In my previous OneIdentity Active Roles blog, you learned how to forward Active Roles logs to a central syslog-ng server to parse and store the logs. In this blog, I’ll show you how to: Work with parsed Active Roles logs. Store logs to various document stores. Prepare long-term storage. Send alerts for some critical events. Even if this blog about commercial software, the name-value pairs concept I describe in this blog in depth is the same in the open source syslog-ng.

One Identity Active Roles allows you to easily and securely manage Active Directory (AD), Entra ID and M365 Identity objects. While Active Roles stores its log messages into Windows Event Log, most log management and log analytics applications expect to receive log messages over the syslog protocol. This is where syslog-ng Premium Edition (PE) can help you. The syslog-ng Windows Agent can collect and forward Active Roles log messages from Windows Event Log, while the syslog-ng server can collect, process, store and forward Active Roles log messages to multiple destinations.

The December syslog-ng newsletter is now on-line: A syslog-ng container image based on Alpine Linux Call for testing: syslog-ng in openSUSE Leap 16.0 Experimental syslog-ng container image based on Alma Linux It is available at https://www.syslog-ng.com/community/b/blog/posts/the-syslog-ng-insider-2025-01-alpine-linux-leap-16-0-alma-linux syslog-ng logo

Last December, I added support for EPEL 10 in my unofficial syslog-ng Git snapshot repository. This week, I call for testing the official syslog-ng EPEL 10 package. Once I saw in my unofficial syslog-ng repo that syslog-ng compiles fine on EPEL 10, I also started to work on the official package. I hit a roadblock immediately: ivykis (a mandatory dependency of syslog-ng) was missing from EPEL 10. So, right before the Christmas holidays, I submitted two missing dependencies I maintain (ivykis and riemann-c-client) to EPEL 10.

CentOS Stream 10 and EPEL 10 just became available, and as usual, I tried to build syslog-ng as soon as possible. For now it is available in my git snapshot repository, but I am also planning to make it available in EPEL 10 soon. Read more at https://www.syslog-ng.com/community/b/blog/posts/test-syslog-ng-on-epel-10 syslog-ng logo

The December syslog-ng newsletter is now on-line: FreeBSD audit source for syslog-ng Version 4.8.1 of syslog-ng is now available Where should I present syslog-ng and sudo? It is available at https://www.syslog-ng.com/community/b/blog/posts/the-syslog-ng-insider-2024-12-freebsd-audit-4-8-1-conferences syslog-ng logo

Last week I introduced you to my latest project: a syslog-ng container based on Alma Linux. This week I added a syslog-ng Prometheus exporter to the container, so you can also monitor syslog-ng, if you enable it. syslog-ng logo

The official syslog-ng container image is based on Debian Stable. However, we’ve been getting requests for an RPM-based image for many years. So, I made an initial version available based on Alma Linux and now I need your feedback about it! This image uses the “init” variant of Alma Linux 9 containers as a base image. What does this mean? Well, it uses systemd service management inside, making it possible to run multiple services from a single container.

The November syslog-ng newsletter is now on-line: A call for syslog-ng testing Working with Quickwit Huge improvements for syslog-ng in MacPorts It is available at https://www.syslog-ng.com/community/b/blog/posts/the-syslog-ng-insider-2024-11-testing-quickwit-macports syslog-ng logo

Last week, I submitted syslog-ng to openSUSE Leap 16.0. While the distro is still in a pre-alpha stage, everything already works for me as expected. Well, except for syslog-ng, where I found a number of smaller problems. As such, this blog is a call for testing, both for syslog-ng on openSUSE Leap 16.0 and also for the distribution itself. Read the rest at https://www.syslog-ng.com/community/b/blog/posts/call-for-testing-syslog-ng-in-opensuse-leap-16-0 syslog-ng logo