[syslog-ng] Insider 2021-02: proxy protocol; sudo JSON; Kafka;

Peter Czanik (pczanik) Peter.Czanik at oneidentity.com
Thu Feb 11 10:56:29 UTC 2021


Dear syslog-ng users,

This is the 88th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news.

NEWS


Finding the real source IP: using the PROXY protocol
----------------------------------------------------
Until now collecting logs behind proxies or load balancers needed some compromises. You either trusted the host information included in the log messages or you could only see the proxy as the sender host. Starting with syslog-ng 3.30 there is a third option available: using the PROXY protocol. While not an official Internet standard, it is supported by a number of popular software, like HAProxy. Other software can be extended to use it, like F5 load balancers using iRules. This way crucial information about the original network connection is not lost, but it is forwarded to the server by the proxy.
https://www.syslog-ng.com/community/b/blog/posts/finding-the-real-source-ip-using-the-proxy-protocol-with-syslog-ng


Parsing sudo JSON logs: building a syslog-ng configuration
----------------------------------------------------------
The latest version of sudo, version 1.9.4 includes support for JSON formatted logging. Compared to traditional sudo logs, it has the advantage of containing more information in a structured way. While traditional sudo logs are also parsed automatically by syslog-ng, it is worth taking a look at the new JSON formatted logs.
>From this blog, you can learn how the new logs look like and also a configuration working with these logs. Instead of just posting a complex configuration, I try to show you how my configuration was built. Creating a new configuration in smaller iterations makes the resulting configurations easier to debug.
https://www.syslog-ng.com/community/b/blog/posts/parsing-sudo-json-logs-building-a-syslog-ng-configuration


Kafka destination improved with template support
------------------------------------------------
The C implementation of the Kafka destination in syslog-ng has been improved in version 3.30. Support for templates in topic names was added as a result of a Google Summer of Code (GSoC) project. The advantage of the new template support feature is that you no longer have to use a static topic name. For example, you can include the name of your host or the application sending the log in the topic name. From this blog you can learn about a minimal Kafka setup, configuring syslog-ng and testing syslog-ng with Kafka.
https://www.syslog-ng.com/community/b/blog/posts/kafka-destination-improved-with-template-support-in-syslog-ng


Syslog-ng PE 7.0.23 released
----------------------------
Version 7.0.23 of syslog-ng PE was released with clustering support for Windows Event Collector (WEC). You can learn more about it from the documentation or from this short video:
https://www.youtube.com/watch?v=bYdIJaM24Z8


WEBINARS

* You can browse recordings of past webinars at https://www.syslog-ng.com/events/

Your feedback and news, or tips about the next issue are welcome. To read this newsletter online, visit: https://syslog-ng.com/blog/


Peter Czanik (CzP) <peter.czanik at oneidentity.com>
Balabit (a OneIdentity company) / syslog-ng upstream
https://syslog-ng.com/community/
https://twitter.com/PCzanik







More information about the syslog-ng mailing list