An effective security operations center starts with a reliable tool for securely collecting all logs which are relevant from a security perspective. However, as the size and complexity of the enterprise IT infrastructure increases, the amount of logs…

While most people know syslog-ng as a central syslog server, there is another use, which is less known but most likely has a lot larger installed base. It is syslog-ng embedded. Tens of millions of Kindle e-readers were sold around the world, all of …

Until recently, the correlation and aggregation of information from multiple messages was within the domain of the PatternDB parser. The limitation of this implementation is that it only worked for data extracted by PatternDB. There are now many...

Java based destination drivers were introduced to syslog-ng last year. The syslog-ng application uses libjvm.so to embed a Java Virtual Machine inside syslog-ng. Java libraries tend to have a large binary footprint, even just the Java Runtime Environ…

Figuring out how to parse your firewall logs is not always easy. This blogpost shows you some useful log-parsing techniques. For the examples, I use the logs of the Zorp proxy firewall, developed now by Balasys, the Hungarian distributor of Bala...

Once upon a time I was working on the birth of EFIKA, one of the first affordable PPC developer boards (if not the first ever). This made PowerPC available to thousands of users and developers instead of just a chosen few. Later on, already as a...

Dell’s Sonicwall firewalls protect many businesses ranging from small offices to large enterprises. Depending on the network traffic these appliances can generate an extreme amount of log messages about the hosts you connected to or t...

Performance of syslog-ng on the original Raspberry Pi was not outstanding, the peak I could reach was at about 6500 messages per second, as I wrote it in my blog in 2013. So I was curious, how the Raspberry Pi 2, with a four-core ARMv7 CPU and double…

Support for Elasticsearch was updated recently in both the Open Source (version 3.7.2) and the Premium Edition (version 5 F5) of syslog-ng. Changes were the same for both editions and brought more speed and simplici...

Anytime I tweet about syslog-ng‘s Kafka destination, I gather some new followers. Most of the time they are more interested in another Kafka, who was born in Prague by the end of the 19th century and wrote excellent sur...

Intro Anytime a new language binding is introduced to syslog-ng, somebody immediately implements an Elasticsearch destination. There is one in Lua, Perl and Python, meaning that there is a very strong interest in getting data from sysl...

There is still a surprisingly large number of people running RHEL/CentOS version 6 machines, so  I have created syslog-ng 3.7.1 packages for this aging operating system, as well. As for any syslog-ng OSE packages, there is no official support fo...