[syslog-ng] Insider 2017-04: Docker; Splunk HEC; Suricata; videos; upcoming events;
Czanik, Péter
peter.czanik at balabit.com
Thu Apr 13 09:28:58 UTC 2017
Dear syslog-ng users,
This is the 57th issue of syslog-ng Insider, a monthly newsletter that
brings you syslog-ng-related news.
NEWS
Central log server in Docker
----------------------------
Containerization, and Docker in particular, changed the way we
distribute and run applications. Your central log server can also run
in a Docker container. If you wish to deploy your log server running
syslog-ng in a Docker container, it is available as a ready-to-use
image from the Docker Hub, already passing 500K pulls.
Read how at https://www.balabit.com/blog/central-log-server-docker/
Feeding the Splunk HTTP event collector
---------------------------------------
Using the HTTP destination of syslog-ng, you can feed the Splunk HTTP
event collector (HEC) with log messages. This can simplify your
logging architecture, because there is no need to store data in files
and to use a Splunk forwarder. Read more about how to configure it on
the Splunk website at
https://www.splunk.com/blog/2017/03/30/syslog-ng-and-hec-scalable-aggregated-data-collection-in-splunk.html
syslog-ng PE 7.0.2 available
----------------------------
The latest syslog-ng Premium Edition release adds two interesting new
features: you can write message parsers and template functions in
Python and the monitoring() source allows you to granularly select
which statistics of syslog-ng PE you want to monitor.
https://www.balabit.com/blog/monitor-your-syslog-ng-architecture-easier/
Collecting and parsing Suricata logs
------------------------------------
You can use syslog-ng to collect and parse the JSON-based log messages
of Suricata. Learn how you can send these logs to Loggly or
Elasticsearch for further analysis or configure simple alerting within
syslog-ng: https://www.balabit.com/blog/collecting-and-parsing-suricata-logs-using-syslog-ng/
Tutorial videos
---------------
Patrick Bailey (https://twitter.com/whiteboardcoder) created a couple
of tutorial videos about syslog-ng. These cover installation and
initial configuration on Ubuntu, opening a network port for collecting
log messages and sending JSON-based log messages:
- https://www.youtube.com/watch?v=DrfBU9nBeoE
- https://www.youtube.com/watch?v=YAYfBteY0kg
- https://www.youtube.com/watch?v=Uejb0agO2NU
UPCOMING EVENTS
You can learn about syslog-ng at a growing number of events:
HEPIX Spring Workshop: https://indico.cern.ch/event/595396/
Big Data Universe: https://bdu.hu/
openSUSE conference: https://events.opensuse.org/conference/oSC17
NEW RELEASES
syslog-ng PE 7.0.2:
https://www.balabit.com/documents/syslog-ng-pe-7.0-guides/en/syslog-ng-pe-guide-whatsnew/html-single/index.html
Your feedback and news, or tips about the next issue are welcome at
documentation at balabit.com. To read this newsletter online, visit:
https://syslog-ng.org/
Peter Czanik (CzP) <peter.czanik at balabit.com>
Balabit / syslog-ng upstream
https://www.balabit.com/blog/author/peterczanik/
https://twitter.com/PCzanik
More information about the syslog-ng
mailing list