[syslog-ng] Insider 2020-09: Prometheus; proxy; ESK;

Peter Czanik (pczanik) Peter.Czanik at oneidentity.com
Wed Sep 9 10:03:28 UTC 2020

Dear syslog-ng users,

This is the 84th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news.


Using a proxy with the http() destination
The http() destination is quickly becoming one of the most often used destinations within syslog-ng. You might already be using it even if you are not aware of it. Quite a few syslog-ng destination drivers are actually just configuration snippets in the syslog-ng configuration library (SCL), utilizing the http() destination in the background. Just think about elasticsearch-http(), different Logging as a Service (LasS) providers, or slack(). Starting with syslog-ng version 3.28.1 you can also reach these services when there is a proxy server between syslog-ng and your destination.

Prometheus: syslog-ng exporter
Recently Prometheus became one of the most used open source monitoring solutions. Quite a few people asked if a syslog-ng exporter is available. It is not part of syslog-ng, but there are numerous implementations available on GitHub. Now that Prometheus is part of the openSUSE Leap 15.2 release, which is the Linux distribution running on my laptop, I gave it a try. From this blog, you can learn how to compile the syslog-ng exporter for Prometheus yourself and get it working with Prometheus.

Jump-starting ESK: Elasticsearch, syslog-ng and Kibana
If you want to test drive syslog-ng or just want to learn something new, I recommend you checking out the BLACK ESK project. By running a single script, you can set up a containerized test environment, complete with Elasticsearch, Kibana and a syslog-ng server. All network connections among them are encrypted and the syslog-ng configuration showcases many interesting syslog-ng features, including PatternDB and JSON parsing, GeoIP, in-list filtering and the new Elasticsearch destination. Once it is installed, all you need are some logs directed at this server and a browser to reach Kibana. You can learn a lot from reading through the setup scripts and the different configuration files.


* Version 3.29.1 released: https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-3.29.1


* You can browse recordings of past webinars at https://www.syslog-ng.com/events/

Your feedback and news, or tips about the next issue are welcome. To read this newsletter online, visit: https://syslog-ng.com/blog/

Peter Czanik (CzP) <peter.czanik at oneidentity.com>
Balabit (a OneIdentity company) / syslog-ng upstream

More information about the syslog-ng mailing list