[syslog-ng] Insider 2020-10: Cisco; Signal Messenger; PCRE dupnames;
Peter Czanik (pczanik)
Peter.Czanik at oneidentity.com
Thu Oct 8 09:52:09 UTC 2020
Dear syslog-ng users,
This is the 85th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news.
NEWS
Parsing Cisco logs in syslog-ng
--------------------------------
Log messages generated by Cisco devices look like syslog messages at first glance, but on a closer inspection you will see that there are many smaller differences. By default, syslog-ng treats all incoming messages as syslog messages, however, Cisco logs do not conform. Log messages collected over the network from Cisco devices and saved to a file look broken. There are many Cisco log variants but luckily a good part of them are covered by the cisco-parser() of syslog-ng.From this blog you can learn how the Cisco parser in syslog-ng works and how you can check if it really works with your Cisco log messages.
https://www.syslog-ng.com/community/b/blog/posts/parsing-cisco-logs-in-syslog-ng
Sending alerts to Signal Messenger from syslog-ng
-------------------------------------------------
Signal Messenger is becoming the instant messaging platform of choice for privacy-minded individuals, including many sysadmins. No wonder that some of them would like to see alerts from syslog-ng in this IM platform. Developing a new destination for syslog-ng from scratch in the C programming language is a considerable effort. As a result, this first implementation is utilizing an already existing command line application. Below, you can learn about an initial implementation, and why it is not part of syslog-ng.
https://www.syslog-ng.com/community/b/blog/posts/sending-alerts-to-signal-messenger-from-syslog-ng
Enabling PCRE dupnames in syslog-ng
-----------------------------------
One of the major syslog-ng features is that it can parse log messages and create name-value pairs from them. Until now the PCRE parser could not handle duplicate names for named subpatterns. Version 3.29 of syslog-ng resolves this issue by adding the “dupnames” flag. From this blog you can learn why the dupnames flag is important and how you can enable and test it.
https://www.syslog-ng.com/community/b/blog/posts/enabling-pcre-dupnames-in-syslog-ng
WEBINARS
* You can browse recordings of past webinars at https://www.syslog-ng.com/events/
Your feedback and news, or tips about the next issue are welcome. To read this newsletter online, visit: https://syslog-ng.com/blog/
Peter Czanik (CzP) <peter.czanik at oneidentity.com>
Balabit (a OneIdentity company) / syslog-ng upstream
https://syslog-ng.com/community/
https://twitter.com/PCzanik
More information about the syslog-ng
mailing list