With about two thirds of syslog-ng users running their logging application on Red Hat Enterprise Linux (or CentOS), it is one of our most important platforms both for the open source edition (OSE) and the premium edition (PE) of syslog-ng. Next week syslog-ng is back to the Red Hat Summit again to meet our users. Our booth is #1129. Come and visit us there for lively discussions and some swag (we will have T-shirts and stickers)!
You can come to us with any type of logging questions. I help maintaining the syslog-ng package in Fedora and EPEL, and also have my own experimental packages in the Copr build service: https://copr.fedorainfracloud.org/coprs/czanik/ . If you have questions, comments, requests related to any of these, I’ll be happy to answer and discuss them in person at the booth.
The One Identity team can also demonstrate to you syslog-ng in action. Book your time slot for a free demo in advance here: https://www.syslog-ng.com/register/119928
In addition, we will also have a surprise guest at the syslog-ng booth: sudo. It is installed on practically all Linux boxes, and its developer works at One Identity (just like syslog-ng developers).
What is new in syslog-ng?
There have been lots of changes to syslog-ng since the last Red Hat Summit. It has a new release every other month, and in addition to bug fixes, the developers always come up with new features as well. Here I collected a few highlights (in the order of the new releases):
-
Support has been added for if/elif/else blocks to the configuration file syntax, which greatly simplifies writing filtering rules. For examples, check: https://www.syslog-ng.com/community/b/blog/posts/analyze-your-suricata-logs-in-real-time-using-syslog-ng
-
The hook-commands() option of syslog-ng makes it easy to execute external commands when a driver is started or stopped. For example, you can open a port in the firewall when a network source is started and close it once syslog-ng is shut down: https://www.syslog-ng.com/community/b/blog/posts/hook-commands-easy-driver-setup
-
When you have multiple syslog servers collecting logs, syslog-ng on the client side can fail over to secondary servers if the primary one becomes unavailable. It can also fail back to the primary server soon after it is back on-line (if configured so): https://www.syslog-ng.com/community/b/blog/posts/client-side-failover-and-failback-using-syslog-ng
-
Telegram is a cloud-based messaging application known for its security and speed, used by many system administrators. You can now receive critical log messages in real-time on your mobile or desktop Telegram client: https://www.syslog-ng.com/community/b/blog/posts/telegram-destination-syslog-ng
-
Linux-audit source: learn how to write an SCL to collect Linux audit logs from scratch: https://www.syslog-ng.com/community/b/blog/posts/creating-your-first-block-for-the-syslog-ng-configuration-library-scl
-
HTTP destination batching / multi-threading / framing / load-balancing enables you to send logs to Elasticsearch without using Java, or feed Splunk HTTP Event Collector at extreme speed: https://www.syslog-ng.com/community/b/blog/posts/bulk-mode-message-sending-to-elasticsearch-with-syslog-ng-http-destination
-
You can write new source drivers for syslog-ng in Python: https://www.syslog-ng.com/community/b/blog/posts/python-source-in-syslog-ng
-
Using the Slack destination, you can receive critical log messages in real-time in your Slack client on your mobile or desktop: https://www.syslog-ng.com/community/b/blog/posts/send-your-log-messages-to-slack
These were just a few of the highlights; there were many more features and bug fixes. For a complete list, check https://github.com/balabit/syslog-ng/releases/.
Note that some of the features listed on the page above are only available in syslog-ng OSE. Experimental features are not enabled in syslog-ng PE.
If you have questions or comments related to syslog-ng, do not hesitate to contact us. You can reach us by email or you can even chat with us. For a list of possibilities, check our GitHub page under the “Community” section at https://github.com/balabit/syslog-ng. On Twitter, I am available as @PCzanik.