Hi,I'm writing regarding the "Processing messages stuck in the disk queue files" tutorial that we referenced in the newsletter.Unfortunately, it turned out that the tutorial does not apply to syslog-ng OSE yet, because the persist-tool utility used in the tutorial is not part of OSE yet.So to avoid any confusion and frustration, I'm removing the tutorial from the OSE documentation page until the utility is released in OSE as well.My apologies for the inconvenience.Kind Regards,Robert FeketeOn Thu, May 18, 2017 at 12:09 PM, Czanik, Péter <peter.czanik@balabit.com> wrote:Dear syslog-ng users,
This is the 58th issue of syslog-ng Insider, a monthly newsletter that
brings you syslog-ng-related news.
NEWS
osquery and syslog-ng
---------------------
osquery allows you to ask questions about your machine using an
SQL-like language. For example, you can query running processes,
logged in users, installed packages and syslog messages as well. From
this post, you will learn how to send log messages to osquery, read
osquery logs using syslog-ng, and how to parse the JSON-based log
messages of osquery, so selected fields can be forwarded to
Elasticsearch or other destinations expecting name-value pairs.
https://www.balabit.com/blog/endpoint-visibility-and-monitor ing-using-osquery-and-syslog- ng/
SELinux in enforcing mode
-------------------------
Security-Enhanced Linux (SELinux) is a set of kernel and user-space
tools enforcing strict access control policies. It is also the tool
behind at least half of the syslog-ng problem reports. SELinux rules
in Linux distributions cover all aspects of the syslog-ng
configuration coming in the syslog-ng package available in the
distribution. But as soon as an unusual port number or directory name
is specified in the configuration, syslog-ng fails to work even with a
perfectly legitimate configuration. While preventing unusual access is
the main feature of SELinux, it also causes lots of headaches for
unsuspecting administrators. Learn how you can use syslog-ng with
SELinux in enforcing mode.
https://www.balabit.com/blog/using-syslog-ng-with-selinux-in -enforcing-mode/
Processing messages stuck in the disk queue files
-------------------------------------------------
When you change the configuration of a syslog-ng host that uses
disk-based buffering (also called disk queue), syslog-ng may start new
disk buffer files for the destinations that you have changed. Learn
how you can flush log messages from the orphaned disk queue files from
our new document:
https://www.balabit.com/documents/syslog-ng-ose-3.9-guides/ en/syslog-ng-diskbuffer- recovery/html/index.html
UPCOMING EVENTS
You can learn about syslog-ng at a growing number of events:
Big Data Universe: https://bdu.hu/
openSUSE conference: https://events.opensuse.org/conference/oSC17
Libre Software Meeting: https://2017.rmll.info/
Your feedback and news, or tips about the next issue are welcome at
documentation@balabit.com. To read this newsletter online, visit:
https://syslog-ng.org/
Peter Czanik (CzP) <peter.czanik@balabit.com>
Balabit / syslog-ng upstream
https://www.balabit.com/blog/author/peterczanik/
https://twitter.com/PCzanik
____________________________________________________________ __________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product= syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq
____________________________________________________________ __________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq