Dear syslog-ng users, This is the 8th issue of the syslog-ng Insider, a monthly newsletter that brings you syslog-ng related news. Your feedback and news tips about the next issue is welcome at documentation@balabit.com <mailto:documentation@balabit.com> FEATURED NEWS syslog-ng 3.3.2 is about to be released! ---------------------------------------- A new version of syslog-ng is about to be released! There are no new features to announce, but all problems reported since 3.3.1 should be fixed by now! To make it the best syslog-ng ever, please test it to make sure, that all your problems are fixed. Sources are available in git or as a snapshot: * git://git.balabit.hu/bazsi/syslog-ng-3.3 * http://packages.madhouse-project.org/syslog-ng/3.3/3.3.2/syslog-ng-3.3.2-HEA... Binary packages are available are available for several Linux distributions: * openSUSE: http://download.opensuse.org/repositories/home:/czanik:/syslog-ng33/ * Debian and Ubuntu: http://asylum.madhouse-project.org/projects/debian/ syslog-ng and CEE ----------------- The latest syslog-ng release, version 3.3 can be used to implement part of the “CEE over syslog” standard. BalaBit’s patterndb <http://www.balabit.com/network-security/syslog-ng/opensource-logging-system/features/pattern_db> technology was able to extract information from syslog messages already for a long time. With this release JSON output was added, meaning the extracted information can be output as JSON data. What it means in practice, that syslog-ng is able to parse log messages, and output the extracted fields in the form required by CEE. To see, how it works, check http://czanik.blogs.balabit.com/2011/10/cee-and-syslog-ng/ Development of syslog-ng 3.4 started ------------------------------------ While 3.3 was just released, development of 3.4 is already started. The first version of a JSON parser is already merged ( https://github.com/bazsi/syslog-ng-3.4/commit/e5569687bba2551c89a78faee55bcf... ). There are some pending fixes and enhancements, which add boolean, array and nested JSON parsing ( https://github.com/algernon/syslog-ng/commits/feature/3.4/json/parser ). Value-pairs key rewrite is work in progress ( https://github.com/algernon/syslog-ng/commits/feature/3.4/value-pairs/rekey ) and nested JSON output is also planned. The above features among others help us to better support CEE. With key rewriting we could use a “.cee.” prefix in CEE related patterns and rewrite it later. It also makes parsing of messages possible. All the current code is available for testing in Algernon's 3.4 sandbox project: https://github.com/algernon/syslog-ng/tree/sandbox/3.4 To download it, use git: $ git clone -b sandbox/3.4 git@github.com:algernon/syslog-ng <mailto:git@github.com:algernon/syslog-ng> OTHER SHORT NEWS * An interesting article about centralized syslog server in Linux Journal: http://www.linuxjournal.com/content/creating-centralized-syslog-server NEW RELEASES * syslog-ng OSE 3.2.5: http://www.balabit.com/downloads/files/syslog-ng/sources/3.2.5 WHITE PAPERS A longer paper about the “Future of logging tools”, which also provides some background information about HSRL, as used in syslog-ng: http://andrea.blogs.balabit.com/files/2011/10/HSRL_backgrounder_english_fina... ARCHIVE http://insider.blogs.balabit.com/ -- Peter Czanik (CzP) <czanik@balabit.hu> BalaBit IT Security / syslog-ng upstream http://czanik.blogs.balabit.com/