[syslog-ng] insider 2014-05: GsoC; perl & python; web interfaces; protecting logs;

Peter Czanik czanik at balabit.hu
Thu May 15 13:28:38 CEST 2014 

Dear syslog-ng users,


This is the 34th issue of the syslog-ng Insider, a monthly newsletter 
that brings you syslog-ng related news.


FEATURED NEWS


Four GsoC students are working on syslog-ng

-------------------------------------------

Thanks to Google, there are four students working on extending syslog-ng 
with new features during the summer. These are features, which were 
often requested on the mailing list or at different conferences:

- integration with configuration management systems

- ZMQ transport, both source and destination

- AMQP source driver

- TLS support for the mongodb destination

Read more about GSoC at 
https://algernon.blogs.balabit.com/2014/04/gsoc2014-syslog-ng-accepted-projects/


Python and Perl support in incubator

------------------------------------

It is still only available in git, as it needs some more polish, but the 
syslog-ng incubator gained Perl and Python support during the last 
month. Both the perl and python destinations use the value-pairs 
framework to get data transferred from syslog-ng to the script, and 
thus, work differently from the Lua destination. With value-pairs, one 
can select what parts of the message will be transferred to the script. 
The script will need to have a queue function (settable with the 
queue-func() option), which will receive a hash-map of values. 
Additionally, one can set an init and a deinit function too, to run 
whenever the driver starts or shuts down.

Check it out and let us know your experiences! It's available athttps://github.com/balabit/syslog-ng-incubator


Web based user interfaces for syslog-ng

---------------------------------------

One of the most popular BalaBit blogs is about syslog-ng web based 
graphical user interfaces (web GUIs). It's already three years old, and 
many things have changed. At that time, only a single Logging as a 
Service solution was available, now a new one pops up regularly. Also, 
there were a lot less logging-related GUIs, so some not strictly 
syslog-ng related solutions were included as well. You can read an 
updated version of the blog, focusing on syslog-ng based solutions at 
https://czanik.blogs.balabit.com/2014/05/web-based-user-interfaces-for-syslog-ng/ 



    Protecting log data against targeted attacks

--------------------------------------------

BalaBit has been saying that SIEM and other analytic tools are only as 
good as the underlying data. Attackers are also aware of this, and often 
target log management and SIEMs to hide their presence. Read this blog 
post for some logging best practices and how syslog-ng can help to 
secure your logging infrastructure:

https://jluby.blogs.balabit.com/2014/05/06/protecting-log-data-against-targeted-attacks/


NEW RELEASES

  *

    Check git if you are impatient :)


Your feedback and news tips about the next issue is welcome at 
_documentation at balabit.com <mailto:documentation at balabit.com>_To read 
this newsletter on-line, visit: _http://insider.blogs.balabit.com/_


-- 
Peter Czanik (CzP) <czanik at balabit.hu>
BalaBit IT Security / syslog-ng upstream
http://czanik.blogs.balabit.com/
https://twitter.com/PCzanik

More information about the syslog-ng mailing list