[syslog-ng] Insider 2021-04: Grafana; Windows agent; BSD;
Peter Czanik (pczanik)
Peter.Czanik at oneidentity.com
Thu Apr 15 09:54:02 UTC 2021
Dear syslog-ng users,
This is the 90th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news.
Grafana, Loki, syslog-ng: jump-starting a new logging stack
Talking to syslog-ng users, I found that many of them plan to take a closer look at Grafana, due to the upheaval around the change of licensing terms for Elastic. Luckily, it is now possible to jump-start the complete, new logging stack – including Grafana, Loki, syslog-ng and tools to monitor this stack – with a single command. All you need to do is to point a couple of syslog clients at the included syslog-ng server and open Grafana in your browser. Of course, this setup is far from being production-ready, but it can speed up preparing a test environment for you. From this blog, you can learn how to install Grafana, Loki, syslog-ng stack, how to forward your log messages there, and how to check the results in Grafana.
When to use the syslog-ng agent for Windows?
You can collect log messages from a Windows host in multiple ways using syslog-ng. For large scale installations the easiest is to use the Windows Event Collector (WEC) component of syslog-ng Premium Edition (PE). This way you don’t have to install any new client software on the Windows side, just point the WEC to the destionation to send their log messages. Please note that WEC only works for Windows EventLog. If you need to collect log messages from text files, you need to install the syslog-ng agent for Windows on your hosts. For example, web servers often log to files instead of Windows EventLog. Let’s review how to do a standalone installation of syslog-ng agent for Windows and then see the differences between using the legacy (RFC3164) and the new (RFC5424) syslog protocol.
Syslog-ng on BSDs
My FOSDEM presentation in the BSD devroom showcased what is new in sudo and syslog-ng and explained how to install or compile these software yourself on FreeBSD. Not only am I a long time FreeBSD user (started with version 1.0 in 1994) I also work on keeping the syslog-ng port in FreeBSD up to date. But soon after my presentation I was asked what I knew about other BSDs. And – while I knew that all BSDs have syslog-ng in their ports system – I realized I had no idea about the shape of those ports. For this article I installed OpenBSD, DragonFlyBSD and NetBSD to check syslog-ng on them. Admittedly, they are not in the best shape: they contain old versions, some do not even start or are unable to collect local log messages.
* Scale log collection from Windows endpoints with WEC clustering in syslog-ng https://www.syslog-ng.com/event/scale-log-collection-from-windows-endpoints-with-wec-clustering-in-sys8147879/
* You can browse recordings of past webinars at https://www.syslog-ng.com/events/
Your feedback and news, or tips about the next issue are welcome. To read this newsletter online, visit: https://syslog-ng.com/blog/
Peter Czanik (CzP) <peter.czanik at oneidentity.com>
Balabit (a OneIdentity company) / syslog-ng upstream
More information about the syslog-ng