[syslog-ng] Insider 2017-08: 3.11 released; wildcard-file; docker; SCL; RMLL/LSM;

Czanik, Péter peter.czanik at balabit.com
Wed Aug 2 12:50:04 UTC 2017

Dear syslog-ng users,

This is the 60th issue of syslog-ng Insider, a monthly newsletter that
brings you syslog-ng-related news.


syslog-ng 3.11 released


The latest version of syslog-ng, 3.11 is now available. The most
important new feature is the GeoIP2 parser which builds on
libmaxminddb providing both better performance and more detailed
geographical information about IP addresses. AMQP destination now
supports SSL. There are many more smaller features and bug fixes. For
a complete list check the release announcement:


Reading multiple files: wildcard file source


Starting with version 3.10, syslog-ng can collect messages from
multiple text files. You do not have to specify file names one by one,
just use a wildcard to select which files to read. This is especially
useful when you do not know the file names by the time syslog-ng is
started. This is often the case with web servers with multiple virtual


Collecting Docker infrastructure logs


Why use syslog-ng for collecting Docker logs? Docker already provides
many drivers for logging, even for central log collection. On the
other hand remote logging drivers arrive with a minimalist feature set
and you are not able to use the “docker logs” command any more. To
have the best of both worlds, you can use journald logging driver in
Docker and use syslog-ng to read Docker logs from journald and forward
log messages to your central log server or other destinations. You can
even run syslog-ng itself in a Docker container, so you can use it on
dedicated Docker host environments as well where it is not possible to
install additional applications.


The power of SCL


The syslog-ng configuration library (SCL) can help you to configure
syslog-ng a lot more easily. These configuration snippets can hide
away the complexity of collecting, parsing or storing log messages.
>From this blog you can learn how to parse web server logs and store
the results at a Logging as a Service (LaaS) provider in a structured
form. You will use SCL both for message parsing and the LaaS
destination, and also utilize the wildcard-file() source introduced in
syslog-ng 3.10.


RMLL / Libre Software Meeting 2017


This year I participated again in the security track of the largest
French open source conference, Libre Software Meeting (RMLL).
“Participated” as I did not only give a talk on syslog-ng there, but
also sat in to most of the presentations and had very good discussions
both with visitors and fellow speakers. The organizers brought
together talks from diverse IT security related fields, a very good
opportunity for cross-pollination of ideas.



syslog-ng OSE 3.11.1:

Your feedback and news, or tips about the next issue are welcome at
documentation at balabit.com. To read this newsletter online, visit:

Peter Czanik (CzP) <peter.czanik at balabit.com>
Balabit / syslog-ng upstream

More information about the syslog-ng mailing list