Syslog-ng 4.0 – where log management is heading
Key | Action |
---|---|
K or space | Play / Pause |
M | Mute / Unmute |
C | Select next subtitles |
A | Select next audio track |
V | Show slide in full page or toggle automatic source change |
left arrow | Seek 5s backward |
right arrow | Seek 5s forward |
shift + left arrow or J | Seek 10s backward |
shift + right arrow or L | Seek 10s forward |
control + left arrow | Seek 60s backward |
control + right arrow | Seek 60s forward |
shift + down arrow | Decrease volume |
shift + up arrow | Increase volume |
shift + comma | Decrease playback rate |
shift + dot or shift + semicolon | Increase playback rate |
end | Seek to end |
beginning | Seek to beginning |
Share this media
HLS video stream
You can use an external player to play this stream (like VLC).
HLS video streamWhen subscribed to notifications, an email will be sent to you for all added annotations.
Your user account has no email address.
Information on this media
Links:
Number of views:
30Creation date:
July 3, 2023Speakers:
Peter CzanikLicense:
CC BY-SA v4Description
After 13 years, a new major release of the syslog-ng logging application is available. Previously, syslog-ng handled all data as text. Syslog-ng 4.0 can associate the proper type information with data parsed from log messages. You can use type information for comparisons within syslog-ng, and storing data to various destinations, like Elasticsearch or MongoDB. Type support enables more precise filtering and thus real-time security alerting in syslog-ng, and easier searching and reporting in databases. I give a quick overview of the major new syslog-ng 4 features and show with examples how these improve security at your organization.
After 13 years, a new major release of syslog-ng is available. Syslog-ng 4.0 brings type support and many additional enhancements. This presentation gives you an overview of some of the larger syslog-ng 4 features, andproves why type support is a major enhancement, improving both operations and security.
Why is type information important? Many filters in syslog-ng uses comparisons, and for example, if you try to compare numbers as strings, 1000 is smaller than 90, as one precedes nine. Using type information, you can get correct comparison results. Many filters in syslog-ng use comparisons. Filters are used for real-time alerting within syslog-ng. Using proper type information here also means better alerting possibilities both for operations and security.
Previously, syslog-ng handled all data parsed from log messages as text. However, even if the format is text, in practice, it can be a number, a boolean value or a list. Some syslog-ng parsers can now detect and preserve the type of data parsed into name-value pairs. You can also add type information to name-value pairs manually.
Name-value pairs from message parsing, filters and templates were already a major feature of the syslog-ng 3 series. Type support in version 4.0 significantly enhances their usability.
Previously, by default, syslog-ng sent all values as text, even though type information was available when the log messages entered syslog-ng. In some cases, you could set type information manually, or you could map type information on the destination side, for example, in Elasticsearch. Now you can store name-value pairs with the correct type information.
If logs are sent as text, the receiving end often handles them as text. It means, for example, that you cannot create graphs from numbers sent as text. Sending name-value pairs with proper type information makes it possible for the receiving end to properly use the embedded values.
Syslog-ng already provides a lot of run-time information for monitoring purposes. Current developments both extend the information available and make it easier to understand. Support for Prometheus is underway.
Peter is an engineer working as open source evangelist at Balabit (a One Identity business), the company that developed syslog-ng. He assists distributions to maintain the syslog-ng package, follows bug trackers, helps users and talks regularly about sudo and syslog-ng at conferences (SCALE, All Things Open, FOSDEM, LOADays, and others). In his limited free time he is interested in non-x86 architectures, and works on one of his PPC or ARM machines.
Other media in the channel "2023"
- 98 views, 98 this year, 1 this monthWhy cyberoffense will never be regulatedJuly 5th, 2023
- 25 views, 25 this yearUsing Suricata to detect lateral movement in Windows environmentJuly 5th, 2023
- 100 views, 100 this yearDecrypt Kerberos/NTLM “encrypted stub data” in WiresharkJuly 5th, 2023
- 16 views, 16 this yearHow to survive to STIX parsing?July 5th, 2023
- 15 views, 15 this yearASN.1 templating for fun and profitJuly 5th, 2023
- 5 views, 5 this yearzekrom: an open-source library of arithmetization-oriented constructions for zkSNARK circuitsJuly 5th, 2023