Dear Tumbleweed users and hackers,

Tumbleweed is rolling full steam ahead with 7 snapshots in 7 days (0312 through 0318). No major issues have shown up in openQA – everything was detected and fixed in the staging areas.

Without further ado, let’s look at what those snapshots brought you this week:

• libzypp 17.38.4 / zypper 1.14.95 / libsolv 0.7.36
• sdbootutil 20260311 & 20260313
• Mesa 26.0.2
• cURL 8.19.0
• Linux kernel 6.19.7 & 6.19.8
• php 8.4.19
• systemd 259.5
• KDE Frameworks 6.24.0
• gimp 3.2.0
• kbd 2.9.0
• pipewire 1.6.2
• Ruby 4.0.2
• elfutils 0.194
• gpg 2.5.18

Let’s see if we can keep that pace next week, and if so, what changes you can expect:

• GCC 16: build fix for s390x
• Linux kernel 6.19.9
• Switch default bootloader on uefi systems to systemd-boot (aligning tumbleweed to microos)
• cmake 4.3.0
• LLVM 22
• GCC 16 as the default compiler
• Autoconf 2.73.0: currently the bate staged to identify issues
• GNOME 50: Final is staged for QA, some sec reviews and 3rd party package fixes pending
• glibc 2.43: metabug: https://bugzilla.opensuse.org/show_bug.cgi?id=1257250

Hoy toca vídeo, y es que últimamente estoy viendo como creadores de contenido cada vez le dedican más tiempo a hablar de Linux, como por ejemplo este de Guillem Cortés (GCTech en su canal) titulado «Instalé Linux en un MacBook con Apple Silicon ¡Ya no hay vuelta atrás!». En él muestra los pros y contras de instalar un sistema libre en un dispositivo de la manzana.

Instalé Linux en un MacBook con Apple Silicon ¡Ya no hay vuelta atrás!

Como decía en la introducción, cada vez más creadores de contenido ponen su vista los sistemas libres por muchas razones: precios, rendimiento, obsolescencia de sus equipos, filosofía, etc.

De esta forma, os invito a ver el siguiente vídeo del creador de contenido Guillem Cortés en el que detalla su experiencia instalando Asahi Linux de forma nativa en un MacBook Pro con chip M1 Pro, desafiando la idea de que los equipos de Apple son sistemas totalmente cerrados y que únicamente puedes tener su software.

Y abriendo la puerta a evitar que estos equipos queden obsoletos en cuanto la compañía de la manzana decida que tue equipo es viejo y que ya no te sirve… cuando eso no es cierto.

Aunque evidentemente os invito a ver el vídeo, os pongo algunos de los puntos destacados según mi parecer:

• El sistema utiliza la distribución Fedora Asahi Remix.
• El hardware responde bien, destacando el brillo y el audio, los cuales funcionan de forma excelente.
• La batería dura casi lo mismo que con el software original.
• El punto problemático es que la pantalla está limitada a 60 Hz en lugar de los 120 Hz originales.

También comenta que, aunque cuenta con controladores de GPU nativos, todavía existen limitaciones. De tal forma, estos MacOs con Linux son perfectamente aptos para tareas cotidianas y juegos ligeros, pero flaquean para edición de vídeo profesional o títulos triple A.

El autor concluye que este proyecto es una victoria técnica y filosófica, asegurando que los usuarios mantengan el control de su hardware incluso cuando Apple deje de dar soporte oficial a estas máquinas.

Y vosotros, ¿qué opináis? ¿Vale la pena pagar por un Mac para ponerle un Linux? ¿O mejor buscar ordenadores que no tengan la etiqueta de la manzana?

La entrada Instalé Linux en un MacBook con Apple Silicon ¡Ya no hay vuelta atrás! se publicó primero en KDE Blog.

This is a roundup of articles from the openSUSE community listed on planet.opensuse.org.

The community blog feed aggregator lists the featured highlights below from March 13 to March 19.

Blogs this week highlight OBS request workflow improvements with better comment visibility and RPMLint integration, and a new cockpit-client-launcher package simplifying Cockpit setup on Tumbleweed and Leap. Blogs also cover KDE Plasma 6.6’s third bugfix update, Marknote 1.5’s new raw Markdown editing mode, Kontainer as a KDE-native Distrobox manager, openSUSE’s new Cavil-Qwen3.5-4B legal classification model and more.

Blogs also cover KDE Plasma 6.6’s third bugfix update, Marknote 1.5’s new raw Markdown editing mode, Kontainer as a KDE-native Distrobox manager, openSUSE’s new Cavil-Qwen3.5-4B legal classification model, a LogAI tool for querying system logs in plain English, Victorhck handing off his unofficial openSUSE guide, the GNOME 50 wallpaper design story, and more.

Here is a summary and links for each post:

My New Toy: FreeBSD on the HP Z2 Mini Revisited

Peter Czánik’s Blog continues the series on his HP Z2 Mini AI workstation. This time he revisits FreeBSD after resolving a graphics driver issue by switching from the AMD to the ATI kernel module. The GNOME desktop is now stable and functional. A switch to KDE’s Plasma resolves a remaining screen-locking issue.

Debate: The State vs. Social Networks – New Event by GNU/Linux València

The KDE Blog announces an upcoming event organized by the nonprofit association GNU/Linux València on March 27 in Valencia, Spain. The evening begins with a Linux install party at 17:00, followed at 18:30 by an open debate on new social media regulations, their implications for privacy, and how federated alternatives like the Fediverse compare. Admission is free.

Latest Improvements to the Request Page

The Open Build Service Blog hightlights improvements to the OBS request workflow. Changes include visual highlighting of comments, an enhanced Accept dropdown with improved accessibility, and integrated contextual descriptions for RPMLint results directly into the UI.

Friday Sketches (Part 2)

Jakub Steiner’s Blog shares a large collection of app icon sketches produced during GNOME Design Team Friday sessions over the past two years. Scroll through all the sketches.

New Launcher Aims to Simplify Cockpit Installations

The openSUSE News team introduces cockpit-client-launcher, which is a new package that gives openSUSE users a straightforward desktop entry point for the Cockpit web-based system administration interface. The launcher, which features a YaST-inspired icon, automates systemd service activation and firewall configuration on first launch. It is available as an official package on both Tumbleweed and Leap.

Central Log Collection – More Than Just Compliance

Peter Czánik’s Blog makes the case that a centralized log collection benefits more than just regulatory compliance; it improves operational ease, log availability during outages, and security against log tampering. The post walks through practical scenarios at different scales, from a handful of machines to networks of hundreds.

Displaying System Info with Native KDE Plasma 6 Plasmoids

Victorhck walks through how to use the built-in System Monitor Sensor plasmoide in KDE Plasma 6 to display system information such as uptime directly on the desktop. The guide covers configuring the widget’s appearance, selecting sensors, and customizing displayed labels.

Third Update of KDE Plasma 6.6

The KDE Blog announces the third bugfix update for Plasma 6.6. The update is part of KDE’s regular maintenance cadence and follows the full Plasma 6.6 feature release. The update is strongly recommended for all users.

Brazilian Digital Children’s Law and Linux: Debunking the Panic

Alessandro’s Blog takes a detailed look at Brazil’s Lei 15.211/2025 (the “Digital Statute for Children and Adolescents”), which sparked widespread but unfounded claims that Linux would be banned in Brazil. The post argues that the episode was driven more by misinformation and social media panic than by the actual legal text.

GNOME 50 Wallpapers

Jakub Steiner’s Blog celebrates the GNOME 50 release by walking through the design history behind the new default wallpaper. The post also covers updates to the Symbolics and glass chip wallpapers, and previews the new Tubes design aimed at dark-theme users.

My New Toy: AI First Steps with the HP Z2 Mini

Peter Czánik’s Blog recounts first experiments with AI features on Windows using the AMD Ryzen 395’s NPU on the HP Z2 Mini workstation. The Windows Recall feature could not be tested since it requires Secure Boot, which was disabled for Linux dual-boot compatibility.

My Unofficial openSUSE Guide Changes Hands

Victorhck announces that the Spanish-language unofficial openSUSE guide, which he has maintained since 2016, is being handed off to community member Diablo Rojo for continued maintenance and modernization. The guide, aimed at newcomers to openSUSE Leap, has been updated to reflect a decade of changes in the project including the rise of Tumbleweed, the transition away from YaST, and the arrival of Myrlyn.

Code Mode in Marknote, S3 Support in Dolphin, and Glaxnimate Release – This Month in KDE Apps

The KDE Blog summarizes a month’s worth of KDE application progress. Marknote gained a plain-text code mode, a note-linking dialog, search-and-replace, and animated UI transitions; Dolphin added S3 support of custom endpoints and is no longer limited to AWS-compatible services.

Kontainer – Distrobox Container Manager Built for KDE Plasma

The CubicleNate Blog reviews Kontainer, a KDE-native graphical interface for managing Distrobox containers. The app integrates well with the Plasma desktop and simplifies installing and running software from other Linux distributions inside containers.

openSUSE Releases Updated Legal Classification Model

The openSUSE News team announces Cavil-Qwen3.5-4B, which is a new fine-tuned language model on the project’s HuggingFace page. It is designed to automate detection of license declarations and copyright notices in code repositories. GGUF quantized versions contributed by a community member are also available for local use with tools like llama.cpp.

Marknote 1.5 Arrives in KDE

Victorhck covers the Marknote 1.5 release. It highlights the new source mode that lets users edit raw Markdown without the WYSIWYG renderer. Other additions include wiki-style internal note linking with cross-notebook search, drag-and-drop note management, a KRunner plugin for instant note access, and more.

This Month in KDE Linux – February Progress

The KDE Blog summarizes Nate Graham’s February update on KDE. Highlights include more accurate download size reporting in Discover, the introduction of Kapsule as a new container-based software installer, improved Flatpak localization, and better AMD GPU crash protection.

LogAI - Asking The System Logs in Plain English

Zoltán Balogh’s Blog introduces LogAI; It is a locally-run RAG (Retrieval-Augmented Generation) system for querying the Linux journalctl system log. RAG is a technique that enables large language models to retrieve and incorporate new information from external data sources. The post describes the motivation: replacing grep-heavy log triage with natural language questions like “What went wrong last night?”

Press and Hold for Alternative Characters – This Week in Plasma

The KDE Blog covers the latest Plasma development highlights like a new press-and-hold feature for the plasma-keyboard virtual keyboard that surfaces alternative and diacritic characters. Other changes include custom sound theme installation from downloaded files, a Global Menu widget fix for multi-monitor setups, and more.

Linux Saloon 192 – Open Mic Night

The CubicleNate Blog recaps episode 192 of the Linux Saloon podcast. Topics ranged from protecting personal data while browsing the internet to early streaming memories with RealPlayer and the history of IRC.

Personal Digital Sovereignty

Cornelius Schumacher’s Blog reflects on what personal digital sovereignty means in practice. The post emphasizes the importance of one having control over their digital life along with choosing to leave it one desires. He uses examples of his own stack built around Linux, KDE, self-hosted Nextcloud, and GitJournal to get his points across.

24th Update of KDE Frameworks 6

The KDE Blog hightlights KDE Frameworks 6.24.0, the 24th monthly maintenance update for version 6. The blog starts with Attica and then focuses on several Qt-based projects.

openSUSE Tumbleweed Weekly Review – Week 11 of 2026

Victorhck and dimstar report on a full week of snapshots delivered in week 11. A total of seven snapshots were submitted and six were. Snapshot 0309 was held back due to a SELinux policy sync issue with systemd 259.3 that was resolved in the next snapshot. Delivered updates include the Linux kernel 6.19.6 (and kernel longterm 6.18.16), KDE Gear 25.12.3, systemd 259.3, Pipewire 1.6.1, and more.

Released Glaxnimate 0.6, the 2D vector graphics editor for animation creation

The KDE Blog announces the release of 2D vector graphics editor Glaxnimate 0.6.0. The integration brings improved cross-platform support (including Microsoft Store and macOS), KDE theming support, and increases translated languages from 8 to 26. New features include better SVG import/export, undo/redo for layer visibility and more.

View more blogs or learn to publish your own on planet.opensuse.org.

In our previous post from November 2025 we already told you to expect a temporal slow down in this blog activity. And here we are, more than four months later, to finally break that hiatus by announcing a new Agama version. But, why did it take so long to go from Agama 18 to Agama 19?

The key is that Agama 19 is not just another incremental change. This new version of Agama actually represents a new starting point in several aspects, from the architectural design to the organization of the web user interface, including some rewritten components and much more.

Architectural revamp​

We always wanted Agama to follow the schema displayed below, in which the core of the installer could be controlled through a consistent and simple programming interface (an API, in developers jargon). In that schema, the web-based user interface, the command-line tools and the unattended installation are built on top of that generic API.

But previous versions of Agama were full of quirks that didn't allow us to define an API that would match our quality standards as a solid foundation to build a simple but comprehensive installer. Agama 19 represents a quite significant architectural overhaul, needed to leave all those quirks behind and to define mechanisms that can be the cornerstone for any future development.

Of course, such a drastic change opens the door for potential bugs. Your testing, feedback and kind bug reports will help us to consolidate the new mechanisms in upcoming Agama versions.

Note that, despite the redesign of the programming interface, the JSON-based configuration format remains fully backwards compatible. Any JSON or Jsonnet profile that worked in previous versions of Agama will keep working in Agama 19 and beyond.

In a similar way, we also expect to declare the Agama API as stable soon. So anyone could then write their own tools to directly interact with the Agama core, without depending on the web user interface or the Agama command-line tools.

Reorganization of the web user interface​

Having a better API enabled us to adjust the web user interface to be closer to our original vision. We still have a long way to go in our road to a fully usable interface but the new navigation experience, based on a better overview page and a more useful confirmation dialog, sets the direction to follow.

Although most configuration sections remain similar to previous versions of Agama, we plan to revamp some of them. The process has already started for the sections to configure iSCSI, DASD, zFCP and network.

Regarding network, there are two important changes. On the one hand, now the user interface dynamicaly reacts to changes in the underlying system. For instance, when a new cable is plugged in or when a new WiFi adapter is connected. On the other hand, now it is possible to define new ethernet connections. That is very relevant in installation scenarios with several network adapters that need to be configured in different ways. For example, where one network is used to access storage devices and another one is used to reach the installation repositories.

The web user interface also got a new option to download the current installer configuration in the JSON format used by the Agama command line tools and for unattended installation. That is the first step to turn the web interface into a useful learning and prototyping tool for more advanced scenarios, although this new functionality could benefit from several usability improvements. Stay tuned.

All the mentioned changes in the user interface will require several updates to the screenshots and guides available at the project home page. That will not happen overnight, so please bear with us during that gradual process. Of course, the page is (just like Agama itself) maintained in a public repository, so feel free to contribute to speed the process up.

Rewritten internal components​

As you may know, YaST still lives in the core of Agama. Many tasks like managing storage devices or configuring the boot loader are done under the hood by the corresponding YaST modules (ie. yast2-storage-ng or yast2-bootloader). But lately the usage of some particular YaST modules became more a limiting factor than an advantage.

That is the case for yast2-users and yast2-software. Both are very complex due to historical reasons and to their ability to both install a new system and administer an already installed one, something that is out of the scope of Agama.

Thus, we decided to use the architectural revamp as an opportunity to replace those YaST parts with simpler implementations that will allow us to evolve faster in the future. Agama 19 includes its own management of users and, even more important and ambitious, its own management of software including the registration of SUSE Linux Enterprise and associated products and extensions.

Installation modes​

But Agama 19 does not only bring restructuring and rewrites, it also comes with a bunch of new functionality, like the new ability to install some distributions in different so-called installation modes.

When installing the experimental pre-releases of SLES 16.1 or the corresponding version of SLES for SAP Applications, now it is possible to select between the Standard and the Immutable modes. See the following screenshot for details.

Agama support for installation modes is not limited to the use case illustrated above. Other distributions ("products" in Agama jargon) like openSUSE Leap or Tumbleweed may make use of modes in the future to redefine their software and storage configurations, offering different variants of a same operating system.

More configuration options​

Although modes are the most visible of the new features, we also added other new capabilities to Agama that are, at least for now, only accessible using the JSON configuration. That makes those new features available for users of the command-line interface and of unattended installations.

Probably, the most awaited of those new features is the ability to install into an existing LVM volume group. When doing so, it is possible to create new logical volumes within the pre-existing volume group and it is also possible to reuse, delete or resize the existing logical volumes. Agama 19 even allows to add new physical volumes to an existing volume group as part of the process. Most of those capabilities will soon be added to the web user interface.

We also extended the configuration of the boot loader with a new setting updateNvram that, when disabled, prevents the boot loader updates of the persistent RAM (NVRAM). That is an expert feature that was requested by several users to handle broken firmwares or network setups.

Last but not least, now it is possible to specify several SSH public keys to authenticate the root user and also to use SSH keys as authentication mechanism for the non-root user created by Agama.

Many changes in the installation media​

As you can see, Agama 19 is quite a significant release. But there is room for many things in four months, even to work beyond Agama itself. During this time we also incorporated several changes to the live ISO that most of you use to execute Agama.

Those changes include several improvements in the boot menu (like better support for serial console or adapted timeouts), dropping the "Boot from Disk" option in most architectures, unifying the location of kernel and initramfs between the different architectures and a new boot argument live.net_config_tui=1 to trigger nmtui (an interactive network configuration tool) before Agama starts.

Back to regular speed​

It is clear that we consider Agama 19 to be a crucial milestone in the (still short) Agama history, but it is by no means the end of the path. Quite the opposite, we expect to recover our usual development pace and deliver new versions almost every month, as you can see in the updated roadmap.

But with great software rewrites comes great opportunity for new bugs, so we depend on your bug reports, your feedback and your contributions to keep improving. Do not hesitate to reach us at the Agama project at GitHub and the #yast channel at Libera.chat.

Have a lot of fun!

Last week, I wrote about my initial FreeBSD experiences on my new toy, an AI workstation from HP. FreeBSD runs lightning fast on it, but the desktop was somewhat problematic. Well, I made lots of improvements this week!

A bit of debugging

While there are still some rough edges, there have been tons of improvements since last week. I do not have plans to use FreeBSD on the desktop in the long term, but still, I just could not believe that the FreeBSD GUI is this problematic on this device. I did some experimentation though and it helped a lot… :-)

The initial problem I realized while browsing the output of dmesg was that desktop-installer enabled the wrong kernel modules repository for me. The line leading there was this:

KLD amdgpu.ko: depends on kernel - not available or version mismatch

The next problem occurred when I fixed this problem: there was a kernel panic on boot, when amdgpu.ko was loaded.

I did a fresh FreeBSD install and instead of using the latest packages, I decided to go with the quarterly packages. This way, the desktop installer configured the right kmod repo – however, loading amdgpu.ko still caused a kernel panic. Another experiment I made was using the ATI driver instead of AMD. The installer says that AMD is for modern cards, and ATI is for older ones. Well, as it turned out, even if the chip is barely half a year old, it counts as “old”… :-)

I am still not convinced that proper hardware-based acceleration works: both X.org logs and the GNOME “About” page showed software rendering. However, I had no problem with graphics performance: TuxRacer worked perfectly well… :-) And the GNOME desktop also worked nicely and as stable, including video playback. The only pain point when using GNOME was that screen locking still did not work.

KDE to the rescue

Even if it’s just software rendering, the graphics problem seems to be resolved. However, the screen locking problem still bothered me, as I’m an IT security guy with a healthy dose of paranoia (which means that I lock my screen even when I’m home alone… :-)).

So even if I haven’t tried KDE for the past 5+ years, I gave it a try now. After so many years on XFCE and GNOME, the interface looks a bit weird. However, everything I tried on it seems to work just fine, including screen locking.

This blog is part of a longer series about my adventures with my new machine and AI. You can reach me to discuss this blog on one of the contacts listed in the upper right corner. You can read the rest of the blogs under the toy tag.

Organizada por la asociación sin ánimo de lucro GNU/Linux València os invito a participar en la charla «Debate: ¿el Estado contra las redes sociales?» que se celebrará el 27 de marzo a las 18:30 horas. Y antes, como es tradicional, su taller de instalación Linux. Una tarde completa.

Debate: ¿el Estado contra las redes sociales? – nuevo evento organizado por GNU/Linux València

Me complace presentaros un nuevo evento de la Asociación sin Ánimo de Lucro GNU/Linux València que siguen sus actividades este 2026 con una jornada que presentará un interesante y necesario debate que sería muy adecuado que llegara al gran público, sobre todo, a los adolescentes: Debate: ¿el Estado contra las redes sociales?

Pero antes, y como un servicio que no tiene precio pero que tiene un valor incalculable:

Y, si ya tienes tu Linux instalado, no te pierdas el debate-:

¡Recuerda!

• Viernes 27 de Marzo de 2026
• ¡Entrada libre!
• Edifici Las Naves (Carrer Joan Verdeguer, 16, 46024, València)
• 17:00 Taller de instalación/ayuda GNU/Linux
• 18:30 Parlem! Debate sobre regulaciones sobre redes sociales

Más información: GNU/Linux València

¡Únete a GNU/Linux València!

Aprovecho para recordar que desde hace unos meses, los chicos de GNU/Linux Valencia ya tienen su menú propio en el blog, con lo que seguir sus eventos en esta humilde bitácora será más fácil que nunca, y así podréis comprobar su alto nivel de actividades que realizan que destacan por su variedad.

Y que además, GNU/Linux València creció y se ha convertió en asociación. Así que si buscas una forma de colaborar con el Software Libre, esta asociación puede ser tu sitio. ¡Te esperamos!

La entrada Debate: ¿el Estado contra las redes sociales? – nuevo evento organizado por GNU/Linux València se publicó primero en KDE Blog.

Two years have passed since I last shared my Friday app icon sketches, but the sketching itself hasn't stopped.

For me, it's the best way to figure out the right metaphors before we move to final pixels. These sketches are just one part of the GNOME Design Team's wider effort to keep our icons consistent and meaningful—it is an endeavor that’s been going on for years.

If you design a GNOME app following the GNOME Design Guidelines, feel free to request an icon to be made for you. If you are serious and apply for inclusion in GNOME Circle, you are way more likely to get a designer's attention.

Previously

Members of the openSUSE community are tackling the complex undertaking of transitioning from YaST by developing a streamlined system management interface.

After some adjustments and community feedback in the openSUSE bar, members took an existing tool to roll out a launcher for openSUSE users that provides a web-based system administration interface, more accessible to users switching from the traditional YaST setup utility.

The cockpit-client launcher, addresses a barrier that has frustrated some users attempting to adopt Cockpit as a replacement for YaST. According to feedback on the openSUSE forums, the process has been neither simple nor straightforward, until now.

The launcher icon, which includes legacy YaST colors for the adjusted logo, is specific to openSUSE and was created in response to user concerns. After some testing and minor refinements, the package was pushed and is available on Tumbleweed and Leap as an Official package.

“Since Cockpit-client has both Flatpak and RPM launchers available, we need to give them different icons so users can actually tell them apart,” said Lubos Kocman. “The different colored icon instantly shows users which launcher they’re opening to eliminate any confusion.”

The Installation Process

The launcher reduces a multi-step process that is now a straight-forward workflow. Previously, users faced complications accessing Cockpit through localhost:9090, which the community identified as a pain point.

sudo zypper install cockpit-client-launcher

Users are also recommended to install patterns-cockpit to ensure all Cockpit modules are available:

sudo zypper install -t pattern cockpit

Finally, users launch the application from their desktop environment’s application menu and follow initial setup dialogs. The launcher automatically activates necessary systemd services and firewall settings.

To align with security requirements, user will be asked whether to enable cockpit.socket and for preferred firewalld configuration in case cockpit wasn’t previously enabled and running.

It was tested on both Tumbleweed and Leap 16 installations and testing confirms the package successfully integrates across different openSUSE flavors, versions and installation scenarios.

A demonstration video created by Low Tech Linux showcases the installation and setup process on both Tumbleweed and Leap 16.

The Cockpit web interface provides graphical access to system administration functions that are traditionally handled through command-line tools or YaST, which include package management, user administration, service control, and more.

I often hear, even at security conferences that “no central log collection here” or “we have something due to compliance”. Central logging is more than just compliance. It makes logs easier to use, available and secure, thus making your life easier in operations, security, development, but also in marketing, sales, and so on.

What are logs and what is central log collection?

Most operating systems and applications keep track of what they are doing. They write log messages. A syslog message might look similar:

Mar 16 13:13:49 cent sshd[543817]: Accepted publickey for toor from 192.168.97.14 port 58246 ssh2: RSA SHA256:GeGHdsl1IZrnTniKUxxxX4NpP8Q

Applications might store their logs separately and have their own log format, like this Apache access log:

192.168.0.164 - - [16/Mar/2026:13:17:01 +0100] "HEAD /other/syslog-ng-insider-2026-03-4110-release-opensearch-elasticsearch/ HTTP/1.1" 200 3764 "-" "SkytabBot/1.0 (URL Resolution)"

Central log collection simply means that log messages are collected to a central location instead or in addition to saving them locally.

In this blog we take a look at what ease of use, availability, and security of central log collection mean for you.

Ease of use

If you have a single computer in your organization, finding a log message about an event on that computer takes some time. Once you have 2 computers, you have to check 2 computers to find that event. It might take twice as much time, but it is still easier than implementing central log collection. Not to mention, which one is the central computer. :-)

Once you have a network of 10 computers, logging in to each of them to find a log message about an event becomes a huge overhead. It is still doable, but implementing central log collection is a lot easier already in the short term, than looking at the logs on the machines where they were created.

On a network of 100 computers, it is practically impossible to find relevant logs by security or operations, unless logs are collected centrally.

Availability

Collecting logs centrally means that log messages are available even when the sending machine is down. If you want to know what happened, you do not have to get the machine up and running again, but you can check the logs at the central location. If you see signs of a hardware failure, you can go with a spare part immediately, reducing the time and effort needed to repair the machines.

Security

When a computer is compromised, log messages are often altered or deleted completely. However, this tactic only works with logs stored locally. Collecting logs at a central location allows you to use the unmodified logs and to figure out how the compromise happened.

What is next?

It is time to introduce central logging to your organization if you have not yet done it yet. Of course I am a bit biased, but syslog-ng is the perfect tool to do so. You can get started by reading / watching the syslog-ng tutorial on https://peter.czanik.hu/posts/syslog-ng-tutorial-toc/.

Originally published at https://www.syslog-ng.com/community/b/blog/posts/central-log-collection—more-than-just-compliance