Insider 2016-12: latest RPMs; heat maps; Elasticsearch 5;

Dear syslog-ng users,

This is the 53rd issue of the syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news.


Why and how to install the latest syslog-ng RPMs

The syslog-ng application is included in all major Linux distributions. Learn why it is still worth using unofficial repositories providing the latest version of syslog-ng. This blog provides instructions for RPM distributions, like RHEL or S– USE.

Creating heat maps using syslog-ng and Kibana

Using the key=value parser of syslog-ng you can easily extract IP addresses from different firewall log messages. The GeoIP parser can add the geolocation belonging to the IP address and Kibana can display the results on a map. Learn how to do this.

Getting started with Elasticsearch 5

For the last six months, Elastic’s communication centered around the upcoming Elastic Stack 5.0. And finally it is here: tons of new features, improved performance and a single version number for all Elastic products. Compatibility with syslog-ng was checked already during the alpha phase of development, as syslog-ng is becoming popular among Elasticsearch users: it can greatly simplify logging to Elasticsearch.

As Elastic Stack 5.0 is now generally available, here is a quick how-to guide to get you started with syslog-ng 3.8.1 and Elasticsearch 5.0 on RHEL/CentOS 7.

Fedora and openS– USE now feature syslog-ng 3.8.1

The second half of November brought us two exciting new Linux distribution releases: openS– USE Leap 42.2 and Fedora 25. Both of them are based on the RPM packaging format and cover everything from embedded through desktops to servers. While there are considerable differences: both feature the latest syslog-ng release, version 3.8.1:


Your feedback and news tips about the next issue is welcome at documentation(at)

Leave a Reply