From Peter.Czanik at oneidentity.com Thu May 9 09:45:15 2024 From: Peter.Czanik at oneidentity.com (Peter Czanik (pczanik)) Date: Thu, 9 May 2024 09:45:15 +0000 Subject: [syslog-ng] The syslog-ng Insider 2024-05: documentation; grouping-by(); PAM Essentials; health Message-ID: Dear syslog-ng users, This is the 120th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news. NEWS The official syslog-ng OSE documentation got a new look ------------------------------------------------------- The syslog-ng Administration Guide received a new look and easier navigation. Not only that, but it is also up-to-date now. Besides, there are now contributor guides available both for the documentation and for syslog-ng developers. The admin guide is available at: https://syslog-ng.github.io/admin-guide/README You can reach all syslog-ng OSE-related documentation at: https://syslog-ng.github.io/ If you find any issues, pull requests and problem reports are welcome. The contributor guide describes how you can fix / extend the documentation. You can report issues at: https://github.com/syslog-ng/syslog-ng.github.io/issues Aggregating messages in syslog-ng using grouping-by() ----------------------------------------------------- Sometimes you have many log messages from an app, but none of them have the exact content you need. This is where the grouping-by() parser of syslog-ng can help. It allows you to aggregate information from multiple log messages into a single message. In this blog, I will show you how to parse sshd logs using the patterndb parser of syslog-ng, and then create an aggregate message from the opening and closing log message using grouping-by. https://www.syslog-ng.com/community/b/blog/posts/aggregating-messages-in-syslog-ng-using-grouping-by Alerting on One Identity Cloud PAM Essentials logs using syslog-ng -------------------------------------------------- One Identity Cloud PAM Essentials is the latest security product by One Identity. It provides asset management as well as secure and monitored remote access for One Identity Cloud users to hosts on their local network. I had a chance to test PAM Essentials while still in development. While there, I also integrated it with syslog-ng. >From my previous blog, you could learn what PAM Essentials is, and how you can collect its logs using syslog-ng. This blog will show you how to work with the collected log messages and create alerts when somebody connects to a host on your local network using PAM Essentials. https://www.syslog-ng.com/community/b/blog/posts/alerting-on-one-identity-cloud-pam-essentials-logs-using-syslog-ng The syslog-ng health check -------------------------- Version 4.2 of syslog-ng introduced a healthcheck option to syslog-ng-ctl. It prints three syslog-ng-related metrics on screen ? if it can reach syslog-ng, that is. You can use it from scripts to monitor the health of syslog-ng. https://www.syslog-ng.com/community/b/blog/posts/the-syslog-ng-health-check WEBINARS * You can browse recordings of past webinars at https://www.syslog-ng.com/events/ Your feedback and news, or tips about the next issue are welcome. To read this newsletter online, visit: https://syslog-ng.com/blog/ Peter Czanik (CzP) Balabit (a OneIdentity company) / syslog-ng upstream https://syslog-ng.com/community/ https://twitter.com/PCzanik