[syslog-ng] syslog-ng Insider - June 2012

Peter Czanik czanik at balabit.hu
Thu Jun 7 12:39:51 CEST 2012 

Dear syslog-ng users,


This is the 14th issue of the syslog-ng Insider, a monthly newsletter 
that brings you syslog-ng related news.

Your feedback and news tips about the next issue is welcome at 
documentation at balabit.com <mailto:documentation at balabit.com>


FEATURED NEWS


New features in syslog-ng 3.4

-----------------------------

The CEE/Lumberjack project might be very silent recently, but is still a 
good excuse to demonstrate some of the new features of syslog-ng 3.4. 
These make implementing structured logging (and this way CEE) possible 
by adding a JSON parser, marker detection, channels and junctions and a 
flexible use of blocks, so complex configurations can be combined in a 
block and easily reused in many configs. For details and examples check: 
http://bazsi.blogs.balabit.com/2012/05/cee-prototype-and-a-show-case-for-the-new-3-4-features/

Version 3.4 also merges many features from syslog-ng PE, which can be 
followed in git commit messages. These include the SYSUPTIME macro, 
AM/PM related macros, test cases, support for Cisco sequence numbers, etc.

Git commits: https://github.com/bazsi/syslog-ng-3.4/commits/master


Message rate alerting in SSB

----------------------------

Even though syslog-ng Store Box neither is nor aims to be a full-blown 
SIEM solution, it can be and is indeed often used to detect anomalies, 
identify possible threats, and find problems within an organization's IT 
infrastructure. One important thing to note is that it is not only the 
contents of log messages that carry information about what happens in 
the network but their volume too.

Read how message rate alerting works in SSB at 
http://gyp.blogs.balabit.com/2012/06/new-features-in-ssb-3-lts-message-rate-alerting/


syslog-ng 3.3 has a new maintainer

----------------------------------
As Bazsi, lead developer of syslog-ng announced on the syslog-ng mailing 
list, the stable version has now a new maintainer. He is Gergely Nagy, 
or better known as Algernon, who coded some interesting new features for 
syslog-ng, including a MongoDB destination, and a JSON output and parser 
(for 3.4). This change will leave Bazsi more time for 3.4 developments 
and also speed up merging bugfixes to the 3.3 line.

Announcement: 
https://lists.balabit.hu/pipermail/syslog-ng/2012-May/018885.html

Algernon's plans: http://algernon.blogs.balabit.com/2012/05/hats-and-sticks/


syslog-ng community forum

-------------------------

For those, who prefer to use web based forums instead of mailing lists, 
BalaBit provides now a community forum. Right now there are over forty 
users and their number is growing every day. If you want to read about 
interesting topics, or could help fellow users using a forum instead of 
the mailing list, please visit the forum at 
http://communities.balabit.com/balabit



OTHER SHORT NEWS


  *

    Follow syslog-ng development on twitter: http://twitter.com/bazsi771

  *

    FreeBSD users love syslog-ng:
    http://czanik.blogs.balabit.com/2012/06/freebsd-pfsense-and-syslog-ng/


NEW RELEASES:

  *

    SSB (syslog-ng store box) 3LTS:
    http://andrea.blogs.balabit.com/2012/05/balabit-announces-new-release-of-its-syslog-ng-store-box-log-management-appliance/

ARCHIVE


http://insider.blogs.balabit.com/

-- 
Peter Czanik (CzP)<czanik at balabit.hu>
BalaBit IT Security / syslog-ng upstream
http://czanik.blogs.balabit.com/

More information about the syslog-ng mailing list