syslog-ng
Likes 0
Name | syslog-ng |
---|---|
Sito web | balabit.com/... |
license | LGPL |
Input Sources | |
UNIX domain socket | Sì |
UDP | Sì |
TCP | Sì |
RELP | |
RFC 3195/BEEP | Sì |
kernel log | Sì |
file | Sì |
mark message generator as an optional input | |
Standard output (stdout) of an application | Sì |
Named pipe | Sì |
Handle multi-line messages like Apache Tomcat or Oracle log messages | No |
Windows Event Log | - via separate agent only available at Personal Edition |
Network (Protocol) Support | |
support for (plain) tcp based syslog | Sì |
support for GSS-API | |
ability to limit the allowed network senders (syslog ACLs) | |
support for syslog-transport-tls based framing on syslog/tcp connections | |
udp syslog | Sì |
syslog over RELP | |
truly reliable message delivery (Why is plain tcp syslog not reliable?) | |
on the wire (zlib) message compression | - only when using TLS |
support for receiving messages via reliable RFC 3195 delivery | |
support for TLS/SSL-protected syslog | Sì |
support for IETF's new syslog-protocol draft | Sì |
support for IETF's new syslog-transport-tls draft | Sì |
support for IPv6 | Sì |
native ability to send SNMP traps | - only in syslogng box appliance |
ability to preserve the original hostname in NAT environments and relay chains | Sì |
Message Filtering | |
Filtering for syslog facility and priority | Sì |
Filtering for hostname | Sì |
Filtering for application | Sì |
Filtering for message contents | Sì |
Filtering for sending IP address | Sì |
ability to filter on any other message field not mentioned above (including substrings and the like) | Sì |
support for complex filters, using full boolean algebra with and/or/not operators and parenthesis | Sì |
Support for reusable filters: specify a filter once and use it in multiple selector lines no | Sì |
support for arbritrary complex arithmetic and string expressions inside filters | Sì |
ability to use regular expressions in filters | Sì PRCE and POSIX |
support for discarding messages based on filters | Sì |
ability to filter out messages based on sequence of appearing | |
powerful BSD-style hostname and program name blocks for easy multi-host support | |
Supported Database Outputs | |
MySQL | Sì |
PostgreSQL | Sì |
Oracle | Sì |
SQLite | Sì |
Microsoft SQL (Open TDS) | Sì |
Sybase (Open TDS) | |
Firebird/Interbase | |
Ingres | |
mSQL | |
Enterprise Features | |
support for on-demand on-disk spooling of messages | |
ability to limit disk space used by spool files | |
each action can use its own, independant set of spool files | |
different sets of spool files can be placed on different disk | |
ability to process spooled messages only during a configured timeframe (e.g. only during off-peak hours, during peak hours they are enqueued only) | |
ability to configure backup syslog/database servers | |
Professional Support | |
Config File | |
config file format | |
ability to include config file from within other config files | Sì |
ability to include all config files existing in a specific directory | |
Extensibility | |
Functionality split in separately loadable modules | |
Support for third-party input plugins | |
Support for third-party output plugins | |
Other Features | |
ability to generate file names and directories (log targets) dynamically | Sì |
control of log output format, including ability to present channel and priority as visible log data | Sì |
native ability to send mail messages | |
good timestamp format control; at a minimum, ISO 8601/RFC 3339 second-resolution UTC zone | Sì microsecond time resolution, extended RFC3339, timezone information |
ability to reformat message contents and work with substrings | Sì |
support for log files larger than 2gb | Sì |
support for log file size limitation and automatic rollover command execution | Sì |
support for running multiple syslogd instances on a single machine | |
ability to execute shell scripts on received messages | |
ability to pipe messages to a continously running program | |
massively multi-threaded for tomorrow's multi-core machines | Sì |
ability to control repeated line reduction ("last message repeated n times") on a per selector-line basis | |
supports multiple actions per selector/filter condition | |
web interface | |
using text files as input source | Sì |
rate-limiting output actions | Sì |
discard low-priority messages under system stress | |
flow control (slow down message reception when system is busy) | Sì |
rewriting messages | Sì |
output data into various formats | Sì |
ability to control "message repeated n times" generation | |
supported platforms Linux, BSD, anecdotical seen on Solaris; compilation and basic testing done on HP UX | Sì |
DNS cache | Sì |
Windows Event Log containers / log files (via separate agent application) | |
Latest version | Open Source Edition (OSE) 3.4 (Feb 2013) |
User reviews and comments