syslog-ng

 I am an engineer working as open-source evangelist at One Identity, the company that develops syslog-ng. I assist Linux distributions and FreeBSD to maintain the syslog-ng package, follow bug trackers, help users and talk regularly about sudo and syslog-ng at conferences (SCALE, All Things Open, FOSDEM, LOADays and others). In my limited free time, I am interested in non-x86 architectures and work on one of my PPC or ARM machines. 

Most of the time, I work on sharing technical knowledge about syslog-ng; writing blogs on how to use syslog-ng in various environments and giving talks about it around the world at conferences. However, listening to long technical talks can be tiresome, even for seasoned engineers. So, I spice up my talks by sharing some little-known facts about syslog-ng. Here are a few I’ve collected: 

First: Why is syslog-ng called the Swiss army knife of log management? With syslog-ng, you can collect logs from any source, process them in real time and deliver them to a wide variety of destinations. It’s a flexible tool to collect, parse, classify, rewrite and correlate logs from across your infrastructure and store or route them to log analysis tools. 

Which syslog-ng version do you think is the most popular: 3.25 in Ubuntu LTS or 3.5 in Fedora EPEL? Actually, neither of these is. If we think about popularity as number of installations, then it’s a really old version: 1.6. Why? The reason is simple: All Kindle e-book readers run syslog-ng to collect logs. Over the years, well over a hundred million Kindle readers were sold. I don’t think any other syslog-ng version has this number of installations. 

For a while, I had another tricky question: Which syslog-ng version is the fastest? Of course, I purposefully didn’t define speed. So, my answer was 3.4 (the version running inside the BMW i3 electric cars). However, years later, I learned that I was wrong. The BMW is not the fastest for multiple reasons. First of all, it’s an ancient version, still without multi-threading. Also, Airbus is using syslog-ng on their airplanes. Not only does Airbus use syslog-ng, Airbus also contributed to its development to enhance the security of log transmission and storage. 

Take a look at our “Powered by syslog-ng” page! In reality, the list is a lot longer, but as people do not often share the details of their infrastructure with the public, the page’s contents are pretty short. Still, you’ll find many familiar names there, such as Facebook and some large HPC clusters and cloud providers from around the world. Most Linux distributions have syslog-ng packaged, just as most BSD variants.  

And last but not least, syslog-ng is embedded in many places. I already mentioned Kindle and BMW, but it also runs on many NAS and other appliances, like F5 loadbalancers. 

When speaking at US conferences, there are often people who are surprised by my strange foreign accent. Why is someone from Hungary talking about a US software project? Well, while the majority of syslog-ng users are in the US, syslog-ng is developed mostly in Budapest. I say mostly because, while the office where syslog-ng is developed is here in Budapest, we receive contributions from all around the world, which is easy since the source code is available on GitHub: https://github.com/syslog-ng/syslog-ng/ together with our issue tracking system. 

If you like to work in an open-source friendly environment, and sometimes even contribute to open-source projects, come work in the One Identity Budapest office!

Anonymous
Related Content