[syslog-ng] Insider 2018-12: 3.19 release; optimizing Splunk; Python source; HTTP batch;
Czanik, Péter
peter.czanik at balabit.com
Thu Dec 13 14:59:46 UTC 2018
Dear syslog-ng users,
This is the 71st issue of syslog-ng Insider, a monthly newsletter that
brings you syslog-ng-related news.
NEWS
Version 3.19 of syslog-ng released
----------------------------------
Version 3.19 of syslog-ng has been released with plenty of new
features and bugfixes. Performance of the HTTP destination improved
thanks to load-balancing to multiple servers. You can use this to send
the messages to a set of ingestion nodes or indexers of your SIEM
solution if a single node cannot handle the load. The new Slack
destination allows you to send alerts to a Slack channel.
Read the complete list of changes at
https://github.com/balabit/syslog-ng/releases/tag/syslog-ng-3.19.1.
Optimize your Splunk infrastructure using new syslog-ng features
-------------------------------------------------------
Learn how to use less resources for better performance in Splunk! Many
people have been using syslog-ng for decades without knowing that it
receives new features as well as bugfixes. While many Linux utilities
are practically in maintenance mode, syslog-ng keeps evolving
constantly. A strong focus in recent years has been on message parsing
and destination drivers.
After my talk at Suricon, Splunk users explained how they will change
their syslog-ng configurations to optimize their Splunk
infrastructure.
https://www.syslog-ng.com/community/b/blog/posts/optimize-your-splunk-infrastructure-using-new-syslog-ng-features
Python source in syslog-ng
--------------------------
Using syslog-ng 3.18 and newer releases, you can write new source
drivers for syslog-ng in Python. While performance is not as good as
C, you gain flexibility and ease of implementation. There are quite a
few log sources without a ready to use C API, but with a Python API.
Using the Python source of syslog-ng you can leverage these.
https://www.syslog-ng.com/community/b/blog/posts/python-source-in-syslog-ng
Bulk mode message sending to Elasticsearch with syslog-ng http() destination
---------------------------------------------------------
Learn how to send log messages in bulk mode to your Elasticsearch
server with syslog-ng. Bulk mode offers better performance, because it
sends multiple log messages in a single POST request.
https://www.syslog-ng.com/community/b/blog/posts/bulk-mode-message-sending-to-elasticsearch-with-syslog-ng-http-destination
WEBINARS
You can watch our past webinars:
* Log ingestion to Splunk HEC: https://www.brighttalk.com/webcast/16207/338190
* High performance log streaming to HDFS with syslog-ng:
https://www.brighttalk.com/webcast/16207/335943
Your feedback and news, or tips about the next issue are welcome. To
read this newsletter online, visit: https://syslog-ng.com/blog/
Peter Czanik (CzP) <peter.czanik at balabit.com>
Balabit (a OneIdentity company) / syslog-ng upstream
https://syslog-ng.com/community/
https://twitter.com/PCzanik
More information about the syslog-ng
mailing list