syslog-ng Insider – February 2013

Dear syslog-ng users,

This is the 21th issue of the syslog-ng Insider, a monthly newsletter that brings you syslog-ng related news.
Your feedback and news tips about the next issue is welcome at documentation(at)balabit.com

FEATURED NEWS

Video: Basic building blocks of syslog-ng.conf

There is a video series in the work to introduce the basics of syslog-ng. The second video is online now, which explains the basic building blocks of syslog-ng.conf. You can watch it.

New videos will be published on the same Youtube channel. You are very welcome to subscribe to receive notifications about further syslog-ng videos and other interesting content.

syslog-ng 3.4.1 is released

Version 3.4.1 was released at the end of January. Compared to the RC2 release, it only has some minor bugfixes. This version brings many major new features to syslog-ng: junctions and channels to make syslog-ng configuration even more flexible, a community contributed AMQP destination, improved JSON support including a parser and many value pairs related improvements. For more details, check Algernon’s blog.

At the time of this writing there are v3.4.1 packages for openS– USE and SLES, not only as 3rd party packages but also as part of the openS– USE 12.3 release. It’s also available for FreeBSD in the sysutils/syslog-ng-devel port, and already in Fedora Rawhide. Packages for various Debian and Ubuntu releases are available in algernon’s repo.

syslog-ng at conferences: FOSDEM and Brno

The syslog-ng team is actively participating in the life of the open source community. Last weekend CzP gave a talk at FOSDEM and participated a two day long brainstorming session about logging and monitoring in Antwerp. He met many interesting people from the syslog-ng community. You can read about his experiences. We will also participate http://devconf.cz/ and the systemd hackfest the day before the conference. If you are also there and want to talk about syslog-ng, we are more than happy to meet you!

SHORT NEW

NEW RELEASES

ARCHIVE

http://insider.blogs.balabit.com/

syslog-ng Insider – January 2013

Dear syslog-ng users,

This is the 20th issue of the syslog-ng Insider, a monthly newsletter that brings you syslog-ng related news.
Your feedback and news tips about the next issue is welcome at documentation(at)balabit.com

FEATURED NEWS

Video: a short introduction to syslog-ng

There is a video series in the work to introduce the basics of syslog-ng. The first video is online now, you can watch it.

New videos will be published on the same Youtube channel. You are very welcome to subscribe to receive notifications about further syslog-ng videos and other interesting content.

syslog-ng OSE configurator

syslog-ng OSE configurator is a web application, which can generate a syslog-ng OSE configuration with only a few mouse clicks. Right now it can only deal with global options, sources, destinations and of course with logpath. There are plans to add filters and templates in the future.
For more information and links to sources and the configurator, check the authors blog

syslog-ng 3.4 RC2 is released

Version 3.4 RC2 was released today. Compared to the RC1 release, it has some minor bugfixes, mainly related to fixing compile problems of different features and platforms. This also involves an update to the bundled ivykis library from version 0.30 to 0.36.
For a summary about what’s new in the 3.4 releases, check Bazsi’s blog at http://bazsi.blogs.balabit.com/2012/12/syslog-ng-3-4beta1-released/.

At the time of this writing there are RC1 packages for Debian, openS– USE, Ubuntu, FreeBSD ports are updated and there is a Fedora source rpm. These should be updated to RC2 in the coming days.
OpenS– USE Factory already features syslog-ng 3.4 RC1 and will be updated to RC2 after openS– USE 12.3beta1 is out.

SHORT NEW

NEW RELEASES

ARCHIVE

http://insider.blogs.balabit.com/

syslog-ng Insider – December 2012

Dear syslog-ng users,

This is the 19th issue of the syslog-ng Insider, a monthly newsletter that brings you syslog-ng related news.
Your feedback and news tips about the next issue is welcome at documentation(at)balabit.com

FEATURED NEWS

syslog-ng 3.4 beta1 is released

Version 3.4 beta1 was released this week, right before the Christmas holidays. It has many new features and bug fixes even since the last alpha release, most notably a new AMQP destination a JSON parser and a reworked syslog parser and network configuration, which makes configuring syslog-ng even more simple and flexible.

balabit.logstore 0.1.0 is released

The second version of the balabit.logstore project was announced last week. It is a library written in Clojure, that tries to provide a convenient API to read syslog-ng PE LogStore files. Development is still in its early phases, but it can already read unencrypted logstore files, search in them and print many useful information about them. Compared to the previous version, this has a Java API.
For more details, check the announcement.

NEW RELEASES

ARCHIVE

http://insider.blogs.balabit.com/

syslog-ng Insider – October 2012

Dear syslog-ng users,

This is the 17th issue of the syslog-ng Insider, a monthly newsletter that brings you syslog-ng related news.
Your feedback and news tips about the next issue is welcome at documentation(at)balabit.com

FEATURED NEWS

New AMQP destination driver

An important milestone in syslog-ng’s history is the AMQP destination driver, which is the first complete module contributed by a third party, and was not originated from within BalaBit! The destination allows syslog-ng to publish messages (using various exchange types) to an AMQP server such as RabbitMQ using an intuitive method: sending the headers selected by value-pairs() as headers, thereby solving the problem of how to serialize the payload: don’t.

Vote for syslog-ng Store Box to become the Best Computer Forensics Tool

We’re proud to announce we entered our syslog-ng Store Box appliance into the SC Awards US for the Best Computer Forensic Tool. Voting is now open until Oct 26. (requires registration or subscription to SC Magazine) so we kindly ask you visit https://www.bigpulse.com/m20086/ intro to vote for us. We appreciate your help.

syslog-ng 3.3.7RC2 is released

Version 3.3.7 is scheduled to arrive at the end of October, and a second release candidate was released for it (called version 3.3.6.91). It has many fixes for FreeBSD, so it should compile with the bundled ivykis on FreeBSD 8 and 9. Patches to compile it on FreeBSD 7 are included in the updated sysutils/syslog-ng-rc port.

OTHER SHORT NEWS

NEW RELEASES

ARCHIVE

http://insider.blogs.balabit.com/

syslog-ng Insider – September 2012

Dear syslog-ng users,

This is the 16th issue of the syslog-ng Insider, a monthly newsletter that brings you syslog-ng related news.
Your feedback and news tips about the next issue is welcome at documentation(at)balabit.com

FEATURED NEWS

syslog-ng 3.3.6 is released

There was a new release for the syslog-ng stable line: version 3.3.6 There are mostly bugfixes in this release but also some smaller but long waited features:

  • the @include statement now accepts globs
  • upstream ivykis is used
  • better systemd support

The change to upstream ivykis introduced a bug on FreeBSD and some other problems were also discovered. Version 3.3.7 is scheduled to arrive at the end of October, and there is now a 3.3.6.90, aka 3.3.7RC available for testing.

syslog-ng 3.4 news

Although there aren’t any new alpha releases yet, there are already plenty of news for the development branch aswell!

  • The MongoDB destination received a major speed boost, and work is underway to make it even more performant.
  • The $(format-json) function now supports nested structures.
  • There’s a MAC address parser available for patterndb.
  • A couple of new template functions were introduced, $(md5), $(sha1) and others.
  • The unit tests were improved upon greatly, and many many bugs were squashed aswell.

For the complete list of changes, you can browse the commit messages.
And while there, check out the sources and give it a try, feedback is appreciated, help us make syslog-ng even better!

SSB 3 LTS: wildcard search in logspaces

The third important new feature in SSB 3 LTS is the ability to search within log messages using wildcard characters. It is indeed a small and simple change on the surface, but brings a lot of new possibilities.
Read about the details at http://gyp.blogs.balabit.com/2012/07/new-features-in-ssb-3-lts-wildcard-search-in-logspaces/

OTHER SHORT NEWS

NEW RELEASES

CASE STUDY

ARCHIVE

http://insider.blogs.balabit.com/

syslog-ng Insider – July 2012

Dear syslog-ng users,

This is the 15th issue of the syslog-ng Insider, a monthly newsletter that brings you syslog-ng related news.
Your feedback and news tips about the next issue is welcome at
documentation(at)balabit.com

FEATURED NEWS

What’s next for syslog-ng

Sources for some previously Premium Edition-only features have been available for a while now, but have not been merged into the Open Source Edition yet. As we want to release OSE 3.4 soon, we are unlikely to have the necessary resources to merge all of these. We would like to ask Your opinion on which of these features would you like to see in the upcoming release.
Please vote and share your reasoning in the BalaBit community forum.

syslog-ng 3.4 alpha3 is released

Summer is here, when usually not much is happening. This is not the case with syslog-ng, where the third alpha of the upcoming version was released. Changes since the previous alpha version include new tag related rewrite rules, a marker option for the JSON parser to ease implementing CEE and many smaller features, like support for Cisco extended timestamp format, ported over from the Premium Edition. Of course there were also many smaller fixes, some of them merged from the 3.3 version. For a complete list, check the announcement.

As the changes since v3.3 are less drastic, than were between 3.2 and 3.3, we hope that more people will install it on their test or non critical systems. We hope to gather some feedback, how existing configurations work with syslog-ng 3.4 (so no existing feature was broken), and experiences with the new features..

syslog-ng 3.3.6 is coming

This release is a bug-fix release mostly, with a few minor – yet useful – feature enhancements. The most important one is that the patched ivykis syslog-ng 3.3 shipped with until now is no more. We build against upstream ivykis now (still included for convenience, though). Other highlights include much improved systemd support, and an enhancement to the @include feature, and many bugfixes.
It will be available in the coming days from https://www.balabit.com/downloads/files?path=/syslog-ng/open-source-edition/3.3.6

LogZilla 4.0 is released

A new major version of LogZilla, previously known as php-syslog-ng, was released last month. Next to its outstanding Cisco network device support, the new release features easier, even unattended installation, enhanced access control and search possibilities. Detailed information about the new release is available at http://www.logzilla.pro/news/releases/4.0

OTHER SHORT NEWS

NEW RELEASES

ARCHIVE

http://insider.blogs.balabit.com/

syslog-ng Insider – June 2012

Dear syslog-ng users,

This is the 14th issue of the syslog-ng Insider, a monthly newsletter that brings you syslog-ng related news.
Your feedback and news tips about the next issue is welcome at
documentation(at)balabit.com

FEATURED NEWS

New features in syslog-ng 3.4

The CEE/Lumberjack project might be very silent recently, but is still a good excuse to demonstrate some of the new features of syslog-ng 3.4. These make implementing structured logging (and this way CEE) possible by adding a JSON parser, marker detection, channels and junctions and a flexible use of blocks, so complex configurations can be combined in a block and easily reused in many configs. For details and examples check: http://bazsi.blogs.balabit.com/2012/05/cee-prototype-and-a-show-case-for-the-new-3-4-features/
Version 3.4 also merges many features from syslog-ng PE, which can be followed in git commit messages. These include the SYSUPTIME macro, AM/PM related macros, test cases, support for Cisco sequence numbers, etc.

Message rate alerting in SSB

Even though syslog-ng Store Box neither is nor aims to be a full-blown SIEM solution, it can be and is indeed often used to detect anomalies, identify possible threats, and find problems within an organization’s IT infrastructure. One important thing to note is that it is not only the contents of log messages that carry information about what happens in the network but their volume too.

Read how message rate alerting works in SSB.

syslog-ng 3.3 has a new maintainer

As Bazsi, lead developer of syslog-ng announced on the syslog-ng mailing list, the stable version has now a new maintainer. He is Gergely Nagy, or better known as Algernon, who coded some interesting new features for syslog-ng, including a MongoDB destination, and a JSON output and parser (for 3.4). This change will leave Bazsi more time for 3.4 developments and also speed up merging bugfixes to the 3.3 line.
Announcement: https://lists.balabit.hu/pipermail/syslog-ng/2012-May/018885.html
Algernon’s plans: http://algernon.blogs.balabit.com/2012/05/hats-and-sticks/

syslog-ng community forum

For those, who prefer to use web based forums instead of mailing lists, BalaBit provides now a community forum. Right now there are over forty users and their number is growing every day. If you want to read about interesting topics, or could help fellow users using a forum instead of the mailing list, please visit the forum.

OTHER SHORT NEWS

NEW RELEASES

ARCHIVE

http://insider.blogs.balabit.com/

syslog-ng Insider – May 2012

Dear syslog-ng users,

This is the 13th issue of the syslog-ng Insider, a monthly newsletter that brings you syslog-ng related news.
Your feedback and news tips about the next issue is welcome at
documentation(at)balabit.com

FEATURED NEWS

Have you tried to add custom information to log messages, fix mis-formatted logs or anonymize logs?

The next long-time-supported release of SSB version 3 LTS is about to be released. This release includes a switch to 64-bit architecture, a huge performance improvement in the indexing/searching feature for a large number of message and search patterns and a couple of new features, too. The following post plans to introduce those new features to you. The updated User’s Manual will contain a detailed description of them — this post is written more to serve as teaser and to highlight some of the use cases we had in mind when we’d planned the features, and, of course, to ask for your feedback about them.

syslog-ng participates in GSoC

This year syslog-ng participates in GSoC under the umbrella of openS– USE. We have one student accepted, who will work on syslog-ng’s mongodb destination.

MongoDB howto

One of the major reasons to update to 3.3 other than threading is MongoDB. It allows great flexibility when using patterns and storing parsed data from logs. The syslog-ng documentation covers most information necessary to use MongoDB, but this HowTo compiles all these into a single document and extends it with features from the upcoming syslog-ng 3.4 version.

OTHER SHORT NEWS

NEW RELEASES

ARCHIVE

http://insider.blogs.balabit.com/

syslog-ng Insider – March 2012

Dear syslog-ng users,

This is the 12th issue of the syslog-ng Insider, a monthly newsletter that brings you syslog-ng related news.
Your feedback and news tips about the next issue is welcome at
documentation(at)balabit.com

FEATURED NEWS

GSoC wants you to code syslog-ng in the summer

GSoC is a nice opportunity for higher education students to spend their summers productively by coding in open source software projects. This time BalaBit participates in GSoC with the help of the openS– USE project. If you are interested in enhancing syslog-ng or Zorp, please see our project ideas on the openS– USE ideas page:

Alpha1 of syslog-ng 3.4 is released

The first alpha version of syslog-ng 3.4 is released. Major new features are junctions & channels which add even more flexibility to the syslog-ng configuration. There is now also a json parser, smtp destination and modules are now loaded automatically. For more details on what is new, please check Bazsi’s blog.

Instead of using the release, it is recommended to use sources from git, which have some major stability fixes.

If you intend to package syslog-ng 3.4, it’s recommended to check the mailing list for patches from Algernon, which make packaging easier.
There are already packages for openS– USE and an updated syslog-ng-devel port for FreeBSD.

The (r)evolution of name value pairs

Name value pairs were at the heart of syslog-ng even before PatternDB made it obvious. And now the CEE board and the Lumberjack project also push into this direction: instead of free form text messages, use name value pairs for logging. Recent developments in syslog-ng also serve this purpose: v3.3 can output name value pairs in JSON and v3.4 will be able to parse these logs and turn them into name value pairs again.

syslog-ng community forum

BalaBit has had a very positive experience with the syslog-ng community and we believe that your feedback has played a key role in the success of syslog-ng. We have decided to adopt this community model to our other products so that we can have our customers involved in product design. It could be interesting for you to visit this brand new community site. You are one of the first of our friends to be invited.

OTHER SHORT NEWS

NEW RELEASES

ARCHIVE

http://insider.blogs.balabit.com/

syslog-ng Insider – February 2012

Dear syslog-ng users,

This is the 11th issue of the syslog-ng Insider, a monthly newsletter that brings you syslog-ng related news.
Your feedback and news tips about the next issue is welcome at
documentation(at)balabit.com

FEATURED NEWS

Brno: Fedora, CEE, journal and syslog-ng

Last week the Brno Red Hat office hosted two conferences, one small about logging and the Fedora Developer conference. The logging miniconf covered some very hot topics: CEE, journal, auditd and some lesser known projects, like ELAPI. After the formal program, we had some very good discussions about the future of logging.
You can check the diagram drawn up as conclusion here:
http://czanik.blogs.balabit.com/2012/02/brno-fedora-cee-journal-and-syslog-ng/
And read more about how syslog-ng supports CEE: http://algernon.blogs.balabit.com/2012/02/cee-handling-with-syslog-ng/

BalaBit has just released the latest version of its leading log management tool, syslog-ng 4 F2

Adding to the existing, rich feature set which includes high-performance multi-thread processing, encrypted and timestamped log files, disk-based buffering, direct database access, native TLS support, the syslog-ng 4 F2 now supports Application-level Acknowledgement via Reliable Log Transport Protocol (RLTP)™ , a new transport protocol that prevents message loss during connection breaks. In addition, the latest version of syslog-ng can now natively collect and process log messages from SQL databases enabling users to easily manage log messages from a wide variety of enterprise software and custom applications.

syslog-ng 3.3.4 is released

It is a bugfix release, which fixes all previously known problems in the 3.3 series. There is only one change in 3.3 sources since the last release: manual pages were put under the GPL, and XML sources are now also available, so that the entire source code of syslog-ng is free from this point onwards.

Sources are available at https://www.balabit.com/network-security/syslog-ng/opensource-logging-system/downloads/download.

Packages for some distributions are available from https://www.balabit.com/network-security/syslog-ng/opensource-logging-system/downloads/3rd_party

Detailed changelog is available at https://www.balabit.com/files/syslog-ng/open-source-edition/3.3.4/changelog-en.txt

Documentation was also updated: https://www.balabit.com/support/documentation/documents/syslog-ng-ose-3.3-guides/syslog-ng-ose-v3.3-guide-admin-en.html/bk01-toc.html

EU Data Protection Directive – How a single regulation could boost the transparency in IT security?

Personal opinion from Balázs Scheidler, CEO of BalaBit

Overall, the EU Data Protection Directive can be a milestone in boosting the transparency of IT security at organizations – similarly to the regulatory compliance regulations after the Enron case. If adopted, the new directive could bring about a change in the implementation of IT security policies so that the current focus on audits could shift to the deeper integration of IT security processes into business processes.
As logging and log management are the base of every monitoring method, technologies with high-speed and zero message loss capabilities, like syslog-ng, will come to the front. Encrypting log files, in which companies store user names, passwords and other sensitive company data is also key to prevent data loss. http://bscheidler.blogs.balabit.com/2012/02/eu-data-protection-directive-how-a-single-regulation-could-boost-the-transparency-in-it-security/

OTHER SHORT NEWS

NEW RELEASES

ARCHIVE

http://insider.blogs.balabit.com/