[syslog-ng] The syslog-ng Insider 2024-03: MacOS; OpenTelemetry;

Peter Czanik (pczanik) Peter.Czanik at oneidentity.com
Thu Mar 14 13:43:22 UTC 2024


Dear syslog-ng users,

This is the 118th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news.

NEWS

Native MacOS source in syslog-ng
--------------------------------
You know that support for MacOS is important when every third visitor at the syslog-ng booth of Red Hat Summit asks if syslog-ng works on MacOS. With the upcoming syslog-ng version 4.6.0, syslog-ng not only compiles on MacOS, but it also collects local log messages natively.
>From this blog you can learn how to compile syslog-ng yourself, options of the MacOS source, and also a bit of history.
https://www.syslog-ng.com/community/b/blog/posts/native-macos-source-in-syslog-ng

Using OpenTelemetry between syslog-ng instances
-----------------------------------------------
Do you have to forward large amounts of logs between two syslog-ng instances? OTLP (OpenTelemetry protocol) support in syslog-ng can solve this problem. Just like the ewmm() destination, syslog-ng-otlp() forwards most name-value pairs, however, unlike a tcp() connection, it scales well with multiple CPU cores.
Support for OpenTelemetry was added to syslog-ng a couple of releases ago. OpenTelemetry is an observability framework, mainly used in Linux / Cloud / Kubernetes environments. However, I already had users asking to make this feature available on FreeBSD. (It already worked once, but now it fails to compile again.)
Version 4.6.0 added many new OTLP-related enhancements. Batching and multiple workers make OTLP connections significantly faster, while compression can save you bandwidth at the expense of some more CPU usage. This changes the syslog-ng-otlp() destination from an interesting experiment into something really useful. It enables you to send a lot more log messages between two syslog-ng instances than with a tcp() connection, while using less bandwidth.
https://www.syslog-ng.com/community/b/blog/posts/using-opentelemetry-between-syslog-ng-instances

Collecting even more logs on MacOS using syslog-ng
--------------------------------------------------
Version 4.6.0 of syslog-ng features not just a new, native log collector for MacOS, but also darwin-oslog-stream(), which can also collect non-persistent log events. Beware that it can collect many megabytes of logs even in just a few minutes! However, if you need to debug MacOS, these logs might come handy.
https://www.syslog-ng.com/community/b/blog/posts/collecting-even-more-logs-on-macos-using-syslog-ng


WEBINARS

* You can browse recordings of past webinars at https://www.syslog-ng.com/events/

Your feedback and news, or tips about the next issue are welcome. To read this newsletter online, visit: https://syslog-ng.com/blog/


Peter Czanik (CzP) <peter.czanik at oneidentity.com>
Balabit (a OneIdentity company) / syslog-ng upstream
https://syslog-ng.com/community/
https://twitter.com/PCzanik


More information about the syslog-ng mailing list