In my previous #OneIdentity Active Roles blog, you learned how to forward #Active #Roles logs to a central #syslog_ng server to parse and store the logs. In this blog, I’ll show you how to:

- Work with parsed Active Roles logs.
- Store #logs to various document stores.
- Prepare long-term storage.
- Send #alerts for some critical events.

https://www.syslog-ng.com/community/b/blog/posts/working-with-parsed-active-roles-logs-in-syslog-ng

Even if this blog about commercial software, the name-value pairs concept is the same in the #opensource syslog-ng.

Need a reference guide for the Syslog protocol? #Graylog's Jeff Darrington's got you covered!

Check out this guide which covers:
RFC 3164 (BSD Syslog Protocol)
RFC 5424 (Structured Syslog Protocol)
RFC 3195 (Reliable Delivery for Syslog)
RFC 6587 (Syslog over TCP)
Syslog Kafka (formatted as per RFC 3164 or RFC 5424)
Syslog AMQP (Advanced Message Queuing Protocol)
Syslog TCP/UDP (Multiline format)

#Syslog is a logging protocol that is supported across many applications as well as hardware, and despite having been developed in the 1980s is still a very common format in use today. Many newer logging formats have come out over the years, but Syslog will still be with us for quite some time.

https://graylog.org/post/syslog-protocol-a-reference-guide/ #logmanagement #loganalysis #cybersecurity

#syslog_ng 4.8.1 is now available in #EPEL 10, so you do not have to use the testing repository anymore. Thanks everyone for the feedback!
However, support for #Elasticsearch 7+ is broken in this release. Learn how to fix this problem!
https://www.syslog-ng.com/community/b/blog/posts/syslog-ng-ose-4-8-1-is-now-in-epel-10-quick-fix-for-elasticsearch
#LogManagement

Last December, I added support for #EPEL 10 in my unofficial #syslog_ng Git snapshot repository. This week, I call for #testing the official syslog-ng EPEL 10 package.

https://www.syslog-ng.com/community/b/blog/posts/syslog-ng-is-coming-to-epel-10

#CentOS Stream 10 and #EPEL 10 just became available, and as usual, I tried to build #syslog_ng as soon as possible. For now it is available in my syslog-ng git snapshot repository, but I am also planning to make it available in EPEL 10 soon.

https://www.syslog-ng.com/community/b/blog/posts/test-syslog-ng-on-epel-10

Last week I introduced you to my latest project: a #syslog_ng #container based on @almalinux . This week I added a syslog-ng #Prometheus #exporter to the container, so you can also monitor syslog-ng, if you enable it.

https://www.syslog-ng.com/community/b/blog/posts/syslog-ng-prometheus-exporter-added-to-rpm-syslog-ng-container-image

If you already know some #syslog_ng configuration bulding blocks, but you have no idea how to build a configuration from them:

https://www.syslog-ng.com/community/b/blog/posts/developing-a-syslog-ng-configuration

This blog helps you to develop a syslog-ng configuration from the very basics to complex.
#LogManagement

#syslog_ng 4.8.1 was released recently. It is primarily a #bugfix release, but some minor features also slipped in. From this blog, you can learn what changed in syslog-ng 4.8.1 and where you can get its latest stable version.

https://www.syslog-ng.com/community/b/blog/posts/version-4-8-1-of-syslog-ng-is-now-available

Syslog-ng needs some #karma on @fedora:

https://peter.czanik.hu/other/syslog-ng-481-fedora-karma/

Version 4.8.1 of syslog-ng is now available. The focus of this release was bug fixing, but there are a few minor new features also available, like #macports support and #ElasticSearch datastream support. For details check:

https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.8.1

Our enthusiastic community helps fixing & enhancing #syslog_ng. Thanks to this, there is a new syslog-ng-devel port in #macports, where you can enable almost all syslog-ng features even for older #MacOS versions and #PowerPC hardware.

https://www.syslog-ng.com/community/b/blog/posts/huge-improvements-for-syslog-ng-in-macports

IT increasingly runs on #Linux. And, as more and more of your #dev and IT environments rely on this open-source operating system, knowing which 25 Linux logs are important to collect and monitor can help you investigate performance issues and #security incidents faster.

Learn all about how to read Linux logs, the specific 25 critical logs that are good to collect and monitor, and how managing Linux logs will greatly help you improve your operations and security.

https://graylog.org/post/25-linux-logs-to-collect-and-monitor/ #ITadmin #cybersecurity #logmanagement

Why it is useful to set the version number in the syslog-ng configuration? Yes, it is annoying. Yes, it can be worked around. But it is useful.

https://www.syslog-ng.com/community/b/blog/posts/why-it-is-useful-to-set-the-version-number-in-the-syslog-ng-configuration

Last time we looked at how syslog-ng can send logs to #Quickwit using its #Elasticsearch compatible API. This time we are going to look at how to use the #OpenTelemetry protocol to send logs to Quickwit with #syslog_ng.

https://www.syslog-ng.com/community/b/blog/posts/sending-logs-to-quickwit-using-the-opentelemetry-destination-of-syslog-ng

Thanks for all the reports about the #syslog_ng website problems. Yes, my #blog looks a bit "funny", but still easy to read. IT is working on it, so it should be back to normal hopefully soon.

https://www.syslog-ng.com/community/b/blog/

We are always looking for new ways to store log messages. #Quickwit is a new contender, designed for #log #storage, and among others, it also provides an #Elasticsearch-compatible #API.

https://www.syslog-ng.com/community/b/blog/posts/first-steps-with-quickwit-and-syslog-ng

Do you use the pipe() source in syslog-ng? My git snapshot repos for @opensuse / #SLES and @fedora / #RHEL fix a recently introduced problem. Installation instructions:

https://www.syslog-ng.com/community/b/blog/posts/rpm-packages-from-syslog-ng-git-head/

Giving titles for my blogs is sometimes fun: "When it comes to sudo logging, pretty is not always better"

https://www.sudo.ws/posts/2024/04/when-it-comes-to-sudo-logging-pretty-is-not-always-better/

It's about the new json_compact option coming soon to @sudoproject 1.9.16
#SIEM #LogManagement

Setting the version number in the #syslog_ng configuration is annoying. Why is it still useful?

https://www.syslog-ng.com/community/b/blog/posts/why-it-is-useful-to-set-the-version-number-in-the-syslog-ng-configuration

#LogManagement syslog-ng

I am proud to announce the availability of syslog-ng version 4.8.0. It improves file reading and directory monitoring resource usage on #FreeBSD and #MacOS systems, and improves #S3 support.
For details, check the #syslog_ng release notes at https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.8.0
#LogManagement