Google Pub/Sub gRPC, Sentinel and Azure Monitor destinations in AxoSyslog 4.10

Version 4.10 of AxoSyslog, our syslog-ng™ fork (syslog-ng is a trademark of One Identity) brings you new destinations for sending data to Microsoft Sentinel and Azure Monitor, a gRPC-based Google Pub/Sub destination, and many new features for FilterX, not to mention the bug fixes for issues reported in the AxoSyslog and the syslog-ng projects. This update introduces significant enhancements tailored for system and network administrators seeking advanced logging solutions. For in-depth details of every change, see the release notes on the GitHub Releases page. You can also find the details of the new features in the AxoSyslog documentation.

Google Pub/Sub gRPC destination

AxoSyslog now supports sending logs directly to Google Pub/Sub via the gRPC interface, enabling seamless integration with Google’s messaging infrastructure. Note that the older google-pubsub() destination sends messages via HTTP, while the new google-pubsub-grpc() destination is based on the robust gRPC protocol. In addition, this implementation also allows you to use templating and macros in the  project() and topic() options for increased flexibility in log management. For example:

google-pubsub-grpc(
  project("my_project")
  topic($topic)

  data($MESSAGE)
  attributes(
    timestamp => $S_ISODATE,
    host => $HOST,
  )

  workers(4)
  batch-timeout(1000) # ms
  batch-lines(1000)
);

Azure Monitor and Microsoft Sentinel destinations

This release allows you to forward logs to Azure Monitor and Microsoft Sentinel, making it easy to integrate the syslog-based part of your logging infrastructure with Azure-based collection and analytics solutions. For example, the following destination sends data into a custom table of your Azure Monitor Log Analytics Workspace:

destination d_azure {
  azure-monitor-custom(
    table-name("my-table")
    dcr-id("my-dcr-id")
    dce-uri("https://dce-uri.ingest.monitor.azure.com")

    auth(tenant-id("my-tenant-id") app-id("my-app-id") app-secret("my-app-secret"))
  );
};

For details, see the AxoSyslog Azure Monitor destination documentation.

FilterX updates

We’ve worked a lot on our FilterX data processing engine, and we keep optimizing it and adding new stuff as we find that something is missing when working with users and customers. The main FilterX updates for this release include:

• A new =?? operator to assign only non-null values
• A function to list the top-level keys of a dictionary
• Transfer several variables between FilterX blocks on different log paths and messages
• Assign metric labels efficiently
• Set multiple fields in an object with overrides and defaults
• Format datetime values
• Switch-case expressions in FilterX to better organize the code instead of using multiple  if/elif/else blocks. Using switch-case expressions also improves performance.

Other changes

• A new $SOURCEPORT macro which expands to the source port of the peer.

• The syslog() source driver can now auto-detect RFC6587-style octet-count based framing, which until now was difficult to configure properly.

For the complete list of changes, see the release notes on the GitHub Releases page. You can also find the details of the new features in the AxoSyslog documentation.

Try now!

AxoSyslog is readily accessible and available from a number of sources:

• Packages are available for Debian and Ubuntu from our APT repository.
• RPM packages are available for Fedora, Red Hat, and similar distributions from our RPM repository. See our blog post for details on installing AxoSyslog on RHEL, AlmaLinux, or Fedora!
• We also provide cloud-ready container images and Helm charts.
• AxoSyslog 4.10 is a binary-compatible drop-in replacement for syslog-ng, up to version 4.7.1 (and possibly newer).

Summary

AxoSyslog 4.10.0 marks a significant advancement in system logging capabilities, offering enhanced integration with major cloud platforms. System and network administrators are encouraged to explore this release to leverage its full potential in their logging infrastructure.

Thank you for everyone contributing with bug reports, feature requests, or pull requests. Feedback and any contribution is always appreciated. Visit AxoSyslog GitHub page or join Axoflow’s Discord server to reach out to us.