[syslog-ng] Insider 2020-10: LaaS; PAN-OS; Security Onion; New Relic;

Peter Czanik (pczanik) Peter.Czanik at oneidentity.com
Thu Nov 12 10:58:13 UTC 2020

Dear syslog-ng users,

This is the 86th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news.


How to use syslog-ng with LaaS and why?
The first Logging as a Service (LaaS) I learned about many years ago was created by Loggly. Of course there are many more LaaS providers now. While most services also provide their own clients for sending log messages, many of them also document sending log messages to them using syslog-ng.
>From this blog, you can learn about the advantages of using syslog-ng with LaaS, or with any cloud based SIEM solution or a Managed Security Service Provider (MSSP), and also how easy it is to create a configuration block for a new provider. While creating a configuration block takes some time, the simplification it provides can make your life easier on the long term.

Parsing PAN-OS logs using syslog-ng
Version 3.29 of syslog-ng was released recently including a user-contributed feature: the panos-parser(). It is parsing log messages from PAN-OS (Palo Alto Networks Operating System). Unlike some other networking devices, the message headers of PAN-OS syslog messages are standards-compliant. However, if you want to act on your messages (filtering, alerting), you still need to parse the message part. The panos-parser() helps you create name-value pairs from the message part of the logs.
>From this blog you can learn why it is useful to parse PAN-OS log messages and how to use the panos-parser().

Syslog-ng and Security Onion
One of the most interesting projects utilizing syslog-ng is Security Onion, a free and open source Linux distribution for threat hunting, enterprise security monitoring, and log management. It is utilizing syslog-ng for log collection and log transfer and uses the Elastic stack to store and search log messages. Even if you do not use its advanced security features, you can still use it for centralized log collection and as a nice web interface for your logs. But it is also worth getting acquainted with its security monitoring features, as it can show you useful insights about your network. Best of all, Security Onion is completely free and open source, with commercial support available for it.

How to Use Syslog-ng with New Relic
Learn how to use the http() destination to send logs to New Relic: https://blog.newrelic.com/product-news/how-to-use-syslog-ng-with-new-relic/


* Improve SIEM performance and cut SIEM costs with log management solutions: https://www.syslog-ng.com/event/improve-siem-performance-and-cut-siem-costs-with-log-management-soluti8145272/
* You can browse recordings of past webinars at https://www.syslog-ng.com/events/

Your feedback and news, or tips about the next issue are welcome. To read this newsletter online, visit: https://syslog-ng.com/blog/

Peter Czanik (CzP) <peter.czanik at oneidentity.com>
Balabit (a OneIdentity company) / syslog-ng upstream

More information about the syslog-ng mailing list