[syslog-ng] Insider 2021-09: 3.34; OpenBSD; OpenSearch; http() destination;

Peter Czanik (pczanik) Peter.Czanik at oneidentity.com
Fri Sep 17 09:12:17 UTC 2021

Dear syslog-ng users,

This is the 94th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news.


Version 3.34.1 available
Version 3.34.1 of syslog-ng has been released with many interesting new features. There is now a new parser that can parse messages with regular expressions. The throughput of the Redis destination driver has increased drastically. TLS and WebSocket Secure support have been added to the MQTT destination. Performance of the disk-buffer has improved considerably. For a full list of changes and source code, check https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-3.34.1 

Syslog-ng updated in OpenBSD ports
Recently I have found that the number of syslog-ng users on OpenBSD is growing, even with an ancient syslog-ng version in OpenBSD ports that is unable to collect local log messages. Then I remembered that Todd Miller ā€“ maintainer of sudo, and my colleague at One Identity ā€“ is also an OpenBSD user and developer. I asked him for a little help, which turned out to be quite a lot in the end, but syslog-ng is now updated to the latest version in OpenBSD ports!

Opensearch and syslog-ng
Opensearch is a fork of the Elastic stack code base, made right before the license change. The first release candidate (RC1) has been released recently. Next to plain text files, Elasticsearch is one of the most popular destinations in syslog-ng, but after the license change people started to look for alternatives. I did some quick tests and using the elasticsearch-http() destination, syslog-ng seems to work fine with Opensearch as well.
You can learn from this blog how to get started with Opensearch, dashboards and syslog-ng. Another alternative that syslog-ng users explored is Grafana Loki.

Creating a new http()-based syslog-ng destination: Seq
Recently, many services provide an HTTP-based API to send messages. With a bit of luck, the given service is already supported directly by syslog-ng, or by using the Apprise Python library from the syslog-ng Python destination. In other cases, you need to do the research yourself on how the given HTTP-based service works. It might be scary at first, but often, it just takes a bit of experimenting and reading the documentation.
In this blog, Iā€™m showing you how to send log messages to Seq, a container-based log management software for application logs. The focus of this blog is to understand what to look for in the documentation of software to create an http()-based destination in syslog-ng. You can install Seq in a container, it is easy, but not necessary.


* You can browse recordings of past webinars at https://www.syslog-ng.com/events/

Your feedback and news, or tips about the next issue are welcome. To read this newsletter online, visit: https://syslog-ng.com/blog/

Peter Czanik (CzP) <peter.czanik at oneidentity.com>
Balabit (a OneIdentity company) / syslog-ng upstream

More information about the syslog-ng mailing list