[syslog-ng] Insider 2018-06: 3.15; ARM; Big Data; journald; Elasticsearch; conferences;

Thu Jun 14 09:56:52 UTC 2018

Dear syslog-ng users,

This is the 67th issue of syslog-ng Insider, a monthly newsletter that
brings you syslog-ng-related news.

NEWS

syslog-ng 3.15 is released

--------------------------

Version 3.15 of syslog-ng is now available. Support was added for if /
elif / else blocks, which can simplify syslog-ng configuration
considerably. Improved debug and error messages make finding
configuration problems easier. Support for basic client-side failover
was added.

For a complete list of changes, check
https://github.com/balabit/syslog-ng/releases/tag/syslog-ng-3.15.1.

For binary packages, check https://syslog-ng.com/3rd-party-binaries.

Debian ARM builds

-----------------

Starting with version 3.15, the unofficial syslog-ng Debian build is
also available for ARM v7. It has all of the features of the x86
edition. The build is made for Debian 9.0 and tested on a Raspberry
Pi, but it most likely works on recent editions of Raspbian as well.

It is available at
https://download.opensuse.org/repositories/home:/laszlo_budai:/syslog-ng/Debian_9.0/.

Big Data: save all or save costs?

---------------------------------

When starting a new project, Big Data vendors usually recommend a
“save all” and “save raw” approach, as you never know what data might
come in handy later on and in what format. Companies starting those
projects also often have the same approach, as they still have their
infrastructure under heavy development. Both go on the assumption that
storage is practically free compared to the value of data. But is it
really so?

Learn more at https://syslog-ng.com/blog/big-data-save-save-costs/.

syslog-ng vs. systemd’s journald

--------------------------------

People often ask what to use: systemd’s journald or syslog-ng? The
quick answer is that most likely both, but it depends on how you use
your computer(s). If you have a single standalone machine, journald is
probably enough. There is even a nice desktop application to view the
logs in the journal. But once you have multiple machines to manage,
using syslog-ng has many advantages.

Read more at https://news.opensuse.org/2018/04/30/syslog-ng-vs-systemds-journald/.

Storing logs in Elasticsearch using syslog-ng

---------------------------------------------

Get started with sending logs directly to Elasticsearch using
syslog-ng. Find out how to parse data with syslog-ng, store it in
Elasticsearch, and analyze it with Kibana. Learn about the basics of
using syslog-ng and Elasticsearch 6 on Red Hat Enterprise Linux /
CentOS. Discover how to send netdata metrics through syslog-ng to
Elasticsearch.

Read our technical white paper at
https://pages.balabit.com/storing-logs-in-elasticsearch-using-syslog-ng.html

Containers and automation: five conferences in two words

--------------------------------------------------------

In the past couple of weeks I visited five different conferences in
four different countries either as a speaker or as booth staff.
Altogether I had a chance to present syslog-ng to thousands of people
and discuss syslog-ng and logging in general with hundreds.

Except for a Big Data event in Budapest, I could summarize the
conferences in two words: containers and automation. Of course, all
events covered other diverse topics as well, but the main themes were
these two.

Let me give you a quick overview of the events:
https://syslog-ng.com/blog/containers-automation-five-conferences-two-words/.

Your feedback and news, or tips about the next issue are welcome at
documentation at balabit.com. To read this newsletter online, visit:
https://syslog-ng.com/blog/

Peter Czanik (CzP) <peter.czanik at balabit.com>
Balabit / syslog-ng upstream
https://syslog-ng.com/blog/author/peterczanik/
https://twitter.com/PCzanik