From Peter.Czanik at oneidentity.com Thu Apr 10 09:39:42 2025 From: Peter.Czanik at oneidentity.com (Peter Czanik (pczanik)) Date: Thu, 10 Apr 2025 09:39:42 +0000 Subject: [syslog-ng] The syslog-ng Insider 2025-04: Elasticsearch beta; Active Roles; RHEL UBI Message-ID: Dear syslog-ng users, This is the 130th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news. NEWS Testing Elasticsearch 9.0.0 beta1 with syslog-ng ------------------------------------------------ Each time a new major Elasticsearch version is released, someone asks if it works with syslog-ng. So I gave it a quick test and based on that, it works fine. But of course, some terms and conditions apply? :-) https://www.syslog-ng.com/community/b/blog/posts/testing-elasticsearch-9-0-0-beta1-with-syslog-ng Working with parsed Active Roles logs in syslog-ng -------------------------------------------------- In my previous Active Roles blog, you learned how to forward Active Roles logs to a central syslog-ng server to parse and store the logs. In this blog, I?ll show you how to: - Work with parsed Active Roles logs. - Store logs to various document stores. - Prepare long-term storage. - Send alerts for some critical events. https://www.syslog-ng.com/community/b/blog/posts/working-with-parsed-active-roles-logs-in-syslog-ng Running syslog-ng PE in RHEL UBI --------------------------------- Recently I have posted a Dockerfile to run syslog-ng in an Alma Linux container. I got some encouraging feedback, so this week I experimented with syslog-ng Premium Edition (PE) in a RHEL UBI (Universal Base Image) container. While this is not officially supported by One Identity, we are really interested in your feedback. https://www.syslog-ng.com/community/b/blog/posts/running-syslog-ng-pe-in-rhel-ubi WEBINARS * You can learn about upcoming webinars and browse recordings of past webinars at https://www.syslog-ng.com/events/ Your feedback and news, or tips about the next issue are welcome. To read this newsletter online, visit: https://syslog-ng.com/blog/ Peter Czanik (CzP) Balabit (a OneIdentity company) / syslog-ng upstream https://syslog-ng.com/community/ https://twitter.com/PCzanik From mark.faine at nasa.gov Thu Apr 17 17:43:29 2025 From: mark.faine at nasa.gov (Faine, Mark R. (MSFC-IS64)[AEGIS]) Date: Thu, 17 Apr 2025 17:43:29 +0000 Subject: [syslog-ng] Breaking changes between versions Message-ID: I need to go from 3.31.2 to 3.37.1. Should I expect any breaking changes? Also, Redhat Insights is reporting that syslog-ng and syslog-ng-logrotate are signed with SHA1, are the newer packages signed with SHA2? Red Hat recommends that you adopt any of the options below: * Contact vendors of the packages to ask for new builds signed with supported signatures and re-install the new packages, * Resign packages with your own SHA-2 key or completely remove packages until a new build with SHA-2 signature is available from the 3rd-party vendor Thanks, Mark -------------- next part -------------- An HTML attachment was scrubbed... URL: From Peter.Czanik at oneidentity.com Tue Apr 22 06:56:58 2025 From: Peter.Czanik at oneidentity.com (Peter Czanik (pczanik)) Date: Tue, 22 Apr 2025 06:56:58 +0000 Subject: [syslog-ng] Breaking changes between versions In-Reply-To: References: Message-ID: Hi, These are releases from many years ago, so I had to check the release notes. Normally there are no breaking changes, and we are careful about backwards compatibility. I could not find anything obvious in the release notes, so I would not expect any issues upgrading. However, as always, testing with production logs is still recommended. If you are upgrading from one point release to another one, I assume that you use my Copr packages. The versioned repositories are provided for convenience. Larger organizations have problems with the rolling release model, and it makes staying on a fixed syslog-ng release possible. Also, I do not have any influence on how packages are signed, that is something internal to Copr. Normally only the latest syslog-ng Copr repo is actively receiving fixes (syslog-ng48 as of right now). However, we might experiment a bit here, I put this on my ToDo list. Peter Peter Czanik (CzP) Balabit (a OneIdentity company) / syslog-ng upstream https://syslog-ng.com/community/ https://twitter.com/PCzanik ________________________________ From: syslog-ng on behalf of Faine, Mark R. (MSFC-IS64)[AEGIS] Sent: Thursday, April 17, 2025 19:43 To: Syslog-ng users' and developers' mailing list Subject: [syslog-ng] Breaking changes between versions CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe. I need to go from 3.31.2 to 3.37.1. Should I expect any breaking changes? Also, Redhat Insights is reporting that syslog-ng and syslog-ng-logrotate are signed with SHA1, are the newer packages signed with SHA2? Red Hat recommends that you adopt any of the options below: * Contact vendors of the packages to ask for new builds signed with supported signatures and re-install the new packages, * Resign packages with your own SHA-2 key or completely remove packages until a new build with SHA-2 signature is available from the 3rd-party vendor Thanks, Mark -------------- next part -------------- An HTML attachment was scrubbed... URL: From mark.faine at nasa.gov Tue Apr 22 21:12:10 2025 From: mark.faine at nasa.gov (Faine, Mark R. (MSFC-IS64)[AEGIS]) Date: Tue, 22 Apr 2025 21:12:10 +0000 Subject: [syslog-ng] [EXTERNAL] [BULK] Re: Breaking changes between versions In-Reply-To: References: Message-ID: Thanks, I will see if I can get a newer release from COPR. -Mark From: syslog-ng On Behalf Of Peter Czanik (pczanik) Sent: Tuesday, April 22, 2025 01:57 To: Syslog-ng users' and developers' mailing list Subject: [EXTERNAL] [BULK] Re: [syslog-ng] Breaking changes between versions CAUTION: This email originated from outside of NASA. Please take care when clicking links or opening attachments. Use the "Report Message" button to report suspicious messages to the NASA SOC. Hi, These are releases from many years ago, so I had to check the release notes. Normally there are no breaking changes, and we are careful about backwards compatibility. I could not find anything obvious in the release notes, so I would not expect any issues upgrading. However, as always, testing with production logs is still recommended. If you are upgrading from one point release to another one, I assume that you use my Copr packages. The versioned repositories are provided for convenience. Larger organizations have problems with the rolling release model, and it makes staying on a fixed syslog-ng release possible. Also, I do not have any influence on how packages are signed, that is something internal to Copr. Normally only the latest syslog-ng Copr repo is actively receiving fixes (syslog-ng48 as of right now). However, we might experiment a bit here, I put this on my ToDo list. Peter Peter Czanik (CzP) Balabit (a OneIdentity company) / syslog-ng upstream https://syslog-ng.com/community/ https://twitter.com/PCzanik ________________________________________ From: syslog-ng on behalf of Faine, Mark R. (MSFC-IS64)[AEGIS] Sent: Thursday, April 17, 2025 19:43 To: Syslog-ng users' and developers' mailing list Subject: [syslog-ng] Breaking changes between versions CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe. I need to go from 3.31.2 to 3.37.1. Should I expect any breaking changes? Also, Redhat Insights is reporting that syslog-ng and syslog-ng-logrotate are signed with SHA1, are the newer packages signed with SHA2? Red Hat recommends that you adopt any of the options below: * Contact vendors of the packages to ask for new builds signed with supported signatures and re-install the new packages, * Resign packages with your own SHA-2 key or completely remove packages until a new build with SHA-2 signature is available from the 3rd-party vendor Thanks, Mark From dbeecher at tekops.com Thu Apr 24 20:35:48 2025 From: dbeecher at tekops.com (David Beecher) Date: Thu, 24 Apr 2025 15:35:48 -0500 Subject: [syslog-ng] is multi-line support available? Message-ID: Hello, The available packages for linux do not seem to include "multi-line" and I downloaded the repository from git and tried to build with multi-line and it won't build completely.? I need multiline to support tomcat logs, etc... am I going in the wrong direction? Thanks, David -- *David Beecher, President and CEO 720.729.0404 x8101* TekOps, Inc. We solve SoHo business needs! We bring enterprise solutions to SoHo business Websites, Email, Telephone Integration, CRM, Helpdesk, Intranet, and more /This email may contain data that is confidential, proprietary or "non-public personal information," as that term is defined in the Gramm-Leach-Bliley Act (collectively, "Confidential Information"). The Confidential Information is disclosed conditioned upon your agreement that you will treat it confidentially and in accordance with applicable law, ensure that such data is nto used or disclosed except for the limited purpose for which it's being provided and will ntoify and cooperate with us regarding any requested or unauthorized disclosure or use of any Confidential Information. By accepting and reviewing the Confidential Information you agree to indemnify us against any losses or expenses, including attorney's fees that we may incur as a result of any unauthorized use or disclosure of this data due to your acts or omissions. If a party other than the intended recipient receives this e-mail you are requested to instantly notify us of the erroneous delivery and return to us all dat so delivered./ -------------- next part -------------- An HTML attachment was scrubbed... URL: From Peter.Czanik at oneidentity.com Thu Apr 24 20:47:00 2025 From: Peter.Czanik at oneidentity.com (Peter Czanik (pczanik)) Date: Thu, 24 Apr 2025 20:47:00 +0000 Subject: [syslog-ng] is multi-line support available? In-Reply-To: References: Message-ID: Hi, Multi-line is not a separate module, but the integral part of several syslog-ng drivers. I do not know from the top of my head where it is supported, but I used it with the wildcard-file source recently. See for example: https://syslog-ng.github.io/admin-guide/060_Sources/030_Wildcard-file/000_Wildcard-file_options#multi-line-mode Peter Peter Czanik (CzP) Balabit (a OneIdentity company) / syslog-ng upstream https://syslog-ng.com/community/ https://twitter.com/PCzanik ________________________________ From: syslog-ng on behalf of David Beecher Sent: Thursday, April 24, 2025 22:35 To: syslog-ng at lists.balabit.hu Subject: [syslog-ng] is multi-line support available? CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe. Hello, The available packages for linux do not seem to include "multi-line" and I downloaded the repository from git and tried to build with multi-line and it won't build completely. I need multiline to support tomcat logs, etc... am I going in the wrong direction? Thanks, David -- David Beecher, President and CEO 720.729.0404 x8101 TekOps, Inc. [http://www.tekops.com/images/tklogo_125x105.png] We solve SoHo business needs! We bring enterprise solutions to SoHo business Websites, Email, Telephone Integration, CRM, Helpdesk, Intranet, and more This email may contain data that is confidential, proprietary or "non-public personal information," as that term is defined in the Gramm-Leach-Bliley Act (collectively, "Confidential Information"). The Confidential Information is disclosed conditioned upon your agreement that you will treat it confidentially and in accordance with applicable law, ensure that such data is nto used or disclosed except for the limited purpose for which it's being provided and will ntoify and cooperate with us regarding any requested or unauthorized disclosure or use of any Confidential Information. By accepting and reviewing the Confidential Information you agree to indemnify us against any losses or expenses, including attorney's fees that we may incur as a result of any unauthorized use or disclosure of this data due to your acts or omissions. If a party other than the intended recipient receives this e-mail you are requested to instantly notify us of the erroneous delivery and return to us all dat so delivered. -------------- next part -------------- An HTML attachment was scrubbed... URL: