[syslog-ng] Insider 2023-05: learning; UDP; upgrading;
Peter Czanik (pczanik)
Peter.Czanik at oneidentity.com
Thu May 11 09:53:20 UTC 2023
Dear syslog-ng users,
This is the 110th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news.
NEWS
Learning syslog-ng, the easier way
----------------------------------
Last year, one of the returning questions I received was how to learn syslog-ng. My answer was that read the first few chapters of the documentation, read my blogs related to your use case, and then read a few relevant parts from the rest of the documentation. Our documentation is praised by users, but it is still a reference documentation. I was asked if a less detailed, more to the point, preferably video tutorial is available.
Your request was heard. In the past couple of months, I published a tutorial series in blog and video format, which brings you from basic logging concepts to using syslog-ng to collect, parse, enrich log messages and store them to Elasticsearch. Of course, these 5-10 minute videos are not enough to learn anything in depth, but they introduce you to all major syslog-ng functionalities.
https://www.syslog-ng.com/community/b/blog/posts/learning-syslog-ng-the-easier-way
Why syslog over UDP loses messages and how to avoid that
--------------------------------------------------------
Message loss related resiliency with regards to syslog over UDP has always been a problem. Users who start looking at these metrics generally report a 30-40% loss of messages for syslog over UDP, but drops of up to 90% are not unheard of. Let me get to the bottom of the reasons why messages are dropped and how these problems can be solved, or at least mitigated.
https://axoflow.com/syslog-over-udp-message-loss-1/
Upgrade problems from syslog-ng 3 to 4
--------------------------------------
Version 4 of syslog-ng works perfectly well in version 3 compatibility mode. However, if you want to use the syslog-ng 4 features, you need to be aware of some significant changes. If you have a simple configuration, like those in Linux distributions, then simply rewriting the version string is most likely enough. However, if you use PatternDB or JSON parsing, any Python code, or an Elasticsearch, or MongoDB destination, you have to be aware of the changes.
>From this blog you can learn about type support, how this can affect you, changes in Python support, and some tips how to prepare for the upgrade.
https://www.syslog-ng.com/community/b/blog/posts/upgrade-problems-from-syslog-ng-3-to-4
WEBINARS
* You can browse recordings of past webinars at https://www.syslog-ng.com/events/
Your feedback and news, or tips about the next issue are welcome. To read this newsletter online, visit: https://syslog-ng.com/blog/
Peter Czanik (CzP) <peter.czanik at oneidentity.com>
Balabit (a OneIdentity company) / syslog-ng upstream
https://syslog-ng.com/community/
https://twitter.com/PCzanik
More information about the syslog-ng
mailing list