[syslog-ng] insider 2014-01: Conferences; 3.6 pre-alpha ; incubator ; PCI-DSS

Peter Czanik czanik at balabit.hu
Thu Jan 9 12:02:07 CET 2014 

Dear syslog-ng users,


This is the 30th issue of the syslog-ng Insider, a monthly newsletter 
that brings you syslog-ng related news.


FEATURED NEWS


syslog-ng at conferences

------------------------

This year, we plan to present syslog-ng in many conferences, or just 
participate conferences where many syslog-ng users are expected to show 
up. If you want to meet someone from the syslog-ng team, come to one of 
our presentations or drop an e-mail so we can find each other. We are 
also very interested to hear suggestions, where syslog-ng should be 
presented!

Here is a list of confirmed events, which will be updated regularly in 
later newsletters:

FOSDEM, 1-2 February, Brussels, Belgium: https://fosdem.org/2014/, 
giving a talk titled: “Babelfish for DevOps: syslog-ng”

Fedora, JBoss and RedHat developers conference, 7-9 February, Brno, 
Czech Republic: http://devconf.cz/, Participating only

Open Source Data Center Conference, 8-10 April, Berlin, Germany: 
http://www.netways.de/osdc/, Giving a talk titled "Monitoring with 
syslog-ng, Riemann and Kibana"


Check out syslog-ng 3.6 pre-alpha!

----------------------------------
While syslog-ng 3.6 still did not even reach an alpha release, it 
received already a lot of development. So, while it might still eat your 
logs for lunch, those who are interested in where syslog-ng is heading 
should check out syslog-ng 3.6 from git. Unlike previous syslog-ng 
versions, it is developed in a unified git repository without a version 
string attached: https://github.com/balabit/syslog-ng

While most changes are under the hood, there are also some user visible 
features like pseudofile destination: 
https://github.com/balabit/syslog-ng/commit/be381a4e3f3eca0695f5976678ea26c1ec0a80e4

Nodejs support was also added tosyslog-ng: use the widespread winston 
logging API, and syslog-ng will process its JSON formatted messages: 
https://bazsi.blogs.balabit.com/2014/01/nodejs-support-in-syslog-ng/

And if you look at the stats at http://www.ohloh.net/p/syslog-ng you can 
see a healthy growth of the code base and in the number of contributors. 
Thank you for your support!


syslog-ng incubator

-------------------

The syslog-ng incubator is a collection of tools and modules which are 
not (yet) part of the official repository. It has some very interesting 
code in it, like a riemann or an RSS destination, but until now it was 
completely undocumented. Not any more: 
http://asylum.madhouse-project.org/blog/2013/12/29/the-incubator/

The Incubator also includes a Lua destination, which makes it possible to write
simple destination drivers without a line of C. It is still a work in progress,
but is an important step into writing modules in other languages.

And to make your life easier packages are available in Debian testing, 
Ubuntu Trustyand for openSUSE in the 3^rd party repositories ( 
http://www.balabit.com/network-security/syslog-ng/opensource-logging-system/downloads/3rd-party 
).


    PCI DSS 3.0 Continues to Emphasize the Importance of Log Management

-------------------------------------------------------------------

The Payment Card Industry Security Standards Council recently released 
the Data Security Standard 3.0, three years after the prior version. As 
one of the most important international data security standards, the 
latest release was eagerly awaited by IT security practitioners. 
Clarifications make up the bulk of the changes but the standards council 
changed most of the 12 major requirements to include modified or 
additional sub-requirements. With PCI DSS 3.0 the standards council has 
reiterated that log management is a critical part of security best 
practices.

You can read more about it at 
https://jluby.blogs.balabit.com/2013/12/09/pci-dss-3-0-continues-to-emphasize-the-importance-of-log-management/


SHORT NEWS:

  *

    Testing syslog-ng PE on Windows was never so easy: Windows Quick
    Start Guide for syslog-ng Premium Edition:
    http://czanik.blogs.balabit.com/2013/12/syslog-ng-on-windows-quick-start-guide/

  *

    TLS vulnerabilities in log traffic: syslog-ng vs. BEAST, CRIME and
    BREACH:http://gyp.blogs.balabit.com/2013/12/syslog-ng-vs-beast-crime-and-breach/

  *

    Top 6 SANS Essential Categories of Log Reports 2013:
    http://czanik.blogs.balabit.com/2013/12/top-6-sans-essential-categories-of-log-reports-2013/

  *

    Shortening Breach Resolution Times with Distributed Log Management:
    http://jluby.blogs.balabit.com/2013/12/30/shortening-breach-resolution-times-with-distributed-log-management/


NEW RELEASES

  *

    syslog-ng 3.5.3:
    https://lists.balabit.hu/pipermail/syslog-ng-announce/2013-December/000177.html

  *

    syslog-ng 3.4.7:
    https://lists.balabit.hu/pipermail/syslog-ng-announce/2013-December/000178.html

Your feedback and news tips about the next issue is welcome at 
documentation at balabit.com <mailto:documentation at balabit.com> To read 
this newsletter on-line, visit: http://insider.blogs.balabit.com/


-- 
Peter Czanik (CzP) <czanik at balabit.hu>
BalaBit IT Security / syslog-ng upstream
http://czanik.blogs.balabit.com/
https://twitter.com/PCzanik

More information about the syslog-ng mailing list