syslog-ng
Related pages
PCI compliance and forensics in auditing remote server accesssyslog-ng logging system
syslog-ng embodies the next generation of logging systems, and is the first truly flexible and scalable system logging application.
If you need a logging application that
- guarantees the availability of log messages,
- is compatible with a wide range of operating systems,
- can be used in environments having strong perimeter defense,
- has already proven its worth,
- provides unimaginable flexibility for tracing system events
then syslog-ng is the product you have been looking for. syslog-ng comes in two flavours:
- Premium Edition is a commercial fork of the original open source syslog-ng with additional features
- Open Source Edition that is a direct descendant of the original open source syslog-ng.
In the lead since 1998
A good logging infrastructure is a key element in the network security of companies. Development of syslog-ng had started when no tool existed that could satisfy the requirements of organizations maintaining large IT networks. syslog-ng (ng: New Generation) is an alternative for syslogd - the default system logger component of Unix systems - and has solved the problems of tens of thousands of organizations, ranging from industrial companies to governmental institutes. syslog-ng has been the most widespread alternative system logging application of the Unix/Linux world for the last ten years.
Extensive compatibility
syslog-ng was designed with the security requirements of large companies in mind, so the product supports all major Unix platforms, including Linux, SUN Solaris, BSD, AIX, and HP UX operating systems. syslog-ng can collect log messages from the entire network either using the traditional UDP, or a more advanced protocol based on TCP. In the latter case, the use of SSL/TLS ensures the confidentiality and authenticity of sensitive messages, as well as the interoperability with Cisco devices. The flexible filtering capabilities and the support of numerous source and destination formats make syslog-ng ideal both for general system administration tasks, and to IT security experts having to analyze several gigabytes of logs realtime.
Bazsi's developer blog |
Special features
| Feature | Description | Benefit |
| Centralized system logging | Collect the log messages of every server at a single location. | Centralized storage reduces maintenance costs and the risk of human errors, while expanding the possibilities and increasing the efficiency of log analysis. |
| TCP based communication | The TCP channel can be used to collect logs instead of the classical UDP protocol. | Radically decreases the risk of message loss, increases the interoperability of the system (e.g., with Cisco devices), and enables to use SSL/TLS to authenticate and encrypt the information. |
| Flexible filtering possibilities | Identify more data than ever before. | Sort and classify messages based on parameters like source host or application for easier analysis or archiving. |
| Supported sources | unix stream, unix datagram, file, pipe, fifo, udp, tcp, sun streams, internal | |
| Supported destinations | file, fifo, pipe, unix stream, unix datagram, remote UDP, remote TCP, user, program | |
| Filtering options | priority, facility, host pattern, regular expression matching | |
| Supported platforms | Linux, Solaris, All BSD variants, AIX, HP-UX, Tru64 Unix, Irix, etc. | |
| Supported peers | Zorp gateways, Cisco devices, Cisco PIX, Nortel devices, Digital devices, Extreme switches, Checkpoint FW-1, 3Com switches, Load Balancers, Sun Solaris, All BSD variants, HP-UX, Tru64 Unix, Irix, MacOS X, Microsoft Windows, etc. | |