Dear syslog-ng users, This is the 13th issue of the syslog-ng Insider, a monthly newsletter that brings you syslog-ng related news. Your feedback and news tips about the next issue is welcome at documentation(at)balabit.com FEATURED NEWS Have you tried to add custom information to log messages, fix mis-formatted logs or anonymize logs? The next long-time-supported release of SSB version 3 LTS is about to be released. This release includes a switch to 64-bit architecture, a huge performance improvement in the indexing/searching feature for a large number of message and search patterns and a couple of new features, too. The following post ... [Read More]

Dear syslog-ng users, This is the 12th issue of the syslog-ng Insider, a monthly newsletter that brings you syslog-ng related news. Your feedback and news tips about the next issue is welcome at documentation(at)balabit.com FEATURED NEWS GSoC wants you to code syslog-ng in the summer GSoC is a nice opportunity for higher education students to spend their summers productively by coding in open source software projects. This time BalaBit participates in GSoC with the help of the openSUSE project. If you are interested in enhancing syslog-ng or Zorp, please see our project ideas on the openSUSE ideas page: ... [Read More]

The personal computer itself is in a trouble these days, that must not be a question to anyone. With the rise of smartphones and tablets, fewer and fewer people use a PC as their primary computer. You can write notes on an iPad just fine, and you can read your mail and have your photos and manage your calendar, and you can facebook. Yes, this a verb. Power users, such as developers and designers are a different breed, though. I've recently read a rant about the ... [Read More]

Hi, We have published the latest edition of The syslog-ng Premium Edition 4F2 Administrator Guide. New features, and the description of a new protocol has been included. The documents are now available on the BalaBit Documentation Page in PDF, HTML and single-page HTML versions. The most important changes to the document have been described in the Announcement, Whatsnew and also the Summary of changes section of the document. We have added the description of reliable disk-based buffering that prevents log loss in case ... [Read More]

I've just uploaded the first release in the upcoming 3.4.x series. This is an incremental step over 3.3.x, continuing to enhance syslog-ng with features that allows more in-depth processing of messages. I consider the most important one the ability to freely combine different kind of processing elements (parser & rewrite rules and filters) with sources and/or destinations and handle the combination as a single object. This is listed "junctions & channels" below, but you can also read more details in this blog post. Certainly, this release is not meant to be used in production, however it also helps if you try ... [Read More]

Hi, syslog-ng PE 4.2 contains a new protocol, RLTP. Perhaps you've already read about it in our marketing materials, but you would like to know what it is and why you need it. RLTP First of all, why is RLTP needed if you are already using TCP, a “reliable stream delivery service that guarantees that all bytes received are the identical bytes sent and in the correct order” (source: wiki) and ensures data stream integrity with acknowledgements? The answer is simple. TCP does not guarantee that the destination application receives the packet; it only guarantees that the destination operating system receives the ... [Read More]

You may have heard about what happened to GitHub the other day. (BalaBit source codes like Zorp-GPL or syslog-ng codes mirrored at GitHub were not affected.) In short: any user could upload her public key to the account of any other user by exploiting that GitHub uses unprotected mass assignments to instantiate objects responsible for storing public key data. But how the hell can something like that happen in a well-structured, clean architecture? Here's a code snippet using mass assignment: ... [Read More]

In a lively discussion at the RedHat offices two weeks ago in Brno, a number of well respected individuals were discussing how logging in general, and Linux logging in particular could be improved. As you may have guessed I was invited because of syslog-ng, but representatives of other logging related projects were also in nice numbers: Steve Grubb (auditd), Lennart Poettering (systemd, journald), Rainer Gerhards (rsyslog), William Heinbockel (CEE, Mitre) and a number of nice people from the RedHat team. We discussed a couple of pain points for logging, logging is usually an afterthought during development, computer based processing, correllation of ... [Read More]

This will guide you through the installation of the latest stable version of (currently version 3.9.2) and get it to work with minimal configuration. This guide should work for most current Ubuntu Linux (as well as Debian Squeeze) distributions but may differ on some parts. The sort way to download the zorpgpl-install-squeezefile, then extract zorp.sh script tar xvf zorpgpl-install-squeeze.tgz zorp.sh then run it ./zorp.sh The detailed steps from the script see below: Install required packages For 3.9.2 compilation First we update our package database, then we install all needed Debian packages: apt-get update apt-get -y install git-core python2.6-dev gperf python-dns python-support ... [Read More]