Experimental modules for syslog-ng 3.5+
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
m4 java-dest: Makefile refactoring Jan 13, 2015
modules
tools tools: Explicitly require glib-2.0 Oct 8, 2013
travis .travis.yml: Test with both Python2 and Python3 May 6, 2014
.gitignore .travis.yml: Test with both Python2 and Python3 May 6, 2014
.travis.yml travis: remove --with-python configure opts Aug 17, 2015
COPYING Initial import. Sep 17, 2013
GPL.txt Initial import. Sep 17, 2013
Makefile.am es-bridge: remove the elasticsearch destination Aug 18, 2015
NEWS Preparation to release 0.6.0 Jul 28, 2017
README.md Prepare to release 0.6.2 Dec 22, 2017
configure.ac Prepare to release 0.6.2 Dec 22, 2017

README.md

syslog-ng module incubator

The syslog-ng module incubator (Incubator henceforth) is a collection of tools and modules for syslog-ng that for one reason or the other, are not part of the official repository. This serves both as a staging ground for experimental modules, and as a repository of plugins that are not aimed at upstream inclusion. It's also an example of a third party syslog-ng module.

NOTE: The Incubator requires syslog-ng 3.12.1 or newer. Contents

  • Lua destination: This destination is really just a wrapper, that allows one to write destination drivers in Lua, with some limitations.

  • Perl destination: This destination allows one to write destination plugins in Perl.

  • Trigger source: A very simple example source that periodically generates a message. Useful mostly for debugging purposes.

  • Monitor source: A module similar to the trigger source, except it dispatches to a Lua function to generate the message.

  • Extra template functions: Extra template functions, such as $(//) which is floating-point division, as opposed to the built-in $(/) (integer division).

    Functions:

    • // : floating point division
    • state : gets or sets global state from template function.
  • RSS destination: A very simple destination module that allows one to offer log messages as an RSS feed.

  • logmongource: A log visualisation tool that extracts messages from a MongoDB collection, and visualises them with Gource.

  • Kafka destination: A simple, work in progress destination that allows syslog-ng to send events to the Apache Kafka distributed queue.

  • Grok parser: Grok is an advanced pattern format (like PatternDB) used primarily by LogStash, which allows users to parse unstructured data into a structured format. This module allows syslog-ng users to use Grok patterns, too.

    Grok C parser for grok.

  • 0MQ source/destination: ZeroMQ is a simple, high-speed messaging protocol. These drivers allows syslog-ng to send/receive logs from ZeroMQ message brokers.

    0MQ message protocol.

Installation

Installing the modules and tools follows the usual autotools way:

$ git clone git://github.com/balabit/syslog-ng-incubator.git
$ cd syslog-ng-incubator
$ autoreconf -i
$ ./configure && make && make install

Of course, one will need all the dependencies (syslog-ng, bison, flex, libmongo-client, lua, perl, rdkafka; of which the latter six are optional) installed too.

License

Copyright (C) 2011-2017 BalaBit IT Security Ltd., Gergely Nagy algernon@balabit.hu, Viktor Tusa tusa@balabit.hu, Viktor Juhasz viktor.juhasz@balabit.com, Attila Szalay sasa@ubainba.hu and other contributors; released under the terms of the GNU General Public License, version 2 (or later).