Reliable log management
The syslog-ng project is a continuous community effort to create the best log management tool. The project is an advocate and early adopter of open standards, including the syslog RFCs developed by the IETF or the Common Event Expression (CEE) message-description standard of the MITRE Corporation.
The syslog-ng application supports reliable and encrypted transport using TCP and TLS, and offers powerful message filtering, sorting, pre-processing and log normalization capabilities. Utilizing message parsing and classification, syslog-ng is able to correlate log messages both real-time and offline, making it especially useful for system administrators and security managers needing to quickly access important events in the massive amounts of log data generated by complex IT environments.. This high-performance tool handles extreme loads easily, and is extensible with various plug-ins to best suit your requirements.
What is syslog-ng?
The syslog-ng Open Source Edition application is highly portable and is known to run on a wide range of hardware architectures (x86, x86_64, SUN Sparc, PowerPC 32 and 64, Alpha, ARM, MIPS, etc.) and operating systems, including Linux, BSD, Solaris, IBM AIX, HP-UX and others.
BalaBit provides syslog-ng sources at the syslog-ng OSE Download page.
Binary packages for syslog-ng are available in the repositories of most major Linux distributions. Third-party packages also for other platforms are available at Downloads - 3rd party.
Most Security Event and Information Management (SIEM) and log analyzing solutions are compatible with syslog-ng as they can receive messages from syslog-ng using one of the many output possibilities supported by syslog-ng. Here is just a short list of products which were successfully used together with syslog-ng:
- HP's Arcsight ESM
- Tibco's LogLogic Security Event Manager
- Intel's Nitrosecurity Nitroview
- Prism Microsystems EventTracker
- Sawmill Log Analyzer
In the lead since 1998
A good logging infrastructure is a key element in the network security of companies. Development of syslog-ng had started when no tool existed that could satisfy the requirements of organizations maintaining large IT networks. syslog-ng (ng: New Generation) is an alternative for syslogd - the default system logger component of Unix systems - and has solved the problems of tens of thousands of organizations, ranging from industrial companies to governmental institutes. syslog-ng has been the most widespread alternative system logging application of the Unix/Linux world for the last ten years.
Projects using syslog-ng
Linux distributions, BSD
There are many different Linux distributions and BSD systems out there. Most of them have syslog-ng, either as default or as an available package.
- SuSE Linux Enterprise Server: http://www.novell.com/products/server/
- Gentoo Linux: http://www.gentoo.org/
- Arch Linux: http://www.archlinux.org/
- Polish Linux Distribution: http://www.pld-linux.org/
- NixOS: http://nixos.org/nixos/
…available as a package
- Debian: http://www.debian.org/
- Fedora: http://fedoraproject.org/
- Mandriva: http://www.mandriva.com/
- openSUSE: http://www.opensuse.org/
- Ubuntu: http://www.ubuntu.com/
BSD uses a ports system to install 3rd party software. Syslog-ng is available for the three "big" BSD variants.
- FreeBSD: http://www.freebsd.org/ uses the latest version of syslog-ng
- openBSD: http://openbsd.org/
- netBSD: http://netbsd.org/ only has an ancient version available
NAS, appliances and devices
The list of installed software is often not disclosed for these types of devices, but forum and support requests often reveal, that syslog-ng is running on the device. It's not always straightforward, if it is there by default or as a user installed extension.
- Amazon Kindle: http://www.amazon.com/b?node=133141011 is an e-book reader and runs an ancient version of syslog-ng most likely by default.
- Synology: http://www.synology.com/ and QNAP http://qnap.com/ are NAS systems and have syslog-ng available as an 3rd party "ipkg" package.
- Xtreamer: http://xtreamer.net/ is a NAS / media player, and most likely runs syslog-ng by default.
- F5: http://www.f5.com/ uses syslog-ng in its products.
- Endian: http://www.endian.com/ security and networking appliances run syslog-ng.
- Infoblox: http://www.infoblox.com/ networking and security products run syslog-ng.
Many software projects use syslog-ng as part of their software suits, sometimes deeply embedded in their systems. As with devices, often forums and support requests reveal, that syslog-ng is involved.
- Rightscale: http://www.rightscale.com/ is a cloud management suit, which uses syslog-ng to collect logs.
- HP Insight Control for Linux: http://h18000.www1.hp.com/products/servers/management/insightcontrol_linux2/index.html is a server management suite, where log collection is done by syslog-ng.
- Groundwork Monitor: http://www.groundworkopensource.com/ is a system and network management software using syslog-ng for logging related tasks.
- VDT: http://vdt.cs.wisc.edu/ is a software suite for super computing grids.
- PlugApps: http://plugapps.com/ provides easy to install software for plug size computers.
- ALOIS: http://wiki.apache.org/incubator/AloisProposal is a log collection and correlation software with reporting and alarming functionalities.
- SANS, security 506: http://www.sans.org/mentor/description.php?cid=13957
- Latin American and Caribbean TLD Association, Advanced Registry Operations Course: http://www.lactld.org/?cmd=index&func=detalle_contenido_evento&cod_contenido=92
- CCDCOE, Cyber defense monitoring course: http://www.ccdcoe.org/189.html brought to you by NATO's cyber defense organisation.