[syslog-ng] The syslog-ng Insider 2024-04: PAM Essentials; XML Eventlog; multi-line logs

Peter Czanik (pczanik) Peter.Czanik at oneidentity.com
Thu Apr 11 11:52:01 UTC 2024 

Dear syslog-ng users,

This is the 119th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news.

NEWS

Collecting One Identity Cloud PAM Essentials logs using syslog-ng
-----------------------------------------------
One Identity Cloud PAM Essentials is the latest security product by One Identity. It provides asset management as well as secure and monitored remote access for One Identity Cloud users to hosts on their local network. I had a chance to test PAM Essentials while still in development. While there, I also integrated it with syslog-ng.
>From this blog, you can learn what PAM Essentials is, and how you can collect its logs using syslog-ng. My next blog will show you how to work with the collected log messages and create alerts when somebody connects to a host on your local network using PAM Essentials.
https://www.syslog-ng.com/community/b/blog/posts/collecting-one-identity-cloud-pam-essentials-logs-using-syslog-ng 

Dedicated Windows XML eventlog parser in syslog-ng
--------------------------------------------------
Version 4.6 of syslog-ng introduced windows-eventlog-xml-parser(), a dedicated parser for XML-formatted event logs from Windows. It makes the EventData portion of log messages more useful, as it combines two arrays into a list of name-value pairs.
https://www.syslog-ng.com/community/b/blog/posts/dedicated-windows-xml-eventlog-parser-in-syslog-ng 

Working with multi-line logs in syslog-ng
-----------------------------------------
Most log messages fit on a single line. However, Windows and some developer tools and services, like Tomcat, write multi-line log messages. These can come in various formats. For example, new log messages start with a date in a specific format. You use the multi-line-prefix() of the syslog-ng file() source to send multi-line messages as single messages instead of line by line.
I must admit that I have never seen multi-line logs in production. I am not a developer, do not run Tomcat or Windows. However, recently I tested a software on Windows, which produced multi-line log messages.
https://www.syslog-ng.com/community/b/blog/posts/working-with-multi-line-logs-in-syslog-ng 

WEBINARS

* You can browse recordings of past webinars at https://www.syslog-ng.com/events/

Your feedback and news, or tips about the next issue are welcome. To read this newsletter online, visit: https://syslog-ng.com/blog/

Peter Czanik (CzP) <peter.czanik at oneidentity.com>
Balabit (a OneIdentity company) / syslog-ng upstream
https://syslog-ng.com/community/
https://twitter.com/PCzanik

More information about the syslog-ng mailing list