During the past six weeks I visited five different conferences in four different countries either as a speaker or as booth staff. While traveling so much in such a short span of time was quite exhausting, I would do it again without hesitation. Altogether I had a chance to present syslog-ng to thousands of people and discuss syslog-ng and logging in general with hundreds.
Except for the Big Data event in Budapest, I could summarize the conferences in two words: containers and automation. Of course, all events covered other diverse topics as well, but the main themes were these two.
Let me give you a quick overview of the events.
SUSE Expert Days
The first event in the row was SUSE Expert Days in Budapest focusing on SUSE products and the latest trends in open source technologies. As a S.u.S.E. / SUSE / openSUSE user for the past 22 years, I regularly join their events, but this time I was also invited to participate in a panel discussion.
This was the first time that I had participated in a panel discussion, and while in the beginning I was quite nervous, it went pretty well. The topic was containers and I talked about syslog-ng in Docker. This is something we can be very proud of: there are tens of thousands of pulls for the Balabit syslog-ng image on the Docker hub each month and also many other images are built around syslog-ng.
After a two-year break, one of my favorite Linux conferences was running again this year in Antwerp. The Linux Open Administration Days event was originally intended as a small local conference but it quickly became international. This year I was traveling the largest distance for the event, and as usual it was worth doing so. We had a fantastic speakers dinner with tons of good discussion, fine Belgian beers, and two days packed with good talks.
The talks covered a wide range of topics, everything from file systems through container security testing to FreeBSD (my favorite talk this year), but the most popular topic was definitely automation. While a couple of years ago everyone was talking about Puppet, this year the focus was on Ansible.
As a great deal of new features arrived in syslog-ng in the past three years, in my talk I gave an overview of what has changed:lots of new parsers, disk-based buffering, storing logs to Big Data, adding geo-location to IP addresses, and many more.
Red Hat Summit
This year the Red Hat Summit was in San Francisco. Here I did not give a talk but ran the Balabit / syslog-ng booth in the expo area with three of my colleagues. Visitors ranged from swag collectors (we had a brand new t-shirt design :-)) to employees of the largest US federal agencies, defense companies, and financial institutions. We had hundreds of shorter and longer discussions at the booth covering many logging-related topics. A good number of visitors already knew syslog-ng and use it on a daily basis. I was especially happy to learn that senior Red Hat engineers are also among our users, even if syslog-ng is only available in EPEL.
A recurring discussion topic at the booth was our Optimizing SIEM use case, as many people want to separate their log collecting and log processing infrastructure. This way they can reduce costs, avoid vendor lock-in, and increase performance and reliability.
As usual, day two and three of the expo were a bit slower than the first day, so I had a chance to look around on the expo floor and also visit a couple of talks. The key takeaways were:
- automation on every level, from RHEL to Openshift using Ansible
- containers wherever it makes sense – even simple desktops – using technologies from Project Atomic
- substituting Docker with several smaller and more efficient components, like Buildah, Podman, and others.
Big Data Universe
While most of the events I participated at were for Linux administrators and developers, the Big Data Universe conference in Budapest is aimed at data and IT professionals. If you wonder how syslog-ng fits into this environment, learn more about it in the blog version of the talk I gave at the event: Save all or save costs. It describes how to process and filter any kind of streaming text data (not just log messages) using syslog-ng before saving it to a Big Data destination.
This weekend I was in Prague for the annual openSUSE Conference. While I could not stay there for the entire event, even the little time I was able to spend there proved to be very useful. My talk went well and I also had the opportunity to have very good discussions with core SUSE developers.
Just as all other Linux events I participated at, the openSUSE conference also had a strong focus on containers and automation. The only noticeable difference was that instead of Ansible, they use Salt.
In my presentation I talked about logging containers. This was based on my blog series about migrating your central log server to Docker, collecting host and Docker infrastructure logs as well as logs from other containers. You can read the Docker blog posts on my blog or read the entire series in a single white paper (note: gated content).
If you have questions or comments related to syslog-ng, do not hesitate to contact us. You can reach us by email or you can even chat with us. For a list of possibilities, check our GitHub page under the “Community” section at https://github.com/balabit/syslog-ng. On Twitter, I am available as @PCzanik.