Sometimes you have many log messages from an app, but none of them have the exact content you need. This is where the grouping-by() parser of syslog-ng can help. It allows you to aggregate information from multiple log messages into a single message.…

Most log messages fit on a single line. However, Windows and some developer tools and services, like Tomcat, write multi-line log messages. These can come in various formats. For example, new log messages start with a date in a specific format. You u…

Version 4.6 of syslog-ng introduced windows-eventlog-xml-parser(), a dedicated parser for XML-formatted event logs from Windows. It makes the EventData portion of log messages more useful, as it combines two arrays into a list of name-value pairs. Be…

Dear syslog-ng users, This is the 117th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news. NEWS Version 4.5.0 of syslog-ng is now available with OpenObserve JSON API support Recently, syslog-ng 4.5.0 was releas…

Version 4.6.0 of syslog-ng features not just a new, native log collector for MacOS, but also darwin-oslog-stream(), which can also collect non-persistent log events. Beware that it can collect many megabytes of logs even in just a few minutes! Howeve…

Do you have to forward large amounts of logs between two syslog-ng instances? OTLP (OpenTelemetry protocol) support in syslog-ng was contributed by Axoflow, and it can solve this problem. Just like the ewmm() destination, syslog-ng-otlp() forwards mo…

You know that support for MacOS is important when every third visitor at the syslog-ng booth of Red Hat Summit asks if syslog-ng works on MacOS. With the upcoming syslog-ng version 4.6.0, syslog-ng not only compiles on MacOS, but it also collects loc…

Dear syslog-ng users, This is the 116th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news. NEWS Why use a http()-based destination in syslog-ng? Logging is not just syslog anymore. Still, many syslog-ng users s…

Many Linux distributions provide build services under various names: openSUSE Build Service (OBS), Fedora Copr, and so on. These resources are indispensable for upstream developers, and also for their users. I will demonstrate this through some examp…

Dear syslog-ng users, This is the 115th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news. NEWS Compressing HTTP traffic in syslog-ng Network traffic is expensive in the cloud, and even a single syslog-ng insta…

One of the most frequent syslog-ng feature requests is now resolved. Welcome the --check-startup option, allowing you to check the syntax and also spot spelling mistakes! Before you begin To use the --check-startup option, you need version 4.5.0 or l…

Recently, syslog-ng 4.5.0 was released with many new features. These include sending logs to OpenObserve using its JSON API, support for Google Pub/Sub, a new macro describing message transport mechanisms like RFC 3164 + TCP, an SSL option to ignore …