Compare syslog software

Enlace	rsyslog	syslog-ng
Actualizado	2013-03-20 17:56:58	2013-03-20 17:56:58
Sitio web	rsyslog.com	balabit.com/...
license	GPLv3 (GPLv2 for v2 branch)	LGPL
Input Sources
UNIX domain socket	Sí	Sí
UDP	Sí	Sí
TCP	Sí	Sí
RELP	Sí
RFC 3195/BEEP	Sí (via im3195)	Sí
kernel log	Sí	Sí
file	Sí	Sí
mark message generator as an optional input	Sí
Standard output (stdout) of an application		Sí
Named pipe		Sí
Handle multi-line messages like Apache Tomcat or Oracle log messages		No
Windows Event Log	Sí a Windows event logging software such as EventReporter orMonitorWare Agent (both commercial software, both fund rsyslogdevelopment)	- via separate agent only available at Personal Edition
Network (Protocol) Support
support for (plain) tcp based syslog	Sí	Sí
support for GSS-API	Sí
ability to limit the allowed network senders (syslog ACLs)	Sí
support for syslog-transport-tls based framing on syslog/tcp connections	Sí
udp syslog	Sí	Sí
syslog over RELP	Sí
truly reliable message delivery (Why is plain tcp syslog not reliable?)	Sí
on the wire (zlib) message compression	Sí	- only when using TLS
support for receiving messages via reliable RFC 3195 delivery	Sí
support for TLS/SSL-protected syslog	Sí (since 3.19.0)via stunnel	Sí
support for IETF's new syslog-protocol draft	Sí	Sí
support for IETF's new syslog-transport-tls draft	Sí (since 3.19.0 - world's first implementation)	Sí
support for IPv6	Sí	Sí
native ability to send SNMP traps	Sí	- only in syslogng box appliance
ability to preserve the original hostname in NAT environments and relay chains	Sí	Sí
Message Filtering
Filtering for syslog facility and priority	Sí	Sí
Filtering for hostname	Sí	Sí
Filtering for application	Sí	Sí
Filtering for message contents	Sí	Sí
Filtering for sending IP address	Sí	Sí
ability to filter on any other message field not mentioned above (including substrings and the like)	Sí	Sí
support for complex filters, using full boolean algebra with and/or/not operators and parenthesis	Sí	Sí
Support for reusable filters: specify a filter once and use it in multiple selector lines no		Sí
support for arbritrary complex arithmetic and string expressions inside filters	Sí	Sí
ability to use regular expressions in filters	Sí	Sí PRCE and POSIX
support for discarding messages based on filters	Sí	Sí
ability to filter out messages based on sequence of appearing	Sí (starting with 3.21.3)
powerful BSD-style hostname and program name blocks for easy multi-host support	Sí
Supported Database Outputs
MySQL	Sí (native ommysql, omlibdbi)	Sí
PostgreSQL	Sí (native ompgsql, omlibdbi)	Sí
Oracle	Sí (omlibdbi)	Sí
SQLite	Sí (omlibdbi)	Sí
Microsoft SQL (Open TDS)	Sí (omlibdbi)	Sí
Sybase (Open TDS)	Sí (omlibdbi)
Firebird/Interbase	Sí (omlibdbi)
Ingres	Sí (omlibdbi)
mSQL	Sí (omlibdbi)
Enterprise Features
support for on-demand on-disk spooling of messages	Sí
ability to limit disk space used by spool files	Sí
each action can use its own, independant set of spool files	Sí
different sets of spool files can be placed on different disk	Sí
ability to process spooled messages only during a configured timeframe (e.g. only during off-peak hours, during peak hours they are enqueued only)	Sí (can independently be configured for the main queue and each action queue)
ability to configure backup syslog/database servers	Sí
Professional Support	Sí
Config File
config file format	compatible to legacy syslogd but ugly
ability to include config file from within other config files	Sí	Sí
ability to include all config files existing in a specific directory	Sí
Extensibility
Functionality split in separately loadable modules	Sí
Support for third-party input plugins	Sí
Support for third-party output plugins	Sí
Other Features
ability to generate file names and directories (log targets) dynamically	Sí	Sí
control of log output format, including ability to present channel and priority as visible log data	Sí	Sí
native ability to send mail messages	Sí (ommail, introduced in 3.17.0)
good timestamp format control; at a minimum, ISO 8601/RFC 3339 second-resolution UTC zone	Sí	Sí microsecond time resolution, extended RFC3339, timezone information
ability to reformat message contents and work with substrings	Sí	Sí
support for log files larger than 2gb	Sí	Sí
support for log file size limitation and automatic rollover command execution	Sí	Sí
support for running multiple syslogd instances on a single machine	Sí
ability to execute shell scripts on received messages	Sí
ability to pipe messages to a continously running program
massively multi-threaded for tomorrow's multi-core machines	Sí	Sí
ability to control repeated line reduction ("last message repeated n times") on a per selector-line basis	Sí
supports multiple actions per selector/filter condition	Sí
web interface	phpLogCon [also works with php-syslog-ng]
using text files as input source	Sí	Sí
rate-limiting output actions	Sí	Sí
discard low-priority messages under system stress	Sí
flow control (slow down message reception when system is busy)	Sí (advanced, multiple ways to slow down inputs depending on individual input capabilities, based on watermarks)	Sí
rewriting messages	Sí	Sí
output data into various formats	Sí	Sí
ability to control "message repeated n times" generation	Sí
supported platforms Linux, BSD, anecdotical seen on Solaris; compilation and basic testing done on HP UX		Sí
DNS cache	Sí	Sí
Windows Event Log containers / log files (via separate agent application)
Latest version	7.2.6 stable (March 2013)	Open Source Edition (OSE) 3.4 (Feb 2013)

User reviews and comments