syslog-ng Insider – November 2011

Dear syslog-ng users,

This is the 8th issue of the syslog-ng Insider, a monthly newsletter that brings you syslog-ng related news.
Your feedback and news tips about the next issue is welcome at


syslog-ng 3.3.2 is about to be released!

A new version of syslog-ng is about to be released! There are no new features to announce, but all problems reported since 3.3.1 should be fixed by now! To make it the best syslog-ng ever, please test it to make sure, that all your problems are fixed.

Sources are available in git or as a snapshot:

  • git://

Binary packages are available are available for several Linux distributions:

syslog-ng and CEE

The latest syslog-ng release, version 3.3 can be used to implement part of the “CEE over syslog” standard. BalaBit’s patterndb technology was able to extract information from syslog messages already for a long time. With this release JSON output was added, meaning the extracted information can be output as JSON data. What it means in practice, that syslog-ng is able to parse log messages, and output the extracted fields in the form required by CEE.
To see, how it works, check

Development of syslog-ng 3.4 started

While 3.3 was just released, development of 3.4 is already started. The first version of a JSON parser is already merged. There are some pending fixes and enhancements, which add boolean, array and nested JSON parsing. Value-pairs key rewrite is work in progress and nested JSON output is also planned.
The above features among others help us to better support CEE. With key rewriting we could use a “.cee.” prefix in CEE related patterns and rewrite it later. It also makes parsing of messages possible.
All the current code is available for testing in Algernon’s 3.4 sandbox project.
To download it, use git:
$ git clone -b sandbox/3.4




A longer paper about the “Future of logging tools”, which also provides some background information about HSRL, as used in syslog-ng.

It is available at


Leave a Reply