[syslog-ng] Insider 2017-04: Docker; Splunk HEC; Suricata; videos; upcoming events;

Czanik, P├ęter peter.czanik at balabit.com
Thu Apr 13 09:28:58 UTC 2017


Dear syslog-ng users,

This is the 57th issue of syslog-ng Insider, a monthly newsletter that
brings you syslog-ng-related news.



NEWS



Central log server in Docker

----------------------------

Containerization, and Docker in particular, changed the way we
distribute and run applications. Your central log server can also run
in a Docker container. If you wish to deploy your log server running
syslog-ng in a Docker container, it is available as a ready-to-use
image from the Docker Hub, already passing 500K pulls.

Read how at https://www.balabit.com/blog/central-log-server-docker/



Feeding the Splunk HTTP event collector

---------------------------------------

Using the HTTP destination of syslog-ng, you can feed the Splunk HTTP
event collector (HEC) with log messages. This can simplify your
logging architecture, because there is no need to store data in files
and to use a Splunk forwarder. Read more about how to configure it on
the Splunk website at
https://www.splunk.com/blog/2017/03/30/syslog-ng-and-hec-scalable-aggregated-data-collection-in-splunk.html



syslog-ng PE 7.0.2 available

----------------------------

The latest syslog-ng Premium Edition release adds two interesting new
features: you can write message parsers and template functions in
Python and the monitoring() source allows you to granularly select
which statistics of syslog-ng PE you want to monitor.

https://www.balabit.com/blog/monitor-your-syslog-ng-architecture-easier/



Collecting and parsing Suricata logs

------------------------------------

You can use syslog-ng to collect and parse the JSON-based log messages
of Suricata. Learn how you can send these logs to Loggly or
Elasticsearch for further analysis or configure simple alerting within
syslog-ng: https://www.balabit.com/blog/collecting-and-parsing-suricata-logs-using-syslog-ng/



Tutorial videos

---------------

Patrick Bailey (https://twitter.com/whiteboardcoder) created a couple
of tutorial videos about syslog-ng. These cover installation and
initial configuration on Ubuntu, opening a network port for collecting
log messages and sending JSON-based log messages:

- https://www.youtube.com/watch?v=DrfBU9nBeoE

- https://www.youtube.com/watch?v=YAYfBteY0kg

- https://www.youtube.com/watch?v=Uejb0agO2NU



UPCOMING EVENTS



You can learn about syslog-ng at a growing number of events:

HEPIX Spring Workshop: https://indico.cern.ch/event/595396/

Big Data Universe: https://bdu.hu/

openSUSE conference: https://events.opensuse.org/conference/oSC17



NEW RELEASES



syslog-ng PE 7.0.2:
https://www.balabit.com/documents/syslog-ng-pe-7.0-guides/en/syslog-ng-pe-guide-whatsnew/html-single/index.html



Your feedback and news, or tips about the next issue are welcome at
documentation at balabit.com. To read this newsletter online, visit:
https://syslog-ng.org/

Peter Czanik (CzP) <peter.czanik at balabit.com>
Balabit / syslog-ng upstream
https://www.balabit.com/blog/author/peterczanik/
https://twitter.com/PCzanik


More information about the syslog-ng mailing list