Below you will find pages that utilize the taxonomy term “planets”
Posts
Creaks: The first game I bought for its music
Recently, I was looking for some new hybrid / crossover music, and someone recommended me to check out Hidden Orchestra. Listening to their album, “Creaks” was an instant love. As I learned later, it’s the music of a game. I’m not a gamer, but once seeing that it’s on sale on Humble Bundle I bought it immediately.
You can listen to the whole album here:
You can also find it on Bandcamp.
Others
Syslog-ng Python Packaging
In version 4 of syslog-ng, the role of Python became even more important. Previously, all parts of syslog-ng could be extended using Python code, but no actual Python code was provided with syslog-ng. Version 4.0 added a Kubernetes module implemented in Python, while version 4.2 added support for Hypr. But how can we ensure that all Python dependencies are met?
In my latest blog I describe the current situation and ask you for feedback!
Others
The syslog-ng insider 2023-05: learning; UDP; upgrading;
The May syslog-ng newsletter is now on-line:
Learning syslog-ng, the easier way Why syslog over UDP loses messages and how to avoid that Upgrade problems from syslog-ng 3 to 4 It is available at https://www.syslog-ng.com/community/b/blog/posts/the-syslog-ng-insider-2023-05-learning-udp-upgrading
syslog-ng logo
Others
Getting syslog-ng 4
Version 4 of syslog-ng was released last December. Quite a few people use it already in production. How can you install it for a test drive? It might be already available in your Linux distribution. There are also several unofficial repositories with the latest syslog-ng.
From this blog, you can learn how to check your syslog-ng version, where to check if it is not yet installed, and a few additional resources, if you want to install the latest version from unofficial repositories.
Others
Upgrade problems from syslog-ng 3 to 4
Version 4 of syslog-ng works perfectly well in version 3 compatibility mode. However, if you want to use the syslog-ng 4 features, you need to be aware of some significant changes. If you have a simple configuration, like those in Linux distributions, then simply rewriting the version string is most likely enough. However, if you use PatternDB or JSON parsing, any Python code, or an Elasticsearch, or MongoDB destination, you have to be aware of the changes.
Others
The syslog-ng Insider 2023-04: FreeBSD; Splunk; Deduplication;
The April syslog-ng newsletter is now on-line:
Installing a syslog-ng 4 development snapshot on FreeBSD Getting data to Splunk Streaming deduplication in syslog-ng It is available at https://www.syslog-ng.com/community/b/blog/posts/the-syslog-ng-insider-2023-04-freebsd-splunk-deduplication
syslog-ng logo
Posts
Learning syslog-ng: a table of contents for my tutorial series
Last year, one of the returning questions I received was how to learn syslog-ng. My answer was that read the first few chapters of the documentation, read my blogs related to your use case, and then read a few relevant parts from the rest of the documentation. Our documentation is praised by users, but it is still a reference documentation. I was asked if a less detailed, more to the point, preferably video tutorial is available.
Others
Syslog-ng 101, part 13: Updating syslog-ng, syslog-ng 4
Version 4 of syslog-ng is now available. The good news is that it is fully backwards compatible. If the version string in your configuration is set to a 3.X version, it will work as expected even after updating to version 4. Of course you might run into corner cases, but I had no problems even with complex configurations. Today, we learn about updating syslog-ng, and some of the new features of syslog-ng 4.
Others
Syslog-ng 101, part 12: Elasticsearch (and Opensearch, Zinc, Humio, etc.)
One of the most popular destinations in syslog-ng is Elasticsearch (and OpenSearch, Zinc, Humio, etc.). The 12th part of my syslog-ng #tutorial shows you how to send log messages to Elasticsearch.
You can watch the video on YouTube:
and the complete playlist at https://www.youtube.com/playlist?list=PLoBNbOHNb0i5Pags2JY6-6wH2noLaSiTb
Or you can read the rest the tutorial as a blog at: https://www.syslog-ng.com/community/b/blog/posts/syslog-ng-101-part-12-elasticsearch-and-opensearch-zinc-humio-etc
syslog-ng logo
Posts
HPC and me
Recently I found that quite a few of my Twitter and Mastodon followers are working in high-performance computing (HPC). At first I was surprised because I’m not a HPC person, even if I love high performance computers. Then I realized that there are quite few overlaps, and one of my best friends is also deeply involved in HPC. My work, logging, is also a fundamental part of HPC environments.
Let’s start with a direct connection to HPC: one of my best friends, Gabor Samu, is working in HPC.
Others
Syslog-ng 101, part 11: Enriching log messages
This is the eleventh part of my syslog-ng tutorial. Last time, we learned about message parsing using syslog-ng. Today, we learn about enriching log messages.
You can watch the video on YouTube:
and the complete playlist at https://www.youtube.com/playlist?list=PLoBNbOHNb0i5Pags2JY6-6wH2noLaSiTb
Or you can read the rest the tutorial as a blog at: https://www.syslog-ng.com/community/b/blog/posts/syslog-ng-101-part-11-enriching-log-messages
syslog-ng logo
Posts
BBC The Green Planet: Quality vs Content
Where should I begin. I bought a 4K Blu-Ray player last Autumn. I did not plan to use it for movies: this was the cheapest way of buying a player for all of my various discs. For a couple of months I really only listened to my CD/DVD-Audio/SACD collection on it.
While listening to TIDAL, I realized that there is a new David Attenborough series out there (the soundtrack was recommended to me by TIDAL).
Others
Syslog-ng 101, part 10: Parsing
This is the tenth part of my syslog-ng tutorial. Last time, we learned about syslog-ng filters. Today, we learn about message parsing using syslog-ng.
You can watch the video on YouTube:
and the complete playlist at https://www.youtube.com/playlist?list=PLoBNbOHNb0i5Pags2JY6-6wH2noLaSiTb
Or you can read the rest the tutorial as a blog at: https://www.syslog-ng.com/community/b/blog/posts/syslog-ng-101-part-10-parsing
syslog-ng logo
Others
Syslog-ng 101, part 9: Filters
This is the ninth part of my syslog-ng tutorial. Last time, we learned about macros and templates. Today, we learn about syslog-ng filters. At the end of the session, we will see a more complex filter and a template function.
You can watch the video on YouTube:
and the complete playlist at https://www.youtube.com/playlist?list=PLoBNbOHNb0i5Pags2JY6-6wH2noLaSiTb
Or you can read the rest the tutorial as a blog at: https://www.syslog-ng.com/community/b/blog/posts/syslog-ng-101-part-9-filters
syslog-ng logo
Others
Installing a syslog-ng 4 development snapshot on FreeBSD
Unless there is a serious problem, FreeBSD ports usually contains the latest stable syslog-ng release. However, sometimes people want to compile a git snapshot to test a new feature or bugfix. To do that, one way is to generate a syslog-ng release tgz on FreeBSD and edit the syslog-ng port files yourself. However, this needs some practice. As such, an easier solution is to use my weekly development snapshots.
Learn how from my latest blog at: https://www.
Others
Syslog-ng 101, part 8: Macros and templates
This is the eighth part of my syslog-ng tutorial. Last time, we learned about network logging. Today, we learn about syslog-ng macros and templates. At the end of the session, we will know how to do a simple log rotation using macros.
You can watch the video on YouTube:
and the complete playlist at https://www.youtube.com/playlist?list=PLoBNbOHNb0i5Pags2JY6-6wH2noLaSiTb
Or you can read the rest the tutorial as a blog at: https://www.syslog-ng.com/community/b/blog/posts/syslog-ng-101-part-8-macros-and-templates
syslog-ng logo
Others
Syslog-ng 101, part 7: Networking
This is the seventh part of my syslog-ng tutorial. Last time, we learned about syslog-ng destinations and the log path. Today, we learn about syslog-ng network logging. At the end of the session, we will send test messages to a syslog-ng network source.
You can watch the video on YouTube:
Or you can read the rest the tutorial as a blog at: https://www.syslog-ng.com/community/b/blog/posts/syslog-ng-101-part-7-networking
syslog-ng logo
Others
Installing syslog-ng 4.0.1 on FreeBSD
Version 4.0.1 of syslog-ng was released a month ago. Unfortunately, the new release does not compile on FreeBSD. It was a temporary problem in the environment generating the source tgz. The next release is still almost a month away, but you can compile syslog-ng 4.0.1 yourself from my unofficial ports Makefile.
Learn how from my latest blog at https://www.syslog-ng.com/community/b/blog/posts/installing-syslog-ng-4-0-1-on-freebsd
syslog-ng logo
Others
Syslog-ng 101, part 6: Destinations and log path
This is the sixth part of my syslog-ng tutorial. Last time, we learned about syslog-ng source definitions and how to check the syslog-ng version. Today, we learn about syslog-ng destinations and the log path. At the end of the session, we will also perform a quick syntax check.
You can watch the video on YouTube:
Or you can read the rest the tutorial as a blog at: https://www.syslog-ng.com/community/b/blog/posts/syslog-ng-101-part-6-destinations-and-log-path
syslog-ng logo
Others
Syslog-ng 101, part 5: Sources
This is the fifth part of my syslog-ng tutorial. Last time we had an overview of the syslog-ng configuration and had our first steps working with syslog-ng. Today we learn about syslog-ng source definitions and how to check the syslog-ng version and its enabled features.
You can watch the video on YouTube:
Or you can read the rest the tutorial as a blog at: https://www.syslog-ng.com/community/b/blog/posts/syslog-ng-101-part-5-sources
syslog-ng logo
Others
Syslog-ng 101, part 4: Configuration and testing
This is the fourth part of my syslog-ng tutorial. I hope that since the previous part of my tutorial, you successfully installed syslog-ng. In this part we will finally work with syslog-ng, not just learn about the theoretical background. We will do basic configuration and testing.
You can watch the video on YouTube:
Or you can read the rest the tutorial as a blog at: https://www.syslog-ng.com/community/b/blog/posts/syslog-ng-101-part-4-configuration-and-testing
syslog-ng logo
Others
Syslog-ng is now available in Homebrew
Installing syslog-ng on Mac is easy, if you use Homebrew for 3rd party packages. Previously, you had to install dependencies and then compile syslog-ng from source. Now, a single command takes care of everything!
homebrew logo Read the rest of my blog at https://www.syslog-ng.com/community/b/blog/posts/syslog-ng-is-now-available-in-homebrew
syslog-ng logo
Others
Syslog-ng 101, part 3: Syslog-ng editions, and where to get them from
Welcome to the third part of my syslog-ng tutorial. Today we cover the various syslog-ng editions (open source, commercial and appliance), and where to get them from. The focus of this tutorial series is the Open Source Edition (OSE), but to avoid confusion, I also briefly introduce the other two.
You can watch the video on YouTube:
Or you can read the rest of my blog at: https://www.syslog-ng.com/community/b/blog/posts/syslog-ng-101-part-3-syslog-ng-editions-and-where-to-get-them-from
This is a boring, but important part, do not skip it!
Others
Syslog-ng 101, part 2: Basic concepts
Welcome to the second part of my syslog-ng tutorial series. In this part, we cover some of the basic concepts behind syslog-ng.
Last time we defined syslog-ng as an enhanced logging daemon with a strong focus on portability and high-performance central log collection.
Let us pull this sentence apart, as all words are here for a reason. The original syslog implementation was pretty simple: it collected log messages from applications and sorted them to various files.
Others
Syslog-ng 101, part 1: Introduction
Welcome to the first part of my syslog-ng tutorial series. In this part, I give you a quick introduction what to expect from this series and try to define what syslog-ng is.
I plan to release parts of my tutorial around every week. Of course, the Christmas holidays and the upcoming conference season may cause some delays. Each part will be released as a blog accompanied by a video. It is up to you, which version you follow.
Others
The syslog-ng Insider 2022-11: 4.0; OIDC; nightly; sudo;
The November syslog_ng newsletter is now on-line:
Testing syslog-ng 4.0
syslog-ng Store Box federated single sign-on support via OpenID Connect (OIDC)
Nightly syslog-ng container images
Type support: working with sudo logs in syslog-ng 4.0
It is available at https://www.syslog-ng.com/community/b/blog/posts/the-syslog-ng-insider-2022-11-4-0-oidc-nightly-sudo
syslog-ng logo
Posts
Sudo and syslog-ng news on Mastodon
From now on, as I want to reach as many as possible, you can also read sudo and syslog-ng news from me on Mastodon. You can find my account at:
https://fosstodon.org/@PCzanik
Mastodon is a decentralized network of servers. I chose a server called “Fosstodon” as it is focused on open source software. Some of the projects I participate in are already there: BastilleBSD and openSUSE. As usual, next to my usual syslog-ng and sudo posts, you will also sometimes hear from me about OpenPOWER and ARM with some occasional photos from my hiking trips :-)
Others
Syslog-ng on MacOS Ventura
Each new MacOS release brings some surprises when it comes to compiling syslog-ng. MacOS Ventura has been released recently, while Homebrew has also been updated. So here are some updated instructions for MacOS Ventura (and also for the last MacOS minor release before Ventura).
https://www.syslog-ng.com/community/b/blog/posts/syslog-ng-on-macos-ventura
syslog-ng logo
Posts
Photography is not just about the camera
Once upon a time I started taking photos with a Lubitel, which is an old, very basic, and completely manual camera. In 2000 I switched from film to digital and everything could be automated. This was the time when I finally realized that having a good camera is not everything. A perfect exposure with a good camera can still result in an ugly and boring photo.
Lubitel 2 When I had a fully manual film camera, I quickly learned how to do perfectly exposed photos without any tools to measure light or distance.
Posts
Lake Naplás: giving time-lapse photography another try
Once upon a time I made some time-lapse videos, but I gave up quickly. Recently I have watched yet another Attenborough nature series: The Green Planet. It was full of beautiful time-lapse recordings, and suddenly I felt the urge again to give this genre another try :-)
I visited my favorite recreational area in the Pest side of Budapest: Lake Naplás. It’s an artificial lake close to the border of Budapest, which quickly turned into an important bird nesting place and a protected nature area.
Others
Running sudo without updating cached credentials
One of the recurring questions at conferences was whether there is a way to check cached sudo credentials without updating them. Version 1.9.12 of sudo introduces the -N option which makes this possible, and also allows running any commands without updating the cached credentials.
You can learn more about the new -N option in my latest sudo blog at https://www.sudo.ws/posts/2022/10/running-sudo-without-updating-cached-credentials/
Sudo logo
Posts
Hifi Made in Hungary: NCS Audio
Last weekend, I visited a special audio event in Budapest. Two local companies demonstrated their products built into a single audio system. The music was played from TIDAL using an audio PC and DAC made by Bodor Audio and a pair of speakers by NCS Audio.
If you read one of my earlier blogs, you know that I listen to a pair of Heed Enigma 5 speakers. It was a love at first sight during my university years.
Others
syslog-ng 101: how to get started with learning syslog-ng?
How to get started with syslog-ng? There are two main resources: the syslog-ng documentation and the syslog-ng blogs. You should learn the concepts and basics from the documentation. The blogs document use cases and you can use the docs as a reference.
syslog-ng logo Read the rest of my blog at: https://www.syslog-ng.com/community/b/blog/posts/syslog-ng-101-how-to-get-started-with-learning-syslog-ng
Posts
EuroBSDcon 2022
Last weekend I was in Vienna for EuroBSDcon, an event where BSD users are gathering from Europe (and all around the world). And while you could follow the event online, to me, the greatest value of the conference was not in the talks themselves (not to lessen their value of course, as they were fantastic) but rather in meeting people during the hallway session. The line-up consisted of sudo and syslog-ng users, BSD users and developers, and even some people from history books :-)
Posts
Working Hybrid
I worked from home all my life, or at least that’s what I thought. Recently I learned that what do is actually called “hybrid” work. I do most of my work from home, however I also regularly visit the office. I can work a lot more efficiently at home, so, I work from there. Once a week I’m at the office where I do not progress that well with my tasks.
Others
Nightly syslog-ng container images
The syslog-ng team started publishing container images many years ago. For quite a while, it was a manual process, however, a few releases ago, publishing a container image became part of the release process. Recently, nightly container images have also become available, so you can test the latest features and bug fixes easily.
The syslog-ng images are still available under the Balabit namespace on the Docker hub. Balabit was bought by One Identity almost five years ago, and we stopped using the old company name years ago.
Others
The syslog-ng Insider 2022-09: 3.38; SQL; disk-buffer; nightly;
The September syslog-ng newsletter is now on-line:
3.38.1 released, 4.0 almost feature complete syslog-ng Store Box SQL source Why is my syslog-ng disk-buffer file so huge even when it is empty? Nightly syslog-ng builds for Debian and Ubuntu It is available at https://www.syslog-ng.com/community/b/blog/posts/the-syslog-ng-insider-2022-09-3-38-sql-disk-buffer-nightly
syslog-ng logo
Posts
Working From Home
The first week of the COVID lockdown, back in March 2020, a journalist friend of mine started a Hungarian Facebook group to share work from home experiences. As I have worked from home all my life (except for two weeks), I wrote a long post about my experiences and thoughts. 2.5 years later, my post still receives some occasional likes, and someone even quoted from it – without naming the source :/ You can read the English version of my original Facebook post below.
Others
Happy birthday, Linux! Here are 6 Linux origin stories
The 31st birthday of the Linux #kernel was yesterday. For this occasion some opensource.com contributors (including me) shared how we got started with Linux. Lots of nice memories :-)
The article is available at https://opensource.com/article/22/8/linux-birthday-origin-stories
flower
Others
7 sudo myths debunked
Whether attending conferences or reading blogs, I often hear several misconceptions about sudo. Most of these misconceptions focus on security, flexibility, and central management. In this article, I will debunk some of these myths.
Many misconceptions likely arise because users know only the basic functionality of sudo. The sudoers file, by default, has only two rules: The root user, and members of the administrative wheel group, can do practically anything using sudo.
Posts
The War of the Worlds
“Jeff Wayne’s Musical Version of The War of the Worlds” has been a turning point in my life in many ways. It was one of the first non-classical albums I listened to. It was the starting point in my ability to understand spoken English.
The first steps from classical My parents only listen to classical music. Even Bartók is too modern for them. In my household growing up, I was only exposed to classical music.
Others
Type support: getting started with syslog-ng 4.0
Version 4.0 of syslog-ng is right around the corner. It hasn’tyet been released; however, you can already try some of its features. The largest and most interesting change is type support. Right now, name-value pairs within syslog-ng are represented as text, even if the PatternDB or JSON parsers could see the actual type of the incoming data. This does not change, but starting with 4.0, syslog-ng will keep the type information, and use it correctly on the destination side.
Posts
Discogs
Last week I became a Discogs user. Why? I have been browsing the site for years to find information on albums. Recently I also needed a solution to create an easy to access database of my CD/DVD collection. Right now I am not interested in the marketplace function of Discogs, but that might change in the long term :-)
Information overload For many years when I searched for an album, the first few hits were from YouTube and Wikipedia.
Others
The syslog-ng insider 2022-07: RHEL 9; disk-buffer; Microsoft Linux;
The July syslog-ng newsletter is now on-line:
RHEL 9 syslog-ng news How does the syslog-ng disk-buffer work? Installing syslog-ng on Microsoft Linux It is available at https://www.syslog-ng.com/community/b/blog/posts/the-syslog-ng-insider-2022-06-rhel-9-disk-buffer-microsoft-linux
syslog-ng logo
Posts
My Favorite IT Security Event: Pass the SALT
“Pass the SALT” (PTS) is a small IT security conference in Lille, France. It has less participants than speakers at the RSA conference. I gave talks at both events. RSA is a lot more prestigious event, but I still prefer PTS. Why?
Small Is Beautiful As you could guess from my introduction, PTS is a small event. It is run by volunteers. It is also a free event thanks to sponsors.
Others
The syslog-ng disk-buffer
A three parts blog series: The syslog-ng disk buffer is one of the most often used syslog-ng options to ensure message delivery. However, it is not always necessary and using the safest variant has serious performance impacts. If you utilize disk-buffer in your syslog-ng configuration, it is worth to make sure that you use a recent syslog-ng version.
From this blog, you can learn when to use the disk-buffer option, the main differences between reliable and non-reliable disk-buffer, and why is it worth to use the latest syslog-ng version.
Others
Installing syslog-ng on Microsoft Linux
Yes, Microsoft has its own Linux distribution, called CBL-Mariner. It is an internal Linux distribution by Microsoft used for cloud infrastructure and edge products and services. And even if it is not installed in the OS by default, CBL-Mariner also includes syslog-ng.
Read the rest of my blog at https://www.syslog-ng.com/community/b/blog/posts/installing-syslog-ng-on-microsoft-linux to learn how to install syslog-ng on it and what features are available.
syslog-ng logo
Posts
The lie of 'Just a Little More'
Most people I talked to about buying expensive products are aware of “the law of diminishing returns”. When you buy a product, the more you pay for it the less extra quality you get for the extra spending. However, not many people recognize that the same can be said of most human activities. It is a lie that “just a little more effort” will lift you from above average to the top, as the law of diminishing returns hits even harder.
Others
RHEL 9 syslog-ng news
Red Hat Enterprise Linux 9 became generally available recently. Version 3.35 of syslog-ng has been part of EPEL 9 (the semi-official extra software repo for RHEL maintained by Fedora packagers) for a while and now I enabled a few more destination drivers. I also enabled RHEL 9 support in my unofficial Git snapshot packages, so I can support RHEL 9 together with other RHEL and Fedora versions on the next syslog-ng release.
Others
Looking inside sudo shell sessions: auditd, session recordings, log_subcmds
There are situations where you cannot avoid giving a user full shell access through sudo. A shell with administrative privileges gives complete control over your hosts. Until recently, sudo could only log the start of the shell, not the commands executed within it. You could record sessions with sudo, but watching recordings is boring, time consuming and can still be subverted. Version 1.9.8 introduced logging of sub-commands, but that is not yet available on many systems.
Posts
Raptor CS: Fully Owner Controlled Computing using OpenPOWER
This week I am talking to Timothy Pearson of Raptor Engineering. He is behind the Talos II and Blackbird boards for IBM POWER9 CPUs. His major claim is creating the first fully owner controlled general purpose computer in a long while. My view of the Talos II and Blackbird systems is that these boards helped to revitalize the open source ecosystem around POWER more than any other efforts (See also: https://peter.
Posts
Friday the 13th: a lucky day :-)
I’m not superstitious, so I never really cared about black cats, Friday the 13th, and other signs of (imagined) trouble. Last Friday (which was the 13th) I had an article printed in a leading computer magazine in Hungary, and I gave my first IRL talk at a conference in well over two years. Best of all, I also met many people, some for the first time in real life.
Free Software Conference: sudo talk Last Friday, I gave a talk at the Free Software Conference in Szeged.
Others
Analyzing Apache HTTPD logs in syslog-ng
Recently, I started my own blog, and as Google Analytics seems to miss a good part of visitors, I wanted to analyze my web server logs myself. I use syslog-ng to read Apache logs, process them, and store them to Elasticsearch. Along the way, I resolve the IP address using a Python parser, analyze the Agent field of the logs, and also use GeoIP to locate the user on the map.
Others
Sudo for blue teams: how to control and log better
Sudo had many features to help blue teams in their daily job even before 1.9 was released. Session recordings, plugins and others made sure that most administrative access could be controlled and problems easily detected. Version 1.9 introduced Python support, new APIs, centralized session recordings, however some blind spots still remained. Learn how some of the latest sudo features can help you to better control and log administrative access to your hosts.
Others
Hardware for a syslog-ng server
What hardware to use for a syslog-ng server? It is a frequent question with no definite answer. It depends on many factors: the number and type of sources, the number of logs, the way logs are processed, and so on. My experience is that for the majority users even a Raspberry Pi would be enough. But of course, not for everyone.
You can read the rest of my blog at https://www.
Posts
21unity: serving open source software in a cloud based on OpenPOWER
The first time I heard about 21unity was when I read the announcement: 21unity Joins OpenPOWER Foundation. I immediately became interested in the company, as it combines two things I am interested in: POWER and open source. Among others 21unity has its own cloud based on the POWER platform and provides Nextcloud as a service. I tried to refresh my German knowledge and read their website, but the more I read the more interesting it got and the more questions I had.
Posts
Windows made easy: Windows Subystem for Linux
How can you make Windows easy? Install the Windows Subsystem for Linux, or WSL in short. Well, probably this is not true for everyone. However, as a Linux user, I definitely love WSL. When not using a browser or text editor, I spend my time on the command line. With WSL, you can have the familiar Linux command line environment from openSUSE also under Windows.
Why Windows? Die hard Linux users might ask: why do I use Windows?
Posts
Phishing and spear phishing: report everything!
After 30 years of using the Internet and trying many communication formats, e-mail is still my favorite. However, e-mail has many problems. Spam is just annoying, but phishing and especially, spear phishing attacks can also be dangerous. A recent security training, and a Twitter thread I started about it, changed my mind completely about how I treat these harmful e-mails.
phishing (fishing :-) ) The old way While most spam and some phishing can easily be filtered, spear phishing messages are unique by their nature.
Others
Syslog-ng in GSoC 2022
This year the syslog-ng project will participate in the Google Summer of Code (GSoC) as a mentor organization again. If you are a university student or otherwise eligible to participate in the GSoC program, you can choose to develop a new feature for syslog-ng.
Read my blog to learn why to choose syslog-ng and how to get started: https://www.syslog-ng.com/community/b/blog/posts/syslog-ng-in-gsoc-2022
syslog-ng logo
Others
Using the regexp-parser of syslog-ng
For many years, you could use the match() filter of syslog-ng to parse log messages with regular expressions. However, the primary function of match() is filtering. Recent syslog-ng versions now have a dedicated regular expression parser, the regexp-parser(). So, you should use match() only if your primary use case is filtering. Otherwise, use the regexp-parser for parsing, as it is a lot more flexible.
You can read the rest of my blog at https://www.
Posts
The cult of Amiga and SGI, or why workstations matter
I’m considered to be a server guy. I had access to some really awesome server machines. Still, when computers come up in discussions, we are almost exclusively talk about workstations. Even if servers are an important part of my life, that’s “just” work. I loved the SGI workstations I had access to during my university years. Many of my friends still occasionally boot their 30 years old Amiga boxes.
The cult of Amiga One would say that the Amiga was popular in the eighties and early nineties.
Others
New syslog-ng parser: flip-parser()
The latest pull request to syslog-ng adds a really useful feature: the flip-parser(): https://github.com/syslog-ng/syslog-ng/pull/3971
It allows you to flip the message text, reverse it, or both. As I also reported a couple of minor problems related to UTF-8 character handling, this PR most likely will not be merged today. However, you can compile it yourself, or if you use openSUSE Tumbleweed, use my packages from the openSUSE Build Service.
You can read the rest of my blog at https://www.
Posts
Using the openSUSE Build Service to build software for POWER
My favorite and most used service for developers is the openSUSE Build Service (OBS). This is where I build syslog-ng packages first, before anywhere else. OBS is open source, highly flexible software to build software packages, and the instance at https://build.opensuse.org/ is free to use for anyone to build open source software. Best of all, it supports multiple architectures, including POWER.
Open Build Service Actually the OBS acronym stands for two things.
Others
Sudo 1.9.10: hiding passwords in session recordings
Session recording has been available in sudo for many years, however not many people are aware of it. Even less well-known is that you can save not just the terminal output, but also what the user types. That way you can analyze what the user is doing within a shell session. Recordings may also include user passwords, which is not always desirable. Version 1.9.10 of sudo allows you to hide passwords in session recordings if it recognizes a password entry.
Others
The difference between throttle() and rate-limit() in syslog-ng
There are multiple ways in syslog-ng to limit message rate. The throttle() option of syslog-ng destinations tries to make sure that all messages are delivered without exceeding a specified message rate. The rate-limit() filter introduced in syslog-ng 3.36 drops surplus log messages, making sure that a processing pipeline or destination is not overloaded with log messages.
Read the rest of my blog at https://www.syslog-ng.com/community/b/blog/posts/the-difference-between-throttle-and-rate-limit-in-syslog-ng
syslog-ng logo
Posts
Dealing With Anxiety
Quite a few people asked me recently how I deal with anxiety. I seem to be less anxious than people around me. First of all: I also have anxiety, just like anybody else. The recent company acquisition & reorganization, the COVID-19 pandemic, the upcoming general elections, or the Russian attack all make sure that once a problem is over, there is a new problem already to worry about. However, sport, music and spending less time reading the news all help to keep my anxiety at bay.
Others
The system() source of syslog-ng now also works on MacOS
Most of syslog-ng works perfectly well on MacOS; however, there is no native driver to collect local log messages. Due to this, in the past, the system() source did not work on MacOS, thus the default syslog-ng configuration failed to start. Version 3.36 of syslog-ng includes a workaround: it follows /var/log/system.log.
You can read the rest of my blog at https://www.syslog-ng.com/community/b/blog/posts/the-system-source-of-syslog-ng-now-also-works-on-macos
syslog-ng logo
Others
The syslog-ng insider 2022-03: syslog-ng 4; MQTT source; Zinc; Elastic Cloud; 3.36;
The March syslog-ng newsletter is now on-line:
syslog-ng future: the path to syslog-ng 4 MQTT source Another use for the syslog-ng elasticsearch-http destination: Zinc Sending logs to Elastic Cloud using syslog-ng syslog-ng 3.36 is now available It is available at https://www.syslog-ng.com/community/b/blog/posts/the-syslog-ng-insider-2022-03-syslog-ng-4-mqtt-source-zinc-elastic-cloud-3-36
syslog-ng logo
Posts
I'm an IBM Power Champion for 2022
I’m happy to announce that I became an IBM Power Champion for the year 2022. This blog is long overdue, however with the conflict raging in our neighbor country, Ukraine, I just did not feel the strength to write about anything. In this blog I try to introduce myself and share my plans for this year. But before doing so, let me share my new badge with you:
IBM Champion 2022 badge My background My title at work is “Open Source Evangelist” and Power does not appear anywhere in my job description.
Others
syslog-ng 4 theme: typing
As explained in my previous post, we do have some features already in mind for syslog-ng 4, even though the work on creating a long term set of objectives for the syslog-ng project is not finished yet. One of the themes that I have working code for already, is typing.
syslog-ng traditionally assumes that log data, even if it comes in a structured form (like RFC5424 structured data or JSON) is primarily textual in nature.
Others
Sudo 1.9.10: using regular expressions in the sudoers file
It has been possible to use wildcards in the sudoers file for many years. This can make configuration easier and more flexible, but it also introduces problems of its own. Regular expressions, introduced in in sudo 1.9.10, allow you to create more fine grained rules. From this blog you will learn about some of the problems when you use wildcards in your sudoers file, and how using regular expressions can resolve those problems.
Others
Syslog-ng 3.36 news: better TLS 1.3, basic MacOS support, and many more
Version 3.36 of syslog-ng brings us many interesting new features. There is now basic support for system() source on MacOS, TLS 1.3 ciphers can now be restricted, TLS keylog support was added, symlink creation to the latest file, and there are many new possibilities in syslog parsing.
From this blog, you can learn about some of the new 3.36 features, and we will test symlink creation, which is a community-contributed feature.
Others
A minimalist syslog-ng package is heading to EPEL 9
Last week, the ivykis library, the most important core dependency of syslog-ng landed in EPEL 9 successfully. There are still plenty of dependencies missing, but this way, I could submit a slightly cut down version of syslog-ng to EPEL 9. Hopefully the rest of the dependencies will arrive in EPEL 9 as well. I plan to update the syslog-ng package as soon as the dependencies arrive. Luckily, these are only needed to enable some less frequently used syslog-ng destination drivers, no core functionality is affected.
Others
Contacting the syslog-ng team: reporting problems, asking questions
Recently I got some complaints that it is difficult to figure out how to contact the syslog-ng team to get help or report problems. Most of this information is available both on the syslog-ng website and at the syslog-ng repository on GitHub, but collecting here all information might be still useful for some people.
Read the rest of my blog at https://www.syslog-ng.com/community/b/blog/posts/contacting-the-syslog-ng-team-reporting-problems-asking-questions
syslog-ng logo
Others
Elasticsearch 8 and syslog-ng
General availability of Elasticsearch 8 was announced last week. There were quite a few rumors that it will break compatibility with third party tools. I tested it as soon as I had a little time: I am happy to share that anything I tested with the elasticsearch-http() destination of syslog-ng still seems to work perfectly well with the latest version of Elasticsearch.
You can read the rest of my blog at https://www.
Posts
12 years of syslog-ng (and sudo)
Those who follow me on LinkedIn might have seen an automatic post about my work anniversary. Well, almost nothing of that post is true, but I still consider it to be my real starting date. However, the official date is also impressive: 11.5 years, almost three times the industry average spent at the same workplace.
So, why do I say that the LinkedIn post is not true? Well, because all its major facts are wrong.
Others
The syslog-ng Insider 2022-02: Reboot; Sequence; Monterey; CentOS 9;
The February syslog-ng newsletter is now on-line:
syslog-ng relaunch Sequence – making PatternDB creation for syslog-ng easier Syslog-ng on MacOS Monterey Installing syslog-ng on CentOS Stream 9 It is available at https://www.syslog-ng.com/community/b/blog/posts/the-syslog-ng-insider-2022-01-reboot-sequence-monterey-centos-9
syslog-ng logo
Posts
FOSDEM 2022: my experiences, sudo talk answers
I spent my last weekend in Brussels at FOSDEM. Well, not really: while I had a couple of Belgian beers, the conference itself was a virtual event and I was at home in Budapest. It’s the second year that FOSDEM is virtual, and yet again I can state that it’s the best virtual event of the year. I had two talks this year. After my second talk, I got some questions during the Q & A session which I could not answer, so I will try to answer them.
Others
syslog-ng-future.blog? Is this a fork or what?
Seemingly a boring topic, Balázs Scheidler finds open source licensing fascinating. It allows him to work on syslog-ng even though Balabit was acquired. He writes:
“I mentioned in the previous post that I would like to focus on syslog-ng and put it more into the spotlight. I also mentioned that Balabit, the company I was a founder of and the commercial sponsor behind syslog-ng, was acquired by One Identity ~4 years ago.
Others
cvtsudoers: merging multiple sudoers files into one
We learned in my previous sudo blog that cvtsudoers is not just for LDAP. Version 1.9.9 of sudo extends the querying possibilities of cvtsudoers further and adds a brand new feature: merging multiple sudoers files into one. Both are especially useful when you have complex configurations. Querying lets you to better understand what the various rules allow in your sudoers file. Merging helps you to combine multiple configurations into one, so you do not have to maintain a separate sudoers file on each of your hosts.
Others
Working with JSON logs from sudo in syslog-ng
This weekend I am going to give a talk about sudo in the security track of FOSDEM. I will talk a few words about logging at each major point I mention, but I cannot go into too much detail there. So, consider this blog both as a teaser and an extension to my FOSDEM talk. You will learn how to work with JSON formatted logs in syslog-ng and also about new sudo features along the way.
Others
syslog-ng relaunch
Balázs Scheidler, founder of the syslog-ng project, started a new blog where he details why and how he started to work on syslog-ng even more actively. He also asks for your feedback!
“syslog-ng has been around for decades: I started coding the first version of syslog-ng in September 1998, circa 24 years ago. The adoption of syslog-ng skyrocketed soon after that: people installed it in place of the traditional syslogd across the globe.
Others
Sending logs to Elastic Cloud using syslog-ng
The Elastic Cloud is a service by Elastic providing Elasticsearch and related services in an easy-to-use package. Last year someone reported an issue that it does not work properly with syslog-ng. I did not have time to investigate at that time. Now I started a free trial and soon my log messages from syslog-ng started to appear in Kibana in Elastic Cloud.
From this blog you can learn how to configure syslog-ng for the Elastic Cloud.
Posts
Keeping POWER relevant in the open source world
I’m not a POWER (or recently: Power) expert, only an enthusiastic user and advocate. Still, in the past couple of weeks a number of people from around the world asked my opinion how the POWER architecture could be kept relevant. This blog is really just an opinion, as I do not have the financial means to go ahead. It is full of compromises some people are not willing to make. However, I think this is the safest and fastest way forward.
Others
Another use for the syslog-ng elasticsearch-http destination: Zinc
There is a new drop-in replacement for Elasticsearch, at least if you don’t mind the limitations and the alpha status. However, it definitely lives up to the promise that it provides an Elasticsearch-compatible API for data ingestion. I tested it with the elasticsearch-http() destination of syslog-ng, and it worked perfectly after I modified the URL in the configuration example I found.
So, what is Zinc? It is a search engine written in Go that provides an Elasticsearch-compatible API for data ingestion.
Others
Installing the latest syslog-ng on Ubuntu and other DEB distributions
The syslog-ng application is part of all major Linux distributions, and you can usually install syslog-ng from the official repositories. If you use just the core functionality of syslog-ng, use the package in your distribution repository (apt-get install syslog-ng), and you can stop reading here. However, if you want to use the features of newer syslog-ng versions (for example, send log messages to MQTT or Apache Kafka), you have to either compile the syslog-ng from source, or install it from unofficial repositories.
Posts
My polyamorous relationship with operating systems: FreeBSD, openSUSE, Fedora & Co.
Recently, I have posted blogs and articles about three operating systems (or rather OS families) I use, and now people ask which one is my “true” love. It’s not easy, but I guess, the best way to describe it is that both FreeBSD and openSUSE are true ones, and Fedora & Co. is a workplace affair :-) This is why I’m writing that it is a polyamorous relationship. Let me explain!
Posts
CES 2022: my favorite announcement comes from AMD, and why it's interesting for syslog-ng
For the past few days, the IT news has been abuzz with announcements from CES. As usual, I’m following them on Engadget. I must admit, that there were just a very few announcements which really caught my attention. And my favorite announcement is the most boring of them all :-)
Foldable tablet by ASUS: I still use my Google Pixel C tablet almost every day. It’s almost six years old and waiting for replacement.
Posts
27 Years with the Perfect OS
If you are a longtime FreeBSD user, you probably know everything I have to say, and, what’s more, you can probably add a few more points. But hopefully, there will be some Linux or even Windows users among readers who might learn something new!
FreeBSD is not just a kernel but a complete operating system. It has everything to boot and use the system: networking utilities, text editors, development tools and more.
Others
Creating an endless loop using MQTT and syslog-ng
Version 3.35.1 of syslog-ng introduced an MQTT source. Just for some fun in the last syslog-ng blog post of the year, I created an endless loop using syslog-ng and the Mosquitto MQTT broker. Of course, it does not have much practical value other than possibly a bit of stress testing, but hopefully provides a fun introduction to MQTT-related technologies in syslog-ng.
Read my blog at https://www.syslog-ng.com/community/b/blog/posts/creating-an-endless-loop-using-mqtt-and-syslog-ng
syslog-ng logo
Posts
FreeBSD jails made simple using BastilleBSD
I wish I had BastilleBSD twenty years ago. I had a part-time sysadmin job - running web servers. PHP started to become popular by the turn of the century. Using jails on FreeBSD seemed to be a safe environment to run PHP-enabled web servers. However, there were no tools yet to work with jails. I had to write many scripts to build and update jails.
A bit of history At first, I had a single server.
Others
The syslog-ng insider 2021-12: Humio; Log Management; Panther;
The December syslog-ng newsletter is now on-line:
Sending logs to Panther using syslog-ng Reducing the complexity of log management Sending logs to Humio using the elasticsearch-http() destination of syslog-ng It is available at https://www.syslog-ng.com/community/b/blog/posts/the-syslog-ng-insider-2021-12-humio-log-management-panther
syslog-ng logo
Posts
Fedora, CentOS and me
Let me share my Fedora story with you. Hopefully, it helps you to understand, why I am also promoting AlmaLinux and Rocky Linux, even if I am an active Fedora and CentOS community member and contributor.
Before the beginnings Someone suggested me to try Red Hat Linux in 1995 and replace Slackware Linux with it on my university server. I installed it, but I did not become a fan. And when I found the print out of the password file of my server on the wall of the Russian students’ computer lab (see: https://peter.
Others
Installing syslog-ng on CentOS Stream 9
CentOS Stream 9 has been around for a while, but it was officially announced just a few days ago. I already tested some earlier snapshots and they had some rough edges. The current version installed without random crashes, has networking and runs smoothly. EPEL – the semi-official repository by Fedora maintainers – is already there, but practically empty, syslog-ng or it’s dependencies are not yet there. As someone asked about syslog-ng support, I had a first try at building it.
Others
Reducing the complexity of log management
It is easy to over-complicate log management. Almost all departments in a company need to log messages for their daily activities. However, installing several different log management and analysis systems in parallel is a nightmare both from a security and an operations perspective and wastes many resources. You cannot always reduce the number of log analysis systems, but you can reduce the complexity of log management. Let me show you, how.
Posts
Watching movies belonging to soundtracks
When I like a song and learn that it is actually a soundtrack of a movie, I usually look it up on IMDB. Often it belongs to a romantic movie, a super hero movie from Marvel or a TV show. In these cases I do not look any further. But sometimes I get curious while reading the plot or watching the trailer. I’ve found many good movies based on the soundtrack.
Others
Syslog-ng on MacOS Monterey
Each new MacOS release brings some surprises when it comes to compiling syslog-ng. Just a couple of months ago, I provided you with a couple of pointers on how to compile syslog-ng on MacOS. Since then, MacOS Monterey was released and Homebrew was updated. So, here are some updated instructions for MacOS Monterey.
You can read my blog at https://www.syslog-ng.com/community/b/blog/posts/syslog-ng-on-macos-monterey
syslog-ng logo
Others
Python support arrives in Safeguard for Sudo
Version 1.9 of sudo was released almost two years ago. One of the major new features was support for Python plugins. Previously, you could only extend sudo by coding in C to better suit your environment, which is not the easiest task to manage. Python makes both coding and distributing the results easier. Starting with Safeguard for Sudo 7.2, Python support is also available in a commercial sudo management solution.
Others
The syslog-ng Insider 2021-11: 3.35; SSB; MacOS; mqtt() destination updates;
Better late than never I just put online the November syslog-ng newsletter. Topics include:
syslog-ng version 3.35.1 is now available Sending logs from syslog-ng store box to Splunk MacOS support Syslog-ng 3.34: MQTT destination with TLS and WebSocket support It is available at https://www.syslog-ng.com/community/b/blog/posts/the-syslog-ng-insider-2021-11-3-35-ssb-macos-mqtt-destination-updates
Posts
Mobile Photography
I love photography. I started taking photos four decades ago using a camera called Lubitel, a cheap Russian knock off of Rolleiflex. I switched from film to digital photography back in 2000, which was quite a bit earlier than most. I always treated mobile photography with strong skepticism (small sensor, too much processing, etc.) and have a dedicated camera with me everywhere.
Well, the problem is with the words “always” and “everywhere”.
Others
Sending logs from syslog-ng store box to Splunk
One of the most popular applications to feed Splunk with syslog messages is syslog-ng. However not everyone is happy to work on the command line anymore. This is where syslog-ng store box (SSB), an appliance built around syslog-ng, can help. The SSB GUI provides you not only with an easyto-use interface to configure most syslog-ng features, but also a search interface and complete log life cycle management. It can forward log messages to several destinations, recently also to Splunk’s HTTP Event Collector (HEC).
Posts
High-Resolution Audio: is it worth the hype?
Can you hear the difference between a CD and an MP3 file? Most people cannot. But even if only one in ten can hear something, that means hundreds of millions of people. However, even if you can hear the difference, there is a good chance that the recording you love is not available in better than CD quality. Still, this problem is not as big as you first think. Let me show you why!
Posts
Celebrating 30 years of Linux - is 2021 finally the year of the Linux desktop?
Celebrating 30 years of Linux - is 2021 finally the year of the Linux desktop? My favorite Linux insider joke is that “The year of the Linux desktop is always next year”. Each year there is a new technology which is expected to achieve breakthroughs. I was asked almost a decade ago to give a talk about this topic. I proved to my audience that the year of the Linux desktop is already here, just not the way most Linux users expect it.
Others
Sequence – making PatternDB creation for syslog-ng easier
Sequence – making PatternDB creation for syslog-ng easier We are well into the 21st century, but most of the log messages still arrive in an unstructured format. For well over a decade, syslog-ng had a solution to turn unstructured messages into name-value pairs, called PatternDB. However, creating a pattern database for PatternDB from scratch is a source of major pain. Or rather, it was: sequence-rtg – a fork of the sequence log analyzer – provides a new hope!
Posts
One weekend, two updates: Windows 11 and MacOS Monterey
Most people know me as a Linux and/or FreeBSD guy, and they are right. I use openSUSE and FreeBSD most of my time. However, I am not a fanatic who tries to solve everything using a single OS and I am curious as well. Most other operating systems I use are running in virtual machines, but I also have two computers: a Windows desktop and an old MacBook Pro. Both received a major software upgrade during the weekend.
Posts
Openpower Summit 2021
Last week I participated the OpenPower Summit. I enjoyed it, even if I was on sick leave with a fever. There were many interesting talks, ranging from open source and education through Power10 to instruction development. All sessions were recorded. Hopefully recordings will also be shared, as I did not have the strength to visit all the sessions I wanted. And, as usual, some of the interesting talks were given in parallel.
Posts
Speakers from my life
As you might have already noticed from my blogs, I am a music maniac. One of the factors influencing your music listening experience is what speakers you use. I was lucky right from the beginning, my parents are music maniacs as well. In this blog I introduce you to the speakers I listened while living at my parents, and three pairs of speakers I bought myself.
I must admit that I never did a really thorough research about speakers and acoustics.
Posts
Virtual Conferences: a love-hate relationship
I love conferences. Now, that most conferences are either virtual or hybrid (both virtual and on-premises), people often say that it must be heaven for me. I can visit many more conferences and give many more talks. Well, it is not just this simple. Virtual conferences are a love-hate relationship for me. Of course, there are some advantages, but also disadvantages.
Giving virtual talks Yes, I could give more talks. Even overlapping conferences are not a problem any more: I can give a talk at a European conference in the morning, and give another talk at a US conference in the evening.
Others
Sending logs to Humio using the elasticsearch-http() destination of syslog-ng
One of the most popular syslog-ng destinations is Elasticsearch. Humio, a log management provider, supports a broad range of ingest options and interfaces, including an Elasticsearch-compatible API. Last week, Humio announced Humio Community Edition, which provides the full Humio experience for free, with some limitations on daily ingestion and retention time. I tested the Community Edition, and it works perfectly well with syslog-ng.
If you come from the Humio side, you might wonder what syslog-ng is.
Posts
Google Analytics: the gold standard?
Ever since I started this personal blog site, I was curious if people actually read what I write. Luckily, based on the responses I received on Twitter, LinkedIn and in private, there is no problem with that. Next I wanted to see numbers. I was told, that Google Analytics is the gold standard of measurement. Well…
Google Analytics Lets start it with the basic problem: even my own visits are not counted.
Others
Sending logs to Panther using syslog-ng
Panther is an open-source log management system, which is also available as a service for a time-limited trial. It is still in beta phase, but it looks promising. You can see the “beta” sign on its opening page: https://app.panther.support/ I tested the time-limited cloud service version, but you can also install it locally, either from Dockerhub, or you can build the containers locally from the source.
Even if it is still in beta phase, Panther comes with detailed documentation.
Others
Sudo 1.9.8: intercepting commands
A month ago, when sudo 1.9.8 was still under development, we checked out the new log_subcmds option. It allows you log all commands (with some limitations) that are executed by a command started through sudo. For example, you can see if a shell was started through a text editor. The intercept option brings this one step further: you can prevent sub-commands from even running.
Read the rest of my blog at https://blog.
Posts
Qwant -- a European search engine
Qwant is a European search engine that respects your privacy. I learned about it from a Twitter thread. The European Processor Initiative announced last week that their first RiscV test chip samples were delivered and booted successfully. I tweeted that I would be happy to see not just European CPUs but also European software services, alternatives to Google, Facebook, LinkedIn and others. Someone responded that a search engine is already available: https://www.
Others
Syslog-ng 3.34: MQTT destination with TLS and WebSocket support
Version 3.33 of syslog-ng arrived with basic MQTT support. Version 3.34 has added many important features to it: user authentication, TLS support and WebSocket support. These features give you both security and flexibility while sending log messages to an MQTT broker.
This blog helps you to make your first steps securing your MQTT connection: https://www.syslog-ng.com/community/b/blog/posts/syslog-ng-3-34-mqtt-destination-with-tls-and-websocket-support
Posts
Why people think that I am an IBM Power Champion?
Whenever I talked to people about POWER, someone asked if I am an IBM Power Champion. My response was that I do not even know what it is, and I am not affiliated with IBM in any way. Recently I came across a blog by Torbjörn Appehl which describes what is an IBM Power Champion and lists the European champions: https://builtonpower.com/2021/09/the-2021-ibm-power-champions-in-europe/.
Finally I know what an IBM Power Champion is, and I feel honored to be mistaken to be one of them :-) Normally I do not care much about titles: I have seen too many empty people with well sounding titles, and fantastic people without any titles.
Posts
The ARM developers workstation: Why the SoftIron OverDrive 1000 is still relevant
The promise of “boring” ARM hardware has been with us for almost a decade. And a couple of years ago it really arrived: easy to use, standards compliant ARM hardware is now available on the market. However, not for everyone. When it comes to buying ARM hardware you still need to decide if it is “boring” or it is affordable. There was one notable exception, the SoftIron OverDrive 1000. It had its limitations, but it was standards compliant right from day one, affordable, and easily available not just for large companies.
Others
The syslog-ng Insider 2021-09: 3.34; OpenBSD; OpenSearch; http() destination;
Dear syslog-ng users,
This is the 94th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news. Topics include:
Version 3.34.1 of syslog-ng available Syslog-ng updated in OpenBSD ports OpenSearch and syslog-ng Creating a new http()-based syslog-ng destination: Seq It is available at: https://www.syslog-ng.com/community/b/blog/posts/the-syslog-ng-insider-2021-09-3-34-openbsd-opensearch-http-destination
Posts
What I learned from Russian students: logging is important
When I published my blog about openSUSE a couple of weeks ago, most questions I received in private were about the Russian students I mentioned. In that blog I quickly described how my interest in information security started, about 25 years ago. This blog gives you a bit of historical background and a few more details.
Historical background It was 1995. I was studying at a university, but I was already running one of the servers of the faculty.
Posts
opensource.com: What was your first programming language?
A couple of weeks ago editors of https://opensource.com/ sent a question to contributors: What was your first programming language? Thinking about the question brought back some nice memories about the beginnings. You can read my answer below:
What was your first programming language?
My first ever programming language was BASIC in the early eighties. One of my relatives bought a C64 for their kids to get started with learning computers. They only used it for gaming, and I was also invited.
Others
The syslog-ng insider 2021-07: Alerting; CentOS alternatives; MongoDB;
Better late than never I just put online the July syslog-ng newsletter. Topics include:
Sending alerts to Discord and others from syslog-ng using Apprise: blocks and Python templates Rocky Linux, AlmaLinux, CentOS & syslog-ng MongoDB support improved in syslog-ng 3.32 It is available at https://www.syslog-ng.com/community/b/blog/posts/insider-2021-07-alerting-centos-alternatives-mongodb
Others
GSoC report: syslog-ng MacOS support
For the past couple of months, Yash Mathne has been working on testing syslog-ng on MacOS as a GSoC (Google Summer of Code) student. He worked both on x86 and on the freshly released ARM hardware. And we have some good news here to share: while there is still room for improvement, most of syslog-ng works perfectly well on MacOS.
Read my blog for some historical background and the GSoC report: https://www.
Others
What is coming in sudo 1.9.8?
Sudo development is at version 1.9.8 beta 3. There are two major new features: sudo can intercept sub-commands and log sub-commands. In this quick teaser I introduce you to log_subcmds. I hope it is interesting enough for you to test it out and provide feedback.
So, what is log_subcmds good for? There are many UNIX tools that can spawn external applications. You only see vi in the logs, but can you be sure without session recording that your admin only edits what he is supposed to?
Others
Collecting process accounting logs on Linux with syslog-ng
Collecting process accounting logs on Linux with syslog-ng Process accounting logs are collected into binary log files on Linux. You can turn them into human readable format locally, using various tools. You can also use syslog-ng to read those files.
Lean how syslog-ng can parse those binary logs, create name-value pairs from them and store the results from my latest blog: https://www.syslog-ng.com/community/b/blog/posts/collecting-process-accounting-logs-on-linux-with-syslog-ng
Posts
Bee pastures -- or how my Facebook post got deleted
Most people only know that I work in IT. Some even call me a hacker – which I really appreciate :-) However, by university degree I am an environmental engineer (and English - Hungarian translator). Even if I never worked in my field, except for some student jobs, I still follow any news related to the environment closely. This is why I was very happy to learn, that my home city, Budapest, introduced bee pastures in the city.
Others
Securing the sudo to sudo_logsrvd connection
Securing the sudo to sudo_logsrvd connection Using sudo_logsrvd to centrally collect sudo session recordings from your network is a huge step forward in security: users cannot delete or modify session recordings locally. However, by default, transmission of recordings is not encrypted, making it open to modifications and eavesdropping. Encrypting the connection between sudo and sudo_logsrvd can eliminate these problems. Larger environments usually either have in-house PKI tooling in place, or colleagues who know all openssl options off the top of their heads.
Posts
The lazy audiophile
I love listening to music. And while I am lazy (which is the popular term for considering if something is worth the effort before doing it), I still prefer listening to it in a realistic sound quality. Which sounds like a contradiction, isn’t it? Well, yes, but only if you are not ready for compromises. In this blog, I focus on technologies and software problems, and the compromises I made to keep listening to music simple but still enjoy it.
Posts
S.u.S.E., Opensuse and me
Recently connect.opensuse.org, the openSUSE member directory and social site was shut down. You can read more about the reasons on openSUSE News. I also had my profile on the site, listing many of the things I worked on during the past two and a half decades. Reading it was quite a trip down the memory lane. It also reminded me, how the name changed over the years. Did you know that SUSE was originally an acronym for Software- und System-Entwicklung?
Others
Elasticsearch 7.14 and Opensearch 1.0 Are Available and Work Fine With Syslog-ng
One of the most popular destinations in syslog-ng is Elasticsearch. Due to the license change of the Elastic stack, some people changed quickly to Grafana/Loki and other technologies. However, most syslog-ng users decided to wait and see. Version 1.0.0 of OpenSearch, a fork of the Elastic code base from before the license change is now available. Elastic also published a new release last week.
For this blog, I tested the latest and greatest from both product lines and I’m sharing my experiences.
Posts
Turris, syslog-ng and me
Yes, it’s a syslog-ng blog from me, and it’s not on https://syslog-ng.com/ :-) The reason is simple: this is not a technical blog. This is my story about how I found the Turris Omnia Linux router and how this lead to working together with the Turris guys.
The beginnings When I ordered my Turris Omnia, I did not know that it ran syslog-ng. All I knew that it was an ARM device and that it ran Linux.
Posts
My Google Pixel C: the end of an era
I got my Google Pixel C tablet in early 2016, well over five years ago. I use it ever since almost every day. A big part of it is that I also have the Pixel C keyboard accessory. I prefer touch typing and funnily enough that does not work on a touch screen. It needs a real keyboard. And that keyboard died today. My Pixel C can still recognize the attached keyboard, but it does not work any more.
Others
Syslog-ng 3.33: the MQTT destination
Syslog-ng 3.33: the MQTT destination Version 3.33 of syslog-ng introduced an MQTT destination. It uses the paho-c client library to send log messages to an MQTT broker. The current implementation supports version 3.1 and 3.1.1 of the protocol over non-encrypted connections, but this is only a first step.
From this blog, you can learn how to configure and test the mqtt() destination in syslog-ng.
Read my blog at https://www.syslog-ng.com/community/b/blog/posts/syslog-ng-3-33-the-mqtt-destination
Posts
Running openSUSE in a FreeBSD jail using Bastille
Why? Last week, when the latest version of Bastille, a jail (container) management system for FreeBSD was released, it also included experimental Linux support. Its author needed Ubuntu, so that was implemented. I prefer openSUSE, so with some ugly hacks I could get openSUSE up and running in Bastille. I was asked to document it in a blog. This topic does not fit the sudo or syslog-ng blogs, where I regularly contribute.