rsyslog
Likes 0
Name | rsyslog |
---|---|
Website | rsyslog.com |
license | GPLv3 (GPLv2 for v2 branch) |
Input Sources | |
UNIX domain socket | Yes |
UDP | Yes |
TCP | Yes |
RELP | Yes |
RFC 3195/BEEP | Yes (via im3195) |
kernel log | Yes |
file | Yes |
mark message generator as an optional input | Yes |
Standard output (stdout) of an application | |
Named pipe | |
Handle multi-line messages like Apache Tomcat or Oracle log messages | |
Windows Event Log | Yes a Windows event logging software such as EventReporter orMonitorWare Agent (both commercial software, both fund rsyslogdevelopment) |
Network (Protocol) Support | |
support for (plain) tcp based syslog | Yes |
support for GSS-API | Yes |
ability to limit the allowed network senders (syslog ACLs) | Yes |
support for syslog-transport-tls based framing on syslog/tcp connections | Yes |
udp syslog | Yes |
syslog over RELP | Yes |
truly reliable message delivery (Why is plain tcp syslog not reliable?) | Yes |
on the wire (zlib) message compression | Yes |
support for receiving messages via reliable RFC 3195 delivery | Yes |
support for TLS/SSL-protected syslog | Yes (since 3.19.0)via stunnel |
support for IETF's new syslog-protocol draft | Yes |
support for IETF's new syslog-transport-tls draft | Yes (since 3.19.0 - world's first implementation) |
support for IPv6 | Yes |
native ability to send SNMP traps | Yes |
ability to preserve the original hostname in NAT environments and relay chains | Yes |
Message Filtering | |
Filtering for syslog facility and priority | Yes |
Filtering for hostname | Yes |
Filtering for application | Yes |
Filtering for message contents | Yes |
Filtering for sending IP address | Yes |
ability to filter on any other message field not mentioned above (including substrings and the like) | Yes |
support for complex filters, using full boolean algebra with and/or/not operators and parenthesis | Yes |
Support for reusable filters: specify a filter once and use it in multiple selector lines no | |
support for arbritrary complex arithmetic and string expressions inside filters | Yes |
ability to use regular expressions in filters | Yes |
support for discarding messages based on filters | Yes |
ability to filter out messages based on sequence of appearing | Yes (starting with 3.21.3) |
powerful BSD-style hostname and program name blocks for easy multi-host support | Yes |
Supported Database Outputs | |
MySQL | Yes (native ommysql, omlibdbi) |
PostgreSQL | Yes (native ompgsql, omlibdbi) |
Oracle | Yes (omlibdbi) |
SQLite | Yes (omlibdbi) |
Microsoft SQL (Open TDS) | Yes (omlibdbi) |
Sybase (Open TDS) | Yes (omlibdbi) |
Firebird/Interbase | Yes (omlibdbi) |
Ingres | Yes (omlibdbi) |
mSQL | Yes (omlibdbi) |
Enterprise Features | |
support for on-demand on-disk spooling of messages | Yes |
ability to limit disk space used by spool files | Yes |
each action can use its own, independant set of spool files | Yes |
different sets of spool files can be placed on different disk | Yes |
ability to process spooled messages only during a configured timeframe (e.g. only during off-peak hours, during peak hours they are enqueued only) | Yes (can independently be configured for the main queue and each action queue) |
ability to configure backup syslog/database servers | Yes |
Professional Support | Yes |
Config File | |
config file format | compatible to legacy syslogd but ugly |
ability to include config file from within other config files | Yes |
ability to include all config files existing in a specific directory | Yes |
Extensibility | |
Functionality split in separately loadable modules | Yes |
Support for third-party input plugins | Yes |
Support for third-party output plugins | Yes |
Other Features | |
ability to generate file names and directories (log targets) dynamically | Yes |
control of log output format, including ability to present channel and priority as visible log data | Yes |
native ability to send mail messages | Yes (ommail, introduced in 3.17.0) |
good timestamp format control; at a minimum, ISO 8601/RFC 3339 second-resolution UTC zone | Yes |
ability to reformat message contents and work with substrings | Yes |
support for log files larger than 2gb | Yes |
support for log file size limitation and automatic rollover command execution | Yes |
support for running multiple syslogd instances on a single machine | Yes |
ability to execute shell scripts on received messages | Yes |
ability to pipe messages to a continously running program | |
massively multi-threaded for tomorrow's multi-core machines | Yes |
ability to control repeated line reduction ("last message repeated n times") on a per selector-line basis | Yes |
supports multiple actions per selector/filter condition | Yes |
web interface | phpLogCon [also works with php-syslog-ng] |
using text files as input source | Yes |
rate-limiting output actions | Yes |
discard low-priority messages under system stress | Yes |
flow control (slow down message reception when system is busy) | Yes (advanced, multiple ways to slow down inputs depending on individual input capabilities, based on watermarks) |
rewriting messages | Yes |
output data into various formats | Yes |
ability to control "message repeated n times" generation | Yes |
supported platforms Linux, BSD, anecdotical seen on Solaris; compilation and basic testing done on HP UX | |
DNS cache | Yes |
Windows Event Log containers / log files (via separate agent application) | |
Latest version | 7.2.6 stable (March 2013) |
User reviews and comments