[syslog-ng] Insider 2022-05: directions; EPEL 9; throttle; regexp-parser;

Wed May 18 09:55:36 UTC 2022

Dear syslog-ng users,

This is the 101st issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news.

NEWS

syslog-ng on the long term: a draft on strategic directions
-----------------------------------------------------------
Balázs Scheidler, founder of the syslog-ng project, describes five possible strategic directions:
“In the past few weeks I performed a round of discussions/interviews with syslog-ng users. I also spent time looking at other products and analyst reports on the market. Based on all this information I’ve come up with a list of potential strategic directions for syslog-ng to tackle. Focusing on these and prioritizing features that fall into one of these directions ensures that syslog-ng indeed moves ahead.”
Read the rest of the blog at https://syslog-ng-future.blog/syslog-ng-on-the-long-term-a-draft-on-strategic-directions/

A minimalist syslog-ng package is heading to EPEL 9
---------------------------------------------------
Last week, the ivykis library, the most important core dependency of syslog-ng landed in EPEL 9 successfully. There are still plenty of dependencies missing, but this way, I could submit a slightly cut down version of syslog-ng to EPEL 9. Hopefully the rest of the dependencies will arrive in EPEL 9 as well. I plan to update the syslog-ng package as soon as the dependencies arrive. Luckily, these are only needed to enable some less frequently used syslog-ng destination drivers, no core functionality is affected.
https://www.syslog-ng.com/community/b/blog/posts/a-minimalist-syslog-ng-package-is-heading-to-epel-9

The difference between throttle() and rate-limit() in syslog-ng
---------------------------------------------------------------
There are multiple ways in syslog-ng to limit message rate. The throttle() option of syslog-ng destinations tries to make sure that all messages are delivered without exceeding a specified message rate. The rate-limit() filter introduced in syslog-ng 3.36 drops surplus log messages, making sure that a processing pipeline or destination is not overloaded with log messages.
https://www.syslog-ng.com/community/b/blog/posts/the-difference-between-throttle-and-rate-limit-in-syslog-ng

Using the regexp-parser of syslog-ng
------------------------------------
For many years, you could use the match() filter of syslog-ng to parse log messages with regular expressions. However, the primary function of match() is filtering. Recent syslog-ng versions now have a dedicated regular expression parser, the regexp-parser(). So, you should use match() only if your primary use case is filtering. Otherwise, use the regexp-parser for parsing, as it is a lot more flexible.
https://www.syslog-ng.com/community/b/blog/posts/using-the-regexp-parser-of-syslog-ng

WEBINARS

* Register for our latest webinars at https://www.syslog-ng.com/event/syslogng-webcast-series-2022/ 
* You can browse recordings of past webinars at https://www.syslog-ng.com/events/

Your feedback and news, or tips about the next issue are welcome. To read this newsletter online, visit: https://syslog-ng.com/blog/

Peter Czanik (CzP) <peter.czanik at oneidentity.com>
Balabit (a OneIdentity company) / syslog-ng upstream
https://syslog-ng.com/community/
https://twitter.com/PCzanik