[syslog-ng] syslog-ng Insider - March 2012

Peter Czanik czanik at balabit.hu
Thu Mar 29 12:44:01 CEST 2012 

Dear syslog-ng users,


This is the 12th issue of the syslog-ng Insider, a monthly newsletter 
that brings you syslog-ng related news.

Your feedback and news tips about the next issue is welcome at 
documentation at balabit.com <mailto:documentation at balabit.com>


FEATURED NEWS


GSoC wants you to code syslog-ng in the summer

----------------------------------------------

GSoC ( http://code.google.com/soc/ ) is a nice opportunity for higher 
education students to spend their summers productively by coding in open 
source software projects. This time BalaBit participates in GSoC with 
the help of the openSUSE project. If you are interested in enhancing 
syslog-ng or Zorp, please see our project ideas on the openSUSE ideas 
page: http://en.opensuse.org/openSUSE:GSOC_ideas#syslog-ng and 
http://en.opensuse.org/openSUSE:GSOC_ideas#Zorp


Alpha1 of syslog-ng 3.4 is released

-----------------------------------

The first alpha version of syslog-ng 3.4 is released. Major new features 
are junctions & channels which add even more flexibility to the 
syslog-ng configuration. There is now also a json parser, smtp 
destination and modules are now loaded automatically. For more details 
on what is new, please check Bazsi's blog:

http://bazsi.blogs.balabit.com/2012/03/first-alpha-release-of-syslog-ng-3-4-published/

Instead of using the release, it is recommended to use sources from git, 
which have some major stability fixes:

https://github.com/bazsi/syslog-ng-3.4

If you intend to package syslog-ng 3.4, it's recommended to check the 
mailing list for patches from Algernon, which make packaging easier. A 
snapshot of his work is available at: 
http://packages.madhouse-project.org/syslog-ng/algernon/3.4/syslog-ng-algernon-3.4-HEAD.tar.gz

There are already packages for openSUSE and an updated syslog-ng-devel 
port for FreeBSD. See 
http://www.balabit.com/network-security/syslog-ng/opensource-logging-system/downloads/3rd_party


The (r)evolution of name value pairs

------------------------------------

Name value pairs were at the heart of syslog-ng even before PatternDB 
made it obvious. And now the CEE board and the Lumberjack project also 
push into this direction: instead of free form text messages, use name 
value pairs for logging. Recent developments in syslog-ng also serve 
this purpose: v3.3 can output name value pairs in JSON and v3.4 will be 
able to parse these logs and turn them into name value pairs again.

How project Lumberjack can improve logging: 
http://bazsi.blogs.balabit.com/2012/02/project-lumberjack-to-improve-linux-logging/

How syslog-ng can be used for CEE (JSON) logs: 
http://algernon.blogs.balabit.com/2012/02/cee-handling-with-syslog-ng/

How using name value pairs can improve logging: 
http://czanik.blogs.balabit.com/2012/03/state-of-the-art-logging-syslog-ng-journal-ceelumberjack-and-elsa/ 
which is also the basis for our syslog-ng presentation at the LOADays 
conference: http://loadays.org/


syslog-ng community forum

-------------------------

BalaBit has had a very positive experience with the syslog-ng community 
and we believe that your feedback has played a key role in the success 
of syslog-ng. We have decided to adopt this community model to our other 
products so that we can have our customers involved in product design. 
It could be interesting for you to visit this brand new community site 
at http://communities.balabit.com <http://communities.balabit.com/>. You 
are one of the first of our friends to be invited.



OTHER SHORT NEWS


  *

    An introduction to RLTP, a protocol to make syslog-ng PE even more
    reliable:
    http://pzolee.blogs.balabit.com/2012/03/zero-message-loss-with-syslog-ng-promise-or-reality/

  *

    The libumberlog library is a thin, LD_PRELOAD-able layer on top of the legacy syslog() function, that turns those calls into something that emits its message part as a JSON formatted structured log message:http://algernon.github.com/libumberlog/

  *

    ELSA, the high performance web GUI for syslog-ng, received a few
    interesting updates to make resolving security incidents even more
    quick and efficient. For the latest examples check:
    http://ossectools.blogspot.com/


NEW RELEASES:

  *

    syslog-ng OSE 3.4 alpha1:
    http://bazsi.blogs.balabit.com/2012/03/first-alpha-release-of-syslog-ng-3-4-published/

  *

    syslog-ng PE 4F2:
    http://andrea.blogs.balabit.com/2012/02/balabits-new-syslog-ng-premium-edition-4-f2-helps-to-avoid-losing-any-evidence-from-your-it-system/

  *

    lumberlog 0.1.0: http://algernon.github.com/libumberlog/

ARCHIVE


http://insider.blogs.balabit.com/

-- 
Peter Czanik (CzP)<czanik at balabit.hu>
BalaBit IT Security / syslog-ng upstream
http://czanik.blogs.balabit.com/

More information about the syslog-ng mailing list