<div dir="auto">Hmm, yeah persist-tool is tricky as it relies on code in PE that are not straightforward to port over. I would implement that function very differently.</div><div class="gmail_extra"><br><div class="gmail_quote">On May 25, 2017 12:17 PM, "Fekete, Róbert" <<a href="mailto:robert.fekete@balabit.com">robert.fekete@balabit.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi, <div><br></div><div>I'm writing regarding the "<span style="font-size:12.8px">Processing messages stuck in the disk queue files" tutorial that we referenced in the newsletter.</span></div><div><span style="font-size:12.8px">Unfortunately, it turned out that the tutorial does not apply to syslog-ng OSE yet, because the persist-tool utility used in the tutorial is not part of OSE yet. </span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">So to avoid any confusion and frustration, I'm removing the tutorial from the OSE documentation page until the utility is released in OSE as well.</span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">My apologies for the inconvenience. </span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">Kind Regards, </span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">Robert Fekete</span></div><br style="font-size:12.8px"></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, May 18, 2017 at 12:09 PM, Czanik, Péter <span dir="ltr"><<a href="mailto:peter.czanik@balabit.com" target="_blank">peter.czanik@balabit.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Dear syslog-ng users,<br>
<br>
This is the 58th issue of syslog-ng Insider, a monthly newsletter that<br>
brings you syslog-ng-related news.<br>
<br>
<br>
<br>
NEWS<br>
<br>
<br>
<br>
osquery and syslog-ng<br>
<br>
---------------------<br>
<br>
osquery allows you to ask questions about your machine using an<br>
SQL-like language. For example, you can query running processes,<br>
logged in users, installed packages and syslog messages as well. From<br>
this post, you will learn how to send log messages to osquery, read<br>
osquery logs using syslog-ng, and how to parse the JSON-based log<br>
messages of osquery, so selected fields can be forwarded to<br>
Elasticsearch or other destinations expecting name-value pairs.<br>
<br>
<a href="https://www.balabit.com/blog/endpoint-visibility-and-monitoring-using-osquery-and-syslog-ng/" rel="noreferrer" target="_blank">https://www.balabit.com/blog/e<wbr>ndpoint-visibility-and-monitor<wbr>ing-using-osquery-and-syslog-<wbr>ng/</a><br>
<br>
<br>
<br>
SELinux in enforcing mode<br>
<br>
-------------------------<br>
<br>
Security-Enhanced Linux (SELinux) is a set of kernel and user-space<br>
tools enforcing strict access control policies. It is also the tool<br>
behind at least half of the syslog-ng problem reports. SELinux rules<br>
in Linux distributions cover all aspects of the syslog-ng<br>
configuration coming in the syslog-ng package available in the<br>
distribution. But as soon as an unusual port number or directory name<br>
is specified in the configuration, syslog-ng fails to work even with a<br>
perfectly legitimate configuration. While preventing unusual access is<br>
the main feature of SELinux, it also causes lots of headaches for<br>
unsuspecting administrators. Learn how you can use syslog-ng with<br>
SELinux in enforcing mode.<br>
<br>
<a href="https://www.balabit.com/blog/using-syslog-ng-with-selinux-in-enforcing-mode/" rel="noreferrer" target="_blank">https://www.balabit.com/blog/u<wbr>sing-syslog-ng-with-selinux-in<wbr>-enforcing-mode/</a><br>
<br>
<br>
<br>
<br>
<br>
Processing messages stuck in the disk queue files<br>
<br>
------------------------------<wbr>-------------------<br>
<br>
When you change the configuration of a syslog-ng host that uses<br>
disk-based buffering (also called disk queue), syslog-ng may start new<br>
disk buffer files for the destinations that you have changed. Learn<br>
how you can flush log messages from the orphaned disk queue files from<br>
our new document:<br>
<br>
<a href="https://www.balabit.com/documents/syslog-ng-ose-3.9-guides/en/syslog-ng-diskbuffer-recovery/html/index.html" rel="noreferrer" target="_blank">https://www.balabit.com/docume<wbr>nts/syslog-ng-ose-3.9-guides/<wbr>en/syslog-ng-diskbuffer-<wbr>recovery/html/index.html</a><br>
<br>
<br>
<br>
UPCOMING EVENTS<br>
<br>
<br>
<br>
You can learn about syslog-ng at a growing number of events:<br>
<br>
Big Data Universe: <a href="https://bdu.hu/" rel="noreferrer" target="_blank">https://bdu.hu/</a><br>
<br>
openSUSE conference: <a href="https://events.opensuse.org/conference/oSC17" rel="noreferrer" target="_blank">https://events.opensuse.org/co<wbr>nference/oSC17</a><br>
<br>
Libre Software Meeting: <a href="https://2017.rmll.info/" rel="noreferrer" target="_blank">https://2017.rmll.info/</a><br>
<br>
<br>
<br>
<br>
<br>
Your feedback and news, or tips about the next issue are welcome at<br>
<a href="mailto:documentation@balabit.com" target="_blank">documentation@balabit.com</a>. To read this newsletter online, visit:<br>
<a href="https://syslog-ng.org/" rel="noreferrer" target="_blank">https://syslog-ng.org/</a><br>
<br>
<br>
Peter Czanik (CzP) <<a href="mailto:peter.czanik@balabit.com" target="_blank">peter.czanik@balabit.com</a>><br>
Balabit / syslog-ng upstream<br>
<a href="https://www.balabit.com/blog/author/peterczanik/" rel="noreferrer" target="_blank">https://www.balabit.com/blog/a<wbr>uthor/peterczanik/</a><br>
<a href="https://twitter.com/PCzanik" rel="noreferrer" target="_blank">https://twitter.com/PCzanik</a><br>
______________________________<wbr>______________________________<wbr>__________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailm<wbr>an/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support<wbr>/documentation/?product=<wbr>syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/sy<wbr>slog-ng-faq</a><br>
<br>
</blockquote></div><br></div>
<br>______________________________<wbr>______________________________<wbr>__________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/<wbr>mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/<wbr>support/documentation/?<wbr>product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/<wbr>syslog-ng-faq</a><br>
<br>
<br></blockquote></div></div>