 Enlace | rsyslog | syslog-ng |
|---|---|---|
| Actualizado | 2013-03-20 17:56:58 | 2013-03-20 17:56:58 |
| Sitio web | rsyslog.com | balabit.com/... |
| license | GPLv3 (GPLv2 for v2 branch) | LGPL |
| Input Sources | ||
| UNIX domain socket | Sí | Sí |
| UDP | Sí | Sí |
| TCP | Sí | Sí |
| RELP | Sí | |
| RFC 3195/BEEP | Sí (via im3195) | Sí |
| kernel log | Sí | Sí |
| file | Sí | Sí |
| mark message generator as an optional input | Sí | |
| Standard output (stdout) of an application | Sí | |
| Named pipe | Sí | |
| Handle multi-line messages like Apache Tomcat or Oracle log messages | No | |
| Windows Event Log | Sí a Windows event logging software such as EventReporter orMonitorWare Agent (both commercial software, both fund rsyslogdevelopment) | - via separate agent only available at Personal Edition |
| Network (Protocol) Support | ||
| support for (plain) tcp based syslog | Sí | Sí |
| support for GSS-API | Sí | |
| ability to limit the allowed network senders (syslog ACLs) | Sí | |
| support for syslog-transport-tls based framing on syslog/tcp connections | Sí | |
| udp syslog | Sí | Sí |
| syslog over RELP | Sí | |
| truly reliable message delivery (Why is plain tcp syslog not reliable?) | Sí | |
| on the wire (zlib) message compression | Sí | - only when using TLS |
| support for receiving messages via reliable RFC 3195 delivery | Sí | |
| support for TLS/SSL-protected syslog | Sí (since 3.19.0)via stunnel | Sí |
| support for IETF's new syslog-protocol draft | Sí | Sí |
| support for IETF's new syslog-transport-tls draft | Sí (since 3.19.0 - world's first implementation) | Sí |
| support for IPv6 | Sí | Sí |
| native ability to send SNMP traps | Sí | - only in syslogng box appliance |
| ability to preserve the original hostname in NAT environments and relay chains | Sí | Sí |
| Message Filtering | ||
| Filtering for syslog facility and priority | Sí | Sí |
| Filtering for hostname | Sí | Sí |
| Filtering for application | Sí | Sí |
| Filtering for message contents | Sí | Sí |
| Filtering for sending IP address | Sí | Sí |
| ability to filter on any other message field not mentioned above (including substrings and the like) | Sí | Sí |
| support for complex filters, using full boolean algebra with and/or/not operators and parenthesis | Sí | Sí |
| Support for reusable filters: specify a filter once and use it in multiple selector lines no | Sí | |
| support for arbritrary complex arithmetic and string expressions inside filters | Sí | Sí |
| ability to use regular expressions in filters | Sí | Sí PRCE and POSIX |
| support for discarding messages based on filters | Sí | Sí |
| ability to filter out messages based on sequence of appearing | Sí (starting with 3.21.3) | |
| powerful BSD-style hostname and program name blocks for easy multi-host support | Sí | |
| Supported Database Outputs | ||
| MySQL | Sí (native ommysql, omlibdbi) | Sí |
| PostgreSQL | Sí (native ompgsql, omlibdbi) | Sí |
| Oracle | Sí (omlibdbi) | Sí |
| SQLite | Sí (omlibdbi) | Sí |
| Microsoft SQL (Open TDS) | Sí (omlibdbi) | Sí |
| Sybase (Open TDS) | Sí (omlibdbi) | |
| Firebird/Interbase | Sí (omlibdbi) | |
| Ingres | Sí (omlibdbi) | |
| mSQL | Sí (omlibdbi) | |
| Enterprise Features | ||
| support for on-demand on-disk spooling of messages | Sí | |
| ability to limit disk space used by spool files | Sí | |
| each action can use its own, independant set of spool files | Sí | |
| different sets of spool files can be placed on different disk | Sí | |
| ability to process spooled messages only during a configured timeframe (e.g. only during off-peak hours, during peak hours they are enqueued only) | Sí (can independently be configured for the main queue and each action queue) | |
| ability to configure backup syslog/database servers | Sí | |
| Professional Support | Sí | |
| Config File | ||
| config file format | compatible to legacy syslogd but ugly | |
| ability to include config file from within other config files | Sí | Sí |
| ability to include all config files existing in a specific directory | Sí | |
| Extensibility | ||
| Functionality split in separately loadable modules | Sí | |
| Support for third-party input plugins | Sí | |
| Support for third-party output plugins | Sí | |
| Other Features | ||
| ability to generate file names and directories (log targets) dynamically | Sí | Sí |
| control of log output format, including ability to present channel and priority as visible log data | Sí | Sí |
| native ability to send mail messages | Sí (ommail, introduced in 3.17.0) | |
| good timestamp format control; at a minimum, ISO 8601/RFC 3339 second-resolution UTC zone | Sí | Sí microsecond time resolution, extended RFC3339, timezone information |
| ability to reformat message contents and work with substrings | Sí | Sí |
| support for log files larger than 2gb | Sí | Sí |
| support for log file size limitation and automatic rollover command execution | Sí | Sí |
| support for running multiple syslogd instances on a single machine | Sí | |
| ability to execute shell scripts on received messages | Sí | |
| ability to pipe messages to a continously running program | ||
| massively multi-threaded for tomorrow's multi-core machines | Sí | Sí |
| ability to control repeated line reduction ("last message repeated n times") on a per selector-line basis | Sí | |
| supports multiple actions per selector/filter condition | Sí | |
| web interface | phpLogCon [also works with php-syslog-ng] | |
| using text files as input source | Sí | Sí |
| rate-limiting output actions | Sí | Sí |
| discard low-priority messages under system stress | Sí | |
| flow control (slow down message reception when system is busy) | Sí (advanced, multiple ways to slow down inputs depending on individual input capabilities, based on watermarks) | Sí |
| rewriting messages | Sí | Sí |
| output data into various formats | Sí | Sí |
| ability to control "message repeated n times" generation | Sí | |
| supported platforms Linux, BSD, anecdotical seen on Solaris; compilation and basic testing done on HP UX | Sí | |
| DNS cache | Sí | Sí |
| Windows Event Log containers / log files (via separate agent application) | ||
| Latest version | 7.2.6 stable (March 2013) | Open Source Edition (OSE) 3.4 (Feb 2013) |