Dear syslog-ng users, This is the 58th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news. NEWS osquery and syslog-ng --------------------- osquery allows you to ask questions about your machine using an SQL-like language. For example, you can query running processes, logged in users, installed packages and syslog messages as well. From this post, you will learn how to send log messages to osquery, read osquery logs using syslog-ng, and how to parse the JSON-based log messages of osquery, so selected fields can be forwarded to Elasticsearch or other destinations expecting name-value pairs. https://www.balabit.com/blog/endpoint-visibility-and-monitoring-using-osquer... SELinux in enforcing mode ------------------------- Security-Enhanced Linux (SELinux) is a set of kernel and user-space tools enforcing strict access control policies. It is also the tool behind at least half of the syslog-ng problem reports. SELinux rules in Linux distributions cover all aspects of the syslog-ng configuration coming in the syslog-ng package available in the distribution. But as soon as an unusual port number or directory name is specified in the configuration, syslog-ng fails to work even with a perfectly legitimate configuration. While preventing unusual access is the main feature of SELinux, it also causes lots of headaches for unsuspecting administrators. Learn how you can use syslog-ng with SELinux in enforcing mode. https://www.balabit.com/blog/using-syslog-ng-with-selinux-in-enforcing-mode/ Processing messages stuck in the disk queue files ------------------------------------------------- When you change the configuration of a syslog-ng host that uses disk-based buffering (also called disk queue), syslog-ng may start new disk buffer files for the destinations that you have changed. Learn how you can flush log messages from the orphaned disk queue files from our new document: https://www.balabit.com/documents/syslog-ng-ose-3.9-guides/en/syslog-ng-disk... UPCOMING EVENTS You can learn about syslog-ng at a growing number of events: Big Data Universe: https://bdu.hu/ openSUSE conference: https://events.opensuse.org/conference/oSC17 Libre Software Meeting: https://2017.rmll.info/ Your feedback and news, or tips about the next issue are welcome at documentation@balabit.com. To read this newsletter online, visit: https://syslog-ng.org/ Peter Czanik (CzP) <peter.czanik@balabit.com> Balabit / syslog-ng upstream https://www.balabit.com/blog/author/peterczanik/ https://twitter.com/PCzanik