Hmm, yeah persist-tool is tricky as it relies on code in PE that are not straightforward to port over. I would implement that function very differently. On May 25, 2017 12:17 PM, "Fekete, Róbert" <robert.fekete@balabit.com> wrote:
Hi,
I'm writing regarding the "Processing messages stuck in the disk queue files" tutorial that we referenced in the newsletter. Unfortunately, it turned out that the tutorial does not apply to syslog-ng OSE yet, because the persist-tool utility used in the tutorial is not part of OSE yet.
So to avoid any confusion and frustration, I'm removing the tutorial from the OSE documentation page until the utility is released in OSE as well.
My apologies for the inconvenience.
Kind Regards,
Robert Fekete
On Thu, May 18, 2017 at 12:09 PM, Czanik, Péter <peter.czanik@balabit.com> wrote:
Dear syslog-ng users,
This is the 58th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news.
NEWS
osquery and syslog-ng
---------------------
osquery allows you to ask questions about your machine using an SQL-like language. For example, you can query running processes, logged in users, installed packages and syslog messages as well. From this post, you will learn how to send log messages to osquery, read osquery logs using syslog-ng, and how to parse the JSON-based log messages of osquery, so selected fields can be forwarded to Elasticsearch or other destinations expecting name-value pairs.
https://www.balabit.com/blog/endpoint-visibility-and-monitor ing-using-osquery-and-syslog-ng/
SELinux in enforcing mode
-------------------------
Security-Enhanced Linux (SELinux) is a set of kernel and user-space tools enforcing strict access control policies. It is also the tool behind at least half of the syslog-ng problem reports. SELinux rules in Linux distributions cover all aspects of the syslog-ng configuration coming in the syslog-ng package available in the distribution. But as soon as an unusual port number or directory name is specified in the configuration, syslog-ng fails to work even with a perfectly legitimate configuration. While preventing unusual access is the main feature of SELinux, it also causes lots of headaches for unsuspecting administrators. Learn how you can use syslog-ng with SELinux in enforcing mode.
https://www.balabit.com/blog/using-syslog-ng-with-selinux-in -enforcing-mode/
Processing messages stuck in the disk queue files
-------------------------------------------------
When you change the configuration of a syslog-ng host that uses disk-based buffering (also called disk queue), syslog-ng may start new disk buffer files for the destinations that you have changed. Learn how you can flush log messages from the orphaned disk queue files from our new document:
https://www.balabit.com/documents/syslog-ng-ose-3.9-guides/ en/syslog-ng-diskbuffer-recovery/html/index.html
UPCOMING EVENTS
You can learn about syslog-ng at a growing number of events:
Big Data Universe: https://bdu.hu/
openSUSE conference: https://events.opensuse.org/conference/oSC17
Libre Software Meeting: https://2017.rmll.info/
Your feedback and news, or tips about the next issue are welcome at documentation@balabit.com. To read this newsletter online, visit: https://syslog-ng.org/
Peter Czanik (CzP) <peter.czanik@balabit.com> Balabit / syslog-ng upstream https://www.balabit.com/blog/author/peterczanik/ https://twitter.com/PCzanik ____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product= syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq