[syslog-ng] Insider 2017-05: osquery; SELinux; disk queue; upcoming events

Fekete, Róbert robert.fekete at balabit.com
Thu May 25 10:16:44 UTC 2017


Hi,

I'm writing regarding the "Processing messages stuck in the disk queue
files" tutorial that we referenced in the newsletter.
Unfortunately, it turned out that the tutorial does not apply to syslog-ng
OSE yet, because the persist-tool utility used in the tutorial is not part
of OSE yet.

So to avoid any confusion and frustration, I'm removing the tutorial from
the OSE documentation page until the utility is released in OSE as well.

My apologies for the inconvenience.

Kind Regards,

Robert Fekete


On Thu, May 18, 2017 at 12:09 PM, Czanik, Péter <peter.czanik at balabit.com>
wrote:

> Dear syslog-ng users,
>
> This is the 58th issue of syslog-ng Insider, a monthly newsletter that
> brings you syslog-ng-related news.
>
>
>
> NEWS
>
>
>
> osquery and syslog-ng
>
> ---------------------
>
> osquery allows you to ask questions about your machine using an
> SQL-like language. For example, you can query running processes,
> logged in users, installed packages and syslog messages as well. From
> this post, you will learn how to send log messages to osquery, read
> osquery logs using syslog-ng, and how to parse the JSON-based log
> messages of osquery, so selected fields can be forwarded to
> Elasticsearch or other destinations expecting name-value pairs.
>
> https://www.balabit.com/blog/endpoint-visibility-and-
> monitoring-using-osquery-and-syslog-ng/
>
>
>
> SELinux in enforcing mode
>
> -------------------------
>
> Security-Enhanced Linux (SELinux) is a set of kernel and user-space
> tools enforcing strict access control policies. It is also the tool
> behind at least half of the syslog-ng problem reports. SELinux rules
> in Linux distributions cover all aspects of the syslog-ng
> configuration coming in the syslog-ng package available in the
> distribution. But as soon as an unusual port number or directory name
> is specified in the configuration, syslog-ng fails to work even with a
> perfectly legitimate configuration. While preventing unusual access is
> the main feature of SELinux, it also causes lots of headaches for
> unsuspecting administrators. Learn how you can use syslog-ng with
> SELinux in enforcing mode.
>
> https://www.balabit.com/blog/using-syslog-ng-with-selinux-
> in-enforcing-mode/
>
>
>
>
>
> Processing messages stuck in the disk queue files
>
> -------------------------------------------------
>
> When you change the configuration of a syslog-ng host that uses
> disk-based buffering (also called disk queue), syslog-ng may start new
> disk buffer files for the destinations that you have changed. Learn
> how you can flush log messages from the orphaned disk queue files from
> our new document:
>
> https://www.balabit.com/documents/syslog-ng-ose-3.9-guides/en/syslog-ng-
> diskbuffer-recovery/html/index.html
>
>
>
> UPCOMING EVENTS
>
>
>
> You can learn about syslog-ng at a growing number of events:
>
> Big Data Universe: https://bdu.hu/
>
> openSUSE conference: https://events.opensuse.org/conference/oSC17
>
> Libre Software Meeting: https://2017.rmll.info/
>
>
>
>
>
> Your feedback and news, or tips about the next issue are welcome at
> documentation at balabit.com. To read this newsletter online, visit:
> https://syslog-ng.org/
>
>
> Peter Czanik (CzP) <peter.czanik at balabit.com>
> Balabit / syslog-ng upstream
> https://www.balabit.com/blog/author/peterczanik/
> https://twitter.com/PCzanik
> ____________________________________________________________
> __________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?
> product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20170525/ccdfa59f/attachment.html>


More information about the syslog-ng mailing list