One of the most interesting projects utilizing syslog-ng is Security Onion, a free and open source Linux distribution for threat hunting, enterprise security monitoring, and log management. It is utilizing syslog-ng for log collection and log transfe…

Dear syslog-ng users, This is the 85th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news. NEWS Parsing Cisco logs in syslog-ng Log messages generated by Cisco devices look like syslog messages at first glance, …

The first Logging as a Service (LaaS) I learned about many years ago was created by Loggly. Of course there are many more LaaS providers now. While most services also provide their own clients for sending log messages, many of them also document send…

One of the major syslog-ng features is that it can parse log messages and create name-value pairs from them. Until now the PCRE parser could not handle duplicate names for named subpatterns. Version 3.29 of syslog-ng resolves this issue by adding the…

Version 3.29 of syslog-ng was released recently including a user-contributed feature: the panos-parser(). It is parsing log messages from PAN-OS (Palo Alto Networks Operating System). Unlike some other networking devices, the message headers of PAN-O…

Dear syslog-ng users, This is the 84th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news. NEWS Using a proxy with the http() destination The http() destination is quickly becoming one of the most often used des…

Log messages generated by Cisco devices look like syslog messages at first glance, but on a closer inspection you will see that there are many smaller differences. By default, syslog-ng treats all incoming messages as syslog messages, however, Cisco …

Signal Messenger is becoming the instant messaging platform of choice for privacy-minded individuals, including many sysadmins. No wonder that some of them would like to see alerts from syslog-ng in this IM platform. Below, you can learn about an ini…

If you want to test drive syslog-ng or just want to learn something new, I recommend you checking out the BLACK ESK project. By running a single script, you can set up a containerized test environment, complete with Elasticsearch, Kibana and a syslog…

Recently Prometheus became one of the most used open source monitoring solutions. Quite a few people asked if a syslog-ng exporter is available. It is not part of syslog-ng, but there are numerous implementations available on GitHub. Now that Prometh…

Dear syslog-ng users, This is the 83rd issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news. NEWS Simplifying CA handling in syslog-ng TLS connections When talking to users about the TLS-encrypted message transfer,…

The http() destination is quickly becoming one of the most often used destinations within syslog-ng. You might already be using it even if you are not aware of it. Quite a few syslog-ng destination drivers are actually just configuration snippets in …