Entretien : Péter Czanik

Vous trouverez ici une interview en anglais de Péter Czanik, ingénieur chez Balabit sur le logiciel syslog-ng. Il donnera une conférence mercredi 5 juillet matin.

Twitter : https://twitter.com/PCzanik
Péter@Balabit : https://www.balabit.com/blog/author/peterczan/

Hi Peter !

First can you introduce yourself and tell us about how you came to
work in IT ? What is your job at Balabit ?

I am an engineer working as syslog-ng evangelist at Balabit, the company that developed syslog-ng. I assist distributions to maintain the syslog-ng package, follow bug trackers, help users and talk regularly at conferences (SCALE, All Things Open, FOSDEM, Libre Software Meeting, and others). In my limited free time I am interested in non-x86 architectures, and work on one of my PPC or ARM machines.
I studied environmental protection at the university, but I was running servers at the faculty already during my first year :-) No wonder that by the time I had to give up my dream of a university carrier I ended up in an IT job. First I was running tens of thousands of Apache virtualhosts in FreeBSD jails, long before containerization was a household name. I also worked as director of QA for a PowerPC / ARM hardware company working with Linux developers and users. I started at Balabit as syslog-ng QA engineer, but soon I was utilizing my sysadmin and community experiences and worked as community manager / evangelist for syslog-ng.

Can you give some insight about how one goes from an open source
project like syslog-ng to an enterprise like Balabit ?

The syslog-ng project started in 1998, two years before Balabit was founded for a completely different software. For a long time syslog-ng was a personal project of Balazs Scheidler, one of Balabit’s founders. It quickly become widespread thanks to its configuration language, high performance and portability.
Once companies started to ask for commercial support, syslog-ng Premium Edition (PE) was released with support and a few extra features. Later SSB, an appliance built around syslog-ng, was added with indexing and a web based configuration and search interface.

Was it hard for Balabit to reach a self-sufficiency level ? How do you
decide if a particular feature should be paid for or integrated in the
open source edition ?

Compliance-related features, that are mostly important for larger companies (like encrypted, time stamped log storage,) are part of the Premium Edition. Several features are introduced in PE first, then later migrated into the open source edition. And sometimes features go the other way : they are open source first, then mature and become available also in PE. Then again, some features are only available in OSE, mostly those requiring extra dependencies to access exotic resources, like Riemann or Redis.

Can you give us some details about your strategy for the future ? Log
analysis is a very competitive domain, what are your new projects or
interests to face the competition ? Will these new projects be open
source ?

One of the main advantages of syslog-ng has always been its flexibility. Nowadays getting the information out of log messages in a structured way is important, so message parsing is a focus. The python parser was added to OSE and PE in the latest release making it easy to extend functionality even by end users, and allow them to process exotic log messages. Another important trend is the need to integrate log messages with various big-data infrastructures like Elastic or Hadoop, or SIEM devices, so destinations that make this happen are introduced and improved in syslog-ng (for example, the HTTP destination). OSE has been available on ARM CPUs in Linux distributions for many years. As ARM is getting more popular also in the server world, there are plans to support it also with PE.

Thanks for your answers and see you at RMLL 2017 !