Version 1.9.16 of sudo will introduce a new logging option: json_compact. This does not affect logging to syslog, only logging to files. Previously, sudo created human-readable JSON log files. With this new setting enabled, logs are no longer pretty but can be easily read by logging software. As I am writing this blog, version 1.9.16 is not yet released, not even a beta. For now, if you want to test this feature, you will have to compile sudo yourself from source.

Version 1.9.16 of sudo will feature a new option for logging: json_compact. Why is this important? This new format can easily be read and parsed by a log management software, like syslog-ng. Note that in this blog I am showing you a sudo feature which has not yet been released officially. You have to compile sudo yourself. By all means, if you have any other application writing JSON-formatted log messages, you can apply most of what you read here with slight modifications.

Version 4.2 of syslog-ng introduced a healthcheck option to syslog-ng-ctl. It prints three syslog-ng-related metrics on screen – if it can reach syslog-ng, that is. You can use it from scripts to monitor the health of syslog-ng. https://www.syslog-ng.com/community/b/blog/posts/the-syslog-ng-health-check syslog-ng logo

One Identity Cloud PAM Essentials is the latest security product by One Identity. It provides asset management as well as secure and monitored remote access for One Identity Cloud users to hosts on their local network. I had a chance to test PAM Essentials while still in development. While there, I also integrated it with syslog-ng. From my previous blog, you could learn what PAM Essentials is, and how you can collect its logs using syslog-ng.

One Identity Cloud PAM Essentials is the latest security product by One Identity. It provides asset management as well as secure and monitored remote access for One Identity Cloud users to hosts on their local network. I had a chance to test PAM Essentials while still in development. While there, I also integrated it with syslog-ng. From this blog, you can learn what PAM Essentials is, and how you can collect its logs using syslog-ng.

The March syslog-ng newsletter is now on-line: Native MacOS source in syslog-ng Using OpenTelemetry between syslog-ng instances Collecting even more logs on MacOS using syslog-ng It is available at https://www.syslog-ng.com/community/b/blog/posts/the-syslog-ng-insider-2024-03-macos-opentelemetry syslog-ng logo

Version 4.6 of syslog-ng introduced windows-eventlog-xml-parser(), a dedicated parser for XML-formatted event logs from Windows. It makes the EventData portion of log messages more useful, as it combines two arrays into a list of name-value pairs. https://www.syslog-ng.com/community/b/blog/posts/dedicated-windows-xml-eventlog-parser-in-syslog-ng syslog-ng logo

Sometimes you have many log messages from an app, but none of them have the exact content you need. This is where the grouping-by() parser of syslog-ng can help. It allows you to aggregate information from multiple log messages into a single message. In this blog, I will show you how to parse sshd logs using the patterndb parser of syslog-ng, and then create an aggregate message from the opening and closing log message using grouping-by.

Most log messages fit on a single line. However, Windows and some developer tools and services, like Tomcat, write multi-line log messages. These can come in various formats. For example, new log messages start with a date in a specific format. You use the multi-line-prefix() of the syslog-ng file() source to send multi-line messages as single messages instead of line by line. I must admit that I have never seen multi-line logs in production.

The February syslog-ng newsletter is now on-line: Version 4.5.0 of syslog-ng is now available with OpenObserve JSON API support Syslog-ng PE can now send logs to Google BigQuery Syslog-ng can now do a full configuration check How build services make life easier for upstream developers It is available at https://www.syslog-ng.com/community/b/blog/posts/the-syslog-ng-insider-2024-02-openobserve-configuration-check-build-services syslog-ng logo