I love the melodies of Metallica songs. However, I strongly prefer instrumental music. That’s why I was very happy, when someone brought Apocalyptica to my attention: they played Metallica on four cellos. Over the years I discovered that metal or any other music sounds nice on cellos, as I learned about two more bands: 2cellos and Mozart Heroes. But I should not rush so far ahead. In the year 2000 someone introduced me to Metallica.

Version 1.9.15 of sudo gives more detailed information when using the -ll option. For commands, it adds the rule that allows it. Without a command parameter, it lists rules affecting a given user. It also prints which file contains the given rule, making debugging easier. You can read more about it at https://www.sudo.ws/posts/2023/11/more-info-with-ll-in-sudo-1.9.15/ Sudo logo

The November syslog-ng newsletter is now on-line: Sending logs to Splunk using syslog-ng Developing a syslog-ng configuration Systemd-journald vs. syslog-ng It is available at https://www.syslog-ng.com/community/b/blog/posts/the-syslog-ng-insider-2023-11-splunk-configuration-journald syslog-ng logo

As you might have guessed from my previous blog posts: I love music. Colleagues, family, and friends often turn to me for suggestions if they want to listen to something new and less mainstream. This blog is about music I listen to, the first part of what will hopefully become a series. I hope you also find something interesting here! Why did I pick “Pictures at an Exhibition” when I talk about “less mainstream” music in the opening paragraph?

All Things Open (ATO) is one of my favorite conferences. This week I had the privilege to be in Raleigh, NC for the third time, and give a talk at the conference for the fourth time. I participated not just ATO, but the Community Leadership Summit. Both events were fantastic. I learned a lot, and also realized that many others have the very same problems as I have. I also had a slight overdose of AI :-)

Logging is not just syslog anymore. Still, many syslog-ng users stick to using one of the syslog protocols for log transport and flat files for log storage. While most SIEMs and log analytics tools can receive syslog messages or read them using their own agents, in most cases, you can use the http() destination of syslog-ng as well to send logs to them. You gain extreme performance and an architecture that is easier to maintain.

The October syslog-ng newsletter is now on-line: Why contribute to syslog-ng upstream? Accelerating single TCP connections in syslog-ng: parallelize() Backward compatibility in syslog-ng by using the version number in syslog-ng.conf It is available at https://www.syslog-ng.com/community/b/blog/posts/the-syslog-ng-insider-2023-10-contribute-parallelize-compatibility syslog-ng logo

Network traffic is expensive in the cloud, and even a single syslog-ng instance can easily saturate the full bandwidth of a network connection. Compressing HTTP traffic was introduced in syslog-ng Version 4.4.0 and depending on your use case, you can cut down on your expenses on your networking or send more logs using the same budget or bandwidth. Development of this feature was done using a locally installed OpenResty web server, and later tested using Sumologic.

You can read about many interesting syslog-ng features in my blogs. However, it can happen that when you want to try them at home, you fail because the feature is missing. How can you solve such problems? In this blog, I discuss some of the possible solutions from installing sub-packages through using unofficial repositories, to upgrading your OS. This blog focuses on RPM packages for openSUSE / SLES, Fedora / RHEL, and FreeBSD, because these are the packages I know – I am their maintainer.

OpenObserve has an Elasticsearch compatible API for log ingestion, but syslog-ng is not mentioned in the documentation. My plan was to document how to modify the syslog-ng elasticsearch-http() destination, based on API documentation. However, as it turned out, OpenObserve has a ready to use syslog-ng configuration example in the web UI. https://www.syslog-ng.com/community/b/blog/posts/sending-logs-to-openobserve-using-syslog-ng syslog-ng logo