Insider 2017-04: Docker; Splunk HEC; Suricata; videos; upcoming events;

Dear syslog-ng users,

This is the 57th issue of the syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news.


Central log server in Docker

Containerization, and Docker in particular, changed the way we distribute and run applications. Your central log server can also run in a Docker container. If you wish to deploy your log server running syslog-ng in a Docker container, it is available as a ready-to-use image from the Docker Hub, already passing 500K pulls.
Read how at

Feeding the Splunk HTTP event collector

Using the HTTP destination of syslog-ng, you can feed the Splunk HTTP event collector (HEC) with log messages. This can simplify your logging architecture, because there is no need to store data in files and to use a Splunk forwarder. Read more about how to configure it on the Splunk website.

syslog-ng PE 7.0.2 available

The latest syslog-ng Premium Edition release adds two interesting new features: you can write message parsers and template functions in Python and the monitoring() source allows you to granularly select which statistics of syslog-ng PE you want to monitor.

Collecting and parsing Suricata logs

You can use syslog-ng to collect and parse the JSON-based log messages of Suricata. Learn how you can send these logs to Loggly or Elasticsearch for further analysis or configure simple alerting within syslog-ng.

Tutorial videos

Patrick Bailey created a couple of tutorial videos about syslog-ng. These cover installation and initial configuration on Ubuntu, opening a network port for collecting log messages and sending JSON-based log messages:


You can learn about syslog-ng at a growing number of events:


Your feedback and news tips about the next issue is welcome at documentation(at)

Leave a Reply