Dear syslog-ng users, This is the 57th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news. NEWS Central log server in Docker ---------------------------- Containerization, and Docker in particular, changed the way we distribute and run applications. Your central log server can also run in a Docker container. If you wish to deploy your log server running syslog-ng in a Docker container, it is available as a ready-to-use image from the Docker Hub, already passing 500K pulls. Read how at https://www.balabit.com/blog/central-log-server-docker/ Feeding the Splunk HTTP event collector --------------------------------------- Using the HTTP destination of syslog-ng, you can feed the Splunk HTTP event collector (HEC) with log messages. This can simplify your logging architecture, because there is no need to store data in files and to use a Splunk forwarder. Read more about how to configure it on the Splunk website at https://www.splunk.com/blog/2017/03/30/syslog-ng-and-hec-scalable-aggregated... syslog-ng PE 7.0.2 available ---------------------------- The latest syslog-ng Premium Edition release adds two interesting new features: you can write message parsers and template functions in Python and the monitoring() source allows you to granularly select which statistics of syslog-ng PE you want to monitor. https://www.balabit.com/blog/monitor-your-syslog-ng-architecture-easier/ Collecting and parsing Suricata logs ------------------------------------ You can use syslog-ng to collect and parse the JSON-based log messages of Suricata. Learn how you can send these logs to Loggly or Elasticsearch for further analysis or configure simple alerting within syslog-ng: https://www.balabit.com/blog/collecting-and-parsing-suricata-logs-using-sysl... Tutorial videos --------------- Patrick Bailey (https://twitter.com/whiteboardcoder) created a couple of tutorial videos about syslog-ng. These cover installation and initial configuration on Ubuntu, opening a network port for collecting log messages and sending JSON-based log messages: - https://www.youtube.com/watch?v=DrfBU9nBeoE - https://www.youtube.com/watch?v=YAYfBteY0kg - https://www.youtube.com/watch?v=Uejb0agO2NU UPCOMING EVENTS You can learn about syslog-ng at a growing number of events: HEPIX Spring Workshop: https://indico.cern.ch/event/595396/ Big Data Universe: https://bdu.hu/ openSUSE conference: https://events.opensuse.org/conference/oSC17 NEW RELEASES syslog-ng PE 7.0.2: https://www.balabit.com/documents/syslog-ng-pe-7.0-guides/en/syslog-ng-pe-gu... Your feedback and news, or tips about the next issue are welcome at documentation@balabit.com. To read this newsletter online, visit: https://syslog-ng.org/ Peter Czanik (CzP) <peter.czanik@balabit.com> Balabit / syslog-ng upstream https://www.balabit.com/blog/author/peterczanik/ https://twitter.com/PCzanik