[syslog-ng] Insider 2017-02: securing Elasticsearch; Troubleshooting; FOSDEM & SCALE;

Thu Feb 9 11:19:57 UTC 2017

Dear syslog-ng users,

This is the 55th issue of syslog-ng Insider, a monthly newsletter that
brings you syslog-ng-related news.

NEWS

Securing connections to Elasticsearch

-------------------------------------

Recently, news have come out that unprotected MongoDB databases are
being actively compromised: content is copied and replaced by a
message asking for a ransom to get it back. As “The Register” reports:
Elasticsearch is next. Read our latest blog post to learn more about
how to secure your Elasticsearch cluster and avoid a ransomware:
https://www.balabit.com/blog/secure-your-elasticsearch-cluster-and-avoid-ransomware/

Troubleshooting syslog-ng to syslog-ng connections

--------------------------------------------------

syslog-ng users often face the challenge of not being able to send
logs over the network from one syslog-ng instance to another. There
can be many reasons for this; some are independent from syslog-ng,
while others are related to the syslog-ng configuration. Here are a
few troubleshooting tips:

https://www.balabit.com/blog/troubleshooting-syslog-ng-syslog-ng-connections/

Load balancing HTTP connections to Elasticsearch

------------------------------------------------

In addition to developing the HTTPS driver for syslog-ng, Fabien
Wernli also contributed HTTP load balancing support to the syslog-ng
Elasticsearch driver, which is also used by HTTPS support for
Elasticsearch: https://github.com/balabit/syslog-ng/pull/1319

FOSDEM 2017

-----------

This year Peter Czanik, community manager at Balabit, participated
with two syslog-ng presentations at the annual FOSDEM conference in
Brussels. Read about his experiences at the event:
https://www.balabit.com/blog/syslog-ng-fosdem-2017/

How to send JSON log messages to RabbitMQ from syslog-ng

--------------------------------------------------------

In this post, you can read about how to configure syslog-ng to send
logs in JSON format in the body of an AMQP message:

https://sharknet.us/2017/02/04/how-to-send-json-log-messages-to-rabbitmq-from-syslog-ng/

UPCOMING EVENTS

Balabit will participate at the Southern California Linux Expo this
year again: http://www.socallinuxexpo.org/scale/15x

You can talk to our engineers at the Balabit booth and listen to Peter
Czanik present about parsing security logs using syslog-ng in room
106: http://www.socallinuxexpo.org/scale/15x/presentations/get-most-out-your-security-logs-using-syslog-ng

Your feedback and news, or tips about the next issue are welcome at
documentation at balabit.com. To read this newsletter online, visit:
https://syslog-ng.org/

Peter Czanik (CzP) <peter.czanik at balabit.com>
Balabit / syslog-ng upstream
https://www.balabit.com/blog/author/peterczanik/
https://twitter.com/PCzanik