Dear syslog-ng users, This is the 73rd issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news. NEWS syslog-ng 3.20.1 released ------------------------- Version 3.20.1 of syslog-ng was released. It adds persist-tool to manipulate persists files, a collectd destination, parsers for Netskope and Websense logs, and list support to JSON and XML. Naturally, bug fixes and many more changes were under the hood as well. There are some developer facing improvements, too, such as the fact that Python developers can now generate internal() log messages. For a complete list of changes with links to individual pull requests describing the changes in more detail, check https://github.com/balabit/syslog-ng/releases/tag/syslog-ng-3.20.1 Documentation for most of the new features is now available online at https://www.syslog-ng.com/technical-documents/list/syslog-ng-open-source-edi... Visualizing Fail2ban logs in Kibana ----------------------------------- In his previous syslog-ng blog post, Balage wrote about how you can enrich Fail2ban logs with GeoIP metadata and other data parsed from the logs. In this post he will show you how you can use syslog-ng to send the logs into Elasticsearch and how visualizing Fail2ban logs in Kibana can show you where the failed login attempts come from. https://balagetech.com/visualizing-fail2ban-logs-in-kibana/ Creating an HTTP source for syslog-ng in Python ----------------------------------------------- HTTP is quickly becoming the universal transport protocol of the Internet. Nowadays even DNS over HTTPS implementations are available. There is no HTTP source implemented in C for syslog-ng, but starting with syslog-ng version 3.18, you can write new source drivers for syslog-ng in Python. While performance is not as good as it would be using C, you gain flexibility and ease of implementation by using Python. From this blog post you can learn how to create a basic HTTP source for syslog-ng in Python. https://www.syslog-ng.com/community/b/blog/posts/creating-an-http-source-for... Building and running a syslog-ng container using the latest tools -----------------------------------------------------------

From this blog you can learn the basics of skopeo, buildah and podman through the examples of a syslog-ng container. These tools come from Red Hat, replacing and extending functionality of the docker daemon without the need to run a “big fat daemon” on the hosts. The architectural redesign is closer to the UNIX philosophy and here is no single point of failure.

https://www.syslog-ng.com/community/b/blog/posts/building-and-running-a-sysl... Improved log collection over UDP -------------------------------- “I'd tell you the joke about UDP, but you might not get it.” This old joke perfectly summarizes UDP. There is no guarantee (frankly, not even a real effort) that data sent over UDP ever reaches the receiving end. Still, a surprisingly large number of syslog(-ng) users still keep using UDP as their transport protocol. The introduction of the so-reuseport() option for the UDP source in syslog-ng 3.19 is for those people who, for policy or other reasons, can not switch to TCP logging but still want to make UDP log reception as reliable as possible. https://www.syslog-ng.com/community/b/blog/posts/improved-log-collection-ove... CONFERENCES * DevOps Pro talk: Syslog-ng for DevOps: Customized Logging with Python ( https://devopspro.lt/peter-czanik/ ) WEBINARS You can watch our past webinars: * Got a Hungry Splunk? Feed it Smartly with syslog-ng: https://www.brighttalk.com/webcast/16207/350610 Your feedback and news, or tips about the next issue are welcome. To read this newsletter online, visit: https://syslog-ng.com/blog/ Peter Czanik (CzP) <peter.czanik@balabit.com> Balabit (a OneIdentity company) / syslog-ng upstream https://syslog-ng.com/community/ https://twitter.com/PCzanik