Compare syslog software

Link	rsyslog	syslog-ng
Last update	Mar. 20^th 2013 5:56:58 PM	Mar. 20^th 2013 5:56:58 PM
Website	rsyslog.com	balabit.com/...
license	GPLv3 (GPLv2 for v2 branch)	LGPL
Input Sources
UNIX domain socket	Yes	Yes
UDP	Yes	Yes
TCP	Yes	Yes
RELP	Yes
RFC 3195/BEEP	Yes (via im3195)	Yes
kernel log	Yes	Yes
file	Yes	Yes
mark message generator as an optional input	Yes
Standard output (stdout) of an application		Yes
Named pipe		Yes
Handle multi-line messages like Apache Tomcat or Oracle log messages		No
Windows Event Log	Yes a Windows event logging software such as EventReporter orMonitorWare Agent (both commercial software, both fund rsyslogdevelopment)	- via separate agent only available at Personal Edition
Network (Protocol) Support
support for (plain) tcp based syslog	Yes	Yes
support for GSS-API	Yes
ability to limit the allowed network senders (syslog ACLs)	Yes
support for syslog-transport-tls based framing on syslog/tcp connections	Yes
udp syslog	Yes	Yes
syslog over RELP	Yes
truly reliable message delivery (Why is plain tcp syslog not reliable?)	Yes
on the wire (zlib) message compression	Yes	- only when using TLS
support for receiving messages via reliable RFC 3195 delivery	Yes
support for TLS/SSL-protected syslog	Yes (since 3.19.0)via stunnel	Yes
support for IETF's new syslog-protocol draft	Yes	Yes
support for IETF's new syslog-transport-tls draft	Yes (since 3.19.0 - world's first implementation)	Yes
support for IPv6	Yes	Yes
native ability to send SNMP traps	Yes	- only in syslogng box appliance
ability to preserve the original hostname in NAT environments and relay chains	Yes	Yes
Message Filtering
Filtering for syslog facility and priority	Yes	Yes
Filtering for hostname	Yes	Yes
Filtering for application	Yes	Yes
Filtering for message contents	Yes	Yes
Filtering for sending IP address	Yes	Yes
ability to filter on any other message field not mentioned above (including substrings and the like)	Yes	Yes
support for complex filters, using full boolean algebra with and/or/not operators and parenthesis	Yes	Yes
Support for reusable filters: specify a filter once and use it in multiple selector lines no		Yes
support for arbritrary complex arithmetic and string expressions inside filters	Yes	Yes
ability to use regular expressions in filters	Yes	Yes PRCE and POSIX
support for discarding messages based on filters	Yes	Yes
ability to filter out messages based on sequence of appearing	Yes (starting with 3.21.3)
powerful BSD-style hostname and program name blocks for easy multi-host support	Yes
Supported Database Outputs
MySQL	Yes (native ommysql, omlibdbi)	Yes
PostgreSQL	Yes (native ompgsql, omlibdbi)	Yes
Oracle	Yes (omlibdbi)	Yes
SQLite	Yes (omlibdbi)	Yes
Microsoft SQL (Open TDS)	Yes (omlibdbi)	Yes
Sybase (Open TDS)	Yes (omlibdbi)
Firebird/Interbase	Yes (omlibdbi)
Ingres	Yes (omlibdbi)
mSQL	Yes (omlibdbi)
Enterprise Features
support for on-demand on-disk spooling of messages	Yes
ability to limit disk space used by spool files	Yes
each action can use its own, independant set of spool files	Yes
different sets of spool files can be placed on different disk	Yes
ability to process spooled messages only during a configured timeframe (e.g. only during off-peak hours, during peak hours they are enqueued only)	Yes (can independently be configured for the main queue and each action queue)
ability to configure backup syslog/database servers	Yes
Professional Support	Yes
Config File
config file format	compatible to legacy syslogd but ugly
ability to include config file from within other config files	Yes	Yes
ability to include all config files existing in a specific directory	Yes
Extensibility
Functionality split in separately loadable modules	Yes
Support for third-party input plugins	Yes
Support for third-party output plugins	Yes
Other Features
ability to generate file names and directories (log targets) dynamically	Yes	Yes
control of log output format, including ability to present channel and priority as visible log data	Yes	Yes
native ability to send mail messages	Yes (ommail, introduced in 3.17.0)
good timestamp format control; at a minimum, ISO 8601/RFC 3339 second-resolution UTC zone	Yes	Yes microsecond time resolution, extended RFC3339, timezone information
ability to reformat message contents and work with substrings	Yes	Yes
support for log files larger than 2gb	Yes	Yes
support for log file size limitation and automatic rollover command execution	Yes	Yes
support for running multiple syslogd instances on a single machine	Yes
ability to execute shell scripts on received messages	Yes
ability to pipe messages to a continously running program
massively multi-threaded for tomorrow's multi-core machines	Yes	Yes
ability to control repeated line reduction ("last message repeated n times") on a per selector-line basis	Yes
supports multiple actions per selector/filter condition	Yes
web interface	phpLogCon [also works with php-syslog-ng]
using text files as input source	Yes	Yes
rate-limiting output actions	Yes	Yes
discard low-priority messages under system stress	Yes
flow control (slow down message reception when system is busy)	Yes (advanced, multiple ways to slow down inputs depending on individual input capabilities, based on watermarks)	Yes
rewriting messages	Yes	Yes
output data into various formats	Yes	Yes
ability to control "message repeated n times" generation	Yes
supported platforms Linux, BSD, anecdotical seen on Solaris; compilation and basic testing done on HP UX		Yes
DNS cache	Yes	Yes
Windows Event Log containers / log files (via separate agent application)
Latest version	7.2.6 stable (March 2013)	Open Source Edition (OSE) 3.4 (Feb 2013)

User reviews and comments