#OpenObserve has an #Elasticsearch compatible API for log ingestion, but syslog-ng is not mentioned in the documentation. Luckily, as it turned out, OpenObserve has a ready to use #syslog_ng configuration example in the web UI.

https://www.syslog-ng.com/community/b/blog/posts/sending-logs-to-openobserve-using-syslog-ng

#LogManagement

My latest syslog-ng git snapshot RPMs for @fedora / #RHEL are now ready:

https://syslog-ng.com/community/b/blog/posts/rpm-packages-from-syslog-ng-git-head/

This snapshot removes #vim syntax support, as it was moved to a separate repository from
#syslog_ng sources.

Many users are annoyed by the version number included in the syslog-ng configuration. However, it ensures backward compatibility in syslog-ng. It is especially useful when updating to #syslog_ng 4 from version 3, but also for minor releases:

https://www.syslog-ng.com/community/b/blog/posts/backward-compatibility-in-syslog-ng-by-using-the-version-number-in-syslog-ng-conf

#LogManagement

Learn how to develop a syslog-ng #configuration from the ground up! I will explain not just the end result, but also the process and the steps to take to #develop a #syslog_ng configuration.

https://www.syslog-ng.com/community/b/blog/posts/developing-a-syslog-ng-configuration

#LogManagement

You can create a #heatmap of network #attackers using #syslog_ng, #GeoIP and #Kibana. Is it just eye candy? Do you have any practical use for it? I am curious about your opinion / #experience with attack heat maps!

https://www.syslog-ng.com/community/b/blog/posts/creating-heat-maps-using-new-syslog-ng-geoip2-parser

Two weeks passed without new show stopper bugs in syslog-ng, so my syslog-ng-stable repos for @opensuse / #SLES and @fedora / #RHEL are now updated to #syslog_ng 4.3.1:

https://www.syslog-ng.com/community/b/blog/posts/introducing-the-syslog-ng-stable-rpm-repositories

It boosts #MongoDB performance and adds @opentelemetry support, where dependencies are available

Many users are annoyed by the version number in the syslog-ng configuration. However, it ensures backward #compatibility in #syslog_ng. It is especially useful when updating to syslog-ng 4 from version 3, but also when updating within the same major version.

https://www.syslog-ng.com/community/b/blog/posts/backward-compatibility-in-syslog-ng-by-using-the-version-number-in-syslog-ng-conf

The August syslog-ng #newsletter is now available:

- Introducing sngbench: a shell script to #performance test your syslog-ng

- Version 4.3.1 of #syslog_ng available

- Syslog-ng #Python packaging

- Getting syslog-ng 4

https://www.syslog-ng.com/community/b/blog/posts/the-syslog-ng-insider-2023-08-sngbench-4-3-1-release-syslog-ng-4-python

It's fun when you read a documentation and suddenly you see that integration with the software you work on is documented. You open the page, and suddenly there is a link to your blog:

https://zincsearch-docs.zinc.dev/ingestion/syslog-ng/

So, yes, #Zinc works with #syslog_ng, just like #Elasticsearch, @OpenSearchProject or #Humio :)

Recently I was asked if #sigma rules are supported by #syslog_ng:

https://github.com/SigmaHQ/sigma

syslog-ng has message parsing, filtering, can be used for alerting. But I'm not aware of a tool turning Sigma rules into PatternDB and syslog-ng.conf

Syslog-ng can send logs to #splunk, #elastic stack, @OpenSearchProj, @Graylog, all which already have #sigma rules integrations.

Of course many users use/abuse syslog-ng as a kind of #SIEM-lite.

If you already use syslog-ng with #Sigma rules: let me know!

I have just finished my first syslog-ng git snapshot build since the #syslog_ng 4.3.1 release. It works fine on my @opensuse laptop :-)

I also updated my #FreeBSD repo for syslog-ng port snapshots:

https://www.syslog-ng.com/community/b/blog/posts/installing-a-syslog-ng-4-development-snapshot-on-freebsd

Practically, only the version changed in the Makefile.

Version 4.3.1 of syslog-ng is now available. It fixes a crash bug in #Python support, and adds @OpenSearchProject support:

https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.3.1

Note: #OpenSearch worked with previous #syslog_ng releases using the elasticsearch-http() driver perfectly, it just makes it even easier.

One of the highlights of the syslog-ng 4.3.0 release is #parallelize().

https://www.syslog-ng.com/community/b/blog/posts/accelerating-single-tcp-connections-in-syslog-ng-parallelize

It allows #syslog_ng to process log messages from a single high-traffic #TCP connection in multiple threads, thus increasing processing #performance on multi-core machines.

Do you use the #MongoDB destination of syslog-ng? You should update to the latest #syslog_ng version, as it contains significant #performance improvements:

https://www.syslog-ng.com/community/b/blog/posts/the-syslog-ng-mongodb-destination-receives-bulk-operations-support

The MongoDB destination received bulk operations support.

One of the returning questions I received recently: why #contribute to the syslog-ng #upstream? I guess it is a question many #opensource projects receive regularly. There are many generic answers. Here I would like to focus more on #syslog_ng.

https://www.syslog-ng.com/community/b/blog/posts/why-contribute-to-syslog-ng-upstream

Leaving my hotel towards @passthesaltcon . In the morning I double checked the configurations for my #syslog_ng workshop, and had an exciting debug session. My sample syslog-ng configurations are old: #elasticsearch now has authentication and encryption by default 😉

Arrived safely in Lille for @passthesaltcon. News are full with #riots in #France. Other than a bit more police on the the streets than usual, I have not seen anything from it. Everything feels completely safe.

Time to check my #syslog_ng slides for tomorrow: https://cfp.pass-the-salt.org/pts2023/talk/USSHMR/

The #MongoDB destination of #syslog_ng will receive another performance update. Starting with the upcoming version 4.3, it will support #bulk operations. Depending on the configuration settings, this may result in a more than 300% performance increase.

https://www.syslog-ng.com/community/b/blog/posts/the-syslog-ng-mongodb-destination-receives-bulk-operations-support

By this time next week I'll already be in Lille, France for @passthesaltcon:

https://2023.pass-the-salt.org/

I'll give a talk on what is new in syslog-ng 4 and a #syslog_ng tutorial. I'll not just talk, but also listen: Pass the SALT is full with fantastic #infosec talks.

Learning syslog-ng has never been easier. My #syslog_ng tutorial is now available on-line:

https://peter.czanik.hu/posts/syslog-ng-tutorial-toc/

@passthesaltcon will host my syslog-ng workshop live on the first week of July in Lille, France:

https://pass-the-salt.org/

It's small, but my favorite #infosec conf.