[syslog-ng] syslog-ng Insider - November 2011
Peter Czanik
czanik at balabit.hu
Fri Nov 11 07:20:46 CET 2011
Dear syslog-ng users,
This is the 8th issue of the syslog-ng Insider, a monthly newsletter
that brings you syslog-ng related news.
Your feedback and news tips about the next issue is welcome at
documentation at balabit.com <mailto:documentation at balabit.com>
FEATURED NEWS
syslog-ng 3.3.2 is about to be released!
----------------------------------------
A new version of syslog-ng is about to be released! There are no new
features to announce, but all problems reported since 3.3.1 should be
fixed by now! To make it the best syslog-ng ever, please test it to make
sure, that all your problems are fixed.
Sources are available in git or as a snapshot:
*
git://git.balabit.hu/bazsi/syslog-ng-3.3
*
http://packages.madhouse-project.org/syslog-ng/3.3/3.3.2/syslog-ng-3.3.2-HEAD.tar.gz
Binary packages are available are available for several Linux distributions:
*
openSUSE:
http://download.opensuse.org/repositories/home:/czanik:/syslog-ng33/
*
Debian and Ubuntu: http://asylum.madhouse-project.org/projects/debian/
syslog-ng and CEE
-----------------
The latest syslog-ng release, version 3.3 can be used to implement part
of the “CEE over syslog” standard. BalaBit’s patterndb
<http://www.balabit.com/network-security/syslog-ng/opensource-logging-system/features/pattern_db>
technology was able to extract information from syslog messages already
for a long time. With this release JSON output was added, meaning the
extracted information can be output as JSON data. What it means in
practice, that syslog-ng is able to parse log messages, and output the
extracted fields in the form required by CEE.
To see, how it works, check
http://czanik.blogs.balabit.com/2011/10/cee-and-syslog-ng/
Development of syslog-ng 3.4 started
------------------------------------
While 3.3 was just released, development of 3.4 is already started. The
first version of a JSON parser is already merged (
https://github.com/bazsi/syslog-ng-3.4/commit/e5569687bba2551c89a78faee55bcf8b4944066f
). There are some pending fixes and enhancements, which add boolean,
array and nested JSON parsing (
https://github.com/algernon/syslog-ng/commits/feature/3.4/json/parser ).
Value-pairs key rewrite is work in progress (
https://github.com/algernon/syslog-ng/commits/feature/3.4/value-pairs/rekey
) and nested JSON output is also planned.
The above features among others help us to better support CEE. With key
rewriting we could use a “.cee.” prefix in CEE related patterns and
rewrite it later. It also makes parsing of messages possible.
All the current code is available for testing in Algernon's 3.4 sandbox
project: https://github.com/algernon/syslog-ng/tree/sandbox/3.4
To download it, use git:
$ git clone -b sandbox/3.4 git at github.com:algernon/syslog-ng
<mailto:git at github.com:algernon/syslog-ng>
OTHER SHORT NEWS
*
An interesting article about centralized syslog server in Linux
Journal:
http://www.linuxjournal.com/content/creating-centralized-syslog-server
NEW RELEASES
*
syslog-ng OSE 3.2.5:
http://www.balabit.com/downloads/files/syslog-ng/sources/3.2.5
WHITE PAPERS
A longer paper about the “Future of logging tools”, which also provides
some background information about HSRL, as used in syslog-ng:
http://andrea.blogs.balabit.com/files/2011/10/HSRL_backgrounder_english_final1.pdf
ARCHIVE
http://insider.blogs.balabit.com/
--
Peter Czanik (CzP) <czanik at balabit.hu>
BalaBit IT Security / syslog-ng upstream
http://czanik.blogs.balabit.com/
More information about the syslog-ng
mailing list