[syslog-ng] Insider 2017-05: osquery; SELinux; disk queue; upcoming events
Czanik, Péter
peter.czanik at balabit.com
Thu May 18 10:09:32 UTC 2017
Dear syslog-ng users,
This is the 58th issue of syslog-ng Insider, a monthly newsletter that
brings you syslog-ng-related news.
NEWS
osquery and syslog-ng
---------------------
osquery allows you to ask questions about your machine using an
SQL-like language. For example, you can query running processes,
logged in users, installed packages and syslog messages as well. From
this post, you will learn how to send log messages to osquery, read
osquery logs using syslog-ng, and how to parse the JSON-based log
messages of osquery, so selected fields can be forwarded to
Elasticsearch or other destinations expecting name-value pairs.
https://www.balabit.com/blog/endpoint-visibility-and-monitoring-using-osquery-and-syslog-ng/
SELinux in enforcing mode
-------------------------
Security-Enhanced Linux (SELinux) is a set of kernel and user-space
tools enforcing strict access control policies. It is also the tool
behind at least half of the syslog-ng problem reports. SELinux rules
in Linux distributions cover all aspects of the syslog-ng
configuration coming in the syslog-ng package available in the
distribution. But as soon as an unusual port number or directory name
is specified in the configuration, syslog-ng fails to work even with a
perfectly legitimate configuration. While preventing unusual access is
the main feature of SELinux, it also causes lots of headaches for
unsuspecting administrators. Learn how you can use syslog-ng with
SELinux in enforcing mode.
https://www.balabit.com/blog/using-syslog-ng-with-selinux-in-enforcing-mode/
Processing messages stuck in the disk queue files
-------------------------------------------------
When you change the configuration of a syslog-ng host that uses
disk-based buffering (also called disk queue), syslog-ng may start new
disk buffer files for the destinations that you have changed. Learn
how you can flush log messages from the orphaned disk queue files from
our new document:
https://www.balabit.com/documents/syslog-ng-ose-3.9-guides/en/syslog-ng-diskbuffer-recovery/html/index.html
UPCOMING EVENTS
You can learn about syslog-ng at a growing number of events:
Big Data Universe: https://bdu.hu/
openSUSE conference: https://events.opensuse.org/conference/oSC17
Libre Software Meeting: https://2017.rmll.info/
Your feedback and news, or tips about the next issue are welcome at
documentation at balabit.com. To read this newsletter online, visit:
https://syslog-ng.org/
Peter Czanik (CzP) <peter.czanik at balabit.com>
Balabit / syslog-ng upstream
https://www.balabit.com/blog/author/peterczanik/
https://twitter.com/PCzanik
More information about the syslog-ng
mailing list