Version 4.11.0 of syslog-ng is now available. The main attraction is the brand new Kafka source, but there are many other smaller features and improvements, as well. Before you begin If you happen to use Debian, Ubuntu or the RHEL family of operating systems (RHEL, CentOS, Rocky Linux, Alma Linux, Oracle Linux, etc.) then ready-to-use packages are already available as part of the release process. For details, check the README in the syslog-ng source code repository on GitHub: https://github.

Last week I introduced you to my new toy at home: an AI focused mini workstation from HP. It arrived with Windows pre-installed, but of course I also wanted to have Linux on the box. Documentation mentions that I have to disable secure boot and make a few more changes before installing Linux. I did all the suggested BIOS changes before installing Linux. The data sheet mentions Ubuntu 24.04 as the supported Linux distribution.

There is a new toy in the house. It is a miniature workstation from HP, built around AMD’s Ryzen AI Max+ PRO 395 chip. If you are interested in the specifications and other details, check the HP product page at https://www.hp.com/us-en/workstations/z2-mini-a.html. In the long run, this box will serve many purposes: learning AI, but running as much as possible locally instead of utilizing cloud services learning Kubernetes by building everything from scratch on multiple virtual machines home server: running complex test environments on a single box (128 GB of RAM should be enough in most cases :-) ) photo editing using Capture One Pro occasional gaming :-) For now, I have finished unboxing and taken the first steps with Windows.

UDP log collection is a legacy feature that does not provide any security or reliability, but is still in wide use. You can improve its reliability using eBPF on Linux in recent syslog-ng versions. Support for eBPF was added to Debian packages while preparing for the 4.11.0 syslog-ng release. You can learn more about eBPF support in syslog-ng from the documentation or reading my blog at https://www.syslog-ng.com/community/b/blog/posts/syslog-ng-4-2-extra-udp-performance Right now, packaging changes only affect the syslog-ng nightly Debian / Ubuntu packages and the syslog-ng nightly container image.

The February syslog-ng newsletter is now on-line: The syslog-ng stats-exporter() now has all functionality of syslog-ng-ctl Using the blank() filter of syslog-ng How to test the syslog-ng Kafka source by building the package yourself? It is available at https://www.syslog-ng.com/community/b/blog/posts/the-syslog-ng-insider-2026-02-stats-exporter-blank-filter-kafka-source syslog-ng logo

Reading files and monitoring directories became a lot more efficient in recent syslog-ng releases. However, it is also needed manual configuration. Version 4.11 of syslog-ng can automatically configure the optimal setting for both. Read more at https://www.syslog-ng.com/community/b/blog/posts/automatic-configuration-of-the-syslog-ng-wildcard-file-source syslog-ng logo

The syslog-ng 4.11 release is right around the corner. Thousands of automatic tests run before each new piece of source code is merged, but nothing can replace real-world hands-on tests. So help us testing Elasticsearch / OpenSearch data-streams, Kafka source, cmake fixes and much more! The development of syslog-ng is supported by thousands of automatic test cases. Nothing can enter the syslog-ng source code before all of these tests pass. In theory, I could ask my colleagues at any moment to make a release from the current state of the syslog-ng development branch once all tests pass.

While testing the latest Elasticsearch release with syslog-ng, I realized that there was already a not fully documented elasticsearch-datastream() driver. Instead of fixing the docs, I reworked the elasticsearch-http() destination to support data streams. So, what was the problem? The driver follows a different logic in multiple places than the base elasticsearch-http() destination driver. Some of the descriptions were too general, others were missing completely. You had to read the configuration file in the syslog-ng configuration library (SCL) to configure the destination properly.

Recently, one of our power users contributed OpenSearch data streams support to syslog-ng, which reminded me to also do some minimal testing on the latest OpenSearch release with syslog-ng. TL;DR: both worked just fine. Read more at https://www.syslog-ng.com/community/b/blog/posts/using-opensearch-data-streams-in-syslog-ng syslog-ng logo

The December syslog-ng newsletter is now on-line: File size-based log rotation in syslog-ng Syslog-ng release packages for RHEL & Co. Nightly syslog-ng RPM packages for RHEL & Co. It is available at https://www.syslog-ng.com/community/b/blog/posts/the-syslog-ng-insider-2025-12-logrotation-release-rpm-nightly-rpm syslog-ng logo