[syslog-ng] Insider 2017-05: osquery; SELinux; disk queue; upcoming events
Balazs Scheidler
bazsi77 at gmail.com
Fri May 26 05:56:33 UTC 2017
Hmm, yeah persist-tool is tricky as it relies on code in PE that are not
straightforward to port over. I would implement that function very
differently.
On May 25, 2017 12:17 PM, "Fekete, Róbert" <robert.fekete at balabit.com>
wrote:
> Hi,
>
> I'm writing regarding the "Processing messages stuck in the disk queue
> files" tutorial that we referenced in the newsletter.
> Unfortunately, it turned out that the tutorial does not apply to syslog-ng
> OSE yet, because the persist-tool utility used in the tutorial is not part
> of OSE yet.
>
> So to avoid any confusion and frustration, I'm removing the tutorial from
> the OSE documentation page until the utility is released in OSE as well.
>
> My apologies for the inconvenience.
>
> Kind Regards,
>
> Robert Fekete
>
>
> On Thu, May 18, 2017 at 12:09 PM, Czanik, Péter <peter.czanik at balabit.com>
> wrote:
>
>> Dear syslog-ng users,
>>
>> This is the 58th issue of syslog-ng Insider, a monthly newsletter that
>> brings you syslog-ng-related news.
>>
>>
>>
>> NEWS
>>
>>
>>
>> osquery and syslog-ng
>>
>> ---------------------
>>
>> osquery allows you to ask questions about your machine using an
>> SQL-like language. For example, you can query running processes,
>> logged in users, installed packages and syslog messages as well. From
>> this post, you will learn how to send log messages to osquery, read
>> osquery logs using syslog-ng, and how to parse the JSON-based log
>> messages of osquery, so selected fields can be forwarded to
>> Elasticsearch or other destinations expecting name-value pairs.
>>
>> https://www.balabit.com/blog/endpoint-visibility-and-monitor
>> ing-using-osquery-and-syslog-ng/
>>
>>
>>
>> SELinux in enforcing mode
>>
>> -------------------------
>>
>> Security-Enhanced Linux (SELinux) is a set of kernel and user-space
>> tools enforcing strict access control policies. It is also the tool
>> behind at least half of the syslog-ng problem reports. SELinux rules
>> in Linux distributions cover all aspects of the syslog-ng
>> configuration coming in the syslog-ng package available in the
>> distribution. But as soon as an unusual port number or directory name
>> is specified in the configuration, syslog-ng fails to work even with a
>> perfectly legitimate configuration. While preventing unusual access is
>> the main feature of SELinux, it also causes lots of headaches for
>> unsuspecting administrators. Learn how you can use syslog-ng with
>> SELinux in enforcing mode.
>>
>> https://www.balabit.com/blog/using-syslog-ng-with-selinux-in
>> -enforcing-mode/
>>
>>
>>
>>
>>
>> Processing messages stuck in the disk queue files
>>
>> -------------------------------------------------
>>
>> When you change the configuration of a syslog-ng host that uses
>> disk-based buffering (also called disk queue), syslog-ng may start new
>> disk buffer files for the destinations that you have changed. Learn
>> how you can flush log messages from the orphaned disk queue files from
>> our new document:
>>
>> https://www.balabit.com/documents/syslog-ng-ose-3.9-guides/
>> en/syslog-ng-diskbuffer-recovery/html/index.html
>>
>>
>>
>> UPCOMING EVENTS
>>
>>
>>
>> You can learn about syslog-ng at a growing number of events:
>>
>> Big Data Universe: https://bdu.hu/
>>
>> openSUSE conference: https://events.opensuse.org/conference/oSC17
>>
>> Libre Software Meeting: https://2017.rmll.info/
>>
>>
>>
>>
>>
>> Your feedback and news, or tips about the next issue are welcome at
>> documentation at balabit.com. To read this newsletter online, visit:
>> https://syslog-ng.org/
>>
>>
>> Peter Czanik (CzP) <peter.czanik at balabit.com>
>> Balabit / syslog-ng upstream
>> https://www.balabit.com/blog/author/peterczanik/
>> https://twitter.com/PCzanik
>> ____________________________________________________________
>> __________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation: http://www.balabit.com/support/documentation/?product=
>> syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
>
> ____________________________________________________________
> __________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?
> product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20170526/6de6f685/attachment-0001.html>
More information about the syslog-ng
mailing list