Dear syslog-ng users,
This is the 8th issue of the syslog-ng Insider, a monthly newsletter that brings you syslog-ng related news.
Your feedback and news tips about the next issue is welcome at
syslog-ng 3.3.2 is about to be released!
A new version of syslog-ng is about to be released! There are no new features to announce, but all problems reported since 3.3.1 should be fixed by now! To make it the best syslog-ng ever, please test it to make sure, that all your problems are fixed.
Sources are available in git or as a snapshot:
Binary packages are available are available for several Linux distributions:
syslog-ng and CEE
The latest syslog-ng release, version 3.3 can be used to implement part of the “CEE over syslog” standard. BalaBit’s patterndb technology was able to extract information from syslog messages already for a long time. With this release JSON output was added, meaning the extracted information can be output as JSON data. What it means in practice, that syslog-ng is able to parse log messages, and output the extracted fields in the form required by CEE.
To see, how it works, check http://czanik.blogs.balabit.com/2011/10/cee-and-syslog-ng/
Development of syslog-ng 3.4 started
While 3.3 was just released, development of 3.4 is already started. The first version of a JSON parser is already merged. There are some pending fixes and enhancements, which add boolean, array and nested JSON parsing. Value-pairs key rewrite is work in progress and nested JSON output is also planned.
The above features among others help us to better support CEE. With key rewriting we could use a “.cee.” prefix in CEE related patterns and rewrite it later. It also makes parsing of messages possible.
All the current code is available for testing in Algernon’s 3.4 sandbox project.
To download it, use git:
$ git clone -b sandbox/3.4 firstname.lastname@example.org:algernon/syslog-ng