Dear syslog-ng users, This is the 67th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news. NEWS syslog-ng 3.15 is released -------------------------- Version 3.15 of syslog-ng is now available. Support was added for if / elif / else blocks, which can simplify syslog-ng configuration considerably. Improved debug and error messages make finding configuration problems easier. Support for basic client-side failover was added. For a complete list of changes, check https://github.com/balabit/syslog-ng/releases/tag/syslog-ng-3.15.1. For binary packages, check https://syslog-ng.com/3rd-party-binaries. Debian ARM builds ----------------- Starting with version 3.15, the unofficial syslog-ng Debian build is also available for ARM v7. It has all of the features of the x86 edition. The build is made for Debian 9.0 and tested on a Raspberry Pi, but it most likely works on recent editions of Raspbian as well. It is available at https://download.opensuse.org/repositories/home:/laszlo_budai:/syslog-ng/Deb.... Big Data: save all or save costs? --------------------------------- When starting a new project, Big Data vendors usually recommend a “save all” and “save raw” approach, as you never know what data might come in handy later on and in what format. Companies starting those projects also often have the same approach, as they still have their infrastructure under heavy development. Both go on the assumption that storage is practically free compared to the value of data. But is it really so? Learn more at https://syslog-ng.com/blog/big-data-save-save-costs/. syslog-ng vs. systemd’s journald -------------------------------- People often ask what to use: systemd’s journald or syslog-ng? The quick answer is that most likely both, but it depends on how you use your computer(s). If you have a single standalone machine, journald is probably enough. There is even a nice desktop application to view the logs in the journal. But once you have multiple machines to manage, using syslog-ng has many advantages. Read more at https://news.opensuse.org/2018/04/30/syslog-ng-vs-systemds-journald/. Storing logs in Elasticsearch using syslog-ng --------------------------------------------- Get started with sending logs directly to Elasticsearch using syslog-ng. Find out how to parse data with syslog-ng, store it in Elasticsearch, and analyze it with Kibana. Learn about the basics of using syslog-ng and Elasticsearch 6 on Red Hat Enterprise Linux / CentOS. Discover how to send netdata metrics through syslog-ng to Elasticsearch. Read our technical white paper at https://pages.balabit.com/storing-logs-in-elasticsearch-using-syslog-ng.html Containers and automation: five conferences in two words -------------------------------------------------------- In the past couple of weeks I visited five different conferences in four different countries either as a speaker or as booth staff. Altogether I had a chance to present syslog-ng to thousands of people and discuss syslog-ng and logging in general with hundreds. Except for a Big Data event in Budapest, I could summarize the conferences in two words: containers and automation. Of course, all events covered other diverse topics as well, but the main themes were these two. Let me give you a quick overview of the events: https://syslog-ng.com/blog/containers-automation-five-conferences-two-words/. Your feedback and news, or tips about the next issue are welcome at documentation@balabit.com. To read this newsletter online, visit: https://syslog-ng.com/blog/ Peter Czanik (CzP) <peter.czanik@balabit.com> Balabit / syslog-ng upstream https://syslog-ng.com/blog/author/peterczanik/ https://twitter.com/PCzanik