[syslog-ng] Insider 2019-03: syslog-ng 3.20.1; fail2ban; HTTP source; container tools; UDP; Conferences & Webinars

Czanik, Péter peter.czanik at balabit.com
Thu Mar 14 11:02:22 UTC 2019

Dear syslog-ng users,

This is the 73rd issue of syslog-ng Insider, a monthly newsletter that
brings you syslog-ng-related news.


syslog-ng 3.20.1 released


Version 3.20.1 of syslog-ng was released. It adds persist-tool to
manipulate persists files, a collectd destination, parsers for
Netskope and Websense logs, and list support to JSON and XML.
Naturally, bug fixes and many more changes were under the hood as
well. There are some developer facing improvements, too, such as the
fact that Python developers can now generate internal() log messages.

For a complete list of changes with links to individual pull requests
describing the changes in more detail, check

Documentation for most of the new features is now available online at

Visualizing Fail2ban logs in Kibana


In his previous syslog-ng blog post, Balage wrote about how you can
enrich Fail2ban logs with GeoIP metadata and other data parsed from
the logs. In this post he will show you how you can use syslog-ng to
send the logs into Elasticsearch and how visualizing Fail2ban logs in
Kibana can show you where the failed login attempts come from.


Creating an HTTP source for syslog-ng in Python


HTTP is quickly becoming the universal transport protocol of the
Internet. Nowadays even DNS over HTTPS implementations are available.
There is no HTTP source implemented in C for syslog-ng, but starting
with syslog-ng version 3.18, you can write new source drivers for
syslog-ng in Python. While performance is not as good as it would be
using C, you gain flexibility and ease of implementation by using
Python. From this blog post you can learn how to create a basic HTTP
source for syslog-ng in Python.


Building and running a syslog-ng container using the latest tools


>From this blog you can learn the basics of skopeo, buildah and podman
through the examples of a syslog-ng container. These tools come from
Red Hat, replacing and extending functionality of the docker daemon
without the need to run a “big fat daemon” on the hosts. The
architectural redesign is closer to the UNIX philosophy and here is no
single point of failure.


Improved log collection over UDP


“I'd tell you the joke about UDP, but you might not get it.” This old
joke perfectly summarizes UDP. There is no guarantee (frankly, not
even a real effort) that data sent over UDP ever reaches the receiving
end. Still, a surprisingly large number of syslog(-ng) users still
keep using UDP as their transport protocol. The introduction of the
so-reuseport() option for the UDP source in syslog-ng 3.19 is for
those people who, for policy or other reasons, can not switch to TCP
logging but still want to make UDP log reception as reliable as



* DevOps Pro talk:

Syslog-ng for DevOps: Customized Logging with Python (
https://devopspro.lt/peter-czanik/ )


You can watch our past webinars:

* Got a Hungry Splunk? Feed it Smartly with syslog-ng:

Your feedback and news, or tips about the next issue are welcome. To
read this newsletter online, visit: https://syslog-ng.com/blog/

Peter Czanik (CzP) <peter.czanik at balabit.com>
Balabit (a OneIdentity company) / syslog-ng upstream

More information about the syslog-ng mailing list