Last update | 2013-03-20 17:56:58 | 2013-03-20 17:56:58 |
---|
Website | http://www.rsyslog.com | http://www.balabit.com/network-security/syslog-ng/ |
---|
license | GPLv3 (GPLv2 for v2 branch) | LGPL |
---|
Input Sources | | |
---|
UNIX domain socket | Yes | Yes |
---|
UDP | Yes | Yes |
---|
TCP | Yes | Yes |
---|
RELP | Yes | |
---|
RFC 3195/BEEP | Yes (via im3195) | Yes |
---|
kernel log | Yes | Yes |
---|
file | Yes | Yes |
---|
mark message generator as an optional input | Yes | |
---|
Standard output (stdout) of an application | | Yes |
---|
Named pipe | | Yes |
---|
Handle multi-line messages like Apache Tomcat or Oracle log messages | | No |
---|
Windows Event Log | Yes a Windows event logging software such as EventReporter orMonitorWare Agent (both commercial software, both fund rsyslogdevelopment) | - via separate agent only available at Personal Edition |
---|
Network (Protocol) Support | | |
---|
support for (plain) tcp based syslog | Yes | Yes |
---|
support for GSS-API | Yes | |
---|
ability to limit the allowed network senders (syslog ACLs) | Yes | |
---|
support for syslog-transport-tls based framing on syslog/tcp connections | Yes | |
---|
udp syslog | Yes | Yes |
---|
syslog over RELP | Yes | |
---|
truly reliable message delivery (Why is plain tcp syslog not reliable?) | Yes | |
---|
on the wire (zlib) message compression | Yes | - only when using TLS |
---|
support for receiving messages via reliable RFC 3195 delivery | Yes | |
---|
support for TLS/SSL-protected syslog | Yes (since 3.19.0)via stunnel | Yes |
---|
support for IETF's new syslog-protocol draft | Yes | Yes |
---|
support for IETF's new syslog-transport-tls draft | Yes (since 3.19.0 - world's first implementation) | Yes |
---|
support for IPv6 | Yes | Yes |
---|
native ability to send SNMP traps | Yes | - only in syslogng box appliance |
---|
ability to preserve the original hostname in NAT environments and relay chains | Yes | Yes |
---|
Message Filtering | | |
---|
Filtering for syslog facility and priority | Yes | Yes |
---|
Filtering for hostname | Yes | Yes |
---|
Filtering for application | Yes | Yes |
---|
Filtering for message contents | Yes | Yes |
---|
Filtering for sending IP address | Yes | Yes |
---|
ability to filter on any other message field not mentioned above (including substrings and the like) | Yes | Yes |
---|
support for complex filters, using full boolean algebra with and/or/not operators and parenthesis | Yes | Yes |
---|
Support for reusable filters: specify a filter once and use it in multiple selector lines no | | Yes |
---|
support for arbritrary complex arithmetic and string expressions inside filters | Yes | Yes |
---|
ability to use regular expressions in filters | Yes | Yes PRCE and POSIX |
---|
support for discarding messages based on filters | Yes | Yes |
---|
ability to filter out messages based on sequence of appearing | Yes (starting with 3.21.3) | |
---|
powerful BSD-style hostname and program name blocks for easy multi-host support | Yes | |
---|
Supported Database Outputs | | |
---|
MySQL | Yes (native ommysql, omlibdbi) | Yes |
---|
PostgreSQL | Yes (native ompgsql, omlibdbi) | Yes |
---|
Oracle | Yes (omlibdbi) | Yes |
---|
SQLite | Yes (omlibdbi) | Yes |
---|
Microsoft SQL (Open TDS) | Yes (omlibdbi) | Yes |
---|
Sybase (Open TDS) | Yes (omlibdbi) | |
---|
Firebird/Interbase | Yes (omlibdbi) | |
---|
Ingres | Yes (omlibdbi) | |
---|
mSQL | Yes (omlibdbi) | |
---|
Enterprise Features | | |
---|
support for on-demand on-disk spooling of messages | Yes | |
---|
ability to limit disk space used by spool files | Yes | |
---|
each action can use its own, independant set of spool files | Yes | |
---|
different sets of spool files can be placed on different disk | Yes | |
---|
ability to process spooled messages only during a configured timeframe (e.g. only during off-peak hours, during peak hours they are enqueued only) | Yes (can independently be configured for the main queue and each action queue) | |
---|
ability to configure backup syslog/database servers | Yes | |
---|
Professional Support | Yes | |
---|
Config File | | |
---|
config file format | compatible to legacy syslogd but ugly | |
---|
ability to include config file from within other config files | Yes | Yes |
---|
ability to include all config files existing in a specific directory | Yes | |
---|
Extensibility | | |
---|
Functionality split in separately loadable modules | Yes | |
---|
Support for third-party input plugins | Yes | |
---|
Support for third-party output plugins | Yes | |
---|
Other Features | | |
---|
ability to generate file names and directories (log targets) dynamically | Yes | Yes |
---|
control of log output format, including ability to present channel and priority as visible log data | Yes | Yes |
---|
native ability to send mail messages | Yes (ommail, introduced in 3.17.0) | |
---|
good timestamp format control; at a minimum, ISO 8601/RFC 3339 second-resolution UTC zone | Yes | Yes microsecond time resolution, extended RFC3339, timezone information |
---|
ability to reformat message contents and work with substrings | Yes | Yes |
---|
support for log files larger than 2gb | Yes | Yes |
---|
support for log file size limitation and automatic rollover command execution | Yes | Yes |
---|
support for running multiple syslogd instances on a single machine | Yes | |
---|
ability to execute shell scripts on received messages | Yes | |
---|
ability to pipe messages to a continously running program | | |
---|
massively multi-threaded for tomorrow's multi-core machines | Yes | Yes |
---|
ability to control repeated line reduction ("last message repeated n times") on a per selector-line basis | Yes | |
---|
supports multiple actions per selector/filter condition | Yes | |
---|
web interface | phpLogCon [also works with php-syslog-ng] | |
---|
using text files as input source | Yes | Yes |
---|
rate-limiting output actions | Yes | Yes |
---|
discard low-priority messages under system stress | Yes | |
---|
flow control (slow down message reception when system is busy) | Yes (advanced, multiple ways to slow down inputs depending on individual input capabilities, based on watermarks) | Yes |
---|
rewriting messages | Yes | Yes |
---|
output data into various formats | Yes | Yes |
---|
ability to control "message repeated n times" generation | Yes | |
---|
supported platforms Linux, BSD, anecdotical seen on Solaris; compilation and basic testing done on HP UX | | Yes |
---|
DNS cache | Yes | Yes |
---|
Windows Event Log containers / log files (via separate agent application) | | |
---|
Latest version | 7.2.6 stable (March 2013) | Open Source Edition (OSE) 3.4 (Feb 2013) |
---|