Dear syslog-ng users,
This is the 53rd issue of the syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news.
Why and how to install the latest syslog-ng RPMs
The syslog-ng application is included in all major Linux distributions. Learn why it is still worth using unofficial repositories providing the latest version of syslog-ng. This blog provides instructions for RPM distributions, like RHEL or S– USE.
Creating heat maps using syslog-ng and Kibana
Using the key=value parser of syslog-ng you can easily extract IP addresses from different firewall log messages. The GeoIP parser can add the geolocation belonging to the IP address and Kibana can display the results on a map. Learn how to do this.
Getting started with Elasticsearch 5
For the last six months, Elastic’s communication centered around the upcoming Elastic Stack 5.0. And finally it is here: tons of new features, improved performance and a single version number for all Elastic products. Compatibility with syslog-ng was checked already during the alpha phase of development, as syslog-ng is becoming popular among Elasticsearch users: it can greatly simplify logging to Elasticsearch.
As Elastic Stack 5.0 is now generally available, here is a quick how-to guide to get you started with syslog-ng 3.8.1 and Elasticsearch 5.0 on RHEL/CentOS 7.
Fedora and openS– USE now feature syslog-ng 3.8.1
The second half of November brought us two exciting new Linux distribution releases: openS– USE Leap 42.2 and Fedora 25. Both of them are based on the RPM packaging format and cover everything from embedded through desktops to servers. While there are considerable differences: both feature the latest syslog-ng release, version 3.8.1: https://www.balabit.com/blog/fedora-opensuse-what-is-common-in-the-latest-releases/
Your feedback and news tips about the next issue is welcome at documentation(at)balabit.com.