Below you will find pages that utilize the taxonomy term “planets”
Posts
The syslog-ng newsletter looks odd
Recently I was asked why the syslog-ng newsletter looks odd. At first I did not even understand what is the problem. Then I realized that I kept using the same format for the past 14 years, that was optimized for UNIX terminals :-)
So, what is the problem? 14 years ago I was kindly asked by syslog-ng users to use plain text e-mails instead of HTML formatting. Of course it also means that there is no easy way to emphasize titles in the newsletter.
Others
The syslog-ng Insider 2024-12: FreeBSD audit; 4.8.1; conferences
The December syslog-ng newsletter is now on-line:
FreeBSD audit source for syslog-ng
Version 4.8.1 of syslog-ng is now available
Where should I present syslog-ng and sudo?
It is available at https://www.syslog-ng.com/community/b/blog/posts/the-syslog-ng-insider-2024-12-freebsd-audit-4-8-1-conferences
syslog-ng logo
Others
Syslog-ng Prometheus exporter added to RPM syslog-ng container image
Last week I introduced you to my latest project: a syslog-ng container based on Alma Linux. This week I added a syslog-ng Prometheus exporter to the container, so you can also monitor syslog-ng, if you enable it.
syslog-ng logo
Others
Experimental syslog-ng container image based on Alma Linux
The official syslog-ng container image is based on Debian Stable. However, we’ve been getting requests for an RPM-based image for many years. So, I made an initial version available based on Alma Linux and now I need your feedback about it! This image uses the “init” variant of Alma Linux 9 containers as a base image. What does this mean? Well, it uses systemd service management inside, making it possible to run multiple services from a single container.
Others
The syslog-ng Insider 2024-11: testing; Quickwit; MacPorts
The November syslog-ng newsletter is now on-line:
A call for syslog-ng testing Working with Quickwit Huge improvements for syslog-ng in MacPorts It is available at https://www.syslog-ng.com/community/b/blog/posts/the-syslog-ng-insider-2024-11-testing-quickwit-macports
syslog-ng logo
Others
Call for testing: syslog-ng in openSUSE Leap 16.0
Last week, I submitted syslog-ng to openSUSE Leap 16.0. While the distro is still in a pre-alpha stage, everything already works for me as expected. Well, except for syslog-ng, where I found a number of smaller problems. As such, this blog is a call for testing, both for syslog-ng on openSUSE Leap 16.0 and also for the distribution itself.
Read the rest at https://www.syslog-ng.com/community/b/blog/posts/call-for-testing-syslog-ng-in-opensuse-leap-16-0
syslog-ng logo
Others
A syslog-ng container image based on Alpine Linux
Recently, someone suggested I should check out Alpine Linux and prepare a syslog-ng container image based on it. While not supported by the syslog-ng project, an Alpine-based syslog-ng container image already exist as part of the Linuxserver project.
Read more at https://www.syslog-ng.com/community/b/blog/posts/a-syslog-ng-container-image-based-on-alpine-linux
syslog-ng logo
Posts
Some more Power t-shirts
Recently I posted about two of my Power t-shirts. Many people responded. Some wanted to get one of the t-shirts from me, others asked me what else do I have. I cannot give you the t-shirts, but I can show you a few more :-) I must admit that only one of them has Power printed on it, but the other two are also Power-related.
Genesi t-shirt The oldest t-shirt is from Genesi.
Others
Where should I present syslog-ng and sudo?
Recently I was asked the same question both at my workplace and at EuroBSDCon, the conference where I was presenting: where do you talk next? I had no definite answer. Of course, I am looking forward to the FOSDEM CfP, but I am also looking for new conferences to present syslog-ng and sudo. Do you have any recommendations?
You can read the rest of my blog at https://www.syslog-ng.com/community/b/blog/posts/where-should-i-present-syslog-ng-and-sudo
syslog-ng logo Sudo logo
Posts
Power t-shirts
I love t-shirts, especially those that you’d call logowear. But it’s not the kind of big name fashion logos that I’m referring to. Rather, it’s logowear from my favorite IT companies. I have well over a hundred of these t-shirts, and except when I’m preparing for a special event, I pull a random t-shirt from my collection. Yesterday I happened to wear a power.org t-shirt, while today I’m wearing an OpenPOWER t-shirt, two POWER t-shirts in two days :-) Both of these brought back some nice memories.
Others
The syslog-ng Insider 2024-10: 4.8.0 release; version number; Debian Stable
The September syslog-ng newsletter is now available:
Improved FreeBSD and MacOS support in 4.8.0
Setting the version number in the syslog-ng configuration
Switching containers from Debian Testing to Stable
You can read it at: https://www.syslog-ng.com/community/b/blog/posts/the-syslog-ng-insider-2024-10-4-8-0-release-version-number-debian-stable
syslog-ng logo
Others
Syslog-ng needs some karma on Fedora
Version 4.8.1 of syslog-ng was released last week. It is a bugfix release, and it contains fixes for problems also reported by members of the Fedora community. The Fedora 41 release is near, so package updates now need some additional testing, and “karma” in Bodhi. You can find information on how to install syslog-ng 4.8.1 from a testing repo on Fedora 41 beta at https://bodhi.fedoraproject.org/updates/FEDORA-2024-4e812b8a23. This is also the place where you can provide feedback and karma.
Posts
Budapest Audio Expo 2024
This weekend I visited the first Audio Expo in Budapest. It was the first music event I truly enjoyed in years. Even if corridors and rooms were packed, there was enough fresh air. What sets this event apart from other events is the focus on listening to music on the vendors’ products rather than just the speeds and feeds on why you should buy their products. While, of course, the expected outcome is the same, with the emphasis on listening to live systems, I found the event much more comfortable to walk around.
Others
FreeBSD audit source for syslog-ng
Two weeks ago, I was at EuroBSDcon and received a feature request for syslog-ng. The user wanted to collect FreeBSD audit logs together with other logs using syslog-ng. Writing a native driver in C is time consuming. However, creating an integration based on the program() source of syslog-ng is not that difficult.
This blog shows you the current state of the FreeBSD audit source, how it works, and its limitations. It is also a request for feedback.
Posts
POWER for open source enthusiasts: what is coming?
Recently I was at EuroBSDCon, where several participants recognized that I am a POWER guy. And they were right, I have been an IBM POWER Champion focusing on open source software on POWER for the past three years.
Talos II POWER9 mainboard I got the usual question from people: is there anyone working on an affordable and open source friendly POWER machine? My answer was a definite yes, but also had to admit that I do not know the actual status for any of the projects.
Posts
EuroBSDCon 2024
EuroBSDCon was fantastic, as always :-) I talked to many interesting people during the four days about sudo and syslog-ng, and of course also about many other topics. I gave a sudo tutorial, and it went well, with some “students” already planning which features to implement at home. There were many good talks, including one from Dr. Marshall Kirk McKusick, who was with the FreeBSD project right from the beginning, and worked on BSD even earlier.
Others
Huge improvements for syslog-ng in MacPorts
Last week I wrote about a campaign that we started to resolve issues on GitHub. Some of the fixes are coming from our enthusiastic community. Thanks to this, there is a new syslog-ng-devel port in MacPorts, where you can enable almost all syslog-ng features even for older MacOS versions and PowerPC hardware. Some of the freshly enabled modules include support for Kafka, GeoIP or OpenTelemetry. From this blog entry, you can learn how to install a legacy or an up-to-date syslog-ng version from MacPorts.
Others
Why sudo 1.9.16 enables secure_path by default?
Sudo 1.9.16 is now out, containing mostly bug fixes. However, there are also some new features, like the json_compact option I wrote about a while ago. The other major change is, secure_path is now enabled by default in the sudoers file, and there is a new option to fine-tune its content.
Read more at https://www.sudo.ws/posts/2024/09/why-sudo-1.9.16-enables-secure_path-by-default/
Sudo logo
Others
The syslog-ng Insider 2024-09: documentation; TRANSPORT macro; rolling RPMs
The September syslog-ng newsletter is now on-line:
You can also contribute to the syslog-ng OSE documentation The $TRANSPORT macro of syslog-ng Rolling RPM platforms added to the syslog-ng package build system It is available at https://www.syslog-ng.com/community/b/blog/posts/the-syslog-ng-insider-2024-09-documentation-transport-macro-rolling-rpms
syslog-ng logo
Others
Sending logs to Quickwit using the OpenTelemetry destination of syslog-ng
Last time we looked at how syslog-ng can send logs to Quickwit using its Elasticsearch compatible API. This time we are going to look at how to use the OpenTelemetry protocol to send logs to Quickwit with syslog-ng.
Read more at https://www.syslog-ng.com/community/b/blog/posts/sending-logs-to-quickwit-using-the-opentelemetry-destination-of-syslog-ng
syslog-ng logo
Others
First steps with Quickwit and syslog-ng
We are always looking for new ways to store log messages. Quickwit is a new contender, designed for log storage, and among others, it also provides an Elasticsearch-compatible API. From this blog, you can learn about Quickwit, and how to forward log messages from syslog-ng to it using the Elasticsearch-compatible API.
Read more at https://www.syslog-ng.com/community/b/blog/posts/first-steps-with-quickwit-and-syslog-ng
syslog-ng logo
Others
We are switching syslog-ng containers from Debian Testing to Stable
For many years, the official syslog-ng container and development containers were based on Debian Testing. We are switching to Debian Stable now. Learn about the history and the reasons for the change now.
Read more at https://www.syslog-ng.com/community/b/blog/posts/we-are-switching-syslog-ng-containers-from-debian-testing-to-stable
syslog-ng logo
Others
he syslog-ng Insider 2024-08: 4.8.0 release; Prometheus; Amazon Linux
The August syslog-ng newsletter is now on-line:
Version 4.8.0 of syslog-ng improves FreeBSD and MacOS support syslog-ng Prometheus exporter Experimental syslog-ng packages for Amazon Linux 2023 It is available at https://www.syslog-ng.com/community/b/blog/posts/the-syslog-ng-insider-2024-08-4-8-0-release-prometheus-amazon-linux
syslog-ng logo
Posts
On teaching sudo
A few weeks ago I was in Lille, France for Pass the SALT, a conference focused on open-source software and security, and gave a training on sudo. Ever since the conference, I’ve been approached by people asking if I could give sudo training(s) for or through their organization. Instead of writing a short answer to everyone in private, here is more detailed public response.
The short answer: it depends :-)
Others
Version 4.8.0 of syslog-ng improves FreeBSD and MacOS support
Last week One Identity released version 4.8.0 of its open-source log management application. Learn about some of the new features and bug fixes: why upgrade to the latest syslog-ng version, not only on FreeBSD :-)
Read more at https://www.syslog-ng.com/community/b/blog/posts/version-4-8-0-of-syslog-ng-improves-freebsd-and-macos-support
syslog-ng logo
Others
Why it is useful to set the version number in the syslog-ng configuration
The syslog-ng configuration starts with a version number declaration. Up until recently, if it was missing, syslog-ng did not start. With syslog-ng 4.8, this is changing.
From this blog, you can learn why version information is useful, what workaround you can use if you do not want to edit your syslog-ng configuration on each update, and what changed in version 4.8.
You can read the rest of my blog at https://www.
Others
You can also contribute to the syslog-ng OSE documentation
The up-to-date syslog-ng Administration Guide received a new look and easier navigation, as well as better search experience. Best of all, you can now also easily contribute to the syslog-ng documentation.
Almost everything is available from the opening page at https://syslog-ng.github.io/
However, here are some direct links for you:
The syslog-ng 4.X documentation: https://syslog-ng.github.io/admin-guide/README
The syslog-ng documentation contributor guide: https://syslog-ng.github.io/doc-guide/README#how-to-contribute-to-the-documentation
The syslog-ng developer guide: https://syslog-ng.github.io/dev-guide/README (which still has some outdated parts)
Others
The $TRANSPORT macro of syslog-ng
Do you want to know how your log messages arrived to syslog-ng? The new $TRANSPORT macro provides you with part of the answer. It shows you the protocol variant for network sources, or the kind of local source used.
Read more at https://www.syslog-ng.com/community/b/blog/posts/the-transport-macro-of-syslog-ng
syslog-ng logo
Others
syslog-ng Prometheus exporter
Prometheus is an open-source monitoring system that collects metrics from your hosts and applications, allowing you to visualize and alert on them. The syslog-ng Prometheus exporter allows you to export syslog-ng statistics, so that Prometheus can collect it.
While an implementation in Go has been available for years on GitHub (for more information, see this blog entry), that solution uses the old syslog-ng statistics interface. And while that Go-based implementation still works, syslog-ng 4.
Others
Experimental syslog-ng packages for Amazon Linux 2023
Last year, I received many requests about syslog-ng for Amazon Linux 2023, but I could not find an easy way to create syslog-ng packages. Recently, however, I found that Fedora Copr supports building packages for Amazon Linux 2023. So, with a little bit of experimentation, I got a cut down version of syslog-ng compiled.
Read more at https://www.syslog-ng.com/community/b/blog/posts/experimental-syslog-ng-packages-for-amazon-linux-2023
syslog-ng logo
Posts
Copr: build your Fedora / RHEL packages for POWER
I’m often asked, how can I be an IBM Champion for POWER, if I do not own an IBM POWER server or workstation. Yes, life would definitely be easier if I had one. However, I have an over 30 years history with POWER, and there are some fantastic resources available to developers for free. Both help me to stay an active member of the IBM POWER open source community.
Talos II POWER9 mainboard Last time I introduced you to the openSUSE Build Service.
Others
The syslog-ng Insider 2024-05: documentation; grouping-by(); PAM Essentials; health
The May syslog-ng newsletter is now on-line:
The official syslog-ng OSE documentation got a new look The syslog-ng Administration Guide received a new look and easier navigation. Not only that, but it is also up-to-date now. Besides, there are now contributor guides available both for the documentation and for syslog-ng developers.
The admin guide is available at: https://syslog-ng.github.io/admin-guide/README
You can reach all syslog-ng OSE-related documentation at: https://syslog-ng.github.io/
If you find any issues, pull requests and problem reports are welcome.
Others
Using syslog-ng on multiple platforms
Your favorite Linux distribution is X. You test everything there. However, your colleagues use distro Y, and another team distro Z. Nightmares start here: the same commands install a different set of syslog-ng features, configuration defaults and use different object names in the default configuration. I ran into these problems while working with Gábor Samu on his HPC logging blog.
From this blog you can learn about some of the main differences in packaging and configuration of syslog-ng in various Linux distributions and FreeBSD, and how to recognize these when configuring syslog-ng on a different platform.
Others
When it comes to sudo logging, pretty is not always better
Version 1.9.16 of sudo will introduce a new logging option: json_compact. This does not affect logging to syslog, only logging to files. Previously, sudo created human-readable JSON log files. With this new setting enabled, logs are no longer pretty but can be easily read by logging software.
As I am writing this blog, version 1.9.16 is not yet released, not even a beta. For now, if you want to test this feature, you will have to compile sudo yourself from source.
Others
Working with sudo’s json_compact logs in syslog-ng
Version 1.9.16 of sudo will feature a new option for logging: json_compact. Why is this important? This new format can easily be read and parsed by a log management software, like syslog-ng.
Note that in this blog I am showing you a sudo feature which has not yet been released officially. You have to compile sudo yourself. By all means, if you have any other application writing JSON-formatted log messages, you can apply most of what you read here with slight modifications.
Posts
Centralized system and LSF logging on a Turing Pi system
I love high performance computers, and some of my best friends work in high performance computing (HPC). Obviously, sometimes we also talk about logging. Recently we not just talked, but I also helped Gábor in his first steps with syslog-ng. He summarized his experiences in a blog:
Logs are one of those indispensable things in IT when things go wrong. Having worked in technical support for software products in a past life, I’ve likely looked at hundreds (or more) logs over the years, helping to identify issues.
Others
The syslog-ng health check
Version 4.2 of syslog-ng introduced a healthcheck option to syslog-ng-ctl. It prints three syslog-ng-related metrics on screen – if it can reach syslog-ng, that is. You can use it from scripts to monitor the health of syslog-ng.
https://www.syslog-ng.com/community/b/blog/posts/the-syslog-ng-health-check
syslog-ng logo
Others
Alerting on One Identity Cloud PAM Essentials logs using syslog-ng
One Identity Cloud PAM Essentials is the latest security product by One Identity. It provides asset management as well as secure and monitored remote access for One Identity Cloud users to hosts on their local network. I had a chance to test PAM Essentials while still in development. While there, I also integrated it with syslog-ng.
From my previous blog, you could learn what PAM Essentials is, and how you can collect its logs using syslog-ng.
Others
Collecting One Identity Cloud PAM Essentials logs using syslog-ng
One Identity Cloud PAM Essentials is the latest security product by One Identity. It provides asset management as well as secure and monitored remote access for One Identity Cloud users to hosts on their local network. I had a chance to test PAM Essentials while still in development. While there, I also integrated it with syslog-ng.
From this blog, you can learn what PAM Essentials is, and how you can collect its logs using syslog-ng.
Others
The syslog-ng Insider 2024-03: MacOS; OpenTelemetry;
The March syslog-ng newsletter is now on-line:
Native MacOS source in syslog-ng Using OpenTelemetry between syslog-ng instances Collecting even more logs on MacOS using syslog-ng It is available at https://www.syslog-ng.com/community/b/blog/posts/the-syslog-ng-insider-2024-03-macos-opentelemetry
syslog-ng logo
Others
Dedicated Windows XML eventlog parser in syslog-ng
Version 4.6 of syslog-ng introduced windows-eventlog-xml-parser(), a dedicated parser for XML-formatted event logs from Windows. It makes the EventData portion of log messages more useful, as it combines two arrays into a list of name-value pairs.
https://www.syslog-ng.com/community/b/blog/posts/dedicated-windows-xml-eventlog-parser-in-syslog-ng
syslog-ng logo
Others
Aggregating messages in syslog-ng using grouping-by()
Sometimes you have many log messages from an app, but none of them have the exact content you need. This is where the grouping-by() parser of syslog-ng can help. It allows you to aggregate information from multiple log messages into a single message.
In this blog, I will show you how to parse sshd logs using the patterndb parser of syslog-ng, and then create an aggregate message from the opening and closing log message using grouping-by.
Others
Working with multi-line logs in syslog-ng
Most log messages fit on a single line. However, Windows and some developer tools and services, like Tomcat, write multi-line log messages. These can come in various formats. For example, new log messages start with a date in a specific format. You use the multi-line-prefix() of the syslog-ng file() source to send multi-line messages as single messages instead of line by line.
I must admit that I have never seen multi-line logs in production.
Others
The syslog-ng Insider 2024-02: OpenObserve; configuration check; build services;
The February syslog-ng newsletter is now on-line:
Version 4.5.0 of syslog-ng is now available with OpenObserve JSON API support Syslog-ng PE can now send logs to Google BigQuery Syslog-ng can now do a full configuration check How build services make life easier for upstream developers It is available at https://www.syslog-ng.com/community/b/blog/posts/the-syslog-ng-insider-2024-02-openobserve-configuration-check-build-services
syslog-ng logo
Others
Using OpenTelemetry between syslog-ng instances
Do you have to forward large amounts of logs between two syslog-ng instances? OTLP (OpenTelemetry protocol) support in syslog-ng was contributed by Axoflow, and it can solve this problem. Just like the ewmm() destination, syslog-ng-otlp() forwards most name-value pairs, however, unlike a tcp() connection, it scales well with multiple CPU cores.
Support for OpenTelemetry was added to syslog-ng a couple of releases ago. OpenTelemetry is an observability framework, mainly used in Linux / Cloud / Kubernetes environments.
Others
Native MacOS source in syslog-ng
You know that support for MacOS is important when every third visitor at the syslog-ng booth of Red Hat Summit asks if syslog-ng works on MacOS. With the upcoming syslog-ng version 4.6.0, syslog-ng not only compiles on MacOS, but it also collects local log messages natively. From this blog you can learn how to compile syslog-ng yourself, options of the MacOS source, and also a bit of history.
https://www.syslog-ng.com/community/b/blog/posts/native-macos-source-in-syslog-ng
syslog-ng logo
Others
The syslog-ng Insider 2024-01: HTTP; Cloudflare; systemd-journal; Humio / Logscale;
The January syslog-ng newsletter is now on-line:
Why use a http()-based destination in syslog-ng? An overview of Cloudflare’s logging pipeline Working with multiple systemd-journal namespaces in syslog-ng Logging to Humio / Logscale simplified in syslog-ng It is available at https://www.syslog-ng.com/community/b/blog/posts/the-syslog-ng-insider-2024-01-http-cloudflare-systemd-journal-humio-logscale
syslog-ng logo
Posts
Music of the week: five albums to bring with me to the desert island
I love music. My family, friends, colleagues love music. I am in quite a few music-related Facebook groups. A returning question everywhere in the past couple of weeks in various wordings was: what are the five albums you would bring to a desert island? This list is of course changing almost each and every year. And also depends on the number of albums, and if live concert recordings, “best of”, etc.
Others
How build services make life easier for upstream developers
Many Linux distributions provide build services under various names: openSUSE Build Service (OBS), Fedora Copr, and so on. These resources are indispensable for upstream developers, and also for their users. I will demonstrate this through some examples from the syslog-ng project.
Note: this blog is loosely based on a talk idea I had for the FOSDEM Distributions Devroom. There is no deep technical information about syslog-ng in this blog. This is more like a history of syslog-ng packaging, and how the fantastic tools by openSUSE and Fedora made it a lot easier and made me an active part of these communities.
Posts
Music of the week: New Year edition
This is my last blog for 2023, Budapest time. However, it might already be the first blog of the year from me, if you live in Japan or New Zealand :-) This time it’s a single song: “Happy new year” from ABBA (and from me :-) ).
TIDAL: https://listen.tidal.com/album/575781/track/575787
Posts
Music of the week: Christmas edition :-)
If it’s Christmas, then for many people it means watching Home alone. Related memes have appeared in social media already in the summer: “100 more days before you watch Home Alone again” ;-) Well, I do not recall when I watched it for the last time, so probably not in the past decade…
However, even I know that the most famous song from the movie is Carol of the Bells. I was surprised to hear how many musicians make a cover of a song from a film.
Posts
Music of the week: the church organ
One of my favorite instruments is the church organ. A few weeks ago we already listened to organ and drums, but those were just covers of some popular songs. However, the church organ is also used in original music, including some really well-known songs.
Next to Bach, probably the best-known appearance of a church organ is in Andrew Lloyd Webber’s The Phantom of the Opera. As a kid, first, I copied it from vinyl to tape, after which I also bought it on CD.
Posts
Music of the week: String Quartets
One of my favorite albums is Vedres Csaba és a Kairosz kvartett – Áldott Idő / Blessed Time. It was made by Hungarian pianist Csaba Vedres, who worked together with a string quartet. Their music taught me that string quartets playing alone, with a piano, or with any other instrument can do some fantastic music.
The band was founded by Csaba Vedres, who had a classical music education. Besides playing the piano, he also researched the topic of classical vs.
Others
Syslog-ng can now do a full configuration check
One of the most frequent syslog-ng feature requests is now resolved. Welcome the –check-startup option, allowing you to check the syntax and also spot spelling mistakes!
You can learn more about it at: https://www.syslog-ng.com/community/b/blog/posts/syslog-ng-can-now-do-a-full-configuration-check
syslog-ng logo
Posts
Music of the week: church organ and drums
In the first part of my music recommendation blog series I mentioned that many people turn to me for some less mainstream music. For quite a long time I thought that listening to cellos playing metal is already something niche. Then it turned out that many people around me love this kind of music. Recently I found something really niche: church organ and drums :-)
I love the sound of the church organ.
Others
Version 4.5.0 of syslog-ng is now available with OpenObserve JSON API support
Recently, syslog-ng 4.5.0 was released with many new features. These include sending logs to OpenObserve using its JSON API, support for Google Pub/Sub, a new macro describing message transport mechanisms like RFC 3164 + TCP, an SSL option to ignore validity periods, and many more. You can find a full list of new features and bug fixes in the release notes at: https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.5.0
In this blog, you can find some pointers on how to install the very latest syslog-ng version and learn how you can configure syslog-ng to use the OpenObserver JSON API: https://www.
Posts
Music of the week: the Cello
I love the melodies of Metallica songs. However, I strongly prefer instrumental music. That’s why I was very happy, when someone brought Apocalyptica to my attention: they played Metallica on four cellos. Over the years I discovered that metal or any other music sounds nice on cellos, as I learned about two more bands: 2cellos and Mozart Heroes.
But I should not rush so far ahead. In the year 2000 someone introduced me to Metallica.
Others
More info with -ll in sudo 1.9.15
Version 1.9.15 of sudo gives more detailed information when using the -ll option. For commands, it adds the rule that allows it. Without a command parameter, it lists rules affecting a given user. It also prints which file contains the given rule, making debugging easier.
You can read more about it at https://www.sudo.ws/posts/2023/11/more-info-with-ll-in-sudo-1.9.15/
Sudo logo
Others
The syslog-ng Insider 2023-11: Splunk; configuration; journald;
The November syslog-ng newsletter is now on-line:
Sending logs to Splunk using syslog-ng Developing a syslog-ng configuration Systemd-journald vs. syslog-ng It is available at https://www.syslog-ng.com/community/b/blog/posts/the-syslog-ng-insider-2023-11-splunk-configuration-journald
syslog-ng logo
Posts
Music of the week: Pictures at an Exhibition
As you might have guessed from my previous blog posts: I love music. Colleagues, family, and friends often turn to me for suggestions if they want to listen to something new and less mainstream. This blog is about music I listen to, the first part of what will hopefully become a series. I hope you also find something interesting here!
Why did I pick “Pictures at an Exhibition” when I talk about “less mainstream” music in the opening paragraph?
Posts
All Things Open 2023
All Things Open (ATO) is one of my favorite conferences. This week I had the privilege to be in Raleigh, NC for the third time, and give a talk at the conference for the fourth time. I participated not just ATO, but the Community Leadership Summit. Both events were fantastic. I learned a lot, and also realized that many others have the very same problems as I have. I also had a slight overdose of AI :-)
Others
Why use a http()-based destination in syslog-ng?
Logging is not just syslog anymore. Still, many syslog-ng users stick to using one of the syslog protocols for log transport and flat files for log storage. While most SIEMs and log analytics tools can receive syslog messages or read them using their own agents, in most cases, you can use the http() destination of syslog-ng as well to send logs to them. You gain extreme performance and an architecture that is easier to maintain.
Others
The syslog-ng Insider 2023-10: contribute; parallelize; compatibility;
The October syslog-ng newsletter is now on-line:
Why contribute to syslog-ng upstream? Accelerating single TCP connections in syslog-ng: parallelize() Backward compatibility in syslog-ng by using the version number in syslog-ng.conf It is available at https://www.syslog-ng.com/community/b/blog/posts/the-syslog-ng-insider-2023-10-contribute-parallelize-compatibility
syslog-ng logo
Others
Compressing HTTP traffic in syslog-ng
Network traffic is expensive in the cloud, and even a single syslog-ng instance can easily saturate the full bandwidth of a network connection. Compressing HTTP traffic was introduced in syslog-ng Version 4.4.0 and depending on your use case, you can cut down on your expenses on your networking or send more logs using the same budget or bandwidth.
Development of this feature was done using a locally installed OpenResty web server, and later tested using Sumologic.
Others
Why is a feature not available in the syslog-ng package?
You can read about many interesting syslog-ng features in my blogs. However, it can happen that when you want to try them at home, you fail because the feature is missing. How can you solve such problems? In this blog, I discuss some of the possible solutions from installing sub-packages through using unofficial repositories, to upgrading your OS.
This blog focuses on RPM packages for openSUSE / SLES, Fedora / RHEL, and FreeBSD, because these are the packages I know – I am their maintainer.
Others
Sending logs to OpenObserve using syslog-ng
OpenObserve has an Elasticsearch compatible API for log ingestion, but syslog-ng is not mentioned in the documentation. My plan was to document how to modify the syslog-ng elasticsearch-http() destination, based on API documentation. However, as it turned out, OpenObserve has a ready to use syslog-ng configuration example in the web UI.
https://www.syslog-ng.com/community/b/blog/posts/sending-logs-to-openobserve-using-syslog-ng
syslog-ng logo
Others
Developing a syslog-ng configuration
This year I started publishing a syslog-ng tutorial series both on my blog and on YouTube: https://peter.czanik.hu/posts/syslog-ng-tutorial-toc/ And while the series was praised as the best possible introduction to syslog-ng, viewers also mentioned that one interesting element is missing from it: namely, it does not tell users how to develop a syslog-ng configuration.
So, in this blog, learn how to develop a syslog-ng configuration from the ground up! I will explain not just the end result, but also the process and the steps to take to develop a configuration.
Others
Systemd-journald vs. syslog-ng
Even if most people ask me to compare systemd-journald vs. syslog-ng, I would say that they complement each other. Systemd-journald excels at collecting local log messages, including those of various system services. The focus of syslog-ng is on central log collection and forwarding the logs to a wide variety of destinations after processing and filtering. Combining the two gives you the most flexibility.
Read more at https://www.syslog-ng.com/community/b/blog/posts/systemd-journald-vs-syslog-ng
syslog-ng logo
Others
Backward compatibility in syslog-ng by using the version number in syslog-ng.conf
Many users are annoyed by the version number included in the syslog-ng configuration. However, it ensures backward compatibility in syslog-ng. It is especially useful when updating to syslog-ng 4 from version 3, but also when updating within the same major version.
Read more about it at https://www.syslog-ng.com/community/b/blog/posts/backward-compatibility-in-syslog-ng-by-using-the-version-number-in-syslog-ng-conf
syslog-ng logo
Others
Accelerating single TCP connections in syslog-ng: parallelize()
One of the highlights of the syslog-ng 4.3.0 release is parallelize(). Normally, syslog-ng processes incoming messages from a TCP connection in a single thread. While this works fine with many connections, it is a bottleneck when using a single or very few high-traffic connections. Using parallelize() allows syslog-ng to process log messages from a single high-traffic TCP connection in multiple threads, thus increasing processing performance on multi-core machines.
As you will see, parallelize() helps when you have a single high-traffic TCP connection.
Others
Why contribute to syslog-ng upstream?
One of the returning questions I received recently: why contribute to the syslog-ng upstream? I guess it is a question many open-source projects receive regularly. There are many generic answers. Here I would like to focus more on syslog-ng, focusing on various parts of it.
Of course, the generic answers also apply. Syslog-ng is an open-source project, free to use, modify, and extend. By contributing, you can give something back and improve syslog-ng for everyone.
Others
What I learned about syslog-ng performance using sngbench
A few weeks ago, I posted about sngbench, a shell script to measure syslog-ng performance. The performance of syslog-ng is influenced by many factors, including the hardware and OS it runs on, and syslog-ng itself. This blog summarizes some of my findings using the script.
https://www.syslog-ng.com/community/b/blog/posts/what-i-learned-about-syslog-ng-performance-using-sngbench
syslog-ng logo
Others
Syslog-ng 4.2: extra UDP performance
No matter how awkward you feel when you hear about UDP syslog in the age of encrypted TCP connections, UDP syslog is here to stay in some special cases. The scalability issues of UDP log collection were first addressed in syslog-ng Open Source Edition (OSE) (the so-reuseport() parameter), and later a more advanced solution arrived to syslog-ng Premium Edition (PE) (the udp-balancer() source). The good news is that a new, open-source implementation is now available as part of syslog-ng 4.
Others
Introducing sngbench: a shell script to performance test your syslog-ng
One of the returning syslog-ng questions I receive is how many log messages can a given hardware handle. My typical answer is that it depends on the configuration. I have now an answer, or rather a tool to answer your question: sngbench.sh. It is a shell script that runs from localhost and uses loggen, the bundled benchmarking and testing tool of syslog-ng. It comes with two configurations: a performance-optimized and a realistic one.
Posts
Creaks: The first game I bought for its music
Recently, I was looking for some new hybrid / crossover music, and someone recommended me to check out Hidden Orchestra. Listening to their album, “Creaks” was an instant love. As I learned later, it’s the music of a game. I’m not a gamer, but once seeing that it’s on sale on Humble Bundle I bought it immediately.
You can listen to the whole album here:
You can also find it on Bandcamp.
Others
Syslog-ng Python Packaging
In version 4 of syslog-ng, the role of Python became even more important. Previously, all parts of syslog-ng could be extended using Python code, but no actual Python code was provided with syslog-ng. Version 4.0 added a Kubernetes module implemented in Python, while version 4.2 added support for Hypr. But how can we ensure that all Python dependencies are met?
In my latest blog I describe the current situation and ask you for feedback!
Others
The syslog-ng insider 2023-05: learning; UDP; upgrading;
The May syslog-ng newsletter is now on-line:
Learning syslog-ng, the easier way Why syslog over UDP loses messages and how to avoid that Upgrade problems from syslog-ng 3 to 4 It is available at https://www.syslog-ng.com/community/b/blog/posts/the-syslog-ng-insider-2023-05-learning-udp-upgrading
syslog-ng logo
Others
Getting syslog-ng 4
Version 4 of syslog-ng was released last December. Quite a few people use it already in production. How can you install it for a test drive? It might be already available in your Linux distribution. There are also several unofficial repositories with the latest syslog-ng.
From this blog, you can learn how to check your syslog-ng version, where to check if it is not yet installed, and a few additional resources, if you want to install the latest version from unofficial repositories.
Others
Upgrade problems from syslog-ng 3 to 4
Version 4 of syslog-ng works perfectly well in version 3 compatibility mode. However, if you want to use the syslog-ng 4 features, you need to be aware of some significant changes. If you have a simple configuration, like those in Linux distributions, then simply rewriting the version string is most likely enough. However, if you use PatternDB or JSON parsing, any Python code, or an Elasticsearch, or MongoDB destination, you have to be aware of the changes.
Others
The syslog-ng Insider 2023-04: FreeBSD; Splunk; Deduplication;
The April syslog-ng newsletter is now on-line:
Installing a syslog-ng 4 development snapshot on FreeBSD Getting data to Splunk Streaming deduplication in syslog-ng It is available at https://www.syslog-ng.com/community/b/blog/posts/the-syslog-ng-insider-2023-04-freebsd-splunk-deduplication
syslog-ng logo
Posts
Learning syslog-ng: a table of contents for my tutorial series
Last year, one of the returning questions I received was how to learn syslog-ng. My answer was that read the first few chapters of the documentation, read my blogs related to your use case, and then read a few relevant parts from the rest of the documentation. Our documentation is praised by users, but it is still a reference documentation. I was asked if a less detailed, more to the point, preferably video tutorial is available.
Others
Syslog-ng 101, part 13: Updating syslog-ng, syslog-ng 4
Version 4 of syslog-ng is now available. The good news is that it is fully backwards compatible. If the version string in your configuration is set to a 3.X version, it will work as expected even after updating to version 4. Of course you might run into corner cases, but I had no problems even with complex configurations. Today, we learn about updating syslog-ng, and some of the new features of syslog-ng 4.
Others
Syslog-ng 101, part 12: Elasticsearch (and Opensearch, Zinc, Humio, etc.)
One of the most popular destinations in syslog-ng is Elasticsearch (and OpenSearch, Zinc, Humio, etc.). The 12th part of my syslog-ng #tutorial shows you how to send log messages to Elasticsearch.
You can watch the video on YouTube:
and the complete playlist at https://www.youtube.com/playlist?list=PLoBNbOHNb0i5Pags2JY6-6wH2noLaSiTb
Or you can read the rest the tutorial as a blog at: https://www.syslog-ng.com/community/b/blog/posts/syslog-ng-101-part-12-elasticsearch-and-opensearch-zinc-humio-etc
syslog-ng logo
Posts
HPC and me
Recently I found that quite a few of my Twitter and Mastodon followers are working in high-performance computing (HPC). At first I was surprised because I’m not a HPC person, even if I love high performance computers. Then I realized that there are quite few overlaps, and one of my best friends is also deeply involved in HPC. My work, logging, is also a fundamental part of HPC environments.
Let’s start with a direct connection to HPC: one of my best friends, Gabor Samu, is working in HPC.
Others
Syslog-ng 101, part 11: Enriching log messages
This is the eleventh part of my syslog-ng tutorial. Last time, we learned about message parsing using syslog-ng. Today, we learn about enriching log messages.
You can watch the video on YouTube:
and the complete playlist at https://www.youtube.com/playlist?list=PLoBNbOHNb0i5Pags2JY6-6wH2noLaSiTb
Or you can read the rest the tutorial as a blog at: https://www.syslog-ng.com/community/b/blog/posts/syslog-ng-101-part-11-enriching-log-messages
syslog-ng logo
Posts
BBC The Green Planet: Quality vs Content
Where should I begin. I bought a 4K Blu-Ray player last Autumn. I did not plan to use it for movies: this was the cheapest way of buying a player for all of my various discs. For a couple of months I really only listened to my CD/DVD-Audio/SACD collection on it.
While listening to TIDAL, I realized that there is a new David Attenborough series out there (the soundtrack was recommended to me by TIDAL).
Others
Syslog-ng 101, part 10: Parsing
This is the tenth part of my syslog-ng tutorial. Last time, we learned about syslog-ng filters. Today, we learn about message parsing using syslog-ng.
You can watch the video on YouTube:
and the complete playlist at https://www.youtube.com/playlist?list=PLoBNbOHNb0i5Pags2JY6-6wH2noLaSiTb
Or you can read the rest the tutorial as a blog at: https://www.syslog-ng.com/community/b/blog/posts/syslog-ng-101-part-10-parsing
syslog-ng logo
Others
Syslog-ng 101, part 9: Filters
This is the ninth part of my syslog-ng tutorial. Last time, we learned about macros and templates. Today, we learn about syslog-ng filters. At the end of the session, we will see a more complex filter and a template function.
You can watch the video on YouTube:
and the complete playlist at https://www.youtube.com/playlist?list=PLoBNbOHNb0i5Pags2JY6-6wH2noLaSiTb
Or you can read the rest the tutorial as a blog at: https://www.syslog-ng.com/community/b/blog/posts/syslog-ng-101-part-9-filters
syslog-ng logo
Others
Installing a syslog-ng 4 development snapshot on FreeBSD
Unless there is a serious problem, FreeBSD ports usually contains the latest stable syslog-ng release. However, sometimes people want to compile a git snapshot to test a new feature or bugfix. To do that, one way is to generate a syslog-ng release tgz on FreeBSD and edit the syslog-ng port files yourself. However, this needs some practice. As such, an easier solution is to use my weekly development snapshots.
Learn how from my latest blog at: https://www.
Others
Syslog-ng 101, part 8: Macros and templates
This is the eighth part of my syslog-ng tutorial. Last time, we learned about network logging. Today, we learn about syslog-ng macros and templates. At the end of the session, we will know how to do a simple log rotation using macros.
You can watch the video on YouTube:
and the complete playlist at https://www.youtube.com/playlist?list=PLoBNbOHNb0i5Pags2JY6-6wH2noLaSiTb
Or you can read the rest the tutorial as a blog at: https://www.syslog-ng.com/community/b/blog/posts/syslog-ng-101-part-8-macros-and-templates
syslog-ng logo
Others
Syslog-ng 101, part 7: Networking
This is the seventh part of my syslog-ng tutorial. Last time, we learned about syslog-ng destinations and the log path. Today, we learn about syslog-ng network logging. At the end of the session, we will send test messages to a syslog-ng network source.
You can watch the video on YouTube:
Or you can read the rest the tutorial as a blog at: https://www.syslog-ng.com/community/b/blog/posts/syslog-ng-101-part-7-networking
syslog-ng logo
Others
Installing syslog-ng 4.0.1 on FreeBSD
Version 4.0.1 of syslog-ng was released a month ago. Unfortunately, the new release does not compile on FreeBSD. It was a temporary problem in the environment generating the source tgz. The next release is still almost a month away, but you can compile syslog-ng 4.0.1 yourself from my unofficial ports Makefile.
Learn how from my latest blog at https://www.syslog-ng.com/community/b/blog/posts/installing-syslog-ng-4-0-1-on-freebsd
syslog-ng logo
Others
Syslog-ng 101, part 6: Destinations and log path
This is the sixth part of my syslog-ng tutorial. Last time, we learned about syslog-ng source definitions and how to check the syslog-ng version. Today, we learn about syslog-ng destinations and the log path. At the end of the session, we will also perform a quick syntax check.
You can watch the video on YouTube:
Or you can read the rest the tutorial as a blog at: https://www.syslog-ng.com/community/b/blog/posts/syslog-ng-101-part-6-destinations-and-log-path
syslog-ng logo
Others
Syslog-ng 101, part 5: Sources
This is the fifth part of my syslog-ng tutorial. Last time we had an overview of the syslog-ng configuration and had our first steps working with syslog-ng. Today we learn about syslog-ng source definitions and how to check the syslog-ng version and its enabled features.
You can watch the video on YouTube:
Or you can read the rest the tutorial as a blog at: https://www.syslog-ng.com/community/b/blog/posts/syslog-ng-101-part-5-sources
syslog-ng logo
Others
Syslog-ng 101, part 4: Configuration and testing
This is the fourth part of my syslog-ng tutorial. I hope that since the previous part of my tutorial, you successfully installed syslog-ng. In this part we will finally work with syslog-ng, not just learn about the theoretical background. We will do basic configuration and testing.
You can watch the video on YouTube:
Or you can read the rest the tutorial as a blog at: https://www.syslog-ng.com/community/b/blog/posts/syslog-ng-101-part-4-configuration-and-testing
syslog-ng logo
Others
Syslog-ng is now available in Homebrew
Installing syslog-ng on Mac is easy, if you use Homebrew for 3rd party packages. Previously, you had to install dependencies and then compile syslog-ng from source. Now, a single command takes care of everything!
homebrew logo Read the rest of my blog at https://www.syslog-ng.com/community/b/blog/posts/syslog-ng-is-now-available-in-homebrew
syslog-ng logo
Others
Syslog-ng 101, part 3: Syslog-ng editions, and where to get them from
Welcome to the third part of my syslog-ng tutorial. Today we cover the various syslog-ng editions (open source, commercial and appliance), and where to get them from. The focus of this tutorial series is the Open Source Edition (OSE), but to avoid confusion, I also briefly introduce the other two.
You can watch the video on YouTube:
Or you can read the rest of my blog at: https://www.syslog-ng.com/community/b/blog/posts/syslog-ng-101-part-3-syslog-ng-editions-and-where-to-get-them-from
This is a boring, but important part, do not skip it!
Others
Syslog-ng 101, part 2: Basic concepts
Welcome to the second part of my syslog-ng tutorial series. In this part, we cover some of the basic concepts behind syslog-ng.
Last time we defined syslog-ng as an enhanced logging daemon with a strong focus on portability and high-performance central log collection.
Let us pull this sentence apart, as all words are here for a reason. The original syslog implementation was pretty simple: it collected log messages from applications and sorted them to various files.
Others
Syslog-ng 101, part 1: Introduction
Welcome to the first part of my syslog-ng tutorial series. In this part, I give you a quick introduction what to expect from this series and try to define what syslog-ng is.
I plan to release parts of my tutorial around every week. Of course, the Christmas holidays and the upcoming conference season may cause some delays. Each part will be released as a blog accompanied by a video. It is up to you, which version you follow.
Others
The syslog-ng Insider 2022-11: 4.0; OIDC; nightly; sudo;
The November syslog_ng newsletter is now on-line:
Testing syslog-ng 4.0
syslog-ng Store Box federated single sign-on support via OpenID Connect (OIDC)
Nightly syslog-ng container images
Type support: working with sudo logs in syslog-ng 4.0
It is available at https://www.syslog-ng.com/community/b/blog/posts/the-syslog-ng-insider-2022-11-4-0-oidc-nightly-sudo
syslog-ng logo
Posts
Sudo and syslog-ng news on Mastodon
From now on, as I want to reach as many as possible, you can also read sudo and syslog-ng news from me on Mastodon. You can find my account at:
https://fosstodon.org/@PCzanik
Mastodon is a decentralized network of servers. I chose a server called “Fosstodon” as it is focused on open source software. Some of the projects I participate in are already there: BastilleBSD and openSUSE. As usual, next to my usual syslog-ng and sudo posts, you will also sometimes hear from me about OpenPOWER and ARM with some occasional photos from my hiking trips :-)
Others
Syslog-ng on MacOS Ventura
Each new MacOS release brings some surprises when it comes to compiling syslog-ng. MacOS Ventura has been released recently, while Homebrew has also been updated. So here are some updated instructions for MacOS Ventura (and also for the last MacOS minor release before Ventura).
https://www.syslog-ng.com/community/b/blog/posts/syslog-ng-on-macos-ventura
syslog-ng logo
Posts
Photography is not just about the camera
Once upon a time I started taking photos with a Lubitel, which is an old, very basic, and completely manual camera. In 2000 I switched from film to digital and everything could be automated. This was the time when I finally realized that having a good camera is not everything. A perfect exposure with a good camera can still result in an ugly and boring photo.
Lubitel 2 When I had a fully manual film camera, I quickly learned how to do perfectly exposed photos without any tools to measure light or distance.
Posts
Lake Naplás: giving time-lapse photography another try
Once upon a time I made some time-lapse videos, but I gave up quickly. Recently I have watched yet another Attenborough nature series: The Green Planet. It was full of beautiful time-lapse recordings, and suddenly I felt the urge again to give this genre another try :-)
I visited my favorite recreational area in the Pest side of Budapest: Lake Naplás. It’s an artificial lake close to the border of Budapest, which quickly turned into an important bird nesting place and a protected nature area.
Others
Running sudo without updating cached credentials
One of the recurring questions at conferences was whether there is a way to check cached sudo credentials without updating them. Version 1.9.12 of sudo introduces the -N option which makes this possible, and also allows running any commands without updating the cached credentials.
You can learn more about the new -N option in my latest sudo blog at https://www.sudo.ws/posts/2022/10/running-sudo-without-updating-cached-credentials/
Sudo logo
Posts
Hifi Made in Hungary: NCS Audio
Last weekend, I visited a special audio event in Budapest. Two local companies demonstrated their products built into a single audio system. The music was played from TIDAL using an audio PC and DAC made by Bodor Audio and a pair of speakers by NCS Audio.
If you read one of my earlier blogs, you know that I listen to a pair of Heed Enigma 5 speakers. It was a love at first sight during my university years.
Others
syslog-ng 101: how to get started with learning syslog-ng?
How to get started with syslog-ng? There are two main resources: the syslog-ng documentation and the syslog-ng blogs. You should learn the concepts and basics from the documentation. The blogs document use cases and you can use the docs as a reference.
syslog-ng logo Read the rest of my blog at: https://www.syslog-ng.com/community/b/blog/posts/syslog-ng-101-how-to-get-started-with-learning-syslog-ng
Posts
EuroBSDcon 2022
Last weekend I was in Vienna for EuroBSDcon, an event where BSD users are gathering from Europe (and all around the world). And while you could follow the event online, to me, the greatest value of the conference was not in the talks themselves (not to lessen their value of course, as they were fantastic) but rather in meeting people during the hallway session. The line-up consisted of sudo and syslog-ng users, BSD users and developers, and even some people from history books :-)
Posts
Working Hybrid
I worked from home all my life, or at least that’s what I thought. Recently I learned that what do is actually called “hybrid” work. I do most of my work from home, however I also regularly visit the office. I can work a lot more efficiently at home, so, I work from there. Once a week I’m at the office where I do not progress that well with my tasks.
Others
Nightly syslog-ng container images
The syslog-ng team started publishing container images many years ago. For quite a while, it was a manual process, however, a few releases ago, publishing a container image became part of the release process. Recently, nightly container images have also become available, so you can test the latest features and bug fixes easily.
The syslog-ng images are still available under the Balabit namespace on the Docker hub. Balabit was bought by One Identity almost five years ago, and we stopped using the old company name years ago.
Others
The syslog-ng Insider 2022-09: 3.38; SQL; disk-buffer; nightly;
The September syslog-ng newsletter is now on-line:
3.38.1 released, 4.0 almost feature complete syslog-ng Store Box SQL source Why is my syslog-ng disk-buffer file so huge even when it is empty? Nightly syslog-ng builds for Debian and Ubuntu It is available at https://www.syslog-ng.com/community/b/blog/posts/the-syslog-ng-insider-2022-09-3-38-sql-disk-buffer-nightly
syslog-ng logo
Posts
Working From Home
The first week of the COVID lockdown, back in March 2020, a journalist friend of mine started a Hungarian Facebook group to share work from home experiences. As I have worked from home all my life (except for two weeks), I wrote a long post about my experiences and thoughts. 2.5 years later, my post still receives some occasional likes, and someone even quoted from it – without naming the source :/ You can read the English version of my original Facebook post below.
Others
Happy birthday, Linux! Here are 6 Linux origin stories
The 31st birthday of the Linux #kernel was yesterday. For this occasion some opensource.com contributors (including me) shared how we got started with Linux. Lots of nice memories :-)
The article is available at https://opensource.com/article/22/8/linux-birthday-origin-stories
flower
Others
7 sudo myths debunked
Whether attending conferences or reading blogs, I often hear several misconceptions about sudo. Most of these misconceptions focus on security, flexibility, and central management. In this article, I will debunk some of these myths.
Many misconceptions likely arise because users know only the basic functionality of sudo. The sudoers file, by default, has only two rules: The root user, and members of the administrative wheel group, can do practically anything using sudo.
Posts
The War of the Worlds
“Jeff Wayne’s Musical Version of The War of the Worlds” has been a turning point in my life in many ways. It was one of the first non-classical albums I listened to. It was the starting point in my ability to understand spoken English.
The first steps from classical My parents only listen to classical music. Even Bartók is too modern for them. In my household growing up, I was only exposed to classical music.
Others
Type support: getting started with syslog-ng 4.0
Version 4.0 of syslog-ng is right around the corner. It hasn’tyet been released; however, you can already try some of its features. The largest and most interesting change is type support. Right now, name-value pairs within syslog-ng are represented as text, even if the PatternDB or JSON parsers could see the actual type of the incoming data. This does not change, but starting with 4.0, syslog-ng will keep the type information, and use it correctly on the destination side.
Posts
Discogs
Last week I became a Discogs user. Why? I have been browsing the site for years to find information on albums. Recently I also needed a solution to create an easy to access database of my CD/DVD collection. Right now I am not interested in the marketplace function of Discogs, but that might change in the long term :-)
Information overload For many years when I searched for an album, the first few hits were from YouTube and Wikipedia.
Others
The syslog-ng insider 2022-07: RHEL 9; disk-buffer; Microsoft Linux;
The July syslog-ng newsletter is now on-line:
RHEL 9 syslog-ng news How does the syslog-ng disk-buffer work? Installing syslog-ng on Microsoft Linux It is available at https://www.syslog-ng.com/community/b/blog/posts/the-syslog-ng-insider-2022-06-rhel-9-disk-buffer-microsoft-linux
syslog-ng logo
Posts
My Favorite IT Security Event: Pass the SALT
“Pass the SALT” (PTS) is a small IT security conference in Lille, France. It has less participants than speakers at the RSA conference. I gave talks at both events. RSA is a lot more prestigious event, but I still prefer PTS. Why?
Small Is Beautiful As you could guess from my introduction, PTS is a small event. It is run by volunteers. It is also a free event thanks to sponsors.
Others
The syslog-ng disk-buffer
A three parts blog series: The syslog-ng disk buffer is one of the most often used syslog-ng options to ensure message delivery. However, it is not always necessary and using the safest variant has serious performance impacts. If you utilize disk-buffer in your syslog-ng configuration, it is worth to make sure that you use a recent syslog-ng version.
From this blog, you can learn when to use the disk-buffer option, the main differences between reliable and non-reliable disk-buffer, and why is it worth to use the latest syslog-ng version.
Others
Installing syslog-ng on Microsoft Linux
Yes, Microsoft has its own Linux distribution, called CBL-Mariner. It is an internal Linux distribution by Microsoft used for cloud infrastructure and edge products and services. And even if it is not installed in the OS by default, CBL-Mariner also includes syslog-ng.
Read the rest of my blog at https://www.syslog-ng.com/community/b/blog/posts/installing-syslog-ng-on-microsoft-linux to learn how to install syslog-ng on it and what features are available.
syslog-ng logo
Posts
The lie of 'Just a Little More'
Most people I talked to about buying expensive products are aware of “the law of diminishing returns”. When you buy a product, the more you pay for it the less extra quality you get for the extra spending. However, not many people recognize that the same can be said of most human activities. It is a lie that “just a little more effort” will lift you from above average to the top, as the law of diminishing returns hits even harder.
Others
RHEL 9 syslog-ng news
Red Hat Enterprise Linux 9 became generally available recently. Version 3.35 of syslog-ng has been part of EPEL 9 (the semi-official extra software repo for RHEL maintained by Fedora packagers) for a while and now I enabled a few more destination drivers. I also enabled RHEL 9 support in my unofficial Git snapshot packages, so I can support RHEL 9 together with other RHEL and Fedora versions on the next syslog-ng release.
Others
Looking inside sudo shell sessions: auditd, session recordings, log_subcmds
There are situations where you cannot avoid giving a user full shell access through sudo. A shell with administrative privileges gives complete control over your hosts. Until recently, sudo could only log the start of the shell, not the commands executed within it. You could record sessions with sudo, but watching recordings is boring, time consuming and can still be subverted. Version 1.9.8 introduced logging of sub-commands, but that is not yet available on many systems.
Posts
Raptor CS: Fully Owner Controlled Computing using OpenPOWER
This week I am talking to Timothy Pearson of Raptor Engineering. He is behind the Talos II and Blackbird boards for IBM POWER9 CPUs. His major claim is creating the first fully owner controlled general purpose computer in a long while. My view of the Talos II and Blackbird systems is that these boards helped to revitalize the open source ecosystem around POWER more than any other efforts (See also: https://peter.
Posts
Friday the 13th: a lucky day :-)
I’m not superstitious, so I never really cared about black cats, Friday the 13th, and other signs of (imagined) trouble. Last Friday (which was the 13th) I had an article printed in a leading computer magazine in Hungary, and I gave my first IRL talk at a conference in well over two years. Best of all, I also met many people, some for the first time in real life.
Free Software Conference: sudo talk Last Friday, I gave a talk at the Free Software Conference in Szeged.
Others
Analyzing Apache HTTPD logs in syslog-ng
Recently, I started my own blog, and as Google Analytics seems to miss a good part of visitors, I wanted to analyze my web server logs myself. I use syslog-ng to read Apache logs, process them, and store them to Elasticsearch. Along the way, I resolve the IP address using a Python parser, analyze the Agent field of the logs, and also use GeoIP to locate the user on the map.
Others
Sudo for blue teams: how to control and log better
Sudo had many features to help blue teams in their daily job even before 1.9 was released. Session recordings, plugins and others made sure that most administrative access could be controlled and problems easily detected. Version 1.9 introduced Python support, new APIs, centralized session recordings, however some blind spots still remained. Learn how some of the latest sudo features can help you to better control and log administrative access to your hosts.
Others
Hardware for a syslog-ng server
What hardware to use for a syslog-ng server? It is a frequent question with no definite answer. It depends on many factors: the number and type of sources, the number of logs, the way logs are processed, and so on. My experience is that for the majority users even a Raspberry Pi would be enough. But of course, not for everyone.
You can read the rest of my blog at https://www.
Posts
21unity: serving open source software in a cloud based on OpenPOWER
The first time I heard about 21unity was when I read the announcement: 21unity Joins OpenPOWER Foundation. I immediately became interested in the company, as it combines two things I am interested in: POWER and open source. Among others 21unity has its own cloud based on the POWER platform and provides Nextcloud as a service. I tried to refresh my German knowledge and read their website, but the more I read the more interesting it got and the more questions I had.
Posts
Windows made easy: Windows Subystem for Linux
How can you make Windows easy? Install the Windows Subsystem for Linux, or WSL in short. Well, probably this is not true for everyone. However, as a Linux user, I definitely love WSL. When not using a browser or text editor, I spend my time on the command line. With WSL, you can have the familiar Linux command line environment from openSUSE also under Windows.
Why Windows? Die hard Linux users might ask: why do I use Windows?
Posts
Phishing and spear phishing: report everything!
After 30 years of using the Internet and trying many communication formats, e-mail is still my favorite. However, e-mail has many problems. Spam is just annoying, but phishing and especially, spear phishing attacks can also be dangerous. A recent security training, and a Twitter thread I started about it, changed my mind completely about how I treat these harmful e-mails.
phishing (fishing :-) ) The old way While most spam and some phishing can easily be filtered, spear phishing messages are unique by their nature.
Others
Syslog-ng in GSoC 2022
This year the syslog-ng project will participate in the Google Summer of Code (GSoC) as a mentor organization again. If you are a university student or otherwise eligible to participate in the GSoC program, you can choose to develop a new feature for syslog-ng.
Read my blog to learn why to choose syslog-ng and how to get started: https://www.syslog-ng.com/community/b/blog/posts/syslog-ng-in-gsoc-2022
syslog-ng logo
Others
Using the regexp-parser of syslog-ng
For many years, you could use the match() filter of syslog-ng to parse log messages with regular expressions. However, the primary function of match() is filtering. Recent syslog-ng versions now have a dedicated regular expression parser, the regexp-parser(). So, you should use match() only if your primary use case is filtering. Otherwise, use the regexp-parser for parsing, as it is a lot more flexible.
You can read the rest of my blog at https://www.
Posts
The cult of Amiga and SGI, or why workstations matter
I’m considered to be a server guy. I had access to some really awesome server machines. Still, when computers come up in discussions, we are almost exclusively talk about workstations. Even if servers are an important part of my life, that’s “just” work. I loved the SGI workstations I had access to during my university years. Many of my friends still occasionally boot their 30 years old Amiga boxes.
The cult of Amiga One would say that the Amiga was popular in the eighties and early nineties.
Others
New syslog-ng parser: flip-parser()
The latest pull request to syslog-ng adds a really useful feature: the flip-parser(): https://github.com/syslog-ng/syslog-ng/pull/3971
It allows you to flip the message text, reverse it, or both. As I also reported a couple of minor problems related to UTF-8 character handling, this PR most likely will not be merged today. However, you can compile it yourself, or if you use openSUSE Tumbleweed, use my packages from the openSUSE Build Service.
You can read the rest of my blog at https://www.
Posts
Using the openSUSE Build Service to build software for POWER
My favorite and most used service for developers is the openSUSE Build Service (OBS). This is where I build syslog-ng packages first, before anywhere else. OBS is open source, highly flexible software to build software packages, and the instance at https://build.opensuse.org/ is free to use for anyone to build open source software. Best of all, it supports multiple architectures, including POWER.
Open Build Service Actually the OBS acronym stands for two things.
Others
Sudo 1.9.10: hiding passwords in session recordings
Session recording has been available in sudo for many years, however not many people are aware of it. Even less well-known is that you can save not just the terminal output, but also what the user types. That way you can analyze what the user is doing within a shell session. Recordings may also include user passwords, which is not always desirable. Version 1.9.10 of sudo allows you to hide passwords in session recordings if it recognizes a password entry.
Others
The difference between throttle() and rate-limit() in syslog-ng
There are multiple ways in syslog-ng to limit message rate. The throttle() option of syslog-ng destinations tries to make sure that all messages are delivered without exceeding a specified message rate. The rate-limit() filter introduced in syslog-ng 3.36 drops surplus log messages, making sure that a processing pipeline or destination is not overloaded with log messages.
Read the rest of my blog at https://www.syslog-ng.com/community/b/blog/posts/the-difference-between-throttle-and-rate-limit-in-syslog-ng
syslog-ng logo
Posts
Dealing With Anxiety
Quite a few people asked me recently how I deal with anxiety. I seem to be less anxious than people around me. First of all: I also have anxiety, just like anybody else. The recent company acquisition & reorganization, the COVID-19 pandemic, the upcoming general elections, or the Russian attack all make sure that once a problem is over, there is a new problem already to worry about. However, sport, music and spending less time reading the news all help to keep my anxiety at bay.
Others
The system() source of syslog-ng now also works on MacOS
Most of syslog-ng works perfectly well on MacOS; however, there is no native driver to collect local log messages. Due to this, in the past, the system() source did not work on MacOS, thus the default syslog-ng configuration failed to start. Version 3.36 of syslog-ng includes a workaround: it follows /var/log/system.log.
You can read the rest of my blog at https://www.syslog-ng.com/community/b/blog/posts/the-system-source-of-syslog-ng-now-also-works-on-macos
syslog-ng logo
Others
The syslog-ng insider 2022-03: syslog-ng 4; MQTT source; Zinc; Elastic Cloud; 3.36;
The March syslog-ng newsletter is now on-line:
syslog-ng future: the path to syslog-ng 4 MQTT source Another use for the syslog-ng elasticsearch-http destination: Zinc Sending logs to Elastic Cloud using syslog-ng syslog-ng 3.36 is now available It is available at https://www.syslog-ng.com/community/b/blog/posts/the-syslog-ng-insider-2022-03-syslog-ng-4-mqtt-source-zinc-elastic-cloud-3-36
syslog-ng logo
Posts
I'm an IBM Power Champion for 2022
I’m happy to announce that I became an IBM Power Champion for the year 2022. This blog is long overdue, however with the conflict raging in our neighbor country, Ukraine, I just did not feel the strength to write about anything. In this blog I try to introduce myself and share my plans for this year. But before doing so, let me share my new badge with you:
IBM Champion 2022 badge My background My title at work is “Open Source Evangelist” and Power does not appear anywhere in my job description.
Others
syslog-ng 4 theme: typing
As explained in my previous post, we do have some features already in mind for syslog-ng 4, even though the work on creating a long term set of objectives for the syslog-ng project is not finished yet. One of the themes that I have working code for already, is typing.
syslog-ng traditionally assumes that log data, even if it comes in a structured form (like RFC5424 structured data or JSON) is primarily textual in nature.
Others
Sudo 1.9.10: using regular expressions in the sudoers file
It has been possible to use wildcards in the sudoers file for many years. This can make configuration easier and more flexible, but it also introduces problems of its own. Regular expressions, introduced in in sudo 1.9.10, allow you to create more fine grained rules. From this blog you will learn about some of the problems when you use wildcards in your sudoers file, and how using regular expressions can resolve those problems.
Others
Syslog-ng 3.36 news: better TLS 1.3, basic MacOS support, and many more
Version 3.36 of syslog-ng brings us many interesting new features. There is now basic support for system() source on MacOS, TLS 1.3 ciphers can now be restricted, TLS keylog support was added, symlink creation to the latest file, and there are many new possibilities in syslog parsing.
From this blog, you can learn about some of the new 3.36 features, and we will test symlink creation, which is a community-contributed feature.
Others
A minimalist syslog-ng package is heading to EPEL 9
Last week, the ivykis library, the most important core dependency of syslog-ng landed in EPEL 9 successfully. There are still plenty of dependencies missing, but this way, I could submit a slightly cut down version of syslog-ng to EPEL 9. Hopefully the rest of the dependencies will arrive in EPEL 9 as well. I plan to update the syslog-ng package as soon as the dependencies arrive. Luckily, these are only needed to enable some less frequently used syslog-ng destination drivers, no core functionality is affected.
Others
Contacting the syslog-ng team: reporting problems, asking questions
Recently I got some complaints that it is difficult to figure out how to contact the syslog-ng team to get help or report problems. Most of this information is available both on the syslog-ng website and at the syslog-ng repository on GitHub, but collecting here all information might be still useful for some people.
Read the rest of my blog at https://www.syslog-ng.com/community/b/blog/posts/contacting-the-syslog-ng-team-reporting-problems-asking-questions
syslog-ng logo
Others
Elasticsearch 8 and syslog-ng
General availability of Elasticsearch 8 was announced last week. There were quite a few rumors that it will break compatibility with third party tools. I tested it as soon as I had a little time: I am happy to share that anything I tested with the elasticsearch-http() destination of syslog-ng still seems to work perfectly well with the latest version of Elasticsearch.
You can read the rest of my blog at https://www.
Posts
12 years of syslog-ng (and sudo)
Those who follow me on LinkedIn might have seen an automatic post about my work anniversary. Well, almost nothing of that post is true, but I still consider it to be my real starting date. However, the official date is also impressive: 11.5 years, almost three times the industry average spent at the same workplace.
So, why do I say that the LinkedIn post is not true? Well, because all its major facts are wrong.
Others
The syslog-ng Insider 2022-02: Reboot; Sequence; Monterey; CentOS 9;
The February syslog-ng newsletter is now on-line:
syslog-ng relaunch Sequence – making PatternDB creation for syslog-ng easier Syslog-ng on MacOS Monterey Installing syslog-ng on CentOS Stream 9 It is available at https://www.syslog-ng.com/community/b/blog/posts/the-syslog-ng-insider-2022-01-reboot-sequence-monterey-centos-9
syslog-ng logo
Posts
FOSDEM 2022: my experiences, sudo talk answers
I spent my last weekend in Brussels at FOSDEM. Well, not really: while I had a couple of Belgian beers, the conference itself was a virtual event and I was at home in Budapest. It’s the second year that FOSDEM is virtual, and yet again I can state that it’s the best virtual event of the year. I had two talks this year. After my second talk, I got some questions during the Q & A session which I could not answer, so I will try to answer them.
Others
syslog-ng-future.blog? Is this a fork or what?
Seemingly a boring topic, Balázs Scheidler finds open source licensing fascinating. It allows him to work on syslog-ng even though Balabit was acquired. He writes:
“I mentioned in the previous post that I would like to focus on syslog-ng and put it more into the spotlight. I also mentioned that Balabit, the company I was a founder of and the commercial sponsor behind syslog-ng, was acquired by One Identity ~4 years ago.
Others
cvtsudoers: merging multiple sudoers files into one
We learned in my previous sudo blog that cvtsudoers is not just for LDAP. Version 1.9.9 of sudo extends the querying possibilities of cvtsudoers further and adds a brand new feature: merging multiple sudoers files into one. Both are especially useful when you have complex configurations. Querying lets you to better understand what the various rules allow in your sudoers file. Merging helps you to combine multiple configurations into one, so you do not have to maintain a separate sudoers file on each of your hosts.
Others
Working with JSON logs from sudo in syslog-ng
This weekend I am going to give a talk about sudo in the security track of FOSDEM. I will talk a few words about logging at each major point I mention, but I cannot go into too much detail there. So, consider this blog both as a teaser and an extension to my FOSDEM talk. You will learn how to work with JSON formatted logs in syslog-ng and also about new sudo features along the way.
Others
syslog-ng relaunch
Balázs Scheidler, founder of the syslog-ng project, started a new blog where he details why and how he started to work on syslog-ng even more actively. He also asks for your feedback!
“syslog-ng has been around for decades: I started coding the first version of syslog-ng in September 1998, circa 24 years ago. The adoption of syslog-ng skyrocketed soon after that: people installed it in place of the traditional syslogd across the globe.
Others
Sending logs to Elastic Cloud using syslog-ng
The Elastic Cloud is a service by Elastic providing Elasticsearch and related services in an easy-to-use package. Last year someone reported an issue that it does not work properly with syslog-ng. I did not have time to investigate at that time. Now I started a free trial and soon my log messages from syslog-ng started to appear in Kibana in Elastic Cloud.
From this blog you can learn how to configure syslog-ng for the Elastic Cloud.
Posts
Keeping POWER relevant in the open source world
I’m not a POWER (or recently: Power) expert, only an enthusiastic user and advocate. Still, in the past couple of weeks a number of people from around the world asked my opinion how the POWER architecture could be kept relevant. This blog is really just an opinion, as I do not have the financial means to go ahead. It is full of compromises some people are not willing to make. However, I think this is the safest and fastest way forward.
Others
Another use for the syslog-ng elasticsearch-http destination: Zinc
There is a new drop-in replacement for Elasticsearch, at least if you don’t mind the limitations and the alpha status. However, it definitely lives up to the promise that it provides an Elasticsearch-compatible API for data ingestion. I tested it with the elasticsearch-http() destination of syslog-ng, and it worked perfectly after I modified the URL in the configuration example I found.
So, what is Zinc? It is a search engine written in Go that provides an Elasticsearch-compatible API for data ingestion.
Others
Installing the latest syslog-ng on Ubuntu and other DEB distributions
The syslog-ng application is part of all major Linux distributions, and you can usually install syslog-ng from the official repositories. If you use just the core functionality of syslog-ng, use the package in your distribution repository (apt-get install syslog-ng), and you can stop reading here. However, if you want to use the features of newer syslog-ng versions (for example, send log messages to MQTT or Apache Kafka), you have to either compile the syslog-ng from source, or install it from unofficial repositories.
Posts
My polyamorous relationship with operating systems: FreeBSD, openSUSE, Fedora & Co.
Recently, I have posted blogs and articles about three operating systems (or rather OS families) I use, and now people ask which one is my “true” love. It’s not easy, but I guess, the best way to describe it is that both FreeBSD and openSUSE are true ones, and Fedora & Co. is a workplace affair :-) This is why I’m writing that it is a polyamorous relationship. Let me explain!
Posts
CES 2022: my favorite announcement comes from AMD, and why it's interesting for syslog-ng
For the past few days, the IT news has been abuzz with announcements from CES. As usual, I’m following them on Engadget. I must admit, that there were just a very few announcements which really caught my attention. And my favorite announcement is the most boring of them all :-)
Foldable tablet by ASUS: I still use my Google Pixel C tablet almost every day. It’s almost six years old and waiting for replacement.
Posts
27 Years with the Perfect OS
If you are a longtime FreeBSD user, you probably know everything I have to say, and, what’s more, you can probably add a few more points. But hopefully, there will be some Linux or even Windows users among readers who might learn something new!
FreeBSD is not just a kernel but a complete operating system. It has everything to boot and use the system: networking utilities, text editors, development tools and more.
Others
Creating an endless loop using MQTT and syslog-ng
Version 3.35.1 of syslog-ng introduced an MQTT source. Just for some fun in the last syslog-ng blog post of the year, I created an endless loop using syslog-ng and the Mosquitto MQTT broker. Of course, it does not have much practical value other than possibly a bit of stress testing, but hopefully provides a fun introduction to MQTT-related technologies in syslog-ng.
Read my blog at https://www.syslog-ng.com/community/b/blog/posts/creating-an-endless-loop-using-mqtt-and-syslog-ng
syslog-ng logo
Posts
FreeBSD jails made simple using BastilleBSD
I wish I had BastilleBSD twenty years ago. I had a part-time sysadmin job - running web servers. PHP started to become popular by the turn of the century. Using jails on FreeBSD seemed to be a safe environment to run PHP-enabled web servers. However, there were no tools yet to work with jails. I had to write many scripts to build and update jails.
A bit of history At first, I had a single server.
Others
The syslog-ng insider 2021-12: Humio; Log Management; Panther;
The December syslog-ng newsletter is now on-line:
Sending logs to Panther using syslog-ng Reducing the complexity of log management Sending logs to Humio using the elasticsearch-http() destination of syslog-ng It is available at https://www.syslog-ng.com/community/b/blog/posts/the-syslog-ng-insider-2021-12-humio-log-management-panther
syslog-ng logo
Posts
Fedora, CentOS and me
Let me share my Fedora story with you. Hopefully, it helps you to understand, why I am also promoting AlmaLinux and Rocky Linux, even if I am an active Fedora and CentOS community member and contributor.
Before the beginnings Someone suggested me to try Red Hat Linux in 1995 and replace Slackware Linux with it on my university server. I installed it, but I did not become a fan. And when I found the print out of the password file of my server on the wall of the Russian students’ computer lab (see: https://peter.
Others
Installing syslog-ng on CentOS Stream 9
CentOS Stream 9 has been around for a while, but it was officially announced just a few days ago. I already tested some earlier snapshots and they had some rough edges. The current version installed without random crashes, has networking and runs smoothly. EPEL – the semi-official repository by Fedora maintainers – is already there, but practically empty, syslog-ng or it’s dependencies are not yet there. As someone asked about syslog-ng support, I had a first try at building it.
Others
Reducing the complexity of log management
It is easy to over-complicate log management. Almost all departments in a company need to log messages for their daily activities. However, installing several different log management and analysis systems in parallel is a nightmare both from a security and an operations perspective and wastes many resources. You cannot always reduce the number of log analysis systems, but you can reduce the complexity of log management. Let me show you, how.
Posts
Watching movies belonging to soundtracks
When I like a song and learn that it is actually a soundtrack of a movie, I usually look it up on IMDB. Often it belongs to a romantic movie, a super hero movie from Marvel or a TV show. In these cases I do not look any further. But sometimes I get curious while reading the plot or watching the trailer. I’ve found many good movies based on the soundtrack.
Others
Syslog-ng on MacOS Monterey
Each new MacOS release brings some surprises when it comes to compiling syslog-ng. Just a couple of months ago, I provided you with a couple of pointers on how to compile syslog-ng on MacOS. Since then, MacOS Monterey was released and Homebrew was updated. So, here are some updated instructions for MacOS Monterey.
You can read my blog at https://www.syslog-ng.com/community/b/blog/posts/syslog-ng-on-macos-monterey
syslog-ng logo
Others
Python support arrives in Safeguard for Sudo
Version 1.9 of sudo was released almost two years ago. One of the major new features was support for Python plugins. Previously, you could only extend sudo by coding in C to better suit your environment, which is not the easiest task to manage. Python makes both coding and distributing the results easier. Starting with Safeguard for Sudo 7.2, Python support is also available in a commercial sudo management solution.
Others
The syslog-ng Insider 2021-11: 3.35; SSB; MacOS; mqtt() destination updates;
Better late than never I just put online the November syslog-ng newsletter. Topics include:
syslog-ng version 3.35.1 is now available Sending logs from syslog-ng store box to Splunk MacOS support Syslog-ng 3.34: MQTT destination with TLS and WebSocket support It is available at https://www.syslog-ng.com/community/b/blog/posts/the-syslog-ng-insider-2021-11-3-35-ssb-macos-mqtt-destination-updates
Posts
Mobile Photography
I love photography. I started taking photos four decades ago using a camera called Lubitel, a cheap Russian knock off of Rolleiflex. I switched from film to digital photography back in 2000, which was quite a bit earlier than most. I always treated mobile photography with strong skepticism (small sensor, too much processing, etc.) and have a dedicated camera with me everywhere.
Well, the problem is with the words “always” and “everywhere”.
Others
Sending logs from syslog-ng store box to Splunk
One of the most popular applications to feed Splunk with syslog messages is syslog-ng. However not everyone is happy to work on the command line anymore. This is where syslog-ng store box (SSB), an appliance built around syslog-ng, can help. The SSB GUI provides you not only with an easyto-use interface to configure most syslog-ng features, but also a search interface and complete log life cycle management. It can forward log messages to several destinations, recently also to Splunk’s HTTP Event Collector (HEC).
Posts
High-Resolution Audio: is it worth the hype?
Can you hear the difference between a CD and an MP3 file? Most people cannot. But even if only one in ten can hear something, that means hundreds of millions of people. However, even if you can hear the difference, there is a good chance that the recording you love is not available in better than CD quality. Still, this problem is not as big as you first think. Let me show you why!
Posts
Celebrating 30 years of Linux - is 2021 finally the year of the Linux desktop?
Celebrating 30 years of Linux - is 2021 finally the year of the Linux desktop? My favorite Linux insider joke is that “The year of the Linux desktop is always next year”. Each year there is a new technology which is expected to achieve breakthroughs. I was asked almost a decade ago to give a talk about this topic. I proved to my audience that the year of the Linux desktop is already here, just not the way most Linux users expect it.
Others
Sequence – making PatternDB creation for syslog-ng easier
Sequence – making PatternDB creation for syslog-ng easier We are well into the 21st century, but most of the log messages still arrive in an unstructured format. For well over a decade, syslog-ng had a solution to turn unstructured messages into name-value pairs, called PatternDB. However, creating a pattern database for PatternDB from scratch is a source of major pain. Or rather, it was: sequence-rtg – a fork of the sequence log analyzer – provides a new hope!
Posts
One weekend, two updates: Windows 11 and MacOS Monterey
Most people know me as a Linux and/or FreeBSD guy, and they are right. I use openSUSE and FreeBSD most of my time. However, I am not a fanatic who tries to solve everything using a single OS and I am curious as well. Most other operating systems I use are running in virtual machines, but I also have two computers: a Windows desktop and an old MacBook Pro. Both received a major software upgrade during the weekend.
Posts
Openpower Summit 2021
Last week I participated the OpenPower Summit. I enjoyed it, even if I was on sick leave with a fever. There were many interesting talks, ranging from open source and education through Power10 to instruction development. All sessions were recorded. Hopefully recordings will also be shared, as I did not have the strength to visit all the sessions I wanted. And, as usual, some of the interesting talks were given in parallel.
Posts
Speakers from my life
As you might have already noticed from my blogs, I am a music maniac. One of the factors influencing your music listening experience is what speakers you use. I was lucky right from the beginning, my parents are music maniacs as well. In this blog I introduce you to the speakers I listened while living at my parents, and three pairs of speakers I bought myself.
I must admit that I never did a really thorough research about speakers and acoustics.
Posts
Virtual Conferences: a love-hate relationship
I love conferences. Now, that most conferences are either virtual or hybrid (both virtual and on-premises), people often say that it must be heaven for me. I can visit many more conferences and give many more talks. Well, it is not just this simple. Virtual conferences are a love-hate relationship for me. Of course, there are some advantages, but also disadvantages.
Giving virtual talks Yes, I could give more talks. Even overlapping conferences are not a problem any more: I can give a talk at a European conference in the morning, and give another talk at a US conference in the evening.
Others
Sending logs to Humio using the elasticsearch-http() destination of syslog-ng
One of the most popular syslog-ng destinations is Elasticsearch. Humio, a log management provider, supports a broad range of ingest options and interfaces, including an Elasticsearch-compatible API. Last week, Humio announced Humio Community Edition, which provides the full Humio experience for free, with some limitations on daily ingestion and retention time. I tested the Community Edition, and it works perfectly well with syslog-ng.
If you come from the Humio side, you might wonder what syslog-ng is.
Posts
Google Analytics: the gold standard?
Ever since I started this personal blog site, I was curious if people actually read what I write. Luckily, based on the responses I received on Twitter, LinkedIn and in private, there is no problem with that. Next I wanted to see numbers. I was told, that Google Analytics is the gold standard of measurement. Well…
Google Analytics Lets start it with the basic problem: even my own visits are not counted.
Others
Sending logs to Panther using syslog-ng
Panther is an open-source log management system, which is also available as a service for a time-limited trial. It is still in beta phase, but it looks promising. You can see the “beta” sign on its opening page: https://app.panther.support/ I tested the time-limited cloud service version, but you can also install it locally, either from Dockerhub, or you can build the containers locally from the source.
Even if it is still in beta phase, Panther comes with detailed documentation.
Others
Sudo 1.9.8: intercepting commands
A month ago, when sudo 1.9.8 was still under development, we checked out the new log_subcmds option. It allows you log all commands (with some limitations) that are executed by a command started through sudo. For example, you can see if a shell was started through a text editor. The intercept option brings this one step further: you can prevent sub-commands from even running.
Read the rest of my blog at https://blog.
Posts
Qwant -- a European search engine
Qwant is a European search engine that respects your privacy. I learned about it from a Twitter thread. The European Processor Initiative announced last week that their first RiscV test chip samples were delivered and booted successfully. I tweeted that I would be happy to see not just European CPUs but also European software services, alternatives to Google, Facebook, LinkedIn and others. Someone responded that a search engine is already available: https://www.
Others
Syslog-ng 3.34: MQTT destination with TLS and WebSocket support
Version 3.33 of syslog-ng arrived with basic MQTT support. Version 3.34 has added many important features to it: user authentication, TLS support and WebSocket support. These features give you both security and flexibility while sending log messages to an MQTT broker.
This blog helps you to make your first steps securing your MQTT connection: https://www.syslog-ng.com/community/b/blog/posts/syslog-ng-3-34-mqtt-destination-with-tls-and-websocket-support
Posts
Why people think that I am an IBM Power Champion?
Whenever I talked to people about POWER, someone asked if I am an IBM Power Champion. My response was that I do not even know what it is, and I am not affiliated with IBM in any way. Recently I came across a blog by Torbjörn Appehl which describes what is an IBM Power Champion and lists the European champions: https://builtonpower.com/2021/09/the-2021-ibm-power-champions-in-europe/.
Finally I know what an IBM Power Champion is, and I feel honored to be mistaken to be one of them :-) Normally I do not care much about titles: I have seen too many empty people with well sounding titles, and fantastic people without any titles.
Posts
The ARM developers workstation: Why the SoftIron OverDrive 1000 is still relevant
The promise of “boring” ARM hardware has been with us for almost a decade. And a couple of years ago it really arrived: easy to use, standards compliant ARM hardware is now available on the market. However, not for everyone. When it comes to buying ARM hardware you still need to decide if it is “boring” or it is affordable. There was one notable exception, the SoftIron OverDrive 1000. It had its limitations, but it was standards compliant right from day one, affordable, and easily available not just for large companies.
Others
The syslog-ng Insider 2021-09: 3.34; OpenBSD; OpenSearch; http() destination;
Dear syslog-ng users,
This is the 94th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news. Topics include:
Version 3.34.1 of syslog-ng available Syslog-ng updated in OpenBSD ports OpenSearch and syslog-ng Creating a new http()-based syslog-ng destination: Seq It is available at: https://www.syslog-ng.com/community/b/blog/posts/the-syslog-ng-insider-2021-09-3-34-openbsd-opensearch-http-destination
Posts
What I learned from Russian students: logging is important
When I published my blog about openSUSE a couple of weeks ago, most questions I received in private were about the Russian students I mentioned. In that blog I quickly described how my interest in information security started, about 25 years ago. This blog gives you a bit of historical background and a few more details.
Historical background It was 1995. I was studying at a university, but I was already running one of the servers of the faculty.
Posts
opensource.com: What was your first programming language?
A couple of weeks ago editors of https://opensource.com/ sent a question to contributors: What was your first programming language? Thinking about the question brought back some nice memories about the beginnings. You can read my answer below:
What was your first programming language?
My first ever programming language was BASIC in the early eighties. One of my relatives bought a C64 for their kids to get started with learning computers. They only used it for gaming, and I was also invited.
Others
The syslog-ng insider 2021-07: Alerting; CentOS alternatives; MongoDB;
Better late than never I just put online the July syslog-ng newsletter. Topics include:
Sending alerts to Discord and others from syslog-ng using Apprise: blocks and Python templates Rocky Linux, AlmaLinux, CentOS & syslog-ng MongoDB support improved in syslog-ng 3.32 It is available at https://www.syslog-ng.com/community/b/blog/posts/insider-2021-07-alerting-centos-alternatives-mongodb
Others
GSoC report: syslog-ng MacOS support
For the past couple of months, Yash Mathne has been working on testing syslog-ng on MacOS as a GSoC (Google Summer of Code) student. He worked both on x86 and on the freshly released ARM hardware. And we have some good news here to share: while there is still room for improvement, most of syslog-ng works perfectly well on MacOS.
Read my blog for some historical background and the GSoC report: https://www.
Others
What is coming in sudo 1.9.8?
Sudo development is at version 1.9.8 beta 3. There are two major new features: sudo can intercept sub-commands and log sub-commands. In this quick teaser I introduce you to log_subcmds. I hope it is interesting enough for you to test it out and provide feedback.
So, what is log_subcmds good for? There are many UNIX tools that can spawn external applications. You only see vi in the logs, but can you be sure without session recording that your admin only edits what he is supposed to?
Others
Collecting process accounting logs on Linux with syslog-ng
Collecting process accounting logs on Linux with syslog-ng Process accounting logs are collected into binary log files on Linux. You can turn them into human readable format locally, using various tools. You can also use syslog-ng to read those files.
Lean how syslog-ng can parse those binary logs, create name-value pairs from them and store the results from my latest blog: https://www.syslog-ng.com/community/b/blog/posts/collecting-process-accounting-logs-on-linux-with-syslog-ng
Posts
Bee pastures -- or how my Facebook post got deleted
Most people only know that I work in IT. Some even call me a hacker – which I really appreciate :-) However, by university degree I am an environmental engineer (and English - Hungarian translator). Even if I never worked in my field, except for some student jobs, I still follow any news related to the environment closely. This is why I was very happy to learn, that my home city, Budapest, introduced bee pastures in the city.
Others
Securing the sudo to sudo_logsrvd connection
Securing the sudo to sudo_logsrvd connection Using sudo_logsrvd to centrally collect sudo session recordings from your network is a huge step forward in security: users cannot delete or modify session recordings locally. However, by default, transmission of recordings is not encrypted, making it open to modifications and eavesdropping. Encrypting the connection between sudo and sudo_logsrvd can eliminate these problems. Larger environments usually either have in-house PKI tooling in place, or colleagues who know all openssl options off the top of their heads.
Posts
The lazy audiophile
I love listening to music. And while I am lazy (which is the popular term for considering if something is worth the effort before doing it), I still prefer listening to it in a realistic sound quality. Which sounds like a contradiction, isn’t it? Well, yes, but only if you are not ready for compromises. In this blog, I focus on technologies and software problems, and the compromises I made to keep listening to music simple but still enjoy it.
Posts
S.u.S.E., Opensuse and me
Recently connect.opensuse.org, the openSUSE member directory and social site was shut down. You can read more about the reasons on openSUSE News. I also had my profile on the site, listing many of the things I worked on during the past two and a half decades. Reading it was quite a trip down the memory lane. It also reminded me, how the name changed over the years. Did you know that SUSE was originally an acronym for Software- und System-Entwicklung?
Others
Elasticsearch 7.14 and Opensearch 1.0 Are Available and Work Fine With Syslog-ng
One of the most popular destinations in syslog-ng is Elasticsearch. Due to the license change of the Elastic stack, some people changed quickly to Grafana/Loki and other technologies. However, most syslog-ng users decided to wait and see. Version 1.0.0 of OpenSearch, a fork of the Elastic code base from before the license change is now available. Elastic also published a new release last week.
For this blog, I tested the latest and greatest from both product lines and I’m sharing my experiences.
Posts
Turris, syslog-ng and me
Yes, it’s a syslog-ng blog from me, and it’s not on https://syslog-ng.com/ :-) The reason is simple: this is not a technical blog. This is my story about how I found the Turris Omnia Linux router and how this lead to working together with the Turris guys.
The beginnings When I ordered my Turris Omnia, I did not know that it ran syslog-ng. All I knew that it was an ARM device and that it ran Linux.
Posts
My Google Pixel C: the end of an era
I got my Google Pixel C tablet in early 2016, well over five years ago. I use it ever since almost every day. A big part of it is that I also have the Pixel C keyboard accessory. I prefer touch typing and funnily enough that does not work on a touch screen. It needs a real keyboard. And that keyboard died today. My Pixel C can still recognize the attached keyboard, but it does not work any more.
Others
Syslog-ng 3.33: the MQTT destination
Syslog-ng 3.33: the MQTT destination Version 3.33 of syslog-ng introduced an MQTT destination. It uses the paho-c client library to send log messages to an MQTT broker. The current implementation supports version 3.1 and 3.1.1 of the protocol over non-encrypted connections, but this is only a first step.
From this blog, you can learn how to configure and test the mqtt() destination in syslog-ng.
Read my blog at https://www.syslog-ng.com/community/b/blog/posts/syslog-ng-3-33-the-mqtt-destination
Posts
Running openSUSE in a FreeBSD jail using Bastille
Why? Last week, when the latest version of Bastille, a jail (container) management system for FreeBSD was released, it also included experimental Linux support. Its author needed Ubuntu, so that was implemented. I prefer openSUSE, so with some ugly hacks I could get openSUSE up and running in Bastille. I was asked to document it in a blog. This topic does not fit the sudo or syslog-ng blogs, where I regularly contribute.