Event logging is important not only for IT security and operations, but alsofor business decisions. The syslog-ng application is an enhanced loggingdaemon, with a focus on central log collection. It collects logs from manydifferent sources, processes and filters them and finally it stores them orroutes them for further analysis. From this session you will learn (usingexamples from syslog-ng) why and how to parse important information fromincoming messages, and how to route logs, feeding downstream systems usingarbitrary formats. We will also discuss how the client – relay – serverarchitecture can solve scalability problems. Also, I will present some of therecently introduced “Big Data” destinations of syslog-ng, which can help toscale your infrastructure even further. ## Outline: * what is syslog-ng * log collection * introduction to log processing * filtering * Big Data destinations * log formats - the importance of name-value pairs * message parsing (both unstructured and some structured message formats) * formatting (templates, anonymization) * log routing (optimizing analytics infrastructure) * client (collection) - relay (processing) - server (storing, routing) * summary