| Last update | 2013-03-20 17:56:58 | 2013-03-20 17:56:58 |
|---|
| Website | http://www.rsyslog.com | http://www.balabit.com/network-security/syslog-ng/ |
|---|
| license | GPLv3 (GPLv2 for v2 branch) | LGPL |
|---|
| Input Sources | | |
|---|
| UNIX domain socket | Yes | Yes |
|---|
| UDP | Yes | Yes |
|---|
| TCP | Yes | Yes |
|---|
| RELP | Yes | |
|---|
| RFC 3195/BEEP | Yes (via im3195) | Yes |
|---|
| kernel log | Yes | Yes |
|---|
| file | Yes | Yes |
|---|
| mark message generator as an optional input | Yes | |
|---|
| Standard output (stdout) of an application | | Yes |
|---|
| Named pipe | | Yes |
|---|
| Handle multi-line messages like Apache Tomcat or Oracle log messages | | No |
|---|
| Windows Event Log | Yes a Windows event logging software such as EventReporter orMonitorWare Agent (both commercial software, both fund rsyslogdevelopment) | - via separate agent only available at Personal Edition |
|---|
| Network (Protocol) Support | | |
|---|
| support for (plain) tcp based syslog | Yes | Yes |
|---|
| support for GSS-API | Yes | |
|---|
| ability to limit the allowed network senders (syslog ACLs) | Yes | |
|---|
| support for syslog-transport-tls based framing on syslog/tcp connections | Yes | |
|---|
| udp syslog | Yes | Yes |
|---|
| syslog over RELP | Yes | |
|---|
| truly reliable message delivery (Why is plain tcp syslog not reliable?) | Yes | |
|---|
| on the wire (zlib) message compression | Yes | - only when using TLS |
|---|
| support for receiving messages via reliable RFC 3195 delivery | Yes | |
|---|
| support for TLS/SSL-protected syslog | Yes (since 3.19.0)via stunnel | Yes |
|---|
| support for IETF's new syslog-protocol draft | Yes | Yes |
|---|
| support for IETF's new syslog-transport-tls draft | Yes (since 3.19.0 - world's first implementation) | Yes |
|---|
| support for IPv6 | Yes | Yes |
|---|
| native ability to send SNMP traps | Yes | - only in syslogng box appliance |
|---|
| ability to preserve the original hostname in NAT environments and relay chains | Yes | Yes |
|---|
| Message Filtering | | |
|---|
| Filtering for syslog facility and priority | Yes | Yes |
|---|
| Filtering for hostname | Yes | Yes |
|---|
| Filtering for application | Yes | Yes |
|---|
| Filtering for message contents | Yes | Yes |
|---|
| Filtering for sending IP address | Yes | Yes |
|---|
| ability to filter on any other message field not mentioned above (including substrings and the like) | Yes | Yes |
|---|
| support for complex filters, using full boolean algebra with and/or/not operators and parenthesis | Yes | Yes |
|---|
| Support for reusable filters: specify a filter once and use it in multiple selector lines no | | Yes |
|---|
| support for arbritrary complex arithmetic and string expressions inside filters | Yes | Yes |
|---|
| ability to use regular expressions in filters | Yes | Yes PRCE and POSIX |
|---|
| support for discarding messages based on filters | Yes | Yes |
|---|
| ability to filter out messages based on sequence of appearing | Yes (starting with 3.21.3) | |
|---|
| powerful BSD-style hostname and program name blocks for easy multi-host support | Yes | |
|---|
| Supported Database Outputs | | |
|---|
| MySQL | Yes (native ommysql, omlibdbi) | Yes |
|---|
| PostgreSQL | Yes (native ompgsql, omlibdbi) | Yes |
|---|
| Oracle | Yes (omlibdbi) | Yes |
|---|
| SQLite | Yes (omlibdbi) | Yes |
|---|
| Microsoft SQL (Open TDS) | Yes (omlibdbi) | Yes |
|---|
| Sybase (Open TDS) | Yes (omlibdbi) | |
|---|
| Firebird/Interbase | Yes (omlibdbi) | |
|---|
| Ingres | Yes (omlibdbi) | |
|---|
| mSQL | Yes (omlibdbi) | |
|---|
| Enterprise Features | | |
|---|
| support for on-demand on-disk spooling of messages | Yes | |
|---|
| ability to limit disk space used by spool files | Yes | |
|---|
| each action can use its own, independant set of spool files | Yes | |
|---|
| different sets of spool files can be placed on different disk | Yes | |
|---|
| ability to process spooled messages only during a configured timeframe (e.g. only during off-peak hours, during peak hours they are enqueued only) | Yes (can independently be configured for the main queue and each action queue) | |
|---|
| ability to configure backup syslog/database servers | Yes | |
|---|
| Professional Support | Yes | |
|---|
| Config File | | |
|---|
| config file format | compatible to legacy syslogd but ugly | |
|---|
| ability to include config file from within other config files | Yes | Yes |
|---|
| ability to include all config files existing in a specific directory | Yes | |
|---|
| Extensibility | | |
|---|
| Functionality split in separately loadable modules | Yes | |
|---|
| Support for third-party input plugins | Yes | |
|---|
| Support for third-party output plugins | Yes | |
|---|
| Other Features | | |
|---|
| ability to generate file names and directories (log targets) dynamically | Yes | Yes |
|---|
| control of log output format, including ability to present channel and priority as visible log data | Yes | Yes |
|---|
| native ability to send mail messages | Yes (ommail, introduced in 3.17.0) | |
|---|
| good timestamp format control; at a minimum, ISO 8601/RFC 3339 second-resolution UTC zone | Yes | Yes microsecond time resolution, extended RFC3339, timezone information |
|---|
| ability to reformat message contents and work with substrings | Yes | Yes |
|---|
| support for log files larger than 2gb | Yes | Yes |
|---|
| support for log file size limitation and automatic rollover command execution | Yes | Yes |
|---|
| support for running multiple syslogd instances on a single machine | Yes | |
|---|
| ability to execute shell scripts on received messages | Yes | |
|---|
| ability to pipe messages to a continously running program | | |
|---|
| massively multi-threaded for tomorrow's multi-core machines | Yes | Yes |
|---|
| ability to control repeated line reduction ("last message repeated n times") on a per selector-line basis | Yes | |
|---|
| supports multiple actions per selector/filter condition | Yes | |
|---|
| web interface | phpLogCon [also works with php-syslog-ng] | |
|---|
| using text files as input source | Yes | Yes |
|---|
| rate-limiting output actions | Yes | Yes |
|---|
| discard low-priority messages under system stress | Yes | |
|---|
| flow control (slow down message reception when system is busy) | Yes (advanced, multiple ways to slow down inputs depending on individual input capabilities, based on watermarks) | Yes |
|---|
| rewriting messages | Yes | Yes |
|---|
| output data into various formats | Yes | Yes |
|---|
| ability to control "message repeated n times" generation | Yes | |
|---|
| supported platforms Linux, BSD, anecdotical seen on Solaris; compilation and basic testing done on HP UX | | Yes |
|---|
| DNS cache | Yes | Yes |
|---|
| Windows Event Log containers / log files (via separate agent application) | | |
|---|
| Latest version | 7.2.6 stable (March 2013) | Open Source Edition (OSE) 3.4 (Feb 2013) |
|---|