Fedora 44 was announced last week: syslog-ng 4.11 is part of it. While checking the Fedora Copr build service for Fedora 44, I realized that CentOS 7 and Amazon Linux 2023 packages are also there. I have a few questions about those for you! syslog-ng logo Fedora 44 The availability of the Fedora 44 release was announced last week. Vesion 4.11 of syslog-ng, the current latest release, is part of it.

Although OpenSSL 4.0 released just two weeks ago, the syslog-ng project has already received a GitHub issue complaining that we do not support it. So, before we would allocate too much effort on it: what should we expect? OpenSSL 4.0 was announced on April 14: https://openssl-library.org/post/2026-04-14-openssl-40-final-release/ However, this announcement mentions that it is NOT a long-term support (LTS) release. This raises the question that if it is not an LTS release, then can we stay on version 3.

On April’s fool’s day, I shared that syslog-ng can reach 7 million EPS. This test lab result was in part possible thanks to a few performance enhancements coming to syslog-ng version 4.12. How 7 million EPS is possible? Before diving deeper, let me repeat it: 7 million EPS is just a lab testing result, not (yet) possible in the real world. However, the technologies enabling this are already available on the development branch of syslog-ng, or have been available for ages, just not tested or promoted enough.

Version 4.11.0 of syslog-ng contains contributions from Databricks related to OAuth2 authentication. Recently, they published a blog about how this enables their customers to send logs to their data lake using syslog-ng and the OpenTelemetry protocol. The syslog-ng project received two contributions from Databricks in the last weeks of 2025. The first one turned the already existing OAuth2 support generic and extensible, so it can be used anywhere, not just with Microsoft Azure (but of course, Azure compatibility was preserved).

I have an aging, but fully functional MacBook. I bought it for syslog-ng testing, but I also use for watching movies. Homebrew no more fully supports old, Intel-based Macs. This blog helps to compile the latest syslog-ng release on these old, but otherwise functional machines. Read more at https://www.syslog-ng.com/community/b/blog/posts/compiling-syslog-ng-on-an-old-mac syslog-ng logo

I often hear, even at security conferences that “no central log collection here” or “we have something due to compliance”. Central logging is more than just compliance. It makes logs easier to use, available and secure, thus making your life easier in operations, security, development, but also in marketing, sales, and so on. What are logs and what is central log collection? Most operating systems and applications keep track of what they are doing.

The March syslog-ng newsletter is now on-line: Version 4.11.0 of syslog-ng is now available Using OpenSearch data streams in syslog-ng Changes in the syslog-ng Elasticsearch destination It is available at https://www.syslog-ng.com/community/b/blog/posts/the-syslog-ng-insider-2026-03-4-11-0-release-opensearch-elasticsearch syslog-ng logo

Committed users compile syslog-ng for themselves from source. However, most of us wait until a software is available as an easy-to-install package for our operating system of choice. In this blog post, you will see an overview on the available packages for syslog-ng 4.11.0. Read more at https://www.syslog-ng.com/community/b/blog/posts/syslog-ng-4-11-0-packaging-status syslog-ng logo

Version 4.11.0 of syslog-ng is now available. The main attraction is the brand new Kafka source, but there are many other smaller features and improvements, as well. Before you begin If you happen to use Debian, Ubuntu or the RHEL family of operating systems (RHEL, CentOS, Rocky Linux, Alma Linux, Oracle Linux, etc.) then ready-to-use packages are already available as part of the release process. For details, check the README in the syslog-ng source code repository on GitHub: https://github.

UDP log collection is a legacy feature that does not provide any security or reliability, but is still in wide use. You can improve its reliability using eBPF on Linux in recent syslog-ng versions. Support for eBPF was added to Debian packages while preparing for the 4.11.0 syslog-ng release. You can learn more about eBPF support in syslog-ng from the documentation or reading my blog at https://www.syslog-ng.com/community/b/blog/posts/syslog-ng-4-2-extra-udp-performance Right now, packaging changes only affect the syslog-ng nightly Debian / Ubuntu packages and the syslog-ng nightly container image.