Dear syslog-ng users,
This is the 57th issue of the syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news.
Central log server in Docker
Containerization, and Docker in particular, changed the way we distribute and run applications. Your central log server can also run in a Docker container. If you wish to deploy your log server running syslog-ng in a Docker container, it is available as a ready-to-use image from the Docker Hub, already passing 500K pulls.
Read how at https://www.balabit.com/blog/central-log-server-docker/
Feeding the Splunk HTTP event collector
Using the HTTP destination of syslog-ng, you can feed the Splunk HTTP event collector (HEC) with log messages. This can simplify your logging architecture, because there is no need to store data in files and to use a Splunk forwarder. Read more about how to configure it on the Splunk website.
syslog-ng PE 7.0.2 available
The latest syslog-ng Premium Edition release adds two interesting new features: you can write message parsers and template functions in Python and the monitoring() source allows you to granularly select which statistics of syslog-ng PE you want to monitor.
Collecting and parsing Suricata logs
You can use syslog-ng to collect and parse the JSON-based log messages of Suricata. Learn how you can send these logs to Loggly or Elasticsearch for further analysis or configure simple alerting within syslog-ng.
Patrick Bailey created a couple of tutorial videos about syslog-ng. These cover installation and initial configuration on Ubuntu, opening a network port for collecting log messages and sending JSON-based log messages:
You can learn about syslog-ng at a growing number of events:
Your feedback and news tips about the next issue is welcome at documentation(at)balabit.com.