2026-07-02 –, Amphitheater 122
We live in an age where all decisions are based on data, and in case of IT security, the most important data are log messages. Logs are collected centrally and analyzed by various applications, so there are several trends to simplify log message collection. In his talk, Peter introduces central log collection, how creating a dedicated log management layer can save you resources on all fronts, and new technologies to simplify your infrastructure. OpenTelemetry combines logs, traces and metrics into a single protocol, while Kafka can provide a single data pipeline for your organization. A simple and efficient central log management solution allows you not just to save resources, but also provides real-time insight into what is happening in your organization, improving security. While configuration examples come from syslog-ng, the concepts that Peter presents apply to most log management applications.
Even at IT security conferences, people often tell me that they “do not have central log collection” or that they “only do it due to compliance requirements”. Central log collection, however, is a lot more than just mere compliance. Setting up such a framework is in your best interest, as it provides ease of use, availability and security for log messages. If your logs are collected centrally, you can correlate problems across your whole network.
However, central log collection can easily get out of hand once your organization starts growing, especially if multiple analytics tools and collectors get involved. This is where a dedicated log management layer can help. Half a decade ago, Peter showed you how to implement such a layer purely based on the syslog protocol.
Nowadays, there are lots of possibilities for log management. OpenTelemetry combines logs, traces and metrics into a single protocol, simplifying data collection at the protocol level. All important data about your applications, including security logs, are forwarded using a single protocol and application.
Another possibility is using Kafka as a data pipeline in your organization. In this case, all data that are needed to run an organization are pushed to various Kafka topics, including security logs.
While my configuration examples come from syslog-ng, the concepts I describe apply to most log management applications.
I gained IT and infosec experience while running many of the university servers. I turned my teaching skills, gained as a PhD student, into writing technical blogs and talking at conferences.
• Engineer working now as an open source evangelist and technical product manager
• Lead the development of syslog-ng open source edition, and contribute to sudo development
• Experienced in open source community outreach, work with distributions to maintain the syslog-ng package, follow bug trackers, help users
• Accomplished blog writer and conference presenter with a proven track record of creating engaging content and delivering impactful presentations (All Things Open, FOSDEM, Pass the SALT, EuroBSDCon, and others).
In my free time I am interested in non-x86 architectures, and work on one of my PPC or ARM machines. I am an IBM Champion for POWER.