[syslog-ng] Insider 2022-10: type support; Splunk/Sentinel; MongoDB; Photon;
Peter Czanik (pczanik)
Peter.Czanik at oneidentity.com
Thu Oct 20 09:47:16 UTC 2022
Dear syslog-ng users,
This is the 105th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news.
NEWS
Type support: getting started with syslog-ng 4.0
------------------------------------------------
Version 4.0 of syslog-ng is right around the corner. It hasn’tyet been released; however, you can already try some of its features. The largest and most interesting change is type support. Right now, name-value pairs within syslog-ng are represented as text, even if the PatternDB or JSON parsers could see the actual type of the incoming data. This does not change, but starting with 4.0, syslog-ng will keep the type information, and use it correctly on the destination side. This makes your life easier, for example when you store numbers to Elasticsearch or to other type-aware storage.
>From this blog, you can learn how type support makes your life easier and helps you to give it a testdrive on your own hosts.
https://www.syslog-ng.com/community/b/blog/posts/type-support-getting-started-with-syslog-ng-4-0
syslog-ng Store Box Splunk/HEC and Sentinel destinations
--------------------------------------------------------
The syslog-ng Store Box (SSB) appliance is built on syslog-ng Premium Edition (PE). SSB inherits most of syslog-ng PE’s features and makes them available with an easy-to-use graphical user interface. One of the typical use cases for SSB (and syslog-ng PE) is optimizing the logging infrastructure for SIEM / log analysis. Two recently introduced SSB destinations for log analytics are Splunk HEC (HTTP Event Collector) and Microsoft Sentinel.
https://www.syslog-ng.com/community/b/blog/posts/syslog-ng-store-box-splunk-hec-and-sentinel-destinations
A quick test of MongoDB 6.0 with syslog-ng
------------------------------------------
Any time I see that one of the syslog-ng destinations has a major new version, I'm a bit scared, as it is not uncommon to introduce breaking changes with them. MongoDB 6.0, however, was a pleasant surprise. I gave it a quick try, and everything worked as expected. Along the way, I even learned about MongoDB Compass, an easy-to-use GUI for MongoDB databases.
https://www.syslog-ng.com/community/b/blog/posts/a-quick-test-of-mongodb-6-0-with-syslog-ng
Vmware Photon OS 4.0: an interesting syslog-ng package
------------------------------------------------------
A few weeks ago I wrote about syslog-ng in Microsoft’s own Linux distribution, CBL-Mariner. Vmware Photon OS 4.0 is another niche Linux distribution. It not only features syslog-ng, but syslog-ng is also up-to-date. The syslog-ng package in Photon, though, is also the strangest one I have ever encountered.
https://www.syslog-ng.com/community/b/blog/posts/vmware-photon-os-4-0-an-interesting-syslog-ng-package
WEBINARS
* Register for our latest webinars at https://www.syslog-ng.com/event/syslogng-webcast-series-2022/
* You can browse recordings of past webinars at https://www.syslog-ng.com/events/
Your feedback and news, or tips about the next issue are welcome. To read this newsletter online, visit: https://syslog-ng.com/blog/
Peter Czanik (CzP) <peter.czanik at oneidentity.com>
Balabit (a OneIdentity company) / syslog-ng upstream
https://syslog-ng.com/community/
https://twitter.com/PCzanik
More information about the syslog-ng
mailing list