Category Archives: Technology

The grouping-by() parser in syslog-ng 3.8

Until recently, the correlation and aggregation of information from multiple messages was within the domain of the PatternDB parser. The limitation of this implementation is that it only worked for data extracted by PatternDB. There are now many more parsers: the CSV parser for columnar data, the JSON parser for logs in JSON format or the recently introduced key=value parser. Now I want to introduce you to a new parser, called grouping-by(). It can correlate and aggregate information independent from PatternDB. Read more about it at

Transferring Conserver Logs to Elasticsearch

If your organization manages Linux, AIX, HP-UX or Solaris servers in-house, chances are your system administrators at least occasionally need low-level access to those devices. Typically, administrators use some kind of serial console—for example, traditional serial port, Serial-over-LAN or Intelligent Platform Management Interface (IPMI). Managing and auditing console access is not trivial, so many organizations rely on the Conserver application to create session logs when accessing these servers via the serial console. These logs can be useful for various reasons—for example, maintenance or troubleshooting (to review why something crashed), security (to find out who did what—connecting user names to actual users) or compliance (to provide detailed session logs).

This article covers the following:

  • How to parse and process serial console logs using syslog-ng Open Source Edition (Balabit).
  • How to send the logs to Elasticsearch (Elastic), so you get a complete, searchable audit trail of the console access.
  • How to integrate the console logs into a real-time monitoring system using Riemann.


Introduction to disk-based buffering in syslog-ng Open Source Edition

We are glad to inform you that a few days ago the disk-based buffering functionality has appeared in syslog-ng Open Source Edition.

Disk-based buffering can be used for storing messages on the local hard disk if the central log server or the network connection to the server becomes unavailable. The syslog-ng application automatically sends the stored messages to the server when the connection is reestablished.

Continue reading

Syslog-ng and Rust

First steps towards simple and efficient parsers

2015 was the year of language bindings in syslog-ng. From now on, people can write plugins for syslog-ng not just in C, but in Java and Python as well. Java provides access to popular big data technologies, while Python makes syslog-ng incredibly extensible by system administrators. However, syslog-ng doesn’t have bindings for a language, which is as fast as C, has automatic dependency management with simplified build, development and distribution process and ensures memory safety with extensive compile time checks.

Continue reading

syslog-ng Insider – March 2013

Dear syslog-ng users,

This is the 22th issue of the syslog-ng Insider, a monthly newsletter that brings you syslog-ng related news.
Your feedback and news tips about the next issue is welcome at documentation(at)


Video: networking scenarios and filters

There is a video series in the work to introduce the basics of syslog-ng. The third video is online now, which explains networking scenarios and filters. You can watch it at

Masking credit card numbers in log messages with syslog-ng

Compliance with different regulations is becoming more and more important recently also in logging. One of these, PCI-DSS requires credit card numbers to be masked in logs. Our CTO describes, how it can be achieved using the freshly released syslog-ng 3.4 at

Brand new syslog-ng Superhero T-shirt available

The syslog-ng Superhero T-shirt was designed for open source fan geeks. Can’t wait more to get one? Simply tell us which version of syslog-ng (OSE, PE or SSB) you use, and be our public syslog-ng reference. Please send an email to Peter Czanik for more information and don’t forget to include your t-shirt size. 😉


  • openS– USE 12.3 was released yesterday and is the first Linux distribution to include syslog-ng 3.4.1



syslog-ng Insider – January 2013

Dear syslog-ng users,

This is the 20th issue of the syslog-ng Insider, a monthly newsletter that brings you syslog-ng related news.
Your feedback and news tips about the next issue is welcome at documentation(at)


Video: a short introduction to syslog-ng

There is a video series in the work to introduce the basics of syslog-ng. The first video is online now, you can watch it.

New videos will be published on the same Youtube channel. You are very welcome to subscribe to receive notifications about further syslog-ng videos and other interesting content.

syslog-ng OSE configurator

syslog-ng OSE configurator is a web application, which can generate a syslog-ng OSE configuration with only a few mouse clicks. Right now it can only deal with global options, sources, destinations and of course with logpath. There are plans to add filters and templates in the future.
For more information and links to sources and the configurator, check the authors blog

syslog-ng 3.4 RC2 is released

Version 3.4 RC2 was released today. Compared to the RC1 release, it has some minor bugfixes, mainly related to fixing compile problems of different features and platforms. This also involves an update to the bundled ivykis library from version 0.30 to 0.36.
For a summary about what’s new in the 3.4 releases, check Bazsi’s blog at

At the time of this writing there are RC1 packages for Debian, openS– USE, Ubuntu, FreeBSD ports are updated and there is a Fedora source rpm. These should be updated to RC2 in the coming days.
OpenS– USE Factory already features syslog-ng 3.4 RC1 and will be updated to RC2 after openS– USE 12.3beta1 is out.