Last week, I posted about running nightly syslog-ng container images on arm64. However, you can also install syslog-ng directly on the host (in my case, a Raspberry Pi 3), running the latest Raspberry OS. Read more at https://www.syslog-ng.com/community/b/blog/posts/installing-nightly-syslog-ng-arm64-packages-on-a-raspberry-pi syslog-ng logo| Random thoughts of Peter 'CzP' Czanik
Recently we enabled nightly syslog-ng builds and container builds for arm64. It means that from now on, you can run the latest syslog-ng on 64bit ARM platforms. For this test, I used a Raspberry Pi 3 running the latest Raspberry Pi OS. As I use Podman everywhere else (I am an openSUSE / Fedora guy), I also installed it here for container management. Read more at https://www.syslog-ng.com/community/b/blog/posts/nightly-arm64-syslog-ng-container-builds-are-now-available syslog-ng logo| peter.czanik.hu
For many years, the development of syslog-ng happened on the master branch in Git. However, if you follow that branch, you might have noticed that there has not been much activity on it lately. That is because we introduced a new branch in git called “develop”. https://www.syslog-ng.com/community/b/blog/posts/introducing-the-develop-branch-of-the-syslog-ng-git-repo syslog-ng logo| peter.czanik.hu
The March syslog-ng newsletter is now on-line: Test syslog-ng on EPEL 10! Collecting Active Roles logs centrally using the syslog-ng Windows Agent syslog-ng OSE 4.8.1 is now in EPEL 10, quick fix for Elasticsearch It is available at https://www.syslog-ng.com/community/b/blog/posts/the-syslog-ng-insider-2025-03-epel-10-elasticsearch-active-roles syslog-ng logo| peter.czanik.hu
In my previous OneIdentity Active Roles blog, you learned how to forward Active Roles logs to a central syslog-ng server to parse and store the logs. In this blog, I’ll show you how to: Work with parsed Active Roles logs. Store logs to various document stores. Prepare long-term storage. Send alerts for some critical events. Even if this blog about commercial software, the name-value pairs concept I describe in this blog in depth is the same in the open source syslog-ng.| peter.czanik.hu
One Identity Active Roles allows you to easily and securely manage Active Directory (AD), Entra ID and M365 Identity objects. While Active Roles stores its log messages into Windows Event Log, most log management and log analytics applications expect to receive log messages over the syslog protocol. This is where syslog-ng Premium Edition (PE) can help you. The syslog-ng Windows Agent can collect and forward Active Roles log messages from Windows Event Log, while the syslog-ng server can coll...| peter.czanik.hu
Those who follow me on LinkedIn might have seen an automatic post about my work anniversary. Well, almost nothing of that post is true, but I still consider it to be my real starting date. However, the official date is also impressive: 11.5 years, almost three times the industry average spent at the same workplace. So, why do I say that the LinkedIn post is not true? Well, because all its major facts are wrong.| peter.czanik.hu
The December syslog-ng newsletter is now on-line: A syslog-ng container image based on Alpine Linux Call for testing: syslog-ng in openSUSE Leap 16.0 Experimental syslog-ng container image based on Alma Linux It is available at https://www.syslog-ng.com/community/b/blog/posts/the-syslog-ng-insider-2025-01-alpine-linux-leap-16-0-alma-linux syslog-ng logo| peter.czanik.hu
Last December, I added support for EPEL 10 in my unofficial syslog-ng Git snapshot repository. This week, I call for testing the official syslog-ng EPEL 10 package. Once I saw in my unofficial syslog-ng repo that syslog-ng compiles fine on EPEL 10, I also started to work on the official package. I hit a roadblock immediately: ivykis (a mandatory dependency of syslog-ng) was missing from EPEL 10. So, right before the Christmas holidays, I submitted two missing dependencies I maintain (ivykis a...| peter.czanik.hu
CentOS Stream 10 and EPEL 10 just became available, and as usual, I tried to build syslog-ng as soon as possible. For now it is available in my git snapshot repository, but I am also planning to make it available in EPEL 10 soon. Read more at https://www.syslog-ng.com/community/b/blog/posts/test-syslog-ng-on-epel-10 syslog-ng logo| peter.czanik.hu
Recently I was asked why the syslog-ng newsletter looks odd. At first I did not even understand what is the problem. Then I realized that I kept using the same format for the past 14 years, that was optimized for UNIX terminals :-) So, what is the problem? 14 years ago I was kindly asked by syslog-ng users to use plain text e-mails instead of HTML formatting. Of course it also means that there is no easy way to emphasize titles in the newsletter.| peter.czanik.hu
The December syslog-ng newsletter is now on-line: FreeBSD audit source for syslog-ng Version 4.8.1 of syslog-ng is now available Where should I present syslog-ng and sudo? It is available at https://www.syslog-ng.com/community/b/blog/posts/the-syslog-ng-insider-2024-12-freebsd-audit-4-8-1-conferences syslog-ng logo| peter.czanik.hu
Last week I introduced you to my latest project: a syslog-ng container based on Alma Linux. This week I added a syslog-ng Prometheus exporter to the container, so you can also monitor syslog-ng, if you enable it. syslog-ng logo| peter.czanik.hu
The official syslog-ng container image is based on Debian Stable. However, we’ve been getting requests for an RPM-based image for many years. So, I made an initial version available based on Alma Linux and now I need your feedback about it! This image uses the “init” variant of Alma Linux 9 containers as a base image. What does this mean? Well, it uses systemd service management inside, making it possible to run multiple services from a single container.| peter.czanik.hu
The November syslog-ng newsletter is now on-line: A call for syslog-ng testing Working with Quickwit Huge improvements for syslog-ng in MacPorts It is available at https://www.syslog-ng.com/community/b/blog/posts/the-syslog-ng-insider-2024-11-testing-quickwit-macports syslog-ng logo| peter.czanik.hu
Last week, I submitted syslog-ng to openSUSE Leap 16.0. While the distro is still in a pre-alpha stage, everything already works for me as expected. Well, except for syslog-ng, where I found a number of smaller problems. As such, this blog is a call for testing, both for syslog-ng on openSUSE Leap 16.0 and also for the distribution itself. Read the rest at https://www.syslog-ng.com/community/b/blog/posts/call-for-testing-syslog-ng-in-opensuse-leap-16-0 syslog-ng logo| peter.czanik.hu
Recently, someone suggested I should check out Alpine Linux and prepare a syslog-ng container image based on it. While not supported by the syslog-ng project, an Alpine-based syslog-ng container image already exist as part of the Linuxserver project. Read more at https://www.syslog-ng.com/community/b/blog/posts/a-syslog-ng-container-image-based-on-alpine-linux syslog-ng logo| peter.czanik.hu
Recently I was asked the same question both at my workplace and at EuroBSDCon, the conference where I was presenting: where do you talk next? I had no definite answer. Of course, I am looking forward to the FOSDEM CfP, but I am also looking for new conferences to present syslog-ng and sudo. Do you have any recommendations? You can read the rest of my blog at https://www.syslog-ng.com/community/b/blog/posts/where-should-i-present-syslog-ng-and-sudo syslog-ng logo Sudo logo| peter.czanik.hu
The September syslog-ng newsletter is now available: Improved FreeBSD and MacOS support in 4.8.0 Setting the version number in the syslog-ng configuration Switching containers from Debian Testing to Stable You can read it at: https://www.syslog-ng.com/community/b/blog/posts/the-syslog-ng-insider-2024-10-4-8-0-release-version-number-debian-stable syslog-ng logo| peter.czanik.hu
Version 4.8.1 of syslog-ng was released last week. It is a bugfix release, and it contains fixes for problems also reported by members of the Fedora community. The Fedora 41 release is near, so package updates now need some additional testing, and “karma” in Bodhi. You can find information on how to install syslog-ng 4.8.1 from a testing repo on Fedora 41 beta at https://bodhi.fedoraproject.org/updates/FEDORA-2024-4e812b8a23. This is also the place where you can provide feedback and karma.| peter.czanik.hu
Two weeks ago, I was at EuroBSDcon and received a feature request for syslog-ng. The user wanted to collect FreeBSD audit logs together with other logs using syslog-ng. Writing a native driver in C is time consuming. However, creating an integration based on the program() source of syslog-ng is not that difficult. This blog shows you the current state of the FreeBSD audit source, how it works, and its limitations. It is also a request for feedback.| peter.czanik.hu
EuroBSDCon was fantastic, as always :-) I talked to many interesting people during the four days about sudo and syslog-ng, and of course also about many other topics. I gave a sudo tutorial, and it went well, with some “students” already planning which features to implement at home. There were many good talks, including one from Dr. Marshall Kirk McKusick, who was with the FreeBSD project right from the beginning, and worked on BSD even earlier.| peter.czanik.hu
Last week I wrote about a campaign that we started to resolve issues on GitHub. Some of the fixes are coming from our enthusiastic community. Thanks to this, there is a new syslog-ng-devel port in MacPorts, where you can enable almost all syslog-ng features even for older MacOS versions and PowerPC hardware. Some of the freshly enabled modules include support for Kafka, GeoIP or OpenTelemetry. From this blog entry, you can learn how to install a legacy or an up-to-date syslog-ng version from ...| peter.czanik.hu
The September syslog-ng newsletter is now on-line: You can also contribute to the syslog-ng OSE documentation The $TRANSPORT macro of syslog-ng Rolling RPM platforms added to the syslog-ng package build system It is available at https://www.syslog-ng.com/community/b/blog/posts/the-syslog-ng-insider-2024-09-documentation-transport-macro-rolling-rpms syslog-ng logo| peter.czanik.hu
Last time we looked at how syslog-ng can send logs to Quickwit using its Elasticsearch compatible API. This time we are going to look at how to use the OpenTelemetry protocol to send logs to Quickwit with syslog-ng. Read more at https://www.syslog-ng.com/community/b/blog/posts/sending-logs-to-quickwit-using-the-opentelemetry-destination-of-syslog-ng syslog-ng logo| peter.czanik.hu
We are always looking for new ways to store log messages. Quickwit is a new contender, designed for log storage, and among others, it also provides an Elasticsearch-compatible API. From this blog, you can learn about Quickwit, and how to forward log messages from syslog-ng to it using the Elasticsearch-compatible API. Read more at https://www.syslog-ng.com/community/b/blog/posts/first-steps-with-quickwit-and-syslog-ng syslog-ng logo| peter.czanik.hu
For many years, the official syslog-ng container and development containers were based on Debian Testing. We are switching to Debian Stable now. Learn about the history and the reasons for the change now. Read more at https://www.syslog-ng.com/community/b/blog/posts/we-are-switching-syslog-ng-containers-from-debian-testing-to-stable syslog-ng logo| peter.czanik.hu
The August syslog-ng newsletter is now on-line: Version 4.8.0 of syslog-ng improves FreeBSD and MacOS support syslog-ng Prometheus exporter Experimental syslog-ng packages for Amazon Linux 2023 It is available at https://www.syslog-ng.com/community/b/blog/posts/the-syslog-ng-insider-2024-08-4-8-0-release-prometheus-amazon-linux syslog-ng logo| peter.czanik.hu
I love high performance computers, and some of my best friends work in high performance computing (HPC). Obviously, sometimes we also talk about logging. Recently we not just talked, but I also helped Gábor in his first steps with syslog-ng. He summarized his experiences in a blog: Logs are one of those indispensable things in IT when things go wrong. Having worked in technical support for software products in a past life, I’ve likely looked at hundreds (or more) logs over the years, helpi...| peter.czanik.hu