The MongoDB destination receives a face-lift

Reasons behind the migration

We have migrated to the official mongo-c-driver binding for providing the MongoDB destination driver in syslog-ng 3.8. Previously in syslog-ng 3.7.x and earlier, libmongo-client provided this binding, mandating its own special syntax.

This change will facilitate future-proof and more fine-grained configuration. MongoDB 3 is not officially supported or being tested yet, but this kind of connection should theoretically enable easy MongoDB 3 support in the future.

What to do when using legacy syntax

If you have used legacy syntax in your configuration file, syslog-ng will substitute the given deprecated options to form a URI. Note that certain aspects of semantics could also differ between the two drivers.

Continue reading

The grouping-by() parser in syslog-ng 3.8

Until recently, the correlation and aggregation of information from multiple messages was within the domain of the PatternDB parser. The limitation of this implementation is that it only worked for data extracted by PatternDB. There are now many more parsers: the CSV parser for columnar data, the JSON parser for logs in JSON format or the recently introduced key=value parser. Now I want to introduce you to a new parser, called grouping-by(). It can correlate and aggregate information independent from PatternDB. Read more about it at https://czanik.blogs.balabit.com/2016/04/the-grouping_by-parser-in-syslog-ng-3-8/