Yilin Li | 5 May 16:20 2016
Picon

[GSOC]WebSocket for syslog-ng - Configuration file design to get feedbacks.

Hi, 

Very excited and thanks to the community that my proposal is accepted by syslog-ng in GSOC 2016.

Here is my proposal: https://github.com/balabit/syslog-ng/wiki/GSoC-2016-Proposal:-WebSocket-for-syslog-ng-(Yilin-Li)


I have some spare time recently.  So I plan to begin my work early

This document describes what the configuration file will look like for the project that I will accomplish.

I post it to the community to get feed backs. I will reiterate the design on the community feedback.  I hope it will be what our users exactly want at last.

Any comments will be greatly apprecitated :)

And there is a question for my mentors Laszlo Meszaros and Viktor Juhasz, 
will it be OK that I go faster than my schedule ?

--
Best wishes,
Yilin  Li
Institute of Software Chinese Academy of Sciences
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq

Czanik, Péter | 5 May 13:56 2016

Insider 2016-05: BMW; GSoC; Hadoop; grouping-by; SIEM; Java; Rust;

Dear syslog-ng users,

This is the 49th issue of the syslog-ng Insider, a monthly newsletter
that brings you syslog-ng-related news.

NEWS

syslog-ng in the BMW i3

-----------------------

The BMW i3 electric car uses many open source software under the hood.
BMW respects the GPL and made the source code of software used
available upon request. You can find syslog-ng among them:
https://github.com/edent/BMW-OpenSource

Google Summer of Code (GSoC)

----------------------------

The syslog-ng project will participate in GSoC this year again, this
time with five students. We are looking for Feature Owners who could
represent syslog-ng users in the process. Topics range from websockets
through CLI to Java-based Kafka source. Read more about the topics and
learn how to contact the team at
https://lists.balabit.hu/pipermail/syslog-ng/2016-April/022862.html

syslog-ng is Hortonworks Data Platform certified

------------------------------------------------

Both syslog-ng OSE and PE provide a Hadoop destination and are now
Hortonworks Data Platform certified. You can read more about why use
syslog-ng in a Hadoop environment at
https://czanik.blogs.balabit.com/2016/02/filling-your-data-lake-with-log-messages-the-syslog-ng-hadoop-hdfs-destination/
or on the Hortonworks website at
http://hortonworks.com/partner/balabit/

The grouping-by() parser

------------------------

Until recently, you could only correlate and aggregate information
from multiple messages with the PatternDB parser. The new
grouping-by() parser in the upcoming syslog-ng version 3.8 can
correlate and aggregate information independently from PatternDB,
using data from any of the available parsers (CSV, key=value,
PatternDB, JSON):
https://czanik.blogs.balabit.com/2016/04/the-grouping_by-parser-in-syslog-ng-3-8/

Optimize your SIEM

------------------

Join us on Wednesday, May 18, 2016, at 2:00 PM EST to hear about the
benefits of front-ending your SIEM with syslog-ng. Benefits include:
increased performance, higher quality data, and cost-effective
scalability. Register for the live webinar at
https://pages2.balabit.com/optimize-siem/

Troubleshooting Java support

----------------------------

Java based destination drivers were introduced to syslog-ng last year.
The syslog-ng application uses libjvm.so to embed a Java Virtual
Machine inside syslog-ng. Learn which Java to use and how to make
sure, that it is found by syslog-ng:
https://czanik.blogs.balabit.com/2016/03/troubleshooting-java-support-in-syslog-ng/

Cybersecurity Excellence award for SSB

--------------------------------------

Balabit has been named the winner of the 2016 Cybersecurity Excellence
Award for Forensics for syslog-ng Store Box (SSB). Based on syslog-ng
– one of the most widely adopted log management software packages –
SSB is a highly reliable and high-performance log management appliance
which collects, classifies, organizes, and securely stores log
messages for any enterprise who operates a log management
infrastructure.

http://www.marketwired.com/press-release/balabits-syslog-ng-store-box-earns-2016-cybersecurity-excellence-award-for-forensics-2121174.htm

Packaging Rust parsers

----------------------

Up until now, if you wanted to try the new Rust-based parsing in
syslog-ng, you also had to build syslog-ng yourself from source code.
Not anymore, if you use one of the RPM-based Linux distributions:
https://czanik.blogs.balabit.com/2016/04/syslog-ng-3-8-preview-parsers-in-rust/

Your feedback and news tips about the next issue is welcome at
documentation <at> balabit.com . To read this newsletter on-line, visit:
http://insider.blogs.balabit.com/

Peter Czanik (CzP) <peter.czanik <at> balabit.com>
Balabit / syslog-ng upstream
http://czanik.blogs.balabit.com/
https://twitter.com/PCzanik
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq

Ho, Ming | 4 May 02:11 2016
Picon

Re: syslog-ng 3.7.3 with Java enable Can't find class when startup

Hi,

I use the following conf file to start syslog-ng 3.7.3 complied with Java supported version and got the
following error:

# syslog-ng -f /opt/syslog-ng/syslog-ng.conf
[2016-05-03T23:13:54.191256] Can't find class; class_name='org/syslog_ng/SyslogNgClassLoader'
**
ERROR:modules/java/native/java_machine.c:126:java_machine_get_class_loader: assertion
failed: (self->loader)

syslog-ng.conf:
 <at> version: 3.7
 <at> include "scl.conf"
 <at> module mod-java

source s_syslog {
   syslog();
};

destination d_elastic {
   java(
      class_path("/usr/lib64/syslog-ng/java-modules/*.jar:/usr/share/elasticsearch/lib/*.jar")
      class_name("org.syslog_ng.elasticsearch.ElasticSearchDestination")
      option("index", "syslog-ng_${YEAR}.${MONTH}.${DAY}")
      option("type", "test")
      option("client-mode", "transport")
      option("server", "sl73ovnapd018")
      option("port", "9200")
      option("flush-limit", "10")
   );
};

log {
   source(s_syslog);
   destination(d_elastic);
   flags(flow-control);
};

I found previous post from last year with the exact same error: https://github.com/balabit/syslog-ng/issues/620

According to the post the problem was make install fail to copy  "syslog-ng-core.jar" and/or
"syslog-ng-common.jar" to target directory. Including these two files in the directory referenced by
the class_path should solve the problem.

I have these two files included in my class_path already but still got the same error:
-rw-r--r-- 1 root root 11411 May  2 06:50 /usr/lib64/syslog-ng/java-modules/syslog-ng-core.jar
-rw-r--r-- 1 root root 12536 May  2 06:51 /usr/lib64/syslog-ng/java-modules/syslog-ng-common.jar

Any help is highly appreciated.

Ming Ho

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq

Scheidler, Balázs | 30 Apr 06:38 2016

Re: race condition causes copytruncate log rotation problems

Thanks for diagnosing this. Lseek is used as it was resolving a performance issue on NFS on freebsd about a decade ago.

See this thread:

https://lists.balabit.hu/pipermail/syslog-ng/2008-May/011696.html

We should probably make the o_append mode default and only use seek+write on NFS.

Can you submit a patch to do this?
Thanks

On Apr 29, 2016 4:17 PM, "Jim Segrave" <jes <at> j-e-s.net> wrote:
On a set of very busy Usenet servers, we are seeing problems with using
syslog-ng together with copytruncate in logrotation. I am not sure why,
but syslog-ng opens log files without
having O_APPEND set, and appends log mesages with separate syscalls - an
lseek to SEEK_END, followed by a write. On a busy server- perhaps 300
logs/sec each about 120 bytes long, we sometimes find that logrotate,
which is configured to do a copy-truncate, actually produces a sparse
file which begins with blocks of zeroes up to the pre-rotate log file size,
followed by logs written after the copytruncate completes.

Looking at the Linux /proc/PID/fdinfo information, I see that the
logfiles are not opened in append mode, although they are opened O_WR. I
haven't begun looking through the source to see if syslog-ng ever tries
to overwrite data it's already logged by seeking backwards in the file -
I must confess I can't think of any reason to do so. The only other
reason for not having O_APPEND set  would be to avoid problems for
people using NFS to collect logs centrally by having different servers
all writing to one NFS file.

As I see it, the sequence leading to this problem is:

syslog-ng                logrotate copytruncate function
------------- -------------------------------------------
,,,
                                begin copytruncate, reach EOF on the copy
lseek(fd, SEEK_END)
<------------------------------------------------------------- the end
of the file before logrotate ftruncates() it

                                ftruncate(fd, 0)
write(fd, log_msg, log_msg_size)
<-----------------------------------------  the write takes place at the
old EOF, so the kernel considers the file to have empty blocks from 0 to
that point


If there is a reason that some users need the logfile opened without
O_APPEND mode, then making that choice a configuration option would be
helpful. For those using O_APPEND, the lseek() calls are harmless and
won't add any more resource usage than is already present, but file
truncation will prevent a zero filled pad being prefixed to the file.



______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq

Evan Rempel | 29 Apr 19:38 2016
Picon
Picon

Re: filtering vs. keeping all logs

IT teams that I speak with often use filtering to decrease the log volume, but not in the context of archiving or storing the logs. These teams are typically using some analysis product to process their logs and the product has a licensing cost based on the log volume. For example, splunk or loggly fall into this category. So the use case is to filter out log messages that are know to be of no interest, and feed the rest of the stream to the products for processing.

The other use case is where logs are centralized from a large geographical distribution and the cost of the bandwidth to aggregate the logs needs to be minimized.

Larger companies may make enough money that they just pay for the log processing. Perhaps at a capacity where some ceiling or cap on price has been reached. They may have development resources to develop a custom log processing architecture so that the processing is just the cost of the CPU time. Larger companies might have their own networks so they are not affected by costs that are associated to bandwidth.

Just my $0.02

Evan.


On 04/29/2016 01:33 AM, Czanik, Péter wrote:
Hi,

First of all: thank you for your feedback.

This is very interesting, as it is pretty much the contrary what I hear / read in most discussions. I am often asked how to throw away cron / dhcp / dns / kernel / debug / etc. messages to save bandwidth / disk space and sometimes even to narrow down what is saved from authentication logs (which sounds crazy to my security minded ears...).

I wonder what is the reason of this contradiction. Is it the size of the organization? (assumption: a larger org has more resources to save everything) Or is it compliance? (PCI, etc.) Or both?

Bye,


On Thu, Apr 28, 2016 at 6:59 PM, Evan Rempel <erempel <at> uvic.ca> wrote:
Logs are used for so many things. Auditing, security, post incident analysis, live alerting (SIEM) and others. It is for this reason that I believe that all raw log data should be saved.

Adding to the discussion about metadata...

We add metadata from a variety of sources.

1. The syslog line itself. We parse EVERY log message to identify specific data and context. For example, a login identifier is often used in an email address, but in the context of an e-mail address, it is NOT a login identifier. This enables data mining on login identifiers without having to further filer out e-mail messages. We populate hundreds of metadata elements this way. tape volumes, database instances, login, uid, gid, disk drive names, logical volume names, FRU components in hardware monitoring. The list is huge.

2. Incident details. During the parsing of EVERY log message, specific messages are identified as messages that should be alerted on. Metadata is added that contains incident description, URL to resolution documentation, severity of the incident and details on minimizing false positives. For example, a repeating log message may only be an incident if it repeats at a defined rate over a defined duration. All of this data is used to produce alerts to SMS, email, ticketing system.

3. Inventory management system. We add metadata for tiers of service. We have test, dev, preprod and prod. We also add business application names such as database instance (SID), Facilities management, workflow, MSExchange, listserver etc.

4. Business responsibility matrix. For each host/application there is a group that is responsible for the service. this metadata is added so that when alerts need to be sent the alerting subsystem can determine where to send the alert. It does this based on this responsibility matrix and data from #2.


All of this metadata gets placed into elasticsearch so we can start to mine the data by asking questions like:

- show all of the activity by user XXX in service Y in the preproduction tier on linux hosts.
- show all of the incidents for host HHH that group GGG is responsible for fixing.
- which service is responsible for the large increase in error class syslog lines, and in which tier of service did they occur.

The metadata is the power that drives this, and without the real time high performance pattern matching it just can't be done.

Evan.



On 04/28/2016 06:23 AM, Scot Needy wrote:
We save all log data and compress/dedup hourly.  For an enterprise of about 5000 servers this averages about 200GB. 
Some PCI compartments are special have backup and retention policies for compliance. 

Archiving raw log data also gives us data to re-parse should the patterns need to be updated.  



On Apr 28, 2016, at 7:23 AM, Czanik, Péter <peter.czanik <at> balabit.com> wrote:

Hi,

I was asking, because up until now I recall a single syslog-ng user, who told me, that he saves all log messages. On the other hand I keep receiving (marketing) e-mails, that no logs should be discarded, everything should be saved. And sometimes I receive the same feedback from the Big Data world: we have enough disk space, why to do any filtering. So I'd be interested to learn from real world experiences, if filtering is really old fashioned or is there any situation (compliance requirement, endless storage, etc.) when you really save all log messages.

Bye,


On Thu, Apr 28, 2016 at 11:11 AM, Fabien Wernli <wernli <at> in2p3.fr> wrote:
On Thu, Apr 28, 2016 at 11:06:07AM +0200, Czanik, Péter wrote:
> One of the major strengths of syslog-ng is message filtering, which
> facilitates message routing and discarding useless log messages. OTOH I
> often read, that we have now all the technologies and storage to keep all
> logs. What do you think?

I would go further: we now have the means to add relevant metadata to all the events,
which in turn allows us to do targeted archiving.



______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq

Czanik, Péter | 28 Apr 11:06 2016

filtering vs. keeping all logs

Hi,

One of the major strengths of syslog-ng is message filtering, which facilitates message routing and discarding useless log messages. OTOH I often read, that we have now all the technologies and storage to keep all logs. What do you think?

Bye,
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq

Vithulan MV | 27 Apr 15:15 2016
Picon
Picon

Re: [GSoC] Project: Kafka source

Hi all,

First of all, I'd like to thank you Syslog-ng community and my mentor Viktor Juhasz for accepting my proposal to implement Kafka source in Java!.
Some of you may already know me but for others, I'll introduce myself again. I'm Vithulan, 3rd year undergraduate at University of Moratuwa, Sri lanka. My areas of interests are, Data analytics, Machine Learning, Networking and Security. 

As a first step into this GSoC program I already started following the documentation [1], and going through the code base of syslog-ng (I'm curious what IDE you all are using?). What are the other areas that you want me to know to polish my knowledge before we get into the coding period?

I guess, this is going to be very interesting 4 months with good new experiences :)
Thank you!


Best regards,
Vithulan.

On 23 April 2016 at 08:42, Vithulan MV <vithulanmv.12 <at> cse.mrt.ac.lk> wrote:
Hi Viktor,

I am very excited and happy after seeing my morning mail from Google summer of code! Thank you very much for accepting my proposal! :)
How shall we proceed into this project? and any tips before going deep into the project? :) 

Thank you.

Best regards,
Vithulan.

On 26 March 2016 at 10:52, Vithulan MV <vithulanmv.12 <at> cse.mrt.ac.lk> wrote:

Hi Viktor,

I have submitted my proposal in GSoC page and Syslog-ng wiki page aswell.

Thanks.
Best regards,
Vithulan

On Mar 10, 2016 8:42 PM, "Vithulan MV" <vithulanmv.12 <at> cse.mrt.ac.lk> wrote:
Hi Viktor,

Thanks for the link :) I'll check that.

Regards,
Vithulan.

On 10 March 2016 at 20:22, Juhász, Viktor <viktor.juhasz <at> balabit.com> wrote:
Hi,

Sorry I missed the link :)
https://syslog-ng.org/gsoc-2016/

BR,
Viktor

On Thu, Mar 10, 2016 at 3:46 PM, Vithulan MV <vithulanmv.12 <at> cse.mrt.ac.lk> wrote:
Hi Viktor,

Do you mean creating proposals for GSOC 2016 page [1] ? If not please kindly share the page link with me?

[1] https://github.com/balabit/syslog-ng/wiki/Creating-a-proposal-for-GSoC-2016

Thanks.
Regards,
Vithulan.

On 10 March 2016 at 19:40, Juhász, Viktor <viktor.juhasz <at> balabit.com> wrote:
Hi Vithulan,

We've finished our GSoC process description. Please read it carefully, and fill our Student Application Form.

BR,
Viktor

On Thu, Mar 10, 2016 at 3:06 PM, Vithulan MV <vithulanmv.12 <at> cse.mrt.ac.lk> wrote:
HI Viktor,

Thanks for the overview and giving the overall idea. I'm working on this and report you back on the progress.

Thanks.
Regards,
Vithulan.

On 8 March 2016 at 18:05, Juhász, Viktor <viktor.juhasz <at> balabit.com> wrote:
Hi Vithulan,

Yes, this should be plugin (you can find the plugins in the modules directory in syslog-ng source).

Just a very briefly overview:

syslog-ng read messages from the sources, process them with filters, rewrite rules, parsers, etc, and finally send messages to the destinations.
We have a Kafka destination, it is implemented in java. The kafka source also should be implemented in java, but we our java source base is under construction, so till I can't give you an exact API, it is comming in the next 2-3 weeks.

The ovarall idea is the following.
 - We should implement a Kafka consumer which uses the high level kafka group consuming API (https://cwiki.apache.org/confluence/display/KAFKA/Consumer+Group+Example)
 - We have to process data read from the Kafka (create LogMessage from this. LogMessage is an internal struct in syslog-ng representing the in the software)
 - After reload or restart syslog-ng have to be able to continue reading messages from the last read message.
 - If there are more syslog-ng's reading the same Kafka input (these syslog-ng's have the same group name) avoid message loosing or message duplication as much as possible

Regards,
Viktor



On Mon, Mar 7, 2016 at 6:43 PM, Vithulan MV <vithulanmv.12 <at> cse.mrt.ac.lk> wrote:

Hi Viktor,

Oh I see! I've sent a mail to the mail list. Can you kindly give me an overall idea of project Kafka source please? (Architecture of syslog-ng/ current APIs) Is this is going to be an extension of syslog-ng?

Thank you.

Regards,
Vithulan.

Hi Vithulan,

I've never faced with this problem, during compiling syslog-ng.
I suggest, that ask about your problem in the mail list of syslog-ng ;)

Best Regards,
Viktor


On Mon, Mar 7, 2016 at 12:46 PM, Vithulan MV <vithulanmv.12 <at> cse.mrt.ac.lk> wrote:
Hi,

I've been going through the git book that you referred. It was helpful. Can you please explain a bit about the project structure and deliverables of Kafka-source project?

I added required dependencies and tried to build syslog-ng from the source, there was an error saying,
${syslog-ng_HOME}/modules/afmongodb/mongo-c-driver/src/mongoc/mongoc-scram.c: In function '_mongoc_scram_sha1': storage size of 'digest_ctx' isn't known (EVP_MD_CTX digest_ctx)
I confirmed OpenSSL [1] headers are included in the file.Can you please point out whats wrong?

In the meantime I'm going through the syslog-ng documentation [2]. Can you give me directives on what I can be doing while preparing my proposals?
Thank you.
Regards,
Vithulan.


On 4 March 2016 at 18:56, Vithulan MV <vithulanmv.12 <at> cse.mrt.ac.lk> wrote:
Hi,

Thanks for the reference, I will go through it and report you back on the progress.

Thanks,
Regards,
Vithulan.  

On 4 March 2016 at 18:45, Juhász, Viktor <viktor.juhasz <at> balabit.com> wrote:
Hello,

Sorry for the long response time. We are working on a wiki page, this page will describe all the required information. Till please read our documentation (getting started) https://www.gitbook.com/book/syslog-ng/getting-started/details

Best Regards,
Viktor Juhasz

On Fri, Mar 4, 2016 at 2:09 PM, Vithulan MV <vithulanmv.12 <at> cse.mrt.ac.lk> wrote:
Hello,

I sent the following mail to the syslog-ng mailing list, but didn't get any responses. So I thought it didn't reach to you. I'm highly motivated on contributing for syslog-ng in GSoC 2016. I also have prior experience in syslog-ng domain so I feel like this project is going to be very interesting. Please kindly guide me on how I should start?

Thank you.

Regards,
Vithulan.


---------- Forwarded message ----------
From: Vithulan MV <vithulanmv.12 <at> cse.mrt.ac.lk>
Date: 3 March 2016 at 15:33
Subject: [GSoC] Project: Kafka source
To: syslog-ng <at> lists.balabit.hu


Hi all,

I'm currently a 3rd year undergraduate at University of Moratuwa, Sri lanka. I have attached my Linkedin profile with this mail [1]. I'd like to contribute to a GSoC 2016 project with the open source community of syslog-ng.

I have contributed in log analyzing project LogAnalyzer [2] and also worked with logstash, kafka. Therefore, I think I can contribute syslog-ng project kafka source as I'm much interested in that.

Please kindly make any suggestions on how I should proceed on this?
Thank you.
Regards,
Vithulan

--
Vithulan MV.

Undergraduate, 
Department of Computer Science & Engineering,
University of Moratuwa,
Sri lanka.



--
Vithulan MV.

Undergraduate, 
Department of Computer Science & Engineering,
University of Moratuwa,
Sri lanka.




--
Vithulan MV.

Undergraduate, 
Department of Computer Science & Engineering,
University of Moratuwa,
Sri lanka.



--
Vithulan MV.

Undergraduate, 
Department of Computer Science & Engineering,
University of Moratuwa,
Sri lanka.





--
Vithulan MV.

Undergraduate, 
Department of Computer Science & Engineering,
University of Moratuwa,
Sri lanka.




--
Vithulan MV.

Undergraduate, 
Department of Computer Science & Engineering,
University of Moratuwa,
Sri lanka.




--
Vithulan MV.

Undergraduate, 
Department of Computer Science & Engineering,
University of Moratuwa,
Sri lanka.



--
Vithulan MV.

Undergraduate, 
Department of Computer Science & Engineering,
University of Moratuwa,
Sri lanka.



--
Vithulan MV.

Undergraduate, 
Department of Computer Science & Engineering,
University of Moratuwa,
Sri lanka.
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq

Laszlo Budai | 26 Apr 13:18 2016

GSoC 2016: we are looking for Featuer Owners.

  
Hi,


Students have sent proposals to the following five projects (other project ideas, such as wildcard file source, were not so popular :-) ) :

  • Automated release generation for syslog-ng
https://github.com/balabit/syslog-ng/wiki/GSoC2016-Idea-&-Project-list#project-automated-release-generation-for-syslog-ng

The selected proposal: https://drive.google.com/open?id=0B5rOtg14cnD0UDJFcnFBLWhXMVUby Ankush Sharma.



The selected proposal: https://drive.google.com/open?id=0B5rOtg14cnD0VXQyYncxaTliaXM by Vithulan MV.

The selected proposal : https://drive.google.com/open?id=0B5rOtg14cnD0ek9TSklPSnZ4YWM by Noemi Vanyi.



As we have already mentioned https://syslog-ng.org/gsoc-2016/ , we will ask you to join us and help students in their work.

Our goal is to build a syslog-ng-GSoC release after the program is finished.


Join us! We need Feature Owners who are members of our community.

If you are interested in one of the projects and want to be a Feature Owner, just contact to us at ( gitter  https://gitter.im/balabit/syslog-ng , this mailing list ).


Regards,
Laszlo Budai

Sent from my HTC

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq

Ivan Adji - Krstev | 25 Apr 14:18 2016
Picon

Syslog-ng 3.8

Hi all,
I have open a issue about the error i got when i update the Syslog-NG to
3.8 for "syslog-ng Address already in use (98)". I'm still working on
the issue, but i would like to know if this newest version 3.8 is
stabled as im building new environment and im asking myself do i use
this 3.8 version or 3.7 ?

Thanks
Ivan
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq

Yilin Li | 23 Apr 16:27 2016
Picon

Greeting from Yilin

Hi, 

I recieved the email that told me my proposal is accepted today.

I'm very exited about that.
I'm greatly grateful that the community and especially  my mentors Laszlo Meszaros and Viktor Juhasz decide to give me the opportunity. I'll try my best to accomplish the project.

I'll start the following tasks as my proposal described.
* Getting familiar with syslog-ng's code base. Especially, I should understand the architecture of the destination and source modules.
* Post my questions in the mailing list and IRC if I get some problems understanding the code.

<at> my mentors Laszlo Meszaros and Viktor Juhasz
Please guide me if there is anything that could help me to accomplish the project better :)



--
Best wishes,
Yilin  Li
Institute of Software Chinese Academy of Sciences
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq

Scot Needy | 22 Apr 18:07 2016
Picon

forward syslog-ng -> syslog-ng central.


What’s the best way to forward all syslog data to another syslog-ng ? 

simple think like this with some options?  

log { source(s_net);
          destination (d_sysmaster);
 };
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq


Gmane