syslog-ng is an enhanced logging daemon, with a focus on central log collection. It collects logs from many different sources, processes and filters them and forwards them to a destination. This session focuses on how syslog-ng parses important information from incoming messages, how to send this information to “big data” destinations, like HDFS, Kafka, ElasticSearch or MongoDB.
Abstract: syslog-ng is an enhanced logging daemon, with a focus on central log collection. It collects logs from many different sources.
Raw log messages come in a variety of formats:
- lacking any structure most are usually just an almost proper English sentence with some variable parts in it, like user names or IP addresses.
- Fix table-like structure, like Apache access logs.
- A small minority of logs arrive in an already structured form: JSON.
Parsers in syslog-ng make it possible to extract important information from any of these messages and create name-value pairs.Once you have name-value pairs instead of raw log messages, you have many possibilities. On the syslog-ng side, you can use them for filtering, for example, to send an alert if the username is “root”. You can also use them in file names, or messages can be modified to facilitate log rotation or better suit applications processing the logs.
Parsing and preprocessing log messages also allows you to store them more effectively:
- you can send them to the destination (for example, ElasticSearch or MongoDB) in a format that can be easy to process (for example, JSON),
- you can filter irrelevant data, and forward only what is really needed,
- processing is off-loaded to very effective C code.
Finally you will learn about the “big data” destinations that syslog-ng supports, and how they benefit from message parsing:
- Hadoop Distributed File System ( HDFS ),
- Apache Kafka,
- ElasticSearch and Kibana, and
- MongoDB.
And if syslog-ng cannot already do something that you need, and you are not afraid of writing some code, you can learn about how language bindings of syslog-ng make it possible to add new destinations, not only in C, but also in Java, Lua, Perl, or Python.
Bio: Peter Czanik is community manager at Balabit, developers of syslog-ng. He helps distributions to maintain the syslog-ng package, follows bug trackers, helps users and talks regularly at conferences (FOSDEM, Libre Software Meeting, LOADays, Scale, etc.) In his limited free time he is interested in non-x86 architectures, and works on one of his PPC or ARM machines.
2015. Libre Software Meeting - syslog-ng: from log collection to processing a...BalaBit
Peter Czanik: syslog-ng - from log collection to processing and infomation extraction
2015. Libre Software Meeting
After a short introduction to system logging, we will show how the current log messages look like, and what the problem is with this free text format. Next, we will introduce you the powerful concept of name-value pairs, and how you can extract useful information from your logs by parsing log messages into name-value pairs. Next we will demonstrate the flexibility of syslog-ng’s message parsers (patterndb, csv and JSON parsers), and show you how to create patterns using a text editor or a GUI. This can also be used to overwrite sensitive information due to privacy regulations. At the end, you will learn about the Perl/Python/Lua/Java bindings of syslog-ng Open Source Edition, how value pairs can be passed to them, and some reference applications written for syslog-ng.
LOADays 2015 - syslog-ng - from log collection to processing and infomation e...BalaBit
Peter Czanik: syslog-ng - from log collection to processing and infomation extraction
LOADays 2015.
After a short introduction to system logging, we will show how the current log messages look like, and what the problem is with this free text format. Next, we will introduce you the powerful concept of name-value pairs, and how you can extract useful information from your logs by parsing log messages into name-value pairs. Next we will demonstrate the flexibility of syslog-ng’s message parsers (patterndb, csv and JSON parsers), and show you how to create patterns using a text editor or a GUI. This can also be used to overwrite sensitive information due to privacy regulations. At the end, you will learn about the Perl/Python/Lua/Java bindings of syslog-ng Open Source Edition, how value pairs can be passed to them, and some reference applications written for syslog-ng.
Get the most out of your security logs using syslog-ngPeter Czanik
Event logging is a central source of information for IT security. The syslog-ng application collects logs from many different sources, performs real-time log analysis by processing and filtering them, and finally it stores the logs or routes them for further analysis. This session focuses on how syslog-ng parses important information from incoming messages, enriches them with additional contextual information, and concludes with demonstrating how all of this can be used for alerting or for dashboards.
Scaling your logging infrastructure using syslog-ngPeter Czanik
This talk was presented at All Things Open: https://allthingsopen.org/talk/scaling-your-logging-infrastructure/
Event logging is important not only for IT security and operations, but also for business decisions. The syslog-ng application is an enhanced logging daemon, with a focus on central log collection. It collects logs from many different sources, processes and filters them and finally it stores them or routes them for further analysis.
From this session you will learn (using examples from syslog-ng) why and how to parse important information from incoming messages, and how to route logs, feeding downstream systems using arbitrary formats. We will also discuss how the client – relay – server architecture can solve scalability problems. Also, I will present some of the recently introduced “Big Data” destinations of syslog-ng, which can help to scale your infrastructure even further.
2015. Libre Software Meeting - syslog-ng: from log collection to processing a...BalaBit
Peter Czanik: syslog-ng - from log collection to processing and infomation extraction
2015. Libre Software Meeting
After a short introduction to system logging, we will show how the current log messages look like, and what the problem is with this free text format. Next, we will introduce you the powerful concept of name-value pairs, and how you can extract useful information from your logs by parsing log messages into name-value pairs. Next we will demonstrate the flexibility of syslog-ng’s message parsers (patterndb, csv and JSON parsers), and show you how to create patterns using a text editor or a GUI. This can also be used to overwrite sensitive information due to privacy regulations. At the end, you will learn about the Perl/Python/Lua/Java bindings of syslog-ng Open Source Edition, how value pairs can be passed to them, and some reference applications written for syslog-ng.
LOADays 2015 - syslog-ng - from log collection to processing and infomation e...BalaBit
Peter Czanik: syslog-ng - from log collection to processing and infomation extraction
LOADays 2015.
After a short introduction to system logging, we will show how the current log messages look like, and what the problem is with this free text format. Next, we will introduce you the powerful concept of name-value pairs, and how you can extract useful information from your logs by parsing log messages into name-value pairs. Next we will demonstrate the flexibility of syslog-ng’s message parsers (patterndb, csv and JSON parsers), and show you how to create patterns using a text editor or a GUI. This can also be used to overwrite sensitive information due to privacy regulations. At the end, you will learn about the Perl/Python/Lua/Java bindings of syslog-ng Open Source Edition, how value pairs can be passed to them, and some reference applications written for syslog-ng.
Get the most out of your security logs using syslog-ngPeter Czanik
Event logging is a central source of information for IT security. The syslog-ng application collects logs from many different sources, performs real-time log analysis by processing and filtering them, and finally it stores the logs or routes them for further analysis. This session focuses on how syslog-ng parses important information from incoming messages, enriches them with additional contextual information, and concludes with demonstrating how all of this can be used for alerting or for dashboards.
Scaling your logging infrastructure using syslog-ngPeter Czanik
This talk was presented at All Things Open: https://allthingsopen.org/talk/scaling-your-logging-infrastructure/
Event logging is important not only for IT security and operations, but also for business decisions. The syslog-ng application is an enhanced logging daemon, with a focus on central log collection. It collects logs from many different sources, processes and filters them and finally it stores them or routes them for further analysis.
From this session you will learn (using examples from syslog-ng) why and how to parse important information from incoming messages, and how to route logs, feeding downstream systems using arbitrary formats. We will also discuss how the client – relay – server architecture can solve scalability problems. Also, I will present some of the recently introduced “Big Data” destinations of syslog-ng, which can help to scale your infrastructure even further.
Volker Fröhlich - How to Debug Common Agent IssuesZabbix
Probably every Zabbix user has a story of a Zabbix agent suddenly failing to work. Computers and networks are complex and diverse, and so are the causes of these problems.
This talk introduces a structured approach to debugging configuration problems, connectivity problems and problems in the execution of the agent. It will spotlight common problems, but also some rather obscure ones I met in the wild.
Zabbix Conference 2015
gRPC is a modern high performance RPC (Remote Procedure Call) framework that can run in any environment. gRPC is based on HTTP/2, Protocol Buffers and other modern standard-based technologies. Together with excellent tooling, it helps you create high throughput, low latency, real-time services.
Redis - for duplicate detection on real time streamCodemotion
Roberto "frank" Franchini presenta a Codemotion Techmeetup Torino Redis, un data structure server che può utilizzare come chiavi stringhe, hashes, lists, sets, sorted sets, bitmaps e hyperloglogs
.
Rihards Olups - Encrypting Daemon Traffic With Zabbix 3.0Zabbix
Are you paranoid? Even if you are not, it might be a good idea to encrypt your email. Important documents. Communication. While monitoring data is not secret in many cases, transmitting it in plaintext over Internet does make some people nervous. And now, with Zabbix 3.0, there's a built-in way to encrypt communication between components, including Zabbix server, proxy, agent, get and sender. Yes, them all. In this short talk we'll learn about the available modes, supported libraries and how to configure it all to still make sense a few years later.
Zabbix Conference 2015
Talk on Fluentd with introduction on what it is, how it works, and some real life feedback on its usage. This was presented at the Cloud Native Paris Meetup on 15th February 2018 : https://www.meetup.com/Cloud-Native-Computing-Paris/events/247273583/
Slides used at CNCF Paris Meetup 02/15/18.
This covers how we setup Prometheus at Deezer and his architecture. We also give some configuration examples and tweaks.
Volker Fröhlich - How to Debug Common Agent IssuesZabbix
Probably every Zabbix user has a story of a Zabbix agent suddenly failing to work. Computers and networks are complex and diverse, and so are the causes of these problems.
This talk introduces a structured approach to debugging configuration problems, connectivity problems and problems in the execution of the agent. It will spotlight common problems, but also some rather obscure ones I met in the wild.
Zabbix Conference 2015
gRPC is a modern high performance RPC (Remote Procedure Call) framework that can run in any environment. gRPC is based on HTTP/2, Protocol Buffers and other modern standard-based technologies. Together with excellent tooling, it helps you create high throughput, low latency, real-time services.
Redis - for duplicate detection on real time streamCodemotion
Roberto "frank" Franchini presenta a Codemotion Techmeetup Torino Redis, un data structure server che può utilizzare come chiavi stringhe, hashes, lists, sets, sorted sets, bitmaps e hyperloglogs
.
Rihards Olups - Encrypting Daemon Traffic With Zabbix 3.0Zabbix
Are you paranoid? Even if you are not, it might be a good idea to encrypt your email. Important documents. Communication. While monitoring data is not secret in many cases, transmitting it in plaintext over Internet does make some people nervous. And now, with Zabbix 3.0, there's a built-in way to encrypt communication between components, including Zabbix server, proxy, agent, get and sender. Yes, them all. In this short talk we'll learn about the available modes, supported libraries and how to configure it all to still make sense a few years later.
Zabbix Conference 2015
Talk on Fluentd with introduction on what it is, how it works, and some real life feedback on its usage. This was presented at the Cloud Native Paris Meetup on 15th February 2018 : https://www.meetup.com/Cloud-Native-Computing-Paris/events/247273583/
Slides used at CNCF Paris Meetup 02/15/18.
This covers how we setup Prometheus at Deezer and his architecture. We also give some configuration examples and tweaks.
Managing Your Security Logs with ElasticsearchVic Hargrave
The ELK stack (Elasticsearch-Logstash-Kibana) provides a cost effective alternative to commercial SIEMs for ingesting and managing OSSEC alert logs. This presentation will show you how to construct a low cost SIEM based on ELK that rivals the capabilties of commercials SIEMs.
Application Logging in the 21st century - 2014.keyTim Bunce
Slides for my talk at the Austrian Perl Workshop in Salzburg on October 10th.
A video of the talk can be found at https://www.youtube.com/watch?v=4Qj-_eimGuE
This talk is about a new interface to get information about processes, called task_diag, which we developed.
Currently /proc file system is used to get information about the processes running on the system. All information are presented as text files, which is convenient for humans, but not for programs such as ps and top. This incurs significant delays, especially on a systems with lots of containers running, which is frequently the case nowdays.
Ideally, tools such top and ps would get information in binary format, and use flexible means to specify which kinds of information and for which tasks is required. Presented is a new interface with all these features, called task_diag.
task_diag is based on netlink sockets and looks like socket-diag, which is used to get information about sockets. It uses the request-response model. An request specifies a set of processes and required properties for them. A response contains requested information and can be divided into a few netlink packets if it's too long.
The task diag is much faster than the /proc file system. For example, when reading from /proc, ps opens, reads, and closes many files -- and iterates this for every single processes. With task_diag, it's just sending a request and getting a response.
Except for ps and top, the proposed interface is to be used by CRIU, a containers checkpoint/restore and live migration mechanism. Also, developers of perf tool found that it can be useful to them and implemented a prototype which show a big performance improvements in case of using task_diag instead of procfs.
Our performance measurements show that the ps tool works at least four times faster if task_diag is used instead of procfs.
Learn about structured logging with rsyslog and how it can be used to do actual format conversions. Include config samples for Linux and Windows log sources.
PostgresOpen 2013 A Comparison of PostgreSQL Encryption OptionsFaisal Akber
Are you looking to encrypt your data within PostgreSQL? We will review the various options available for encrypting data with PostgreSQL. We will also look at various options available to employ encryption and review various configuration and performance for using encryption.
There are a number of options available when encrypting data with PostgreSQL. When determining the mechanisms to use, it is important to understand the data, the application and how it is being used. We will compare different methods of encrypting data in their feature-sets and performance.
We will try to answer the following questions: Where do I enable the encryption? Where is my data safe and where is it exposed? Why should I use the various encryption modules available?
This is the talk I have given on Fedora Developer's Conference 2014 in Brno. It provides insight into the security features we added to rsyslog v7, integration into systemd journal, enhancements of the v8 engine and a glimpse at how to write rsyslog plugins in languages other than C.
You Can't Correlate what you don't have - ArcSight Protect 2011Scott Carlson
In this presentation we discuss gathering data with syslog-ng in order to properly feed your SIEM system such as ArcSight ESM. This presentation is from HP/ArcSight Protect 2011.
OpenIDM - Flexible Provisioning Platform - April 28 WebinarForgeRock
Identity Management requires powerful extensibility for handling lifecycle management use cases specific to each business. Legacy identity management solutions handled this poorly, using proprietary scripting languages that were painful and required specialized knowledge. ForgeRock designed OpenIDM with rapid extensibility in mind.
In this webinar, we will provide an overview of OpenIDM, explain the power of OpenIDM's javascript / groovy scripting mechanism and demonstrate how it can be used to generate a privilege user management script with less than 60 lines of javascript code. The sample code will also be made available post webinar for developers that want to play.
NIAS 2015 - The value add of open source for innovationBalaBit
(Balázs Scheidler, co-founder and CTO, BalaBit)
As a long term member of the Open Source community, I believe that the Open Source development model creates a great context for innovation to happen. In the open source world, collaboration and sharing are key principles. These principles put the problem to be solved in focus and tear down
organizational boundaries. An Open Source project is a space where the best engineers from multiple competing organizations work as a team on solving a common goal. This space and the direct connection to users boosts engineer motivation, creating trust and a virtuous circle that results in fast iterations: creating layers upon layers of work yielding a great product at a pace that is unrealistic in a proprietary software development setting. We can also see that the same values and principles start happening outside of the software realm: Wikipedia, Creative Commons and the Maker community confirms the approach works in other fields, which shows that it can be adapted to further situations to improve efficiency and innovation.
Les Assises 2015 - Why people are the most important aspect of IT security?BalaBit
Balázs Scheidler, co-founder and CTO of BalaBit holds a presentation about the importance of privileged users in IT security. He introduces BalaBit's approach to people-centric security - people centric security is a strategic approach to information security that emphasizes individual accountability and trust. It de-emphasizes restrictive, preventive security controls, while the monitoring of user activities is a fundamental element of people centric security.
Mr. Scheidler showcases how cooperates Blindspotter, BalaBit's UBA solution with its Privileged Activity Monitoring tool, Shell Control Box, and how does they provide an effective defense against Advanced Persistent Threats. A live demo of how an APT attack would be prevented will be also part of the presentation.
A recent eCSI survey reveals that nearly a quarter of IT professionals use firewalls as their only protection against malicious insiders and targeted attacks, which is completely ineffective for that purpose.
Hogyan maradj egészséges irodai munka mellett?BalaBit
Hogy kiknek szól ez a kiadvány? Amatőröknek. Pályakezdőknek. Újrakezdőknek. Sohaelnemkezdőknek. Mármint egészség fronton. Fájós háttal, úszógumival a derekukon munkában úszó sorstársainknak.
Hogy kiknek nem szól? Profiknak nem szól, mert ahhoz szándékosan kevés. Misztikus-egzotikus csodaprogramokat habzsoló divat-egészségeseknek sem szól, mert nincs könnyű út.
Csak egy út van.
Az alábbi pár oldalon összeszedtük a legfontosabb tanácsokat és megtámogattuk őket azokkal a tényeket, ami biológiából, anatómiából, kémiából stb... következik. Hiszünk benne, hogy a megértés segíti a tudás alkalmazását.
Log messages can be used to detect security incidents, operational problems, and other issues like policy violations, and are useful in auditing and forensics situations.
From this white paper you can learn the advantages of using the syslog-ng Store Box logserver appliance to collect, store, and manage system log (syslog) and eventlog messages for policy compliance.
Kontrolle und revisionssichere Auditierung privilegierter IT-ZugriffeBalaBit
In einem Unternehmen gibt es meist eine Vielzahl unbekannter privilegierter Benutzer: Systemadministratoren, Benutzer mit Zugriff auf vertrauliche Inhalte – besonders in IT-Architekturen, die mehrere Altsysteme enthalten.
Saudi Arabia stands as a titan in the global energy landscape, renowned for its abundant oil and gas resources. It's the largest exporter of petroleum and holds some of the world's most significant reserves. Let's delve into the top 10 oil and gas projects shaping Saudi Arabia's energy future in 2024.
Event Management System Vb Net Project Report.pdfKamal Acharya
In present era, the scopes of information technology growing with a very fast .We do not see any are untouched from this industry. The scope of information technology has become wider includes: Business and industry. Household Business, Communication, Education, Entertainment, Science, Medicine, Engineering, Distance Learning, Weather Forecasting. Carrier Searching and so on.
My project named “Event Management System” is software that store and maintained all events coordinated in college. It also helpful to print related reports. My project will help to record the events coordinated by faculties with their Name, Event subject, date & details in an efficient & effective ways.
In my system we have to make a system by which a user can record all events coordinated by a particular faculty. In our proposed system some more featured are added which differs it from the existing system such as security.
Forklift Classes Overview by Intella PartsIntella Parts
Discover the different forklift classes and their specific applications. Learn how to choose the right forklift for your needs to ensure safety, efficiency, and compliance in your operations.
For more technical information, visit our website https://intellaparts.com
Automobile Management System Project Report.pdfKamal Acharya
The proposed project is developed to manage the automobile in the automobile dealer company. The main module in this project is login, automobile management, customer management, sales, complaints and reports. The first module is the login. The automobile showroom owner should login to the project for usage. The username and password are verified and if it is correct, next form opens. If the username and password are not correct, it shows the error message.
When a customer search for a automobile, if the automobile is available, they will be taken to a page that shows the details of the automobile including automobile name, automobile ID, quantity, price etc. “Automobile Management System” is useful for maintaining automobiles, customers effectively and hence helps for establishing good relation between customer and automobile organization. It contains various customized modules for effectively maintaining automobiles and stock information accurately and safely.
When the automobile is sold to the customer, stock will be reduced automatically. When a new purchase is made, stock will be increased automatically. While selecting automobiles for sale, the proposed software will automatically check for total number of available stock of that particular item, if the total stock of that particular item is less than 5, software will notify the user to purchase the particular item.
Also when the user tries to sale items which are not in stock, the system will prompt the user that the stock is not enough. Customers of this system can search for a automobile; can purchase a automobile easily by selecting fast. On the other hand the stock of automobiles can be maintained perfectly by the automobile shop manager overcoming the drawbacks of existing system.
Welcome to WIPAC Monthly the magazine brought to you by the LinkedIn Group Water Industry Process Automation & Control.
In this month's edition, along with this month's industry news to celebrate the 13 years since the group was created we have articles including
A case study of the used of Advanced Process Control at the Wastewater Treatment works at Lleida in Spain
A look back on an article on smart wastewater networks in order to see how the industry has measured up in the interim around the adoption of Digital Transformation in the Water Industry.
COLLEGE BUS MANAGEMENT SYSTEM PROJECT REPORT.pdfKamal Acharya
The College Bus Management system is completely developed by Visual Basic .NET Version. The application is connect with most secured database language MS SQL Server. The application is develop by using best combination of front-end and back-end languages. The application is totally design like flat user interface. This flat user interface is more attractive user interface in 2017. The application is gives more important to the system functionality. The application is to manage the student’s details, driver’s details, bus details, bus route details, bus fees details and more. The application has only one unit for admin. The admin can manage the entire application. The admin can login into the application by using username and password of the admin. The application is develop for big and small colleges. It is more user friendly for non-computer person. Even they can easily learn how to manage the application within hours. The application is more secure by the admin. The system will give an effective output for the VB.Net and SQL Server given as input to the system. The compiled java program given as input to the system, after scanning the program will generate different reports. The application generates the report for users. The admin can view and download the report of the data. The application deliver the excel format reports. Because, excel formatted reports is very easy to understand the income and expense of the college bus. This application is mainly develop for windows operating system users. In 2017, 73% of people enterprises are using windows operating system. So the application will easily install for all the windows operating system users. The application-developed size is very low. The application consumes very low space in disk. Therefore, the user can allocate very minimum local disk space for this application.
Cosmetic shop management system project report.pdfKamal Acharya
Buying new cosmetic products is difficult. It can even be scary for those who have sensitive skin and are prone to skin trouble. The information needed to alleviate this problem is on the back of each product, but it's thought to interpret those ingredient lists unless you have a background in chemistry.
Instead of buying and hoping for the best, we can use data science to help us predict which products may be good fits for us. It includes various function programs to do the above mentioned tasks.
Data file handling has been effectively used in the program.
The automated cosmetic shop management system should deal with the automation of general workflow and administration process of the shop. The main processes of the system focus on customer's request where the system is able to search the most appropriate products and deliver it to the customers. It should help the employees to quickly identify the list of cosmetic product that have reached the minimum quantity and also keep a track of expired date for each cosmetic product. It should help the employees to find the rack number in which the product is placed.It is also Faster and more efficient way.
About
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
• Remote control: Parallel or serial interface.
• Compatible with MAFI CCR system.
• Compatible with IDM8000 CCR.
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
• Easy in configuration using DIP switches.
Technical Specifications
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
Key Features
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
• Remote control: Parallel or serial interface
• Compatible with MAFI CCR system
• Copatiable with IDM8000 CCR
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
Application
• Remote control: Parallel or serial interface.
• Compatible with MAFI CCR system.
• Compatible with IDM8000 CCR.
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
• Easy in configuration using DIP switches.
Democratizing Fuzzing at Scale by Abhishek Aryaabh.arya
Presented at NUS: Fuzzing and Software Security Summer School 2024
This keynote talks about the democratization of fuzzing at scale, highlighting the collaboration between open source communities, academia, and industry to advance the field of fuzzing. It delves into the history of fuzzing, the development of scalable fuzzing platforms, and the empowerment of community-driven research. The talk will further discuss recent advancements leveraging AI/ML and offer insights into the future evolution of the fuzzing landscape.
Student information management system project report ii.pdfKamal Acharya
Our project explains about the student management. This project mainly explains the various actions related to student details. This project shows some ease in adding, editing and deleting the student details. It also provides a less time consuming process for viewing, adding, editing and deleting the marks of the students.
Water scarcity is the lack of fresh water resources to meet the standard water demand. There are two type of water scarcity. One is physical. The other is economic water scarcity.
Explore the innovative world of trenchless pipe repair with our comprehensive guide, "The Benefits and Techniques of Trenchless Pipe Repair." This document delves into the modern methods of repairing underground pipes without the need for extensive excavation, highlighting the numerous advantages and the latest techniques used in the industry.
Learn about the cost savings, reduced environmental impact, and minimal disruption associated with trenchless technology. Discover detailed explanations of popular techniques such as pipe bursting, cured-in-place pipe (CIPP) lining, and directional drilling. Understand how these methods can be applied to various types of infrastructure, from residential plumbing to large-scale municipal systems.
Ideal for homeowners, contractors, engineers, and anyone interested in modern plumbing solutions, this guide provides valuable insights into why trenchless pipe repair is becoming the preferred choice for pipe rehabilitation. Stay informed about the latest advancements and best practices in the field.
1. syslog-ng: from raw data to Big Data
Scale 14x, Los Angles
Peter Czanik / Balabit
2. 2
About me
■ Peter Czanik from Hungary
■ Community manager at BalaBit: syslog-ng upstream
■ Doing syslog-ng packaging, support, advocating
■ BalaBit is an IT security company with development HQ in Budapest,
Hungary
■ Over 200 employees: the majority are engineers
3. 3
syslog-ng
■ Logging: recording events, like this one:
□ Jan 14 11:38:48 linux-0jbu sshd[7716]: Accepted publickey for root from
127.0.0.1 port 48806 ssh2
■ syslog-ng: enhanced logging daemon, with a focus on central log
collection.
□ Not only syslog
□ Processing and filtering messages
□ Storing to a central location or forwarding to a wide variety of destinations
5. 5
syslog-ng and Big Data
syslog-ng can facilitate the data pipeline to Big Data in many ways:
■ Data collector
■ Data processor
■ Data filtering
6. 6
syslog-ng: data collector
Collect system and application logs together: contextual data for either side
■ A wide variety of platform specific sources:
□ /dev/log & Co
□ Journal, Sun streams
■ Receive syslog messages over the network
□ Legacy or RFC5424, UDP/TCP/TLS
■ Logs or any kind of data from applications:
□ Through files, sockets, pipes, etc.
□ Application output
7. 7
syslog-ng: processing
Process messages close to the source: easier filtering, lower load on the
consumer side
■ classify, normalize and structure logs with built-in parsers:
□ CSV-parser, DB-parser (PatternDB), JSON parser
■ rewrite messages:
□ for example anonymization
■ Reformatting messages using templates:
□ Destination might need a specific format (ISO date, JSON, etc.)
■ Enrich data:
□ GeoIP, additional fields based on message content
8. 8
syslog-ng: data filtering
Main uses:
■ Message routing (login events to SIEM, smtp logs to separate file, etc.)
■ Throw away surplus logs (don't store debug level messages to SQL)
Many possibilities:
■ Based on message content, parameters or macros
■ Using comparisons, wildcards, regular expressions and functions
■ Combining all of these with boolean operators
10. 10
Free-form log messages
■ Most log messages are: date + hostname + text
Mar 11 13:37:56 linux-6965 sshd[4547]: Accepted keyboard-
interactive/pam for root from 127.0.0.1 port 46048 ssh2
■ Text = English sentence with some variable parts
■ Easy to read by a human
■ Difficult to process them with scripts
11. 11
Solution: structured logging
■ Events represented as name-value pairs
■ Example: an ssh login:
□ source_ip=192.168.123.45
□ app=sshd
□ user=root
■ syslog-ng: name-value pairs inside
□ Date, facility, priority, program name, pid, etc.
■ Parsers in syslog-ng can turn unstructured and some structured data (csv,
JSON) into name value pairs
14. 14
PatternDB parser
■ PatternDB message parser:
□ Can extract useful information from unstructured messages into name-value
pairs
□ Add status fields based on message text
□ Message classification (like LogCheck)
■ Needs XML describing log messages
■ Example: an ssh login failure:
□ user=root, source_ip=192.168.123.45, action=login, status=failure
□ classified as “violation”
15. 15
Anonymizing messages
■ Many regulations about what can be logged
□ PCI-DSS: credit card numbers
□ Europe: IP addresses, user names
■ Locating sensitive information:
□ Regular expressions: slow, works also in unknown logs
□ Patterndb: fast, only in known log messages
■ Anonymizing:
□ Overwrite it with constant
□ Overwrite it with a hash of the original
16. 16
Language bindings in syslog-ng
■ The primary language of syslog-ng is C:
□ High performance: processes a lot more EPS than interpreted languages
■ Not everything is implemented in C
■ Rapid prototyping is easier in interpreted languages
■ Python & Java destinations in syslog-ng, Lua & Perl in incubator
□ Embedded interpreter
□ Message or full range of name value pairs can be passed
□ Proper error handling
17. 17
Java based “Big Data” destinations
■ Most of “Big Data” is written in Java
■ C and Python clients exist, but Java is official and maintained together
with the server component
■ More effort to get started:
□ Due to missing JARs and build tools (gradle) not yet in distributions
□ libjvm.so needs to be added to LD_LIBRARY_PATH
■ https://czanik.blogs.balabit.com/2015/08/getting-started-with-syslog-ng-3-
7-1-and-elasticsearch-hadoop-kafka/
18. 18
Configuration
■ “Don't Panic”
■ Simple and logical, even if looks difficult first
■ Pipeline model:
□ Many different building blocks (sources, destinations, filters, parsers, etc.)
□ Connected using “log” statements into a pipeline
25. 25
Kafka
■ Publish – subscribe messaging
■ Data backbone for data driven organizations
□ LinkedIn
□ Spotify
■ Kafka destination is already in syslog-ng
□ Source is planned
26. 26
syslog-ng benefits for Big Data
■ High performance reliable log collection
■ Simplified architecture
□ Single application for both syslog and application data
■ Easier to use data
□ Parsed and presented in a ready to use format
■ Lower load on destinations
□ Efficient message filtering and routing
27. 27
Joining the community
■ syslog-ng: http://syslog-ng.org/
■ Source on GitHub: https://github.com/balabit/syslog-ng
■ Mailing list: https://lists.balabit.hu/pipermail/syslog-ng/
■ IRC: #syslog-ng on freenode
■ University students:
□ open trainee positions!
□ syslog-ng universe