rsyslogsyslog-ng
Last update2013-03-20 17:56:582013-03-20 17:56:58
Websitehttp://www.rsyslog.comhttp://www.balabit.com/network-security/syslog-ng/
licenseGPLv3 (GPLv2 for v2 branch)LGPL
Input Sources
UNIX domain socketYesYes
UDPYesYes
TCPYesYes
RELPYes
RFC 3195/BEEPYes (via im3195)Yes
kernel logYesYes
fileYesYes
mark message generator as an optional inputYes
Standard output (stdout) of an applicationYes
Named pipeYes
Handle multi-line messages like Apache Tomcat or Oracle log messagesNo
Windows Event LogYes a Windows event logging software such as EventReporter orMonitorWare Agent (both commercial software, both fund rsyslogdevelopment)- via separate agent only available at Personal Edition
Network (Protocol) Support
support for (plain) tcp based syslogYesYes
support for GSS-APIYes
ability to limit the allowed network senders (syslog ACLs)Yes
support for syslog-transport-tls based framing on syslog/tcp connectionsYes
udp syslogYesYes
syslog over RELPYes
truly reliable message delivery (Why is plain tcp syslog not reliable?)Yes
on the wire (zlib) message compressionYes- only when using TLS
support for receiving messages via reliable RFC 3195 deliveryYes
support for TLS/SSL-protected syslogYes (since 3.19.0)via stunnelYes
support for IETF's new syslog-protocol draftYesYes
support for IETF's new syslog-transport-tls draftYes (since 3.19.0 - world's first implementation)Yes
support for IPv6YesYes
native ability to send SNMP trapsYes- only in syslogng box appliance
ability to preserve the original hostname in NAT environments and relay chainsYesYes
Message Filtering
Filtering for syslog facility and priorityYesYes
Filtering for hostnameYesYes
Filtering for applicationYesYes
Filtering for message contentsYesYes
Filtering for sending IP addressYesYes
ability to filter on any other message field not mentioned above (including substrings and the like)YesYes
support for complex filters, using full boolean algebra with and/or/not operators and parenthesisYesYes
Support for reusable filters: specify a filter once and use it in multiple selector lines noYes
support for arbritrary complex arithmetic and string expressions inside filtersYesYes
ability to use regular expressions in filtersYesYes PRCE and POSIX
support for discarding messages based on filtersYesYes
ability to filter out messages based on sequence of appearingYes (starting with 3.21.3)
powerful BSD-style hostname and program name blocks for easy multi-host supportYes
Supported Database Outputs
MySQLYes (native ommysql, omlibdbi)Yes
PostgreSQLYes (native ompgsql, omlibdbi)Yes
OracleYes (omlibdbi)Yes
SQLiteYes (omlibdbi)Yes
Microsoft SQL (Open TDS)Yes (omlibdbi)Yes
Sybase (Open TDS)Yes (omlibdbi)
Firebird/InterbaseYes (omlibdbi)
IngresYes (omlibdbi)
mSQLYes (omlibdbi)
Enterprise Features
support for on-demand on-disk spooling of messagesYes
ability to limit disk space used by spool filesYes
each action can use its own, independant set of spool filesYes
different sets of spool files can be placed on different diskYes
ability to process spooled messages only during a configured timeframe (e.g. only during off-peak hours, during peak hours they are enqueued only)Yes (can independently be configured for the main queue and each action queue)
ability to configure backup syslog/database serversYes
Professional SupportYes
Config File
config file formatcompatible to legacy syslogd but ugly
ability to include config file from within other config filesYesYes
ability to include all config files existing in a specific directoryYes
Extensibility
Functionality split in separately loadable modulesYes
Support for third-party input pluginsYes
Support for third-party output pluginsYes
Other Features
ability to generate file names and directories (log targets) dynamicallyYesYes
control of log output format, including ability to present channel and priority as visible log dataYesYes
native ability to send mail messagesYes (ommail, introduced in 3.17.0)
good timestamp format control; at a minimum, ISO 8601/RFC 3339 second-resolution UTC zoneYesYes microsecond time resolution, extended RFC3339, timezone information
ability to reformat message contents and work with substringsYesYes
support for log files larger than 2gbYesYes
support for log file size limitation and automatic rollover command executionYesYes
support for running multiple syslogd instances on a single machineYes
ability to execute shell scripts on received messagesYes
ability to pipe messages to a continously running program
massively multi-threaded for tomorrow's multi-core machinesYesYes
ability to control repeated line reduction ("last message repeated n times") on a per selector-line basisYes
supports multiple actions per selector/filter conditionYes
web interfacephpLogCon [also works with php-syslog-ng]
using text files as input sourceYesYes
rate-limiting output actionsYesYes
discard low-priority messages under system stressYes
flow control (slow down message reception when system is busy)Yes (advanced, multiple ways to slow down inputs depending on individual input capabilities, based on watermarks)Yes
rewriting messagesYesYes
output data into various formatsYesYes
ability to control "message repeated n times" generationYes
supported platforms Linux, BSD, anecdotical seen on Solaris; compilation and basic testing done on HP UXYes
DNS cacheYesYes
Windows Event Log containers / log files (via separate agent application)
Latest version7.2.6 stable (March 2013)Open Source Edition (OSE) 3.4 (Feb 2013)