syslog-ng
Related pages
Comparing syslogd, syslog-ng OSE 3.0, and syslog-ng PE 3.0
What does syslog-ng PE 3.0 offer over syslogd?
The syslogd application is the standard system logging application used by network devices like switches and routers, as well as servers running operating systems based on Unix, including Linux, HP-UX, BSD, Solaris, and AIX, but excluding Microsoft Windows. The implementations of syslogd on the different operating systems are in part system-specific, while syslog-ng has higher portability, using the same codebase on every platform. Regarding reliability, syslogd does nothing to ensure that the sent messages really arrive to the server. It uses the unreliable UDP network protocol, meaning that messages can get lost on the network without the sender or the server ever noticing it. Additionally, syslogd simply drops messages when the server is unavailable or overloaded. It does not have the ability to encrypt the messages, and the server can output the logs only into text files.
What does syslog-ng PE offer over syslog-ng OSE?
The syslog-ng Open Source Edition (syslog-ng OSE) application is the most popular and widespread alternative system logging application used in the world, having replaced syslogd on tens of thousands of systems. It has several features surpassing syslogd, including reliable message transferring using the TCP protocol, transfer messages securely using TLS, the ability to send log messages directly to an SQL database like MySQL or PostgreSQL, and the possibility to control the flow of messages to handle minor server outages. But only syslog-ng PE has the more advanced features of buffering the messages on the hard disk, storing messages in encrypted log files, reading messages from arbitrary files, and support for Microsoft Windows operating systems.
The following table summarizes the main differences between the syslogd, syslog-ng Open Source Edition (OSE), and syslog-ng Premium Edition (PE). For a more in-depth technical comparison, see the detailed feature comparison between syslogd, syslog-ng OSE, and syslog-ng PE.
What does syslog-ng Store Box offer over other versions?
The syslog-ng Store Box (SSB) application is a central logserver appliance. It is built around syslog-ng PE, and offers a complete turn-key solution for managing your logs, including log collection, encrypted storage, automatic archiving and backups. SSB is managed from a web interface offering powerful log searching, browsing, and alerting capabilities, as well as high-availability support. For details, see the syslog-ng Store Box product page.
The syslogd, syslog-ng OSE 3.0, syslog-ng PE 3.0, and SSB comparison table
The following table summarizes the main differences between the syslogd, syslog-ng Open Source Edition (OSE), and syslog-ng Premium Edition (PE). For a more in-depth technical comparison, see the detailed feature comparison between syslogd, syslog-ng OSE, and syslog-ng PE.
| syslogd | syslog-ng OSE | syslog-ng PE | syslog-ng Store Box | |
| Reliable message transfer using TCP | - | ✔ | ✔ | ✔ |
| Content-based message filtering | - | ✔ | ✔ | ✔ |
| Use macros to dynamically create target files, directories, and database tables | - | ✔ | ✔ | ✔ |
| IPv6 support | OS dependent | ✔ | ✔ | - |
| Direct output to database | - | ✔ | ✔ | ✔ |
| Encrypted message transfer (TLS support) | - | ✔ | ✔ | ✔ |
| Support for the latest IETF syslog protocol standard | - | ✔ | ✔ | ✔ |
| Message parsing and rewriting | - | ✔ | ✔ | ✔ |
| Encrypted, signed, timestamped log storage | - | - | ✔ | ✔ |
| Disk-based buffering | - | - | ✔ | ✔ |
| Message-rate control | - | ✔ | ✔ | ✔ |
| Windows support | - | - | ✔ | ✔ |
| Hardware appliance | - | - | - | ✔ |
| Web-based management interface | - | - | - | ✔ |
| High-availability support | - | - | - | ✔ |
| Log browsing, searching, and reporting interface | - | - | - | ✔ |