ABOUT
Visit BalaBit site
Reading e-books
For many years, I was looking for a good and affordable e-book reader. I read a lot on the computer, as many text I read are not available in a printed form. Some of them would be even obsolete before I could print them 
But being environmentally cautious, I try to avoid printing anyway whenever it is possible. Reading from the screen has many disadvantages: it’s not so friendly to the eyes and also one can easily be disturbed by incoming e-mail, instant messages, etc. But this Christmas finally brought me an e-book reader!
Rsyslog vs. syslog-ng
Every few days I find references to an rsyslog vs. syslog-ng comparison on the rsyslog site, which has not been updated for more than three years. Since it contains some outdated information about syslog-ng (some of which was incorrect at the time of publishing), I want to make some corrections and updates. Here is a short summary.
Graphical User Interfaces for use with syslog-ng
Centralized logging of events has been an important part of the IT infrastructure for many years. It is more convenient to browse logs in a central location rather than viewing them on individual machines. Central storage is also more secure. Even if logs stored locally are altered or removed, one can still check the logs on the central log server. Compliance with different regulations also makes central logging necessary. (This is an updated version of my previous syslog-ng web gui blog.)
CEE and syslog-ng
The latest syslog-ng release, version 3.3 can be used to implement part of the “CEE over syslog” standard. BalaBit’s patterndb technology was able to extract information from syslog messages already for a long time. With this release JSON output was added, which means, that the extracted information can be output as JSON data. What it means in practice, that syslog-ng is able to parse log messages, and output the extracted fields in the form required by CEE.
syslog-ng in books
syslog-ng is mentioned in many books. As the list would be too long, if we post all of them, we selected only those, which not only mention syslog-ng, but also write about it in depth. For a complete list, please check our book section at http://www.balabit.com/network-security/syslog-ng/opensource-logging-system/overview/books
Syslog clients for Windows
Central logging using syslog is long part of the UNIX / Linux infrastructure. But if someone also happens to have Windows machines, it is still possible to use the proven syslog-ng servers. There are many clients available, both open and closed source, ranging from simple event forwarders to complex logging solutions. More
syslog-ng quick news
There was a new release of syslog-ng OSE 3.3 last weekend, it’s now at beta2. FreeBSD ports was the first to add support for it, and now here are the openSUSE packages for testing: http://download.opensuse.org/repositories/home:/czanik:/syslog-ng33/ or if more interested in package sources, then check https://build.opensuse.org/project/show?project=home%3Aczanik%3Asyslog-ng33 where these packages were built.
Octopussy
Octopussy is a Perl and XML based logs analyzer, alerter and reporter. When I gave it a try a few months ago, syslog-ng support did not work properly and I ran into many other smaller problems. I just tested the new release, and now it works fine with syslog-ng and also runs on Debian 6.0. More
Some more applications to forward Windows events to syslog-ng
There are many smaller and mostly abandoned projects to forward Windows events to syslog. I did not have a chance to test all them, as I only have access to the latest Windows releases, still, they might be interesting if you have older Windows versions running on legacy hardware. These include Kiwi and three open source applications NTsyslog, winlogd, Project Lasso. More
Patterns for Windows Server 2008
Two weeks ago I promised some Windows patterns. They are now available for download from http://people.balabit.hu/czanik/patterndb-win2k8.xml Obviously it does not cover every single event from Win2k8, but many common events are included. They are not just recognized, but some useful information is also extracted from them.