Dear syslog-ng users,

This is the 138th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news.

NEWS

Version 4.11.0 of syslog-ng is now available

Version 4.11.0 of syslog-ng is now available. The main attraction is the brand new Kafka source, but there are many other smaller features and improvements, as well.

https://www.syslog-ng.com/community/b/blog/posts/version-4-11-0-of-syslog-ng-is-now-available

Using OpenSearch data streams in syslog-ng

Recently, one of our power users contributed OpenSearch data streams support to syslog-ng, which reminded me to also do some minimal testing on the latest OpenSearch release with syslog-ng. TL;DR: both worked just fine.

https://www.syslog-ng.com/community/b/blog/posts/using-opensearch-data-streams-in-syslog-ng

Changes in the syslog-ng Elasticsearch destination

While testing the latest Elasticsearch release with syslog-ng, I realized that there was already a not fully documented elasticsearch-datastream() driver. Instead of fixing the docs, I reworked the elasticsearch-http() destination to support data streams.

So, what was the problem? The driver follows a different logic in multiple places than the base elasticsearch-http() destination driver. Some of the descriptions were too general, others were missing completely. You had to read the configuration file in the syslog-ng configuration library (SCL) to configure the destination properly.

While preparing for syslog-ng 4.11.0, the OpenSearch destination received a change that allows support for data streams. I applied these changes to the elasticsearch-http() destination, and did a small compatibility change along the way, so old configurations and samples from blogs work.

https://www.syslog-ng.com/community/b/blog/posts/changes-in-the-syslog-ng-elasticsearch-destination

WEBINARS

Your feedback and news, or tips about the next issue are welcome. To read this newsletter online, visit: https://syslog-ng.com/blog/