Dear syslog-ng users, This is the 14th issue of the syslog-ng Insider, a monthly newsletter that brings you syslog-ng related news. Your feedback and news tips about the next issue is welcome at documentation@balabit.com <mailto:documentation@balabit.com> FEATURED NEWS New features in syslog-ng 3.4 ----------------------------- The CEE/Lumberjack project might be very silent recently, but is still a good excuse to demonstrate some of the new features of syslog-ng 3.4. These make implementing structured logging (and this way CEE) possible by adding a JSON parser, marker detection, channels and junctions and a flexible use of blocks, so complex configurations can be combined in a block and easily reused in many configs. For details and examples check: http://bazsi.blogs.balabit.com/2012/05/cee-prototype-and-a-show-case-for-the... Version 3.4 also merges many features from syslog-ng PE, which can be followed in git commit messages. These include the SYSUPTIME macro, AM/PM related macros, test cases, support for Cisco sequence numbers, etc. Git commits: https://github.com/bazsi/syslog-ng-3.4/commits/master Message rate alerting in SSB ---------------------------- Even though syslog-ng Store Box neither is nor aims to be a full-blown SIEM solution, it can be and is indeed often used to detect anomalies, identify possible threats, and find problems within an organization's IT infrastructure. One important thing to note is that it is not only the contents of log messages that carry information about what happens in the network but their volume too. Read how message rate alerting works in SSB at http://gyp.blogs.balabit.com/2012/06/new-features-in-ssb-3-lts-message-rate-... syslog-ng 3.3 has a new maintainer ---------------------------------- As Bazsi, lead developer of syslog-ng announced on the syslog-ng mailing list, the stable version has now a new maintainer. He is Gergely Nagy, or better known as Algernon, who coded some interesting new features for syslog-ng, including a MongoDB destination, and a JSON output and parser (for 3.4). This change will leave Bazsi more time for 3.4 developments and also speed up merging bugfixes to the 3.3 line. Announcement: https://lists.balabit.hu/pipermail/syslog-ng/2012-May/018885.html Algernon's plans: http://algernon.blogs.balabit.com/2012/05/hats-and-sticks/ syslog-ng community forum ------------------------- For those, who prefer to use web based forums instead of mailing lists, BalaBit provides now a community forum. Right now there are over forty users and their number is growing every day. If you want to read about interesting topics, or could help fellow users using a forum instead of the mailing list, please visit the forum at http://communities.balabit.com/balabit OTHER SHORT NEWS * Follow syslog-ng development on twitter: http://twitter.com/bazsi771 * FreeBSD users love syslog-ng: http://czanik.blogs.balabit.com/2012/06/freebsd-pfsense-and-syslog-ng/ NEW RELEASES: * SSB (syslog-ng store box) 3LTS: http://andrea.blogs.balabit.com/2012/05/balabit-announces-new-release-of-its... ARCHIVE http://insider.blogs.balabit.com/ -- Peter Czanik (CzP)<czanik@balabit.hu> BalaBit IT Security / syslog-ng upstream http://czanik.blogs.balabit.com/