Home Home > Tag > geoip
Sign up | Login

Posts Tagged ‘geoip’

syslog-ng vs. systemd’s journald

April 30th, 2018 by

This blog is part of a series of technical blogs leading up to the release of openSUSE Leap 15. All of the blogs provide a use case regarding openSUSE Leap and the packages available in the distribution. Happy reading.

 

Authored by Peter Czanik

People often ask me what to use: systemd’s journald or syslog-ng? The quick answer is that most likely both, but it depends on how you use your computer(s). If you have a single standalone machine, journald is probably enough. There is even a nice desktop application to view the logs in the journal. But once you have multiple machines to manage, using syslog-ng has many advantages.

Even if you use syslog-ng, local system logs are collected by journald. It is an integral part of systemd and cannot be uninstalled. Luckily, syslog-ng can read log messages from the journal. If journald stores additional name-value pairs about an event, syslog-ng can read those as well.

So, why install syslog-ng? The short answer is: central logging.

Why is the central collection of logs such a big deal? One reason is ease of use, as central logging creates a single place to check logs instead of tens or thousands of devices. Another reason is availability – you can check a device’s log messages even if the device itself is unavailable for any reason. A third reason is security; when your device is hacked, checking the logs can uncover traces of the hack.

journald also has some central logging capabilities, but syslog-ng provides a lot more features and better performance:

  • journald was originally designed for local logs on desktops – where there are not that many logs. On the other hand, syslog-ng was designed for high-performance central log collection from the ground up.
  • syslog-ng can collect logs from many more sources, including pipes, sockets, and files. File sources are especially important, as many applications – like web servers – log to files and do that at a rate that journald cannot handle.
  • syslog-ng does more than simple log storage. It can process log messages in many ways: parse them to create name-value pairs for easier alerting and reporting, enrich them with geographical information (GeoIP), rewrite them for anonymization (see PCI-DSS or GDPR), or reformat them according to the requirements of the destination.
  • Filtering in syslog-ng makes very precise log routing possible, ensuring that all logs reach the right destination.
  • Speaking of destinations: there are many possibilities for storing log messages, not just flat files or other syslog servers as it was the case many years ago. For example, you can store logs in SQL databases, send logs to Splunk for further analysis using HTTP, store name-value pairs parsed from logs in MongoDB, or send an email alert using the SMTP destination.

(more…)

Update to Kernel 4.14 Among This Week’s Tumbleweed Snapshots

November 23rd, 2017 by

The past week brought new features to openSUSE Tumbleweed with a snapshot that included Linux Kernel 4.14. New features like HDMI Consumer Electronics Control support for Raspberry Pi and the merging of Heterogeneous Memory Management to the mainline this Long-Term Support Kernel are promising.

openSUSE’s rolling distribution produced four openSUSE Tumbleweed snapshots this week and brought many other goodies.

Topping off the latest snapshot, 20171121, was a service release of mono-core 5.4.1. Mono,  which is the open source implementation of Microsoft’s .NET Framework based on the ECMA standards for C# and the Common Language Runtime, provided a handful of bugfixes. Code-cleaning in setup.py was made available with the update to python-ldap 2.5.2. The administration and debugging tool for the XFS file system had an enormous amount of updates with the xfsprogs 4.13.1 version, which has new extent lookup helpers.

The 20171120 snapshot, which provided Linux Kernel 4.14, had updated versions for the IP lookup program GeoIP and the expat library. GeoIP 1.6.11 provided a fix for the use of a NULL pointer when opening a corrupt database with GeoIP_open and expat 2.2.5 provided several fixes including a security fix. Text editor GNU nano introduced the ability to record and replay keystrokes with version 2.9.0 and python-setuptools 36.7.2 fixed duplicate test discovery on Python 3.

(more…)