding the logs to a wide variety of destinations after processing and filtering. Combining the two gives you the most flexibility.


Your feedback and news, or tips about the next issue are welcome. To read this newsletter online, visit:

Related Content