Free Whitepaper
Visit Balabit site
Posts Tagged ‘syslog-ng’
syslog-ng Insider – May 2012
Dear syslog-ng users,
This is the 13th issue of the syslog-ng Insider, a monthly newsletter that brings you syslog-ng related news.
Your feedback and news tips about the next issue is welcome at
documentation(at)balabit.com
FEATURED NEWS
Have you tried to add custom information to log messages, fix mis-formatted logs or anonymize logs?
The next long-time-supported release of SSB version 3 LTS is about to be released. This release includes a switch to 64-bit architecture, a huge performance improvement in the indexing/searching feature for a large number of message and search patterns and a couple of new features, too. The following post plans to introduce those new features to you. The updated User’s Manual will contain a detailed description of them — this post is written more to serve as teaser and to highlight some of the use cases we had in mind when we’d planned the features, and, of course, to ask for your feedback about them.
- http://gyp.blogs.balabit.com/2012/03/new-features-in-ssb-3-lts-rewriting-parts-of-the-messages/
- Admin guide
syslog-ng participates in GSoC
This year syslog-ng participates in GSoC under the umbrella of openSUSE. We have one student accepted, who will work on syslog-ng’s mongodb destination.
MongoDB howto
One of the major reasons to update to 3.3 other than threading is MongoDB. It allows great flexibility when using patterns and storing parsed data from logs. The syslog-ng documentation covers most information necessary to use MongoDB, but this HowTo compiles all these into a single document and extends it with features from the upcoming syslog-ng 3.4 version.
OTHER SHORT NEWS
- There is now an open source LogStore reader work in progress
- syslog-ng 3.4 alpha packages are now available in the FreeBSD ports and also for openSUSE
- syslog-ng and ELSA were presented at LOADays.
NEW RELEASES
ARCHIVE
syslog-ng Insider – March 2012
Dear syslog-ng users,
This is the 12th issue of the syslog-ng Insider, a monthly newsletter that brings you syslog-ng related news.
Your feedback and news tips about the next issue is welcome at
documentation(at)balabit.com
FEATURED NEWS
GSoC wants you to code syslog-ng in the summer
GSoC is a nice opportunity for higher education students to spend their summers productively by coding in open source software projects. This time BalaBit participates in GSoC with the help of the openSUSE project. If you are interested in enhancing syslog-ng or Zorp, please see our project ideas on the openSUSE ideas page:
- http://en.opensuse.org/openSUSE:GSOC_ideas#syslog-ng and
- http://en.opensuse.org/openSUSE:GSOC_ideas#Zorp
Alpha1 of syslog-ng 3.4 is released
The first alpha version of syslog-ng 3.4 is released. Major new features are junctions & channels which add even more flexibility to the syslog-ng configuration. There is now also a json parser, smtp destination and modules are now loaded automatically. For more details on what is new, please check Bazsi’s blog.
Instead of using the release, it is recommended to use sources from git, which have some major stability fixes.
If you intend to package syslog-ng 3.4, it’s recommended to check the mailing list for patches from Algernon, which make packaging easier. A snapshot of his work is available at: http://packages.madhouse-project.org/syslog-ng/algernon/3.4/syslog-ng-algernon-3.4-HEAD.tar.gz
There are already packages for openSUSE and an updated syslog-ng-devel port for FreeBSD.
The (r)evolution of name value pairs
Name value pairs were at the heart of syslog-ng even before PatternDB made it obvious. And now the CEE board and the Lumberjack project also push into this direction: instead of free form text messages, use name value pairs for logging. Recent developments in syslog-ng also serve this purpose: v3.3 can output name value pairs in JSON and v3.4 will be able to parse these logs and turn them into name value pairs again.
- How project Lumberjack can improve logging
- How syslog-ng can be used for CEE (JSON) logs
- How using name value pairs can improve logging which is also the basis for our syslog-ng presentation at the LOADays conference
syslog-ng community forum
BalaBit has had a very positive experience with the syslog-ng community and we believe that your feedback has played a key role in the success of syslog-ng. We have decided to adopt this community model to our other products so that we can have our customers involved in product design. It could be interesting for you to visit this brand new community site. You are one of the first of our friends to be invited.
OTHER SHORT NEWS
- An introduction to RLTP, a protocol to make syslog-ng PE even more reliable
- The libumberlog library is a thin, LD_PRELOAD-able layer on top of the legacy syslog() function, that turns those calls into something that emits its message part as a JSON formatted structured log message
- ELSA, the high performance web GUI for syslog-ng, received a few interesting updates to make resolving security incidents even more quick and efficient.
NEW RELEASES
ARCHIVE
syslog-ng Insider – February 2012
Dear syslog-ng users,
This is the 11th issue of the syslog-ng Insider, a monthly newsletter that brings you syslog-ng related news.
Your feedback and news tips about the next issue is welcome at
documentation(at)balabit.com
FEATURED NEWS
Brno: Fedora, CEE, journal and syslog-ng
Last week the Brno Red Hat office hosted two conferences, one small about logging and the Fedora Developer conference. The logging miniconf covered some very hot topics: CEE, journal, auditd and some lesser known projects, like ELAPI. After the formal program, we had some very good discussions about the future of logging.
You can check the diagram drawn up as conclusion here:
http://czanik.blogs.balabit.com/2012/02/brno-fedora-cee-journal-and-syslog-ng/
And read more about how syslog-ng supports CEE: http://algernon.blogs.balabit.com/2012/02/cee-handling-with-syslog-ng/
BalaBit has just released the latest version of its leading log management tool, syslog-ng 4 F2
Adding to the existing, rich feature set which includes high-performance multi-thread processing, encrypted and timestamped log files, disk-based buffering, direct database access, native TLS support, the syslog-ng 4 F2 now supports Application-level Acknowledgement via Reliable Log Transport Protocol (RLTP)™ , a new transport protocol that prevents message loss during connection breaks. In addition, the latest version of syslog-ng can now natively collect and process log messages from SQL databases enabling users to easily manage log messages from a wide variety of enterprise software and custom applications.
syslog-ng 3.3.4 is released
It is a bugfix release, which fixes all previously known problems in the 3.3 series. There is only one change in 3.3 sources since the last release: manual pages were put under the GPL, and XML sources are now also available, so that the entire source code of syslog-ng is free from this point onwards.
Sources are available at http://www.balabit.com/network-security/syslog-ng/opensource-logging-system/downloads/download.
Packages for some distributions are available from http://www.balabit.com/network-security/syslog-ng/opensource-logging-system/downloads/3rd_party
Detailed changelog is available at http://www.balabit.com/files/syslog-ng/open-source-edition/3.3.4/changelog-en.txt
Documentation was also updated: http://www.balabit.com/support/documentation/documents/syslog-ng-ose-3.3-guides/syslog-ng-ose-v3.3-guide-admin-en.html/bk01-toc.html
EU Data Protection Directive – How a single regulation could boost the transparency in IT security?
Personal opinion from Balázs Scheidler, CEO of BalaBit
Overall, the EU Data Protection Directive can be a milestone in boosting the transparency of IT security at organizations – similarly to the regulatory compliance regulations after the Enron case. If adopted, the new directive could bring about a change in the implementation of IT security policies so that the current focus on audits could shift to the deeper integration of IT security processes into business processes.
As logging and log management are the base of every monitoring method, technologies with high-speed and zero message loss capabilities, like syslog-ng, will come to the front. Encrypting log files, in which companies store user names, passwords and other sensitive company data is also key to prevent data loss. http://bscheidler.blogs.balabit.com/2012/02/eu-data-protection-directive-how-a-single-regulation-could-boost-the-transparency-in-it-security/
OTHER SHORT NEWS
- syslog-ng web GUI blog updated
- What makes the upcoming v3.4 even more flexible? It’s summarized by Bazsi, lead developer of syslog-ng. Watch out for an upcoming Alpha version!
- There are still many syslog-ng v2.0 users. For those, here is a teaser, what changed since that release
- A syslog-ng presentation for FOSDEM
- ELSA, the high performance web GUI for syslog-ng, received a very useful new feature, post processing of search results
NEW RELEASES
- syslog-ng OSE 3.3.4
- syslog-ng PE 4F2