Syslog-ng 4 (osc23)
where log management is heading
Chaos Computer Club - archive feed · Peter Czanik
May 27, 202341m 45s
Audio is streamed directly from the publisher (cdn.media.ccc.de) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
After 13 years, a new major release of the syslog-ng logging application is available. Syslog-ng 4.0 brings type support and many additional enhancements. This presentation also gives you an overview of some of the larger features since the previous major release, and then proves why type support is a major enhancement, improving both operations and security.
In version 3 and earlier, syslog-ng handled all data as text. Syslog-ng 4 can associate the proper type information with data parsed from log messages using the JSON or PatternDB parsers. You can use type information for comparisons within syslog-ng, and storing data to various destinations, like Elasticsearch or MongoDB. Type support enables more precise filtering and thus real-time security alerting in syslog-ng, and easier searching and reporting in databases. I give a quick overview of the major new syslog-ng features during the version 3 series, including disk-buffer, message parsing, Python support, HTTP destination, Kubernetes support and how these combined with 4.0 features improve both operations and security.
After 13 years, a new major release of the syslog-ng logging application is available. Syslog-ng 4.0 brings type support and many additional enhancements. This presentation also gives you an overview of some of the larger features since the previous major release, and then proves why type support is a major enhancement, improving both operations and security.
In version 3 and earlier, syslog-ng handled all data as text. Syslog-ng 4 can associate the proper type information with data parsed from log messages using the JSON or PatternDB parsers. You can use type information for comparisons within syslog-ng, and storing data to various destinations, like Elasticsearch or MongoDB. Type support enables more precise filtering and thus real-time security alerting in syslog-ng, and easier searching and reporting in databases. I give a quick overview of the major new syslog-ng features during the version 3 series, including disk-buffer, message parsing, Python support, HTTP destination, Kubernetes support and how these combined with 4.0 features improve both operations and security.
about this event: https://c3voc.de
Topics
osc2341002023New Technologies