syslog-ng
Likes 0
Name | syslog-ng |
|---|---|
| Website | balabit.com/... |
| license | LGPL |
| Input Sources | |
| UNIX domain socket | Yes |
| UDP | Yes |
| TCP | Yes |
| RELP | |
| RFC 3195/BEEP | Yes |
| kernel log | Yes |
| file | Yes |
| mark message generator as an optional input | |
| Standard output (stdout) of an application | Yes |
| Named pipe | Yes |
| Handle multi-line messages like Apache Tomcat or Oracle log messages | No |
| Windows Event Log | - via separate agent only available at Personal Edition |
| Network (Protocol) Support | |
| support for (plain) tcp based syslog | Yes |
| support for GSS-API | |
| ability to limit the allowed network senders (syslog ACLs) | |
| support for syslog-transport-tls based framing on syslog/tcp connections | |
| udp syslog | Yes |
| syslog over RELP | |
| truly reliable message delivery (Why is plain tcp syslog not reliable?) | |
| on the wire (zlib) message compression | - only when using TLS |
| support for receiving messages via reliable RFC 3195 delivery | |
| support for TLS/SSL-protected syslog | Yes |
| support for IETF's new syslog-protocol draft | Yes |
| support for IETF's new syslog-transport-tls draft | Yes |
| support for IPv6 | Yes |
| native ability to send SNMP traps | - only in syslogng box appliance |
| ability to preserve the original hostname in NAT environments and relay chains | Yes |
| Message Filtering | |
| Filtering for syslog facility and priority | Yes |
| Filtering for hostname | Yes |
| Filtering for application | Yes |
| Filtering for message contents | Yes |
| Filtering for sending IP address | Yes |
| ability to filter on any other message field not mentioned above (including substrings and the like) | Yes |
| support for complex filters, using full boolean algebra with and/or/not operators and parenthesis | Yes |
| Support for reusable filters: specify a filter once and use it in multiple selector lines no | Yes |
| support for arbritrary complex arithmetic and string expressions inside filters | Yes |
| ability to use regular expressions in filters | Yes PRCE and POSIX |
| support for discarding messages based on filters | Yes |
| ability to filter out messages based on sequence of appearing | |
| powerful BSD-style hostname and program name blocks for easy multi-host support | |
| Supported Database Outputs | |
| MySQL | Yes |
| PostgreSQL | Yes |
| Oracle | Yes |
| SQLite | Yes |
| Microsoft SQL (Open TDS) | Yes |
| Sybase (Open TDS) | |
| Firebird/Interbase | |
| Ingres | |
| mSQL | |
| Enterprise Features | |
| support for on-demand on-disk spooling of messages | |
| ability to limit disk space used by spool files | |
| each action can use its own, independant set of spool files | |
| different sets of spool files can be placed on different disk | |
| ability to process spooled messages only during a configured timeframe (e.g. only during off-peak hours, during peak hours they are enqueued only) | |
| ability to configure backup syslog/database servers | |
| Professional Support | |
| Config File | |
| config file format | |
| ability to include config file from within other config files | Yes |
| ability to include all config files existing in a specific directory | |
| Extensibility | |
| Functionality split in separately loadable modules | |
| Support for third-party input plugins | |
| Support for third-party output plugins | |
| Other Features | |
| ability to generate file names and directories (log targets) dynamically | Yes |
| control of log output format, including ability to present channel and priority as visible log data | Yes |
| native ability to send mail messages | |
| good timestamp format control; at a minimum, ISO 8601/RFC 3339 second-resolution UTC zone | Yes microsecond time resolution, extended RFC3339, timezone information |
| ability to reformat message contents and work with substrings | Yes |
| support for log files larger than 2gb | Yes |
| support for log file size limitation and automatic rollover command execution | Yes |
| support for running multiple syslogd instances on a single machine | |
| ability to execute shell scripts on received messages | |
| ability to pipe messages to a continously running program | |
| massively multi-threaded for tomorrow's multi-core machines | Yes |
| ability to control repeated line reduction ("last message repeated n times") on a per selector-line basis | |
| supports multiple actions per selector/filter condition | |
| web interface | |
| using text files as input source | Yes |
| rate-limiting output actions | Yes |
| discard low-priority messages under system stress | |
| flow control (slow down message reception when system is busy) | Yes |
| rewriting messages | Yes |
| output data into various formats | Yes |
| ability to control "message repeated n times" generation | |
| supported platforms Linux, BSD, anecdotical seen on Solaris; compilation and basic testing done on HP UX | Yes |
| DNS cache | Yes |
| Windows Event Log containers / log files (via separate agent application) | |
| Latest version | Open Source Edition (OSE) 3.4 (Feb 2013) |
User reviews and comments